The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
proto_dhcpv6_udp.c
Go to the documentation of this file.
1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License as published by
4  * the Free Software Foundation; either version 2 of the License, or
5  * (at your option) any later version.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15  */
16 
17 /**
18  * $Id: e5aee4f7518847bb5e9634befbe4271bdbf088cc $
19  * @file proto_dhcpv6_udp.c
20  * @brief DHCPv6 handler for UDP.
21  *
22  * @copyright 2020 Network RADIUS SAS (legal@networkradius.com)
23  */
24 #define LOG_PREFIX "proto_dhcpv6_udp"
25 
26 #include <freeradius-devel/server/protocol.h>
27 #include <freeradius-devel/util/udp.h>
28 #include <freeradius-devel/util/trie.h>
29 #include <freeradius-devel/io/application.h>
30 #include <freeradius-devel/io/listen.h>
31 #include <freeradius-devel/io/schedule.h>
32 #include <freeradius-devel/protocol/dhcpv6/freeradius.internal.h>
33 #include "proto_dhcpv6.h"
34 
35 extern fr_app_io_t proto_dhcpv6_udp;
36 
37 typedef struct {
38  char const *name; //!< socket name
39  int sockfd;
40 
41  fr_io_address_t *connection; //!< for connected sockets.
42 
43  fr_stats_t stats; //!< statistics for this socket
44 } proto_dhcpv6_udp_thread_t;
45 
46 typedef struct {
47  CONF_SECTION *cs; //!< our configuration
48 
49  fr_ipaddr_t ipaddr; //!< IP address to listen on.
50 
51  fr_ipaddr_t src_ipaddr; //!< IP address to source replies
52 
53  char const *interface; //!< Interface to bind to.
54  char const *port_name; //!< Name of the port for getservent().
55  fr_ethernet_t ethernet; //!< ethernet address associated with the interface
56 
57  uint32_t recv_buff; //!< How big the kernel's receive buffer should be.
58 
59  uint32_t hop_limit; //!< for multicast addresses
60  uint32_t max_packet_size; //!< for message ring buffer.
61  uint32_t max_attributes; //!< Limit maximum decodable attributes.
62 
63  uint16_t port; //!< Port to listen on.
64 
65  bool multicast; //!< whether or not we listen for multicast packets
66 
67  bool recv_buff_is_set; //!< Whether we were provided with a receive
68  //!< buffer value.
69  bool dynamic_clients; //!< whether we have dynamic clients
70 
71  fr_client_list_t *clients; //!< local clients
72  fr_client_t *default_client; //!< default 0/0 client
73 
74  fr_trie_t *trie; //!< for parsed networks
75  fr_ipaddr_t *allow; //!< allowed networks for dynamic clients
76  fr_ipaddr_t *deny; //!< denied networks for dynamic clients
77 } proto_dhcpv6_udp_t;
78 
79 
80 static const conf_parser_t networks_config[] = {
81  { FR_CONF_OFFSET_TYPE_FLAGS("allow", FR_TYPE_COMBO_IP_PREFIX , CONF_FLAG_MULTI, proto_dhcpv6_udp_t, allow) },
82  { FR_CONF_OFFSET_TYPE_FLAGS("deny", FR_TYPE_COMBO_IP_PREFIX , CONF_FLAG_MULTI, proto_dhcpv6_udp_t, deny) },
83 
84  CONF_PARSER_TERMINATOR
85 };
86 
87 
88 static const conf_parser_t udp_listen_config[] = {
89  { FR_CONF_OFFSET_TYPE_FLAGS("ipaddr", FR_TYPE_IPV6_ADDR, 0, proto_dhcpv6_udp_t, ipaddr) },
90  { FR_CONF_OFFSET_TYPE_FLAGS("ipv6addr", FR_TYPE_IPV6_ADDR, 0, proto_dhcpv6_udp_t, ipaddr) },
91 
92  { FR_CONF_OFFSET_TYPE_FLAGS("src_ipaddr", FR_TYPE_COMBO_IP_ADDR, 0, proto_dhcpv6_udp_t, src_ipaddr) },
93 
94  { FR_CONF_OFFSET("interface", proto_dhcpv6_udp_t, interface) },
95  { FR_CONF_OFFSET("port_name", proto_dhcpv6_udp_t, port_name) },
96 
97  { FR_CONF_OFFSET("port", proto_dhcpv6_udp_t, port), .dflt = "547" },
98  { FR_CONF_OFFSET_IS_SET("recv_buff", FR_TYPE_UINT32, 0, proto_dhcpv6_udp_t, recv_buff) },
99 
100  { FR_CONF_OFFSET("hop_limit", proto_dhcpv6_udp_t, hop_limit) },
101 
102  { FR_CONF_OFFSET("dynamic_clients", proto_dhcpv6_udp_t, dynamic_clients) } ,
103  { FR_CONF_POINTER("networks", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) networks_config },
104 
105  { FR_CONF_OFFSET("max_packet_size", proto_dhcpv6_udp_t, max_packet_size), .dflt = "8192" } ,
106  { FR_CONF_OFFSET("max_attributes", proto_dhcpv6_udp_t, max_attributes), .dflt = STRINGIFY(DHCPV6_MAX_ATTRIBUTES) } ,
107 
108  CONF_PARSER_TERMINATOR
109 };
110 
111 static fr_dict_t const *dict_dhcpv6;
112 
113 extern fr_dict_autoload_t proto_dhcpv6_udp_dict[];
114 fr_dict_autoload_t proto_dhcpv6_udp_dict[] = {
115  { .out = &dict_dhcpv6, .proto = "dhcpv6" },
116  { NULL }
117 };
118 
119 static fr_dict_attr_t const *attr_packet_type;
120 static fr_dict_attr_t const *attr_client_id;
121 static fr_dict_attr_t const *attr_relay_message;
122 
123 extern fr_dict_attr_autoload_t proto_dhcpv6_udp_dict_attr[];
124 fr_dict_attr_autoload_t proto_dhcpv6_udp_dict_attr[] = {
125  { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_dhcpv6},
126  { .out = &attr_client_id, .name = "Client-ID", .type = FR_TYPE_STRUCT, .dict = &dict_dhcpv6},
127  { .out = &attr_relay_message, .name = "Relay-Message", .type = FR_TYPE_GROUP, .dict = &dict_dhcpv6 },
128  { NULL }
129 };
130 
131 static ssize_t mod_read(fr_listen_t *li, void **packet_ctx, fr_time_t *recv_time_p, uint8_t *buffer, size_t buffer_len,
132  size_t *leftover)
133 {
134  proto_dhcpv6_udp_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_dhcpv6_udp_t);
135  proto_dhcpv6_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_dhcpv6_udp_thread_t);
136  fr_io_address_t *address, **address_p;
137 
138  int flags;
139  ssize_t data_size;
140  size_t packet_len;
141  uint32_t xid;
142  fr_dhcpv6_packet_t *packet;
143 
144  *leftover = 0; /* always for UDP */
145 
146  /*
147  * Where the addresses should go. This is a special case
148  * for proto_dhcpv6.
