1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * dhcpcd - DHCP client daemon
4 * Copyright (c) 2006-2023 Roy Marples <roy@marples.name>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/utsname.h>
30 #include <sys/types.h>
32 #include <netinet/in.h>
33 #include <netinet/ip6.h>
48 #define ELOOP_QUEUE ELOOP_DHCP6
56 #include "if-options.h"
62 #ifdef HAVE_SYS_BITOPS_H
63 #include <sys/bitops.h>
65 #include "compat/bitops.h"
68 /* DHCPCD Project has been assigned an IANA PEN of 40712 */
69 #define DHCPCD_IANA_PEN 40712
71 /* Unsure if I want this */
72 //#define VENDOR_SPLIT
74 /* Support older systems with different defines */
75 #if !defined(IPV6_RECVPKTINFO) && defined(IPV6_PKTINFO)
76 #define IPV6_RECVPKTINFO IPV6_PKTINFO
81 /* Assert the correct structure size for on wire */
82 struct dhcp6_message {
85 /* followed by options */
87 __CTASSERT(sizeof(struct dhcp6_message) == 4);
92 /* followed by data */
94 __CTASSERT(sizeof(struct dhcp6_option) == 4);
101 __CTASSERT(sizeof(struct dhcp6_ia_na) == 12);
106 __CTASSERT(sizeof(struct dhcp6_ia_ta) == 4);
108 struct dhcp6_ia_addr {
109 struct in6_addr addr;
113 __CTASSERT(sizeof(struct dhcp6_ia_addr) == 16 + 8);
115 /* XXX FIXME: This is the only packed structure and it does not align.
116 * Maybe manually decode it? */
117 struct dhcp6_pd_addr {
121 struct in6_addr prefix;
123 __CTASSERT(sizeof(struct dhcp6_pd_addr) == 8 + 1 + 16);
130 static const struct dhcp6_op dhcp6_ops[] = {
131 { DHCP6_SOLICIT, "SOLICIT6" },
132 { DHCP6_ADVERTISE, "ADVERTISE6" },
133 { DHCP6_REQUEST, "REQUEST6" },
134 { DHCP6_REPLY, "REPLY6" },
135 { DHCP6_RENEW, "RENEW6" },
136 { DHCP6_REBIND, "REBIND6" },
137 { DHCP6_CONFIRM, "CONFIRM6" },
138 { DHCP6_INFORMATION_REQ, "INFORM6" },
139 { DHCP6_RELEASE, "RELEASE6" },
140 { DHCP6_RECONFIGURE, "RECONFIGURE6" },
141 { DHCP6_DECLINE, "DECLINE6" },
151 * RFC 5908 deprecates OPTION_SNTP_SERVERS.
152 * But we can support both as the hook scripts will uniqify the
153 * results if the server returns both options.
155 static const struct dhcp_compat dhcp_compats[] = {
156 { DHO_DNSSERVER, D6_OPTION_DNS_SERVERS },
157 { DHO_HOSTNAME, D6_OPTION_FQDN },
158 { DHO_DNSDOMAIN, D6_OPTION_FQDN },
159 { DHO_NISSERVER, D6_OPTION_NIS_SERVERS },
160 { DHO_NTPSERVER, D6_OPTION_SNTP_SERVERS },
161 { DHO_NTPSERVER, D6_OPTION_NTP_SERVER },
162 { DHO_RAPIDCOMMIT, D6_OPTION_RAPID_COMMIT },
163 { DHO_FQDN, D6_OPTION_FQDN },
164 { DHO_VIVCO, D6_OPTION_VENDOR_CLASS },
165 { DHO_VIVSO, D6_OPTION_VENDOR_OPTS },
166 { DHO_DNSSEARCH, D6_OPTION_DOMAIN_LIST },
170 static const char * const dhcp6_statuses[] = {
172 "Unspecified Failure",
173 "No Addresses Available",
177 "No Prefix Available"
180 static void dhcp6_bind(struct interface *, const char *, const char *);
181 static void dhcp6_failinform(void *);
182 static void dhcp6_recvaddr(void *, unsigned short);
183 static void dhcp6_startdecline(struct interface *);
184 static void dhcp6_startrequest(struct interface *);
187 #define dhcp6_hasprefixdelegation(a) (0)
189 static int dhcp6_hasprefixdelegation(struct interface *);
192 #define DECLINE_IA(ia) \
193 ((ia)->addr_flags & IN6_IFF_DUPLICATED && \
194 (ia)->ia_type != 0 && (ia)->ia_type != D6_OPTION_IA_PD && \
195 !((ia)->flags & IPV6_AF_STALE) && \
196 (ia)->prefix_vltime != 0)
199 dhcp6_printoptions(const struct dhcpcd_ctx *ctx,
200 const struct dhcp_opt *opts, size_t opts_len)
203 const struct dhcp_opt *opt, *opt2;
206 for (i = 0, opt = ctx->dhcp6_opts;
207 i < ctx->dhcp6_opts_len; i++, opt++)
209 for (j = 0, opt2 = opts; j < opts_len; j++, opt2++)
210 if (opt2->option == opt->option)
213 cols = printf("%05d %s", opt->option, opt->var);
214 dhcp_print_option_encoding(opt, cols);
217 for (i = 0, opt = opts; i < opts_len; i++, opt++) {
218 cols = printf("%05d %s", opt->option, opt->var);
219 dhcp_print_option_encoding(opt, cols);
224 dhcp6_makeuser(void *data, const struct interface *ifp)
226 const struct if_options *ifo = ifp->options;
227 struct dhcp6_option o;
229 const uint8_t *up, *ue;
230 uint16_t ulen, unlen;
233 /* Convert the DHCPv4 user class option to DHCPv6 */
245 for (; up < ue; up += ulen) {
247 olen += sizeof(ulen) + ulen;
251 memcpy(p, &unlen, sizeof(unlen));
257 o.code = htons(D6_OPTION_USER_CLASS);
258 o.len = htons((uint16_t)olen);
259 memcpy(data, &o, sizeof(o));
262 return sizeof(o) + olen;
266 dhcp6_makevendor(void *data, const struct interface *ifp)
268 const struct if_options *ifo;
271 const struct vivco *vivco;
272 struct dhcp6_option o;
275 len = sizeof(uint32_t); /* IANA PEN */
278 for (i = 0, vivco = ifo->vivco;
281 vlen += sizeof(uint16_t) + vivco->len;
283 } else if (ifo->vendorclassid[0] != '\0') {
284 /* dhcpcd owns DHCPCD_IANA_PEN.
285 * If you need your own string, get your own IANA PEN. */
286 vlen = strlen(ifp->ctx->vendor);
287 len += sizeof(uint16_t) + vlen;
291 if (len > UINT16_MAX) {
292 logerrx("%s: DHCPv6 Vendor Class too big", ifp->name);
301 o.code = htons(D6_OPTION_VENDOR_CLASS);
302 o.len = htons((uint16_t)len);
303 memcpy(p, &o, sizeof(o));
305 pen = htonl(ifo->vivco_en ? ifo->vivco_en : DHCPCD_IANA_PEN);
306 memcpy(p, &pen, sizeof(pen));
310 for (i = 0, vivco = ifo->vivco;
314 hvlen = htons((uint16_t)vivco->len);
315 memcpy(p, &hvlen, sizeof(hvlen));
317 memcpy(p, vivco->data, vivco->len);
320 } else if (ifo->vendorclassid[0] != '\0') {
321 hvlen = htons((uint16_t)vlen);
322 memcpy(p, &hvlen, sizeof(hvlen));
324 memcpy(p, ifp->ctx->vendor, vlen);
328 return sizeof(o) + len;
332 dhcp6_findoption(void *data, size_t data_len, uint16_t code, uint16_t *len)
335 struct dhcp6_option o;
338 for (d = data; data_len != 0; d += o.len, data_len -= o.len) {
339 if (data_len < sizeof(o)) {
343 memcpy(&o, d, sizeof(o));
345 data_len -= sizeof(o);
346 o.len = htons(o.len);
347 if (data_len < o.len) {
351 if (o.code == code) {
363 dhcp6_findmoption(void *data, size_t data_len, uint16_t code,
368 if (data_len < sizeof(struct dhcp6_message)) {
373 d += sizeof(struct dhcp6_message);
374 data_len -= sizeof(struct dhcp6_message);
375 return dhcp6_findoption(d, data_len, code, len);
378 static const uint8_t *
379 dhcp6_getoption(struct dhcpcd_ctx *ctx,
380 size_t *os, unsigned int *code, size_t *len,
381 const uint8_t *od, size_t ol, struct dhcp_opt **oopt)
383 struct dhcp6_option o;
385 struct dhcp_opt *opt;
393 memcpy(&o, od, sizeof(o));
395 if (*len > ol - *os) {
399 *code = ntohs(o.code);
403 for (i = 0, opt = ctx->dhcp6_opts;
404 i < ctx->dhcp6_opts_len; i++, opt++)
406 if (opt->option == *code) {
413 return od + sizeof(o);
418 dhcp6_updateelapsed(struct interface *ifp, struct dhcp6_message *m, size_t len)
422 struct dhcp6_state *state;
424 unsigned long long hsec;
427 opt = dhcp6_findmoption(m, len, D6_OPTION_ELAPSED, &opt_len);
430 if (opt_len != sizeof(sec)) {
435 state = D6_STATE(ifp);
436 clock_gettime(CLOCK_MONOTONIC, &tv);
437 if (state->RTC == 0) {
438 /* An RTC of zero means we're the first message
439 * out of the door, so the elapsed time is zero. */
443 unsigned long long secs;
446 secs = eloop_timespec_diff(&tv, &state->started, &nsecs);
447 /* Elapsed time is measured in centiseconds.
448 * We need to be sure it will not potentially overflow. */
449 if (secs >= (UINT16_MAX / CSEC_PER_SEC) + 1)
452 hsec = (secs * CSEC_PER_SEC) +
453 (nsecs / NSEC_PER_CSEC);
454 if (hsec > UINT16_MAX)
458 sec = htons((uint16_t)hsec);
459 memcpy(opt, &sec, sizeof(sec));
464 dhcp6_newxid(const struct interface *ifp, struct dhcp6_message *m)
466 const struct interface *ifp1;
467 const struct dhcp6_state *state1;
470 if (ifp->options->options & DHCPCD_XID_HWADDR &&
471 ifp->hwlen >= sizeof(xid))
472 /* The lower bits are probably more unique on the network */
473 memcpy(&xid, (ifp->hwaddr + ifp->hwlen) - sizeof(xid),
480 m->xid[0] = (xid >> 16) & 0xff;
481 m->xid[1] = (xid >> 8) & 0xff;
482 m->xid[2] = xid & 0xff;
484 /* Ensure it's unique */
485 TAILQ_FOREACH(ifp1, ifp->ctx->ifaces, next) {
488 if ((state1 = D6_CSTATE(ifp1)) == NULL)
490 if (state1->send != NULL &&
491 state1->send->xid[0] == m->xid[0] &&
492 state1->send->xid[1] == m->xid[1] &&
493 state1->send->xid[2] == m->xid[2])
498 if (ifp->options->options & DHCPCD_XID_HWADDR &&
499 ifp->hwlen >= sizeof(xid))
501 logerrx("%s: duplicate xid on %s",
502 ifp->name, ifp1->name);
510 static const struct if_sla *
511 dhcp6_findselfsla(struct interface *ifp)
516 for (i = 0; i < ifp->options->ia_len; i++) {
517 ia = &ifp->options->ia[i];
518 if (ia->ia_type != D6_OPTION_IA_PD)
520 for (j = 0; j < ia->sla_len; j++) {
521 if (strcmp(ia->sla[j].ifname, ifp->name) == 0)
529 dhcp6_delegateaddr(struct in6_addr *addr, struct interface *ifp,
530 const struct ipv6_addr *prefix, const struct if_sla *sla, struct if_ia *ia)
532 struct dhcp6_state *state;
534 char sabuf[INET6_ADDRSTRLEN];
537 state = D6_STATE(ifp);
539 ifp->if_data[IF_DATA_DHCP6] = calloc(1, sizeof(*state));
540 state = D6_STATE(ifp);
546 TAILQ_INIT(&state->addrs);
547 state->state = DH6S_DELEGATED;
548 state->reason = "DELEGATED6";
551 if (sla == NULL || !sla->sla_set) {
552 /* No SLA set, so make an assumption of
553 * desired SLA and prefix length. */
554 asla.sla = ifp->index;
556 asla.sla_set = false;
558 } else if (sla->prefix_len == 0) {
559 /* An SLA was given, but prefix length was not.
560 * We need to work out a suitable prefix length for
561 * potentially more than one interface. */
564 asla.sla_set = sla->sla_set;
568 if (sla->prefix_len == 0) {
572 sla_max = ia->sla_max;
573 if (sla_max == 0 && (sla == NULL || !sla->sla_set)) {
574 const struct interface *ifi;
576 TAILQ_FOREACH(ifi, ifp->ctx->ifaces, next) {
577 if (ifi->index > sla_max)
578 sla_max = ifi->index;
582 bits = fls32(sla_max);
584 if (prefix->prefix_len + bits > (int)UINT8_MAX)
585 asla.prefix_len = UINT8_MAX;
587 asla.prefix_len = (uint8_t)(prefix->prefix_len + bits);
589 /* Make a 64 prefix by default, as this makes SLAAC
591 * Otherwise round up to the nearest 4 bits. */
592 if (asla.prefix_len <= 64)
593 asla.prefix_len = 64;
596 (uint8_t)ROUNDUP4(asla.prefix_len);
599 #define BIT(n) (1UL << (n))
600 #define BIT_MASK(len) (BIT(len) - 1)
601 if (ia->sla_max == 0) {
602 /* Work out the real sla_max from our bits used */
603 bits = asla.prefix_len - prefix->prefix_len;
604 /* Make static analysis happy.
