Vladislav Grishenko [Thu, 25 Jul 2024 19:51:09 +0000 (00:51 +0500)]
odhcp6c: allow to request specific ipv6 prefix
Expand -P option with optional exact ipv6 prefix format.
This allows to keep the IPv6 prefix in some cases, for example
if the prefix is issued dynamically on upstream.
Examples:
-P <length>
-P <prefix/length>
Based on https://github.com/openwrt/odhcp6c/pull/86
pacien [Sun, 9 Apr 2023 20:18:50 +0000 (22:18 +0200)]
odhcp6c: add -K option to set packet kernel priority
This adds a command line option (-K) to set the packet kernel
priority.
This makes it straightforward to set some VLAN priority for DHCP
requests through an egress qos map. (Avoiding the need for firewall
matching and marking through iptables, which prevents using flow
offloading).
(Such priority tag is a hard requirement for some ISPs, such as Orange
in France).
Signed-off-by: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
viktor.iarmola [Fri, 21 Jan 2022 12:33:02 +0000 (14:33 +0200)]
dhcpv6: add option to ignore stateless advertise
This change adds a new option to `odhcp6c` that makes it ignore any
advertisement without *both* IA_NA and IA_PD option.
Note that there is already an way to ignore advertisements without IA_NA
specifically (`-N force`) or without IA_PD specifically (`-F`), but there
is no way to express "advertisement MUST have either IA_NA or IA_PD
to be considered" - which is addressed by this change.
There are two primary use-cases for that.
First is to fix an issue with `odhcp6c` behavior when it encounters
a setup with both "stateful" (with IA_NA or IA_PD) and "stateless"
advertisements - and both coming with the same server DUID.
In that case, when the "stateless" advertisement comes last
during the RT window - it will overwrite the advertise entry for that
server DUID and effectively make it seem like we only received
one "stateless" advertisement on the link.
This, in turn, makes `odhcp6c` go into stateless mode
unless there was `-N force` or `-F` involved.
Second use case is as described in the initial part:
when we want to run in "stateful" mode, but would like to accept either
of IA_NA or IA_PD or both of them - and discard other advertisements.
Signed-off-by: Viktor Iarmola <viktor.iarmola@ui.com>
Dávid Benko [Wed, 13 Jul 2022 07:33:54 +0000 (09:33 +0200)]
odhcp6c: fix IA discard when T1 > 0 and T2 = 0
My ISP uses DHCPv6 advertisements where IA_PD T1 is non-zero (43200) and
T2 is zero. Current implementation of odhcp6c doesn't handle that and
just switches to stateless mode.
According to RFC 8415, section [21.21](https://datatracker.ietf.org/doc/html/rfc8415#section-21.21):
> If a client receives an IA_PD with T1 greater than T2 and both T1 and
T2 are greater than 0, the client discards the IA_PD option and
processes the remainder of the message as though the server had not
included the IA_PD option.
Currently odhcp6c discards IA_PD option if `t1 > t2`:
https://github.com/openwrt/odhcp6c/blob/
39b584bcac8770619b545d6ae344758f87028612/src/dhcpv6.c#L1346-L1347
The same applies for IA_NA.
Fix it by editing IA discard condition according to RFC.
Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
Hans Dedecker [Sun, 5 Dec 2021 17:27:07 +0000 (18:27 +0100)]
Revert "dhcpv6: add a minimum valid lifetime for IA_PD updates"
Reverts commit
ca43ea3f436c76fab0b8e3f170725c1d91ebdc36 as
gracefull handling of IA_PD options with valid_liftime 0
is supported in commit
c9578e10428d12c683ceb05e17970a616817f577
Alin Nastac [Wed, 10 Nov 2021 15:02:05 +0000 (16:02 +0100)]
dhcpv6: add support for null IA_PD valid lifetime
This allows immediate removal of the old PD assignments, triggered
by DHCPv6 server messages that contain both old and new IA_PD options:
- new IA_PD, with normal valid & preferred lifetimes
- old IA_PD, with valid & preffered lifetimes set to 0
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Alin Nastac [Fri, 29 Oct 2021 08:44:10 +0000 (10:44 +0200)]
dhcpv6: add a minimum valid lifetime for IA_PD updates
Prefix delegation is removed when valid lifetime is set to 0,
which will result in current prefix assignments to be preserved
in odhcpd as long as their previously configured valid lifetime
allows it. When IA_PD valid lifetime is set to a small value iso 0,
netifd will update old IA_PD assignments, thus allowing removal
of the old prefixes from downstream interfaces.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Guilherme Janczak [Wed, 14 Jul 2021 09:32:45 +0000 (09:32 +0000)]
odhcp6c: use strpbrk to provide get_sep_pos
get_sep_pos is a reimplementation of strpbrk from the stdlib; this
patch removes it and replaces it with strpbrk in its callers.
