1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * dhcpcd - DHCP client daemon
4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/utsname.h>
30 #include <sys/types.h>
32 #include <netinet/in.h>
33 #include <netinet/ip6.h>
48 #define ELOOP_QUEUE ELOOP_DHCP6
56 #include "if-options.h"
62 #ifdef HAVE_SYS_BITOPS_H
63 #include <sys/bitops.h>
65 #include "compat/bitops.h"
68 /* DHCPCD Project has been assigned an IANA PEN of 40712 */
69 #define DHCPCD_IANA_PEN 40712
71 /* Unsure if I want this */
72 //#define VENDOR_SPLIT
74 /* Support older systems with different defines */
75 #if !defined(IPV6_RECVPKTINFO) && defined(IPV6_PKTINFO)
76 #define IPV6_RECVPKTINFO IPV6_PKTINFO
81 /* Assert the correct structure size for on wire */
82 struct dhcp6_message {
85 /* followed by options */
87 __CTASSERT(sizeof(struct dhcp6_message) == 4);
92 /* followed by data */
94 __CTASSERT(sizeof(struct dhcp6_option) == 4);
101 __CTASSERT(sizeof(struct dhcp6_ia_na) == 12);
106 __CTASSERT(sizeof(struct dhcp6_ia_ta) == 4);
108 struct dhcp6_ia_addr {
109 struct in6_addr addr;
113 __CTASSERT(sizeof(struct dhcp6_ia_addr) == 16 + 8);
115 /* XXX FIXME: This is the only packed structure and it does not align.
116 * Maybe manually decode it? */
117 struct dhcp6_pd_addr {
121 struct in6_addr prefix;
123 __CTASSERT(sizeof(struct dhcp6_pd_addr) == 8 + 1 + 16);
130 static const struct dhcp6_op dhcp6_ops[] = {
131 { DHCP6_SOLICIT, "SOLICIT6" },
132 { DHCP6_ADVERTISE, "ADVERTISE6" },
133 { DHCP6_REQUEST, "REQUEST6" },
134 { DHCP6_REPLY, "REPLY6" },
135 { DHCP6_RENEW, "RENEW6" },
136 { DHCP6_REBIND, "REBIND6" },
137 { DHCP6_CONFIRM, "CONFIRM6" },
138 { DHCP6_INFORMATION_REQ, "INFORM6" },
139 { DHCP6_RELEASE, "RELEASE6" },
140 { DHCP6_RECONFIGURE, "RECONFIGURE6" },
141 { DHCP6_DECLINE, "DECLINE6" },
150 static const struct dhcp_compat dhcp_compats[] = {
151 { DHO_DNSSERVER, D6_OPTION_DNS_SERVERS },
152 { DHO_HOSTNAME, D6_OPTION_FQDN },
153 { DHO_DNSDOMAIN, D6_OPTION_FQDN },
154 { DHO_NISSERVER, D6_OPTION_NIS_SERVERS },
155 { DHO_NTPSERVER, D6_OPTION_SNTP_SERVERS },
156 { DHO_RAPIDCOMMIT, D6_OPTION_RAPID_COMMIT },
157 { DHO_FQDN, D6_OPTION_FQDN },
158 { DHO_VIVCO, D6_OPTION_VENDOR_CLASS },
159 { DHO_VIVSO, D6_OPTION_VENDOR_OPTS },
160 { DHO_DNSSEARCH, D6_OPTION_DOMAIN_LIST },
164 static const char * const dhcp6_statuses[] = {
166 "Unspecified Failure",
167 "No Addresses Available",
171 "No Prefix Available"
174 static void dhcp6_bind(struct interface *, const char *, const char *);
175 static void dhcp6_failinform(void *);
176 static void dhcp6_recvaddr(void *);
177 static void dhcp6_startdecline(struct interface *);
180 #define dhcp6_hasprefixdelegation(a) (0)
182 static int dhcp6_hasprefixdelegation(struct interface *);
185 #define DECLINE_IA(ia) \
186 ((ia)->addr_flags & IN6_IFF_DUPLICATED && \
187 (ia)->ia_type != 0 && (ia)->ia_type != D6_OPTION_IA_PD && \
188 !((ia)->flags & IPV6_AF_STALE) && \
189 (ia)->prefix_vltime != 0)
192 dhcp6_printoptions(const struct dhcpcd_ctx *ctx,
193 const struct dhcp_opt *opts, size_t opts_len)
196 const struct dhcp_opt *opt, *opt2;
199 for (i = 0, opt = ctx->dhcp6_opts;
200 i < ctx->dhcp6_opts_len; i++, opt++)
202 for (j = 0, opt2 = opts; j < opts_len; j++, opt2++)
203 if (opt2->option == opt->option)
206 cols = printf("%05d %s", opt->option, opt->var);
207 dhcp_print_option_encoding(opt, cols);
210 for (i = 0, opt = opts; i < opts_len; i++, opt++) {
211 cols = printf("%05d %s", opt->option, opt->var);
212 dhcp_print_option_encoding(opt, cols);
217 dhcp6_makeuser(void *data, const struct interface *ifp)
219 const struct if_options *ifo = ifp->options;
220 struct dhcp6_option o;
222 const uint8_t *up, *ue;
223 uint16_t ulen, unlen;
226 /* Convert the DHCPv4 user class option to DHCPv6 */
238 for (; up < ue; up += ulen) {
240 olen += sizeof(ulen) + ulen;
244 memcpy(p, &unlen, sizeof(unlen));
250 o.code = htons(D6_OPTION_USER_CLASS);
251 o.len = htons((uint16_t)olen);
252 memcpy(data, &o, sizeof(o));
255 return sizeof(o) + olen;
259 dhcp6_makevendor(void *data, const struct interface *ifp)
261 const struct if_options *ifo;
264 const struct vivco *vivco;
265 struct dhcp6_option o;
268 len = sizeof(uint32_t); /* IANA PEN */
271 for (i = 0, vivco = ifo->vivco;
274 vlen += sizeof(uint16_t) + vivco->len;
276 } else if (ifo->vendorclassid[0] != '\0') {
277 /* dhcpcd owns DHCPCD_IANA_PEN.
278 * If you need your own string, get your own IANA PEN. */
279 vlen = strlen(ifp->ctx->vendor);
280 len += sizeof(uint16_t) + vlen;
284 if (len > UINT16_MAX) {
285 logerrx("%s: DHCPv6 Vendor Class too big", ifp->name);
294 o.code = htons(D6_OPTION_VENDOR_CLASS);
295 o.len = htons((uint16_t)len);
296 memcpy(p, &o, sizeof(o));
298 pen = htonl(ifo->vivco_en ? ifo->vivco_en : DHCPCD_IANA_PEN);
299 memcpy(p, &pen, sizeof(pen));
303 for (i = 0, vivco = ifo->vivco;
307 hvlen = htons((uint16_t)vivco->len);
308 memcpy(p, &hvlen, sizeof(hvlen));
310 memcpy(p, vivco->data, vivco->len);
313 } else if (ifo->vendorclassid[0] != '\0') {
314 hvlen = htons((uint16_t)vlen);
315 memcpy(p, &hvlen, sizeof(hvlen));
317 memcpy(p, ifp->ctx->vendor, vlen);
321 return sizeof(o) + len;
325 dhcp6_findoption(void *data, size_t data_len, uint16_t code, uint16_t *len)
328 struct dhcp6_option o;
331 for (d = data; data_len != 0; d += o.len, data_len -= o.len) {
332 if (data_len < sizeof(o)) {
336 memcpy(&o, d, sizeof(o));
338 data_len -= sizeof(o);
339 o.len = htons(o.len);
340 if (data_len < o.len) {
344 if (o.code == code) {
356 dhcp6_findmoption(void *data, size_t data_len, uint16_t code,
361 if (data_len < sizeof(struct dhcp6_message)) {
366 d += sizeof(struct dhcp6_message);
367 data_len -= sizeof(struct dhcp6_message);
368 return dhcp6_findoption(d, data_len, code, len);
371 static const uint8_t *
372 dhcp6_getoption(struct dhcpcd_ctx *ctx,
373 size_t *os, unsigned int *code, size_t *len,
374 const uint8_t *od, size_t ol, struct dhcp_opt **oopt)
376 struct dhcp6_option o;
378 struct dhcp_opt *opt;
386 memcpy(&o, od, sizeof(o));
388 if (*len > ol - *os) {
392 *code = ntohs(o.code);
396 for (i = 0, opt = ctx->dhcp6_opts;
397 i < ctx->dhcp6_opts_len; i++, opt++)
399 if (opt->option == *code) {
406 return od + sizeof(o);
411 dhcp6_updateelapsed(struct interface *ifp, struct dhcp6_message *m, size_t len)
415 struct dhcp6_state *state;
417 unsigned long long hsec;
420 opt = dhcp6_findmoption(m, len, D6_OPTION_ELAPSED, &opt_len);
423 if (opt_len != sizeof(sec)) {
428 state = D6_STATE(ifp);
429 clock_gettime(CLOCK_MONOTONIC, &tv);
430 if (state->RTC == 0) {
431 /* An RTC of zero means we're the first message
432 * out of the door, so the elapsed time is zero. */
436 unsigned long long secs;
439 secs = eloop_timespec_diff(&tv, &state->started, &nsecs);
440 /* Elapsed time is measured in centiseconds.
441 * We need to be sure it will not potentially overflow. */
442 if (secs >= (UINT16_MAX / CSEC_PER_SEC) + 1)
445 hsec = (secs * CSEC_PER_SEC) +
446 (nsecs / NSEC_PER_CSEC);
447 if (hsec > UINT16_MAX)
451 sec = htons((uint16_t)hsec);
452 memcpy(opt, &sec, sizeof(sec));
457 dhcp6_newxid(const struct interface *ifp, struct dhcp6_message *m)
459 const struct interface *ifp1;
460 const struct dhcp6_state *state1;
463 if (ifp->options->options & DHCPCD_XID_HWADDR &&
464 ifp->hwlen >= sizeof(xid))
465 /* The lower bits are probably more unique on the network */
466 memcpy(&xid, (ifp->hwaddr + ifp->hwlen) - sizeof(xid),
473 m->xid[0] = (xid >> 16) & 0xff;
474 m->xid[1] = (xid >> 8) & 0xff;
475 m->xid[2] = xid & 0xff;
477 /* Ensure it's unique */
478 TAILQ_FOREACH(ifp1, ifp->ctx->ifaces, next) {
481 if ((state1 = D6_CSTATE(ifp1)) == NULL)
483 if (state1->send != NULL &&
484 state1->send->xid[0] == m->xid[0] &&
485 state1->send->xid[1] == m->xid[1] &&
486 state1->send->xid[2] == m->xid[2])
491 if (ifp->options->options & DHCPCD_XID_HWADDR &&
492 ifp->hwlen >= sizeof(xid))
494 logerrx("%s: duplicate xid on %s",
495 ifp->name, ifp1->name);
503 static const struct if_sla *
504 dhcp6_findselfsla(struct interface *ifp)
509 for (i = 0; i < ifp->options->ia_len; i++) {
510 ia = &ifp->options->ia[i];
511 if (ia->ia_type != D6_OPTION_IA_PD)
513 for (j = 0; j < ia->sla_len; j++) {
514 if (strcmp(ia->sla[j].ifname, ifp->name) == 0)
522 dhcp6_delegateaddr(struct in6_addr *addr, struct interface *ifp,
523 const struct ipv6_addr *prefix, const struct if_sla *sla, struct if_ia *ia)
525 struct dhcp6_state *state;
527 char sabuf[INET6_ADDRSTRLEN];
530 state = D6_STATE(ifp);
532 ifp->if_data[IF_DATA_DHCP6] = calloc(1, sizeof(*state));
533 state = D6_STATE(ifp);
539 TAILQ_INIT(&state->addrs);
540 state->state = DH6S_DELEGATED;
541 state->reason = "DELEGATED6";
544 if (sla == NULL || !sla->sla_set) {
545 /* No SLA set, so make an assumption of
546 * desired SLA and prefix length. */
547 asla.sla = ifp->index;
549 asla.sla_set = false;
551 } else if (sla->prefix_len == 0) {
552 /* An SLA was given, but prefix length was not.
553 * We need to work out a suitable prefix length for
554 * potentially more than one interface. */
557 asla.sla_set = sla->sla_set;
561 if (sla->prefix_len == 0) {
565 sla_max = ia->sla_max;
566 if (sla_max == 0 && (sla == NULL || !sla->sla_set)) {
567 const struct interface *ifi;
569 TAILQ_FOREACH(ifi, ifp->ctx->ifaces, next) {
570 if (ifi->index > sla_max)
571 sla_max = ifi->index;
575 bits = fls32(sla_max);
577 if (prefix->prefix_len + bits > (int)UINT8_MAX)
578 asla.prefix_len = UINT8_MAX;
580 asla.prefix_len = (uint8_t)(prefix->prefix_len + bits);
582 /* Make a 64 prefix by default, as this makes SLAAC
584 * Otherwise round up to the nearest 4 bits. */
585 if (asla.prefix_len <= 64)
586 asla.prefix_len = 64;
589 (uint8_t)ROUNDUP4(asla.prefix_len);
592 #define BIT(n) (1UL << (n))
593 #define BIT_MASK(len) (BIT(len) - 1)
594 if (ia->sla_max == 0) {
595 /* Work out the real sla_max from our bits used */
596 bits = asla.prefix_len - prefix->prefix_len;
597 /* Make static analysis happy.
