| blob | cfac5aa2c56f63b7e22709ac2cb57095cf66531c |
1 /* dhcp.c
3 DHCP Protocol engine. */
5 /*
6 * Copyright (c) 2004-2005 by Internet Systems Consortium, Inc. ("ISC")
7 * Copyright (c) 1995-2003 by Internet Software Consortium
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
19 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 *
21 * Internet Systems Consortium, Inc.
22 * 950 Charter Street
23 * Redwood City, CA 94063
24 * <info@isc.org>
25 * http://www.isc.org/
26 *
27 * This software has been written for Internet Systems Consortium
28 * by Ted Lemon in cooperation with Vixie Enterprises and Nominum, Inc.
29 * To learn more about Internet Systems Consortium, see
30 * ``http://www.isc.org/''. To learn more about Vixie Enterprises,
31 * see ``http://www.vix.com''. To learn more about Nominum, Inc., see
32 * ``http://www.nominum.com''.
33 */
35 #ifndef lint
37 "$Id: dhcp.c,v 1.11 2009/07/16 22:44:27 tonnerre Exp $ Copyright (c) 2004-2005 Internet Systems Consortium. All rights reserved.\n";
54 "DHCPINFORM"
55 };
58 #if defined (TRACING)
59 # define send_packet trace_packet_send
60 #endif
64 {
77 bad_packet:
83 /* %Audit% Cannot exceed 28 bytes. %2004.06.17,Safe% */
86 }
98 }
100 /* There is a problem with the relay agent information option,
101 which is that in order for a normal relay agent to append
102 this option, the relay agent has to have been involved in
103 getting the packet from the client to the server. Note
104 that this is the software entity known as the relay agent,
105 _not_ the hardware entity known as a router in which the
106 relay agent may be running, so the fact that a router has
107 forwarded a packet does not mean that the relay agent in
108 the router was involved.
110 So when the client is in INIT or INIT-REBOOT or REBINDING
111 state, the relay agent gets to tack on its options, but
112 when it's not, the relay agent doesn't get to do this,
113 which means that any decisions the DHCP server may make
114 based on the agent options will be made incorrectly.
116 We work around this in the following way: if this is a
117 DHCPREQUEST and doesn't have relay agent information
118 options, we see if there's an existing lease for this IP
119 address and this client that _does_ have stashed agent
120 options. If so, then we tack those options onto the
121 packet as if they came from the client. Later on, when we
122 are deciding whether to steal the agent options from the
123 packet, if the agent options stashed on the lease are the
124 same as those stashed on the packet, we don't steal them -
125 this ensures that the client never receives its agent
126 options. */
133 {
142 /* If there are no agent options on the lease, it's not
143 interesting. */
147 /* The client should not be unicasting a renewal if its lease
148 has expired, so make it go through the process of getting
149 its agent options legally. */
155 DHO_DHCP_CLIENT_IDENTIFIER);
171 }
183 /* Okay, so we found a lease that matches the client. */
188 }
189 nolease:
191 /* Classify the client. */
193 DHO_HOST_NAME))) {
199 }
200 }
234 }
235 out:
238 }
243 {
246 TIME when;
251 #if defined (FAILOVER_PROTOCOL)
253 #endif
262 else
267 /* %Audit% This is log output. %2004.06.17,Safe%
268 * If we truncate we hope the user can get a hint from the log.
269 */
275 : (lease
284 /* Sourceless packets don't make sense here. */
289 }
291 #if defined (FAILOVER_PROTOCOL)
295 /* If the lease is ours to allocate, then allocate it,
296 but set the allocatedp flag. */
300 /* If the lease is active, do load balancing to see who
301 allocates the lease (if it's active, it already belongs
302 to the client, or we wouldn't have gotten it from
303 find_lease (). */
307 ;
309 /* Otherwise, we can't let the client have this lease. */
311 #if defined (DEBUG_FIND_LEASE)
315 #endif
317 }
318 }
319 #endif
321 /* If we didn't find a lease, try to allocate one... */
327 }
333 msgbuf);
334 else
336 msgbuf,
339 }
340 #if defined (FAILOVER_PROTOCOL)
343 #endif
346 }
348 #if defined (FAILOVER_PROTOCOL)
356 }
360 /* Do load balancing if configured. */
361 /* If the lease is newly allocated, and we're not the server that
362 the client would normally get with load balancing, and the
363 failover protocol state is normal, let the other server get this.