Signed-off-by: Guilherme Janczak <guilherme.janczak@yandex.com>
Hans Dedecker [Sat, 3 Apr 2021 18:28:11 +0000 (20:28 +0200)]
cmake: enable extra compiler checks
Let's catch enforced compiler errors during compilation
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Sat, 9 Jan 2021 20:17:48 +0000 (21:17 +0100)]
ra: fix routing loop on point to point links
For point-to-point links (e.g. PPP) don't create a link prefix route
when receiving a prefix information option with the on-link flag set.
Point-to-point links are non shared media and as such a destination
IPv6 address cannot be on-link.
If a link prefix route points to a point-to-point link it can trigger
a routing loop if the destination IPv6 address belongs to the prefix.
If such a packet is received and not directed to a local IPv6 address
it will be routed to the point-to-point link due to the link prefix route;
the upstream ISP router will route the IPv6 packet back due to the assigned
prefix route creating a "ping pong" effect
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 6 Jan 2021 20:15:49 +0000 (21:15 +0100)]
ra: align ifindex resolving
Use ioctl SIOCGIFINDEX to resolve ifindex similar as in init_dhcpv6
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Sat, 26 Dec 2020 20:41:38 +0000 (21:41 +0100)]
dhcpv6: fix displaying IA info
Fix using ntohl and make clear if the recieved IA is either an IA_PD or
IA_NA option
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Sat, 26 Dec 2020 20:38:49 +0000 (21:38 +0100)]
dhcpv6: display status code as a string
For better readibility display the returned status code from the DHCPv6
server as a string
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 8 Dec 2020 17:43:38 +0000 (18:43 +0100)]
dhcpv6: harden reconfigure logic
Check if a valid DHCPv6 message is returned by dhcpv6_request in
dhcpv6_poll_reconfigure as only RENEW/REBIND/INFORMATION REQUEST
messages can trigger the transmission of these messages in reply
to a RECONFIGURE
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 8 Dec 2020 17:31:25 +0000 (18:31 +0100)]
dhcpv6: rework DHCPv6 message to string implementation
As the DHCPv6 messages handled by odhcp6c are not numerical consecutive
drop the DHCPv6 message string array
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 7 Dec 2020 20:26:47 +0000 (21:26 +0100)]
dhcpv6: fix regression
Fixes regression introduced in commit
faed29a.
The DHCPv6 message type need to be returned by dhcpv6_handle_reconfigure
via dhcpv6_request when different from -1 so the correct message type
is passed to dhcpv6_request
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 7 Dec 2020 20:17:16 +0000 (21:17 +0100)]
dhcpv6: improve syslog tracing
Improve syslog tracing by displaying the DHCPv6 message type
in the received DHCPv6 message and requested DHCPv6 message type in
reply to a RECONFIGURE
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 3 Dec 2020 20:28:41 +0000 (21:28 +0100)]
dhcpv6: only refresh timers when reconfigure is valid
Refresh timers only when a valid DHCPv6 msg-type has been received
in the received DHCPv6 reconfigure
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 3 Dec 2020 20:10:20 +0000 (21:10 +0100)]
dhcpv6: fix printing identity association id
Fix endian issue when printing the identity association id
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 30 Nov 2020 21:10:09 +0000 (22:10 +0100)]
dhcpv6: avoid sending continuous renew/rebind messages
If any of the IAs is not present in the Reply message in response
to a Renew/Rebind message don't set t1 to one second.
This will cause a continuous sending of Renew messages every second
if the DHCP server does not include all IAs in the Reply message.