605 * Bits cannot be bigger than 32 thanks to fls32. */
607 ia->sla_max = (uint32_t)BIT_MASK(bits);
611 if (ipv6_userprefix(&prefix->prefix, prefix->prefix_len,
612 sla->sla, addr, sla->prefix_len) == -1)
614 sa = inet_ntop(AF_INET6, &prefix->prefix,
615 sabuf, sizeof(sabuf));
616 logerr("%s: invalid prefix %s/%d + %d/%d",
617 ifp->name, sa, prefix->prefix_len,
618 sla->sla, sla->prefix_len);
622 if (prefix->prefix_exclude_len &&
623 IN6_ARE_ADDR_EQUAL(addr, &prefix->prefix_exclude))
625 sa = inet_ntop(AF_INET6, &prefix->prefix_exclude,
626 sabuf, sizeof(sabuf));
627 logerrx("%s: cannot delegate excluded prefix %s/%d",
628 ifp->name, sa, prefix->prefix_exclude_len);
632 return sla->prefix_len;
637 dhcp6_makemessage(struct interface *ifp)
639 struct dhcp6_state *state;
640 struct dhcp6_message *m;
641 struct dhcp6_option o;
642 uint8_t *p, *si, *unicast, IA;
643 size_t n, l, len, ml, hl;
645 uint16_t si_len, uni_len, n_options;
647 struct if_options *ifo = ifp->options;
648 const struct dhcp_opt *opt, *opt2;
649 const struct ipv6_addr *ap;
650 char hbuf[HOSTNAME_MAX_LEN + 1];
651 const char *hostname;
653 struct dhcp6_ia_na ia_na;
659 uint8_t duid[DUID_LEN];
662 state = D6_STATE(ifp);
668 switch(state->state) {
669 case DH6S_INIT: /* FALLTHROUGH */
671 type = DHCP6_SOLICIT;
674 type = DHCP6_REQUEST;
677 type = DHCP6_CONFIRM;
686 type = DHCP6_INFORMATION_REQ;
689 type = DHCP6_RELEASE;
692 type = DHCP6_DECLINE;
699 /* RFC 4704 Section 5 says we can only send FQDN for these
713 if (fqdn == FQDN_DISABLE && ifo->options & DHCPCD_HOSTNAME) {
714 /* We're sending the DHCPv4 hostname option, so send FQDN as
715 * DHCPv6 has no FQDN option and DHCPv4 must not send
716 * hostname and FQDN according to RFC4702 */
719 if (fqdn != FQDN_DISABLE)
720 hostname = dhcp_get_hostname(hbuf, sizeof(hbuf), ifo);
722 hostname = NULL; /* appearse gcc */
724 /* Work out option size first */
728 hl = 0; /* Appease gcc */
729 if (state->state != DH6S_RELEASE && state->state != DH6S_DECLINE) {
730 for (l = 0, opt = ifp->ctx->dhcp6_opts;
731 l < ifp->ctx->dhcp6_opts_len;
734 for (n = 0, opt2 = ifo->dhcp6_override;
735 n < ifo->dhcp6_override_len;
738 if (opt->option == opt2->option)
741 if (n < ifo->dhcp6_override_len)
743 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6))
746 len += sizeof(o.len);
749 for (l = 0, opt = ifo->dhcp6_override;
750 l < ifo->dhcp6_override_len;
753 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6))
756 len += sizeof(o.len);
758 if (dhcp6_findselfsla(ifp)) {
760 len += sizeof(o.len);
766 if (fqdn != FQDN_DISABLE) {
767 hl = encode_rfc1035(hostname, NULL);
768 len += sizeof(o) + 1 + hl;
771 if (!has_option_mask(ifo->nomask6, D6_OPTION_MUDURL) &&
773 len += sizeof(o) + ifo->mudurl[0];
776 if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) !=
777 DHCPCD_AUTH_SENDREQUIRE &&
778 DHC_REQ(ifo->requestmask6, ifo->nomask6,
779 D6_OPTION_RECONF_ACCEPT))
780 len += sizeof(o); /* Reconfigure Accept */
784 len += sizeof(*state->send);
785 len += sizeof(o) + sizeof(uint16_t); /* elapsed */
787 if (ifo->options & DHCPCD_ANONYMOUS) {
788 duid_len = duid_make(duid, ifp, DUID_LL);
789 len += sizeof(o) + duid_len;
791 len += sizeof(o) + ifp->ctx->duid_len;
794 if (!has_option_mask(ifo->nomask6, D6_OPTION_USER_CLASS))
795 len += dhcp6_makeuser(NULL, ifp);
796 if (!has_option_mask(ifo->nomask6, D6_OPTION_VENDOR_CLASS))
797 len += dhcp6_makevendor(NULL, ifp);
802 switch(state->state) {
805 ml = state->recv_len;
816 si = dhcp6_findmoption(m, ml, D6_OPTION_SERVERID, &si_len);
819 len += sizeof(o) + si_len;
830 TAILQ_FOREACH(ap, &state->addrs, next) {
831 if (ap->flags & IPV6_AF_STALE)
833 if (!(ap->flags & IPV6_AF_REQUEST) &&
834 (ap->prefix_vltime == 0 ||
835 state->state == DH6S_DISCOVER))
837 if (DECLINE_IA(ap) && state->state != DH6S_DECLINE)
839 if (ap->ia_type == D6_OPTION_IA_PD) {
841 len += sizeof(o) + sizeof(struct dhcp6_pd_addr);
842 if (ap->prefix_exclude_len)
843 len += sizeof(o) + 1 +
844 (uint8_t)((ap->prefix_exclude_len -
845 ap->prefix_len - 1) / NBBY) + 1;
848 len += sizeof(o) + sizeof(struct dhcp6_ia_addr);
852 for (l = 0; l < ifo->ia_len; l++) {
853 len += sizeof(o) + sizeof(uint32_t); /* IAID */
854 /* IA_TA does not have T1 or T2 timers */
855 if (ifo->ia[l].ia_type != D6_OPTION_IA_TA)
856 len += sizeof(uint32_t) + sizeof(uint32_t);
864 if (state->state == DH6S_DISCOVER &&
865 !(ifp->ctx->options & DHCPCD_TEST) &&
866 DHC_REQ(ifo->requestmask6, ifo->nomask6, D6_OPTION_RAPID_COMMIT))
874 switch(state->state) {
875 case DH6S_REQUEST: /* FALLTHROUGH */
876 case DH6S_RENEW: /* FALLTHROUGH */
878 if (has_option_mask(ifo->nomask6, D6_OPTION_UNICAST)) {
882 unicast = dhcp6_findmoption(m, ml, D6_OPTION_UNICAST, &uni_len);
889 /* In non manager mode we listen and send from fixed addresses.
890 * We should try and match an address we have to unicast to,
891 * but for now this is the safest policy. */
892 if (unicast != NULL && !(ifp->ctx->options & DHCPCD_MANAGER)) {
893 logdebugx("%s: ignoring unicast option as not manager",
900 if (ifo->auth.options & DHCPCD_AUTH_SEND) {
901 ssize_t alen = dhcp_auth_encode(ifp->ctx, &ifo->auth,
902 state->auth.token, NULL, 0, 6, type, NULL, 0);
903 if (alen != -1 && alen > UINT16_MAX) {
908 logerr("%s: %s: dhcp_auth_encode", __func__, ifp->name);
909 else if (alen != 0) {
910 auth_len = (uint16_t)alen;
911 len += sizeof(o) + auth_len;
916 state->send = malloc(len);
917 if (state->send == NULL)
920 state->send_len = len;
921 state->send->type = type;
923 /* If we found a unicast option, copy it to our state for sending */
924 if (unicast && uni_len == sizeof(state->unicast))
925 memcpy(&state->unicast, unicast, sizeof(state->unicast));
927 state->unicast = in6addr_any;
929 dhcp6_newxid(ifp, state->send);
931 #define COPYIN1(_code, _len) { \
932 o.code = htons((_code)); \
933 o.len = htons((_len)); \
934 memcpy(p, &o, sizeof(o)); \
937 #define COPYIN(_code, _data, _len) do { \
938 COPYIN1((_code), (_len)); \
940 memcpy(p, (_data), (_len)); \
943 } while (0 /* CONSTCOND */)
944 #define NEXTLEN (p + offsetof(struct dhcp6_option, len))
946 /* Options are listed in numerical order as per RFC 7844 Section 4.1
947 * XXX: They should be randomised. */
949 p = (uint8_t *)state->send + sizeof(*state->send);
950 if (ifo->options & DHCPCD_ANONYMOUS)
951 COPYIN(D6_OPTION_CLIENTID, duid,
954 COPYIN(D6_OPTION_CLIENTID, ifp->ctx->duid,
955 (uint16_t)ifp->ctx->duid_len);
958 COPYIN(D6_OPTION_SERVERID, si, si_len);
960 for (l = 0; IA && l < ifo->ia_len; l++) {
963 /* TA structure is the same as the others,
964 * it just lacks the T1 and T2 timers.
965 * These happen to be at the end of the struct,
966 * so we just don't copy them in. */
967 if (ifia->ia_type == D6_OPTION_IA_TA)
968 ia_na_len = sizeof(struct dhcp6_ia_ta);
970 ia_na_len = sizeof(ia_na);
971 memcpy(ia_na.iaid, ifia->iaid, sizeof(ia_na.iaid));
972 /* RFC 8415 21.4 and 21.21 state that T1 and T2 should be zero.
973 * An RFC compliant server MUST ignore them anyway. */
976 COPYIN(ifia->ia_type, &ia_na, ia_na_len);
977 TAILQ_FOREACH(ap, &state->addrs, next) {
978 if (ap->flags & IPV6_AF_STALE)
980 if (!(ap->flags & IPV6_AF_REQUEST) &&
981 (ap->prefix_vltime == 0 ||
982 state->state == DH6S_DISCOVER))
984 if (DECLINE_IA(ap) && state->state != DH6S_DECLINE)
986 if (ap->ia_type != ifia->ia_type)
988 if (memcmp(ap->iaid, ifia->iaid, sizeof(ap->iaid)))
990 if (ap->ia_type == D6_OPTION_IA_PD) {
992 struct dhcp6_pd_addr pdp = {
993 .prefix_len = ap->prefix_len,
995 * RFC 8415 21.22 states that the
996 * valid and preferred lifetimes sent by
997 * the client SHOULD be zero and MUST
998 * be ignored by the server.
1002 /* pdp.prefix is not aligned, so copy it in. */
1003 memcpy(&pdp.prefix, &ap->prefix, sizeof(pdp.prefix));
1004 COPYIN(D6_OPTION_IAPREFIX, &pdp, sizeof(pdp));
1005 ia_na_len = (uint16_t)
1006 (ia_na_len + sizeof(o) + sizeof(pdp));
1008 /* RFC6603 Section 4.2 */
1009 if (ap->prefix_exclude_len) {
1010 uint8_t exb[16], *ep, u8;
1013 n = (size_t)((ap->prefix_exclude_len -
1014 ap->prefix_len - 1) / NBBY) + 1;
1016 *ep++ = (uint8_t)ap->prefix_exclude_len;
1017 pp = ap->prefix_exclude.s6_addr;
1019 ((ap->prefix_len - 1) / NBBY) +
1021 u8 = ap->prefix_len % NBBY;
1026 n = (size_t)(ep - exb);
1028 *ep = (uint8_t)(*pp << u8);
1031 COPYIN(D6_OPTION_PD_EXCLUDE, exb,
1033 ia_na_len = (uint16_t)
1034 (ia_na_len + sizeof(o) + n);
1038 struct dhcp6_ia_addr ia = {
1041 * RFC 8415 21.6 states that the
1042 * valid and preferred lifetimes sent by
1043 * the client SHOULD be zero and MUST
1044 * be ignored by the server.
1048 COPYIN(D6_OPTION_IA_ADDR, &ia, sizeof(ia));
1049 ia_na_len = (uint16_t)
1050 (ia_na_len + sizeof(o) + sizeof(ia));
1054 /* Update the total option lenth. */
1055 ia_na_len = htons(ia_na_len);
1056 memcpy(o_lenp, &ia_na_len, sizeof(ia_na_len));
1059 if (state->send->type != DHCP6_RELEASE &&
1060 state->send->type != DHCP6_DECLINE &&
1065 COPYIN1(D6_OPTION_ORO, 0);
1066 for (l = 0, opt = ifp->ctx->dhcp6_opts;
1067 l < ifp->ctx->dhcp6_opts_len;
1071 for (n = 0, opt2 = ifo->dhcp6_override;
1072 n < ifo->dhcp6_override_len;
1075 if (opt->option == opt2->option)
1078 if (n < ifo->dhcp6_override_len)
1081 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6))
1083 o.code = htons((uint16_t)opt->option);
1084 memcpy(p, &o.code, sizeof(o.code));
1085 p += sizeof(o.code);
1086 o.len = (uint16_t)(o.len + sizeof(o.code));
1089 for (l = 0, opt = ifo->dhcp6_override;
1090 l < ifo->dhcp6_override_len;
1093 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6))
1095 o.code = htons((uint16_t)opt->option);
1096 memcpy(p, &o.code, sizeof(o.code));
1097 p += sizeof(o.code);
1098 o.len = (uint16_t)(o.len + sizeof(o.code));
1100 if (dhcp6_findselfsla(ifp)) {
1101 o.code = htons(D6_OPTION_PD_EXCLUDE);
1102 memcpy(p, &o.code, sizeof(o.code));
1103 p += sizeof(o.code);
1104 o.len = (uint16_t)(o.len + sizeof(o.code));
1107 o.len = htons(o.len);
1108 memcpy(o_lenp, &o.len, sizeof(o.len));
1112 COPYIN(D6_OPTION_ELAPSED, &si_len, sizeof(si_len));
1114 if (state->state == DH6S_DISCOVER &&
1115 !(ifp->ctx->options & DHCPCD_TEST) &&
1116 DHC_REQ(ifo->requestmask6, ifo->nomask6, D6_OPTION_RAPID_COMMIT))
1117 COPYIN1(D6_OPTION_RAPID_COMMIT, 0);
1119 if (!has_option_mask(ifo->nomask6, D6_OPTION_USER_CLASS))
1120 p += dhcp6_makeuser(p, ifp);
1121 if (!has_option_mask(ifo->nomask6, D6_OPTION_VENDOR_CLASS))
1122 p += dhcp6_makevendor(p, ifp);
1124 if (state->send->type != DHCP6_RELEASE &&
1125 state->send->type != DHCP6_DECLINE)
1127 if (fqdn != FQDN_DISABLE) {
1129 COPYIN1(D6_OPTION_FQDN, 0);
1146 encode_rfc1035(hostname, p);
1148 o.len = htons((uint16_t)(hl + 1));
1149 memcpy(o_lenp, &o.len, sizeof(o.len));
1152 if (!has_option_mask(ifo->nomask6, D6_OPTION_MUDURL) &&
1154 COPYIN(D6_OPTION_MUDURL,
1155 ifo->mudurl + 1, ifo->mudurl[0]);
1158 if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) !=
1159 DHCPCD_AUTH_SENDREQUIRE &&
1160 DHC_REQ(ifo->requestmask6, ifo->nomask6,
1161 D6_OPTION_RECONF_ACCEPT))
1162 COPYIN1(D6_OPTION_RECONF_ACCEPT, 0);
1168 /* This has to be the last option */
1169 if (ifo->auth.options & DHCPCD_AUTH_SEND && auth_len != 0) {
1170 COPYIN1(D6_OPTION_AUTH, auth_len);
1171 /* data will be filled at send message time */
1179 dhcp6_get_op(uint16_t type)
1181 const struct dhcp6_op *d;
1183 for (d = dhcp6_ops; d->name; d++)
1184 if (d->type == type)
1190 dhcp6_freedrop_addrs(struct interface *ifp, int drop,
1191 const struct interface *ifd)
1193 struct dhcp6_state *state;
1195 state = D6_STATE(ifp);
1197 ipv6_freedrop_addrs(&state->addrs, drop, ifd);
1199 rt_build(ifp->ctx, AF_INET6);
1204 static void dhcp6_delete_delegates(struct interface *ifp)
1206 struct interface *ifp0;
1208 if (ifp->ctx->ifaces) {
1209 TAILQ_FOREACH(ifp0, ifp->ctx->ifaces, next) {
1211 dhcp6_freedrop_addrs(ifp0, 1, ifp);
1219 dhcp6_update_auth(struct interface *ifp, struct dhcp6_message *m, size_t len)
1221 struct dhcp6_state *state;
1225 opt = dhcp6_findmoption(m, len, D6_OPTION_AUTH, &opt_len);
1229 state = D6_STATE(ifp);
1230 return dhcp_auth_encode(ifp->ctx, &ifp->options->auth,
1231 state->auth.token, (uint8_t *)state->send, state->send_len, 6,
1232 state->send->type, opt, opt_len);
1236 static const struct in6_addr alldhcp = IN6ADDR_LINKLOCAL_ALLDHCP_INIT;
1238 dhcp6_sendmessage(struct interface *ifp, void (*callback)(void *))
1240 struct dhcp6_state *state = D6_STATE(ifp);
1241 struct dhcpcd_ctx *ctx = ifp->ctx;
1243 bool multicast = true;
1244 struct sockaddr_in6 dst = {
1245 .sin6_family = AF_INET6,
1246 /* Setting the port on Linux gives EINVAL when sending.