364 XXX Check protocol spec to make sure that predicating this on
365 XXX allocatedp is okay - I'm doing this so that the client won't
366 XXX be forced to switch servers (and IP addresses) just because
367 XXX of bad luck, when it's possible for it to get the address it
368 XXX is requesting. Not sure this is allowed. */
371 /* peer_has_leases only has a chance to be set if we called
372 * allocate_lease() above.
373 */
381 }
382 }
383 #endif
385 /* If it's an expired lease, get rid of any bindings. */
389 /* Set the lease to really expire in 2 minutes, unless it has
390 not yet expired, in which case leave its expiry time alone. */
397 out:
400 }
406 {
417 #if defined (FAILOVER_PROTOCOL)
419 #endif
424 DHO_DHCP_REQUESTED_ADDRESS);
439 }
441 /* Find the lease that matches the address requested by the
442 client. */
449 /* XXX consider using allocatedp arg to find_lease to see
450 XXX that this isn't a compliant DHCPREQUEST. */
456 else
462 DHO_DHCP_SERVER_IDENTIFIER);
472 /* piaddr() should not return more than a 15 byte string.
473 * safe.
474 */
480 /* %Audit% This is log output. %2004.06.17,Safe%
481 * If we truncate we hope the user can get a hint from the log.
482 */
490 : (lease
499 #if defined (FAILOVER_PROTOCOL)
507 }
509 /* "load balance to peer" - is not done at all for request.
510 *
511 * If it's RENEWING, we are the only server to hear it, so
512 * we have to serve it. If it's REBINDING, it's out of
513 * communication with the other server, so there's no point
514 * in waiting to serve it. However, if the lease we're
515 * offering is not a free lease, then we may be the only
516 * server that can offer it, so we can't load balance if
517 * the lease isn't in the free or backup state. If it is
518 * in the free or backup state, then that state is what
519 * mandates one server or the other should perform the
520 * allocation, not the LBA...we know the peer cannot
521 * allocate a request for an address in our free state.
522 *
523 * So our only compass is lease_mine_to_reallocate(). This
524 * effects both load balancing, and a sanity-check that we
525 * are not going to try to allocate a lease that isn't ours.
526 */
532 }
534 /* If the lease is in a transitional state, we can't
535 renew it. */
543 }
545 /* It's actually very unlikely that we'll ever get here,
546 but if we do, tell the client to stop using the lease,
547 because the administrator reset it. */
553 }
555 /* At this point it's possible that we will get a broadcast
556 DHCPREQUEST for a lease that we didn't offer, because
557 both we and the peer are in a position to offer it.
558 In that case, we probably shouldn't answer. In order
559 to not answer, we would have to compare the server
560 identifier sent by the client with the list of possible
561 server identifiers we can send, and if the client's
562 identifier isn't on the list, drop the DHCPREQUEST.
563 We aren't currently doing that for two reasons - first,
564 it's not clear that all clients do the right thing
565 with respect to sending the client identifier, which
566 could mean that we might simply not respond to a client
567 that is depending on us to respond. Secondly, we allow
568 the user to specify the server identifier to send, and
569 we don't enforce that the server identifier should be
570 one of our IP addresses. This is probably not a big
571 deal, but it's theoretically an issue.
573 The reason we care about this is that if both servers
574 send a DHCPACK to the DHCPREQUEST, they are then going
575 to send dueling BNDUPD messages, which could cause
576 trouble. I think it causes no harm, but it seems
577 wrong. */
580 #endif
582 /* If a client on a given network REQUESTs a lease on an
583 address on a different network, NAK it. If the Requested
584 Address option was used, the protocol says that it must
585 have been broadcast, so we can trust the source network
586 information.
588 If ciaddr was specified and Requested Address was not, then
589 we really only know for sure what network a packet came from
590 if it came through a BOOTP gateway - if it came through an
591 IP router, we'll just have to assume that it's cool.
593 If we don't think we know where the packet came from, it
594 came through a gateway from an unknown network, so it's not
595 from a RENEWING client. If we recognize the network it
596 *thinks* it's on, we can NAK it even though we don't
597 recognize the network it's *actually* on; otherwise we just
598 have to ignore it.