598 * Bits cannot be bigger than 32 thanks to fls32. */
600 ia->sla_max = (uint32_t)BIT_MASK(bits);
604 if (ipv6_userprefix(&prefix->prefix, prefix->prefix_len,
605 sla->sla, addr, sla->prefix_len) == -1)
607 sa = inet_ntop(AF_INET6, &prefix->prefix,
608 sabuf, sizeof(sabuf));
609 logerr("%s: invalid prefix %s/%d + %d/%d",
610 ifp->name, sa, prefix->prefix_len,
611 sla->sla, sla->prefix_len);
615 if (prefix->prefix_exclude_len &&
616 IN6_ARE_ADDR_EQUAL(addr, &prefix->prefix_exclude))
618 sa = inet_ntop(AF_INET6, &prefix->prefix_exclude,
619 sabuf, sizeof(sabuf));
620 logerrx("%s: cannot delegate excluded prefix %s/%d",
621 ifp->name, sa, prefix->prefix_exclude_len);
625 return sla->prefix_len;
630 dhcp6_makemessage(struct interface *ifp)
632 struct dhcp6_state *state;
633 struct dhcp6_message *m;
634 struct dhcp6_option o;
635 uint8_t *p, *si, *unicast, IA;
636 size_t n, l, len, ml, hl;
638 uint16_t si_len, uni_len, n_options;
640 struct if_options *ifo;
641 const struct dhcp_opt *opt, *opt2;
642 const struct ipv6_addr *ap;
643 char hbuf[HOSTNAME_MAX_LEN + 1];
644 const char *hostname;
646 struct dhcp6_ia_na ia_na;
652 uint8_t duid[DUID_LEN];
655 state = D6_STATE(ifp);
664 if (fqdn == FQDN_DISABLE && ifo->options & DHCPCD_HOSTNAME) {
665 /* We're sending the DHCPv4 hostname option, so send FQDN as
666 * DHCPv6 has no FQDN option and DHCPv4 must not send
667 * hostname and FQDN according to RFC4702 */
670 if (fqdn != FQDN_DISABLE)
671 hostname = dhcp_get_hostname(hbuf, sizeof(hbuf), ifo);
673 hostname = NULL; /* appearse gcc */
675 /* Work out option size first */
679 hl = 0; /* Appease gcc */
680 if (state->state != DH6S_RELEASE && state->state != DH6S_DECLINE) {
681 for (l = 0, opt = ifp->ctx->dhcp6_opts;
682 l < ifp->ctx->dhcp6_opts_len;
685 for (n = 0, opt2 = ifo->dhcp6_override;
686 n < ifo->dhcp6_override_len;
689 if (opt->option == opt2->option)
692 if (n < ifo->dhcp6_override_len)
694 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6))
697 len += sizeof(o.len);
700 for (l = 0, opt = ifo->dhcp6_override;
701 l < ifo->dhcp6_override_len;
704 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6))
707 len += sizeof(o.len);
709 if (dhcp6_findselfsla(ifp)) {
711 len += sizeof(o.len);
717 if (fqdn != FQDN_DISABLE) {
718 hl = encode_rfc1035(hostname, NULL);
719 len += sizeof(o) + 1 + hl;
722 if (!has_option_mask(ifo->nomask6, D6_OPTION_MUDURL) &&
724 len += sizeof(o) + ifo->mudurl[0];
727 if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) !=
728 DHCPCD_AUTH_SENDREQUIRE &&
729 DHC_REQ(ifo->requestmask6, ifo->nomask6,
730 D6_OPTION_RECONF_ACCEPT))
731 len += sizeof(o); /* Reconfigure Accept */
735 len += sizeof(*state->send);
736 len += sizeof(o) + sizeof(uint16_t); /* elapsed */
738 if (ifo->options & DHCPCD_ANONYMOUS) {
739 duid_len = duid_make(duid, ifp, DUID_LL);
740 len += sizeof(o) + duid_len;
742 len += sizeof(o) + ifp->ctx->duid_len;
745 if (!has_option_mask(ifo->nomask6, D6_OPTION_USER_CLASS))
746 len += dhcp6_makeuser(NULL, ifp);
747 if (!has_option_mask(ifo->nomask6, D6_OPTION_VENDOR_CLASS))
748 len += dhcp6_makevendor(NULL, ifp);
753 switch(state->state) {
756 ml = state->recv_len;
767 si = dhcp6_findmoption(m, ml, D6_OPTION_SERVERID, &si_len);
770 len += sizeof(o) + si_len;
781 TAILQ_FOREACH(ap, &state->addrs, next) {
782 if (ap->flags & IPV6_AF_STALE)
784 if (!(ap->flags & IPV6_AF_REQUEST) &&
785 (ap->prefix_vltime == 0 ||
786 state->state == DH6S_DISCOVER))
788 if (DECLINE_IA(ap) && state->state != DH6S_DECLINE)
790 if (ap->ia_type == D6_OPTION_IA_PD) {
792 len += sizeof(o) + sizeof(struct dhcp6_pd_addr);
793 if (ap->prefix_exclude_len)
794 len += sizeof(o) + 1 +
795 (uint8_t)((ap->prefix_exclude_len -
796 ap->prefix_len - 1) / NBBY) + 1;
799 len += sizeof(o) + sizeof(struct dhcp6_ia_addr);
803 for (l = 0; l < ifo->ia_len; l++) {
804 len += sizeof(o) + sizeof(uint32_t); /* IAID */
805 /* IA_TA does not have T1 or T2 timers */
806 if (ifo->ia[l].ia_type != D6_OPTION_IA_TA)
807 len += sizeof(uint32_t) + sizeof(uint32_t);
815 if (state->state == DH6S_DISCOVER &&
816 !(ifp->ctx->options & DHCPCD_TEST) &&
817 DHC_REQ(ifo->requestmask6, ifo->nomask6, D6_OPTION_RAPID_COMMIT))
825 switch(state->state) {
826 case DH6S_INIT: /* FALLTHROUGH */
828 type = DHCP6_SOLICIT;
831 type = DHCP6_REQUEST;
834 type = DHCP6_CONFIRM;
843 type = DHCP6_INFORMATION_REQ;
846 type = DHCP6_RELEASE;
849 type = DHCP6_DECLINE;
856 switch(state->state) {
857 case DH6S_REQUEST: /* FALLTHROUGH */
858 case DH6S_RENEW: /* FALLTHROUGH */
860 if (has_option_mask(ifo->nomask6, D6_OPTION_UNICAST)) {
864 unicast = dhcp6_findmoption(m, ml, D6_OPTION_UNICAST, &uni_len);
871 /* In non master mode we listen and send from fixed addresses.
872 * We should try and match an address we have to unicast to,
873 * but for now this is the safest policy. */
874 if (unicast != NULL && !(ifp->ctx->options & DHCPCD_MASTER)) {
875 logdebugx("%s: ignoring unicast option as not master",
882 if (ifo->auth.options & DHCPCD_AUTH_SEND) {
883 ssize_t alen = dhcp_auth_encode(ifp->ctx, &ifo->auth,
884 state->auth.token, NULL, 0, 6, type, NULL, 0);
885 if (alen != -1 && alen > UINT16_MAX) {
890 logerr("%s: %s: dhcp_auth_encode", __func__, ifp->name);
891 else if (alen != 0) {
892 auth_len = (uint16_t)alen;
893 len += sizeof(o) + auth_len;
898 state->send = malloc(len);
899 if (state->send == NULL)
902 state->send_len = len;
903 state->send->type = type;
905 /* If we found a unicast option, copy it to our state for sending */
906 if (unicast && uni_len == sizeof(state->unicast))
907 memcpy(&state->unicast, unicast, sizeof(state->unicast));
909 state->unicast = in6addr_any;
911 dhcp6_newxid(ifp, state->send);
913 #define COPYIN1(_code, _len) { \
914 o.code = htons((_code)); \
915 o.len = htons((_len)); \
916 memcpy(p, &o, sizeof(o)); \
919 #define COPYIN(_code, _data, _len) do { \
920 COPYIN1((_code), (_len)); \
922 memcpy(p, (_data), (_len)); \
925 } while (0 /* CONSTCOND */)
926 #define NEXTLEN (p + offsetof(struct dhcp6_option, len))
928 /* Options are listed in numerical order as per RFC 7844 Section 4.1
929 * XXX: They should be randomised. */
931 p = (uint8_t *)state->send + sizeof(*state->send);
932 if (ifo->options & DHCPCD_ANONYMOUS)
933 COPYIN(D6_OPTION_CLIENTID, duid,
936 COPYIN(D6_OPTION_CLIENTID, ifp->ctx->duid,
937 (uint16_t)ifp->ctx->duid_len);
940 COPYIN(D6_OPTION_SERVERID, si, si_len);
942 for (l = 0; IA && l < ifo->ia_len; l++) {
945 /* TA structure is the same as the others,
946 * it just lacks the T1 and T2 timers.
947 * These happen to be at the end of the struct,
948 * so we just don't copy them in. */
949 if (ifia->ia_type == D6_OPTION_IA_TA)
950 ia_na_len = sizeof(struct dhcp6_ia_ta);
952 ia_na_len = sizeof(ia_na);
953 memcpy(ia_na.iaid, ifia->iaid, sizeof(ia_na.iaid));
956 COPYIN(ifia->ia_type, &ia_na, ia_na_len);
957 TAILQ_FOREACH(ap, &state->addrs, next) {
958 if (ap->flags & IPV6_AF_STALE)
960 if (!(ap->flags & IPV6_AF_REQUEST) &&
961 (ap->prefix_vltime == 0 ||
962 state->state == DH6S_DISCOVER))
964 if (DECLINE_IA(ap) && state->state != DH6S_DECLINE)
966 if (ap->ia_type != ifia->ia_type)
968 if (memcmp(ap->iaid, ifia->iaid, sizeof(ap->iaid)))
970 if (ap->ia_type == D6_OPTION_IA_PD) {
972 struct dhcp6_pd_addr pdp;
974 pdp.pltime = htonl(ap->prefix_pltime);
975 pdp.vltime = htonl(ap->prefix_vltime);
976 pdp.prefix_len = ap->prefix_len;
977 /* pdp.prefix is not aligned, so copy it in. */
978 memcpy(&pdp.prefix, &ap->prefix, sizeof(pdp.prefix));
979 COPYIN(D6_OPTION_IAPREFIX, &pdp, sizeof(pdp));
980 ia_na_len = (uint16_t)
981 (ia_na_len + sizeof(o) + sizeof(pdp));
983 /* RFC6603 Section 4.2 */
984 if (ap->prefix_exclude_len) {
985 uint8_t exb[16], *ep, u8;
988 n = (size_t)((ap->prefix_exclude_len -
989 ap->prefix_len - 1) / NBBY) + 1;
991 *ep++ = (uint8_t)ap->prefix_exclude_len;
992 pp = ap->prefix_exclude.s6_addr;
994 ((ap->prefix_len - 1) / NBBY) +
996 u8 = ap->prefix_len % NBBY;
1002 *ep = (uint8_t)(*pp << u8);
1004 COPYIN(D6_OPTION_PD_EXCLUDE, exb,
1006 ia_na_len = (uint16_t)
1007 (ia_na_len + sizeof(o) + n);
1011 struct dhcp6_ia_addr ia;
1014 ia.pltime = htonl(ap->prefix_pltime);
1015 ia.vltime = htonl(ap->prefix_vltime);
1016 COPYIN(D6_OPTION_IA_ADDR, &ia, sizeof(ia));
1017 ia_na_len = (uint16_t)
1018 (ia_na_len + sizeof(o) + sizeof(ia));
1022 /* Update the total option lenth. */
1023 ia_na_len = htons(ia_na_len);
1024 memcpy(o_lenp, &ia_na_len, sizeof(ia_na_len));
1027 if (state->send->type != DHCP6_RELEASE &&
1028 state->send->type != DHCP6_DECLINE &&
1033 COPYIN1(D6_OPTION_ORO, 0);
1034 for (l = 0, opt = ifp->ctx->dhcp6_opts;
1035 l < ifp->ctx->dhcp6_opts_len;
1039 for (n = 0, opt2 = ifo->dhcp6_override;
1040 n < ifo->dhcp6_override_len;
1043 if (opt->option == opt2->option)
1046 if (n < ifo->dhcp6_override_len)
1049 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6))
1051 o.code = htons((uint16_t)opt->option);
1052 memcpy(p, &o.code, sizeof(o.code));
1053 p += sizeof(o.code);
1054 o.len = (uint16_t)(o.len + sizeof(o.code));
1057 for (l = 0, opt = ifo->dhcp6_override;
1058 l < ifo->dhcp6_override_len;
1061 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6))
1063 o.code = htons((uint16_t)opt->option);
1064 memcpy(p, &o.code, sizeof(o.code));
1065 p += sizeof(o.code);
1066 o.len = (uint16_t)(o.len + sizeof(o.code));
1068 if (dhcp6_findselfsla(ifp)) {
1069 o.code = htons(D6_OPTION_PD_EXCLUDE);
1070 memcpy(p, &o.code, sizeof(o.code));
1071 p += sizeof(o.code);
1072 o.len = (uint16_t)(o.len + sizeof(o.code));
1075 o.len = htons(o.len);
1076 memcpy(o_lenp, &o.len, sizeof(o.len));
1080 COPYIN(D6_OPTION_ELAPSED, &si_len, sizeof(si_len));
1082 if (state->state == DH6S_DISCOVER &&
1083 !(ifp->ctx->options & DHCPCD_TEST) &&
1084 DHC_REQ(ifo->requestmask6, ifo->nomask6, D6_OPTION_RAPID_COMMIT))
1085 COPYIN1(D6_OPTION_RAPID_COMMIT, 0);
1087 if (!has_option_mask(ifo->nomask6, D6_OPTION_USER_CLASS))
1088 p += dhcp6_makeuser(p, ifp);
1089 if (!has_option_mask(ifo->nomask6, D6_OPTION_VENDOR_CLASS))
1090 p += dhcp6_makevendor(p, ifp);
1092 if (state->send->type != DHCP6_RELEASE &&
1093 state->send->type != DHCP6_DECLINE)
1095 if (fqdn != FQDN_DISABLE) {
1097 COPYIN1(D6_OPTION_FQDN, 0);
1114 encode_rfc1035(hostname, p);
1116 o.len = htons((uint16_t)(hl + 1));
1117 memcpy(o_lenp, &o.len, sizeof(o.len));
1120 if (!has_option_mask(ifo->nomask6, D6_OPTION_MUDURL) &&
1122 COPYIN(D6_OPTION_MUDURL,
1123 ifo->mudurl + 1, ifo->mudurl[0]);
1126 if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) !=
1127 DHCPCD_AUTH_SENDREQUIRE &&
1128 DHC_REQ(ifo->requestmask6, ifo->nomask6,
1129 D6_OPTION_RECONF_ACCEPT))
1130 COPYIN1(D6_OPTION_RECONF_ACCEPT, 0);
1136 /* This has to be the last option */
1137 if (ifo->auth.options & DHCPCD_AUTH_SEND && auth_len != 0) {
1138 COPYIN1(D6_OPTION_AUTH, auth_len);
1139 /* data will be filled at send message time */
1147 dhcp6_get_op(uint16_t type)
1149 const struct dhcp6_op *d;
1151 for (d = dhcp6_ops; d->name; d++)
1152 if (d->type == type)
1158 dhcp6_freedrop_addrs(struct interface *ifp, int drop,
1159 const struct interface *ifd)
1161 struct dhcp6_state *state;
1163 state = D6_STATE(ifp);
1165 ipv6_freedrop_addrs(&state->addrs, drop, ifd);
1167 rt_build(ifp->ctx, AF_INET6);
1172 static void dhcp6_delete_delegates(struct interface *ifp)
1174 struct interface *ifp0;
1176 if (ifp->ctx->ifaces) {
1177 TAILQ_FOREACH(ifp0, ifp->ctx->ifaces, next) {
1179 dhcp6_freedrop_addrs(ifp0, 1, ifp);
1187 dhcp6_update_auth(struct interface *ifp, struct dhcp6_message *m, size_t len)
1189 struct dhcp6_state *state;
1193 opt = dhcp6_findmoption(m, len, D6_OPTION_AUTH, &opt_len);
1197 state = D6_STATE(ifp);
1198 return dhcp_auth_encode(ifp->ctx, &ifp->options->auth,
1199 state->auth.token, (uint8_t *)state->send, state->send_len, 6,
1200 state->send->type, opt, opt_len);
1204 static const struct in6_addr alldhcp = IN6ADDR_LINKLOCAL_ALLDHCP_INIT;
1206 dhcp6_sendmessage(struct interface *ifp, void (*callback)(void *))
1208 struct dhcp6_state *state = D6_STATE(ifp);
1209 struct dhcpcd_ctx *ctx = ifp->ctx;
1211 bool broadcast = true;
1212 struct sockaddr_in6 dst = {
1213 .sin6_family = AF_INET6,
1214 /* Setting the port on Linux gives EINVAL when sending.