149  */
150  address_p = (fr_io_address_t **)packet_ctx;
151  address = *address_p;
152 
153  /*
154  * Tell udp_recv if we're connected or not.
155  */
156  flags = UDP_FLAGS_CONNECTED * (thread->connection != NULL);
157 
158  data_size = udp_recv(thread->sockfd, flags, &address->socket, buffer, buffer_len, recv_time_p);
159  if (data_size < 0) {
160  RATE_LIMIT_GLOBAL(PERROR, "Read error (%zd)", data_size);
161  return data_size;
162  }
163 
164  if ((size_t) data_size < sizeof(fr_dhcpv6_packet_t)) {
165  RATE_LIMIT_GLOBAL(WARN, "Insufficient data - ignoring");
166  return 0;
167  }
168 
169  packet_len = data_size;
170 
171  /*
172  * We've seen a server reply to this port, but the giaddr
173  * is *not* our address. Drop it.
174  */
175  packet = (fr_dhcpv6_packet_t *) buffer;
176  if (!packet->code || (packet->code >= FR_DHCPV6_CODE_MAX)) {
177  RATE_LIMIT_GLOBAL(WARN, "Unsupported packet code %d - ignoring", packet->code);
178  return 0;
179  }
180 
181  /*
182  * RFC 8415 Section 18.4 forbids certain types of packets
183  * from being received on a unicast address.
184  */
185  if (!inst->multicast) {
186  if ((packet->code == FR_DHCPV6_SOLICIT) ||
187  (packet->code == FR_DHCPV6_REBIND) ||
188  (packet->code == FR_DHCPV6_CONFIRM)) {
189  RATE_LIMIT_GLOBAL(WARN, "Unicast packet %s - ignoring", fr_dhcpv6_packet_names[packet->code]);
190  return 0;
191  }
192  } /* else it was multicast... remember that */
193 
194  /*
195  * proto_dhcpv6 sets the priority
196  */
197 
198  xid = fr_nbo_to_uint24(packet->transaction_id);
199 
200  /*
201  * Print out what we received.
202  */
203  DEBUG2("Received %s XID %08x length %d %s", fr_dhcpv6_packet_names[packet->code], xid,
204  (int) packet_len, thread->name);
205 
206  return packet_len;
207 }
208 
209 static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, UNUSED fr_time_t request_time,
210  uint8_t *buffer, size_t buffer_len, UNUSED size_t written)
211 {
212  proto_dhcpv6_udp_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_dhcpv6_udp_t);
213  proto_dhcpv6_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_dhcpv6_udp_thread_t);
214 
215  fr_io_track_t *track = talloc_get_type_abort(packet_ctx, fr_io_track_t);
216  fr_socket_t socket;
217 
218  int flags;
219  ssize_t data_size;
220 
221  /*
222  * @todo - share a stats interface with the parent? or
223  * put the stats in the listener, so that proto_dhcpv6
224  * can update them, too.. <sigh>
225  */
226  thread->stats.total_responses++;
227 
228  flags = UDP_FLAGS_CONNECTED * (thread->connection != NULL);
229 
230  /*
231  * Send packets to the originator, EXCEPT that we always
232  * originate packets from our src_ipaddr.
233  */
234  fr_socket_addr_swap(&socket, &track->address->socket);
235  if (!fr_ipaddr_is_inaddr_any(&inst->src_ipaddr)) socket.inet.src_ipaddr = inst->src_ipaddr;
236 
237  /*
238  * Figure out which kind of packet we're sending.
239  */
240  if (!thread->connection) {
241  // @todo - figure out where to send the packet
242  }
243 
244  /*
245  * proto_dhcpv6 takes care of suppressing do-not-respond, etc.
246  */
247  data_size = udp_send(&socket, flags, buffer, buffer_len);
248 
249  /*
250  * This socket is dead. That's an error...
