1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * BOUND state of the DHCP client state machine. 26 */ 27 28 #pragma ident "%Z%%M% %I% %E% SMI" 29 30 #include <sys/socket.h> 31 #include <sys/types.h> 32 #include <string.h> 33 #include <netinet/in.h> 34 #include <sys/sockio.h> 35 #include <unistd.h> 36 #include <time.h> 37 #include <arpa/inet.h> 38 #include <stdlib.h> 39 #include <search.h> 40 #include <sys/sysmacros.h> 41 #include <dhcp_hostconf.h> 42 #include <dhcpagent_util.h> 43 #include <dhcpmsg.h> 44 45 #include "states.h" 46 #include "packet.h" 47 #include "util.h" 48 #include "agent.h" 49 #include "interface.h" 50 #include "script_handler.h" 51 52 /* 53 * Possible outcomes for IPv6 binding attempt. 54 */ 55 enum v6_bind_result { 56 v6Restart, /* report failure and restart state machine */ 57 v6Resent, /* new Request message has been sent */ 58 v6Done /* successful binding */ 59 }; 60 61 static enum v6_bind_result configure_v6_leases(dhcp_smach_t *); 62 static boolean_t configure_v4_lease(dhcp_smach_t *); 63 static boolean_t configure_v4_timers(dhcp_smach_t *); 64 65 /* 66 * bound_event_cb(): callback for script_start on the event EVENT_BOUND 67 * 68 * input: dhcp_smach_t *: the state machine configured 69 * void *: unused 70 * output: int: always 1 71 */ 72 73 /* ARGSUSED1 */ 74 static int 75 bound_event_cb(dhcp_smach_t *dsmp, void *arg) 76 { 77 if (dsmp->dsm_ia.ia_fd != -1) 78 ipc_action_finish(dsmp, DHCP_IPC_SUCCESS); 79 else 80 async_finish(dsmp); 81 return (1); 82 } 83 84 /* 85 * dhcp_bound(): configures an state machine and interfaces using information 86 * contained in the ACK/Reply packet and sets up lease timers. 87 * Before starting, the requested address is verified by 88 * Duplicate Address Detection to make sure it's not in use. 89 * 90 * input: dhcp_smach_t *: the state machine to move to bound 91 * PKT_LIST *: the ACK/Reply packet, or NULL to use dsmp->dsm_ack 92 * output: boolean_t: B_TRUE on success, B_FALSE on failure 93 */ 94 95 boolean_t 96 dhcp_bound(dhcp_smach_t *dsmp, PKT_LIST *ack) 97 { 98 DHCPSTATE oldstate; 99 lease_t new_lease; 100 dhcp_lif_t *lif; 101 dhcp_lease_t *dlp; 102 enum v6_bind_result v6b; 103 104 if (ack != NULL) { 105 /* If ack we're replacing is not the original, then free it */ 106 if (dsmp->dsm_ack != dsmp->dsm_orig_ack) 107 free_pkt_entry(dsmp->dsm_ack); 108 dsmp->dsm_ack = ack; 109 /* Save the first ack as the original */ 110 if (dsmp->dsm_orig_ack == NULL) 111 dsmp->dsm_orig_ack = ack; 112 } 113 114 oldstate = dsmp->dsm_state; 115 switch (oldstate) { 116 117 case ADOPTING: 118 /* Note that adoption occurs only for IPv4 DHCP. */ 119 120 /* Ignore BOOTP */ 121 if (ack->opts[CD_DHCP_TYPE] == NULL) 122 return (B_FALSE); 123 124 /* 125 * if we're adopting a lease, the lease timers 126 * only provide an upper bound since we don't know 127 * from what time they are relative to. assume we 128 * have a lease time of at most DHCP_ADOPT_LEASE_MAX. 129 */ 130 (void) memcpy(&new_lease, ack->opts[CD_LEASE_TIME]->value, 131 sizeof (lease_t)); 132 133 new_lease = htonl(MIN(ntohl(new_lease), DHCP_ADOPT_LEASE_MAX)); 134 135 (void) memcpy(ack->opts[CD_LEASE_TIME]->value, &new_lease, 136 sizeof (lease_t)); 137 138 /* 139 * we have no idea when the REQUEST that generated 140 * this ACK was sent, but for diagnostic purposes 141 * we'll assume its close to the current time. 142 */ 143 dsmp->dsm_newstart_monosec = monosec(); 144 145 if (dsmp->dsm_isv6) { 146 if ((v6b = configure_v6_leases(dsmp)) != v6Done) 147 return (v6b == v6Resent); 148 } else { 149 if (!configure_v4_lease(dsmp)) 150 return (B_FALSE); 151 152 if (!configure_v4_timers(dsmp)) 153 return (B_FALSE); 154 } 155 156 dsmp->dsm_curstart_monosec = dsmp->dsm_newstart_monosec; 157 break; 158 159 case SELECTING: 160 case REQUESTING: 161 case INIT_REBOOT: 162 163 if (dsmp->dsm_isv6) { 164 if ((v6b = configure_v6_leases(dsmp)) != v6Done) 165 return (v6b == v6Resent); 166 } else { 167 if (!configure_v4_lease(dsmp)) 168 return (B_FALSE); 169 170 if (!configure_v4_timers(dsmp)) 171 return (B_FALSE); 172 173 if (!clear_lif_deprecated(dsmp->dsm_lif)) 174 return (B_FALSE); 175 } 176 177 /* Stop sending requests now */ 178 stop_pkt_retransmission(dsmp); 179 180 /* 181 * If we didn't end up with any usable leases, then we have a 182 * problem. 