Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
Add the peer address to allow relating the lease to
a WireGuard peer.
|
|
Broadcast dhcpv6.ack and dhcpv6.release for IA_NA and IA_PD
assignments.
Include the peer address to allow relating the lease to
a WireGuard peer.
|
|
Signed-off-by: Colin Whittaker <colin.whittaker@adtran.com>
Signed-off-by: Chad Monroe <chad@monroe.io>
|
|
a92c0a7 made the temporary state/leasefile hidden so that an atomic
change was made and dnsmasq only saw the new file on rename. A
misguided optimisation was made to only rename the temporary file if
something had changed. Unfortunately only address and hostnames were
considered in the change, lease durations were not.
As a result it was possible for LUCI which consumes the state/leasefile
to report DHCPv6 leases had expired when they had not.
Revert the optimisation so that the file rename occurs irrespective of
content change, this keeps LUCI reporting of state/lease expiry correct.
This leaves us back with hosts file/dnsmasq update problem. Solve this
by writing out a separate hosts file. Update this file using the
original IP/Hostname change logic that prompts calling the 'lease'
script.
odhcpd config now supports a string 'hostsfile' which defines the path
and name of the hosts file in an identical manner to 'leasefile'. A
state 'leasefile' must be defined IF a 'hostsfile' is also required.
eg.
leasefile '/tmp/odhcpdstate'
hostsfile '/tmp/hosts/odhcpdhosts'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
If a user tries to enable dhcpv4 on an interface with a /29, odhcp won't work.
The logs will only contain a message that doesn't help identify the problem.
It'd be idea to support any prefix with a valid pool, but at least this would
point a confused user in the right direction.
Signed-off-by: Ross Vandegrift <ross@kallisti.us>
|
|
The dhcpv6_pd_min_len configuration clamps the requested prefix
delegation to be at least as big as the option. This allows a
router to manage the size of each downstream router's prefix
delegation length independently from the delegating interface's
prefix length.
This behavior is an implementation choice permitted by the RFCs.
The delegating router (us) is not required to honor the hint
(RFC3633, section 11.2, we MAY choose to use the information in the
option; RFC8168, section 3.2 has several SHOULDs about desired
choices for selecting a prefix to delegate).
This configuration allows us to conserve prefix space so that any
single router can't grab too much of it. Consider if we have an
interface with a /56 prefix. A requesting router could ask for a
/58 and take 1/4 of our total address space. But if we set a
minimum of /60, we can limit each requesting router to get only 1/16
of our total address space.
sample config:
config dhcp 'pd'
...
option dhcpv6_pd_min_len '60'
Signed-off-by: John Kohl <jtk.git@bostonpog.org>
[ use different comment style and fix commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
This option of IPv6 Router Advertisements allows devices connected to
a IPv6-only network to discover IPv6 prefix of the NAT64 gateway.
Devices can use this information for instance to setup client translator
(CLAT) from IPv4 to IPv6 in 464XLAT (RFC 6877) scenario or to handle
IPv4 address literal on application level.
To enable PREF64 option, a new uci parameter ra_pref64 has to contain
the NAT64 prefix, including prefix length. Only lengths of 96, 64, 56,
48, 40 and 32 bits are supported. For example, to annonce the Well-Known
Prefix:
config dhcp 'lan'
…
option ra_pref64 '64:ff9b::/96'
Fixes: #182
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
[ remove extra space for Fixes tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
Use netlink_get_interface_addrs is wrong and doesn't actually work. The
function checks only for UNIVERSE address and is not suitable for
dumping linklocal address of an interface. Use the new and dedicated
function to get interface linklocal address to correctly check if the
interface can receive message.
Fixes: #197
Fixes: 7c0f603abc14 ("router: skip RA and wait for LINK-LOCAL to be assigned")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
Add support for getting interface linklocal address. This is needed to
make sure an interface have a valid link local address and such address
is not TENTATIVE. With these info we can check if an interface is ready
to accept packets.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
This reverts commit 29c934d7ab98ca0b5da0e3757b885a1d3c19a2f4.