251  */
252  if (data_size <= 0) return data_size;
253 
254  return data_size;
255 }
256 
257 
258 static int mod_connection_set(fr_listen_t *li, fr_io_address_t *connection)
259 {
260  proto_dhcpv6_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_dhcpv6_udp_thread_t);
261 
262  thread->connection = connection;
263  return 0;
264 }
265 
266 
267 static void mod_network_get(void *instance, int *ipproto, bool *dynamic_clients, fr_trie_t const **trie)
268 {
269  proto_dhcpv6_udp_t *inst = talloc_get_type_abort(instance, proto_dhcpv6_udp_t);
270 
271  *ipproto = IPPROTO_UDP;
272  *dynamic_clients = inst->dynamic_clients;
273  *trie = inst->trie;
274 }
275 
276 
277 /** Open a UDP listener for DHCPv6
278  *
279  */
280 static int mod_open(fr_listen_t *li)
281 {
282  proto_dhcpv6_udp_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_dhcpv6_udp_t);
283  proto_dhcpv6_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_dhcpv6_udp_thread_t);
284 
285  int sockfd, rcode;
286  fr_ipaddr_t ipaddr = inst->ipaddr;
287  uint16_t port = inst->port;
288 
289  li->fd = sockfd = fr_socket_server_udp(&inst->ipaddr, &port, inst->port_name, true);
290  if (sockfd < 0) {
291  PERROR("Failed opening UDP socket");
292  error:
293  return -1;
294  }
295 
296  li->app_io_addr = fr_socket_addr_alloc_inet_src(li, IPPROTO_UDP, 0, &inst->ipaddr, port);
297 
298  /*
299  * Set SO_REUSEPORT before bind, so that all packets can
300  * listen on the same destination IP address.
301  */
302  if (1) {
303  int on = 1;
304 
305  if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(on)) < 0) {
306  ERROR("Failed to set socket 'reuseport': %s", fr_syserror(errno));
307  close(sockfd);
308  return -1;
309  }
310  }
311 
312 #ifdef SO_RCVBUF
313  if (inst->recv_buff_is_set) {
314  int opt;
315 
316  opt = inst->recv_buff;
317  if (setsockopt(sockfd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(int)) < 0) {
318  WARN("Failed setting 'recv_buf': %s", fr_syserror(errno));
319  }
320  }
321 #endif
322 
323  /*
324  * SUID up is really only needed if interface is set, OR port <1024.
325  */
326  rad_suid_up();
327  rcode = fr_socket_bind(sockfd, inst->interface, &ipaddr, &port);
328  rad_suid_down();
329  if (rcode < 0) {
330  PERROR("Failed binding socket");
331  close_error:
332  close(sockfd);
333  goto error;
334  }
335 
336  /*
337  * If the user specified a multicast address, then join
338  * that group.
339  */
340  if (inst->multicast) {
341  struct ipv6_mreq mreq;
342 
343  mreq.ipv6mr_multiaddr = inst->ipaddr.addr.v6;
344  mreq.ipv6mr_interface = if_nametoindex(inst->interface);
345  if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) < 0) {
346  PERROR("Failed joining multicast group %pV ", fr_box_ipaddr(inst->ipaddr));
347  goto close_error;
348  }
349 
350  if (inst->hop_limit) {
351  int hop_limit = inst->hop_limit;
352 
353  if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS,
354  (char *) &hop_limit, sizeof(hop_limit)) < 0) {
355  ERROR("Failed to set multicast hop_limit: %s", fr_syserror(errno));
356  goto close_error;
357  }
358  }
359  }
360 
361  thread->sockfd = sockfd;
362 
363  fr_assert((cf_parent(inst->cs) != NULL) && (cf_parent(cf_parent(inst->cs)) != NULL)); /* listen { ... } */
364 
365  thread->name = fr_app_io_socket_name(thread, &proto_dhcpv6_udp,
366  NULL, 0,
367  &inst->ipaddr, inst->port,
368  inst->interface);
369  return 0;
370 }
371 
372 
373 /** Set the file descriptor for this socket.
374  *
375  */
376 static int mod_fd_set(fr_listen_t *li, int fd)
377 {
378  proto_dhcpv6_udp_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_dhcpv6_udp_t);
379  proto_dhcpv6_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_dhcpv6_udp_thread_t);
380 
381  thread->sockfd = fd;
382 
383  thread->name = fr_app_io_socket_name(thread, &proto_dhcpv6_udp,
384  &thread->connection->socket.inet.src_ipaddr, thread->connection->socket.inet.src_port,
385  &inst->ipaddr, inst->port,
386  inst->interface);
387 
388  return 0;
389 }
390 
391 static void *mod_track_create(UNUSED void const *instance, UNUSED void *thread_instance, UNUSED fr_client_t *client,
392  fr_io_track_t *track, uint8_t const *packet, size_t packet_len)
393 {
394  proto_dhcpv6_track_t *t;
395  uint8_t const *option;
396  size_t t_size = sizeof(*t);
397  size_t option_len;
398 
399  /*
400  * Relay packets can be nested to almost any depth.
401  */
402  while (packet[0] == FR_DHCPV6_RELAY_FORWARD) {
403  if (packet_len < (2 + 32)) return NULL;
404 
405  /*
406  * fr_dhcpv6_option_find() ensures that the
407  * option header and data are contained within
408  * the given packet.
409  */
410  option = fr_dhcpv6_option_find(packet + 2 + 32, packet + packet_len, attr_relay_message->attr);
411  if (!option) return NULL;
412 
413  option_len = fr_nbo_to_uint16(option + 2);
414 
415  packet = option + 4; /* skip option header */
416  packet_len = option_len;
417  }
418 
419  if (packet_len <= 4) return NULL;
420 
421  /*
422  * Search the packet options.