183 */ 184 if (dsmp->dsm_leases == NULL) { 185 dhcpmsg(MSG_WARNING, 186 "dhcp_bound: no address lease established"); 187 return (B_FALSE); 188 } 189 190 /* 191 * If this is a Rapid-Commit (selecting state) or if we're 192 * dealing with a reboot (init-reboot), then we will have a new 193 * server ID to save. 194 */ 195 if (ack != NULL && 196 (oldstate == SELECTING || oldstate == INIT_REBOOT) && 197 dsmp->dsm_isv6 && !save_server_id(dsmp, ack)) { 198 dhcpmsg(MSG_ERROR, 199 "dhcp_bound: unable to save server ID on %s", 200 dsmp->dsm_name); 201 return (B_FALSE); 202 } 203 204 /* 205 * We will continue configuring the interfaces via 206 * dhcp_bound_complete, once kernel DAD completes. If no new 207 * leases were created (which can happen on an init-reboot used 208 * for link-up confirmation), then go straight to bound state. 209 */ 210 if (!set_smach_state(dsmp, PRE_BOUND)) 211 return (B_FALSE); 212 if (dsmp->dsm_lif_wait == 0) 213 dhcp_bound_complete(dsmp); 214 break; 215 216 case PRE_BOUND: 217 case BOUND: 218 /* This is just a duplicate ack; silently ignore it */ 219 return (B_TRUE); 220 221 case RENEWING: 222 case REBINDING: 223 224 if (dsmp->dsm_isv6) { 225 if ((v6b = configure_v6_leases(dsmp)) != v6Done) 226 return (v6b == v6Resent); 227 } else { 228 if (!configure_v4_timers(dsmp)) 229 return (B_FALSE); 230 if (!clear_lif_deprecated(dsmp->dsm_lif)) 231 return (B_FALSE); 232 } 233 234 /* 235 * If some or all of the leases were torn down by the server, 236 * then handle that as an expiry. When the script is done 237 * running for the LOSS6 event, we'll end up back here. 238 */ 239 if ((lif = find_expired_lif(dsmp)) != NULL) { 240 hold_lif(lif); 241 dhcp_expire(NULL, lif); 242 while ((lif = find_expired_lif(dsmp)) != NULL) { 243 dlp = lif->lif_lease; 244 unplumb_lif(lif); 245 if (dlp->dl_nlifs == 0) 246 remove_lease(dlp); 247 } 248 if (dsmp->dsm_leases == NULL) 249 return (B_FALSE); 250 } 251 252 if (oldstate == REBINDING && dsmp->dsm_isv6 && 253 !save_server_id(dsmp, ack)) { 254 return (B_FALSE); 255 } 256 257 /* 258 * Handle Renew/Rebind that fails to address one of our leases. 259 * (Should just never happen, but RFC 3315 section 18.1.8 260 * requires it, and TAHI tests for it.) 261 */ 262 for (dlp = dsmp->dsm_leases; dlp != NULL; dlp = dlp->dl_next) { 263 if (dlp->dl_stale && dlp->dl_nlifs > 0) 264 break; 265 } 266 if (dlp != NULL) { 267 dhcpmsg(MSG_DEBUG, "dhcp_bound: lease not updated; " 268 "allow retransmit"); 269 return (B_TRUE); 270 } 271 272 if (!set_smach_state(dsmp, BOUND)) 273 return (B_FALSE); 274 275 (void) script_start(dsmp, dsmp->dsm_isv6 ? EVENT_EXTEND6 : 276 EVENT_EXTEND, bound_event_cb, NULL, NULL); 277 278 dsmp->dsm_curstart_monosec = dsmp->dsm_newstart_monosec; 279 280 /* Stop sending requests now */ 281 stop_pkt_retransmission(dsmp); 282 break; 283 284 case INFORM_SENT: 285 286 if (dsmp->dsm_isv6 && !save_server_id(dsmp, ack)) { 287 return (B_FALSE); 288 } 289 290 (void) bound_event_cb(dsmp, NULL); 291 if (!set_smach_state(dsmp, INFORMATION)) 292 return (B_FALSE); 293 294 /* Stop sending requests now */ 295 stop_pkt_retransmission(dsmp); 296 break; 297 298 default: 299 /* something is really bizarre... */ 300 dhcpmsg(MSG_DEBUG, 301 "dhcp_bound: called in unexpected state: %s", 302 dhcp_state_to_string(dsmp->dsm_state)); 303 return (B_FALSE); 304 } 305 306 /* 307 * remove any stale hostconf file that might be lying around for 308 * this state machine. (in general, it's harmless, since we'll write a 309 * fresh one when we exit anyway, but just to reduce confusion..) 310 */ 311 312 (void) remove_hostconf(dsmp->dsm_name, dsmp->dsm_isv6); 313 return (B_TRUE); 314 } 315 316 /* 317 * dhcp_bound_complete(): complete interface configuration after DAD 318 * 319 * input: dhcp_smach_t *: the state machine now ready 320 * output: none 321 */ 322 323 void 324 dhcp_bound_complete(dhcp_smach_t *dsmp) 325 { 326 PKT_LIST *ack; 327 DHCP_OPT *router_list; 328 int i; 329 DHCPSTATE oldstate; 330 331 /* 332 * Do bound state entry processing only if running IPv4. There's no 333 * need for this with DHCPv6 because link-locals are used for I/O and 334 * because DHCPv6 isn't entangled with routing. 335 */ 336 if (dsmp->dsm_isv6) { 337 (void) set_smach_state(dsmp, BOUND); 338 dhcpmsg(MSG_DEBUG, "configure_bound: bound %s", 339 dsmp->dsm_name); 340 (void) script_start(dsmp, EVENT_BOUND6, bound_event_cb, NULL, 341 NULL); 342 dsmp->dsm_curstart_monosec = dsmp->dsm_newstart_monosec; 343 return; 344 } 345 346 /* 347 * add each provided router; we'll clean them up when the 348 * state machine goes away or when our lease expires. 