Instead continue the normal retransmission time as if the Reply
message is not received as specified in RFC8415 §18.2.10.1
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Sat, 28 Nov 2020 20:01:47 +0000 (21:01 +0100)]
dhcpv6: add extra syslog info traces
Add extra syslog info traces for debug purposes which are only enabled
when the verbose option is specified
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Alin Nastac [Thu, 15 Oct 2020 15:12:15 +0000 (17:12 +0200)]
odhcp6c_find_entry: exclude priority from the list of fields that must match
Priority of an entry can vary from one RA to another, but the entry
identity should be the same regardless of the priority declared in the
RA message handled in ra_process() at a time.
CDRouter for instance tests compliance of the device to requirement
G-5 of RFC 7084 by provisioning initially the CPE with a valid default
route that has a medium preference after which it sends a low preference
RA with lifetime 0 to check that CPE will start sending RAs with
lifetime 0 on the LAN side. Because odhcp6c didn't matched the low
precedence default router entry with the odhcp6c_entry that was
previously stored with medium precedence, it will fail to remove the
existing STATE_RA_ROUTE default route, hence preventing odhcpd from
advertising RAs with lifetime 0 to LAN.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Hans Dedecker [Sat, 28 Mar 2020 19:47:18 +0000 (20:47 +0100)]
ra: fix sending router solicitations
Only stop sending router solicitations when a RA is received with a
valid router lifetime as specified in RFC4861 §6.3.7
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Rosen Penev [Wed, 25 Mar 2020 23:15:25 +0000 (16:15 -0700)]
odhcp6c: fix compilation with musl 1.2.0
SYS_clock_gettime is gone with musl 1.2.0. Switch to using the normal
function.
This was done back in the day when uClibc was used when librt was
separate.
Removed struct initialization since it gets written to right after.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 6 Sep 2019 20:09:29 +0000 (22:09 +0200)]
dhcpv6: sanitize oro options
Remove SOL_MAX_RT and INF_MAX_RT from the non-strict oro option
array as both options will be added anyway by the required oro
option array
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 11 Jan 2019 14:02:11 +0000 (15:02 +0100)]
odhcp6c: align further with RFC8415
Align acceptable options in the ORO list further with RFC8415; where
appropriate add send option support for the newly added options.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 11 Jan 2019 09:25:12 +0000 (10:25 +0100)]
dhcpv6: avoid parsing unncessary IAs
Don't parse IA_NA/IA_PD options if either na_mode or pd_mode is set
to IA_MODE_NONE
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 11 Jan 2019 09:16:54 +0000 (10:16 +0100)]
dhcpv6: set cnt to correct IOV enum
Make the code less error prone by setting cnt to IOV_HDR_IA_NA when
sending an INFORMATION REQUEST message
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 11 Jan 2019 08:49:27 +0000 (09:49 +0100)]
dhcpv6: get rid of request_prefix
Get rid of the variable request_prefix as it serves no purpose anymore
and even triggers wrong code in dhcpv6_send by setting cnt to 12 which
is an invalid msg_iovlen index
Where appropriate request_prefix check can be replaced by checking the
pd_mode variable.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 9 Jan 2019 10:38:14 +0000 (11:38 +0100)]
dhcpv6: sanitize option request list
By config statefull options can be specified for the option request
list which will be included in DHCPv6 INFORMATION request messages.
Obviously this is wrong as both RFC3315 and RFC8415 specify no
statefull options must be included in stateless mode.
In RFC8415 Table 4 specifies the options which can be included in
the option request list and which options are required to be requested
in some messages.
This commit extends the option table with flags indicating which options
may be included in the option request list.
On top the client adds by default the options 32/82/83 as they're
required to be sent depending on the message.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Adrian Friedli [Wed, 11 Jul 2018 20:32:41 +0000 (22:32 +0200)]
odhcp6c: add option to ignore Server Unicast option
Add option -U to ignore Server Unicast option and force odhcp6c to use
the multicast address. This allows a workaround for broken setups.
Signed-off-by: Adrian Friedli <adi@koalatux.ch>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 20 Jun 2018 12:42:11 +0000 (14:42 +0200)]
odhcp6c: remove len check in option parsing handle
Replace len check by checking src to determine end of option data in the
different option data handlers.