1247 * This looks like a kernel bug as the equivalent works
1248 * fine with the DHCP counterpart. */
1250 .sin6_port = htons(DHCP6_SERVER_PORT),
1253 struct udphdr udp = {
1254 .uh_sport = htons(DHCP6_CLIENT_PORT),
1255 .uh_dport = htons(DHCP6_SERVER_PORT),
1256 .uh_ulen = htons((uint16_t)(sizeof(udp) + state->send_len)),
1258 struct iovec iov[] = {
1259 { .iov_base = &udp, .iov_len = sizeof(udp), },
1260 { .iov_base = state->send, .iov_len = state->send_len, },
1264 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
1265 } cmsgbuf = { .buf = { 0 } };
1266 struct msghdr msg = {
1267 .msg_name = &dst, .msg_namelen = sizeof(dst),
1268 .msg_iov = iov, .msg_iovlen = __arraycount(iov),
1270 char uaddr[INET6_ADDRSTRLEN];
1272 if (!callback && !if_is_link_up(ifp))
1275 if (!IN6_IS_ADDR_UNSPECIFIED(&state->unicast)) {
1276 switch (state->send->type) {
1277 case DHCP6_SOLICIT: /* FALLTHROUGH */
1278 case DHCP6_CONFIRM: /* FALLTHROUGH */
1280 /* Unicasting is denied for these types. */
1284 inet_ntop(AF_INET6, &state->unicast, uaddr,
1289 dst.sin6_addr = multicast ? alldhcp : state->unicast;
1292 logdebugx("%s: %s %s with xid 0x%02x%02x%02x%s%s",
1294 multicast ? "multicasting" : "unicasting",
1295 dhcp6_get_op(state->send->type),
1296 state->send->xid[0],
1297 state->send->xid[1],
1298 state->send->xid[2],
1299 !multicast ? " " : "",
1300 !multicast ? uaddr : "");
1304 !(ifp->options->options & DHCPCD_INITIAL_DELAY))
1307 state->RT = state->IMD * MSEC_PER_SEC;
1308 /* Some buggy PPP servers close the link too early
1309 * after sending an invalid status in their reply
1310 * which means this host won't see it.
1311 * 1 second grace seems to be the sweet spot. */
1312 if (ifp->flags & IFF_POINTOPOINT)
1313 state->RT += MSEC_PER_SEC;
1314 } else if (state->RTC == 0)
1315 state->RT = state->IRT * MSEC_PER_SEC;
1317 if (state->MRT != 0) {
1318 unsigned int mrt = state->MRT * MSEC_PER_SEC;
1320 if (state->RT > mrt)
1324 /* Add -.1 to .1 * RT randomness as per RFC8415 section 15 */
1325 uint32_t lru = arc4random_uniform(
1326 state->RTC == 0 ? DHCP6_RAND_MAX
1327 : DHCP6_RAND_MAX - DHCP6_RAND_MIN);
1328 int lr = (int)lru - (state->RTC == 0 ? 0 : DHCP6_RAND_MAX);
1330 + (unsigned int)((float)state->RT
1331 * ((float)lr / DHCP6_RAND_DIV));
1333 if (if_is_link_up(ifp))
1334 logdebugx("%s: %s %s (xid 0x%02x%02x%02x)%s%s,"
1335 " next in %0.1f seconds",
1337 state->IMD != 0 ? "delaying" :
1338 multicast ? "multicasting" : "unicasting",
1339 dhcp6_get_op(state->send->type),
1340 state->send->xid[0],
1341 state->send->xid[1],
1342 state->send->xid[2],
1343 state->IMD == 0 && !multicast ? " " : "",
1344 state->IMD == 0 && !multicast ? uaddr : "",
1345 (float)RT / MSEC_PER_SEC);
1347 /* Wait the initial delay */
1348 if (state->IMD != 0) {
1350 eloop_timeout_add_msec(ctx->eloop, RT, callback, ifp);
1355 if (!if_is_link_up(ifp))
1358 /* Update the elapsed time */
1359 dhcp6_updateelapsed(ifp, state->send, state->send_len);
1361 if (ifp->options->auth.options & DHCPCD_AUTH_SEND &&
1362 dhcp6_update_auth(ifp, state->send, state->send_len) == -1)
1364 logerr("%s: %s: dhcp6_updateauth", __func__, ifp->name);
1370 /* Set the outbound interface */
1373 struct in6_pktinfo pi = { .ipi6_ifindex = ifp->index };
1375 dst.sin6_scope_id = ifp->index;
1376 msg.msg_control = cmsgbuf.buf;
1377 msg.msg_controllen = sizeof(cmsgbuf.buf);
1378 cm = CMSG_FIRSTHDR(&msg);
1379 if (cm == NULL) /* unlikely */
1381 cm->cmsg_level = IPPROTO_IPV6;
1382 cm->cmsg_type = IPV6_PKTINFO;
1383 cm->cmsg_len = CMSG_LEN(sizeof(pi));
1384 memcpy(CMSG_DATA(cm), &pi, sizeof(pi));
1388 if (IN_PRIVSEP(ifp->ctx)) {
1389 if (ps_inet_senddhcp6(ifp, &msg) == -1)
1395 if (sendmsg(ctx->dhcp6_wfd, &msg, 0) == -1) {
1396 logerr("%s: %s: sendmsg", __func__, ifp->name);
1397 /* Allow DHCPv6 to continue .... the errors
1398 * would be rate limited by the protocol.
1399 * Generally the error is ENOBUFS when struggling to
1400 * associate with an access point. */
1409 if (state->RT < RT) /* Check overflow */
1411 if (state->MRC == 0 || state->RTC < state->MRC)
1412 eloop_timeout_add_msec(ctx->eloop,
1414 else if (state->MRC != 0 && state->MRCcallback)
1415 eloop_timeout_add_msec(ctx->eloop,
1416 RT, state->MRCcallback, ifp);
1418 logwarnx("%s: sent %d times with no reply",
1419 ifp->name, state->RTC);
1425 dhcp6_sendinform(void *arg)
1428 dhcp6_sendmessage(arg, dhcp6_sendinform);
1432 dhcp6_senddiscover2(void *arg)
1435 dhcp6_sendmessage(arg, dhcp6_senddiscover2);
1439 dhcp6_senddiscover1(void *arg)
1442 * So the initial RT has elapsed.
1443 * If we have any ADVERTs we can now REQUEST them.
1444 * RFC 8415 15 and 18.2.1
1446 struct interface *ifp = arg;
1447 struct dhcp6_state *state = D6_STATE(ifp);
1449 if (state->recv == NULL || state->recv->type != DHCP6_ADVERTISE)
1450 dhcp6_sendmessage(arg, dhcp6_senddiscover2);
1452 dhcp6_startrequest(ifp);
1456 dhcp6_senddiscover(void *arg)
1458 struct interface *ifp = arg;
1459 struct dhcp6_state *state = D6_STATE(ifp);
1461 dhcp6_sendmessage(arg,
1462 state->IMD != 0 ? dhcp6_senddiscover : dhcp6_senddiscover1);
1466 dhcp6_sendrequest(void *arg)
1469 dhcp6_sendmessage(arg, dhcp6_sendrequest);
1473 dhcp6_sendrebind(void *arg)
1476 dhcp6_sendmessage(arg, dhcp6_sendrebind);
1480 dhcp6_sendrenew(void *arg)
1483 dhcp6_sendmessage(arg, dhcp6_sendrenew);
1487 dhcp6_sendconfirm(void *arg)
1490 dhcp6_sendmessage(arg, dhcp6_sendconfirm);
1494 dhcp6_senddecline(void *arg)
1497 dhcp6_sendmessage(arg, dhcp6_senddecline);
1501 dhcp6_sendrelease(void *arg)
1504 dhcp6_sendmessage(arg, dhcp6_sendrelease);
1508 dhcp6_startrenew(void *arg)
1510 struct interface *ifp;
1511 struct dhcp6_state *state;
1514 if ((state = D6_STATE(ifp)) == NULL)
1517 /* Only renew in the bound or renew states */
1518 if (state->state != DH6S_BOUND &&
1519 state->state != DH6S_RENEW)
1522 /* Remove the timeout as the renew may have been forced. */
1523 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_startrenew, ifp);
1525 state->state = DH6S_RENEW;
1527 state->IMD = REN_MAX_DELAY;
1528 state->IRT = REN_TIMEOUT;
1529 state->MRT = REN_MAX_RT;
1532 if (dhcp6_makemessage(ifp) == -1)
1533 logerr("%s: %s", __func__, ifp->name);
1535 dhcp6_sendrenew(ifp);
1538 void dhcp6_renew(struct interface *ifp)
1541 dhcp6_startrenew(ifp);
1545 dhcp6_dadcompleted(const struct interface *ifp)
1547 const struct dhcp6_state *state;
1548 const struct ipv6_addr *ap;
1550 state = D6_CSTATE(ifp);
1551 TAILQ_FOREACH(ap, &state->addrs, next) {
1552 if (ap->flags & IPV6_AF_ADDED &&
1553 !(ap->flags & IPV6_AF_DADCOMPLETED))
1560 dhcp6_dadcallback(void *arg)
1562 struct ipv6_addr *ia = arg;
1563 struct interface *ifp;
1564 struct dhcp6_state *state;
1565 struct ipv6_addr *ia2;
1566 bool completed, valid, oneduplicated;
1568 completed = (ia->flags & IPV6_AF_DADCOMPLETED);
1569 ia->flags |= IPV6_AF_DADCOMPLETED;
1570 if (ia->addr_flags & IN6_IFF_DUPLICATED)
1571 logwarnx("%s: DAD detected %s", ia->iface->name, ia->saddr);
1573 #ifdef ND6_ADVERTISE
1575 ipv6nd_advertise(ia);
1581 state = D6_STATE(ifp);
1582 if (state->state != DH6S_BOUND && state->state != DH6S_DELEGATED)
1588 valid = (ia->delegating_prefix == NULL);
1591 oneduplicated = false;
1592 TAILQ_FOREACH(ia2, &state->addrs, next) {
1593 if (ia2->flags & IPV6_AF_ADDED &&
1594 !(ia2->flags & IPV6_AF_DADCOMPLETED))
1600 oneduplicated = true;
1605 logdebugx("%s: DHCPv6 DAD completed", ifp->name);
1607 if (oneduplicated && state->state == DH6S_BOUND) {
1608 dhcp6_startdecline(ifp);
1612 script_runreason(ifp,
1614 ia->delegating_prefix ? "DELEGATED6" :
1618 dhcpcd_daemonise(ifp->ctx);
1622 dhcp6_addrequestedaddrs(struct interface *ifp)
1624 struct dhcp6_state *state;
1627 struct ipv6_addr *a;
1629 state = D6_STATE(ifp);
1630 /* Add any requested prefixes / addresses */
1631 for (i = 0; i < ifp->options->ia_len; i++) {
1632 ia = &ifp->options->ia[i];
1633 if (!((ia->ia_type == D6_OPTION_IA_PD && ia->prefix_len) ||
1634 !IN6_IS_ADDR_UNSPECIFIED(&ia->addr)))
1636 a = ipv6_newaddr(ifp, &ia->addr,
1638 * RFC 5942 Section 5
1639 * We cannot assume any prefix length, nor tie the
1640 * address to an existing one as it could expire
1641 * before the address.
1642 * As such we just give it a 128 prefix.
1644 ia->ia_type == D6_OPTION_IA_PD ? ia->prefix_len : 128,
1648 a->dadcallback = dhcp6_dadcallback;
1649 memcpy(&a->iaid, &ia->iaid, sizeof(a->iaid));
1650 a->ia_type = ia->ia_type;
1651 TAILQ_INSERT_TAIL(&state->addrs, a, next);
1656 dhcp6_startdiscover(void *arg)
1658 struct interface *ifp;
1659 struct dhcp6_state *state;
1661 struct ipv6_addr *ia;
1664 state = D6_STATE(ifp);
1666 if (state->reason == NULL || strcmp(state->reason, "TIMEOUT6") != 0)
1667 dhcp6_delete_delegates(ifp);
1669 if (state->new == NULL && !state->failed)
1673 logmessage(llevel, "%s: soliciting a DHCPv6 lease", ifp->name);
1674 state->state = DH6S_DISCOVER;
1676 state->IMD = SOL_MAX_DELAY;
1677 state->IRT = SOL_TIMEOUT;
1678 state->MRT = state->sol_max_rt;
1679 state->MRC = SOL_MAX_RC;
1681 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1686 /* If we fail to renew or confirm, our requested addreses will
1687 * be marked as stale.
1688 To re-request them, just mark them as not stale. */
1689 TAILQ_FOREACH(ia, &state->addrs, next) {
1690 if (ia->flags & IPV6_AF_REQUEST)
1691 ia->flags &= ~IPV6_AF_STALE;
1694 if (dhcp6_makemessage(ifp) == -1)
1695 logerr("%s: %s", __func__, ifp->name);
1697 dhcp6_senddiscover(ifp);
1701 dhcp6_startinform(void *arg)
1703 struct interface *ifp;
1704 struct dhcp6_state *state;
1708 state = D6_STATE(ifp);
1709 llevel = state->failed ? LOG_DEBUG : LOG_INFO;
1710 logmessage(llevel, "%s: requesting DHCPv6 information", ifp->name);
1711 state->state = DH6S_INFORM;
1713 state->IMD = INF_MAX_DELAY;
1714 state->IRT = INF_TIMEOUT;
1715 state->MRT = state->inf_max_rt;
1718 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1719 if (dhcp6_makemessage(ifp) == -1) {
1720 logerr("%s: %s", __func__, ifp->name);
1723 dhcp6_sendinform(ifp);
1724 /* RFC3315 18.1.2 says that if CONFIRM failed then the prior addresses
1725 * SHOULD be used. The wording here is poor, because the addresses are
1726 * merely one facet of the lease as a whole.