349 */ 350 351 ack = dsmp->dsm_ack; 352 router_list = ack->opts[CD_ROUTER]; 353 if (router_list && (router_list->len % sizeof (ipaddr_t)) == 0) { 354 355 dsmp->dsm_nrouters = router_list->len / sizeof (ipaddr_t); 356 dsmp->dsm_routers = malloc(router_list->len); 357 if (dsmp->dsm_routers == NULL) { 358 dhcpmsg(MSG_ERR, "configure_bound: cannot allocate " 359 "default router list, ignoring default routers"); 360 dsmp->dsm_nrouters = 0; 361 } 362 363 for (i = 0; i < dsmp->dsm_nrouters; i++) { 364 365 (void) memcpy(&dsmp->dsm_routers[i].s_addr, 366 router_list->value + (i * sizeof (ipaddr_t)), 367 sizeof (ipaddr_t)); 368 369 if (!add_default_route(dsmp->dsm_name, 370 &dsmp->dsm_routers[i])) { 371 dhcpmsg(MSG_ERR, "configure_bound: cannot add " 372 "default router %s on %s", inet_ntoa( 373 dsmp->dsm_routers[i]), dsmp->dsm_name); 374 dsmp->dsm_routers[i].s_addr = htonl(INADDR_ANY); 375 continue; 376 } 377 378 dhcpmsg(MSG_INFO, "added default router %s on %s", 379 inet_ntoa(dsmp->dsm_routers[i]), dsmp->dsm_name); 380 } 381 } 382 383 oldstate = dsmp->dsm_state; 384 if (!set_smach_state(dsmp, BOUND)) { 385 dhcpmsg(MSG_ERR, 386 "configure_bound: cannot set bound state on %s", 387 dsmp->dsm_name); 388 return; 389 } 390 391 dhcpmsg(MSG_DEBUG, "configure_bound: bound %s", dsmp->dsm_name); 392 393 /* 394 * We're now committed to this binding, so if it came from BOOTP, set 395 * the flag. 396 */ 397 398 if (ack->opts[CD_DHCP_TYPE] == NULL) 399 dsmp->dsm_dflags |= DHCP_IF_BOOTP; 400 401 /* 402 * If the previous state was ADOPTING, event loop has not been started 403 * at this time; so don't run the EVENT_BOUND script. 404 */ 405 if (oldstate != ADOPTING) { 406 (void) script_start(dsmp, EVENT_BOUND, bound_event_cb, NULL, 407 NULL); 408 } 409 410 dsmp->dsm_curstart_monosec = dsmp->dsm_newstart_monosec; 411 } 412 413 /* 414 * fuzzify(): adds some "fuzz" to a t1/t2 time, in accordance with RFC2131. 415 * We use up to plus or minus 2% jitter in the time. This is a 416 * small value, but the timers involved are typically long. A 417 * common T1 value is one day, and the fuzz is up to 28.8 minutes; 418 * plenty of time to make sure that individual clients don't renew 419 * all at the same time. 420 * 421 * input: uint32_t: the number of seconds until lease expiration 422 * double: the approximate percentage of that time to return 423 * output: double: a number approximating (sec * pct) 424 */ 425 426 static double 427 fuzzify(uint32_t sec, double pct) 428 { 429 return (sec * (pct + (drand48() - 0.5) / 25.0)); 430 } 431 432 /* 433 * get_pkt_times(): pulls the lease times out of a v4 DHCP packet and stores 434 * them as host byte-order relative times in the passed in 435 * parameters. 436 * 437 * input: PKT_LIST *: the packet to pull the packet times from 438 * lease_t *: where to store the relative lease time in hbo 439 * lease_t *: where to store the relative t1 time in hbo 440 * lease_t *: where to store the relative t2 time in hbo 441 * output: void 442 */ 443 444 static void 445 get_pkt_times(PKT_LIST *ack, lease_t *lease, lease_t *t1, lease_t *t2) 446 { 447 *lease = DHCP_PERM; 448 *t1 = DHCP_PERM; 449 *t2 = DHCP_PERM; 450 451 if (ack->opts[CD_DHCP_TYPE] == NULL) { 452 dhcpmsg(MSG_VERBOSE, 453 "get_pkt_times: BOOTP response; infinite lease"); 454 return; 455 } 456 if (ack->opts[CD_LEASE_TIME] == NULL) { 457 dhcpmsg(MSG_VERBOSE, 458 "get_pkt_times: no lease option provided"); 459 return; 460 } 461 if (ack->opts[CD_LEASE_TIME]->len != sizeof (lease_t)) { 462 dhcpmsg(MSG_VERBOSE, "get_pkt_times: invalid lease option"); 463 } 464 465 (void) memcpy(lease, ack->opts[CD_LEASE_TIME]->value, sizeof (lease_t)); 466 *lease = ntohl(*lease); 467 468 if (*lease == DHCP_PERM) { 469 dhcpmsg(MSG_VERBOSE, "get_pkt_times: infinite lease granted"); 470 return; 471 } 472 473 if (ack->opts[CD_T1_TIME] != NULL && 474 ack->opts[CD_T1_TIME]->len == sizeof (lease_t)) { 475 (void) memcpy(t1, ack->opts[CD_T1_TIME]->value, sizeof (*t1)); 476 *t1 = ntohl(*t1); 477 } 478 479 if (ack->opts[CD_T2_TIME] != NULL && 480 ack->opts[CD_T2_TIME]->len == sizeof (lease_t)) { 481 (void) memcpy(t2, ack->opts[CD_T2_TIME]->value, sizeof (*t2)); 482 *t2 = ntohl(*t2); 