423  */
424  option = fr_dhcpv6_option_find(packet + 4, packet + packet_len, attr_client_id->attr);
425  if (!option) return NULL;
426 
427  option_len = fr_nbo_to_uint16(option + 2);
428 
429  if (option_len > ((packet - option) + packet_len)) return NULL;
430 
431  t = (proto_dhcpv6_track_t *) talloc_zero_array(track, uint8_t, t_size + option_len);
432  if (!t) return NULL;
433 
434  talloc_set_name_const(t, "proto_dhcpv6_track_t");
435 
436  memcpy(&t->header, packet, 4); /* packet code + 24-bit transaction ID */
437 
438  memcpy(&t->client_id[0], option + 4, option_len);
439  t->client_id_len = option_len;
440 
441  return t;
442 }
443 
444 
445 static int mod_track_compare(UNUSED void const *instance, UNUSED void *thread_instance, UNUSED fr_client_t *client,
446  void const *one, void const *two)
447 {
448  int ret;
449  proto_dhcpv6_track_t const *a = one;
450  proto_dhcpv6_track_t const *b = two;
451 
452  ret = memcmp(&a->header, &b->header, sizeof(a->header));
453  if (ret != 0) return ret;
454 
455  ret = (a->client_id_len < b->client_id_len) - (a->client_id_len > b->client_id_len);
456  if (ret != 0) return ret;
457 
458  return memcmp(a->client_id, b->client_id, a->client_id_len);
459 }
460 
461 
462 static char const *mod_name(fr_listen_t *li)
463 {
464  proto_dhcpv6_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_dhcpv6_udp_thread_t);
465 
466  return thread->name;
467 }
468 
469 
470 static int mod_bootstrap(module_inst_ctx_t const *mctx)
471 {
472  proto_dhcpv6_udp_t *inst = talloc_get_type_abort(mctx->inst->data, proto_dhcpv6_udp_t);
473  size_t num;
474  CONF_ITEM *ci;
475  CONF_SECTION *server_cs;
476  fr_client_t *client;
477  CONF_SECTION *conf = mctx->inst->conf;
478 
479  inst->cs = conf;
480 
481  /*
482  * Complain if no "ipaddr" is set.
483  */
484  if (inst->ipaddr.af == AF_UNSPEC) {
485  if (!inst->interface) {
486  cf_log_err(conf, "No 'ipaddr' was specified in the 'udp' section");
487  return -1;
488  }
489 
490  /*
491  * If there's a named interface, maybe we can
492  * find a link-local address for it. If so, just
493  * use that.
494  */
495  if (inst->interface &&
496  (fr_interface_to_ipaddr(inst->interface, &inst->ipaddr, AF_INET6, true) < 0)) {
497  cf_log_err(conf, "No 'ipaddr' specified, and we cannot determine one for interface '%s'",
498  inst->interface);
499  return -1;
500  }
501  }
502 
503  if (inst->ipaddr.af != AF_INET6) {
504  cf_log_err(conf, "DHCPv6 cannot use IPv4 for 'ipaddr'");
505  return -1;
506  }
507 
508  /*
509  * Remember if we're a multicast socket.
510  */
511  inst->multicast = (fr_ipaddr_is_multicast(&inst->ipaddr) == 1);
512 
513  /*
514  * Set src_ipaddr to ipaddr if not otherwise specified
515  */
516  if (inst->src_ipaddr.af == AF_UNSPEC) {
517  if (!inst->multicast) {
518  inst->src_ipaddr = inst->ipaddr;
519 
520  /*
521  * If the admin didn't specify an
522  * interface, then try to find one
523  * automatically. We only do this for
524  * link-local addresses.
525  */
526  if (!inst->interface) {
527  inst->interface = fr_ipaddr_to_interface(inst, &inst->ipaddr);
528  if (!inst->interface) {
529  interface_fail:
530  cf_log_err(conf, "No 'interface' specified, and we cannot "
531  "determine one for 'ipaddr = %pV'",
532  fr_box_ipaddr(inst->ipaddr));
533  return -1;
534  }
535  }
536 
537  } else {
538  /*
539  * Multicast addresses MUST specify an interface.
540  */
541  if (!inst->interface) goto interface_fail;
542 
543  if (fr_interface_to_ipaddr(inst->interface, &inst->src_ipaddr, AF_INET6, true) < 0) {
544  cf_log_err(conf, "No 'src_ipaddr' specified, and we cannot determine "
545  "one for 'ipaddr = %pV' and interface '%s'",
546  fr_box_ipaddr(inst->ipaddr), inst->interface);
547  return -1;
548  }
549  }
550  }
551 
552  /*
553  * src_ipaddr must be of the same address family as "ipaddr"
554  */
555  if (inst->src_ipaddr.af != inst->ipaddr.af) {
556  cf_log_err(conf, "Both 'ipaddr' and 'src_ipaddr' must be from the same address family");
557  return -1;
558  }
559 
560  /*
561  * Get the MAC address associated with this interface.
562  * It can be used to create a server ID.
563  */
564  if (inst->interface) fr_interface_to_ethernet(inst->interface, &inst->ethernet);
565 
566  if (inst->recv_buff_is_set) {
567  FR_INTEGER_BOUND_CHECK("recv_buff", inst->recv_buff, >=, 32);
568  FR_INTEGER_BOUND_CHECK("recv_buff", inst->recv_buff, <=, INT_MAX);
569  }
570 
571  FR_INTEGER_BOUND_CHECK("max_packet_size", inst->max_packet_size, >=, 4);
572  FR_INTEGER_BOUND_CHECK("max_packet_size", inst->max_packet_size, <=, 65536);
573 
574  if (!inst->port) {
575  struct servent *s;
576 
577  if (!inst->port_name) {
578  cf_log_err(conf, "No 'port' was specified in the 'udp' section");
579  return -1;
580  }
581 
582  s = getservbyname(inst->port_name, "udp");
583  if (!s) {
584  cf_log_err(conf, "Unknown value for 'port_name = %s", inst->port_name);
585  return -1;
586  }
587 
588  inst->port = ntohl(s->s_port);
589  }
590 
591  /*
592  * Parse and create the trie for dynamic clients, even if
593  * there's no dynamic clients.