1727 * This poor wording might explain the lack of similar text for INFORM
1728 * in 18.1.5 because there are no addresses in the INFORM message. */
1729 eloop_timeout_add_sec(ifp->ctx->eloop,
1730 INF_MAX_RD, dhcp6_failinform, ifp);
1734 dhcp6_startdiscoinform(struct interface *ifp)
1736 unsigned long long opts = ifp->options->options;
1738 if (opts & DHCPCD_IA_FORCED || ipv6nd_hasradhcp(ifp, true))
1739 dhcp6_startdiscover(ifp);
1740 else if (opts & DHCPCD_INFORM6 || ipv6nd_hasradhcp(ifp, false))
1741 dhcp6_startinform(ifp);
1748 dhcp6_leaseextend(struct interface *ifp)
1750 struct dhcp6_state *state = D6_STATE(ifp);
1751 struct ipv6_addr *ia;
1753 logwarnx("%s: extending DHCPv6 lease", ifp->name);
1754 TAILQ_FOREACH(ia, &state->addrs, next) {
1755 ia->flags |= IPV6_AF_EXTENDED;
1756 /* Set infinite lifetimes. */
1757 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1758 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1763 dhcp6_fail(struct interface *ifp)
1765 struct dhcp6_state *state = D6_STATE(ifp);
1767 state->failed = true;
1769 /* RFC3315 18.1.2 says that prior addresses SHOULD be used on failure.
1770 * RFC2131 3.2.3 says that MAY chose to use the prior address.
1771 * Because dhcpcd was written first for RFC2131, we have the LASTLEASE
1772 * option which defaults to off as that makes the most sense for
1774 * dhcpcd also has LASTLEASE_EXTEND to extend this lease past it's
1775 * expiry, but this is strictly not RFC compliant in any way or form. */
1776 if (state->new != NULL &&
1777 ifp->options->options & DHCPCD_LASTLEASE_EXTEND)
1779 dhcp6_leaseextend(ifp);
1780 dhcp6_bind(ifp, NULL, NULL);
1782 dhcp6_freedrop_addrs(ifp, 1, NULL);
1784 dhcp6_delete_delegates(ifp);
1787 state->old = state->new;
1788 state->old_len = state->new_len;
1791 if (state->old != NULL)
1792 script_runreason(ifp, "EXPIRE6");
1793 dhcp_unlink(ifp->ctx, state->leasefile);
1794 dhcp6_addrequestedaddrs(ifp);
1797 if (!dhcp6_startdiscoinform(ifp)) {
1798 logwarnx("%s: no advertising IPv6 router wants DHCP",ifp->name);
1799 state->state = DH6S_INIT;
1800 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1805 dhcp6_failloglevel(struct interface *ifp)
1807 const struct dhcp6_state *state = D6_CSTATE(ifp);
1809 return state->failed ? LOG_DEBUG : LOG_ERR;
1813 dhcp6_failconfirm(void *arg)
1815 struct interface *ifp = arg;
1816 int llevel = dhcp6_failloglevel(ifp);
1818 logmessage(llevel, "%s: failed to confirm prior DHCPv6 address",
1824 dhcp6_failrequest(void *arg)
1826 struct interface *ifp = arg;
1827 int llevel = dhcp6_failloglevel(ifp);
1829 logmessage(llevel, "%s: failed to request DHCPv6 address", ifp->name);
1834 dhcp6_failinform(void *arg)
1836 struct interface *ifp = arg;
1837 int llevel = dhcp6_failloglevel(ifp);
1839 logmessage(llevel, "%s: failed to request DHCPv6 information",
1846 dhcp6_failrebind(void *arg)
1848 struct interface *ifp = arg;
1850 logerrx("%s: failed to rebind prior DHCPv6 delegation", ifp->name);
1855 dhcp6_hasprefixdelegation(struct interface *ifp)
1861 for (i = 0; i < ifp->options->ia_len; i++) {
1862 if (t && t != ifp->options->ia[i].ia_type) {
1863 if (t == D6_OPTION_IA_PD ||
1864 ifp->options->ia[i].ia_type == D6_OPTION_IA_PD)
1867 t = ifp->options->ia[i].ia_type;
1869 return t == D6_OPTION_IA_PD ? 1 : 0;
1874 dhcp6_startrebind(void *arg)
1876 struct interface *ifp;
1877 struct dhcp6_state *state;
1883 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_sendrenew, ifp);
1884 state = D6_STATE(ifp);
1885 if (state->state == DH6S_RENEW)
1886 logwarnx("%s: failed to renew DHCPv6, rebinding", ifp->name);
1888 loginfox("%s: rebinding prior DHCPv6 lease", ifp->name);
1889 state->state = DH6S_REBIND;
1894 /* RFC 3633 section 12.1 */
1895 pd = dhcp6_hasprefixdelegation(ifp);
1897 state->IMD = CNF_MAX_DELAY;
1898 state->IRT = CNF_TIMEOUT;
1899 state->MRT = CNF_MAX_RT;
1903 state->IMD = REB_MAX_DELAY;
1904 state->IRT = REB_TIMEOUT;
1905 state->MRT = REB_MAX_RT;
1908 if (dhcp6_makemessage(ifp) == -1)
1909 logerr("%s: %s", __func__, ifp->name);
1911 dhcp6_sendrebind(ifp);
1914 /* RFC 3633 section 12.1 */
1916 eloop_timeout_add_sec(ifp->ctx->eloop,
1917 CNF_MAX_RD, dhcp6_failrebind, ifp);
1922 dhcp6_startrequest(struct interface *ifp)
1924 struct dhcp6_state *state;
1926 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_senddiscover, ifp);
1927 state = D6_STATE(ifp);
1928 state->state = DH6S_REQUEST;
1931 state->IRT = REQ_TIMEOUT;
1932 state->MRT = REQ_MAX_RT;
1933 state->MRC = REQ_MAX_RC;
1934 state->MRCcallback = dhcp6_failrequest;
1936 if (dhcp6_makemessage(ifp) == -1) {
1937 logerr("%s: %s", __func__, ifp->name);
1941 dhcp6_sendrequest(ifp);
1945 dhcp6_startconfirm(struct interface *ifp)
1947 struct dhcp6_state *state;
1948 struct ipv6_addr *ia;
1950 state = D6_STATE(ifp);
1952 TAILQ_FOREACH(ia, &state->addrs, next) {
1953 if (!DECLINE_IA(ia))
1955 logerrx("%s: prior DHCPv6 has a duplicated address", ifp->name);
1956 dhcp6_startdecline(ifp);
1960 state->state = DH6S_CONFIRM;
1962 state->IMD = CNF_MAX_DELAY;
1963 state->IRT = CNF_TIMEOUT;
1964 state->MRT = CNF_MAX_RT;
1965 state->MRC = CNF_MAX_RC;
1967 loginfox("%s: confirming prior DHCPv6 lease", ifp->name);
1969 if (dhcp6_makemessage(ifp) == -1) {
1970 logerr("%s: %s", __func__, ifp->name);
1973 dhcp6_sendconfirm(ifp);
1974 eloop_timeout_add_sec(ifp->ctx->eloop,
1975 CNF_MAX_RD, dhcp6_failconfirm, ifp);
1979 dhcp6_startexpire(void *arg)
1981 struct interface *ifp;
1984 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_sendrebind, ifp);
1986 logerrx("%s: DHCPv6 lease expired", ifp->name);
1991 dhcp6_faildecline(void *arg)
1993 struct interface *ifp = arg;
1995 logerrx("%s: failed to decline duplicated DHCPv6 addresses", ifp->name);
2000 dhcp6_startdecline(struct interface *ifp)
2002 struct dhcp6_state *state;
2004 state = D6_STATE(ifp);
2005 loginfox("%s: declining failed DHCPv6 addresses", ifp->name);
2006 state->state = DH6S_DECLINE;
2009 state->IRT = DEC_TIMEOUT;
2011 state->MRC = DEC_MAX_RC;
2012 state->MRCcallback = dhcp6_faildecline;
2014 if (dhcp6_makemessage(ifp) == -1)
2015 logerr("%s: %s", __func__, ifp->name);
2017 dhcp6_senddecline(ifp);
2021 dhcp6_finishrelease(void *arg)
2023 struct interface *ifp;
2024 struct dhcp6_state *state;
2026 ifp = (struct interface *)arg;
2027 if ((state = D6_STATE(ifp)) != NULL) {
2028 state->state = DH6S_RELEASED;
2029 dhcp6_drop(ifp, "RELEASE6");
2034 dhcp6_startrelease(struct interface *ifp)
2036 struct dhcp6_state *state;
2038 state = D6_STATE(ifp);
2039 if (state->state != DH6S_BOUND)
2042 state->state = DH6S_RELEASE;
2044 state->IMD = REL_MAX_DELAY;
2045 state->IRT = REL_TIMEOUT;
2046 state->MRT = REL_MAX_RT;
2047 /* MRC of REL_MAX_RC is optional in RFC 3315 18.1.6 */
2049 state->MRC = REL_MAX_RC;
2050 state->MRCcallback = dhcp6_finishrelease;
2053 state->MRCcallback = NULL;
2056 if (dhcp6_makemessage(ifp) == -1)
2057 logerr("%s: %s", __func__, ifp->name);
2059 dhcp6_sendrelease(ifp);
2060 dhcp6_finishrelease(ifp);
2065 dhcp6_checkstatusok(const struct interface *ifp,
2066 struct dhcp6_message *m, uint8_t *p, size_t len)
2068 struct dhcp6_state *state;
2070 uint16_t opt_len, code;
2072 void * (*f)(void *, size_t, uint16_t, uint16_t *), *farg;
2073 char buf[32], *sbuf;
2077 state = D6_STATE(ifp);
2078 f = p ? dhcp6_findoption : dhcp6_findmoption;
2083 if ((opt = f(farg, len, D6_OPTION_STATUS_CODE, &opt_len)) == NULL) {
2084 //logdebugx("%s: no status", ifp->name);
2090 if (opt_len < sizeof(code)) {
2091 logerrx("%s: status truncated", ifp->name);
2094 memcpy(&code, opt, sizeof(code));
2096 if (code == D6_STATUS_OK) {
2102 /* Anything after the code is a message. */
2103 opt += sizeof(code);
2104 mlen = opt_len - sizeof(code);
2107 if (code < sizeof(dhcp6_statuses) / sizeof(char *))
2108 status = dhcp6_statuses[code];
2110 snprintf(buf, sizeof(buf), "Unknown Status (%d)", code);
2114 if ((sbuf = malloc(mlen + 1)) == NULL) {
2118 memcpy(sbuf, opt, mlen);
2123 if (state->lerror == code || state->state == DH6S_INIT)
2124 loglevel = LOG_DEBUG;
2127 logmessage(loglevel, "%s: DHCPv6 REPLY: %s", ifp->name, status);
2129 state->lerror = code;
2132 /* code cannot be D6_STATUS_OK, so there is a failure */
2133 if (ifp->ctx->options & DHCPCD_TEST)
2134 eloop_exit(ifp->ctx->eloop, EXIT_FAILURE);
2139 const struct ipv6_addr *
2140 dhcp6_iffindaddr(const struct interface *ifp, const struct in6_addr *addr,
2143 const struct dhcp6_state *state;
2144 const struct ipv6_addr *ap;
2146 if ((state = D6_STATE(ifp)) != NULL) {
2147 TAILQ_FOREACH(ap, &state->addrs, next) {
2148 if (ipv6_findaddrmatch(ap, addr, flags))
2156 dhcp6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr,
2159 struct interface *ifp;
2160 struct ipv6_addr *ap;
2161 struct dhcp6_state *state;
2163 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2164 if ((state = D6_STATE(ifp)) != NULL) {
2165 TAILQ_FOREACH(ap, &state->addrs, next) {
2166 if (ipv6_findaddrmatch(ap, addr, flags))
2175 dhcp6_findna(struct interface *ifp, uint16_t ot, const uint8_t *iaid,
2176 uint8_t *d, size_t l, const struct timespec *acquired)
2178 struct dhcp6_state *state;
2181 struct ipv6_addr *a;
2183 struct dhcp6_ia_addr ia;
2186 state = D6_STATE(ifp);
2187 while ((o = dhcp6_findoption(d, l, D6_OPTION_IA_ADDR, &ol))) {
2188 /* Set d and l first to ensure we find the next option. */
2190 l -= (size_t)(nd - d);
2192 if (ol < sizeof(ia)) {
2194 logerrx("%s: IA Address option truncated", ifp->name);
2197 memcpy(&ia, o, sizeof(ia));
2198 ia.pltime = ntohl(ia.pltime);
2199 ia.vltime = ntohl(ia.vltime);
2201 if (ia.pltime > ia.vltime) {
2203 logerr("%s: IA Address pltime %"PRIu32
2204 " > vltime %"PRIu32,
2205 ifp->name, ia.pltime, ia.vltime);
2208 TAILQ_FOREACH(a, &state->addrs, next) {
2209 if (ipv6_findaddrmatch(a, &ia.addr, 0))
2214 * RFC 5942 Section 5
2215 * We cannot assume any prefix length, nor tie the
2216 * address to an existing one as it could expire
2217 * before the address.
2218 * As such we just give it a 128 prefix.