1215 * This looks like a kernel bug as the equivalent works
1216 * fine with the DHCP counterpart. */
1218 .sin6_port = htons(DHCP6_SERVER_PORT),
1221 struct udphdr udp = {
1222 .uh_sport = htons(DHCP6_CLIENT_PORT),
1223 .uh_dport = htons(DHCP6_SERVER_PORT),
1224 .uh_ulen = htons((uint16_t)(sizeof(udp) + state->send_len)),
1226 struct iovec iov[] = {
1227 { .iov_base = &udp, .iov_len = sizeof(udp), },
1228 { .iov_base = state->send, .iov_len = state->send_len, },
1232 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
1233 } cmsgbuf = { .buf = { 0 } };
1234 struct msghdr msg = {
1235 .msg_name = &dst, .msg_namelen = sizeof(dst),
1236 .msg_iov = iov, .msg_iovlen = __arraycount(iov),
1238 char uaddr[INET6_ADDRSTRLEN];
1240 if (!callback && !if_is_link_up(ifp))
1243 if (!IN6_IS_ADDR_UNSPECIFIED(&state->unicast)) {
1244 switch (state->send->type) {
1245 case DHCP6_SOLICIT: /* FALLTHROUGH */
1246 case DHCP6_CONFIRM: /* FALLTHROUGH */
1248 /* Unicasting is denied for these types. */
1252 inet_ntop(AF_INET6, &state->unicast, uaddr,
1257 dst.sin6_addr = broadcast ? alldhcp : state->unicast;
1260 logdebugx("%s: %s %s with xid 0x%02x%02x%02x%s%s",
1262 broadcast ? "broadcasting" : "unicasting",
1263 dhcp6_get_op(state->send->type),
1264 state->send->xid[0],
1265 state->send->xid[1],
1266 state->send->xid[2],
1267 !broadcast ? " " : "",
1268 !broadcast ? uaddr : "");
1272 !(ifp->options->options & DHCPCD_INITIAL_DELAY))
1275 state->RT = state->IMD * MSEC_PER_SEC;
1276 /* Some buggy PPP servers close the link too early
1277 * after sending an invalid status in their reply
1278 * which means this host won't see it.
1279 * 1 second grace seems to be the sweet spot. */
1280 if (ifp->flags & IFF_POINTOPOINT)
1281 state->RT += MSEC_PER_SEC;
1282 } else if (state->RTC == 0)
1283 state->RT = state->IRT * MSEC_PER_SEC;
1285 if (state->MRT != 0) {
1286 unsigned int mrt = state->MRT * MSEC_PER_SEC;
1288 if (state->RT > mrt)
1292 /* Add -.1 to .1 * RT randomness as per RFC8415 section 15 */
1293 uint32_t lru = arc4random_uniform(
1294 state->RTC == 0 ? DHCP6_RAND_MAX
1295 : DHCP6_RAND_MAX - DHCP6_RAND_MIN);
1296 int lr = (int)lru - (state->RTC == 0 ? 0 : DHCP6_RAND_MAX);
1298 + (unsigned int)((float)state->RT
1299 * ((float)lr / DHCP6_RAND_DIV));
1301 if (if_is_link_up(ifp))
1302 logdebugx("%s: %s %s (xid 0x%02x%02x%02x)%s%s,"
1303 " next in %0.1f seconds",
1305 state->IMD != 0 ? "delaying" :
1306 broadcast ? "broadcasting" : "unicasting",
1307 dhcp6_get_op(state->send->type),
1308 state->send->xid[0],
1309 state->send->xid[1],
1310 state->send->xid[2],
1311 state->IMD == 0 && !broadcast ? " " : "",
1312 state->IMD == 0 && !broadcast ? uaddr : "",
1313 (float)RT / MSEC_PER_SEC);
1315 /* Wait the initial delay */
1316 if (state->IMD != 0) {
1318 eloop_timeout_add_msec(ctx->eloop, RT, callback, ifp);
1323 if (!if_is_link_up(ifp))
1326 /* Update the elapsed time */
1327 dhcp6_updateelapsed(ifp, state->send, state->send_len);
1329 if (ifp->options->auth.options & DHCPCD_AUTH_SEND &&
1330 dhcp6_update_auth(ifp, state->send, state->send_len) == -1)
1332 logerr("%s: %s: dhcp6_updateauth", __func__, ifp->name);
1338 /* Set the outbound interface */
1341 struct in6_pktinfo pi = { .ipi6_ifindex = ifp->index };
1343 dst.sin6_scope_id = ifp->index;
1344 msg.msg_control = cmsgbuf.buf;
1345 msg.msg_controllen = sizeof(cmsgbuf.buf);
1346 cm = CMSG_FIRSTHDR(&msg);
1347 if (cm == NULL) /* unlikely */
1349 cm->cmsg_level = IPPROTO_IPV6;
1350 cm->cmsg_type = IPV6_PKTINFO;
1351 cm->cmsg_len = CMSG_LEN(sizeof(pi));
1352 memcpy(CMSG_DATA(cm), &pi, sizeof(pi));
1356 if (IN_PRIVSEP(ifp->ctx)) {
1357 if (ps_inet_senddhcp6(ifp, &msg) == -1)
1363 if (sendmsg(ctx->dhcp6_wfd, &msg, 0) == -1) {
1364 logerr("%s: %s: sendmsg", __func__, ifp->name);
1365 /* Allow DHCPv6 to continue .... the errors
1366 * would be rate limited by the protocol.
1367 * Generally the error is ENOBUFS when struggling to
1368 * associate with an access point. */
1377 if (state->RT < RT) /* Check overflow */
1379 if (state->MRC == 0 || state->RTC < state->MRC)
1380 eloop_timeout_add_msec(ctx->eloop,
1382 else if (state->MRC != 0 && state->MRCcallback)
1383 eloop_timeout_add_msec(ctx->eloop,
1384 RT, state->MRCcallback, ifp);
1386 logwarnx("%s: sent %d times with no reply",
1387 ifp->name, state->RTC);
1393 dhcp6_sendinform(void *arg)
1396 dhcp6_sendmessage(arg, dhcp6_sendinform);
1400 dhcp6_senddiscover(void *arg)
1403 dhcp6_sendmessage(arg, dhcp6_senddiscover);
1407 dhcp6_sendrequest(void *arg)
1410 dhcp6_sendmessage(arg, dhcp6_sendrequest);
1414 dhcp6_sendrebind(void *arg)
1417 dhcp6_sendmessage(arg, dhcp6_sendrebind);
1421 dhcp6_sendrenew(void *arg)
1424 dhcp6_sendmessage(arg, dhcp6_sendrenew);
1428 dhcp6_sendconfirm(void *arg)
1431 dhcp6_sendmessage(arg, dhcp6_sendconfirm);
1435 dhcp6_senddecline(void *arg)
1438 dhcp6_sendmessage(arg, dhcp6_senddecline);
1442 dhcp6_sendrelease(void *arg)
1445 dhcp6_sendmessage(arg, dhcp6_sendrelease);
1449 dhcp6_startrenew(void *arg)
1451 struct interface *ifp;
1452 struct dhcp6_state *state;
1455 if ((state = D6_STATE(ifp)) == NULL)
1458 /* Only renew in the bound or renew states */
1459 if (state->state != DH6S_BOUND &&
1460 state->state != DH6S_RENEW)
1463 /* Remove the timeout as the renew may have been forced. */
1464 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_startrenew, ifp);
1466 state->state = DH6S_RENEW;
1468 state->IMD = REN_MAX_DELAY;
1469 state->IRT = REN_TIMEOUT;
1470 state->MRT = REN_MAX_RT;
1473 if (dhcp6_makemessage(ifp) == -1)
1474 logerr("%s: %s", __func__, ifp->name);
1476 dhcp6_sendrenew(ifp);
1479 void dhcp6_renew(struct interface *ifp)
1482 dhcp6_startrenew(ifp);
1486 dhcp6_dadcompleted(const struct interface *ifp)
1488 const struct dhcp6_state *state;
1489 const struct ipv6_addr *ap;
1491 state = D6_CSTATE(ifp);
1492 TAILQ_FOREACH(ap, &state->addrs, next) {
1493 if (ap->flags & IPV6_AF_ADDED &&
1494 !(ap->flags & IPV6_AF_DADCOMPLETED))
1501 dhcp6_dadcallback(void *arg)
1503 struct ipv6_addr *ia = arg;
1504 struct interface *ifp;
1505 struct dhcp6_state *state;
1506 struct ipv6_addr *ia2;
1507 bool completed, valid, oneduplicated;
1509 completed = (ia->flags & IPV6_AF_DADCOMPLETED);
1510 ia->flags |= IPV6_AF_DADCOMPLETED;
1511 if (ia->addr_flags & IN6_IFF_DUPLICATED)
1512 logwarnx("%s: DAD detected %s", ia->iface->name, ia->saddr);
1514 #ifdef ND6_ADVERTISE
1516 ipv6nd_advertise(ia);
1522 state = D6_STATE(ifp);
1523 if (state->state != DH6S_BOUND && state->state != DH6S_DELEGATED)
1529 valid = (ia->delegating_prefix == NULL);
1532 oneduplicated = false;
1533 TAILQ_FOREACH(ia2, &state->addrs, next) {
1534 if (ia2->flags & IPV6_AF_ADDED &&
1535 !(ia2->flags & IPV6_AF_DADCOMPLETED))
1541 oneduplicated = true;
1546 logdebugx("%s: DHCPv6 DAD completed", ifp->name);
1548 if (oneduplicated && state->state == DH6S_BOUND) {
1549 dhcp6_startdecline(ifp);
1553 script_runreason(ifp,
1555 ia->delegating_prefix ? "DELEGATED6" :
1559 dhcpcd_daemonise(ifp->ctx);
1563 dhcp6_addrequestedaddrs(struct interface *ifp)
1565 struct dhcp6_state *state;
1568 struct ipv6_addr *a;
1570 state = D6_STATE(ifp);
1571 /* Add any requested prefixes / addresses */
1572 for (i = 0; i < ifp->options->ia_len; i++) {
1573 ia = &ifp->options->ia[i];
1574 if (!((ia->ia_type == D6_OPTION_IA_PD && ia->prefix_len) ||
1575 !IN6_IS_ADDR_UNSPECIFIED(&ia->addr)))
1577 a = ipv6_newaddr(ifp, &ia->addr,
1579 * RFC 5942 Section 5
1580 * We cannot assume any prefix length, nor tie the
1581 * address to an existing one as it could expire
1582 * before the address.
1583 * As such we just give it a 128 prefix.
1585 ia->ia_type == D6_OPTION_IA_PD ? ia->prefix_len : 128,
1589 a->dadcallback = dhcp6_dadcallback;
1590 memcpy(&a->iaid, &ia->iaid, sizeof(a->iaid));
1591 a->ia_type = ia->ia_type;
1592 TAILQ_INSERT_TAIL(&state->addrs, a, next);
1597 dhcp6_startdiscover(void *arg)
1599 struct interface *ifp;
1600 struct dhcp6_state *state;
1604 state = D6_STATE(ifp);
1606 if (state->reason == NULL || strcmp(state->reason, "TIMEOUT6") != 0)
1607 dhcp6_delete_delegates(ifp);
1609 if (state->new == NULL && !state->failed)
1613 logmessage(llevel, "%s: soliciting a DHCPv6 lease", ifp->name);
1614 state->state = DH6S_DISCOVER;
1616 state->IMD = SOL_MAX_DELAY;
1617 state->IRT = SOL_TIMEOUT;
1618 state->MRT = state->sol_max_rt;
1619 state->MRC = SOL_MAX_RC;
1621 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1626 if (dhcp6_makemessage(ifp) == -1)
1627 logerr("%s: %s", __func__, ifp->name);
1629 dhcp6_senddiscover(ifp);
1633 dhcp6_startinform(void *arg)
1635 struct interface *ifp;
1636 struct dhcp6_state *state;
1640 state = D6_STATE(ifp);
1641 if (state->new == NULL && !state->failed)
1645 logmessage(llevel, "%s: requesting DHCPv6 information", ifp->name);
1646 state->state = DH6S_INFORM;
1648 state->IMD = INF_MAX_DELAY;
1649 state->IRT = INF_TIMEOUT;
1650 state->MRT = state->inf_max_rt;
1653 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1654 if (dhcp6_makemessage(ifp) == -1) {
1655 logerr("%s: %s", __func__, ifp->name);
1658 dhcp6_sendinform(ifp);
1659 /* RFC3315 18.1.2 says that if CONFIRM failed then the prior addresses
1660 * SHOULD be used. The wording here is poor, because the addresses are
1661 * merely one facet of the lease as a whole.