594  */
595  num = talloc_array_length(inst->allow);
596  if (!num) {
597  if (inst->dynamic_clients) {
598  cf_log_err(conf, "The 'allow' subsection MUST contain at least one 'network' entry when "
599  "'dynamic_clients = true'.");
600  return -1;
601  }
602  } else {
603  inst->trie = fr_master_io_network(inst, inst->ipaddr.af, inst->allow, inst->deny);
604  if (!inst->trie) {
605  cf_log_perr(conf, "Failed creating list of networks");
606  return -1;
607  }
608  }
609 
610  ci = cf_parent(inst->cs); /* listen { ... } */
611  fr_assert(ci != NULL);
612  ci = cf_parent(ci);
613  fr_assert(ci != NULL);
614 
615  server_cs = cf_item_to_section(ci);
616 
617  /*
618  * Look up local clients, if they exist.
619  *
620  * @todo - ensure that we only parse clients which are
621  * for IPPROTO_UDP, and don't require a "secret".
622  */
623  if (cf_section_find_next(server_cs, NULL, "client", CF_IDENT_ANY)) {
624  inst->clients = client_list_parse_section(server_cs, IPPROTO_UDP, false);
625  if (!inst->clients) {
626  cf_log_err(conf, "Failed creating local clients");
627  return -1;
628  }
629  }
630 
631  /*
632  * Create a fake client.
633  */
634  client = inst->default_client = talloc_zero(inst, fr_client_t);
635  if (!inst->default_client) return 0;
636 
637  client->ipaddr = (fr_ipaddr_t ) {
638  .af = AF_INET6,
639  };
640 
641  client->src_ipaddr = client->ipaddr;
642 
643  client->longname = client->shortname = client->secret = talloc_strdup(client, "default");
644  client->nas_type = talloc_strdup(client, "other");
645 
646  return 0;
647 }
648 
649 static fr_client_t *mod_client_find(fr_listen_t *li, fr_ipaddr_t const *ipaddr, int ipproto)
650 {
651  proto_dhcpv6_udp_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_dhcpv6_udp_t);
652 
653  /*
654  * Prefer local clients.
655  */
656  if (inst->clients) {
657  fr_client_t *client;
658 
659  client = client_find(inst->clients, ipaddr, ipproto);
660  if (client) return client;
661  }
662 
663  return inst->default_client;
664 }
665 
666 fr_app_io_t proto_dhcpv6_udp = {
667  .common = {
668  .magic = MODULE_MAGIC_INIT,
669  .name = "dhcpv6_udp",
670  .config = udp_listen_config,
671  .inst_size = sizeof(proto_dhcpv6_udp_t),
672  .thread_inst_size = sizeof(proto_dhcpv6_udp_thread_t),
673  .bootstrap = mod_bootstrap
674  },
675  .default_message_size = 4096,
676  .track_duplicates = true,
677 
678  .open = mod_open,
679  .read = mod_read,
680  .write = mod_write,
681  .fd_set = mod_fd_set,
682  .track_create = mod_track_create,
683  .track_compare = mod_track_compare,
684  .connection_set = mod_connection_set,
685  .network_get = mod_network_get,
686  .client_find = mod_client_find,
687  .get_name = mod_name,
688 };
buffer
static int const char char buffer[256]
Definition: acutest.h:574
fr_app_io_socket_name
char const * fr_app_io_socket_name(TALLOC_CTX *ctx, fr_app_io_t const *app_io, fr_ipaddr_t const *src_ipaddr, int src_port, fr_ipaddr_t const *dst_ipaddr, int dst_port, char const *interface)
Definition: app_io.c:32
fr_app_io_t::common
module_t common
Common fields to all loadable modules.
Definition: app_io.h:34
fr_app_io_t
Public structure describing an I/O path for a protocol.
Definition: app_io.h:33
STRINGIFY
#define STRINGIFY(x)
Definition: build.h:195
UNUSED
#define UNUSED
Definition: build.h:313
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition: cf_parse.h:626
FR_INTEGER_BOUND_CHECK
#define FR_INTEGER_BOUND_CHECK(_name, _var, _op, _bound)
Definition: cf_parse.h:486
FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:268
FR_CONF_POINTER
#define FR_CONF_POINTER(_name, _type, _flags, _res_p)
conf_parser_t which parses a single CONF_PAIR producing a single global result
Definition: cf_parse.h:310
FR_CONF_OFFSET_IS_SET
#define FR_CONF_OFFSET_IS_SET(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct,...
Definition: cf_parse.h:282
CONF_FLAG_MULTI
@ CONF_FLAG_MULTI
CONF_PAIR can have multiple copies.
Definition: cf_parse.h:420
CONF_FLAG_SUBSECTION
@ CONF_FLAG_SUBSECTION
Instead of putting the information into a configuration structure, the configuration file routines MA...
Definition: cf_parse.h:400
FR_CONF_OFFSET_TYPE_FLAGS
#define FR_CONF_OFFSET_TYPE_FLAGS(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:241
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition: cf_parse.h:563
cf_item
Common header for all CONF_* types.
Definition: cf_priv.h:49
cf_section
A section grouping multiple CONF_PAIR.
Definition: cf_priv.h:89
cf_item_to_section
CONF_SECTION * cf_item_to_section(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_SECTION.
Definition: cf_util.c:649
cf_section_find_next
CONF_SECTION * cf_section_find_next(CONF_SECTION const *cs, CONF_SECTION const *prev, char const *name1, char const *name2)
Return the next matching section.
Definition: cf_util.c:991
cf_log_err
#define cf_log_err(_cf, _fmt,...)
Definition: cf_util.h:265
cf_parent
#define cf_parent(_cf)
Definition: cf_util.h:98
cf_log_perr
#define cf_log_perr(_cf, _fmt,...)
Definition: cf_util.h:272
CF_IDENT_ANY
#define CF_IDENT_ANY
Definition: cf_util.h:78
ERROR
#define ERROR(fmt,...)