2220 a = ipv6_newaddr(ifp, &ia.addr, 128, IPV6_AF_ONLINK);
2221 a->dadcallback = dhcp6_dadcallback;
2223 memcpy(a->iaid, iaid, sizeof(a->iaid));
2224 a->created = *acquired;
2226 TAILQ_INSERT_TAIL(&state->addrs, a, next);
2228 if (!(a->flags & IPV6_AF_ONLINK))
2229 a->flags |= IPV6_AF_ONLINK | IPV6_AF_NEW;
2230 a->flags &= ~(IPV6_AF_STALE | IPV6_AF_EXTENDED);
2232 a->acquired = *acquired;
2233 a->prefix_pltime = ia.pltime;
2234 if (a->prefix_vltime != ia.vltime) {
2235 a->flags |= IPV6_AF_NEW;
2236 a->prefix_vltime = ia.vltime;
2238 if (a->prefix_pltime && a->prefix_pltime < state->lowpl)
2239 state->lowpl = a->prefix_pltime;
2240 if (a->prefix_vltime && a->prefix_vltime > state->expire)
2241 state->expire = a->prefix_vltime;
2249 dhcp6_findpd(struct interface *ifp, const uint8_t *iaid,
2250 uint8_t *d, size_t l, const struct timespec *acquired)
2252 struct dhcp6_state *state;
2254 struct ipv6_addr *a;
2258 struct dhcp6_pd_addr pdp;
2259 struct in6_addr pdp_prefix;
2262 state = D6_STATE(ifp);
2263 while ((o = dhcp6_findoption(d, l, D6_OPTION_IAPREFIX, &ol))) {
2264 /* Set d and l first to ensure we find the next option. */
2266 l -= (size_t)(nd - d);
2268 if (ol < sizeof(pdp)) {
2270 logerrx("%s: IA Prefix option truncated", ifp->name);
2274 memcpy(&pdp, o, sizeof(pdp));
2275 pdp.pltime = ntohl(pdp.pltime);
2276 pdp.vltime = ntohl(pdp.vltime);
2278 if (pdp.pltime > pdp.vltime) {
2280 logerrx("%s: IA Prefix pltime %"PRIu32
2281 " > vltime %"PRIu32,
2282 ifp->name, pdp.pltime, pdp.vltime);
2287 ol = (uint16_t)(ol - sizeof(pdp));
2289 /* pdp.prefix is not aligned so copy it out. */
2290 memcpy(&pdp_prefix, &pdp.prefix, sizeof(pdp_prefix));
2291 TAILQ_FOREACH(a, &state->addrs, next) {
2292 if (IN6_ARE_ADDR_EQUAL(&a->prefix, &pdp_prefix))
2297 a = ipv6_newaddr(ifp, &pdp_prefix, pdp.prefix_len,
2298 IPV6_AF_DELEGATEDPFX);
2301 a->created = *acquired;
2302 a->dadcallback = dhcp6_dadcallback;
2303 a->ia_type = D6_OPTION_IA_PD;
2304 memcpy(a->iaid, iaid, sizeof(a->iaid));
2305 TAILQ_INSERT_TAIL(&state->addrs, a, next);
2307 if (!(a->flags & IPV6_AF_DELEGATEDPFX))
2308 a->flags |= IPV6_AF_NEW | IPV6_AF_DELEGATEDPFX;
2309 a->flags &= ~(IPV6_AF_STALE | IPV6_AF_EXTENDED);
2310 if (a->prefix_vltime != pdp.vltime)
2311 a->flags |= IPV6_AF_NEW;
2314 a->acquired = *acquired;
2315 a->prefix_pltime = pdp.pltime;
2316 a->prefix_vltime = pdp.vltime;
2318 if (a->prefix_pltime && a->prefix_pltime < state->lowpl)
2319 state->lowpl = a->prefix_pltime;
2320 if (a->prefix_vltime && a->prefix_vltime > state->expire)
2321 state->expire = a->prefix_vltime;
2324 a->prefix_exclude_len = 0;
2325 memset(&a->prefix_exclude, 0, sizeof(a->prefix_exclude));
2326 o = dhcp6_findoption(o, ol, D6_OPTION_PD_EXCLUDE, &ol);
2330 /* RFC 6603 4.2 says option length MUST be between 2 and 17.
2331 * This allows 1 octet for prefix length and 16 for the
2333 if (ol < 2 || ol > 17) {
2334 logerrx("%s: invalid PD Exclude option", ifp->name);
2338 /* RFC 6603 4.2 says prefix length MUST be between the
2339 * length of the IAPREFIX prefix length + 1 and 128. */
2340 if (*o < a->prefix_len + 1 || *o > 128) {
2341 logerrx("%s: invalid PD Exclude length", ifp->name);
2346 /* Check option length matches prefix length. */
2347 if (((*o - a->prefix_len - 1) / NBBY) + 1 != ol) {
2348 logerrx("%s: PD Exclude length mismatch", ifp->name);
2351 a->prefix_exclude_len = *o++;
2353 memcpy(&a->prefix_exclude, &a->prefix,
2354 sizeof(a->prefix_exclude));
2355 nb = a->prefix_len % NBBY;
2358 pw = a->prefix_exclude.s6_addr +
2359 (a->prefix_exclude_len / NBBY) - 1;
2363 *pw = (uint8_t)(*pw | (*o >> nb));
2370 dhcp6_findia(struct interface *ifp, struct dhcp6_message *m, size_t l,
2371 const char *sfrom, const struct timespec *acquired)
2373 struct dhcp6_state *state;
2374 const struct if_options *ifo;
2375 struct dhcp6_option o;
2377 struct dhcp6_ia_na ia;
2382 char buf[sizeof(iaid) * 3];
2383 struct ipv6_addr *ap;
2386 if (l < sizeof(*m)) {
2387 /* Should be impossible with guards at packet in
2388 * and reading leases */
2395 state = D6_STATE(ifp);
2396 TAILQ_FOREACH(ap, &state->addrs, next) {
2397 if (!(ap->flags & IPV6_AF_DELEGATED))
2398 ap->flags |= IPV6_AF_STALE;
2401 d = (uint8_t *)m + sizeof(*m);
2403 while (l > sizeof(o)) {
2404 memcpy(&o, d, sizeof(o));
2405 o.len = ntohs(o.len);
2406 if (o.len > l || sizeof(o) + o.len > l) {
2408 logerrx("%s: option overflow", ifp->name);
2413 l -= sizeof(o) + o.len;
2415 o.code = ntohs(o.code);
2417 case D6_OPTION_IA_TA:
2420 case D6_OPTION_IA_NA:
2421 case D6_OPTION_IA_PD:
2429 logerrx("%s: IA option truncated", ifp->name);
2435 o.len = (uint16_t)(o.len - nl);
2437 for (j = 0; j < ifo->ia_len; j++) {
2439 if (ifia->ia_type == o.code &&
2440 memcmp(ifia->iaid, ia.iaid, sizeof(ia.iaid)) == 0)
2443 if (j == ifo->ia_len &&
2444 !(ifo->ia_len == 0 && ifp->ctx->options & DHCPCD_DUMPLEASE))
2446 logdebugx("%s: ignoring unrequested IAID %s",
2448 hwaddr_ntoa(ia.iaid, sizeof(ia.iaid),
2453 if (o.code != D6_OPTION_IA_TA) {
2454 ia.t1 = ntohl(ia.t1);
2455 ia.t2 = ntohl(ia.t2);
2457 if (ia.t2 > 0 && ia.t1 > ia.t2) {
2458 logwarnx("%s: IAID %s T1(%d) > T2(%d) from %s",
2460 hwaddr_ntoa(iaid, sizeof(iaid), buf,
2462 ia.t1, ia.t2, sfrom);
2466 ia.t1 = ia.t2 = 0; /* appease gcc */
2467 if ((error = dhcp6_checkstatusok(ifp, NULL, p, o.len)) != 0) {
2468 if (error == D6_STATUS_NOBINDING)
2469 state->has_no_binding = true;
2473 if (o.code == D6_OPTION_IA_PD) {
2475 if (dhcp6_findpd(ifp, ia.iaid, p, o.len,
2478 logwarnx("%s: %s: DHCPv6 REPLY missing Prefix",
2484 if (dhcp6_findna(ifp, o.code, ia.iaid, p, o.len,
2487 logwarnx("%s: %s: DHCPv6 REPLY missing "
2493 if (o.code != D6_OPTION_IA_TA) {
2495 (ia.t1 < state->renew || state->renew == 0))
2496 state->renew = ia.t1;
2498 (ia.t2 < state->rebind || state->rebind == 0))
2499 state->rebind = ia.t2;
2511 dhcp6_deprecatedele(struct ipv6_addr *ia)
2513 struct ipv6_addr *da, *dan, *dda;
2514 struct timespec now;
2515 struct dhcp6_state *state;
2517 timespecclear(&now);
2518 TAILQ_FOREACH_SAFE(da, &ia->pd_pfxs, pd_next, dan) {
2519 if (ia->prefix_vltime == 0) {
2520 if (da->prefix_vltime != 0)
2521 da->prefix_vltime = 0;
2524 } else if (da->prefix_pltime != 0)
2525 da->prefix_pltime = 0;
2529 if (ipv6_doaddr(da, &now) != -1)
2532 /* Delegation deleted, forget it. */
2533 TAILQ_REMOVE(&ia->pd_pfxs, da, pd_next);
2535 /* Delete it from the interface. */
2536 state = D6_STATE(da->iface);
2537 TAILQ_FOREACH(dda, &state->addrs, next) {
2538 if (IN6_ARE_ADDR_EQUAL(&dda->addr, &da->addr))
2542 TAILQ_REMOVE(&state->addrs, dda, next);
2550 dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs)
2552 struct ipv6_addr *ia, *ian;
2554 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
2555 if (ia->flags & IPV6_AF_EXTENDED)
2557 else if (ia->flags & IPV6_AF_STALE) {
2558 if (ia->prefix_vltime != 0)
2559 logdebugx("%s: %s: became stale",
2560 ia->iface->name, ia->saddr);
2561 /* Technically this violates RFC 8415 18.2.10.1,
2562 * but we need a mechanism to tell the kernel to
2563 * try and prefer other addresses. */
2564 ia->prefix_pltime = 0;
2565 } else if (ia->prefix_vltime == 0)
2566 loginfox("%s: %s: no valid lifetime",
2567 ia->iface->name, ia->saddr);
2572 /* If we delegated from this prefix, deprecate or remove
2573 * the delegations. */
2574 if (ia->flags & IPV6_AF_DELEGATEDPFX)
2575 dhcp6_deprecatedele(ia);
2578 if (ia->flags & IPV6_AF_REQUEST) {
2579 ia->prefix_vltime = ia->prefix_pltime = 0;
2580 eloop_q_timeout_delete(ia->iface->ctx->eloop,
2581 ELOOP_QUEUE_ALL, NULL, ia);
2584 TAILQ_REMOVE(addrs, ia, next);
2585 if (ia->flags & IPV6_AF_EXTENDED)
2586 ipv6_deleteaddr(ia);
2592 dhcp6_validatelease(struct interface *ifp,
2593 struct dhcp6_message *m, size_t len,
2594 const char *sfrom, const struct timespec *acquired)
2596 struct dhcp6_state *state;
2600 if (len <= sizeof(*m)) {
2601 logerrx("%s: DHCPv6 lease truncated", ifp->name);
2605 state = D6_STATE(ifp);
2607 if (dhcp6_checkstatusok(ifp, m, NULL, len) != 0)
2611 state->renew = state->rebind = state->expire = 0;
2612 state->lowpl = ND6_INFINITE_LIFETIME;
2614 clock_gettime(CLOCK_MONOTONIC, &aq);
2617 state->has_no_binding = false;
2618 nia = dhcp6_findia(ifp, m, len, sfrom, acquired);
2619 if (nia == 0 && state->state == DH6S_CONFIRM && ok_errno == 0 &&
2620 state->new && state->new_len)
2622 state->has_no_binding = false;
2623 nia = dhcp6_findia(ifp, state->new, state->new_len,
2627 logerrx("%s: no useable IA found in lease", ifp->name);
2634 dhcp6_readlease(struct interface *ifp, int validate)
2637 struct dhcp6_message dhcp6;
2638 uint8_t buf[UDPLEN_MAX];
2640 struct dhcp6_state *state;
2649 state = D6_STATE(ifp);
2650 if (state->leasefile[0] == '\0') {
2651 logdebugx("reading standard input");
2652 bytes = read(fileno(stdin), buf.buf, sizeof(buf.buf));
2654 logdebugx("%s: reading lease: %s",
2655 ifp->name, state->leasefile);
2656 bytes = dhcp_readfile(ifp->ctx, state->leasefile,
2657 buf.buf, sizeof(buf.buf));
2662 if (ifp->ctx->options & DHCPCD_DUMPLEASE || state->leasefile[0] == '\0')
2668 /* If not validating IA's and if they have expired,
2669 * skip to the auth check. */
2673 if (dhcp_filemtime(ifp->ctx, state->leasefile, &mtime) == -1)
2675 clock_gettime(CLOCK_MONOTONIC, &state->acquired);
2676 if ((now = time(NULL)) == -1)
2678 state->acquired.tv_sec -= now - mtime;
2680 /* Check to see if the lease is still valid */
2681 fd = dhcp6_validatelease(ifp, &buf.dhcp6, (size_t)bytes, NULL,
2684 bytes = 0; /* We have already reported the error */
2688 if (state->expire != ND6_INFINITE_LIFETIME &&
2689 (time_t)state->expire < now - mtime &&
2690 !(ifp->options->options & DHCPCD_LASTLEASE_EXTEND))
2692 logdebugx("%s: discarding expired lease", ifp->name);
2699 /* Authenticate the message */
2700 o = dhcp6_findmoption(&buf.dhcp6, (size_t)bytes, D6_OPTION_AUTH, &ol);
2702 if (dhcp_auth_validate(&state->auth, &ifp->options->auth,
2703 buf.buf, (size_t)bytes, 6, buf.dhcp6.type, o, ol) == NULL)
2705 logerr("%s: authentication failed", ifp->name);
2709 if (state->auth.token)
2710 logdebugx("%s: validated using 0x%08" PRIu32,
2711 ifp->name, state->auth.token->secretid);
2713 loginfox("%s: accepted reconfigure key", ifp->name);
2714 } else if ((ifp->options->auth.options & DHCPCD_AUTH_SENDREQUIRE) ==
2715 DHCPCD_AUTH_SENDREQUIRE)
2717 logerrx("%s: authentication now required", ifp->name);
2724 state->new = malloc((size_t)bytes);
2725 if (state->new == NULL) {
2730 memcpy(state->new, buf.buf, (size_t)bytes);
2731 state->new_len = (size_t)bytes;
2735 dhcp6_freedrop_addrs(ifp, 0, NULL);
2736 dhcp_unlink(ifp->ctx, state->leasefile);
2740 dhcp6_addrequestedaddrs(ifp);
2741 return bytes == 0 ? 0 : -1;
2745 dhcp6_startinit(struct interface *ifp)
2747 struct dhcp6_state *state;
2749 uint8_t has_ta, has_non_ta;
2752 state = D6_STATE(ifp);
2753 state->state = DH6S_INIT;