600 We don't currently try to take advantage of access to the
601 raw packet, because it's not available on all platforms.
602 So a packet that was unicast to us through a router from a
603 RENEWING client is going to look exactly like a packet that
604 was broadcast to us from an INIT-REBOOT client.
606 Since we can't tell the difference between these two kinds
607 of packets, if the packet appears to have come in off the
608 local wire, we have to treat it as if it's a RENEWING
609 client. This means that we can't NAK a RENEWING client on
610 the local wire that has a bogus address. The good news is
611 that we won't ACK it either, so it should revert to INIT
612 state and send us a DHCPDISCOVER, which we *can* work with.
614 Because we can't detect that a RENEWING client is on the
615 wrong wire, it's going to sit there trying to renew until
616 it gets to the REBIND state, when we *can* NAK it because
617 the packet will get to us through a BOOTP gateway. We
618 shouldn't actually see DHCPREQUEST packets from RENEWING
619 clients on the wrong wire anyway, since their idea of their
620 local router will be wrong. In any case, the protocol
621 doesn't really allow us to NAK a DHCPREQUEST from a
622 RENEWING client, so we can punt on this issue. */
629 /* If we don't know where it came from but we do know
630 where it claims to have come from, it didn't come
631 from there. */
637 }
638 /* Otherwise, ignore it. */
640 (subnet
643 }
645 /* If we do know where it came from and it asked for an
646 address that is not on that shared network, nak it. */
652 {
656 }
659 }
660 }
662 /* If the address the client asked for is ours, but it wasn't
663 available for the client, NAK it. */
668 }
670 /* Otherwise, send the lease to the client if we found one. */
677 out:
683 }
688 {
697 /* DHCPRELEASE must not specify address in requested-address
698 option, but old protocol specs weren't explicit about this,
699 so let it go. */
701 DHO_DHCP_REQUESTED_ADDRESS))) {
706 }
709 DHO_DHCP_CLIENT_IDENTIFIER);
719 /* See if we can find a lease that matches the IP address
720 the client is claiming. */
727 }
732 }
733 }
736 }
738 /* The client is supposed to pass a valid client-identifier,
739 but the spec on this has changed historically, so try the
740 IP address in ciaddr if the client-identifier fails. */
745 }
748 /* If the hardware address doesn't match, don't do the release. */
760 else
765 /* %Audit% Cannot exceed 16 bytes. %2004.06.17,Safe%
766 * We copy this out to stack because we actually want to log two
767 * inet_ntoa()'s in this message.
768 */
772 /* %Audit% This is log output. %2004.06.17,Safe%
773 * If we truncate we hope the user can get a hint from the log.
774 */
777 cstr,
782 : (lease
792 #if defined (FAILOVER_PROTOCOL)
800 }
802 /* DHCPRELEASE messages are unicast, so if the client
803 sent the DHCPRELEASE to us, it's not going to send it
804 to the peer. Not sure why this would happen, and
805 if it does happen I think we still have to change the
806 lease state, so that's what we're doing.
807 XXX See what it says in the draft about this. */
808 }
809 #endif
811 /* If we found a lease, release it. */
814 }
816 out:
819 }
824 {
836 /* DHCPDECLINE must specify address. */
838 DHO_DHCP_REQUESTED_ADDRESS)))
857 else
862 /* %Audit% This is log output. %2004.06.17,Safe%
863 * If we truncate we hope the user can get a hint from the log.
864 */
872 : (lease
883 /* Execute statements in scope starting with the subnet scope. */
893 /* Execute statements in the class scopes. */
895 execute_statements_in_scope
900 }
902 /* Drop the request if dhcpdeclines are being ignored. */
909 /* If we found a lease, mark it as unusable and complain. */
911 #if defined (FAILOVER_PROTOCOL)
921 }
923 /* DHCPDECLINE messages are broadcast, so we can safely
924 ignore the DHCPDECLINE if the peer has the lease.