483 } 484 485 if ((*t1 == DHCP_PERM) || (*t1 >= *lease)) 486 *t1 = (lease_t)fuzzify(*lease, DHCP_T1_FACT); 487 488 if ((*t2 == DHCP_PERM) || (*t2 > *lease) || (*t2 <= *t1)) 489 *t2 = (lease_t)fuzzify(*lease, DHCP_T2_FACT); 490 491 dhcpmsg(MSG_VERBOSE, "get_pkt_times: lease %u t1 %u t2 %u", 492 *lease, *t1, *t2); 493 } 494 495 /* 496 * configure_v4_timers(): configures the lease timers on a v4 state machine 497 * 498 * input: dhcp_smach_t *: the state machine to configure 499 * output: boolean_t: B_TRUE on success, B_FALSE on failure 500 */ 501 502 static boolean_t 503 configure_v4_timers(dhcp_smach_t *dsmp) 504 { 505 PKT_LIST *ack = dsmp->dsm_ack; 506 lease_t lease, t1, t2; 507 dhcp_lease_t *dlp; 508 dhcp_lif_t *lif; 509 510 /* v4 has just one lease per state machine, and one LIF */ 511 dlp = dsmp->dsm_leases; 512 lif = dlp->dl_lifs; 513 514 /* 515 * If it's DHCP, but there's no valid lease time, then complain, 516 * decline the lease and return error. 517 */ 518 if (ack->opts[CD_DHCP_TYPE] != NULL && 519 (ack->opts[CD_LEASE_TIME] == NULL || 520 ack->opts[CD_LEASE_TIME]->len != sizeof (lease_t))) { 521 lif_mark_decline(lif, "Missing or corrupted lease time"); 522 send_declines(dsmp); 523 dhcpmsg(MSG_WARNING, "configure_v4_timers: %s lease time in " 524 "ACK on %s", ack->opts[CD_LEASE_TIME] == NULL ? "missing" : 525 "corrupt", dsmp->dsm_name); 526 return (B_FALSE); 527 } 528 529 /* Stop the T1 and T2 timers */ 530 cancel_lease_timers(dlp); 531 532 /* Stop the LEASE timer */ 533 cancel_lif_timers(lif); 534 535 /* 536 * type has already been verified as ACK. if type is not set, 537 * then we got a BOOTP packet. we now fetch the t1, t2, and 538 * lease options out of the packet into variables. they are 539 * returned as relative host-byte-ordered times. 540 */ 541 542 get_pkt_times(ack, &lease, &t1, &t2); 543 544 /* 545 * if the current lease is mysteriously close to the new 546 * lease, warn the user. unless there's less than a minute 547 * left, round to the closest minute. 548 */ 549 550 if (lif->lif_expire.dt_start != 0 && 551 abs((dsmp->dsm_newstart_monosec + lease) - 552 (dsmp->dsm_curstart_monosec + lif->lif_expire.dt_start)) < 553 DHCP_LEASE_EPS) { 554 const char *noext = "configure_v4_timers: lease renewed but " 555 "time not extended"; 556 int msg_level; 557 uint_t minleft; 558 559 if (lif->lif_expire.dt_start < DHCP_LEASE_ERROR_THRESH) 560 msg_level = MSG_ERROR; 561 else 562 msg_level = MSG_VERBOSE; 563 564 minleft = (lif->lif_expire.dt_start + 30) / 60; 565 566 if (lif->lif_expire.dt_start < 60) { 567 dhcpmsg(msg_level, "%s; expires in %d seconds", 568 noext, lif->lif_expire.dt_start); 569 } else if (minleft == 1) { 570 dhcpmsg(msg_level, "%s; expires in 1 minute", noext); 571 } else if (minleft > 120) { 572 dhcpmsg(msg_level, "%s; expires in %d hours", 573 noext, (minleft + 30) / 60); 574 } else { 575 dhcpmsg(msg_level, "%s; expires in %d minutes", 576 noext, minleft); 577 } 578 } 579 580 init_timer(&dlp->dl_t1, t1); 581 init_timer(&dlp->dl_t2, t2); 582 init_timer(&lif->lif_expire, lease); 583 584 if (lease == DHCP_PERM) { 585 dhcpmsg(MSG_INFO, 586 "configure_v4_timers: %s acquired permanent lease", 587 dsmp->dsm_name); 588 return (B_TRUE); 589 } 590 591 dhcpmsg(MSG_INFO, "configure_v4_timers: %s acquired lease, expires %s", 592 dsmp->dsm_name, 593 monosec_to_string(dsmp->dsm_newstart_monosec + lease)); 594 595 dhcpmsg(MSG_INFO, "configure_v4_timers: %s begins renewal at %s", 596 dsmp->dsm_name, monosec_to_string(dsmp->dsm_newstart_monosec + 597 dlp->dl_t1.dt_start)); 598 599 dhcpmsg(MSG_INFO, "configure_v4_timers: %s begins rebinding at %s", 600 dsmp->dsm_name, monosec_to_string(dsmp->dsm_newstart_monosec + 601 dlp->dl_t2.dt_start)); 602 603 /* 604 * according to RFC2131, there is no minimum lease time, but don't 605 * set up renew/rebind timers if lease is shorter than DHCP_REBIND_MIN. 606 */ 607 608 if (!schedule_lif_timer(lif, &lif->lif_expire, dhcp_expire)) 609 goto failure; 610 611 if (lease < DHCP_REBIND_MIN) { 612 dhcpmsg(MSG_WARNING, "configure_v4_timers: lease on %s is for " 613 "less than %d seconds!", dsmp->dsm_name, DHCP_REBIND_MIN); 614 return (B_TRUE); 615 } 616 617 if (!schedule_lease_timer(dlp, &dlp->dl_t1, dhcp_renew)) 618 goto failure; 619 620 if (!schedule_lease_timer(dlp, &dlp->dl_t2, dhcp_rebind)) 621 goto failure; 622 623 return (B_TRUE); 624 625 failure: 626 cancel_lease_timers(dlp); 627 cancel_lif_timers(lif); 628 dhcpmsg(MSG_WARNING, 629 "configure_v4_timers: cannot schedule lease timers"); 630 return (B_FALSE); 631 } 632 633 /* 634 * configure_v6_leases(): configures the IPv6 leases on a state machine from 635 * the current DHCPv6 ACK. We need to scan the ACK, 636 * create a lease for each IA_NA, and a new LIF for each 637 * IAADDR. 