summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2024-01-13WIP: fix clid_data always truewireguardMikael Magnusson
2024-01-13add PoC WireGuard scriptMikael Magnusson
2024-01-13dhcpv4: add peer-4o6 to ipv4 ubus messagesMikael Magnusson
2024-01-13dhcpv6: add peer to ubus dhcpv6leasesMikael Magnusson
Add the peer address to allow relating the lease to a WireGuard peer.
2024-01-13dhcpv6: broadcast ipv6 events via ubusMikael Magnusson
Broadcast dhcpv6.ack and dhcpv6.release for IA_NA and IA_PD assignments. Include the peer address to allow relating the lease to a WireGuard peer.
2023-10-24config: make sure timer is not on the timeouts list before freeingColin Whittaker
Signed-off-by: Colin Whittaker <colin.whittaker@adtran.com> Signed-off-by: Chad Monroe <chad@monroe.io>
2023-10-23add hostsfile output in addition to statefileKevin Darbyshire-Bryant
a92c0a7 made the temporary state/leasefile hidden so that an atomic change was made and dnsmasq only saw the new file on rename. A misguided optimisation was made to only rename the temporary file if something had changed. Unfortunately only address and hostnames were considered in the change, lease durations were not. As a result it was possible for LUCI which consumes the state/leasefile to report DHCPv6 leases had expired when they had not. Revert the optimisation so that the file rename occurs irrespective of content change, this keeps LUCI reporting of state/lease expiry correct. This leaves us back with hosts file/dnsmasq update problem. Solve this by writing out a separate hosts file. Update this file using the original IP/Hostname change logic that prompts calling the 'lease' script. odhcpd config now supports a string 'hostsfile' which defines the path and name of the hosts file in an identical manner to 'leasefile'. A state 'leasefile' must be defined IF a 'hostsfile' is also required. eg. leasefile '/tmp/odhcpdstate' hostsfile '/tmp/hosts/odhcpdhosts' Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2023-06-24dhcpv4: improve error when a prefix is too longRoss Vandegrift
If a user tries to enable dhcpv4 on an interface with a /29, odhcp won't work. The logs will only contain a message that doesn't help identify the problem. It'd be idea to support any prefix with a valid pool, but at least this would point a confused user in the right direction. Signed-off-by: Ross Vandegrift <ross@kallisti.us>
2023-06-24odhcpd: add support for dhcpv6_pd_min_len parameterJohn Kohl
The dhcpv6_pd_min_len configuration clamps the requested prefix delegation to be at least as big as the option. This allows a router to manage the size of each downstream router's prefix delegation length independently from the delegating interface's prefix length. This behavior is an implementation choice permitted by the RFCs. The delegating router (us) is not required to honor the hint (RFC3633, section 11.2, we MAY choose to use the information in the option; RFC8168, section 3.2 has several SHOULDs about desired choices for selecting a prefix to delegate). This configuration allows us to conserve prefix space so that any single router can't grab too much of it. Consider if we have an interface with a /56 prefix. A requesting router could ask for a /58 and take 1/4 of our total address space. But if we set a minimum of /60, we can limit each requesting router to get only 1/16 of our total address space. sample config: config dhcp 'pd' ... option dhcpv6_pd_min_len '60' Signed-off-by: John Kohl <jtk.git@bostonpog.org> [ use different comment style and fix commit description ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-06-23router: Add PREF64 (RFC 8781) supportOndřej Caletka
This option of IPv6 Router Advertisements allows devices connected to a IPv6-only network to discover IPv6 prefix of the NAT64 gateway. Devices can use this information for instance to setup client translator (CLAT) from IPv4 to IPv6 in 464XLAT (RFC 6877) scenario or to handle IPv4 address literal on application level. To enable PREF64 option, a new uci parameter ra_pref64 has to contain the NAT64 prefix, including prefix length. Only lengths of 96, 64, 56, 48, 40 and 32 bits are supported. For example, to annonce the Well-Known Prefix: config dhcp 'lan' … option ra_pref64 '64:ff9b::/96' Fixes: #182 Signed-off-by: Ondřej Caletka <ondrej@caletka.cz> [ remove extra space for Fixes tag ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-03config: use dedicated link local function to check interfaceChristian Marangi