Replace with a better more safe implementation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
With ba30afcfec0a26ce4bcd96ea4d687c498b0ba4df it was found that odhcpd
service are setup even if an interface had no connection and was not
running. The commit introduced the change but required more fixup for
the feature to work correctly.
The close_interface() remove the interface from the avl list and this
cause the interface to be missing later in the code flow.
The intention of the commit was to just disable the service and enable
them later when the interface is correctly set to running with the flag
IFF_RUNNING.
Change the logic and introduce a new function reload_servies() that will
check IFF_RUNNING and enable or disable odhcp services.
This function is called on odhcpd_reload() for each interface. In
odhcpd_reload() also restore the original pattern with calling
close_interface() only when the interface is not inuse for odhcp.
Also call reload_services() on the single interface when a RTM_NEWLINK
event is fired reacting to a link change of an odhcp interface and
enabling the services if IFF_RUNNING is set.
Fixes ba30afcfec0a ("config: skip interface setup if interface not IFF_RUNNING")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
If an interface is already init in the odhcpd avl tables, have_link_local
is not set to true with a link local addr set as get ipv6 addr is skipped.
Move checking for have_link_local outside get_addr to better track when
an interface is ready and have a link local addr for interface already
init in odhcpd avl tables.
Fixes: #197
Fixes: 7c0f603abc14 ("router: skip RA and wait for LINK-LOCAL to be assigned")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
This fix a specific and corner case when the following error and similar
is printed in the log:
Failed to send to ff02::1%br-lan (Address not available)
The cause for this was tracked down to the lack of the interface of a
configured LINK-LOCAL IPV6 address resulting in odhcpd_send() always
failing.
A LINK-LOCAL IPV6 address is assigned only after the interface has
carrier and is set to IFF_RUNNING and require some time for the address
to be assigned due to DAD logic.
In the case where an interface was just UP, odhcpd RA may fail since the
LINK-LOCAL IPV6 address still needs to be assigned as it still need to
be "trained". From the kernel view this is flagged in the IPV6 interface
address with the flag IFA_F_TENTATIVE, that means the address still
needs to be checked and follow DAD process.
This is only a transient problem and the DAD process is required only
once till the interface is not set DOWN.
To handle this, add some check to verify if the address has to be
checked and add an additional bool to flag if the interface have a
LINK-LOCAL assigned.
Skip sending RA if the interface still doesn't have finished the DAD
process and retry at the next RA.
A notice log is added to track this special case to track problematic
case and even more corner case.
Logic to check if interface have LINK-LOCAL are:
- When interface is setup, on scanning for the interface ipv6 address
check if at least one address is NOT in IFA_F_TENTATIVE state.
- With interface already up but with still no LINK-LOCAL react on the
RTM_NEWADDR event and set LINK-LOCAL if the addrs added by the event
is a LINK-LOCAL reflecting that the interface finally ended the DAD
process and have a correct address.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
We currently setup odhcp service even if the interface is not running.
This is the case for bridge or specific interface that are flagged as UP
but have no carrier as nothing is connected to it.
This cause a similar error like:
Failed to send to ff02::1%br-lan (Address not available)
This is caused by the kernel assigning IPV6 address only when the
interface is set to IFF_RUNNING.
A LINK-LOCAL IPV6 address is required for odhcpd_send() to work or every
request will be rejected.
To fix this setup services only when interface is in IFF_RUNNING state.
When an interface change state, odhcpd is reloaded and the services are
correctly setup again.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Silencing an error message without properly understanding why it occurs
is terrible practice. "I think this would be better served as debug."
doesn't inspire confidence the author actually understood what was going
on, so revert this commit.