638 * 639 * input: dhcp_smach_t *: the machine to configure (with a valid dsm_ack) 640 * output: enum v6_bind_result: restart, resend, or done 641 */ 642 643 static enum v6_bind_result 644 configure_v6_leases(dhcp_smach_t *dsmp) 645 { 646 const dhcpv6_option_t *d6o, *d6so, *d6sso; 647 const char *optbase, *estr, *msg; 648 uint_t olen, solen, ssolen, msglen; 649 dhcpv6_ia_na_t d6in; 650 dhcpv6_iaaddr_t d6ia; 651 dhcp_lease_t *dlp; 652 uint32_t shortest; 653 dhcp_lif_t *lif; 654 uint_t nlifs; 655 boolean_t got_iana = B_FALSE; 656 uint_t scode; 657 658 for (dlp = dsmp->dsm_leases; dlp != NULL; dlp = dlp->dl_next) 659 dlp->dl_stale = B_TRUE; 660 661 d6o = NULL; 662 while ((d6o = dhcpv6_pkt_option(dsmp->dsm_ack, d6o, DHCPV6_OPT_IA_NA, 663 &olen)) != NULL) { 664 if (olen < sizeof (d6in)) { 665 dhcpmsg(MSG_WARNING, 666 "configure_v6_leases: garbled IA_NA"); 667 continue; 668 } 669 670 /* 671 * Check the IAID. It should be for our controlling LIF. If a 672 * single state machine needs to use multiple IAIDs, then this 673 * will need to change. 674 */ 675 (void) memcpy(&d6in, d6o, sizeof (d6in)); 676 d6in.d6in_iaid = ntohl(d6in.d6in_iaid); 677 if (d6in.d6in_iaid != dsmp->dsm_lif->lif_iaid) { 678 dhcpmsg(MSG_WARNING, "configure_v6_leases: ignored " 679 "IA_NA for IAID %x (not %x)", d6in.d6in_iaid, 680 dsmp->dsm_lif->lif_iaid); 681 continue; 682 } 683 684 /* 685 * See notes below; there's only one IA_NA and a single IAID 686 * for now. 687 */ 688 if ((dlp = dsmp->dsm_leases) != NULL) 689 dlp->dl_stale = B_FALSE; 690 691 /* 692 * Note that some bug-ridden servers will try to give us 693 * multiple IA_NA options for a single IAID. We ignore 694 * duplicates. 695 */ 696 if (got_iana) { 697 dhcpmsg(MSG_WARNING, "configure_v6_leases: unexpected " 698 "extra IA_NA ignored"); 699 continue; 700 } 701 702 d6in.d6in_t1 = ntohl(d6in.d6in_t1); 703 d6in.d6in_t2 = ntohl(d6in.d6in_t2); 704 705 /* RFC 3315 required check for invalid T1/T2 combinations */ 706 if (d6in.d6in_t1 > d6in.d6in_t2 && d6in.d6in_t2 != 0) { 707 dhcpmsg(MSG_WARNING, "configure_v6_leases: ignored " 708 "IA_NA with invalid T1 %u > T2 %u", d6in.d6in_t1, 709 d6in.d6in_t2); 710 continue; 711 } 712 713 /* 714 * There may be a status code here. Process if present. 715 */ 716 optbase = (const char *)d6o + sizeof (d6in); 717 olen -= sizeof (d6in); 718 d6so = dhcpv6_find_option(optbase, olen, NULL, 719 DHCPV6_OPT_STATUS_CODE, &solen); 720 scode = dhcpv6_status_code(d6so, solen, &estr, &msg, &msglen); 721 if (scode != DHCPV6_STAT_SUCCESS) { 722 dhcpmsg(MSG_WARNING, 723 "configure_v6_leases: IA_NA: %s: %.*s", 724 estr, msglen, msg); 725 } 726 print_server_msg(dsmp, msg, msglen); 727 728 /* 729 * Other errors are possible here. According to RFC 3315 730 * section 18.1.8, we ignore the entire IA if it gives the "no 731 * addresses" status code. We may try another server if we 732 * like -- we instead opt to allow the addresses to expire and 733 * then try a new server. 734 * 735 * If the status code is "no binding," then we must go back and 736 * redo the Request. Surprisingly, it doesn't matter if it's 737 * any other code. 738 */ 739 if (scode == DHCPV6_STAT_NOADDRS) { 740 dhcpmsg(MSG_DEBUG, "configure_v6_leases: ignoring " 741 "no-addrs status in IA_NA"); 742 continue; 743 } 744 745 if (scode == DHCPV6_STAT_NOBINDING) { 746 send_v6_request(dsmp); 747 return (v6Resent); 748 } 749 750 /* 751 * Find or create the lease structure. This part is simple, 752 * because we support only IA_NA and a single IAID. This means 753 * there's only one lease structure. The design supports 754 * multiple lease structures so that IA_TA and IA_PD can be 755 * added later. 