1662 * This poor wording might explain the lack of similar text for INFORM
1663 * in 18.1.5 because there are no addresses in the INFORM message. */
1664 eloop_timeout_add_sec(ifp->ctx->eloop,
1665 INF_MAX_RD, dhcp6_failinform, ifp);
1669 dhcp6_startdiscoinform(struct interface *ifp)
1671 unsigned long long opts = ifp->options->options;
1673 if (opts & DHCPCD_IA_FORCED || ipv6nd_hasradhcp(ifp, true))
1674 dhcp6_startdiscover(ifp);
1675 else if (opts & DHCPCD_INFORM6 || ipv6nd_hasradhcp(ifp, false))
1676 dhcp6_startinform(ifp);
1683 dhcp6_leaseextend(struct interface *ifp)
1685 struct dhcp6_state *state = D6_STATE(ifp);
1686 struct ipv6_addr *ia;
1688 logwarnx("%s: extending DHCPv6 lease", ifp->name);
1689 TAILQ_FOREACH(ia, &state->addrs, next) {
1690 ia->flags |= IPV6_AF_EXTENDED;
1691 /* Set infinite lifetimes. */
1692 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1693 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1698 dhcp6_fail(struct interface *ifp)
1700 struct dhcp6_state *state = D6_STATE(ifp);
1702 state->failed = true;
1704 /* RFC3315 18.1.2 says that prior addresses SHOULD be used on failure.
1705 * RFC2131 3.2.3 says that MAY chose to use the prior address.
1706 * Because dhcpcd was written first for RFC2131, we have the LASTLEASE
1707 * option which defaults to off as that makes the most sense for
1709 * dhcpcd also has LASTLEASE_EXTEND to extend this lease past it's
1710 * expiry, but this is strictly not RFC compliant in any way or form. */
1711 if (state->new != NULL &&
1712 ifp->options->options & DHCPCD_LASTLEASE_EXTEND)
1714 dhcp6_leaseextend(ifp);
1715 dhcp6_bind(ifp, NULL, NULL);
1717 dhcp6_freedrop_addrs(ifp, 1, NULL);
1719 dhcp6_delete_delegates(ifp);
1722 state->old = state->new;
1723 state->old_len = state->new_len;
1726 if (state->old != NULL)
1727 script_runreason(ifp, "EXPIRE6");
1728 dhcp_unlink(ifp->ctx, state->leasefile);
1729 dhcp6_addrequestedaddrs(ifp);
1732 if (!dhcp6_startdiscoinform(ifp)) {
1733 logwarnx("%s: no advertising IPv6 router wants DHCP",ifp->name);
1734 state->state = DH6S_INIT;
1735 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1740 dhcp6_failloglevel(struct interface *ifp)
1742 const struct dhcp6_state *state = D6_CSTATE(ifp);
1744 return state->failed ? LOG_DEBUG : LOG_ERR;
1748 dhcp6_failconfirm(void *arg)
1750 struct interface *ifp = arg;
1751 int llevel = dhcp6_failloglevel(ifp);
1753 logmessage(llevel, "%s: failed to confirm prior DHCPv6 address",
1759 dhcp6_failrequest(void *arg)
1761 struct interface *ifp = arg;
1762 int llevel = dhcp6_failloglevel(ifp);
1764 logmessage(llevel, "%s: failed to request DHCPv6 address", ifp->name);
1769 dhcp6_failinform(void *arg)
1771 struct interface *ifp = arg;
1772 int llevel = dhcp6_failloglevel(ifp);
1774 logmessage(llevel, "%s: failed to request DHCPv6 information",
1781 dhcp6_failrebind(void *arg)
1783 struct interface *ifp = arg;
1785 logerrx("%s: failed to rebind prior DHCPv6 delegation", ifp->name);
1790 dhcp6_hasprefixdelegation(struct interface *ifp)
1796 for (i = 0; i < ifp->options->ia_len; i++) {
1797 if (t && t != ifp->options->ia[i].ia_type) {
1798 if (t == D6_OPTION_IA_PD ||
1799 ifp->options->ia[i].ia_type == D6_OPTION_IA_PD)
1802 t = ifp->options->ia[i].ia_type;
1804 return t == D6_OPTION_IA_PD ? 1 : 0;
1809 dhcp6_startrebind(void *arg)
1811 struct interface *ifp;
1812 struct dhcp6_state *state;
1818 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_sendrenew, ifp);
1819 state = D6_STATE(ifp);
1820 if (state->state == DH6S_RENEW)
1821 logwarnx("%s: failed to renew DHCPv6, rebinding", ifp->name);
1823 loginfox("%s: rebinding prior DHCPv6 lease", ifp->name);
1824 state->state = DH6S_REBIND;
1829 /* RFC 3633 section 12.1 */
1830 pd = dhcp6_hasprefixdelegation(ifp);
1832 state->IMD = CNF_MAX_DELAY;
1833 state->IRT = CNF_TIMEOUT;
1834 state->MRT = CNF_MAX_RT;
1838 state->IMD = REB_MAX_DELAY;
1839 state->IRT = REB_TIMEOUT;
1840 state->MRT = REB_MAX_RT;
1843 if (dhcp6_makemessage(ifp) == -1)
1844 logerr("%s: %s", __func__, ifp->name);
1846 dhcp6_sendrebind(ifp);
1849 /* RFC 3633 section 12.1 */
1851 eloop_timeout_add_sec(ifp->ctx->eloop,
1852 CNF_MAX_RD, dhcp6_failrebind, ifp);
1858 dhcp6_startrequest(struct interface *ifp)
1860 struct dhcp6_state *state;
1862 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_senddiscover, ifp);
1863 state = D6_STATE(ifp);
1864 state->state = DH6S_REQUEST;
1867 state->IRT = REQ_TIMEOUT;
1868 state->MRT = REQ_MAX_RT;
1869 state->MRC = REQ_MAX_RC;
1870 state->MRCcallback = dhcp6_failrequest;
1872 if (dhcp6_makemessage(ifp) == -1) {
1873 logerr("%s: %s", __func__, ifp->name);
1877 dhcp6_sendrequest(ifp);
1881 dhcp6_startconfirm(struct interface *ifp)
1883 struct dhcp6_state *state;
1884 struct ipv6_addr *ia;
1886 state = D6_STATE(ifp);
1888 TAILQ_FOREACH(ia, &state->addrs, next) {
1889 if (!DECLINE_IA(ia))
1891 logerrx("%s: prior DHCPv6 has a duplicated address", ifp->name);
1892 dhcp6_startdecline(ifp);
1896 state->state = DH6S_CONFIRM;
1898 state->IMD = CNF_MAX_DELAY;
1899 state->IRT = CNF_TIMEOUT;
1900 state->MRT = CNF_MAX_RT;
1901 state->MRC = CNF_MAX_RC;
1903 loginfox("%s: confirming prior DHCPv6 lease", ifp->name);
1905 if (dhcp6_makemessage(ifp) == -1) {
1906 logerr("%s: %s", __func__, ifp->name);
1909 dhcp6_sendconfirm(ifp);
1910 eloop_timeout_add_sec(ifp->ctx->eloop,
1911 CNF_MAX_RD, dhcp6_failconfirm, ifp);
1915 dhcp6_startexpire(void *arg)
1917 struct interface *ifp;
1920 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_sendrebind, ifp);
1922 logerrx("%s: DHCPv6 lease expired", ifp->name);
1927 dhcp6_faildecline(void *arg)
1929 struct interface *ifp = arg;
1931 logerrx("%s: failed to decline duplicated DHCPv6 addresses", ifp->name);
1936 dhcp6_startdecline(struct interface *ifp)
1938 struct dhcp6_state *state;
1940 state = D6_STATE(ifp);
1941 loginfox("%s: declining failed DHCPv6 addresses", ifp->name);
1942 state->state = DH6S_DECLINE;
1945 state->IRT = DEC_TIMEOUT;
1947 state->MRC = DEC_MAX_RC;
1948 state->MRCcallback = dhcp6_faildecline;
1950 if (dhcp6_makemessage(ifp) == -1)
1951 logerr("%s: %s", __func__, ifp->name);
1953 dhcp6_senddecline(ifp);
1957 dhcp6_finishrelease(void *arg)
1959 struct interface *ifp;
1960 struct dhcp6_state *state;
1962 ifp = (struct interface *)arg;
1963 if ((state = D6_STATE(ifp)) != NULL) {
1964 state->state = DH6S_RELEASED;
1965 dhcp6_drop(ifp, "RELEASE6");
1970 dhcp6_startrelease(struct interface *ifp)
1972 struct dhcp6_state *state;
1974 state = D6_STATE(ifp);
1975 if (state->state != DH6S_BOUND)
1978 state->state = DH6S_RELEASE;
1980 state->IMD = REL_MAX_DELAY;
1981 state->IRT = REL_TIMEOUT;
1982 state->MRT = REL_MAX_RT;
1983 /* MRC of REL_MAX_RC is optional in RFC 3315 18.1.6 */
1985 state->MRC = REL_MAX_RC;
1986 state->MRCcallback = dhcp6_finishrelease;
1989 state->MRCcallback = NULL;
1992 if (dhcp6_makemessage(ifp) == -1)
1993 logerr("%s: %s", __func__, ifp->name);
1995 dhcp6_sendrelease(ifp);
1996 dhcp6_finishrelease(ifp);
2001 dhcp6_checkstatusok(const struct interface *ifp,
2002 struct dhcp6_message *m, uint8_t *p, size_t len)
2004 struct dhcp6_state *state;
2006 uint16_t opt_len, code;
2008 void * (*f)(void *, size_t, uint16_t, uint16_t *), *farg;
2009 char buf[32], *sbuf;
2013 state = D6_STATE(ifp);
2014 f = p ? dhcp6_findoption : dhcp6_findmoption;
2019 if ((opt = f(farg, len, D6_OPTION_STATUS_CODE, &opt_len)) == NULL) {
2020 //logdebugx("%s: no status", ifp->name);
2026 if (opt_len < sizeof(code)) {
2027 logerrx("%s: status truncated", ifp->name);
2030 memcpy(&code, opt, sizeof(code));
2032 if (code == D6_STATUS_OK) {
2038 /* Anything after the code is a message. */
2039 opt += sizeof(code);
2040 mlen = opt_len - sizeof(code);
2043 if (code < sizeof(dhcp6_statuses) / sizeof(char *))
2044 status = dhcp6_statuses[code];
2046 snprintf(buf, sizeof(buf), "Unknown Status (%d)", code);
2050 if ((sbuf = malloc(mlen + 1)) == NULL) {
2054 memcpy(sbuf, opt, mlen);
2059 if (state->lerror == code || state->state == DH6S_INIT)
2060 loglevel = LOG_DEBUG;
2063 logmessage(loglevel, "%s: DHCPv6 REPLY: %s", ifp->name, status);
2065 state->lerror = code;
2068 if (code != 0 && ifp->ctx->options & DHCPCD_TEST)
2069 eloop_exit(ifp->ctx->eloop, EXIT_FAILURE);
2074 const struct ipv6_addr *
2075 dhcp6_iffindaddr(const struct interface *ifp, const struct in6_addr *addr,
2078 const struct dhcp6_state *state;
2079 const struct ipv6_addr *ap;
2081 if ((state = D6_STATE(ifp)) != NULL) {
2082 TAILQ_FOREACH(ap, &state->addrs, next) {
2083 if (ipv6_findaddrmatch(ap, addr, flags))
2091 dhcp6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr,
2094 struct interface *ifp;
2095 struct ipv6_addr *ap;
2096 struct dhcp6_state *state;
2098 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2099 if ((state = D6_STATE(ifp)) != NULL) {
2100 TAILQ_FOREACH(ap, &state->addrs, next) {
2101 if (ipv6_findaddrmatch(ap, addr, flags))
2110 dhcp6_findna(struct interface *ifp, uint16_t ot, const uint8_t *iaid,
2111 uint8_t *d, size_t l, const struct timespec *acquired)
2113 struct dhcp6_state *state;
2116 struct ipv6_addr *a;
2118 struct dhcp6_ia_addr ia;
2121 state = D6_STATE(ifp);
2122 while ((o = dhcp6_findoption(d, l, D6_OPTION_IA_ADDR, &ol))) {
2123 /* Set d and l first to ensure we find the next option. */
2125 l -= (size_t)(nd - d);
2127 if (ol < sizeof(ia)) {
2129 logerrx("%s: IA Address option truncated", ifp->name);
2132 memcpy(&ia, o, sizeof(ia));
2133 ia.pltime = ntohl(ia.pltime);
2134 ia.vltime = ntohl(ia.vltime);
2136 if (ia.pltime > ia.vltime) {
2138 logerr("%s: IA Address pltime %"PRIu32
2139 " > vltime %"PRIu32,
2140 ifp->name, ia.pltime, ia.vltime);
2143 TAILQ_FOREACH(a, &state->addrs, next) {
2144 if (ipv6_findaddrmatch(a, &ia.addr, 0))
2149 * RFC 5942 Section 5
2150 * We cannot assume any prefix length, nor tie the
2151 * address to an existing one as it could expire
2152 * before the address.
2153 * As such we just give it a 128 prefix.