This reverts commit 90d6cc9cd48a333b95604ff90f7ffe67fe14efe3.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
When there's no network cable connected to LAN, then odhcpd does this:
Tue Jan 24 18:32:04 2023 daemon.err odhcpd[2017]: Failed to send to
ff02::1%lan@br-lan (Address not available)
Tue Jan 24 18:32:20 2023 daemon.err odhcpd[2017]: Failed to send to
ff02::1%lan@br-lan (Address not available)
Tue Jan 24 18:32:36 2023 daemon.err odhcpd[2017]: Failed to send to
ff02::1%lan@br-lan (Address not available)
Tue Jan 24 18:32:52 2023 daemon.err odhcpd[2017]: Failed to send to
ff02::1%lan@br-lan (Address not available)
Accurate, but not very interesting. I think this would be better served
as debug.
Signed-off-by: Peter Naulls <peter@chocky.org>
|
|
We currently only check ra_default when an interface has valid
addresses. This results in ra_default being ignored in case we have an
interface with only link-local addresses. This effectively breaks the
use of value 2 for the ra_default parameter.
Fix this by always checking ra_lifetime, regardless of the interface
having public addresses or not.
Fixes: #11930
Fixes: 83e14f455817 ("router: advertise removed addresses as invalid in 3 consecutive RAs")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by:Hans Dedecker <dedeckeh@gmail.com>
|
|
We only set the RA lifetime to what is configured in UCI when there is a
default route and valid prefix. In any other case, we set it to 0. This
leads to confusion where people believe ra_lifetime is completely
ignored. In case there is a default route, but no valid prefix, a debug
message explains this, but if there is no default route, we silently
override ra_lifetime.
Add a debug message for the latter case, and explicitly mention
overriding ra_lifetime in both cases.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Don't add ARP entries to interfaces with IFF_NOARP, it causes
problems with for example WireGuard interfaces (which requires
this change to be usable with DHCPv4-over-DHCPv6).
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
|
|
Use a hidden . prefixed temporary lease file instead of appending
'.tmp'. Dnsmasq is capable of scanning files/directories using inotify
to receive file change notifications and updating its view of hostname
ip address mapping without being SIGHUPped. Until dnsmasq v2.88 this
mechanism allows additions to hostnames, no deletions. dnsmasq v2.88
when released will understand how to remove mappings.
Unfortunately without this change dnsmasq sees odhcpd's temporary lease
file via inotify and it also sees the change when odhcpd atomically
renames the file from '.tmp' to the correct name.
dnsmasq excludes hidden '.' files from it's inotify scans, thus changing
odhcpd to use a hidden temporary lease file reduces load and makes
sense.
Also, while here, only rename the temporary file if it actually contains
different content.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
Support for DHCPv6 Option NTP (Option-56) and SNTP (Option-31),
DHCP Option NTP(Option-42) is implemented.
ntp list is supported for IPv4, IPv6 and FQDN.
Signed-off-by: Avinash Tekumalla <avinash.tekumalla@technicolor.com>
Signed-off-by: Alin Nastac <alin.nastac@technicolor.com>
Signed-off-by: Ashutosh Shandilya <ashutosh.shandilya@technicolor.com>
Signed-off-by: Vidya Rajagopal <vidya.rajagopal@technicolor.com>
|
|
On prefix removal, router advertisement daemon is supposed to send
advertise with an invalid PI entry (see RFC 7084 L-13).
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
The hostname buffer is uninitialized if the client doesn't provide
DHCPV4_OPT_HOSTNAME. Use hostname from the assignment which is present if
a static lease contains the hostname or if the client provides one, and
the hostname is valid. It's also used in the ubus ipv4leases method.
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
|
|
Add dhcpv6_hostid_len config option which controls the number
of bits in the host identifier of dynamically assigned IPv6
addresses. The default is 12 bits which is also the minimum.
The maximum is the whole interface identifier, i.e. 64 bits.
Allow up to 64 bit wide hostid in static leases.
Fixes #84 and #27.
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Preferred lifetime cannot be greater than the valid lifetime of an IA;
fix this by checking if the preferred lifetime does not exceed the
valid lifetime of an IA
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Fixes commit a12fcb3cee2d489b8648a2398812d7bed2f25faa which wrongly
removed setting ra_flags to 0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
An invalid config setting for an interface lead to a flush of all config
settings of the related interface and thus made the interface unusable.