756 */ 757 if ((dlp = dsmp->dsm_leases) == NULL && 758 (dlp = insert_lease(dsmp)) == NULL) { 759 dhcpmsg(MSG_ERROR, "configure_v6_leases: unable to " 760 "allocate memory for lease"); 761 return (v6Restart); 762 } 763 764 /* 765 * Iterate over the IAADDR options contained within this IA_NA. 766 */ 767 shortest = DHCPV6_INFTIME; 768 d6so = NULL; 769 while ((d6so = dhcpv6_find_option(optbase, olen, d6so, 770 DHCPV6_OPT_IAADDR, &solen)) != NULL) { 771 if (solen < sizeof (d6ia)) { 772 dhcpmsg(MSG_WARNING, 773 "configure_v6_leases: garbled IAADDR"); 774 continue; 775 } 776 (void) memcpy(&d6ia, d6so, sizeof (d6ia)); 777 778 d6ia.d6ia_preflife = ntohl(d6ia.d6ia_preflife); 779 d6ia.d6ia_vallife = ntohl(d6ia.d6ia_vallife); 780 781 /* RFC 3315 required validity check */ 782 if (d6ia.d6ia_preflife > d6ia.d6ia_vallife) { 783 dhcpmsg(MSG_WARNING, 784 "configure_v6_leases: ignored IAADDR with " 785 "preferred lifetime %u > valid %u", 786 d6ia.d6ia_preflife, d6ia.d6ia_vallife); 787 continue; 788 } 789 790 /* 791 * RFC 3315 allows a status code to be buried inside 792 * the IAADDR option. Look for it, and process if 793 * present. Process in a manner similar to that for 794 * the IA itself; TAHI checks for this. Real servers 795 * likely won't do this. 796 */ 797 d6sso = dhcpv6_find_option((const char *)d6so + 798 sizeof (d6ia), solen - sizeof (d6ia), NULL, 799 DHCPV6_OPT_STATUS_CODE, &ssolen); 800 scode = dhcpv6_status_code(d6sso, ssolen, &estr, &msg, 801 &msglen); 802 print_server_msg(dsmp, msg, msglen); 803 if (scode == DHCPV6_STAT_NOADDRS) { 804 dhcpmsg(MSG_DEBUG, "configure_v6_leases: " 805 "ignoring no-addrs status in IAADDR"); 806 continue; 807 } 808 if (scode == DHCPV6_STAT_NOBINDING) { 809 send_v6_request(dsmp); 810 return (v6Resent); 811 } 812 if (scode != DHCPV6_STAT_SUCCESS) { 813 dhcpmsg(MSG_WARNING, 814 "configure_v6_leases: IAADDR: %s", estr); 815 } 816 817 /* 818 * Locate the existing LIF within the lease associated 819 * with this address, if any. 820 */ 821 lif = dlp->dl_lifs; 822 for (nlifs = dlp->dl_nlifs; nlifs > 0; 823 nlifs--, lif = lif->lif_next) { 824 if (IN6_ARE_ADDR_EQUAL(&d6ia.d6ia_addr, 825 &lif->lif_v6addr)) 826 break; 827 } 828 829 /* 830 * If the server has set the lifetime to zero, then 831 * delete the LIF. Otherwise, set the new LIF expiry 832 * time, adding the LIF if necessary. 833 */ 834 if (d6ia.d6ia_vallife == 0) { 835 /* If it was found, then it's expired */ 836 if (nlifs != 0) { 837 dhcpmsg(MSG_DEBUG, 838 "configure_v6_leases: lif %s has " 839 "expired", lif->lif_name); 840 lif->lif_expired = B_TRUE; 841 } 842 continue; 843 } 844 845 /* If it wasn't found, then create it now. */ 846 if (nlifs == 0) { 847 lif = plumb_lif(dsmp->dsm_lif->lif_pif, 848 &d6ia.d6ia_addr); 849 if (lif == NULL) 850 continue; 851 if (++dlp->dl_nlifs == 1) { 852 dlp->dl_lifs = lif; 853 } else { 854 remque(lif); 855 insque(lif, dlp->dl_lifs); 856 } 857 lif->lif_lease = dlp; 858 lif->lif_dad_wait = _B_TRUE; 859 dsmp->dsm_lif_wait++; 860 } else { 861 /* If it was found, cancel timer */ 862 cancel_lif_timers(lif); 863 if (d6ia.d6ia_preflife != 0 && 864 !clear_lif_deprecated(lif)) { 865 unplumb_lif(lif); 866 continue; 867 } 868 } 869 870 /* Set the new expiry timers */ 871 init_timer(&lif->lif_preferred, d6ia.d6ia_preflife); 872 init_timer(&lif->lif_expire, d6ia.d6ia_vallife); 873 874 /* 875 * If the preferred lifetime is over now, then the LIF 876 * is deprecated. If it's the same as the expiry time, 877 * then we don't need a separate timer for it. 878 */ 879 if (d6ia.d6ia_preflife == 0) { 880 set_lif_deprecated(lif); 881 } else if (d6ia.d6ia_preflife != DHCPV6_INFTIME && 882 d6ia.d6ia_preflife != d6ia.d6ia_vallife && 883 !schedule_lif_timer(lif, &lif->lif_preferred, 884 dhcp_deprecate)) { 885 unplumb_lif(lif); 886 continue; 887 } 888 889 if (d6ia.d6ia_vallife != DHCPV6_INFTIME && 890 !schedule_lif_timer(lif, &lif->lif_expire, 891 dhcp_expire)) { 892 unplumb_lif(lif); 893 continue; 894 } 895 896 if (d6ia.d6ia_preflife < shortest) 897 shortest = d6ia.d6ia_preflife; 898 } 899 900 if (dlp->dl_nlifs == 0) { 901 dhcpmsg(MSG_WARNING, 902 "configure_v6_leases: no IAADDRs found in IA_NA"); 903 remove_lease(dlp); 904 continue; 905 } 906 907 if (d6in.d6in_t1 == 0 && d6in.d6in_t2 == 0) { 908 /* Default values from RFC 3315: 0.5 and 0.8 */ 909 if ((d6in.d6in_t1 = shortest / 2) == 0) 910 d6in.d6in_t1 = 1; 911 d6in.d6in_t2 = shortest - shortest / 5; 912 } 913 914 cancel_lease_timers(dlp); 915 init_timer(&dlp->dl_t1, d6in.d6in_t1); 916 init_timer(&dlp->dl_t2, d6in.d6in_t2); 917 918 if ((d6in.d6in_t1 != DHCPV6_INFTIME && 919 !schedule_lease_timer(dlp, &dlp->dl_t1, dhcp_renew)) || 920 (d6in.d6in_t2 != DHCPV6_INFTIME && 921 !schedule_lease_timer(dlp, &dlp->dl_t2, dhcp_rebind))) { 922 dhcpmsg(MSG_WARNING, "configure_v6_leases: unable to " 923 "set renew/rebind timers"); 924 } else { 925 got_iana = B_TRUE; 926 } 927 } 928 929 if (!got_iana) { 930 dhcpmsg(MSG_WARNING, 931 "configure_v6_leases: no usable IA_NA option found"); 932 } 933 934 return (v6Done); 935 } 936 937 /* 938 * configure_v4_lease(): configures the IPv4 lease on a state machine from 939 * the current DHCP ACK. There's only one lease and LIF 940 * per state machine in IPv4. 