2754 state->expire = ND6_INFINITE_LIFETIME;
2755 state->lowpl = ND6_INFINITE_LIFETIME;
2757 dhcp6_addrequestedaddrs(ifp);
2758 has_ta = has_non_ta = 0;
2759 for (i = 0; i < ifp->options->ia_len; i++) {
2760 switch (ifp->options->ia[i].ia_type) {
2761 case D6_OPTION_IA_TA:
2769 if (!(ifp->ctx->options & DHCPCD_TEST) &&
2770 !(has_ta && !has_non_ta) &&
2771 ifp->options->reboot != 0)
2773 r = dhcp6_readlease(ifp, 1);
2775 if (errno != ENOENT && errno != ESRCH)
2776 logerr("%s: %s", __func__, state->leasefile);
2777 } else if (r != 0 &&
2778 !(ifp->options->options & DHCPCD_ANONYMOUS))
2780 /* RFC 3633 section 12.1 */
2782 if (dhcp6_hasprefixdelegation(ifp))
2783 dhcp6_startrebind(ifp);
2786 dhcp6_startconfirm(ifp);
2790 dhcp6_startdiscoinform(ifp);
2794 static struct ipv6_addr *
2795 dhcp6_ifdelegateaddr(struct interface *ifp, struct ipv6_addr *prefix,
2796 const struct if_sla *sla, struct if_ia *if_ia)
2798 struct dhcp6_state *state;
2799 struct in6_addr addr, daddr;
2800 struct ipv6_addr *ia;
2801 int pfxlen, dadcounter;
2804 /* RFC6603 Section 4.2 */
2805 if (strcmp(ifp->name, prefix->iface->name) == 0) {
2806 if (prefix->prefix_exclude_len == 0) {
2807 /* Don't spam the log automatically */
2809 logwarnx("%s: DHCPv6 server does not support "
2810 "OPTION_PD_EXCLUDE",
2814 pfxlen = prefix->prefix_exclude_len;
2815 memcpy(&addr, &prefix->prefix_exclude, sizeof(addr));
2816 } else if ((pfxlen = dhcp6_delegateaddr(&addr, ifp, prefix,
2820 if (sla != NULL && fls64(sla->suffix) > 128 - pfxlen) {
2821 logerrx("%s: suffix %" PRIu64 " + prefix_len %d > 128",
2822 ifp->name, sla->suffix, pfxlen);
2826 /* Add our suffix */
2827 if (sla != NULL && sla->suffix != 0) {
2829 vl = be64dec(addr.s6_addr + 8);
2831 be64enc(daddr.s6_addr + 8, vl);
2833 dadcounter = ipv6_makeaddr(&daddr, ifp, &addr, pfxlen, 0);
2834 if (dadcounter == -1) {
2835 logerrx("%s: error adding slaac to prefix_len %d",
2841 /* Find an existing address */
2842 state = D6_STATE(ifp);
2843 TAILQ_FOREACH(ia, &state->addrs, next) {
2844 if (IN6_ARE_ADDR_EQUAL(&ia->addr, &daddr))
2848 ia = ipv6_newaddr(ifp, &daddr, (uint8_t)pfxlen, IPV6_AF_ONLINK);
2851 ia->dadcallback = dhcp6_dadcallback;
2852 memcpy(&ia->iaid, &prefix->iaid, sizeof(ia->iaid));
2853 ia->created = prefix->acquired;
2855 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
2856 TAILQ_INSERT_TAIL(&prefix->pd_pfxs, ia, pd_next);
2858 ia->delegating_prefix = prefix;
2860 ia->prefix_len = (uint8_t)pfxlen;
2861 ia->acquired = prefix->acquired;
2862 ia->prefix_pltime = prefix->prefix_pltime;
2863 ia->prefix_vltime = prefix->prefix_vltime;
2865 /* If the prefix length hasn't changed,
2866 * don't install a reject route. */
2867 if (prefix->prefix_len == pfxlen)
2868 prefix->flags |= IPV6_AF_NOREJECT;
2870 prefix->flags &= ~IPV6_AF_NOREJECT;
2877 dhcp6_script_try_run(struct interface *ifp, int delegated)
2879 struct dhcp6_state *state;
2880 struct ipv6_addr *ap;
2883 state = D6_STATE(ifp);
2885 /* If all addresses have completed DAD run the script */
2886 TAILQ_FOREACH(ap, &state->addrs, next) {
2887 if (!(ap->flags & IPV6_AF_ADDED))
2889 if (ap->flags & IPV6_AF_ONLINK) {
2890 if (!(ap->flags & IPV6_AF_DADCOMPLETED) &&
2891 ipv6_iffindaddr(ap->iface, &ap->addr,
2893 ap->flags |= IPV6_AF_DADCOMPLETED;
2894 if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0
2896 && ((delegated && ap->delegating_prefix) ||
2897 (!delegated && !ap->delegating_prefix))
2907 script_runreason(ifp, delegated ? "DELEGATED6" : state->reason);
2909 dhcpcd_daemonise(ifp->ctx);
2911 logdebugx("%s: waiting for DHCPv6 DAD to complete", ifp->name);
2916 dhcp6_find_delegates(__unused struct interface *ifp)
2923 dhcp6_delegate_prefix(struct interface *ifp)
2925 struct if_options *ifo;
2926 struct dhcp6_state *state;
2927 struct ipv6_addr *ap;
2931 struct interface *ifd;
2932 bool carrier_warned;
2935 state = D6_STATE(ifp);
2937 /* Clear the logged flag. */
2938 TAILQ_FOREACH(ap, &state->addrs, next) {
2939 ap->flags &= ~IPV6_AF_DELEGATEDLOG;
2942 TAILQ_FOREACH(ifd, ifp->ctx->ifaces, next) {
2945 if (!(ifd->options->options & DHCPCD_CONFIGURE))
2948 carrier_warned = false;
2949 TAILQ_FOREACH(ap, &state->addrs, next) {
2950 if (!(ap->flags & IPV6_AF_DELEGATEDPFX))
2952 if (!(ap->flags & IPV6_AF_DELEGATEDLOG)) {
2955 if (ap->flags & IPV6_AF_NEW)
2956 loglevel = LOG_INFO;
2958 loglevel = LOG_DEBUG;
2959 /* We only want to log this the once as we loop
2960 * through many interfaces first. */
2961 ap->flags |= IPV6_AF_DELEGATEDLOG;
2962 logmessage(loglevel, "%s: delegated prefix %s",
2963 ifp->name, ap->saddr);
2964 ap->flags &= ~IPV6_AF_NEW;
2966 for (i = 0; i < ifo->ia_len; i++) {
2968 if (ia->ia_type != D6_OPTION_IA_PD)
2970 if (memcmp(ia->iaid, ap->iaid,
2973 if (ia->sla_len == 0) {
2974 /* no SLA configured, so lets
2976 if (!if_is_link_up(ifd)) {
2978 "%s: has no carrier, cannot"
2979 " delegate addresses",
2981 carrier_warned = true;
2984 if (dhcp6_ifdelegateaddr(ifd, ap,
2988 for (j = 0; j < ia->sla_len; j++) {
2990 if (strcmp(ifd->name, sla->ifname))
2992 if (!if_is_link_up(ifd)) {
2994 "%s: has no carrier, cannot"
2995 " delegate addresses",
2997 carrier_warned = true;
3000 if (dhcp6_ifdelegateaddr(ifd, ap,
3010 if (k && !carrier_warned) {
3011 struct dhcp6_state *s = D6_STATE(ifd);
3013 ipv6_addaddrs(&s->addrs);
3014 dhcp6_script_try_run(ifd, 1);
3018 /* Now all addresses have been added, rebuild the routing table. */
3019 rt_build(ifp->ctx, AF_INET6);
3023 dhcp6_find_delegates1(void *arg)
3026 dhcp6_find_delegates(arg);
3030 dhcp6_find_delegates(struct interface *ifp)
3032 struct if_options *ifo;
3033 struct dhcp6_state *state;
3034 struct ipv6_addr *ap;
3038 struct interface *ifd;
3040 if (ifp->options != NULL &&
3041 !(ifp->options->options & DHCPCD_CONFIGURE))
3045 TAILQ_FOREACH(ifd, ifp->ctx->ifaces, next) {
3047 state = D6_STATE(ifd);
3048 if (state == NULL || state->state != DH6S_BOUND)
3050 TAILQ_FOREACH(ap, &state->addrs, next) {
3051 if (!(ap->flags & IPV6_AF_DELEGATEDPFX))
3053 for (i = 0; i < ifo->ia_len; i++) {
3055 if (ia->ia_type != D6_OPTION_IA_PD)
3057 if (memcmp(ia->iaid, ap->iaid,
3060 for (j = 0; j < ia->sla_len; j++) {
3062 if (strcmp(ifp->name, sla->ifname))
3064 if (ipv6_linklocal(ifp) == NULL) {
3066 "%s: delaying adding"
3067 " delegated addresses for"
3070 ipv6_addlinklocalcallback(ifp,
3071 dhcp6_find_delegates1, ifp);
3074 if (dhcp6_ifdelegateaddr(ifp, ap,
3083 loginfox("%s: adding delegated prefixes", ifp->name);
3084 state = D6_STATE(ifp);
3085 state->state = DH6S_DELEGATED;
3086 ipv6_addaddrs(&state->addrs);
3087 rt_build(ifp->ctx, AF_INET6);
3088 dhcp6_script_try_run(ifp, 1);
3095 dhcp6_bind(struct interface *ifp, const char *op, const char *sfrom)
3097 struct dhcp6_state *state = D6_STATE(ifp);
3098 bool timedout = (op == NULL), confirmed;
3099 struct ipv6_addr *ia;
3101 struct timespec now;
3103 if (state->state == DH6S_RENEW) {
3104 loglevel = LOG_DEBUG;
3105 TAILQ_FOREACH(ia, &state->addrs, next) {
3106 if (ia->flags & IPV6_AF_NEW) {
3107 loglevel = LOG_INFO;
3111 } else if (state->state == DH6S_INFORM)
3112 loglevel = state->new_start ? LOG_INFO : LOG_DEBUG;
3114 loglevel = LOG_INFO;
3115 state->new_start = false;
3118 logmessage(loglevel, "%s: %s received from %s",
3119 ifp->name, op, sfrom);
3121 /* If we delegated from an unconfirmed lease we MUST drop
3122 * them now. Hopefully we have new delegations. */
3123 if (state->reason != NULL &&
3124 strcmp(state->reason, "TIMEOUT6") == 0)
3125 dhcp6_delete_delegates(ifp);
3127 state->reason = NULL;
3129 state->reason = "TIMEOUT6";
3131 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
3132 clock_gettime(CLOCK_MONOTONIC, &now);
3134 switch(state->state) {
3137 struct dhcp6_option *o;
3140 if (state->reason == NULL)
3141 state->reason = "INFORM6";
3142 o = dhcp6_findmoption(state->new, state->new_len,
3143 D6_OPTION_INFO_REFRESH_TIME, &ol);
3144 if (o == NULL || ol != sizeof(uint32_t))
3145 state->renew = IRT_DEFAULT;
3147 memcpy(&state->renew, o, ol);
3148 state->renew = ntohl(state->renew);
3149 if (state->renew < IRT_MINIMUM)
3150 state->renew = IRT_MINIMUM;
3153 state->expire = ND6_INFINITE_LIFETIME;
3154 state->lowpl = ND6_INFINITE_LIFETIME;
3159 if (state->reason == NULL)
3160 state->reason = "BOUND6";
3163 if (state->reason == NULL)
3164 state->reason = "RENEW6";
3167 if (state->reason == NULL)
3168 state->reason = "REBIND6";
3171 if (state->reason == NULL)
3172 state->reason = "REBOOT6";
3173 if (state->renew != 0) {
3174 bool all_expired = true;
3176 TAILQ_FOREACH(ia, &state->addrs, next) {
3177 if (ia->flags & IPV6_AF_STALE)
3179 if (!(state->renew == ND6_INFINITE_LIFETIME
3180 && ia->prefix_vltime == ND6_INFINITE_LIFETIME)
3181 && ia->prefix_vltime != 0
3182 && ia->prefix_vltime <= state->renew)
3184 "%s: %s will expire before renewal",
3185 ifp->name, ia->saddr);
3187 all_expired = false;
3190 /* All address's vltime happens at or before
3191 * the configured T1 in the IA.
3192 * This is a badly configured server and we
3193 * have to use our own notion of what
3194 * T1 and T2 should be as a result.
3196 * Doing this violates RFC 3315 22.4:
3197 * In a message sent by a server to a client,
3198 * the client MUST use the values in the T1
3199 * and T2 fields for the T1 and T2 parameters,
3200 * unless those values in those fields are 0.
3202 logwarnx("%s: ignoring T1 %"PRIu32
3203 " due to address expiry",
3204 ifp->name, state->renew);
3205 state->renew = state->rebind = 0;
3208 if (state->renew == 0 && state->lowpl != ND6_INFINITE_LIFETIME)
3209 state->renew = (uint32_t)(state->lowpl * 0.5);
3210 if (state->rebind == 0 && state->lowpl != ND6_INFINITE_LIFETIME)
3211 state->rebind = (uint32_t)(state->lowpl * 0.8);
3214 state->reason = "UNKNOWN6";
3218 if (state->state != DH6S_CONFIRM && !timedout) {
3219 state->acquired = now;
3221 state->old = state->new;
3222 state->old_len = state->new_len;
3223 state->new = state->recv;
3224 state->new_len = state->recv_len;
3226 state->recv_len = 0;
3229 /* Reduce timers based on when we got the lease. */
3232 elapsed = (uint32_t)eloop_timespec_diff(&now,
3233 &state->acquired, NULL);
3234 if (state->renew && state->renew != ND6_INFINITE_LIFETIME) {
3235 if (state->renew > elapsed)
3236 state->renew -= elapsed;
3240 if (state->rebind && state->rebind != ND6_INFINITE_LIFETIME) {
3241 if (state->rebind > elapsed)
3242 state->rebind -= elapsed;
3246 if (state->expire && state->expire != ND6_INFINITE_LIFETIME) {
3247 if (state->expire > elapsed)
3248 state->expire -= elapsed;
3255 if (ifp->ctx->options & DHCPCD_TEST)
3256 script_runreason(ifp, "TEST");
3258 if (state->state == DH6S_INFORM)
3259 state->state = DH6S_INFORMED;
3261 state->state = DH6S_BOUND;
3262 state->failed = false;
3264 if (state->renew && state->renew != ND6_INFINITE_LIFETIME)
3265 eloop_timeout_add_sec(ifp->ctx->eloop,
3267 state->state == DH6S_INFORMED ?