This will make Coverity happy as reported in CID1437049, CID1430905,
CID1430898 and CID1430848
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 8 Jun 2018 14:29:50 +0000 (16:29 +0200)]
odhcp6c: add support for user string options
Support user defined options having a string as option value.
The option value is detected as a string if it starts and ends with
either a double or single quote.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Sun, 29 Apr 2018 20:30:00 +0000 (22:30 +0200)]
ra: always trigger update in case of RA parameter change
Always launch a ra-updated event in case the RA hoplimit/mtu/reachable/
retransmit parameters change
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Sat, 21 Apr 2018 11:40:29 +0000 (13:40 +0200)]
dhcpv6: fix strncpy bounds
Fixes dhcpv6.c:138:2: error: 'strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation] strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 5 Apr 2018 14:51:19 +0000 (16:51 +0200)]
script: fix possible negative delay
Fix delay becoming negative when killing a running script
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 5 Apr 2018 09:55:50 +0000 (11:55 +0200)]
dhcpv6: always trigger script update in case of IA updates
Trigger a script update when IAs have been updated during a reply in reponse
to to either a renew/rebind.
This will make sure new IAs assigned by the DHCPv6 server are published via
a script update.
This covers the following scenario:
-Prefix A is assigned by DHCPv6 server
-Prefix A is renewed but the DHCPv6 server does not include prefix A in
the reply but assigns a new prefix B.
-Prefix B is published via the update script while renews for prefix A
will still be sent
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 2 Apr 2018 19:09:16 +0000 (21:09 +0200)]
ra: rework route information option handling
Use struct icmpv6_opt_route_info to parse the route information option;
improve route information option sanity checks.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Sat, 31 Mar 2018 16:57:45 +0000 (18:57 +0200)]
odhcp6c: improve code readibility
Improve code readibility by always checking the sep variable for end of
option data in the different option data parsing functions.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 27 Mar 2018 19:00:08 +0000 (21:00 +0200)]
treewide: improve error handling
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 27 Mar 2018 19:00:08 +0000 (21:00 +0200)]
dhcpv6: initialize ifreq struct
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 27 Mar 2018 18:49:40 +0000 (20:49 +0200)]
ra: handle socket fail creation
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 27 Mar 2018 18:45:04 +0000 (20:45 +0200)]
odhcp6c: fix file pointer leakage
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 16 Jan 2018 12:16:09 +0000 (13:16 +0100)]
dhcpv6: rework option passthrough logic
Options are not added to the passthru state depending on the option code
check. Rework this logic by defining the flag OPT_NO_PASSTHRU which is set
for options in the opts table; when constructing the passthru state the
option is added if the flag is not set.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 16 Jan 2018 10:11:04 +0000 (11:11 +0100)]
odhcp6c: rework userclass and vendorclass command handling
Remove the userclass and vendorclass states; add the userclass and
vendorclass options specified via commands to the OPTS state which
contains the user specified options to be sent.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 11 Jan 2018 15:31:57 +0000 (16:31 +0100)]
odhcp6c: add -x opt:val support
Add -x opt:val command support which allows to add options in sent packets.
The opt argument can be either specified as a string for well known options,
a decimal or a base-16 encoded value.
For some well-known options val will be parsed according to the data format
specified in the corresponding RFCs.
Supported well-know options are :
authentication (option 11) : stream of base-16 encoded bytes
userclass (option 15) : array of strings
vendorclass (option 16) : stream of base-16 encoded bytes
dns (option 23) : array of IPv6 addresses
search (option 24) : Domain name
sntpservers (option 31) : array of IPv6 addresses
ntpserver (option 56) : stream of base-16 encoded bytes
sipserver_d (option 21) : Domain name
sipserver_a (option 22) : array of IPv6 addresses
The val array elements can be separated by either a white space, comma or tab.
The val for non well-known options is a stream of base-16 encoded bytes.