2155 a = ipv6_newaddr(ifp, &ia.addr, 128, IPV6_AF_ONLINK);
2156 a->dadcallback = dhcp6_dadcallback;
2158 memcpy(a->iaid, iaid, sizeof(a->iaid));
2159 a->created = *acquired;
2161 TAILQ_INSERT_TAIL(&state->addrs, a, next);
2163 if (!(a->flags & IPV6_AF_ONLINK))
2164 a->flags |= IPV6_AF_ONLINK | IPV6_AF_NEW;
2165 a->flags &= ~(IPV6_AF_STALE | IPV6_AF_EXTENDED);
2167 a->acquired = *acquired;
2168 a->prefix_pltime = ia.pltime;
2169 if (a->prefix_vltime != ia.vltime) {
2170 a->flags |= IPV6_AF_NEW;
2171 a->prefix_vltime = ia.vltime;
2173 if (a->prefix_pltime && a->prefix_pltime < state->lowpl)
2174 state->lowpl = a->prefix_pltime;
2175 if (a->prefix_vltime && a->prefix_vltime > state->expire)
2176 state->expire = a->prefix_vltime;
2184 dhcp6_findpd(struct interface *ifp, const uint8_t *iaid,
2185 uint8_t *d, size_t l, const struct timespec *acquired)
2187 struct dhcp6_state *state;
2189 struct ipv6_addr *a;
2193 struct dhcp6_pd_addr pdp;
2194 struct in6_addr pdp_prefix;
2197 state = D6_STATE(ifp);
2198 while ((o = dhcp6_findoption(d, l, D6_OPTION_IAPREFIX, &ol))) {
2199 /* Set d and l first to ensure we find the next option. */
2201 l -= (size_t)(nd - d);
2203 if (ol < sizeof(pdp)) {
2205 logerrx("%s: IA Prefix option truncated", ifp->name);
2209 memcpy(&pdp, o, sizeof(pdp));
2210 pdp.pltime = ntohl(pdp.pltime);
2211 pdp.vltime = ntohl(pdp.vltime);
2213 if (pdp.pltime > pdp.vltime) {
2215 logerrx("%s: IA Prefix pltime %"PRIu32
2216 " > vltime %"PRIu32,
2217 ifp->name, pdp.pltime, pdp.vltime);
2222 ol = (uint16_t)(ol - sizeof(pdp));
2224 /* pdp.prefix is not aligned so copy it out. */
2225 memcpy(&pdp_prefix, &pdp.prefix, sizeof(pdp_prefix));
2226 TAILQ_FOREACH(a, &state->addrs, next) {
2227 if (IN6_ARE_ADDR_EQUAL(&a->prefix, &pdp_prefix))
2232 a = ipv6_newaddr(ifp, &pdp_prefix, pdp.prefix_len,
2233 IPV6_AF_DELEGATEDPFX);
2236 a->created = *acquired;
2237 a->dadcallback = dhcp6_dadcallback;
2238 a->ia_type = D6_OPTION_IA_PD;
2239 memcpy(a->iaid, iaid, sizeof(a->iaid));
2240 TAILQ_INSERT_TAIL(&state->addrs, a, next);
2242 if (!(a->flags & IPV6_AF_DELEGATEDPFX))
2243 a->flags |= IPV6_AF_NEW | IPV6_AF_DELEGATEDPFX;
2244 a->flags &= ~(IPV6_AF_STALE |
2247 if (a->prefix_vltime != pdp.vltime)
2248 a->flags |= IPV6_AF_NEW;
2251 a->acquired = *acquired;
2252 a->prefix_pltime = pdp.pltime;
2253 a->prefix_vltime = pdp.vltime;
2255 if (a->prefix_pltime && a->prefix_pltime < state->lowpl)
2256 state->lowpl = a->prefix_pltime;
2257 if (a->prefix_vltime && a->prefix_vltime > state->expire)
2258 state->expire = a->prefix_vltime;
2261 a->prefix_exclude_len = 0;
2262 memset(&a->prefix_exclude, 0, sizeof(a->prefix_exclude));
2263 o = dhcp6_findoption(o, ol, D6_OPTION_PD_EXCLUDE, &ol);
2267 /* RFC 6603 4.2 says option length MUST be between 2 and 17.
2268 * This allows 1 octet for prefix length and 16 for the
2270 if (ol < 2 || ol > 17) {
2271 logerrx("%s: invalid PD Exclude option", ifp->name);
2275 /* RFC 6603 4.2 says prefix length MUST be between the
2276 * length of the IAPREFIX prefix length + 1 and 128. */
2277 if (*o < a->prefix_len + 1 || *o > 128) {
2278 logerrx("%s: invalid PD Exclude length", ifp->name);
2283 /* Check option length matches prefix length. */
2284 if (((*o - a->prefix_len - 1) / NBBY) + 1 != ol) {
2285 logerrx("%s: PD Exclude length mismatch", ifp->name);
2288 a->prefix_exclude_len = *o++;
2290 memcpy(&a->prefix_exclude, &a->prefix,
2291 sizeof(a->prefix_exclude));
2292 nb = a->prefix_len % NBBY;
2295 pw = a->prefix_exclude.s6_addr +
2296 (a->prefix_exclude_len / NBBY) - 1;
2300 *pw = (uint8_t)(*pw | (*o >> nb));
2307 dhcp6_findia(struct interface *ifp, struct dhcp6_message *m, size_t l,
2308 const char *sfrom, const struct timespec *acquired)
2310 struct dhcp6_state *state;
2311 const struct if_options *ifo;
2312 struct dhcp6_option o;
2314 struct dhcp6_ia_na ia;
2319 char buf[sizeof(iaid) * 3];
2320 struct ipv6_addr *ap;
2323 if (l < sizeof(*m)) {
2324 /* Should be impossible with guards at packet in
2325 * and reading leases */
2332 state = D6_STATE(ifp);
2333 TAILQ_FOREACH(ap, &state->addrs, next) {
2334 if (!(ap->flags & IPV6_AF_DELEGATED))
2335 ap->flags |= IPV6_AF_STALE;
2338 d = (uint8_t *)m + sizeof(*m);
2340 while (l > sizeof(o)) {
2341 memcpy(&o, d, sizeof(o));
2342 o.len = ntohs(o.len);
2343 if (o.len > l || sizeof(o) + o.len > l) {
2345 logerrx("%s: option overflow", ifp->name);
2350 l -= sizeof(o) + o.len;
2352 o.code = ntohs(o.code);
2354 case D6_OPTION_IA_TA:
2357 case D6_OPTION_IA_NA:
2358 case D6_OPTION_IA_PD:
2366 logerrx("%s: IA option truncated", ifp->name);
2372 o.len = (uint16_t)(o.len - nl);
2374 for (j = 0; j < ifo->ia_len; j++) {
2376 if (ifia->ia_type == o.code &&
2377 memcmp(ifia->iaid, ia.iaid, sizeof(ia.iaid)) == 0)
2380 if (j == ifo->ia_len &&
2381 !(ifo->ia_len == 0 && ifp->ctx->options & DHCPCD_DUMPLEASE))
2383 logdebugx("%s: ignoring unrequested IAID %s",
2385 hwaddr_ntoa(ia.iaid, sizeof(ia.iaid),
2390 if (o.code != D6_OPTION_IA_TA) {
2391 ia.t1 = ntohl(ia.t1);
2392 ia.t2 = ntohl(ia.t2);
2394 if (ia.t2 > 0 && ia.t1 > ia.t2) {
2395 logwarnx("%s: IAID %s T1(%d) > T2(%d) from %s",
2397 hwaddr_ntoa(iaid, sizeof(iaid), buf,
2399 ia.t1, ia.t2, sfrom);
2403 ia.t1 = ia.t2 = 0; /* appease gcc */
2404 if ((error = dhcp6_checkstatusok(ifp, NULL, p, o.len)) != 0) {
2405 if (error == D6_STATUS_NOBINDING)
2406 state->has_no_binding = true;
2410 if (o.code == D6_OPTION_IA_PD) {
2412 if (dhcp6_findpd(ifp, ia.iaid, p, o.len,
2415 logwarnx("%s: %s: DHCPv6 REPLY missing Prefix",
2421 if (dhcp6_findna(ifp, o.code, ia.iaid, p, o.len,
2424 logwarnx("%s: %s: DHCPv6 REPLY missing "
2430 if (o.code != D6_OPTION_IA_TA) {
2432 (ia.t1 < state->renew || state->renew == 0))
2433 state->renew = ia.t1;
2435 (ia.t2 < state->rebind || state->rebind == 0))
2436 state->rebind = ia.t2;
2448 dhcp6_deprecatedele(struct ipv6_addr *ia)
2450 struct ipv6_addr *da, *dan, *dda;
2451 struct timespec now;
2452 struct dhcp6_state *state;
2454 timespecclear(&now);
2455 TAILQ_FOREACH_SAFE(da, &ia->pd_pfxs, pd_next, dan) {
2456 if (ia->prefix_vltime == 0) {
2457 if (da->prefix_vltime != 0)
2458 da->prefix_vltime = 0;
2461 } else if (da->prefix_pltime != 0)
2462 da->prefix_pltime = 0;
2466 if (ipv6_doaddr(da, &now) != -1)
2469 /* Delegation deleted, forget it. */
2470 TAILQ_REMOVE(&ia->pd_pfxs, da, pd_next);
2472 /* Delete it from the interface. */
2473 state = D6_STATE(da->iface);
2474 TAILQ_FOREACH(dda, &state->addrs, next) {
2475 if (IN6_ARE_ADDR_EQUAL(&dda->addr, &da->addr))
2479 TAILQ_REMOVE(&state->addrs, dda, next);
2487 dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs)
2489 struct ipv6_addr *ia, *ian;
2491 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
2492 if (ia->flags & IPV6_AF_EXTENDED)
2494 else if (ia->flags & IPV6_AF_STALE) {
2495 if (ia->prefix_vltime != 0)
2496 logdebugx("%s: %s: became stale",
2497 ia->iface->name, ia->saddr);
2498 /* Technically this violates RFC 8415 18.2.10.1,
2499 * but we need a mechanism to tell the kernel to
2500 * try and prefer other addresses. */
2501 ia->prefix_pltime = 0;
2502 } else if (ia->prefix_vltime == 0)
2503 loginfox("%s: %s: no valid lifetime",
2504 ia->iface->name, ia->saddr);
2509 /* If we delegated from this prefix, deprecate or remove
2510 * the delegations. */
2511 if (ia->flags & IPV6_AF_DELEGATEDPFX)
2512 dhcp6_deprecatedele(ia);
2515 if (ia->flags & IPV6_AF_REQUEST) {
2516 ia->prefix_vltime = ia->prefix_pltime = 0;
2517 eloop_q_timeout_delete(ia->iface->ctx->eloop,
2518 ELOOP_QUEUE_ALL, NULL, ia);
2521 TAILQ_REMOVE(addrs, ia, next);
2522 if (ia->flags & IPV6_AF_EXTENDED)
2523 ipv6_deleteaddr(ia);
2529 dhcp6_validatelease(struct interface *ifp,
2530 struct dhcp6_message *m, size_t len,
2531 const char *sfrom, const struct timespec *acquired)
2533 struct dhcp6_state *state;
2537 if (len <= sizeof(*m)) {
2538 logerrx("%s: DHCPv6 lease truncated", ifp->name);
2542 state = D6_STATE(ifp);
2544 if (dhcp6_checkstatusok(ifp, m, NULL, len) != 0)
2548 state->renew = state->rebind = state->expire = 0;
2549 state->lowpl = ND6_INFINITE_LIFETIME;
2551 clock_gettime(CLOCK_MONOTONIC, &aq);
2554 state->has_no_binding = false;
2555 nia = dhcp6_findia(ifp, m, len, sfrom, acquired);
2557 if (state->state != DH6S_CONFIRM && ok_errno != 0) {
2558 logerrx("%s: no useable IA found in lease", ifp->name);
2562 /* We are confirming and have an OK,
2563 * so look for ia's in our old lease.
2564 * IA's must have existed here otherwise we would
2565 * have rejected it earlier. */
2566 assert(state->new != NULL && state->new_len != 0);
2567 state->has_no_binding = false;
2568 nia = dhcp6_findia(ifp, state->new, state->new_len,
2575 dhcp6_readlease(struct interface *ifp, int validate)
2578 struct dhcp6_message dhcp6;
2579 uint8_t buf[UDPLEN_MAX];
2581 struct dhcp6_state *state;
2590 state = D6_STATE(ifp);
2591 if (state->leasefile[0] == '\0') {
2592 logdebugx("reading standard input");
2593 bytes = read(fileno(stdin), buf.buf, sizeof(buf.buf));
2595 logdebugx("%s: reading lease: %s",
2596 ifp->name, state->leasefile);
2597 bytes = dhcp_readfile(ifp->ctx, state->leasefile,
2598 buf.buf, sizeof(buf.buf));
2603 if (ifp->ctx->options & DHCPCD_DUMPLEASE || state->leasefile[0] == '\0')
2609 /* If not validating IA's and if they have expired,
2610 * skip to the auth check. */
2614 if (dhcp_filemtime(ifp->ctx, state->leasefile, &mtime) == -1)
2616 clock_gettime(CLOCK_MONOTONIC, &state->acquired);
2617 if ((now = time(NULL)) == -1)
2619 state->acquired.tv_sec -= now - mtime;
2621 /* Check to see if the lease is still valid */
2622 fd = dhcp6_validatelease(ifp, &buf.dhcp6, (size_t)bytes, NULL,
2627 if (state->expire != ND6_INFINITE_LIFETIME &&
2628 (time_t)state->expire < now - mtime &&
2629 !(ifp->options->options & DHCPCD_LASTLEASE_EXTEND))
2631 logdebugx("%s: discarding expired lease", ifp->name);
2638 /* Authenticate the message */
2639 o = dhcp6_findmoption(&buf.dhcp6, (size_t)bytes, D6_OPTION_AUTH, &ol);
2641 if (dhcp_auth_validate(&state->auth, &ifp->options->auth,
2642 buf.buf, (size_t)bytes, 6, buf.dhcp6.type, o, ol) == NULL)
2644 logerr("%s: authentication failed", ifp->name);
2648 if (state->auth.token)
2649 logdebugx("%s: validated using 0x%08" PRIu32,
2650 ifp->name, state->auth.token->secretid);
2652 loginfox("%s: accepted reconfigure key", ifp->name);
2653 } else if ((ifp->options->auth.options & DHCPCD_AUTH_SENDREQUIRE) ==
2654 DHCPCD_AUTH_SENDREQUIRE)
2656 logerrx("%s: authentication now required", ifp->name);
2663 state->new = malloc((size_t)bytes);
2664 if (state->new == NULL) {
2669 memcpy(state->new, buf.buf, (size_t)bytes);
2670 state->new_len = (size_t)bytes;
2674 dhcp6_freedrop_addrs(ifp, 0, NULL);
2675 dhcp_unlink(ifp->ctx, state->leasefile);
2679 dhcp6_addrequestedaddrs(ifp);
2680 return bytes == 0 ? 0 : -1;
2684 dhcp6_startinit(struct interface *ifp)