3268 dhcp6_startinform : dhcp6_startrenew, ifp);
3269 if (state->rebind && state->rebind != ND6_INFINITE_LIFETIME)
3270 eloop_timeout_add_sec(ifp->ctx->eloop,
3271 state->rebind, dhcp6_startrebind, ifp);
3272 if (state->expire != ND6_INFINITE_LIFETIME)
3273 eloop_timeout_add_sec(ifp->ctx->eloop,
3274 state->expire, dhcp6_startexpire, ifp);
3276 if (ifp->options->options & DHCPCD_CONFIGURE) {
3277 ipv6_addaddrs(&state->addrs);
3279 dhcp6_deprecateaddrs(&state->addrs);
3282 if (state->state == DH6S_INFORMED)
3283 logmessage(loglevel, "%s: refresh in %"PRIu32" seconds",
3284 ifp->name, state->renew);
3285 else if (state->renew == ND6_INFINITE_LIFETIME)
3286 logmessage(loglevel, "%s: leased for infinity",
3288 else if (state->renew || state->rebind)
3289 logmessage(loglevel, "%s: renew in %"PRIu32", "
3290 "rebind in %"PRIu32", "
3291 "expire in %"PRIu32" seconds",
3293 state->renew, state->rebind, state->expire);
3294 else if (state->expire == 0)
3295 logmessage(loglevel, "%s: will expire", ifp->name);
3297 logmessage(loglevel, "%s: expire in %"PRIu32" seconds",
3298 ifp->name, state->expire);
3299 rt_build(ifp->ctx, AF_INET6);
3300 if (!confirmed && !timedout) {
3301 logdebugx("%s: writing lease: %s",
3302 ifp->name, state->leasefile);
3303 if (dhcp_writefile(ifp->ctx, state->leasefile, 0640,
3304 state->new, state->new_len) == -1)
3305 logerr("dhcp_writefile: %s",state->leasefile);
3308 dhcp6_delegate_prefix(ifp);
3310 dhcp6_script_try_run(ifp, 0);
3313 if (ifp->ctx->options & DHCPCD_TEST ||
3314 (ifp->options->options & DHCPCD_INFORM &&
3315 !(ifp->ctx->options & DHCPCD_MANAGER)))
3317 eloop_exit(ifp->ctx->eloop, EXIT_SUCCESS);
3322 dhcp6_recvif(struct interface *ifp, const char *sfrom,
3323 struct dhcp6_message *r, size_t len)
3325 struct dhcpcd_ctx *ctx;
3328 struct dhcp6_state *state;
3331 const struct dhcp_opt *opt;
3332 const struct if_options *ifo;
3340 state = D6_STATE(ifp);
3341 if (state == NULL || state->send == NULL) {
3342 logdebugx("%s: DHCPv6 reply received but not running",
3347 /* We're already bound and this message is for another machine */
3348 /* XXX DELEGATED? */
3349 if (r->type != DHCP6_RECONFIGURE &&
3350 (state->state == DH6S_BOUND || state->state == DH6S_INFORMED))
3352 logdebugx("%s: DHCPv6 reply received but already bound",
3357 if (dhcp6_findmoption(r, len, D6_OPTION_SERVERID, NULL) == NULL) {
3358 logdebugx("%s: no DHCPv6 server ID from %s", ifp->name, sfrom);
3363 for (i = 0, opt = ctx->dhcp6_opts;
3364 i < ctx->dhcp6_opts_len;
3367 if (has_option_mask(ifo->requiremask6, opt->option) &&
3368 !dhcp6_findmoption(r, len, (uint16_t)opt->option, NULL))
3370 logwarnx("%s: reject DHCPv6 (no option %s) from %s",
3371 ifp->name, opt->var, sfrom);
3374 if (has_option_mask(ifo->rejectmask6, opt->option) &&
3375 dhcp6_findmoption(r, len, (uint16_t)opt->option, NULL))
3377 logwarnx("%s: reject DHCPv6 (option %s) from %s",
3378 ifp->name, opt->var, sfrom);
3384 /* Authenticate the message */
3385 auth = dhcp6_findmoption(r, len, D6_OPTION_AUTH, &auth_len);
3387 if (dhcp_auth_validate(&state->auth, &ifo->auth,
3388 (uint8_t *)r, len, 6, r->type, auth, auth_len) == NULL)
3390 logerr("%s: authentication failed from %s",
3394 if (state->auth.token)
3395 logdebugx("%s: validated using 0x%08" PRIu32,
3396 ifp->name, state->auth.token->secretid);
3398 loginfox("%s: accepted reconfigure key", ifp->name);
3399 } else if (ifo->auth.options & DHCPCD_AUTH_SEND) {
3400 if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) {
3401 logerrx("%s: no authentication from %s",
3405 logwarnx("%s: no authentication from %s", ifp->name, sfrom);
3409 op = dhcp6_get_op(r->type);
3410 valid_op = op != NULL;
3413 switch(state->state) {
3415 if (dhcp6_checkstatusok(ifp, r, NULL, len) != 0)
3419 if (dhcp6_validatelease(ifp, r, len, sfrom, NULL) == -1)
3421 dhcp6_startdiscoinform(ifp);
3426 /* Only accept REPLY in DISCOVER for RAPID_COMMIT.
3427 * Normally we get an ADVERTISE for a DISCOVER. */
3428 if (!has_option_mask(ifo->requestmask6,
3429 D6_OPTION_RAPID_COMMIT) ||
3430 !dhcp6_findmoption(r, len, D6_OPTION_RAPID_COMMIT,
3436 /* Validate lease before setting state to REQUEST. */
3438 case DH6S_REQUEST: /* FALLTHROUGH */
3439 case DH6S_RENEW: /* FALLTHROUGH */
3441 if (dhcp6_validatelease(ifp, r, len, sfrom, NULL) == -1)
3444 * If we can't use the lease, fallback to
3445 * DISCOVER and try and get a new one.
3447 * This is needed become some servers
3448 * renumber the prefix or address
3449 * and deny the current one before it expires
3450 * rather than sending it back with a zero
3451 * lifetime along with the new prefix or
3453 * This behavior is wrong, but moving to the
3454 * DISCOVER phase works around it.
3456 * The currently held lease is still valid
3457 * until a new one is found.
3459 if (state->state != DH6S_DISCOVER)
3460 dhcp6_startdiscoinform(ifp);
3463 /* RFC8415 18.2.10.1 */
3464 if ((state->state == DH6S_RENEW ||
3465 state->state == DH6S_REBIND) &&
3466 state->has_no_binding)
3468 dhcp6_startrequest(ifp);
3471 if (state->state == DH6S_DISCOVER)
3472 state->state = DH6S_REQUEST;
3475 /* This isnt really a failure, but an
3476 * acknowledgement of one. */
3477 loginfox("%s: %s acknowledged DECLINE6",
3486 case DHCP6_ADVERTISE:
3487 if (state->state != DH6S_DISCOVER) {
3491 if (state->recv_len && state->recv->type == DHCP6_ADVERTISE) {
3492 /* We already have an advertismemnt.
3493 * RFC 8415 says we have to wait for the IRT to elapse.
3494 * To keep the same behaviour we won't do anything with
3495 * this. In the future we should make a lists of
3496 * ADVERTS and pick the "best" one. */
3497 logdebugx("%s: discarding ADVERTISMENT from %s",
3502 o = dhcp6_findmoption(r, len, D6_OPTION_SOL_MAX_RT, &ol);
3503 if (o && ol == sizeof(uint32_t)) {
3506 memcpy(&max_rt, o, sizeof(max_rt));
3507 max_rt = ntohl(max_rt);
3508 if (max_rt >= 60 && max_rt <= 86400) {
3509 logdebugx("%s: SOL_MAX_RT %llu -> %u",
3511 (unsigned long long)state->sol_max_rt,
3513 state->sol_max_rt = max_rt;
3515 logerr("%s: invalid SOL_MAX_RT %u",
3518 o = dhcp6_findmoption(r, len, D6_OPTION_INF_MAX_RT, &ol);
3519 if (o && ol == sizeof(uint32_t)) {
3522 memcpy(&max_rt, o, sizeof(max_rt));
3523 max_rt = ntohl(max_rt);
3524 if (max_rt >= 60 && max_rt <= 86400) {
3525 logdebugx("%s: INF_MAX_RT %llu -> %u",
3527 (unsigned long long)state->inf_max_rt,
3529 state->inf_max_rt = max_rt;
3531 logerrx("%s: invalid INF_MAX_RT %u",
3534 if (dhcp6_validatelease(ifp, r, len, sfrom, NULL) == -1)
3537 case DHCP6_RECONFIGURE:
3541 logerrx("%s: unauthenticated %s from %s",
3542 ifp->name, op, sfrom);
3543 if (ifo->auth.options & DHCPCD_AUTH_REQUIRE)
3547 loginfox("%s: %s from %s", ifp->name, op, sfrom);
3548 o = dhcp6_findmoption(r, len, D6_OPTION_RECONF_MSG, &ol);
3550 logerrx("%s: missing Reconfigure Message option",
3555 logerrx("%s: missing Reconfigure Message type",
3561 if (state->state != DH6S_BOUND) {
3562 logerrx("%s: not bound, ignoring %s",
3566 dhcp6_startrenew(ifp);
3568 case DHCP6_INFORMATION_REQ:
3569 if (state->state != DH6S_INFORMED) {
3570 logerrx("%s: not informed, ignoring %s",
3574 eloop_timeout_delete(ifp->ctx->eloop,
3575 dhcp6_sendinform, ifp);
3576 dhcp6_startinform(ifp);
3579 logerr("%s: unsupported %s type %d",
3588 logerrx("%s: invalid DHCP6 type %s (%d)",
3589 ifp->name, op, r->type);
3593 logwarnx("%s: invalid state for DHCP6 type %s (%d)",
3594 ifp->name, op, r->type);
3598 if (state->recv_len < (size_t)len) {
3600 state->recv = malloc(len);
3601 if (state->recv == NULL) {
3606 memcpy(state->recv, r, len);
3607 state->recv_len = len;
3609 if (r->type == DHCP6_ADVERTISE) {
3610 struct ipv6_addr *ia;
3612 if (state->state == DH6S_REQUEST) /* rapid commit */
3614 TAILQ_FOREACH(ia, &state->addrs, next) {
3615 if (!(ia->flags & (IPV6_AF_STALE | IPV6_AF_REQUEST)))
3619 ia = TAILQ_FIRST(&state->addrs);
3621 loginfox("%s: ADV (no address) from %s",
3624 loginfox("%s: ADV %s from %s",
3625 ifp->name, ia->saddr, sfrom);
3626 // We will request when the IRT elapses
3631 dhcp6_bind(ifp, op, sfrom);
3635 dhcp6_recvmsg(struct dhcpcd_ctx *ctx, struct msghdr *msg, struct ipv6_addr *ia)
3637 struct sockaddr_in6 *from = msg->msg_name;
3638 size_t len = msg->msg_iov[0].iov_len;
3639 char sfrom[INET6_ADDRSTRLEN];
3640 struct interface *ifp;
3641 struct dhcp6_message *r;
3642 const struct dhcp6_state *state;
3646 inet_ntop(AF_INET6, &from->sin6_addr, sfrom, sizeof(sfrom));
3647 if (len < sizeof(struct dhcp6_message)) {
3648 logerrx("DHCPv6 packet too short from %s", sfrom);
3655 ifp = if_findifpfromcmsg(ctx, msg, NULL);
3662 r = (struct dhcp6_message *)msg->msg_iov[0].iov_base;
3664 uint8_t duid[DUID_LEN], *dp;
3666 o = dhcp6_findmoption(r, len, D6_OPTION_CLIENTID, &ol);
3667 if (ifp->options->options & DHCPCD_ANONYMOUS) {
3668 duid_len = duid_make(duid, ifp, DUID_LL);
3671 duid_len = ctx->duid_len;
3674 if (o == NULL || ol != duid_len || memcmp(o, dp, ol) != 0) {
3675 logdebugx("%s: incorrect client ID from %s",
3680 if (dhcp6_findmoption(r, len, D6_OPTION_SERVERID, NULL) == NULL) {
3681 logdebugx("%s: no DHCPv6 server ID from %s",
3686 if (r->type == DHCP6_RECONFIGURE) {
3687 if (!IN6_IS_ADDR_LINKLOCAL(&from->sin6_addr)) {
3688 logerrx("%s: RECONFIGURE6 recv from %s, not LL",
3695 state = D6_CSTATE(ifp);
3696 if (state == NULL ||
3697 r->xid[0] != state->send->xid[0] ||
3698 r->xid[1] != state->send->xid[1] ||
3699 r->xid[2] != state->send->xid[2])
3701 struct interface *ifp1;
3702 const struct dhcp6_state *state1;
3704 /* Find an interface with a matching xid. */
3705 TAILQ_FOREACH(ifp1, ctx->ifaces, next) {
3706 state1 = D6_CSTATE(ifp1);
3707 if (state1 == NULL || state1->send == NULL)
3709 if (r->xid[0] == state1->send->xid[0] &&
3710 r->xid[1] == state1->send->xid[1] &&
3711 r->xid[2] == state1->send->xid[2])
3717 logdebugx("%s: wrong xid 0x%02x%02x%02x"
3718 " (expecting 0x%02x%02x%02x) from %s",
3720 r->xid[0], r->xid[1], r->xid[2],
3721 state->send->xid[0],
3722 state->send->xid[1],
3723 state->send->xid[2],
3727 logdebugx("%s: redirecting DHCP6 message to %s",
3728 ifp->name, ifp1->name);
3734 * Handy code to inject raw DHCPv6 packets over responses
3736 * This allows me to take a 3rd party wireshark trace and
3737 * replay it in my code.