Config examples :
-x sntpservers:3001:3001::1,3001:3001::2
-x 11:
00000000000000000000006674692F
-x 0x3e8:ABCDEF
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Sat, 13 Jan 2018 20:28:32 +0000 (21:28 +0100)]
treewide: update copyrights to 2018
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Sat, 13 Jan 2018 18:09:53 +0000 (19:09 +0100)]
odhcp6c: let odhcp6c_add_state return a success/failure indication
This will allow callers of odhcp6_add_state parsing a command line option :
generate a syslog error in case of failure
bail out with return an error code
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 3 Jan 2018 09:47:32 +0000 (10:47 +0100)]
Revert "odhcp6c: Replace strerror(errno) with %m"
The code is ISO C source enforced by the usage of the pedantic compile
option; using %m triggers the compiler warning "error: ISO C does not
support the '%m' gnu_printf format [-Werror=format=]" which breaks
compilation due to Werror being set set.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Rosen Penev [Mon, 25 Dec 2017 23:05:13 +0000 (15:05 -0800)]
odhcp6c: Replace strerror(errno) with %m
Reduction of 48 bytes in compiled size. No functional difference.
-pedantic was removed as %m is a GNU extension.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Hans Dedecker [Thu, 31 Aug 2017 15:03:02 +0000 (17:03 +0200)]
ra: align RA update interval with RFC4861 (FS#964)
RFC4861 paragraph 6.2.1 states the minimum allowed time between sending
unsolicited multicast Router Advertisements is 3 seconds.
Align the odhcp6c implementation to this requirement as before Router
Advertisement updates were accepted each 30 seconds.
This lead to IPv6 connectivity issues when a network sends Router
Advertisements with an interval smaller than 30 seconds as reported
in FS#964.
While at it rework the RA update logic making it clear the -m option
is only related to RA updates.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 22 Mar 2017 13:14:26 +0000 (14:14 +0100)]
dhcpv6: rebind capability support in reconfigure message (rfc6644)
Allow rebind message type to appear in reconfigure message option of
a reconfigure message as desccribed in rfc6644
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 22 Mar 2017 12:58:04 +0000 (13:58 +0100)]
dhcpv6: respect renew end point when handling reconfigure message
Set T1 to 0 when receiving reconfigure message with as msg type renew;
this keeps the renew end point fixed meaning rebinding is started at T2
as initially calculated.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 22 Mar 2017 12:28:53 +0000 (13:28 +0100)]
dhcpv6: calculate T1, T2 and T3 in a more sane manner
Refresh T1, T2 and T3 only in response to DHCPv6 messages which request
statefull DHCPv6 options.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 21 Mar 2017 14:25:52 +0000 (15:25 +0100)]
md5: use libubox md5 library as local implementation
Replace local md5 library by libubox md5 library as the local md5 library
has big endian issues.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Sat, 18 Mar 2017 17:00:03 +0000 (18:00 +0100)]
dhcpv6: don't return renew msg in case of invalid msg type in reconfigure msg
Return -1 in case the msg type in the reconfigure message is invalid and
as such don't start sending renew messages.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 17 Mar 2017 22:16:57 +0000 (23:16 +0100)]
treewide: align coding style
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 16 Mar 2017 20:17:24 +0000 (21:17 +0100)]
CMakeLists: don't enable libubox md5 implementation by default
Simplify odhcp6c standalone compilation by selecting local md5
implementation by default
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 21 Feb 2017 21:02:32 +0000 (22:02 +0100)]
dhcpv6: use PRIu64 print macro
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 7 Feb 2017 21:32:57 +0000 (22:32 +0100)]
odhcp6c: fix possible stack corruption when parsing proc if_inet6
Fix buffer overflow when storing the IPv6 address in addr_buf as
the trailing zero was out of bounds.
Fix possible buffer overflow when storing the interface name in
name as interface name can contain IF_NAMESIZE characters.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 30 Jan 2017 11:27:22 +0000 (12:27 +0100)]
dhcpv6: fix white space error
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 30 Jan 2017 11:21:16 +0000 (12:21 +0100)]
dhcpv6: trigger restart of DHCPv6 state machine when not receiving statefull options
Don't set the renew timeout to 600 seconds in case no statefull options
are received but rather trigger an immediate restart of the DHCPv6
client state machine.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 27 Jan 2017 10:35:00 +0000 (11:35 +0100)]
update README
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 27 Jan 2017 09:39:52 +0000 (10:39 +0100)]
dhcpv6: server unicast option support
Add server unicast option support according rfc3315
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Matthias Schiffer [Wed, 16 Nov 2016 13:47:46 +0000 (14:47 +0100)]
Add option to ignore default lifetime for RDNSS records
While RFC6106 mandates that the RDNSS lifetime is capped to the default
lifetime, this behaviour is often undesirable. In particular, it prevents
accepting RDNSS records from RAs that don't also advertise a default route
(set the default lifetime to 0).