Use netlink_get_interface_addrs is wrong and doesn't actually work. The function checks only for UNIVERSE address and is not suitable for dumping linklocal address of an interface. Use the new and dedicated function to get interface linklocal address to correctly check if the interface can receive message. Fixes: #197 Fixes: 7c0f603abc14 ("router: skip RA and wait for LINK-LOCAL to be assigned") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-03netlink: add support for getting interface linklocalChristian Marangi
Add support for getting interface linklocal address. This is needed to make sure an interface have a valid link local address and such address is not TENTATIVE. With these info we can check if an interface is ready to accept packets. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-03Revert "config: recheck have_link_local on interface reload if already init"Christian Marangi
This reverts commit 29c934d7ab98ca0b5da0e3757b885a1d3c19a2f4. Replace with a better more safe implementation. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-03config: fix feature for enabling service only when interface RUNNINGChristian Marangi
With ba30afcfec0a26ce4bcd96ea4d687c498b0ba4df it was found that odhcpd service are setup even if an interface had no connection and was not running. The commit introduced the change but required more fixup for the feature to work correctly. The close_interface() remove the interface from the avl list and this cause the interface to be missing later in the code flow. The intention of the commit was to just disable the service and enable them later when the interface is correctly set to running with the flag IFF_RUNNING. Change the logic and introduce a new function reload_servies() that will check IFF_RUNNING and enable or disable odhcp services. This function is called on odhcpd_reload() for each interface. In odhcpd_reload() also restore the original pattern with calling close_interface() only when the interface is not inuse for odhcp. Also call reload_services() on the single interface when a RTM_NEWLINK event is fired reacting to a link change of an odhcp interface and enabling the services if IFF_RUNNING is set. Fixes ba30afcfec0a ("config: skip interface setup if interface not IFF_RUNNING") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-24config: recheck have_link_local on interface reload if already initChristian Marangi
If an interface is already init in the odhcpd avl tables, have_link_local is not set to true with a link local addr set as get ipv6 addr is skipped. Move checking for have_link_local outside get_addr to better track when an interface is ready and have a link local addr for interface already init in odhcpd avl tables. Fixes: #197 Fixes: 7c0f603abc14 ("router: skip RA and wait for LINK-LOCAL to be assigned") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-22router: skip RA and wait for LINK-LOCAL to be assignedChristian Marangi
This fix a specific and corner case when the following error and similar is printed in the log: Failed to send to ff02::1%br-lan (Address not available) The cause for this was tracked down to the lack of the interface of a configured LINK-LOCAL IPV6 address resulting in odhcpd_send() always failing. A LINK-LOCAL IPV6 address is assigned only after the interface has carrier and is set to IFF_RUNNING and require some time for the address to be assigned due to DAD logic. In the case where an interface was just UP, odhcpd RA may fail since the LINK-LOCAL IPV6 address still needs to be assigned as it still need to be "trained". From the kernel view this is flagged in the IPV6 interface address with the flag IFA_F_TENTATIVE, that means the address still needs to be checked and follow DAD process. This is only a transient problem and the DAD process is required only once till the interface is not set DOWN. To handle this, add some check to verify if the address has to be checked and add an additional bool to flag if the interface have a LINK-LOCAL assigned. Skip sending RA if the interface still doesn't have finished the DAD process and retry at the next RA. A notice log is added to track this special case to track problematic case and even more corner case. Logic to check if interface have LINK-LOCAL are: - When interface is setup, on scanning for the interface ipv6 address check if at least one address is NOT in IFA_F_TENTATIVE state. - With interface already up but with still no LINK-LOCAL react on the RTM_NEWADDR event and set LINK-LOCAL if the addrs added by the event is a LINK-LOCAL reflecting that the interface finally ended the DAD process and have a correct address. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2023-03-21config: skip interface setup if interface not IFF_RUNNINGChristian Marangi