925 XXX Of course, at this point that information has been
926 lost. */
927 }
928 #endif
932 }
940 out:
945 }
950 {
965 /* The client should set ciaddr to its IP address, but apparently
966 it's common for clients not to do this, so we'll use their IP
967 source address if they didn't set ciaddr. */
974 }
976 /* %Audit% This is log output. %2004.06.17,Safe%
977 * If we truncate we hope the user can get a hint from the log.
978 */
982 /* If the IP source address is zero, don't respond. */
986 }
988 /* Find the subnet that the client is on. */
992 /* Sourceless packets don't make sense here. */
997 }
999 /* We don't respond to DHCPINFORM packets if we're not authoritative.
1000 It would be nice if a per-host value could override this, but
1001 there's overhead involved in checking this, so let's see how people
1002 react first. */
1017 }
1022 }
1030 /* Execute statements in scope starting with the subnet scope. */
1039 /* Execute statements in the class scopes. */
1041 execute_statements_in_scope
1046 }
1048 /* Figure out the filename. */
1059 else
1063 }
1065 /* Choose a server name as above. */
1075 else
1079 }
1081 /* Set a flag if this client is a lame Microsoft client that NUL
1082 terminates string options and expects us to do likewise. */
1085 DHO_HOST_NAME))) {
1093 }
1094 }
1096 /* Put in DHCP-specific options. */
1104 }
1106 }
1110 use_primary:
1123 }
1125 }
1135 }
1140 }
1142 /* Use the subnet mask from the subnet declaration if no other
1143 mask has been provided. */
1154 }
1156 }
1157 }
1159 /* If a site option space has been specified, use that for
1160 site option codes. */
1171 MDL)) {
1177 }
1185 }
1189 /* Use the parameter list from the scope if there is one. */
1191 DHO_DHCP_PARAMETER_REQUEST_LIST);
1193 /* Otherwise, if the client has provided a list of options
1194 that it wishes returned, use it to prioritize. Otherwise,
1195 prioritize based on the default priority list. */
1199 DHO_DHCP_PARAMETER_REQUEST_LIST);
1207 #ifdef DEBUG_PACKET
1210 #endif
1214 /* Figure out the address of the boot file server. */
1221 /* If there was more than one answer,
1222 take the first. */
1226 }
1227 }
1229 /* Set up the option buffer... */
1240 /* Make sure that the packet is at least as big as a BOOTP packet. */
1256 /* Report what we're sending... */
1259 #ifdef DEBUG_PACKET
1262 #endif
1264 /* Set up the common stuff... */
1267 #ifdef HAVE_SA_LEN
1269 #endif
1271 /* Use the IP address we derived for the client. */
1282 }
1287 {
1306 /* Set DHCP_MESSAGE_TYPE to DHCPNAK */
1311 }
1318 }
1323 /* Set DHCP_MESSAGE to whatever the message is */
1328 }
1336 }
1343 use_primary:
1355 }
1357 }
1371 }
1377 }
1379 /* If there were agent options in the incoming packet, return
1380 them. */
1384 option_chain_head_reference
1389 MDL);
1390 }
1392 /* Do not use the client's requested parameter list. */
1394 DHO_DHCP_PARAMETER_REQUEST_LIST);
1396 /* Set up the option buffer... */
1404 /* memset (&raw.ciaddr, 0, sizeof raw.ciaddr);*/
1417 /* Report what we're sending... */
1429 #ifdef DEBUG_PACKET
1434 #endif
1436 #if 0
1441 #endif
1443 /* Set up the common stuff... */
1446 #ifdef HAVE_SA_LEN
1448 #endif
1452 /* Make sure that the packet is at least as big as a BOOTP packet. */
1456 /* If this was gatewayed, send it back to the gateway.