Change the behavior by logging config parse failures to syslog and
not flushing all config settings
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Let's catch compile errors by enabling extra compiler checks
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
src/odhcpd.c:143:2: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
snprintf(buf, sizeof(buf), sysctl_pattern, ifname, what);
^~~~~~~~
cc1: all warnings being treated as errors
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
The prefix_filter allows to select which prefix should be assigned
to clients if you have multiple prefixes on an interface.
Currently, the filter only applies to RAs and does work with
a dhcpv6 server.
This commit enables the filter also on dhcpv6.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
"valid_lft" and "preferred_lft" are different. If the "preferred_lft"
is expired the prefix should be avoided in source prefix selection.
However, the interface is allowed to still receive downstream traffic.
preferred_lfetime:
Limit for preferred lifetime of a prefix
If you want the old behavior, you have to set preferred_lifetime to
the same value as leasetime.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Remove the checks as they're leftovers of the old static lease
implementation which created assigments with assigned equal to 0
whihc is not the case anymore in the reworked static lease
implementation
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Make sure IA_PD prefixes for which no preferred and valid lifetimes
can be returned are included in the reply with a preferred and valid
lifetime to 0.
Therefore exclude IPv6 prefixes with an invalid prefix length as
well so IA_PD prefixes for which not a preferred/valid lifetime is
returned are included with a preferred and valid lifetime set to 0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
When an IPv6 address change is triggered each PD assignment is checked
if it is still consistent with the updated IPv6 prefix list.
If not consistent anymore a reconfigure is triggered for the assignment
and a best effort is made to assign a new IA_PD prefix.
If it not possible anymore to assign an IA_PD prefix delete the PD
assignment now so it will result into a NO BINDING status code for the
given IA_PD in the DHCPv6 reply when the client tries to renew the IA_PD prefix.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Replace local mkdir_p implementation in favour of using mkdir_p now
added to libubox.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
Allows sharing leases between odhcpd instances running
in multiple hosts.
Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Adds the config option to set if ipv6 dns service is availiable on the
interface. In some cases the dns service may not be listening on the
ipv6 address of the interface, and thus should not be announced to clients.
Signed-off-by: Paizhuo Chen <cc@icpz.dev>
|
|
Applications (e.g. unbound) need a consistent view of the statefile;
therefore write all the lease info to a temporary file which is later
renamed to the configured statefile name
Suggested-by : John Fremlin <john@fremlin.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
|
|
Include the All_DHCP_Relay_Agents_and_Servers multicast address
in the option explicitly. It shouldn't be needed according
to RFC 7341 section 7.2 but ISC dhclient logs an error otherwise:
dhcp4-o-dhcp6-server: expecting at least 16 bytes; got 0
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
|
|
Add support for DHCPv4-over-DHCPv6 (DHCP 4o6) Transport (RFC 7341).
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
|
|
The variable maxival contains the maximum time in seconds between
successive unsolicited Router Advertisement messages; RFC6275 defines
the Advertisement Interval option as the time in milliseconds.
Therefore convert maxival to milliseconds when populating the
Advertisement Interval option.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
GCC10 mandates the C++ one definition rule, which breaks on multiple
definitions of config. Add the appropriate extern declaration.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
(FS#3056)
odhcpd includes RIO RA options according to requirement L3 in RFC7084.
However if the delegated prefix length received on the wan is equal to the
downstream delegated prefix length on the Lan this may pollute the
routing table of type C hosts as the RIO routing entry can take
precedence of the PIO routing entry meaning all traffic for the on link
hosts will go via the router iso direct on link communication.
If the traffic is dropped in the router hosts are unreachable; therefore
don't include RIO options with prefixes and prefix length identical to
those in a PIO RA option
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Since commit 6db312a698e920ff61505ef1f42469880829774d the preferred and
valid lifetimes of the addresses/prefixes is based on the configured leasetime;
as a result the displayed preferred and valid lifetimes need to be
calculated based on the assignment lifetime as this is set to the lowest
valid lifetime of the addresses/prefixes.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|