We currently setup odhcp service even if the interface is not running. This is the case for bridge or specific interface that are flagged as UP but have no carrier as nothing is connected to it. This cause a similar error like: Failed to send to ff02::1%br-lan (Address not available) This is caused by the kernel assigning IPV6 address only when the interface is set to IFF_RUNNING. A LINK-LOCAL IPV6 address is required for odhcpd_send() to work or every request will be rejected. To fix this setup services only when interface is in IFF_RUNNING state. When an interface change state, odhcpd is reloaded and the services are correctly setup again. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2023-03-21Revert "odhcpd: Reduce error messages"Stijn Tintel
Silencing an error message without properly understanding why it occurs is terrible practice. "I think this would be better served as debug." doesn't inspire confidence the author actually understood what was going on, so revert this commit. This reverts commit 90d6cc9cd48a333b95604ff90f7ffe67fe14efe3. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-03-14odhcpd: Reduce error messagesPeter Naulls
When there's no network cable connected to LAN, then odhcpd does this: Tue Jan 24 18:32:04 2023 daemon.err odhcpd[2017]: Failed to send to ff02::1%lan@br-lan (Address not available) Tue Jan 24 18:32:20 2023 daemon.err odhcpd[2017]: Failed to send to ff02::1%lan@br-lan (Address not available) Tue Jan 24 18:32:36 2023 daemon.err odhcpd[2017]: Failed to send to ff02::1%lan@br-lan (Address not available) Tue Jan 24 18:32:52 2023 daemon.err odhcpd[2017]: Failed to send to ff02::1%lan@br-lan (Address not available) Accurate, but not very interesting. I think this would be better served as debug. Signed-off-by: Peter Naulls <peter@chocky.org>
2023-02-17router: always check ra_defaultstijn@linux-ipv6.be
We currently only check ra_default when an interface has valid addresses. This results in ra_default being ignored in case we have an interface with only link-local addresses. This effectively breaks the use of value 2 for the ra_default parameter. Fix this by always checking ra_lifetime, regardless of the interface having public addresses or not. Fixes: #11930 Fixes: 83e14f455817 ("router: advertise removed addresses as invalid in 3 consecutive RAs") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by:Hans Dedecker <dedeckeh@gmail.com>
2023-02-17router: improve RA loggingstijn@linux-ipv6.be
We only set the RA lifetime to what is configured in UCI when there is a default route and valid prefix. In any other case, we set it to 0. This leads to confusion where people believe ra_lifetime is completely ignored. In case there is a default route, but no valid prefix, a debug message explains this, but if there is no default route, we silently override ra_lifetime. Add a debug message for the latter case, and explicitly mention overriding ra_lifetime in both cases. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2023-02-16dhcpv4: detect noarp interfacesMikael Magnusson
Don't add ARP entries to interfaces with IFF_NOARP, it causes problems with for example WireGuard interfaces (which requires this change to be usable with DHCPv4-over-DHCPv6). Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
2022-10-24dhcpv6-ia: make tmp lease file hiddenKevin Darbyshire-Bryant
Use a hidden . prefixed temporary lease file instead of appending '.tmp'. Dnsmasq is capable of scanning files/directories using inotify to receive file change notifications and updating its view of hostname ip address mapping without being SIGHUPped. Until dnsmasq v2.88 this mechanism allows additions to hostnames, no deletions. dnsmasq v2.88 when released will understand how to remove mappings. Unfortunately without this change dnsmasq sees odhcpd's temporary lease file via inotify and it also sees the change when odhcpd atomically renames the file from '.tmp' to the correct name. dnsmasq excludes hidden '.' files from it's inotify scans, thus changing odhcpd to use a hidden temporary lease file reduces load and makes sense. Also, while here, only rename the temporary file if it actually contains different content. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-10-15fix null pointer dereference for INFORM messagesRob Ekl