1457 Otherwise, broadcast it on the local network. */
1462 else
1471 }
1475 }
1481 }
1487 TIME when;
1491 {
1496 TIME lease_time;
1497 TIME offered_lease_time;
1499 TIME min_lease_time;
1500 TIME max_lease_time;
1501 TIME default_lease_time;
1503 isc_result_t result;
1504 TIME ping_timeout;
1512 /* If we're already acking this lease, don't do it again. */
1516 /* If the lease carries a host record, remember it. */
1522 /* Allocate a lease state structure... */
1530 /* See if we got a server identifier option. */
1535 /* If there were agent options in the incoming packet, return
1536 them. Do not return the agent options if they were stashed
1537 on the lease. */
1546 option_chain_head_reference
1551 MDL);
1552 }
1554 /* If we are offering a lease that is still currently valid, preserve
1555 the events. We need to do this because if the client does not
1556 REQUEST our offer, it will expire in 2 minutes, overriding the
1557 expire time in the currently in force lease. We want the expire
1558 events to be executed at that point. */
1560 /* Get rid of any old expiry or release statements - by
1561 executing the statements below, we will be inserting new
1562 ones if there are any to insert. */
1565 MDL);
1568 MDL);
1571 MDL);
1572 }
1574 /* Execute statements in scope starting with the subnet scope. */
1582 /* If the lease is from a pool, run the pool scope. */
1584 (execute_statements_in_scope
1590 /* Execute statements from class scopes. */
1592 execute_statements_in_scope
1600 }
1602 /* See if the client is only supposed to have one lease at a time,
1603 and if so, find its other leases and release them. We can only
1604 do this on DHCPREQUEST. It's a little weird to do this before
1605 looking at permissions, because the client might not actually
1606 _get_ a lease after we've done the permission check, but the
1607 assumption for this option is that the client has exactly one
1608 network interface, and will only ever remember one lease. So
1609 if it sends a DHCPREQUEST, and doesn't get the lease, it's already
1610 forgotten about its old lease, so we can too. */
1613 SV_ONE_LEASE_PER_CLIENT)) &&
1631 }
1634 /* Don't release expired leases, and don't
1635 release the lease we're going to assign. */
1651 }
1652 }
1661 }
1666 SV_DUPLICATES)) &&
1675 find_lease_by_hw_addr
1683 }
1699 }
1700 }
1709 }
1710 }
1713 /* Make sure this packet satisfies the configured minimum
1714 number of seconds. */
1718 SV_MIN_SECS))) {
1733 }
1735 }
1736 }
1738 /* Try to find a matching host declaration for this lease.
1739 */
1744 /* Try to find a host_decl that matches the client
1745 identifier or hardware address on the packet, and
1746 has no fixed IP address. If there is one, hang
1747 it off the lease so that its option definitions
1748 can be used. */
1750 DHO_DHCP_CLIENT_IDENTIFIER);
1761 }
1764 }
1772 MDL);
1776 }
1779 }
1782 }
1784 /* If we have a host_decl structure, run the options associated
1785 with its group. Wether the host decl struct is old or not. */
1797 /* Drop the request if it's not allowed for this client. By
1798 default, unknown clients are allowed. */
1801 SV_BOOT_UNKNOWN_CLIENTS)) &&
1814 }
1816 /* Drop the request if it's not allowed for this client. */
1819 SV_ALLOW_BOOTP)) &&
1832 }
1834 /* Drop the request if booting is specifically denied. */
1836 SV_ALLOW_BOOTING);
1850 }
1852 /* If we are configured to do per-class billing, do it. */
1854 /* See if the lease is currently being billed to a
1855 class, and if so, whether or not it can continue to
1856 be billed to that class. */
1864 }
1866 /* If we don't have an active billing, see if we need
1867 one, and if we do, try to do so. */
1872 }
1882 msg);
1886 /* XXX possibly not necessary: */
1888 }
1889 }
1890 }
1891 }
1893 /* Figure out the filename. */
1901 /* Choose a server name as above. */
1903 SV_SERVER_NAME);
1910 /* At this point, we have a lease that we can offer the client.