2686 struct dhcp6_state *state;
2688 uint8_t has_ta, has_non_ta;
2691 state = D6_STATE(ifp);
2692 state->state = DH6S_INIT;
2693 state->expire = ND6_INFINITE_LIFETIME;
2694 state->lowpl = ND6_INFINITE_LIFETIME;
2696 dhcp6_addrequestedaddrs(ifp);
2697 has_ta = has_non_ta = 0;
2698 for (i = 0; i < ifp->options->ia_len; i++) {
2699 switch (ifp->options->ia[i].ia_type) {
2700 case D6_OPTION_IA_TA:
2708 if (!(ifp->ctx->options & DHCPCD_TEST) &&
2709 !(has_ta && !has_non_ta) &&
2710 ifp->options->reboot != 0)
2712 r = dhcp6_readlease(ifp, 1);
2714 if (errno != ENOENT && errno != ESRCH)
2715 logerr("%s: %s", __func__, state->leasefile);
2716 } else if (r != 0 &&
2717 !(ifp->options->options & DHCPCD_ANONYMOUS))
2719 /* RFC 3633 section 12.1 */
2721 if (dhcp6_hasprefixdelegation(ifp))
2722 dhcp6_startrebind(ifp);
2725 dhcp6_startconfirm(ifp);
2729 dhcp6_startdiscoinform(ifp);
2733 static struct ipv6_addr *
2734 dhcp6_ifdelegateaddr(struct interface *ifp, struct ipv6_addr *prefix,
2735 const struct if_sla *sla, struct if_ia *if_ia)
2737 struct dhcp6_state *state;
2738 struct in6_addr addr, daddr;
2739 struct ipv6_addr *ia;
2740 int pfxlen, dadcounter;
2743 /* RFC6603 Section 4.2 */
2744 if (strcmp(ifp->name, prefix->iface->name) == 0) {
2745 if (prefix->prefix_exclude_len == 0) {
2746 /* Don't spam the log automatically */
2748 logwarnx("%s: DHCPv6 server does not support "
2749 "OPTION_PD_EXCLUDE",
2753 pfxlen = prefix->prefix_exclude_len;
2754 memcpy(&addr, &prefix->prefix_exclude, sizeof(addr));
2755 } else if ((pfxlen = dhcp6_delegateaddr(&addr, ifp, prefix,
2759 if (sla != NULL && fls64(sla->suffix) > 128 - pfxlen) {
2760 logerrx("%s: suffix %" PRIu64 " + prefix_len %d > 128",
2761 ifp->name, sla->suffix, pfxlen);
2765 /* Add our suffix */
2766 if (sla != NULL && sla->suffix != 0) {
2768 vl = be64dec(addr.s6_addr + 8);
2770 be64enc(daddr.s6_addr + 8, vl);
2772 dadcounter = ipv6_makeaddr(&daddr, ifp, &addr, pfxlen, 0);
2773 if (dadcounter == -1) {
2774 logerrx("%s: error adding slaac to prefix_len %d",
2780 /* Find an existing address */
2781 state = D6_STATE(ifp);
2782 TAILQ_FOREACH(ia, &state->addrs, next) {
2783 if (IN6_ARE_ADDR_EQUAL(&ia->addr, &daddr))
2787 ia = ipv6_newaddr(ifp, &daddr, (uint8_t)pfxlen, IPV6_AF_ONLINK);
2790 ia->dadcallback = dhcp6_dadcallback;
2791 memcpy(&ia->iaid, &prefix->iaid, sizeof(ia->iaid));
2792 ia->created = prefix->acquired;
2794 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
2795 TAILQ_INSERT_TAIL(&prefix->pd_pfxs, ia, pd_next);
2797 ia->delegating_prefix = prefix;
2799 ia->prefix_len = (uint8_t)pfxlen;
2800 ia->acquired = prefix->acquired;
2801 ia->prefix_pltime = prefix->prefix_pltime;
2802 ia->prefix_vltime = prefix->prefix_vltime;
2804 /* If the prefix length hasn't changed,
2805 * don't install a reject route. */
2806 if (prefix->prefix_len == pfxlen)
2807 prefix->flags |= IPV6_AF_NOREJECT;
2809 prefix->flags &= ~IPV6_AF_NOREJECT;
2816 dhcp6_script_try_run(struct interface *ifp, int delegated)
2818 struct dhcp6_state *state;
2819 struct ipv6_addr *ap;
2822 state = D6_STATE(ifp);
2824 /* If all addresses have completed DAD run the script */
2825 TAILQ_FOREACH(ap, &state->addrs, next) {
2826 if (!(ap->flags & IPV6_AF_ADDED))
2828 if (ap->flags & IPV6_AF_ONLINK) {
2829 if (!(ap->flags & IPV6_AF_DADCOMPLETED) &&
2830 ipv6_iffindaddr(ap->iface, &ap->addr,
2832 ap->flags |= IPV6_AF_DADCOMPLETED;
2833 if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0
2835 && ((delegated && ap->delegating_prefix) ||
2836 (!delegated && !ap->delegating_prefix))
2846 script_runreason(ifp, delegated ? "DELEGATED6" : state->reason);
2848 dhcpcd_daemonise(ifp->ctx);
2850 logdebugx("%s: waiting for DHCPv6 DAD to complete", ifp->name);
2855 dhcp6_find_delegates(__unused struct interface *ifp)
2862 dhcp6_delegate_prefix(struct interface *ifp)
2864 struct if_options *ifo;
2865 struct dhcp6_state *state;
2866 struct ipv6_addr *ap;
2870 struct interface *ifd;
2871 bool carrier_warned;
2874 state = D6_STATE(ifp);
2876 /* Clear the logged flag. */
2877 TAILQ_FOREACH(ap, &state->addrs, next) {
2878 ap->flags &= ~IPV6_AF_DELEGATEDLOG;
2881 TAILQ_FOREACH(ifd, ifp->ctx->ifaces, next) {
2884 if (!(ifd->options->options & DHCPCD_CONFIGURE))
2887 carrier_warned = false;
2888 TAILQ_FOREACH(ap, &state->addrs, next) {
2889 if (!(ap->flags & IPV6_AF_DELEGATEDPFX))
2891 if (!(ap->flags & IPV6_AF_DELEGATEDLOG)) {
2894 if (ap->flags & IPV6_AF_NEW)
2895 loglevel = LOG_INFO;
2897 loglevel = LOG_DEBUG;
2898 /* We only want to log this the once as we loop
2899 * through many interfaces first. */
2900 ap->flags |= IPV6_AF_DELEGATEDLOG;
2901 logmessage(loglevel, "%s: delegated prefix %s",
2902 ifp->name, ap->saddr);
2903 ap->flags &= ~IPV6_AF_NEW;
2905 for (i = 0; i < ifo->ia_len; i++) {
2907 if (ia->ia_type != D6_OPTION_IA_PD)
2909 if (memcmp(ia->iaid, ap->iaid,
2912 if (ia->sla_len == 0) {
2913 /* no SLA configured, so lets
2915 if (!if_is_link_up(ifd)) {
2917 "%s: has no carrier, cannot"
2918 " delegate addresses",
2920 carrier_warned = true;
2923 if (dhcp6_ifdelegateaddr(ifd, ap,
2927 for (j = 0; j < ia->sla_len; j++) {
2929 if (strcmp(ifd->name, sla->ifname))
2931 if (!if_is_link_up(ifd)) {
2933 "%s: has no carrier, cannot"
2934 " delegate addresses",
2936 carrier_warned = true;
2939 if (dhcp6_ifdelegateaddr(ifd, ap,
2949 if (k && !carrier_warned) {
2950 struct dhcp6_state *s = D6_STATE(ifd);
2952 ipv6_addaddrs(&s->addrs);
2953 dhcp6_script_try_run(ifd, 1);
2957 /* Now all addresses have been added, rebuild the routing table. */
2958 rt_build(ifp->ctx, AF_INET6);
2962 dhcp6_find_delegates1(void *arg)
2965 dhcp6_find_delegates(arg);
2969 dhcp6_find_delegates(struct interface *ifp)
2971 struct if_options *ifo;
2972 struct dhcp6_state *state;
2973 struct ipv6_addr *ap;
2977 struct interface *ifd;
2979 if (ifp->options != NULL &&
2980 !(ifp->options->options & DHCPCD_CONFIGURE))
2984 TAILQ_FOREACH(ifd, ifp->ctx->ifaces, next) {
2986 state = D6_STATE(ifd);
2987 if (state == NULL || state->state != DH6S_BOUND)
2989 TAILQ_FOREACH(ap, &state->addrs, next) {
2990 if (!(ap->flags & IPV6_AF_DELEGATEDPFX))
2992 for (i = 0; i < ifo->ia_len; i++) {
2994 if (ia->ia_type != D6_OPTION_IA_PD)
2996 if (memcmp(ia->iaid, ap->iaid,
2999 for (j = 0; j < ia->sla_len; j++) {
3001 if (strcmp(ifp->name, sla->ifname))
3003 if (ipv6_linklocal(ifp) == NULL) {
3005 "%s: delaying adding"
3006 " delegated addresses for"
3009 ipv6_addlinklocalcallback(ifp,
3010 dhcp6_find_delegates1, ifp);
3013 if (dhcp6_ifdelegateaddr(ifp, ap,
3022 loginfox("%s: adding delegated prefixes", ifp->name);
3023 state = D6_STATE(ifp);
3024 state->state = DH6S_DELEGATED;
3025 ipv6_addaddrs(&state->addrs);
3026 rt_build(ifp->ctx, AF_INET6);
3027 dhcp6_script_try_run(ifp, 1);
3034 dhcp6_bind(struct interface *ifp, const char *op, const char *sfrom)
3036 struct dhcp6_state *state = D6_STATE(ifp);
3037 bool timedout = (op == NULL), has_new = false, confirmed;
3038 struct ipv6_addr *ia;
3040 struct timespec now;
3042 TAILQ_FOREACH(ia, &state->addrs, next) {
3043 if (ia->flags & IPV6_AF_NEW) {
3048 loglevel = has_new || state->state != DH6S_RENEW ? LOG_INFO : LOG_DEBUG;
3050 logmessage(loglevel, "%s: %s received from %s",
3051 ifp->name, op, sfrom);
3053 /* If we delegated from an unconfirmed lease we MUST drop
3054 * them now. Hopefully we have new delegations. */
3055 if (state->reason != NULL &&
3056 strcmp(state->reason, "TIMEOUT6") == 0)
3057 dhcp6_delete_delegates(ifp);
3059 state->reason = NULL;
3061 state->reason = "TIMEOUT6";
3063 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
3064 clock_gettime(CLOCK_MONOTONIC, &now);
3066 switch(state->state) {
3069 struct dhcp6_option *o;
3072 if (state->reason == NULL)
3073 state->reason = "INFORM6";
3074 o = dhcp6_findmoption(state->new, state->new_len,
3075 D6_OPTION_INFO_REFRESH_TIME, &ol);
3076 if (o == NULL || ol != sizeof(uint32_t))
3077 state->renew = IRT_DEFAULT;
3079 memcpy(&state->renew, o, ol);
3080 state->renew = ntohl(state->renew);
3081 if (state->renew < IRT_MINIMUM)
3082 state->renew = IRT_MINIMUM;
3085 state->expire = ND6_INFINITE_LIFETIME;
3086 state->lowpl = ND6_INFINITE_LIFETIME;
3091 if (state->reason == NULL)
3092 state->reason = "BOUND6";
3095 if (state->reason == NULL)
3096 state->reason = "RENEW6";
3099 if (state->reason == NULL)
3100 state->reason = "REBIND6";
3103 if (state->reason == NULL)
3104 state->reason = "REBOOT6";
3105 if (state->renew != 0) {
3106 bool all_expired = true;
3108 TAILQ_FOREACH(ia, &state->addrs, next) {
3109 if (ia->flags & IPV6_AF_STALE)
3111 if (!(state->renew == ND6_INFINITE_LIFETIME
3112 && ia->prefix_vltime == ND6_INFINITE_LIFETIME)
3113 && ia->prefix_vltime != 0
3114 && ia->prefix_vltime <= state->renew)
3116 "%s: %s will expire before renewal",
3117 ifp->name, ia->saddr);
3119 all_expired = false;
3122 /* All address's vltime happens at or before
3123 * the configured T1 in the IA.
3124 * This is a badly configured server and we
3125 * have to use our own notion of what
3126 * T1 and T2 should be as a result.
3128 * Doing this violates RFC 3315 22.4:
3129 * In a message sent by a server to a client,
3130 * the client MUST use the values in the T1
3131 * and T2 fields for the T1 and T2 parameters,
3132 * unless those values in those fields are 0.
3134 logwarnx("%s: ignoring T1 %"PRIu32
3135 " due to address expiry",
3136 ifp->name, state->renew);
3137 state->renew = state->rebind = 0;
3140 if (state->renew == 0 && state->lowpl != ND6_INFINITE_LIFETIME)
3141 state->renew = (uint32_t)(state->lowpl * 0.5);
3142 if (state->rebind == 0 && state->lowpl != ND6_INFINITE_LIFETIME)
3143 state->rebind = (uint32_t)(state->lowpl * 0.8);
3146 state->reason = "UNKNOWN6";
3150 if (state->state != DH6S_CONFIRM && !timedout) {
3151 state->acquired = now;
3153 state->old = state->new;
3154 state->old_len = state->new_len;
3155 state->new = state->recv;
3156 state->new_len = state->recv_len;
3158 state->recv_len = 0;
3161 /* Reduce timers based on when we got the lease. */
3164 elapsed = (uint32_t)eloop_timespec_diff(&now,
3165 &state->acquired, NULL);
3166 if (state->renew && state->renew != ND6_INFINITE_LIFETIME) {
3167 if (state->renew > elapsed)
3168 state->renew -= elapsed;
3172 if (state->rebind && state->rebind != ND6_INFINITE_LIFETIME) {
3173 if (state->rebind > elapsed)
3174 state->rebind -= elapsed;
3178 if (state->expire && state->expire != ND6_INFINITE_LIFETIME) {
3179 if (state->expire > elapsed)
3180 state->expire -= elapsed;
3187 if (ifp->ctx->options & DHCPCD_TEST)
3188 script_runreason(ifp, "TEST");
3190 if (state->state == DH6S_INFORM)
3191 state->state = DH6S_INFORMED;
3193 state->state = DH6S_BOUND;
3194 state->failed = false;
3196 if (state->renew && state->renew != ND6_INFINITE_LIFETIME)
3197 eloop_timeout_add_sec(ifp->ctx->eloop,
3199 state->state == DH6S_INFORMED ?