2022-03-16odhcpd: Support for Option NTP and SNTPAvinash Tekumalla
Support for DHCPv6 Option NTP (Option-56) and SNTP (Option-31), DHCP Option NTP(Option-42) is implemented. ntp list is supported for IPv4, IPv6 and FQDN. Signed-off-by: Avinash Tekumalla <avinash.tekumalla@technicolor.com> Signed-off-by: Alin Nastac <alin.nastac@technicolor.com> Signed-off-by: Ashutosh Shandilya <ashutosh.shandilya@technicolor.com> Signed-off-by: Vidya Rajagopal <vidya.rajagopal@technicolor.com>
2022-01-10router: advertise removed addresses as invalid in 3 consecutive RAsAlin Nastac
On prefix removal, router advertisement daemon is supposed to send advertise with an invalid PI entry (see RFC 7084 L-13). Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-08-15dhcpv4: fix uninitialized hostname in some ubus eventsHEADmasterMikael Magnusson
The hostname buffer is uninitialized if the client doesn't provide DHCPV4_OPT_HOSTNAME. Use hostname from the assignment which is present if a static lease contains the hostname or if the client provides one, and the hostname is valid. It's also used in the ubus ipv4leases method. Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
2021-08-14dhcpv6-ia: allow up to 64 bit wide hostidMikael Magnusson
Add dhcpv6_hostid_len config option which controls the number of bits in the host identifier of dynamically assigned IPv6 addresses. The default is 12 bits which is also the minimum. The maximum is the whole interface identifier, i.e. 64 bits. Allow up to 64 bit wide hostid in static leases. Fixes #84 and #27. Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-07-18dhcpv6-ia: fix invalid preferred lifetimeHans Dedecker
Preferred lifetime cannot be greater than the valid lifetime of an IA; fix this by checking if the preferred lifetime does not exceed the valid lifetime of an IA Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-06-13config: fix ra_flags none settingHans Dedecker
Fixes commit a12fcb3cee2d489b8648a2398812d7bed2f25faa which wrongly removed setting ra_flags to 0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-05-22config: log config parse failures to syslogHans Dedecker
An invalid config setting for an interface lead to a flush of all config settings of the related interface and thus made the interface unusable. Change the behavior by logging config parse failures to syslog and not flushing all config settings Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-04-03cmake: enforce additonal compiler checksHans Dedecker
Let's catch compile errors by enabling extra compiler checks Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-04-03odhcpd: fix extra compiler warningHans Dedecker
src/odhcpd.c:143:2: error: format not a string literal, argument types not checked [-Werror=format-nonliteral] snprintf(buf, sizeof(buf), sysctl_pattern, ifname, what); ^~~~~~~~ cc1: all warnings being treated as errors Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-30dhcpv6-ia: apply prefix_filter on dhcpv6Nick Hainke
The prefix_filter allows to select which prefix should be assigned to clients if you have multiple prefixes on an interface. Currently, the filter only applies to RAs and does work with a dhcpv6 server. This commit enables the filter also on dhcpv6. Signed-off-by: Nick Hainke <vincent@systemli.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-03odhcpd: add option for setting preferred lifetimeNick Hainke
"valid_lft" and "preferred_lft" are different. If the "preferred_lft" is expired the prefix should be avoided in source prefix selection. However, the interface is allowed to still receive downstream traffic. preferred_lfetime: Limit for preferred lifetime of a prefix If you want the old behavior, you have to set preferred_lifetime to the same value as leasetime. Signed-off-by: Nick Hainke <vincent@systemli.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-24dhcpv6-ia: remove assignment equal to 0 checksHans Dedecker
Remove the checks as they're leftovers of the old static lease implementation which created assigments with assigned equal to 0 whihc is not the case anymore in the reworked static lease implementation Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-24dhcpv6-ia: fix logic to include IA_PD prefix with lifetimes set to 0Hans Dedecker