1911 Now we construct a lease structure that contains what we want,
1912 and call supersede_lease to do the right thing with it. */
1922 }
1924 /* Use the ip address of the lease that we finally found in
1925 the database. */
1928 /* Start now. */
1931 /* Figure out how long a lease to assign. If this is a
1932 dynamic BOOTP lease, its duration must be infinite. */
1936 SV_DEFAULT_LEASE_TIME))) {
1943 default_lease_time =
1946 }
1947 }
1950 DHO_DHCP_LEASE_TIME)))
1956 else
1966 }
1968 /* See if there's a maximum lease time. */
1971 SV_MAX_LEASE_TIME))) {
1978 max_lease_time =
1981 }
1982 }
1984 /* Enforce the maximum lease length. */
1994 SV_MIN_LEASE_TIME))) {
2003 }
2004 }
2009 else
2011 }
2013 #if defined (FAILOVER_PROTOCOL)
2014 /* Okay, we know the lease duration. Now check the
2015 failover state, if any. */
2018 }
2023 /* If the lease time we arrived at exceeds what
2024 the peer has, we can only issue a lease of
2025 peer -> mclt, but we can tell the peer we
2026 want something longer in the future. */
2027 /* XXX This may result in updates that only push
2028 XXX the peer's expiry time for this lease up
2029 XXX by a few seconds - think about this again
2030 XXX later. */
2033 /* Here we're assuming that if we don't have
2034 to update tstp, there's already an update
2035 queued. May want to revisit this. */
2041 /* Now choose a lease time that is either
2042 MCLT, for a lease that's never before been
2043 assigned, or TSFP + MCLT for a lease that
2044 has.
2045 XXX Note that TSFP may be < cur_time.
2046 XXX What do we do in this case?
2047 XXX should the expiry timer on the lease
2048 XXX set tsfp and tstp to zero? */
2054 }
2063 }
2064 }
2067 }
2070 /* If the lease duration causes the time value to wrap,
2071 use the maximum expiry time. */
2074 else
2078 else
2081 /* Don't make lease active until we actually get a
2082 DHCPREQUEST. */
2085 else
2091 SV_BOOTP_LEASE_LENGTH))) {
2100 }
2101 }
2104 SV_BOOTP_LEASE_CUTOFF))) {
2112 cur_time);
2114 }
2115 }
2119 }
2123 /* Record the uid, if given... */
2125 DHO_DHCP_CLIENT_IDENTIFIER);
2141 /* XXX inelegant */
2146 }
2148 }
2153 }
2160 /* Set a flag if this client is a broken client that NUL
2161 terminates string options and expects us to do likewise. */
2164 else
2167 /* Save any bindings. */
2171 }
2176 /* If we got relay agent information options, and the packet really
2177 looks like it came through a relay agent, and if this feature is
2178 not disabled, save the relay agent information options that came
2179 in with the packet, so that we can use them at renewal time when
2180 the packet won't have gone through a relay agent. */
2188 SV_STASH_AGENT_OPTIONS);
2197 option_chain_head_reference
2201 MDL);
2202 }
2203 }
2205 /* Replace the old lease hostname with the new one, if it's changed. */
2213 else
2220 /* Hasn't changed. */
2231 }
2233 }
2235 /* Record the hardware address, if given... */
2243 /* If there are statements to execute when the lease is
2244 committed, execute them. */
2253 MDL);
2254 }
2256 #ifdef NSUPDATE
2257 /* Perform DDNS updates, if configured to. */
2260 SV_DDNS_UPDATES)) ||
2267 }
2270 /* Don't call supersede_lease on a mocked-up lease. */
2272 /* Copy the hardware address into the static lease
2273 structure. */
2280 /* Install the new information about this lease in the
2281 database. If this is a DHCPACK or a dynamic BOOTREPLY
2282 and we can't write the lease, don't ACK it (or BOOTREPLY
2283 it) either. */
2291 }
2292 }
2295 /* Remember the interface on which the packet arrived. */
2298 /* Remember the giaddr, xid, secs, flags and hops. */
2307 /* If we're always supposed to broadcast to this client, set
2308 the broadcast bit in the bootp flags field. */
2310 SV_ALWAYS_BROADCAST)) &&
2317 /* Get the Maximum Message Size option from the packet, if one
2318 was sent. */
2320 DHO_DHCP_MAX_MESSAGE_SIZE);
2331 DHO_DHCP_MAX_MESSAGE_SIZE);
2341 }
2342 }
2344 /* Get the Subnet Selection option from the packet, if one
2345 was sent. */
2347 DHO_SUBNET_SELECTION))) {
2349 /* Make a copy of the data. */
2360 }
2364 }
2366 /* Now, if appropriate, put in DHCP-specific options that
2367 override those. */
2378 }
2380 }
2384 use_primary:
2397 }
2399 }
2415 }
2421 }
2423 offered_lease_time =
2441 }
2443 }
2445 /* Renewal time is lease time * 0.5. */
2463 }
2465 }
2467 /* Rebinding time is lease time * 0.875. */
2485 }
2487 }
2494 }
2496 /* Figure out the address of the boot file server. */
2505 /* If there was more than one answer,
2506 take the first. */
2510 }
2511 }
2513 /* Use the subnet mask from the subnet declaration if no other
2514 mask has been provided. */
2526 }
2528 }
2529 }
2531 /* Use the hostname from the host declaration if there is one
2532 and no hostname has otherwise been provided, and if the
2533 use-host-decl-name flag is set. */
2538 (evaluate_boolean_option_cache
2552 }
2554 }
2555 }
2557 /* If we don't have a hostname yet, and we've been asked to do
2558 a reverse lookup to find the hostname, do it. */
2561 (evaluate_boolean_option_cache
2585 }
2587 }
2588 }
2589 }
2591 /* If so directed, use the leased IP address as the router address.