941 * 942 * input: dhcp_smach_t *: the machine to configure (with a valid dsm_ack) 943 * output: boolean_t: B_TRUE on success, B_FALSE on failure 944 */ 945 946 static boolean_t 947 configure_v4_lease(dhcp_smach_t *dsmp) 948 { 949 struct lifreq lifr; 950 struct sockaddr_in *sin; 951 PKT_LIST *ack = dsmp->dsm_ack; 952 dhcp_lease_t *dlp; 953 dhcp_lif_t *lif; 954 uint32_t addrhbo; 955 struct in_addr inaddr; 956 957 /* 958 * if we're using DHCP, then we'll have a valid CD_SERVER_ID 959 * (we checked in dhcp_acknak()); set it now so that 960 * dsmp->dsm_server is valid in case we need to send_decline(). 961 * note that we use comparisons against opts[CD_DHCP_TYPE] 962 * since we haven't set DHCP_IF_BOOTP yet (we don't do that 963 * until we're sure we want the offered address.) 964 */ 965 966 if (ack->opts[CD_DHCP_TYPE] != NULL) { 967 (void) memcpy(&inaddr, ack->opts[CD_SERVER_ID]->value, 968 sizeof (inaddr)); 969 IN6_INADDR_TO_V4MAPPED(&inaddr, &dsmp->dsm_server); 970 } 971 972 /* 973 * There needs to be exactly one lease for IPv4, and that lease 974 * controls the main LIF for the state machine. If it doesn't exist 975 * yet, then create it now. 976 */ 977 if ((dlp = dsmp->dsm_leases) == NULL && 978 (dlp = insert_lease(dsmp)) == NULL) { 979 dhcpmsg(MSG_ERROR, "configure_v4_lease: unable to allocate " 980 "memory for lease"); 981 return (B_FALSE); 982 } 983 if (dlp->dl_nlifs == 0) { 984 dlp->dl_lifs = dsmp->dsm_lif; 985 dlp->dl_nlifs = 1; 986 987 /* The lease holds a reference on the LIF */ 988 hold_lif(dlp->dl_lifs); 989 dlp->dl_lifs->lif_lease = dlp; 990 } 991 992 lif = dlp->dl_lifs; 993 994 IN6_INADDR_TO_V4MAPPED(&ack->pkt->yiaddr, &lif->lif_v6addr); 995 addrhbo = ntohl(ack->pkt->yiaddr.s_addr); 996 if ((addrhbo & IN_CLASSA_NET) == 0 || 997 (addrhbo >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 998 IN_CLASSD(addrhbo)) { 999 dhcpmsg(MSG_ERROR, 1000 "configure_v4_lease: got invalid IP address %s for %s", 1001 inet_ntoa(ack->pkt->yiaddr), lif->lif_name); 1002 return (B_FALSE); 1003 } 1004 1005 (void) memset(&lifr, 0, sizeof (struct lifreq)); 1006 (void) strlcpy(lifr.lifr_name, lif->lif_name, LIFNAMSIZ); 1007 1008 /* 1009 * bring the interface online. note that there is no optimal 1010 * order here: it is considered bad taste (and in > solaris 7, 1011 * likely illegal) to bring an interface up before it has an 1012 * ip address. however, due to an apparent bug in sun fddi 1013 * 5.0, fddi will not obtain a network routing entry unless 1014 * the interface is brought up before it has an ip address. 1015 * we take the lesser of the two evils; if fddi customers have 1016 * problems, they can get a newer fddi distribution which 1017 * fixes the problem. 1018 */ 1019 1020 sin = (struct sockaddr_in *)&lifr.lifr_addr; 1021 sin->sin_family = AF_INET; 1022 1023 (void) memset(&lif->lif_v6mask, 0xff, sizeof (lif->lif_v6mask)); 1024 if (ack->opts[CD_SUBNETMASK] != NULL && 1025 ack->opts[CD_SUBNETMASK]->len == sizeof (inaddr)) { 1026 1027 (void) memcpy(&inaddr, ack->opts[CD_SUBNETMASK]->value, 1028 sizeof (inaddr)); 1029 1030 } else { 1031 1032 if (ack->opts[CD_SUBNETMASK] != NULL && 1033 ack->opts[CD_SUBNETMASK]->len != sizeof (inaddr)) { 1034 dhcpmsg(MSG_WARNING, "configure_v4_lease: specified " 1035 "subnet mask length is %d instead of %d, ignoring", 1036 ack->opts[CD_SUBNETMASK]->len, sizeof (ipaddr_t)); 1037 } else { 1038 dhcpmsg(MSG_WARNING, "configure_v4_lease: no IP " 1039 "netmask specified for %s, making best guess", 1040 lif->lif_name); 1041 } 1042 1043 /* 1044 * no legitimate IP subnet mask specified.. use best 1045 * guess. recall that lif_addr is in network order, so 1046 * imagine it's 0x11223344: then when it is read into 1047 * a register on x86, it becomes 0x44332211, so we 1048 * must ntohl() it to convert it to 0x11223344 in 1049 * order to use the macros in <netinet/in.h>. 