Therefore, make it possible to opt out of this behaviour and respect the
RDNSS lifetime independently of the default lifetime using the new command
line switch -L.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Luka Perkov [Sun, 6 Nov 2016 22:54:44 +0000 (23:54 +0100)]
Merge pull request #50 from sartura/libubox_md5_reuse
odhcp6c: reuse md5 from libubox
Hrvoje Varga [Tue, 25 Oct 2016 14:08:25 +0000 (14:08 +0000)]
odhcp6c: reuse md5 from libubox
Added config support to use the MD5 implementation from libubox instead
of the in-house implementation. By default if not specified, libubox
will be linked and its MD5 will be used instead of the in-house
implementation.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
Steven Barth [Mon, 8 Feb 2016 07:02:31 +0000 (08:02 +0100)]
Merge pull request #45 from themiron/master
Alignment cleanups
Vladislav Grishenko [Sun, 31 Jan 2016 16:03:55 +0000 (21:03 +0500)]
Sync style with the existing _packed & _unused macros
Vladislav Grishenko [Sun, 31 Jan 2016 16:03:00 +0000 (21:03 +0500)]
Use more conventional way for the alignment
Steven Barth [Sun, 31 Jan 2016 15:18:16 +0000 (16:18 +0100)]
Merge pull request #44 from bwhacks/alignment-fixes
Alignment fixes
Steven Barth [Fri, 29 Jan 2016 06:10:51 +0000 (07:10 +0100)]
Merge pull request #43 from bwhacks/security-fixes
Security/regression fixes
Ben Hutchings [Thu, 28 Jan 2016 22:45:39 +0000 (22:45 +0000)]
Fix end pointer passed from dhcpv6_handle_reply() to dhcpv6_parse_ia()
The end of the IA option is odata + olen; there's no need to add anything.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 22:45:14 +0000 (22:45 +0000)]
Fix regression in entry_to_env()
I broke entry_to_env() by incrementing the wrong variable in commit
a6bbd1d7f5c2 ("Fix potential buffer overflow in entry_to_env").
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Steven Barth [Thu, 28 Jan 2016 19:06:46 +0000 (20:06 +0100)]
Merge pull request #42 from bwhacks/logic-fixes
Logic fixes
Steven Barth [Thu, 28 Jan 2016 15:59:12 +0000 (16:59 +0100)]
Merge pull request #41 from bwhacks/security-fixes
Security fixes
Ben Hutchings [Thu, 28 Jan 2016 02:18:51 +0000 (02:18 +0000)]
Fix alignment of hash buffer in dhcpv6_response_is_valid
md5_final() writes to the hash buffer in 32-bit chunks, so it needs
to be 32-bit aligned.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 01:59:14 +0000 (01:59 +0000)]
Fix unaligned 32-bit reads from DHCP packets
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Fri, 22 Jan 2016 20:57:34 +0000 (20:57 +0000)]
Fix alignment of buffers in ra_process and dhcpv6_request
The packet buffer needs to be 32-bit aligned to ensure that the various
32-bit fields we pick out are naturally aligned.
The control message buffers needs to be naturally aligned for struct
cmsghdr.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 04:33:48 +0000 (04:33 +0000)]
Add padding between odhcp6c_entry structures to ensure 32-bit alignment
struct odhcp6c_entry is not declared as __packed, so the compiler may
assume it is naturally aligned.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Fri, 22 Jan 2016 19:34:41 +0000 (19:34 +0000)]
Fix iteration after expiring a list entry
After removing an entry, the next entry will be at the same offset as
the entry we just removed. Also the total length will have changed.
Update the length when we remove an entry, and advance the offset only
when we don't.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Fri, 22 Jan 2016 20:13:35 +0000 (20:13 +0000)]
Fix script environment variable setting for empty lists
When setting an environment variable as a space-separated list, and
the list is empty, we must not delete the '=' before the value.