3739 static int replyn = 0;
3740 char fname[PATH_MAX], tbuf[UDPLEN_MAX];
3744 uint16_t si_len1, si_len2;
3746 snprintf(fname, sizeof(fname),
3747 "/tmp/dhcp6.reply%d.raw", replyn++);
3748 fd = open(fname, O_RDONLY, 0);
3750 logerr("%s: open: %s", __func__, fname);
3753 tlen = read(fd, tbuf, sizeof(tbuf));
3755 logerr("%s: read: %s", __func__, fname);
3758 /* Copy across ServerID so we can work with our own server. */
3759 si1 = dhcp6_findmoption(r, len, D6_OPTION_SERVERID, &si_len1);
3760 si2 = dhcp6_findmoption(tbuf, (size_t)tlen,
3761 D6_OPTION_SERVERID, &si_len2);
3762 if (si1 != NULL && si2 != NULL && si_len1 == si_len2)
3763 memcpy(si2, si1, si_len2);
3764 r = (struct dhcp6_message *)tbuf;
3769 dhcp6_recvif(ifp, sfrom, r, len);
3773 dhcp6_recv(struct dhcpcd_ctx *ctx, struct ipv6_addr *ia, unsigned short events)
3775 struct sockaddr_in6 from;
3777 struct dhcp6_message dhcp6;
3778 uint8_t buf[UDPLEN_MAX]; /* Maximum UDP message size */
3780 struct iovec iov = {
3781 .iov_base = iovbuf.buf, .iov_len = sizeof(iovbuf.buf),
3785 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
3786 } cmsgbuf = { .buf = { 0 } };
3787 struct msghdr msg = {
3788 .msg_name = &from, .msg_namelen = sizeof(from),
3789 .msg_iov = &iov, .msg_iovlen = 1,
3790 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf),
3795 if (events != ELE_READ)
3796 logerrx("%s: unexpected event 0x%04x", __func__, events);
3798 s = ia != NULL ? ia->dhcp6_fd : ctx->dhcp6_rfd;
3799 bytes = recvmsg(s, &msg, 0);
3805 iov.iov_len = (size_t)bytes;
3806 dhcp6_recvmsg(ctx, &msg, ia);
3811 dhcp6_recvaddr(void *arg, unsigned short events)
3813 struct ipv6_addr *ia = arg;
3815 dhcp6_recv(ia->iface->ctx, ia, events);
3819 dhcp6_recvctx(void *arg, unsigned short events)
3821 struct dhcpcd_ctx *ctx = arg;
3823 dhcp6_recv(ctx, NULL, events);
3831 fd = xsocket(PF_INET6, SOCK_RAW | SOCK_CXNB, IPPROTO_UDP);
3836 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &v, sizeof(v)) == -1)
3839 v = offsetof(struct udphdr, uh_sum);
3840 if (setsockopt(fd, IPPROTO_IPV6, IPV6_CHECKSUM, &v, sizeof(v)) == -1)
3851 dhcp6_openudp(unsigned int ifindex, struct in6_addr *ia)
3853 struct sockaddr_in6 sa;
3856 s = xsocket(PF_INET6, SOCK_DGRAM | SOCK_CXNB, IPPROTO_UDP);
3860 memset(&sa, 0, sizeof(sa));
3861 sa.sin6_family = AF_INET6;
3862 sa.sin6_port = htons(DHCP6_CLIENT_PORT);
3864 sa.sin6_len = sizeof(sa);
3868 memcpy(&sa.sin6_addr, ia, sizeof(sa.sin6_addr));
3869 ipv6_setscope(&sa, ifindex);
3872 if (bind(s, (struct sockaddr *)&sa, sizeof(sa)) == -1)
3876 if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, &n, sizeof(n)) == -1)
3881 if (setsockopt(s, SOL_SOCKET, SO_RERROR, &n, sizeof(n)) == -1)
3896 dhcp6_activateinterfaces(struct interface *ifp)
3898 struct interface *ifd;
3903 for (i = 0; i < ifp->options->ia_len; i++) {
3904 ia = &ifp->options->ia[i];
3905 if (ia->ia_type != D6_OPTION_IA_PD)
3907 for (j = 0; j < ia->sla_len; j++) {
3909 ifd = if_find(ifp->ctx->ifaces, sla->ifname);
3911 if (*sla->ifname != '-')
3912 logwarn("%s: cannot delegate to %s",
3913 ifp->name, sla->ifname);
3917 loginfox("%s: activating for delegation",
3919 dhcpcd_activateinterface(ifd,
3920 DHCPCD_IPV6 | DHCPCD_DHCP6);
3928 dhcp6_start1(void *arg)
3930 struct interface *ifp = arg;
3931 struct dhcpcd_ctx *ctx = ifp->ctx;
3932 struct if_options *ifo = ifp->options;
3933 struct dhcp6_state *state;
3935 const struct dhcp_compat *dhc;
3937 if ((ctx->options & (DHCPCD_MANAGER|DHCPCD_PRIVSEP)) == DHCPCD_MANAGER &&
3938 ctx->dhcp6_rfd == -1)
3940 ctx->dhcp6_rfd = dhcp6_openudp(0, NULL);
3941 if (ctx->dhcp6_rfd == -1) {
3945 if (eloop_event_add(ctx->eloop, ctx->dhcp6_rfd, ELE_READ,
3946 dhcp6_recvctx, ctx) == -1)
3947 logerr("%s: eloop_event_add", __func__);
3950 if (!IN_PRIVSEP(ctx) && ctx->dhcp6_wfd == -1) {
3951 ctx->dhcp6_wfd = dhcp6_openraw();
3952 if (ctx->dhcp6_wfd == -1) {
3958 state = D6_STATE(ifp);
3959 /* If no DHCPv6 options are configured,
3960 match configured DHCPv4 options to DHCPv6 equivalents. */
3961 for (i = 0; i < sizeof(ifo->requestmask6); i++) {
3962 if (ifo->requestmask6[i] != '\0')
3965 if (i == sizeof(ifo->requestmask6)) {
3966 for (dhc = dhcp_compats; dhc->dhcp_opt; dhc++) {
3967 if (DHC_REQ(ifo->requestmask, ifo->nomask, dhc->dhcp_opt))
3968 add_option_mask(ifo->requestmask6,
3971 if (ifo->fqdn != FQDN_DISABLE || ifo->options & DHCPCD_HOSTNAME)
3972 add_option_mask(ifo->requestmask6, D6_OPTION_FQDN);
3976 /* Rapid commit won't work with Prefix Delegation Exclusion */
3977 if (dhcp6_findselfsla(ifp))
3978 del_option_mask(ifo->requestmask6, D6_OPTION_RAPID_COMMIT);
3981 if (state->state == DH6S_INFORM) {
3982 add_option_mask(ifo->requestmask6, D6_OPTION_INFO_REFRESH_TIME);
3983 dhcp6_startinform(ifp);
3985 del_option_mask(ifo->requestmask6, D6_OPTION_INFO_REFRESH_TIME);
3986 dhcp6_startinit(ifp);
3990 dhcp6_activateinterfaces(ifp);
3995 dhcp6_start(struct interface *ifp, enum DH6S init_state)
3997 struct dhcp6_state *state;
3999 state = D6_STATE(ifp);
4000 if (state != NULL) {
4001 switch (init_state) {
4006 * If D6_OPTION_INFO_REFRESH_TIME does not exist
4007 * then we MUST refresh by IRT_DEFAULT seconds
4008 * and should not be influenced by only the
4009 * pl/vl time of the RA changing. */
4010 if (state->state == DH6S_INIT ||
4011 (state->state == DH6S_DISCOVER &&
4012 !(ifp->options->options & DHCPCD_IA_FORCED) &&
4013 !ipv6nd_hasradhcp(ifp, true)))
4014 dhcp6_startinform(ifp);
4017 if (ifp->options->options & DHCPCD_DHCP6 &&
4018 (state->state == DH6S_INIT ||
4019 state->state == DH6S_INFORM ||
4020 state->state == DH6S_INFORMED ||
4021 state->state == DH6S_DELEGATED))
4023 /* Change from stateless to stateful */
4024 init_state = DH6S_INIT;
4029 init_state = DH6S_INIT;
4032 /* Not possible, but sushes some compiler warnings. */
4037 switch (init_state) {
4039 /* No DHCPv6 config, no existing state
4040 * so nothing to do. */
4045 init_state = DH6S_INIT;
4050 if (!(ifp->options->options & DHCPCD_DHCP6))
4053 ifp->if_data[IF_DATA_DHCP6] = calloc(1, sizeof(*state));
4054 state = D6_STATE(ifp);
4058 state->sol_max_rt = SOL_MAX_RT;
4059 state->inf_max_rt = INF_MAX_RT;
4060 TAILQ_INIT(&state->addrs);
4063 state->new_start = true;
4064 state->state = init_state;
4066 state->failed = false;
4067 dhcp_set_leasefile(state->leasefile, sizeof(state->leasefile),
4069 if (ipv6_linklocal(ifp) == NULL) {
4070 logdebugx("%s: delaying DHCPv6 for LL address", ifp->name);
4071 ipv6_addlinklocalcallback(ifp, dhcp6_start1, ifp);
4080 dhcp6_reboot(struct interface *ifp)
4082 struct dhcp6_state *state;
4084 state = D6_STATE(ifp);
4089 switch (state->state) {
4091 dhcp6_startrebind(ifp);
4094 dhcp6_startdiscoinform(ifp);
4100 dhcp6_freedrop(struct interface *ifp, int drop, const char *reason)
4102 struct dhcp6_state *state;
4103 struct dhcpcd_ctx *ctx;
4104 unsigned long long options;
4107 options = ifp->options->options;
4109 options = ifp->ctx->options;
4111 if (ifp->ctx->eloop)
4112 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
4115 /* If we're dropping the lease, drop delegated addresses.
4116 * If, for whatever reason, we don't drop them in the future
4117 * then they should at least be marked as deprecated (pltime 0). */
4118 if (drop && (options & DHCPCD_NODROP) != DHCPCD_NODROP)
4119 dhcp6_delete_delegates(ifp);
4122 state = D6_STATE(ifp);
4124 /* Failure to send the release may cause this function to
4126 if (state->state == DH6S_RELEASE) {
4127 dhcp6_finishrelease(ifp);
4131 if (drop && options & DHCPCD_RELEASE &&
4132 state->state != DH6S_DELEGATED)
4134 if (if_is_link_up(ifp) &&
4135 state->state != DH6S_RELEASED &&
4136 state->state != DH6S_INFORMED)
4138 dhcp6_startrelease(ifp);
4141 dhcp_unlink(ifp->ctx, state->leasefile);
4144 else if (state->auth.reconf != NULL) {
4146 * Drop the lease as the token may only be present
4147 * in the initial reply message and not subsequent
4149 * If dhcpcd is restarted, the token is lost.
4150 * XXX persist this in another file?
4152 dhcp_unlink(ifp->ctx, state->leasefile);
4156 dhcp6_freedrop_addrs(ifp, drop, NULL);
4158 state->old = state->new;
4159 state->old_len = state->new_len;
4162 if (drop && state->old &&
4163 (options & DHCPCD_NODROP) != DHCPCD_NODROP)
4167 script_runreason(ifp, reason);
4173 ifp->if_data[IF_DATA_DHCP6] = NULL;
4176 /* If we don't have any more DHCP6 enabled interfaces,
4177 * close the global socket and release resources */
4180 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
4185 if (ifp == NULL && ctx->dhcp6_rfd != -1) {
4186 eloop_event_delete(ctx->eloop, ctx->dhcp6_rfd);
4187 close(ctx->dhcp6_rfd);
4188 ctx->dhcp6_rfd = -1;
4193 dhcp6_drop(struct interface *ifp, const char *reason)
4196 dhcp6_freedrop(ifp, 1, reason);
4200 dhcp6_free(struct interface *ifp)
4203 dhcp6_freedrop(ifp, 0, NULL);
4207 dhcp6_abort(struct interface *ifp)
4209 struct dhcp6_state *state;
4210 #ifdef ND6_ADVERTISE
4211 struct ipv6_addr *ia;
4214 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_start1, ifp);
4215 state = D6_STATE(ifp);
4219 #ifdef ND6_ADVERTISE
4220 TAILQ_FOREACH(ia, &state->addrs, next) {
4221 ipv6nd_advertise(ia);
4225 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_startdiscover, ifp);
4226 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_senddiscover, ifp);
4227 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_startinform, ifp);
4228 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_sendinform, ifp);
4230 switch (state->state) {
4231 case DH6S_DISCOVER: /* FALLTHROUGH */
4232 case DH6S_REQUEST: /* FALLTHROUGH */
4234 state->state = DH6S_INIT;
4242 dhcp6_handleifa(int cmd, struct ipv6_addr *ia, pid_t pid)
4244 struct dhcp6_state *state;
4245 struct interface *ifp = ia->iface;
4247 /* If not running in manager mode, listen to this address */
4248 if (cmd == RTM_NEWADDR &&
4249 !(ia->addr_flags & IN6_IFF_NOTUSEABLE) &&
4250 ifp->active == IF_ACTIVE_USER &&
4251 !(ifp->ctx->options & DHCPCD_MANAGER) &&
4252 ifp->options->options & DHCPCD_DHCP6)
4255 if (IN_PRIVSEP_SE(ifp->ctx)) {
4256 if (ps_inet_opendhcp6(ia) == -1)
4261 if (ia->dhcp6_fd == -1)
4262 ia->dhcp6_fd = dhcp6_openudp(ia->iface->index,
4264 if (ia->dhcp6_fd != -1 &&
4265 eloop_event_add(ia->iface->ctx->eloop,
4266 ia->dhcp6_fd, ELE_READ, dhcp6_recvaddr, ia) == -1)
4267 logerr("%s: eloop_event_add", __func__);
4271 if ((state = D6_STATE(ifp)) != NULL)
4272 ipv6_handleifa_addrs(cmd, &state->addrs, ia, pid);
4276 dhcp6_env(FILE *fp, const char *prefix, const struct interface *ifp,
4277 const struct dhcp6_message *m, size_t len)
4279 const struct if_options *ifo;
4280 struct dhcp_opt *opt, *vo;
4282 struct dhcp6_option o;
4286 const struct dhcpcd_ctx *ctx;
4288 const struct dhcp6_state *state;
4289 const struct ipv6_addr *ap;
4296 if (len < sizeof(*m)) {
4297 /* Should be impossible with guards at packet in
4298 * and reading leases */
4306 /* Zero our indexes */
4307 for (i = 0, opt = ctx->dhcp6_opts;
4308 i < ctx->dhcp6_opts_len;
4310 dhcp_zero_index(opt);
4311 for (i = 0, opt = ifp->options->dhcp6_override;
4312 i < ifp->options->dhcp6_override_len;
4314 dhcp_zero_index(opt);
4315 for (i = 0, opt = ctx->vivso;
4318 dhcp_zero_index(opt);
4319 if (asprintf(&pfx, "%s_dhcp6", prefix) == -1)
4322 /* Unlike DHCP, DHCPv6 options *may* occur more than once.
4323 * There is also no provision for option concatenation unlike DHCP. */
4324 p = (const uint8_t *)m + sizeof(*m);
4326 for (; len != 0; p += o.len, len -= o.len) {
4327 if (len < sizeof(o)) {
4331 memcpy(&o, p, sizeof(o));
4334 o.len = ntohs(o.len);
4339 o.code = ntohs(o.code);
4340 if (has_option_mask(ifo->nomask6, o.code))
4342 for (i = 0, opt = ifo->dhcp6_override;
4343 i < ifo->dhcp6_override_len;
4345 if (opt->option == o.code)
4347 if (i == ifo->dhcp6_override_len &&
4348 o.code == D6_OPTION_VENDOR_OPTS &&
4351 memcpy(&en, p, sizeof(en));
4353 vo = vivso_find(en, ifp);
4356 if (i == ifo->dhcp6_override_len) {
4357 for (i = 0, opt = ctx->dhcp6_opts;
4358 i < ctx->dhcp6_opts_len;
4360 if (opt->option == o.code)
4362 if (i == ctx->dhcp6_opts_len)
4366 dhcp_envoption(ifp->ctx,
4368 opt, dhcp6_getoption, p, o.len);
4371 dhcp_envoption(ifp->ctx,
4373 vo, dhcp6_getoption,
4375 o.len - sizeof(en));
4382 /* Needed for Delegated Prefixes */
4383 state = D6_CSTATE(ifp);
4384 TAILQ_FOREACH(ap, &state->addrs, next) {
4385 if (ap->delegating_prefix)
4390 if (fprintf(fp, "%s_delegated_dhcp6_prefix=", prefix) == -1)
4393 TAILQ_FOREACH(ap, &state->addrs, next) {
4394 if (ap->delegating_prefix == NULL)
4399 if (fputc(' ', fp) == EOF)
4402 if (fprintf(fp, "%s", ap->saddr) == -1)
4405 if (fputc('\0', fp) == EOF)
4415 dhcp6_dump(struct interface *ifp)
4417 struct dhcp6_state *state;
4419 ifp->if_data[IF_DATA_DHCP6] = state = calloc(1, sizeof(*state));
4420 if (state == NULL) {
4424 TAILQ_INIT(&state->addrs);
4425 if (dhcp6_readlease(ifp, 0) == -1) {
4426 logerr("dhcp6_readlease");
4429 state->reason = "DUMP6";
4430 return script_runreason(ifp, state->reason);