Definition: dhcpclient.c:41
sockfd
static int sockfd
Definition: dhcpclient.c:56
FR_DHCPV6_REBIND
@ FR_DHCPV6_REBIND
Definition: dhcpv6.h:73
FR_DHCPV6_CONFIRM
@ FR_DHCPV6_CONFIRM
Definition: dhcpv6.h:71
FR_DHCPV6_SOLICIT
@ FR_DHCPV6_SOLICIT
Definition: dhcpv6.h:68
FR_DHCPV6_CODE_MAX
@ FR_DHCPV6_CODE_MAX
Definition: dhcpv6.h:103
FR_DHCPV6_RELAY_FORWARD
@ FR_DHCPV6_RELAY_FORWARD
Definition: dhcpv6.h:79
DHCPV6_MAX_ATTRIBUTES
#define DHCPV6_MAX_ATTRIBUTES
Definition: dhcpv6.h:52
fr_dhcpv6_packet_t::transaction_id
uint8_t transaction_id[3]
Definition: dhcpv6.h:124
fr_dhcpv6_packet_t::code
uint8_t code
Definition: dhcpv6.h:123
fr_dhcpv6_packet_t
Definition: dhcpv6.h:122
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition: dict.h:250
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition: dict.h:263
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition: dict.h:249
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition: dict.h:262
dl_module_instance_s::data
void *_CONST data
Module instance's parsed configuration.
Definition: dl_module.h:165
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition: dl_module.h:65
dl_module_instance_s::conf
CONF_SECTION *_CONST conf
Module's instance configuration.
Definition: dl_module.h:166
fr_interface_to_ipaddr
int fr_interface_to_ipaddr(char const *interface, fr_ipaddr_t *ipaddr, int af, bool link_local)
Definition: inet.c:1559
fr_ipaddr_is_multicast
int fr_ipaddr_is_multicast(fr_ipaddr_t const *ipaddr)
Determine if an address is a multicast address.
Definition: inet.c:94
fr_ipaddr_is_inaddr_any
int fr_ipaddr_is_inaddr_any(fr_ipaddr_t const *ipaddr)
Determine if an address is the INADDR_ANY address for its address family.
Definition: inet.c:62
fr_interface_to_ethernet
int fr_interface_to_ethernet(char const *interface, fr_ethernet_t *ethernet)
Definition: inet.c:1604
fr_ipaddr_to_interface
char * fr_ipaddr_to_interface(TALLOC_CTX *ctx, fr_ipaddr_t *ipaddr)
Definition: inet.c:1516
fr_ipaddr_t::af
int af
Address family.
Definition: inet.h:64
fr_ethernet_t
Struct to represent an ethernet address.
Definition: inet.h:45
fr_ipaddr_t
IPv4/6 prefix.
Definition: merged_model.c:272
fr_io_address_t::socket
fr_socket_t socket
src/dst ip and port.
Definition: base.h:336
fr_io_address_t
Definition: base.h:335
fr_listen::app_io_addr
fr_socket_t * app_io_addr
for tracking duplicate sockets
Definition: listen.h:35
fr_listen::app_io_instance
void const * app_io_instance
I/O path configuration context.
Definition: listen.h:32
fr_listen::thread_instance
void * thread_instance
thread / socket context
Definition: listen.h:33
fr_listen::fd
int fd
file descriptor for this socket - set by open
Definition: listen.h:28
fr_listen
Definition: listen.h:25
fr_client_s::ipaddr
fr_ipaddr_t ipaddr
IPv4/IPv6 address of the host.
Definition: client.h:80
fr_client_s::secret
char const * secret
Secret PSK.
Definition: client.h:87
fr_client_s::src_ipaddr
fr_ipaddr_t src_ipaddr
IPv4/IPv6 address to send responses from (family must match ipaddr).
Definition: client.h:81
fr_client_s::nas_type
char const * nas_type
Type of client (arbitrary).
Definition: client.h:99
fr_client_s::longname
char const * longname
Client identifier.
Definition: client.h:84
fr_client_s::shortname
char const * shortname
Client nickname.
Definition: client.h:85
fr_client_s
Describes a host allowed to send packets to the server.
Definition: client.h:77
PERROR
#define PERROR(_fmt,...)
Definition: log.h:228
RATE_LIMIT_GLOBAL
#define RATE_LIMIT_GLOBAL(_log, _fmt,...)
Rate limit messages using a global limiting entry.
Definition: log.h:641
rad_suid_up
void rad_suid_up(void)
Definition: util.c:894
rad_suid_down
void rad_suid_down(void)
Definition: util.c:898
udp_recv
ssize_t udp_recv(int sockfd, int flags, fr_socket_t *socket_out, void *data, size_t data_len, fr_time_t *when)
Read a UDP packet.
Definition: udp.c:145
udp_send
int udp_send(fr_socket_t const *sock, int flags, void *data, size_t data_len)
Send a packet via a UDP socket.
Definition: udp.c:43
fr_master_io_network
fr_trie_t * fr_master_io_network(TALLOC_CTX *ctx, int af, fr_ipaddr_t *allow, fr_ipaddr_t *deny)
Create a trie from arrays of allow / deny IP addresses.
Definition: master.c:2744
fr_io_track_s::address
fr_io_address_t const * address
of this packet.. shared between multiple packets
Definition: master.h:54
fr_io_track_s
Definition: master.h:40
uint16_t
unsigned short uint16_t
Definition: merged_model.c:31
FR_TYPE_COMBO_IP_PREFIX
@ FR_TYPE_COMBO_IP_PREFIX
IPv4 or IPv6 address prefix depending on length.
Definition: merged_model.c:92
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition: merged_model.c:99
FR_TYPE_STRUCT
@ FR_TYPE_STRUCT
like TLV, but without T or L, and fixed-width children
Definition: merged_model.c:119
FR_TYPE_IPV6_ADDR
@ FR_TYPE_IPV6_ADDR
128 Bit IPv6 Address.
Definition: merged_model.c:88
FR_TYPE_COMBO_IP_ADDR
@ FR_TYPE_COMBO_IP_ADDR
IPv4 or IPv6 address depending on length.