In practice putenv() is likely to discard the invalid string, leaving
the variable unset, but this is not guaranteed.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 02:09:47 +0000 (02:09 +0000)]
Add missing option length checks in dhcpv6_handle_advert
These might be redundant with checks elsewhere but it's better to be
safe.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 01:44:10 +0000 (01:44 +0000)]
Fix potential log forgery via status string
We should not include any control characters from the server status
message when logging it; in particular if we include '\n' this could
result in additional arbitrary log lines. In dhcpv6_log_status_code,
replace all control characters with '?'.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 01:28:32 +0000 (01:28 +0000)]
Check for unsupported PD exclusion configuration in dhcpv6_parse_ia
We currently only support PD exclusions that only affect bits 64-95 of
the address, so we require:
32 <= PD prefix length < exclusion prefix length <= 64
The first inequality was not validated, and this could result in a
buffer overflow when generating the next request message.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 01:16:31 +0000 (01:16 +0000)]
Fix memory leak in dhcpv6_add_server_cand in case odhcp6c_insert_state fails
If we fail to store information from the new server, the associated
NA and PD options will never be freed. An attacker could use this
for denial-of-service.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 01:14:04 +0000 (01:14 +0000)]
Change odhcp6c_insert_state to return a success/failure indicator
Some callers will need to free resources on failure.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 00:49:22 +0000 (00:49 +0000)]
Fix possible stack buffer overflow in s46_to_env when copying IPv6 prefixes
An 8-bit prefix-length field can be as large as 255, but values larger
than 128 will result in a buffer overflow when copying to in6.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Fri, 22 Jan 2016 19:07:52 +0000 (19:07 +0000)]
Fix off-by-one in buffer length in int_to_env
We need to allow for '=', negative sign, 10 digits and the null
terminator, adding up to 13 bytes not 12.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Fri, 22 Jan 2016 18:02:04 +0000 (18:02 +0000)]
Fix potential buffer overflow in entry_to_env
It appears that an entry of type ENTRY_PREFIX with iaid != 1 and an
exclusion can expand to a string of length up to 154 bytes, whereas we
allocate only 144 bytes per entry.
Also, in case of truncation, snprintf() returns the length of the
un-truncated output so we must not use this to increment buf_len.
Finally some of the lengths given to snprintf() are unnecessarily
generous. Reduce them so we don't have to increase the allocated
length per entry further.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Fri, 22 Jan 2016 20:15:31 +0000 (20:15 +0000)]
Avoid copying buffer after dn_expand() fails
If dn_expand() returns an error we could copy from an uninitialised
output buffer or append the previous domain name again.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Steven Barth [Tue, 26 Jan 2016 19:29:01 +0000 (20:29 +0100)]
Merge pull request #40 from dedeckeh/bugfixes
script: Launch script with correct action if last script call is terminated
Hans Dedecker [Tue, 26 Jan 2016 08:20:33 +0000 (09:20 +0100)]
script: Launch script with correct action if last script call is terminated
Actions launched as resume will be used in a next script_call
if the new action is not marked as resume even when the previous
script run was already terminated.
This behavior is particular visible when a RA is received as
the script will run with action bound and not ra-updated
resulting into a wan6 interface down/up transition
Steven Barth [Mon, 27 Jul 2015 13:39:11 +0000 (15:39 +0200)]
odhcp6c: sync and accumulate RA & DHCPv6 events correctly
Steven Barth [Mon, 13 Jul 2015 14:15:52 +0000 (16:15 +0200)]
Merge pull request #37 from themiron/master
Avoid solicit for zero-length prefix
Vladislav Grishenko [Mon, 13 Jul 2015 13:12:41 +0000 (18:12 +0500)]
Merge branch 'upstream'
Steven Barth [Mon, 13 Jul 2015 10:38:42 +0000 (12:38 +0200)]
dhcpv6: remove dead code
Vladislav Grishenko [Sun, 12 Jul 2015 12:02:30 +0000 (17:02 +0500)]
Avoid solicit for zero-length prefix
Steven Barth [Tue, 9 Jun 2015 12:04:59 +0000 (14:04 +0200)]
dhcpv6: clear CUSTOM_OPTS in a more sane manner
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Sat, 16 May 2015 07:28:01 +0000 (09:28 +0200)]
Fix LW4over6 parameter handling