3200 dhcp6_startinform : dhcp6_startrenew, ifp);
3201 if (state->rebind && state->rebind != ND6_INFINITE_LIFETIME)
3202 eloop_timeout_add_sec(ifp->ctx->eloop,
3203 state->rebind, dhcp6_startrebind, ifp);
3204 if (state->expire != ND6_INFINITE_LIFETIME)
3205 eloop_timeout_add_sec(ifp->ctx->eloop,
3206 state->expire, dhcp6_startexpire, ifp);
3208 if (ifp->options->options & DHCPCD_CONFIGURE) {
3209 ipv6_addaddrs(&state->addrs);
3211 dhcp6_deprecateaddrs(&state->addrs);
3214 if (state->state == DH6S_INFORMED)
3215 logmessage(loglevel, "%s: refresh in %"PRIu32" seconds",
3216 ifp->name, state->renew);
3217 else if (state->renew == ND6_INFINITE_LIFETIME)
3218 logmessage(loglevel, "%s: leased for infinity",
3220 else if (state->renew || state->rebind)
3221 logmessage(loglevel, "%s: renew in %"PRIu32", "
3222 "rebind in %"PRIu32", "
3223 "expire in %"PRIu32" seconds",
3225 state->renew, state->rebind, state->expire);
3226 else if (state->expire == 0)
3227 logmessage(loglevel, "%s: will expire", ifp->name);
3229 logmessage(loglevel, "%s: expire in %"PRIu32" seconds",
3230 ifp->name, state->expire);
3231 rt_build(ifp->ctx, AF_INET6);
3232 if (!confirmed && !timedout) {
3233 logdebugx("%s: writing lease: %s",
3234 ifp->name, state->leasefile);
3235 if (dhcp_writefile(ifp->ctx, state->leasefile, 0640,
3236 state->new, state->new_len) == -1)
3237 logerr("dhcp_writefile: %s",state->leasefile);
3240 dhcp6_delegate_prefix(ifp);
3242 dhcp6_script_try_run(ifp, 0);
3245 if (ifp->ctx->options & DHCPCD_TEST ||
3246 (ifp->options->options & DHCPCD_INFORM &&
3247 !(ifp->ctx->options & DHCPCD_MASTER)))
3249 eloop_exit(ifp->ctx->eloop, EXIT_SUCCESS);
3254 dhcp6_recvif(struct interface *ifp, const char *sfrom,
3255 struct dhcp6_message *r, size_t len)
3257 struct dhcpcd_ctx *ctx;
3260 struct dhcp6_state *state;
3263 const struct dhcp_opt *opt;
3264 const struct if_options *ifo;
3272 state = D6_STATE(ifp);
3273 if (state == NULL || state->send == NULL) {
3274 logdebugx("%s: DHCPv6 reply received but not running",
3279 /* We're already bound and this message is for another machine */
3280 /* XXX DELEGATED? */
3281 if (r->type != DHCP6_RECONFIGURE &&
3282 (state->state == DH6S_BOUND || state->state == DH6S_INFORMED))
3284 logdebugx("%s: DHCPv6 reply received but already bound",
3289 if (dhcp6_findmoption(r, len, D6_OPTION_SERVERID, NULL) == NULL) {
3290 logdebugx("%s: no DHCPv6 server ID from %s", ifp->name, sfrom);
3295 for (i = 0, opt = ctx->dhcp6_opts;
3296 i < ctx->dhcp6_opts_len;
3299 if (has_option_mask(ifo->requiremask6, opt->option) &&
3300 !dhcp6_findmoption(r, len, (uint16_t)opt->option, NULL))
3302 logwarnx("%s: reject DHCPv6 (no option %s) from %s",
3303 ifp->name, opt->var, sfrom);
3306 if (has_option_mask(ifo->rejectmask6, opt->option) &&
3307 dhcp6_findmoption(r, len, (uint16_t)opt->option, NULL))
3309 logwarnx("%s: reject DHCPv6 (option %s) from %s",
3310 ifp->name, opt->var, sfrom);
3316 /* Authenticate the message */
3317 auth = dhcp6_findmoption(r, len, D6_OPTION_AUTH, &auth_len);
3319 if (dhcp_auth_validate(&state->auth, &ifo->auth,
3320 (uint8_t *)r, len, 6, r->type, auth, auth_len) == NULL)
3322 logerr("%s: authentication failed from %s",
3326 if (state->auth.token)
3327 logdebugx("%s: validated using 0x%08" PRIu32,
3328 ifp->name, state->auth.token->secretid);
3330 loginfox("%s: accepted reconfigure key", ifp->name);
3331 } else if (ifo->auth.options & DHCPCD_AUTH_SEND) {
3332 if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) {
3333 logerrx("%s: no authentication from %s",
3337 logwarnx("%s: no authentication from %s", ifp->name, sfrom);
3341 op = dhcp6_get_op(r->type);
3342 valid_op = op != NULL;
3345 switch(state->state) {
3347 if (dhcp6_checkstatusok(ifp, r, NULL, len) != 0)
3351 if (dhcp6_validatelease(ifp, r, len, sfrom, NULL) == -1)
3353 dhcp6_startdiscoinform(ifp);
3358 /* Only accept REPLY in DISCOVER for RAPID_COMMIT.
3359 * Normally we get an ADVERTISE for a DISCOVER. */
3360 if (!has_option_mask(ifo->requestmask6,
3361 D6_OPTION_RAPID_COMMIT) ||
3362 !dhcp6_findmoption(r, len, D6_OPTION_RAPID_COMMIT,
3368 /* Validate lease before setting state to REQUEST. */
3370 case DH6S_REQUEST: /* FALLTHROUGH */
3371 case DH6S_RENEW: /* FALLTHROUGH */
3373 if (dhcp6_validatelease(ifp, r, len, sfrom, NULL) == -1)
3376 * If we can't use the lease, fallback to
3377 * DISCOVER and try and get a new one.
3379 * This is needed become some servers
3380 * renumber the prefix or address
3381 * and deny the current one before it expires
3382 * rather than sending it back with a zero
3383 * lifetime along with the new prefix or
3385 * This behavior is wrong, but moving to the
3386 * DISCOVER phase works around it.
3388 * The currently held lease is still valid
3389 * until a new one is found.
3391 if (state->state != DH6S_DISCOVER)
3392 dhcp6_startdiscoinform(ifp);
3395 /* RFC8415 18.2.10.1 */
3396 if ((state->state == DH6S_RENEW ||
3397 state->state == DH6S_REBIND) &&
3398 state->has_no_binding)
3400 dhcp6_startrequest(ifp);
3403 if (state->state == DH6S_DISCOVER)
3404 state->state = DH6S_REQUEST;
3407 /* This isnt really a failure, but an
3408 * acknowledgement of one. */
3409 loginfox("%s: %s acknowledged DECLINE6",
3418 case DHCP6_ADVERTISE:
3419 if (state->state != DH6S_DISCOVER) {
3424 o = dhcp6_findmoption(r, len, D6_OPTION_SOL_MAX_RT, &ol);
3425 if (o && ol == sizeof(uint32_t)) {
3428 memcpy(&max_rt, o, sizeof(max_rt));
3429 max_rt = ntohl(max_rt);
3430 if (max_rt >= 60 && max_rt <= 86400) {
3431 logdebugx("%s: SOL_MAX_RT %llu -> %u",
3433 (unsigned long long)state->sol_max_rt,
3435 state->sol_max_rt = max_rt;
3437 logerr("%s: invalid SOL_MAX_RT %u",
3440 o = dhcp6_findmoption(r, len, D6_OPTION_INF_MAX_RT, &ol);
3441 if (o && ol == sizeof(uint32_t)) {
3444 memcpy(&max_rt, o, sizeof(max_rt));
3445 max_rt = ntohl(max_rt);
3446 if (max_rt >= 60 && max_rt <= 86400) {
3447 logdebugx("%s: INF_MAX_RT %llu -> %u",
3449 (unsigned long long)state->inf_max_rt,
3451 state->inf_max_rt = max_rt;
3453 logerrx("%s: invalid INF_MAX_RT %u",
3456 if (dhcp6_validatelease(ifp, r, len, sfrom, NULL) == -1)
3459 case DHCP6_RECONFIGURE:
3463 logerrx("%s: unauthenticated %s from %s",
3464 ifp->name, op, sfrom);
3465 if (ifo->auth.options & DHCPCD_AUTH_REQUIRE)
3469 loginfox("%s: %s from %s", ifp->name, op, sfrom);
3470 o = dhcp6_findmoption(r, len, D6_OPTION_RECONF_MSG, &ol);
3472 logerrx("%s: missing Reconfigure Message option",
3477 logerrx("%s: missing Reconfigure Message type",
3483 if (state->state != DH6S_BOUND) {
3484 logerrx("%s: not bound, ignoring %s",
3488 dhcp6_startrenew(ifp);
3490 case DHCP6_INFORMATION_REQ:
3491 if (state->state != DH6S_INFORMED) {
3492 logerrx("%s: not informed, ignoring %s",
3496 eloop_timeout_delete(ifp->ctx->eloop,
3497 dhcp6_sendinform, ifp);
3498 dhcp6_startinform(ifp);
3501 logerr("%s: unsupported %s type %d",
3510 logerrx("%s: invalid DHCP6 type %s (%d)",
3511 ifp->name, op, r->type);
3515 logwarnx("%s: invalid state for DHCP6 type %s (%d)",
3516 ifp->name, op, r->type);
3520 if (state->recv_len < (size_t)len) {
3522 state->recv = malloc(len);
3523 if (state->recv == NULL) {
3528 memcpy(state->recv, r, len);
3529 state->recv_len = len;
3531 if (r->type == DHCP6_ADVERTISE) {
3532 struct ipv6_addr *ia;
3534 if (state->state == DH6S_REQUEST) /* rapid commit */
3536 TAILQ_FOREACH(ia, &state->addrs, next) {
3537 if (!(ia->flags & (IPV6_AF_STALE | IPV6_AF_REQUEST)))
3541 ia = TAILQ_FIRST(&state->addrs);
3543 loginfox("%s: ADV (no address) from %s",
3546 loginfox("%s: ADV %s from %s",
3547 ifp->name, ia->saddr, sfrom);
3548 dhcp6_startrequest(ifp);
3553 dhcp6_bind(ifp, op, sfrom);
3557 dhcp6_recvmsg(struct dhcpcd_ctx *ctx, struct msghdr *msg, struct ipv6_addr *ia)
3559 struct sockaddr_in6 *from = msg->msg_name;
3560 size_t len = msg->msg_iov[0].iov_len;
3561 char sfrom[INET6_ADDRSTRLEN];
3562 struct interface *ifp;
3563 struct dhcp6_message *r;
3564 const struct dhcp6_state *state;
3568 inet_ntop(AF_INET6, &from->sin6_addr, sfrom, sizeof(sfrom));
3569 if (len < sizeof(struct dhcp6_message)) {
3570 logerrx("DHCPv6 packet too short from %s", sfrom);
3577 ifp = if_findifpfromcmsg(ctx, msg, NULL);
3584 r = (struct dhcp6_message *)msg->msg_iov[0].iov_base;
3586 uint8_t duid[DUID_LEN], *dp;
3588 o = dhcp6_findmoption(r, len, D6_OPTION_CLIENTID, &ol);
3589 if (ifp->options->options & DHCPCD_ANONYMOUS) {
3590 duid_len = duid_make(duid, ifp, DUID_LL);
3593 duid_len = ctx->duid_len;
3596 if (o == NULL || ol != duid_len || memcmp(o, dp, ol) != 0) {
3597 logdebugx("%s: incorrect client ID from %s",
3602 if (dhcp6_findmoption(r, len, D6_OPTION_SERVERID, NULL) == NULL) {
3603 logdebugx("%s: no DHCPv6 server ID from %s",
3608 if (r->type == DHCP6_RECONFIGURE) {
3609 if (!IN6_IS_ADDR_LINKLOCAL(&from->sin6_addr)) {
3610 logerrx("%s: RECONFIGURE6 recv from %s, not LL",
3617 state = D6_CSTATE(ifp);
3618 if (state == NULL ||
3619 r->xid[0] != state->send->xid[0] ||
3620 r->xid[1] != state->send->xid[1] ||
3621 r->xid[2] != state->send->xid[2])
3623 struct interface *ifp1;
3624 const struct dhcp6_state *state1;
3626 /* Find an interface with a matching xid. */
3627 TAILQ_FOREACH(ifp1, ctx->ifaces, next) {
3628 state1 = D6_CSTATE(ifp1);
3629 if (state1 == NULL || state1->send == NULL)
3631 if (r->xid[0] == state1->send->xid[0] &&
3632 r->xid[1] == state1->send->xid[1] &&
3633 r->xid[2] == state1->send->xid[2])
3639 logdebugx("%s: wrong xid 0x%02x%02x%02x"
3640 " (expecting 0x%02x%02x%02x) from %s",
3642 r->xid[0], r->xid[1], r->xid[2],
3643 state->send->xid[0],
3644 state->send->xid[1],
3645 state->send->xid[2],
3649 logdebugx("%s: redirecting DHCP6 message to %s",
3650 ifp->name, ifp1->name);
3656 * Handy code to inject raw DHCPv6 packets over responses
3658 * This allows me to take a 3rd party wireshark trace and
3659 * replay it in my code.