1050 */ 1051 1052 if (IN_CLASSA(addrhbo)) 1053 inaddr.s_addr = htonl(IN_CLASSA_NET); 1054 else if (IN_CLASSB(addrhbo)) 1055 inaddr.s_addr = htonl(IN_CLASSB_NET); 1056 else /* must be class c */ 1057 inaddr.s_addr = htonl(IN_CLASSC_NET); 1058 } 1059 lif->lif_v6mask._S6_un._S6_u32[3] = inaddr.s_addr; 1060 1061 sin->sin_addr = inaddr; 1062 dhcpmsg(MSG_INFO, "configure_v4_lease: setting IP netmask to %s on %s", 1063 inet_ntoa(sin->sin_addr), lif->lif_name); 1064 1065 if (ioctl(v4_sock_fd, SIOCSLIFNETMASK, &lifr) == -1) { 1066 dhcpmsg(MSG_ERR, "configure_v4_lease: cannot set IP netmask " 1067 "on %s", lif->lif_name); 1068 return (B_FALSE); 1069 } 1070 1071 IN6_V4MAPPED_TO_INADDR(&lif->lif_v6addr, &sin->sin_addr); 1072 dhcpmsg(MSG_INFO, "configure_v4_lease: setting IP address to %s on %s", 1073 inet_ntoa(sin->sin_addr), lif->lif_name); 1074 1075 if (ioctl(v4_sock_fd, SIOCSLIFADDR, &lifr) == -1) { 1076 dhcpmsg(MSG_ERR, "configure_v4_lease: cannot set IP address " 1077 "on %s", lif->lif_name); 1078 return (B_FALSE); 1079 } 1080 1081 if (ioctl(v4_sock_fd, SIOCGLIFFLAGS, &lifr) == -1) { 1082 dhcpmsg(MSG_ERR, "configure_v4_lease: cannot get interface " 1083 "flags for %s", lif->lif_name); 1084 return (B_FALSE); 1085 } 1086 1087 lifr.lifr_flags |= IFF_UP; 1088 if (ioctl(v4_sock_fd, SIOCSLIFFLAGS, &lifr) == -1) { 1089 dhcpmsg(MSG_ERR, "configure_v4_lease: cannot set interface " 1090 "flags for %s", lif->lif_name); 1091 return (B_FALSE); 1092 } 1093 lif->lif_flags = lifr.lifr_flags; 1094 1095 lif->lif_dad_wait = B_TRUE; 1096 dsmp->dsm_lif_wait++; 1097 1098 if (ack->opts[CD_BROADCASTADDR] != NULL && 1099 ack->opts[CD_BROADCASTADDR]->len == sizeof (inaddr)) { 1100 1101 (void) memcpy(&inaddr, ack->opts[CD_BROADCASTADDR]->value, 1102 sizeof (inaddr)); 1103 1104 } else { 1105 1106 if (ack->opts[CD_BROADCASTADDR] != NULL && 1107 ack->opts[CD_BROADCASTADDR]->len != sizeof (inaddr)) { 1108 dhcpmsg(MSG_WARNING, "configure_v4_lease: specified " 1109 "broadcast address length is %d instead of %d, " 1110 "ignoring", ack->opts[CD_BROADCASTADDR]->len, 1111 sizeof (inaddr)); 1112 } else { 1113 dhcpmsg(MSG_WARNING, "configure_v4_lease: no IP " 1114 "broadcast specified for %s, making best guess", 1115 lif->lif_name); 1116 } 1117 1118 /* 1119 * no legitimate IP broadcast specified. compute it 1120 * from the IP address and netmask. 1121 */ 1122 1123 IN6_V4MAPPED_TO_INADDR(&lif->lif_v6addr, &inaddr); 1124 inaddr.s_addr |= ~lif->lif_v6mask._S6_un._S6_u32[3]; 1125 } 1126 1127 /* 1128 * the kernel will set the broadcast address for us as part of 1129 * bringing the interface up. since experience has shown that dhcp 1130 * servers sometimes provide a bogus broadcast address, we let the 1131 * kernel set it so that it's guaranteed to be correct. 1132 * 1133 * also, note any inconsistencies and save the broadcast address the 1134 * kernel set so that we can watch for changes to it. 1135 */ 1136 1137 if (ioctl(v4_sock_fd, SIOCGLIFBRDADDR, &lifr) == -1) { 1138 dhcpmsg(MSG_ERR, "configure_v4_lease: cannot get broadcast " 1139 "address for %s", lif->lif_name); 1140 return (B_FALSE); 1141 } 1142 1143 if (inaddr.s_addr != sin->sin_addr.s_addr) { 1144 dhcpmsg(MSG_WARNING, "configure_v4_lease: incorrect broadcast " 1145 "address %s specified for %s; ignoring", inet_ntoa(inaddr), 1146 lif->lif_name); 1147 } 1148 1149 lif->lif_broadcast = sin->sin_addr.s_addr; 1150 dhcpmsg(MSG_INFO, 1151 "configure_v4_lease: using broadcast address %s on %s", 1152 inet_ntoa(inaddr), lif->lif_name); 1153 return (B_TRUE); 1154 } 1155 1156 /* 1157 * save_server_id(): save off the new DHCPv6 Server ID 1158 * 1159 * input: dhcp_smach_t *: the state machine to use 1160 * PKT_LIST *: the packet with the Reply message 1161 * output: boolean_t: B_TRUE on success, B_FALSE on failure 1162 */ 1163 1164 boolean_t 1165 save_server_id(dhcp_smach_t *dsmp, PKT_LIST *msg) 1166 { 1167 const dhcpv6_option_t *d6o; 1168 uint_t olen; 1169 1170 d6o = dhcpv6_pkt_option(msg, NULL, DHCPV6_OPT_SERVERID, &olen); 1171 if (d6o == NULL) 1172 return (B_FALSE); 1173 olen -= sizeof (*d6o); 1174 free(dsmp->dsm_serverid); 1175 if ((dsmp->dsm_serverid = malloc(olen)) == NULL) { 1176 return (B_FALSE); 1177 } else { 1178 dsmp->dsm_serveridlen = olen; 1179 (void) memcpy(dsmp->dsm_serverid, d6o + 1, olen); 1180 return (B_TRUE); 1181 } 1182 } 1183