Definition: merged_model.c:91
FR_TYPE_GROUP
@ FR_TYPE_GROUP
A grouping of other attributes.
Definition: merged_model.c:124
uint32_t
unsigned int uint32_t
Definition: merged_model.c:33
ssize_t
long int ssize_t
Definition: merged_model.c:24
uint8_t
unsigned char uint8_t
Definition: merged_model.c:30
fr_dict_attr_t
Definition: merged_model.c:133
fr_dict_t
Definition: merged_model.c:198
module_inst_ctx_t::inst
dl_module_inst_t const * inst
Dynamic loader API handle for the module.
Definition: module_ctx.h:52
module_inst_ctx_t
Temporary structure to hold arguments for instantiation calls.
Definition: module_ctx.h:51
fr_nbo_to_uint16
static uint16_t fr_nbo_to_uint16(uint8_t const data[static sizeof(uint16_t)])
Read an unsigned 16bit integer from wire format (big endian)
Definition: nbo.h:137
fr_nbo_to_uint24
static uint32_t fr_nbo_to_uint24(uint8_t const data[static 3])
Read an unsigned 24bit integer from wire format (big endian)
Definition: nbo.h:148
proto_dhcpv6.h
proto_dhcpv6_track_t::client_id_len
size_t client_id_len
Definition: proto_dhcpv6.h:49
proto_dhcpv6_track_t::client_id
uint8_t client_id[]
Definition: proto_dhcpv6.h:50
proto_dhcpv6_track_t::header
uint32_t header
Definition: proto_dhcpv6.h:48
proto_dhcpv6_track_t
Definition: proto_dhcpv6.h:47
proto_dhcpv6_udp_t::dynamic_clients
bool dynamic_clients
whether we have dynamic clients
Definition: proto_dhcpv6_udp.c:69
proto_dhcpv6_udp_t::ipaddr
fr_ipaddr_t ipaddr
IP address to listen on.
Definition: proto_dhcpv6_udp.c:49
attr_packet_type
static fr_dict_attr_t const * attr_packet_type
Definition: proto_dhcpv6_udp.c:119
mod_read
static ssize_t mod_read(fr_listen_t *li, void **packet_ctx, fr_time_t *recv_time_p, uint8_t *buffer, size_t buffer_len, size_t *leftover)
Definition: proto_dhcpv6_udp.c:131
mod_client_find
static fr_client_t * mod_client_find(fr_listen_t *li, fr_ipaddr_t const *ipaddr, int ipproto)
Definition: proto_dhcpv6_udp.c:649
proto_dhcpv6_udp_t::max_attributes
uint32_t max_attributes
Limit maximum decodable attributes.
Definition: proto_dhcpv6_udp.c:61
proto_dhcpv6_udp_t::allow
fr_ipaddr_t * allow
allowed networks for dynamic clients
Definition: proto_dhcpv6_udp.c:75
proto_dhcpv6_udp_dict_attr
fr_dict_attr_autoload_t proto_dhcpv6_udp_dict_attr[]
Definition: proto_dhcpv6_udp.c:124
proto_dhcpv6_udp_t::ethernet
fr_ethernet_t ethernet
ethernet address associated with the interface
Definition: proto_dhcpv6_udp.c:55
proto_dhcpv6_udp_t::max_packet_size
uint32_t max_packet_size
for message ring buffer.
Definition: proto_dhcpv6_udp.c:60
proto_dhcpv6_udp_t::interface
char const * interface
Interface to bind to.
Definition: proto_dhcpv6_udp.c:53
proto_dhcpv6_udp_t::port_name
char const * port_name
Name of the port for getservent().
Definition: proto_dhcpv6_udp.c:54
mod_bootstrap
static int mod_bootstrap(module_inst_ctx_t const *mctx)
Definition: proto_dhcpv6_udp.c:470
proto_dhcpv6_udp_thread_t::connection
fr_io_address_t * connection
for connected sockets.
Definition: proto_dhcpv6_udp.c:41
proto_dhcpv6_udp_t::default_client
fr_client_t * default_client
default 0/0 client
Definition: proto_dhcpv6_udp.c:72
mod_open
static int mod_open(fr_listen_t *li)
Open a UDP listener for DHCPv6.
Definition: proto_dhcpv6_udp.c:280
udp_listen_config
static const conf_parser_t udp_listen_config[]
Definition: proto_dhcpv6_udp.c:88
attr_relay_message
static fr_dict_attr_t const * attr_relay_message
Definition: proto_dhcpv6_udp.c:121
proto_dhcpv6_udp_t::hop_limit
uint32_t hop_limit
for multicast addresses
Definition: proto_dhcpv6_udp.c:59
mod_name
static char const * mod_name(fr_listen_t *li)
Definition: proto_dhcpv6_udp.c:462
networks_config
static const conf_parser_t networks_config[]
Definition: proto_dhcpv6_udp.c:80
proto_dhcpv6_udp_t::multicast
bool multicast
whether or not we listen for multicast packets
Definition: proto_dhcpv6_udp.c:65
proto_dhcpv6_udp_thread_t::stats
fr_stats_t stats
statistics for this socket
Definition: proto_dhcpv6_udp.c:43
dict_dhcpv6
static fr_dict_t const * dict_dhcpv6
Definition: proto_dhcpv6_udp.c:111
mod_network_get
static void mod_network_get(void *instance, int *ipproto, bool *dynamic_clients, fr_trie_t const **trie)
Definition: proto_dhcpv6_udp.c:267
proto_dhcpv6_udp_t::clients
fr_client_list_t * clients
local clients
Definition: proto_dhcpv6_udp.c:71
proto_dhcpv6_udp_t::recv_buff
uint32_t recv_buff
How big the kernel's receive buffer should be.