Make sure IA_PD prefixes for which no preferred and valid lifetimes can be returned are included in the reply with a preferred and valid lifetime to 0. Therefore exclude IPv6 prefixes with an invalid prefix length as well so IA_PD prefixes for which not a preferred/valid lifetime is returned are included with a preferred and valid lifetime set to 0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-24dhcpv6-ia: fix prefix delegation behaviorHans Dedecker
When an IPv6 address change is triggered each PD assignment is checked if it is still consistent with the updated IPv6 prefix list. If not consistent anymore a reconfigure is triggered for the assignment and a best effort is made to assign a new IA_PD prefix. If it not possible anymore to assign an IA_PD prefix delete the PD assignment now so it will result into a NO BINDING status code for the given IA_PD in the DHCPv6 reply when the client tries to renew the IA_PD prefix. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-13config: remove local mkdir_p implementationDaniel Golle
Replace local mkdir_p implementation in favour of using mkdir_p now added to libubox. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-06ubus: add add_lease methodSantiago Piccinini
Allows sharing leases between odhcpd instances running in multiple hosts. Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-24config: add option to indicate dns service presenceicpz
Adds the config option to set if ipv6 dns service is availiable on the interface. In some cases the dns service may not be listening on the ipv6 address of the interface, and thus should not be announced to clients. Signed-off-by: Paizhuo Chen <cc@icpz.dev>
2020-11-15dhcpv6-ia : write statefile atomicallyHans Dedecker
Applications (e.g. unbound) need a consistent view of the statefile; therefore write all the lease info to a temporary file which is later renamed to the configured statefile name Suggested-by : John Fremlin <john@fremlin.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-01dhcpv6: fix size_t fields in syslog formatMikael Magnusson
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
2020-10-31dhcpv6: add explicit dhcpv4o6 server addressMikael Magnusson
Include the All_DHCP_Relay_Agents_and_Servers multicast address in the option explicitly. It shouldn't be needed according to RFC 7341 section 7.2 but ISC dhclient logs an error otherwise: dhcp4-o-dhcp6-server: expecting at least 16 bytes; got 0 Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
2020-10-31dhcpv6: add DHCPv4-over-DHCPv6 supportMikael Magnusson
Add support for DHCPv4-over-DHCPv6 (DHCP 4o6) Transport (RFC 7341). Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-10-29dhcpv6: check message typeMikael Magnusson
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
2020-09-07router: fix advertisement interval optionHans Dedecker
The variable maxival contains the maximum time in seconds between successive unsolicited Router Advertisement messages; RFC6275 defines the Advertisement Interval option as the time in milliseconds. Therefore convert maxival to milliseconds when populating the Advertisement Interval option. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-23odhcpd: fix compilation with GCC10Rosen Penev
GCC10 mandates the C++ one definition rule, which breaks on multiple definitions of config. Add the appropriate extern declaration. Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-03router: fix Lan host reachibility due to identical RIO and PIO prefixes ↵Hans Dedecker
(FS#3056) odhcpd includes RIO RA options according to requirement L3 in RFC7084. However if the delegated prefix length received on the wan is equal to the downstream delegated prefix length on the Lan this may pollute the routing table of type C hosts as the RIO routing entry can take precedence of the PIO routing entry meaning all traffic for the on link hosts will go via the router iso direct on link communication. If the traffic is dropped in the router hosts are unreachable; therefore don't include RIO options with prefixes and prefix length identical to those in a PIO RA option Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-04dhcpv6-ia: fix preferred and valid lifetimes in ubus ipv6leasesHans Dedecker
Since commit 6db312a698e920ff61505ef1f42469880829774d the preferred and valid lifetimes of the addresses/prefixes is based on the configured leasetime; as a result the displayed preferred and valid lifetimes need to be calculated based on the assignment lifetime as this is set to the lowest valid lifetime of the addresses/prefixes. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>