2592 This supposedly makes Win95 machines ARP for all IP addresses,
2593 so if the local router does proxy arp, you win. */
2613 }
2615 }
2616 }
2617 }
2619 /* If a site option space has been specified, use that for
2620 site option codes. */
2631 MDL)) {
2634 }
2642 }
2644 /* If the client has provided a list of options that it wishes
2645 returned, use it to prioritize. If there's a parameter
2646 request list in scope, use that in preference. Otherwise
2647 use the default priority list. */
2650 DHO_DHCP_PARAMETER_REQUEST_LIST);
2654 DHO_DHCP_PARAMETER_REQUEST_LIST);
2661 #ifdef DEBUG_PACKET
2664 #endif
2670 /* Hang the packet off the lease state. */
2673 /* If this is a DHCPOFFER, ping the lease address before actually
2674 sending the offer. */
2678 SV_PING_CHECKS)) ||
2687 /* Determine wether to use configured or default ping timeout.
2688 */
2690 SV_PING_TIMEOUT)) &&
2697 else
2704 #ifdef DEBUG
2706 #endif
2715 }
2716 }
2720 {
2736 /* Compose a response for the client... */
2740 /* Copy in the filename if given; otherwise, flag the filename
2741 buffer as available for options. */
2753 /* Copy in the server name if given; otherwise, flag the
2754 server_name buffer as available for options. */
2771 /* See if this is a Microsoft client that NUL-terminates its
2772 strings and expects us to do likewise... */
2775 else
2778 /* See if this is a bootp client... */
2781 else
2784 /* Insert such options as will fit into the buffer. */
2809 else
2814 /* Say what we're doing... */
2831 /* Set up the hardware address... */
2837 #ifdef HAVE_SA_LEN
2839 #endif
2841 #ifdef DEBUG_PACKET
2843 #endif
2845 /* Make sure outgoing packets are at least as big
2846 as a BOOTP packet. */
2850 /* If this was gatewayed, send it back to the gateway... */
2855 else
2868 }
2870 /* If the client is RENEWING, unicast to the client using the
2871 regular IP stack. Some clients, particularly those that
2872 follow RFC1541, are buggy, and send both ciaddr and server
2873 identifier. We deal with this situation by assuming that
2874 if we got both dhcp-server-identifier and ciaddr, and
2875 giaddr was not set, then the client is on the local
2876 network, and we can therefore unicast or broadcast to it
2877 successfully. A client in REQUESTING state on another
2878 network that's making this mistake will have set giaddr,
2879 and will therefore get a relayed response from the above
2880 code. */
2884 /* XXX This won't work if giaddr isn't zero, but it is: */
2900 }
2902 /* If it comes from a client that already knows its address
2903 and is not requesting a broadcast response, and we can
2904 unicast to a client without using the ARP protocol, sent it
2905 directly to that client. */
2911 /* Otherwise, broadcast it on the local network. */
2917 }
2926 /* Free all of the entries in the option_state structure
2927 now that we're done with them. */
2931 }
2937 {
2957 /* Look up the requested address. */
2959 DHO_DHCP_REQUESTED_ADDRESS);
2973 }
2975 /* Try to find a host or lease that's been assigned to the
2976 specified unique client identifier. */
2978 DHO_DHCP_CLIENT_IDENTIFIER);
2986 /* Remember this for later. */
2989 /* First, try to find a fixed host entry for the specified
2990 client identifier... */
2993 /* Remember if we know of this client. */
2996 }
2998 #if defined (DEBUG_FIND_LEASE)
3002 }
3003 #endif
3008 }
3012 }
3014 /* If we didn't find a fixed lease using the uid, try doing
3015 it with the hardware address... */