Definition: proto_dhcpv6_udp.c:57
mod_track_compare
static int mod_track_compare(UNUSED void const *instance, UNUSED void *thread_instance, UNUSED fr_client_t *client, void const *one, void const *two)
Definition: proto_dhcpv6_udp.c:445
proto_dhcpv6_udp_t::cs
CONF_SECTION * cs
our configuration
Definition: proto_dhcpv6_udp.c:47
mod_connection_set
static int mod_connection_set(fr_listen_t *li, fr_io_address_t *connection)
Definition: proto_dhcpv6_udp.c:258
proto_dhcpv6_udp_t::port
uint16_t port
Port to listen on.
Definition: proto_dhcpv6_udp.c:63
proto_dhcpv6_udp_t::recv_buff_is_set
bool recv_buff_is_set
Whether we were provided with a receive buffer value.
Definition: proto_dhcpv6_udp.c:67
proto_dhcpv6_udp_t::trie
fr_trie_t * trie
for parsed networks
Definition: proto_dhcpv6_udp.c:74
attr_client_id
static fr_dict_attr_t const * attr_client_id
Definition: proto_dhcpv6_udp.c:120
mod_fd_set
static int mod_fd_set(fr_listen_t *li, int fd)
Set the file descriptor for this socket.
Definition: proto_dhcpv6_udp.c:376
proto_dhcpv6_udp_thread_t::sockfd
int sockfd
Definition: proto_dhcpv6_udp.c:39
mod_write
static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, UNUSED fr_time_t request_time, uint8_t *buffer, size_t buffer_len, UNUSED size_t written)
Definition: proto_dhcpv6_udp.c:209
proto_dhcpv6_udp_t::src_ipaddr
fr_ipaddr_t src_ipaddr
IP address to source replies.
Definition: proto_dhcpv6_udp.c:51
mod_track_create
static void * mod_track_create(UNUSED void const *instance, UNUSED void *thread_instance, UNUSED fr_client_t *client, fr_io_track_t *track, uint8_t const *packet, size_t packet_len)
Definition: proto_dhcpv6_udp.c:391
proto_dhcpv6_udp_t::deny
fr_ipaddr_t * deny
denied networks for dynamic clients
Definition: proto_dhcpv6_udp.c:76
proto_dhcpv6_udp
fr_app_io_t proto_dhcpv6_udp
Definition: proto_dhcpv6_udp.c:666
proto_dhcpv6_udp_thread_t::name
char const * name
socket name
Definition: proto_dhcpv6_udp.c:38
proto_dhcpv6_udp_dict
fr_dict_autoload_t proto_dhcpv6_udp_dict[]
Definition: proto_dhcpv6_udp.c:114
proto_dhcpv6_udp_t
Definition: proto_dhcpv6_udp.c:46
proto_dhcpv6_udp_thread_t
Definition: proto_dhcpv6_udp.c:37
fr_dhcpv6_option_find
uint8_t const * fr_dhcpv6_option_find(uint8_t const *start, uint8_t const *end, unsigned int option)
Definition: base.c:243
fr_dhcpv6_packet_names
char const * fr_dhcpv6_packet_names[FR_DHCPV6_CODE_MAX]
Definition: base.c:71
ipproto
static int ipproto
Definition: radclient-ng.c:94
DEBUG2
#define DEBUG2(fmt,...)
Definition: radclient.h:43
WARN
#define WARN(fmt,...)
Definition: radclient.h:47
conf
static rs_t * conf
Definition: radsniff.c:53
fr_stats_t::total_responses
fr_uint_t total_responses
Definition: stats.h:43
fr_stats_t
Definition: stats.h:39
fr_socket_server_udp
int fr_socket_server_udp(fr_ipaddr_t const *src_ipaddr, uint16_t *src_port, char const *port_name, bool async)
Open an IPv4/IPv6 unconnected UDP socket.
Definition: socket.c:867
fr_socket_bind
int fr_socket_bind(int sockfd, char const *ifname, fr_ipaddr_t *src_ipaddr, uint16_t *src_port)
Bind a UDP/TCP v4/v6 socket to a given ipaddr src port, and interface.
Definition: socket.c:229
client_find
fr_client_t * client_find(fr_client_list_t const *clients, fr_ipaddr_t const *ipaddr, int proto)
Definition: client.c:375
client_list_parse_section
fr_client_list_t * client_list_parse_section(CONF_SECTION *section, int proto, TLS_UNUSED bool tls_required)
Definition: client.c:467
fr_client_list_s
Group of clients.
Definition: client.c:52
fr_assert
fr_assert(0)
inst
eap_aka_sim_process_conf_t * inst
Definition: state_machine.c:3633
fr_syserror
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition: syserror.c:243
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition: talloc.h:270
fr_time_s
"server local" time.
Definition: time.h:69
fr_trie_s
Definition: trie.c:486
UDP_FLAGS_CONNECTED
#define UDP_FLAGS_CONNECTED
Definition: udp.h:38
close
close(uq->fd)
fr_socket_addr_alloc_inet_src
static fr_socket_t * fr_socket_addr_alloc_inet_src(TALLOC_CTX *ctx, int proto, int ifindex, fr_ipaddr_t const *ipaddr, int port)
A variant of fr_socket_addr_init_inet_src will also allocates a fr_socket_t.
Definition: socket.h:244
fr_socket_addr_swap
static void fr_socket_addr_swap(fr_socket_t *dst, fr_socket_t const *src)
Swap src/dst information of a fr_socket_t.
Definition: socket.h:121
fr_socket_t
Holds information necessary for binding or connecting to a socket.
Definition: socket.h:63
fr_box_ipaddr
#define fr_box_ipaddr(_val)
Definition: value.h:287
Generated by   doxygen 1.9.1