3661 static int replyn = 0;
3662 char fname[PATH_MAX], tbuf[UDPLEN_MAX];
3666 uint16_t si_len1, si_len2;
3668 snprintf(fname, sizeof(fname),
3669 "/tmp/dhcp6.reply%d.raw", replyn++);
3670 fd = open(fname, O_RDONLY, 0);
3672 logerr("%s: open: %s", __func__, fname);
3675 tlen = read(fd, tbuf, sizeof(tbuf));
3677 logerr("%s: read: %s", __func__, fname);
3680 /* Copy across ServerID so we can work with our own server. */
3681 si1 = dhcp6_findmoption(r, len, D6_OPTION_SERVERID, &si_len1);
3682 si2 = dhcp6_findmoption(tbuf, (size_t)tlen,
3683 D6_OPTION_SERVERID, &si_len2);
3684 if (si1 != NULL && si2 != NULL && si_len1 == si_len2)
3685 memcpy(si2, si1, si_len2);
3686 r = (struct dhcp6_message *)tbuf;
3691 dhcp6_recvif(ifp, sfrom, r, len);
3695 dhcp6_recv(struct dhcpcd_ctx *ctx, struct ipv6_addr *ia)
3697 struct sockaddr_in6 from;
3699 struct dhcp6_message dhcp6;
3700 uint8_t buf[UDPLEN_MAX]; /* Maximum UDP message size */
3702 struct iovec iov = {
3703 .iov_base = iovbuf.buf, .iov_len = sizeof(iovbuf.buf),
3707 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
3708 } cmsgbuf = { .buf = { 0 } };
3709 struct msghdr msg = {
3710 .msg_name = &from, .msg_namelen = sizeof(from),
3711 .msg_iov = &iov, .msg_iovlen = 1,
3712 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf),
3717 s = ia != NULL ? ia->dhcp6_fd : ctx->dhcp6_rfd;
3718 bytes = recvmsg(s, &msg, 0);
3724 iov.iov_len = (size_t)bytes;
3725 dhcp6_recvmsg(ctx, &msg, ia);
3729 dhcp6_recvaddr(void *arg)
3731 struct ipv6_addr *ia = arg;
3733 dhcp6_recv(ia->iface->ctx, ia);
3737 dhcp6_recvctx(void *arg)
3739 struct dhcpcd_ctx *ctx = arg;
3741 dhcp6_recv(ctx, NULL);
3749 fd = socket(PF_INET6, SOCK_RAW | SOCK_CXNB, IPPROTO_UDP);
3754 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &v, sizeof(v)) == -1)
3757 v = offsetof(struct udphdr, uh_sum);
3758 if (setsockopt(fd, IPPROTO_IPV6, IPV6_CHECKSUM, &v, sizeof(v)) == -1)
3769 dhcp6_openudp(unsigned int ifindex, struct in6_addr *ia)
3771 struct sockaddr_in6 sa;
3774 s = xsocket(PF_INET6, SOCK_DGRAM | SOCK_CXNB, IPPROTO_UDP);
3778 memset(&sa, 0, sizeof(sa));
3779 sa.sin6_family = AF_INET6;
3780 sa.sin6_port = htons(DHCP6_CLIENT_PORT);
3782 sa.sin6_len = sizeof(sa);
3786 memcpy(&sa.sin6_addr, ia, sizeof(sa.sin6_addr));
3787 ipv6_setscope(&sa, ifindex);
3790 if (bind(s, (struct sockaddr *)&sa, sizeof(sa)) == -1)
3794 if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, &n, sizeof(n)) == -1)
3799 if (setsockopt(s, SOL_SOCKET, SO_RERROR, &n, sizeof(n)) == -1)
3814 dhcp6_activateinterfaces(struct interface *ifp)
3816 struct interface *ifd;
3821 for (i = 0; i < ifp->options->ia_len; i++) {
3822 ia = &ifp->options->ia[i];
3823 if (ia->ia_type != D6_OPTION_IA_PD)
3825 for (j = 0; j < ia->sla_len; j++) {
3827 ifd = if_find(ifp->ctx->ifaces, sla->ifname);
3829 logwarn("%s: cannot delegate to %s",
3830 ifp->name, sla->ifname);
3834 loginfox("%s: activating for delegation",
3836 dhcpcd_activateinterface(ifd,
3837 DHCPCD_IPV6 | DHCPCD_DHCP6);
3845 dhcp6_start1(void *arg)
3847 struct interface *ifp = arg;
3848 struct dhcpcd_ctx *ctx = ifp->ctx;
3849 struct if_options *ifo = ifp->options;
3850 struct dhcp6_state *state;
3852 const struct dhcp_compat *dhc;
3854 if ((ctx->options & (DHCPCD_MASTER|DHCPCD_PRIVSEP)) == DHCPCD_MASTER &&
3855 ctx->dhcp6_rfd == -1)
3857 ctx->dhcp6_rfd = dhcp6_openudp(0, NULL);
3858 if (ctx->dhcp6_rfd == -1) {
3862 eloop_event_add(ctx->eloop, ctx->dhcp6_rfd, dhcp6_recvctx, ctx);
3865 if (!IN_PRIVSEP(ctx) && ctx->dhcp6_wfd == -1) {
3866 ctx->dhcp6_wfd = dhcp6_openraw();
3867 if (ctx->dhcp6_wfd == -1) {
3873 state = D6_STATE(ifp);
3874 /* If no DHCPv6 options are configured,
3875 match configured DHCPv4 options to DHCPv6 equivalents. */
3876 for (i = 0; i < sizeof(ifo->requestmask6); i++) {
3877 if (ifo->requestmask6[i] != '\0')
3880 if (i == sizeof(ifo->requestmask6)) {
3881 for (dhc = dhcp_compats; dhc->dhcp_opt; dhc++) {
3882 if (DHC_REQ(ifo->requestmask, ifo->nomask, dhc->dhcp_opt))
3883 add_option_mask(ifo->requestmask6,
3886 if (ifo->fqdn != FQDN_DISABLE || ifo->options & DHCPCD_HOSTNAME)
3887 add_option_mask(ifo->requestmask6, D6_OPTION_FQDN);
3891 /* Rapid commit won't work with Prefix Delegation Exclusion */
3892 if (dhcp6_findselfsla(ifp))
3893 del_option_mask(ifo->requestmask6, D6_OPTION_RAPID_COMMIT);
3896 if (state->state == DH6S_INFORM) {
3897 add_option_mask(ifo->requestmask6, D6_OPTION_INFO_REFRESH_TIME);
3898 dhcp6_startinform(ifp);
3900 del_option_mask(ifo->requestmask6, D6_OPTION_INFO_REFRESH_TIME);
3901 dhcp6_startinit(ifp);
3905 dhcp6_activateinterfaces(ifp);
3910 dhcp6_start(struct interface *ifp, enum DH6S init_state)
3912 struct dhcp6_state *state;
3914 state = D6_STATE(ifp);
3915 if (state != NULL) {
3916 switch (init_state) {
3920 if (state->state == DH6S_INIT ||
3921 state->state == DH6S_INFORMED ||
3922 (state->state == DH6S_DISCOVER &&
3923 !(ifp->options->options & DHCPCD_IA_FORCED) &&
3924 !ipv6nd_hasradhcp(ifp, true)))
3925 dhcp6_startinform(ifp);
3928 if (ifp->options->options & DHCPCD_DHCP6 &&
3929 (state->state == DH6S_INIT ||
3930 state->state == DH6S_INFORM ||
3931 state->state == DH6S_INFORMED ||
3932 state->state == DH6S_DELEGATED))
3934 /* Change from stateless to stateful */
3935 init_state = DH6S_INIT;
3940 init_state = DH6S_INIT;
3943 /* Not possible, but sushes some compiler warnings. */
3948 switch (init_state) {
3950 /* No DHCPv6 config, no existing state
3951 * so nothing to do. */
3956 init_state = DH6S_INIT;
3961 if (!(ifp->options->options & DHCPCD_DHCP6))
3964 ifp->if_data[IF_DATA_DHCP6] = calloc(1, sizeof(*state));
3965 state = D6_STATE(ifp);
3969 state->sol_max_rt = SOL_MAX_RT;
3970 state->inf_max_rt = INF_MAX_RT;
3971 TAILQ_INIT(&state->addrs);
3974 state->state = init_state;
3976 state->failed = false;
3977 dhcp_set_leasefile(state->leasefile, sizeof(state->leasefile),
3979 if (ipv6_linklocal(ifp) == NULL) {
3980 logdebugx("%s: delaying DHCPv6 for LL address", ifp->name);
3981 ipv6_addlinklocalcallback(ifp, dhcp6_start1, ifp);
3990 dhcp6_reboot(struct interface *ifp)
3992 struct dhcp6_state *state;
3994 state = D6_STATE(ifp);
3999 switch (state->state) {
4001 dhcp6_startrebind(ifp);
4004 dhcp6_startdiscoinform(ifp);
4010 dhcp6_freedrop(struct interface *ifp, int drop, const char *reason)
4012 struct dhcp6_state *state;
4013 struct dhcpcd_ctx *ctx;
4014 unsigned long long options;
4017 options = ifp->options->options;
4019 options = ifp->ctx->options;
4021 if (ifp->ctx->eloop)
4022 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
4025 /* If we're dropping the lease, drop delegated addresses.
4026 * If, for whatever reason, we don't drop them in the future
4027 * then they should at least be marked as deprecated (pltime 0). */
4028 if (drop && (options & DHCPCD_NODROP) != DHCPCD_NODROP)
4029 dhcp6_delete_delegates(ifp);
4032 state = D6_STATE(ifp);
4034 /* Failure to send the release may cause this function to
4036 if (state->state == DH6S_RELEASE) {
4037 dhcp6_finishrelease(ifp);
4041 if (drop && options & DHCPCD_RELEASE &&
4042 state->state != DH6S_DELEGATED)
4044 if (if_is_link_up(ifp) &&
4045 state->state != DH6S_RELEASED &&
4046 state->state != DH6S_INFORMED)
4048 dhcp6_startrelease(ifp);
4051 dhcp_unlink(ifp->ctx, state->leasefile);
4054 else if (state->auth.reconf != NULL) {
4056 * Drop the lease as the token may only be present
4057 * in the initial reply message and not subsequent
4059 * If dhcpcd is restarted, the token is lost.
4060 * XXX persist this in another file?
4062 dhcp_unlink(ifp->ctx, state->leasefile);
4066 dhcp6_freedrop_addrs(ifp, drop, NULL);
4068 state->old = state->new;
4069 state->old_len = state->new_len;
4072 if (drop && state->old &&
4073 (options & DHCPCD_NODROP) != DHCPCD_NODROP)
4077 script_runreason(ifp, reason);
4083 ifp->if_data[IF_DATA_DHCP6] = NULL;
4086 /* If we don't have any more DHCP6 enabled interfaces,
4087 * close the global socket and release resources */
4090 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
4095 if (ifp == NULL && ctx->dhcp6_rfd != -1) {
4096 eloop_event_delete(ctx->eloop, ctx->dhcp6_rfd);
4097 close(ctx->dhcp6_rfd);
4098 ctx->dhcp6_rfd = -1;
4103 dhcp6_drop(struct interface *ifp, const char *reason)
4106 dhcp6_freedrop(ifp, 1, reason);
4110 dhcp6_free(struct interface *ifp)
4113 dhcp6_freedrop(ifp, 0, NULL);
4117 dhcp6_abort(struct interface *ifp)
4119 struct dhcp6_state *state;
4120 #ifdef ND6_ADVERTISE
4121 struct ipv6_addr *ia;
4124 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_start1, ifp);
4125 state = D6_STATE(ifp);
4129 #ifdef ND6_ADVERTISE
4130 TAILQ_FOREACH(ia, &state->addrs, next) {
4131 ipv6nd_advertise(ia);
4135 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_startdiscover, ifp);
4136 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_senddiscover, ifp);
4137 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_startinform, ifp);
4138 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_sendinform, ifp);
4140 switch (state->state) {
4141 case DH6S_DISCOVER: /* FALLTHROUGH */
4142 case DH6S_REQUEST: /* FALLTHROUGH */
4144 state->state = DH6S_INIT;
4152 dhcp6_handleifa(int cmd, struct ipv6_addr *ia, pid_t pid)
4154 struct dhcp6_state *state;
4155 struct interface *ifp = ia->iface;
4157 /* If not running in master mode, listen to this address */
4158 if (cmd == RTM_NEWADDR &&
4159 !(ia->addr_flags & IN6_IFF_NOTUSEABLE) &&
4160 ifp->active == IF_ACTIVE_USER &&
4161 !(ifp->ctx->options & DHCPCD_MASTER) &&
4162 ifp->options->options & DHCPCD_DHCP6)
4165 if (IN_PRIVSEP_SE(ifp->ctx)) {
4166 if (ps_inet_opendhcp6(ia) == -1)
4171 if (ia->dhcp6_fd == -1)
4172 ia->dhcp6_fd = dhcp6_openudp(ia->iface->index,
4174 if (ia->dhcp6_fd != -1)
4175 eloop_event_add(ia->iface->ctx->eloop,
4176 ia->dhcp6_fd, dhcp6_recvaddr, ia);
4181 if ((state = D6_STATE(ifp)) != NULL)
4182 ipv6_handleifa_addrs(cmd, &state->addrs, ia, pid);
4186 dhcp6_env(FILE *fp, const char *prefix, const struct interface *ifp,
4187 const struct dhcp6_message *m, size_t len)
4189 const struct if_options *ifo;
4190 struct dhcp_opt *opt, *vo;
4192 struct dhcp6_option o;
4196 const struct dhcpcd_ctx *ctx;
4198 const struct dhcp6_state *state;
4199 const struct ipv6_addr *ap;
4205 if (len < sizeof(*m)) {
4206 /* Should be impossible with guards at packet in
4207 * and reading leases */
4215 /* Zero our indexes */
4216 for (i = 0, opt = ctx->dhcp6_opts;
4217 i < ctx->dhcp6_opts_len;
4219 dhcp_zero_index(opt);
4220 for (i = 0, opt = ifp->options->dhcp6_override;
4221 i < ifp->options->dhcp6_override_len;
4223 dhcp_zero_index(opt);
4224 for (i = 0, opt = ctx->vivso;
4227 dhcp_zero_index(opt);
4228 if (asprintf(&pfx, "%s_dhcp6", prefix) == -1)
4231 /* Unlike DHCP, DHCPv6 options *may* occur more than once.
4232 * There is also no provision for option concatenation unlike DHCP. */
4233 p = (const uint8_t *)m + sizeof(*m);
4235 for (; len != 0; p += o.len, len -= o.len) {
4236 if (len < sizeof(o)) {
4240 memcpy(&o, p, sizeof(o));
4243 o.len = ntohs(o.len);
4248 o.code = ntohs(o.code);
4249 if (has_option_mask(ifo->nomask6, o.code))
4251 for (i = 0, opt = ifo->dhcp6_override;
4252 i < ifo->dhcp6_override_len;
4254 if (opt->option == o.code)
4256 if (i == ifo->dhcp6_override_len &&
4257 o.code == D6_OPTION_VENDOR_OPTS &&
4260 memcpy(&en, p, sizeof(en));
4262 vo = vivso_find(en, ifp);
4265 if (i == ifo->dhcp6_override_len) {
4266 for (i = 0, opt = ctx->dhcp6_opts;
4267 i < ctx->dhcp6_opts_len;
4269 if (opt->option == o.code)
4271 if (i == ctx->dhcp6_opts_len)
4275 dhcp_envoption(ifp->ctx,
4277 opt, dhcp6_getoption, p, o.len);
4280 dhcp_envoption(ifp->ctx,
4282 vo, dhcp6_getoption,
4284 o.len - sizeof(en));
4291 /* Needed for Delegated Prefixes */
4292 state = D6_CSTATE(ifp);
4293 TAILQ_FOREACH(ap, &state->addrs, next) {
4294 if (ap->delegating_prefix)
4299 if (fprintf(fp, "%s_delegated_dhcp6_prefix=", prefix) == -1)
4301 TAILQ_FOREACH(ap, &state->addrs, next) {
4302 if (ap->delegating_prefix == NULL)
4304 if (ap != TAILQ_FIRST(&state->addrs)) {
4305 if (fputc(' ', fp) == EOF)
4308 if (fprintf(fp, "%s", ap->saddr) == -1)
4311 if (fputc('\0', fp) == EOF)
4321 dhcp6_dump(struct interface *ifp)
4323 struct dhcp6_state *state;
4325 ifp->if_data[IF_DATA_DHCP6] = state = calloc(1, sizeof(*state));
4326 if (state == NULL) {
4330 TAILQ_INIT(&state->addrs);
4331 if (dhcp6_readlease(ifp, 0) == -1) {
4332 logerr("dhcp6_readlease");
4335 state->reason = "DUMP6";
4336 return script_runreason(ifp, state->reason);