3020 /* Remember if we know of this client. */
3027 #if defined (DEBUG_FIND_LEASE)
3031 }
3032 #endif
3033 }
3034 }
3036 /* If fixed_lease is present but does not match the requested
3037 IP address, and this is a DHCPREQUEST, then we can't return
3038 any other lease, so we might as well return now. */
3046 #if defined (DEBUG_FIND_LEASE)
3050 #endif
3052 }
3054 /* If we found leases matching the client identifier, loop through
3055 the n_uid pointer looking for one that's actually valid. We
3056 can't do this until we get here because we depend on
3057 packet -> known, which may be set by either the uid host
3058 lookup or the haddr host lookup. */
3060 #if defined (DEBUG_FIND_LEASE)
3063 #endif
3065 #if defined (FAILOVER_PROTOCOL)
3066 /* When failover is active, it's possible that there could
3067 be two "free" leases for the same uid, but only one of
3068 them that's available for this failover peer to allocate. */
3071 #if defined (DEBUG_FIND_LEASE)
3074 #endif
3076 }
3077 #endif
3080 #if defined (DEBUG_FIND_LEASE)
3083 #endif
3085 }
3091 #if defined (DEBUG_FIND_LEASE)
3094 #endif
3095 n_uid:
3105 }
3107 }
3109 }
3110 #if defined (DEBUG_FIND_LEASE)
3114 #endif
3116 /* Find a lease whose hardware address matches, whose client
3117 identifier matches, that's permitted, and that's on the
3118 correct subnet. */
3124 #if defined (DEBUG_FIND_LEASE)
3127 #endif
3128 #if defined (FAILOVER_PROTOCOL)
3129 /* When failover is active, it's possible that there could
3130 be two "free" leases for the same uid, but only one of
3131 them that's available for this failover peer to allocate. */
3134 #if defined (DEBUG_FIND_LEASE)
3137 #endif
3139 }
3140 #endif
3149 #if defined (DEBUG_FIND_LEASE)
3152 #endif
3155 }
3157 #if defined (DEBUG_FIND_LEASE)
3160 #endif
3163 }
3168 #if defined (DEBUG_FIND_LEASE)
3171 #endif
3174 n_hw:
3181 }
3183 }
3185 }
3186 #if defined (DEBUG_FIND_LEASE)
3190 #endif
3192 /* Try to find a lease that's been allocated to the client's
3193 IP address. */
3199 #if defined (DEBUG_FIND_LEASE)
3203 #endif
3205 /* If ip_lease is valid at this point, set ours to one, so that
3206 even if we choose a different lease, we know that the address
3207 the client was requesting was ours, and thus we can NAK it. */
3211 /* If the requested IP address isn't on the network the packet
3212 came from, don't use it. Allow abandoned leases to be matched
3213 here - if the client is requesting it, there's a decent chance
3214 that it's because the lease database got trashed and a client
3215 that thought it had this lease answered an ARP or PING, causing the
3216 lease to be abandoned. If so, this request probably came from
3217 that client. */
3221 #if defined (DEBUG_FIND_LEASE)
3223 #endif
3226 }
3228 /* Toss ip_lease if it hasn't yet expired and doesn't belong to the
3229 client. */
3241 /* If we're not doing failover, the only state in which
3242 we can allocate this lease to the client is FTS_FREE.
3243 If we are doing failover, things are more complicated.
3244 If the lease is free or backup, we let the caller decide
3245 whether or not to give it out. */
3248 #if defined (DEBUG_FIND_LEASE)
3250 #endif
3251 /* If we're rejecting it because the peer has
3252 it, don't set "ours", because we shouldn't NAK. */
3259 }
3261 /* If we got an ip_lease and a uid_lease or hw_lease, and ip_lease
3262 is not active, and is not ours to reallocate, forget about it. */
3267 #if defined (DEBUG_FIND_LEASE)
3269 #endif
3271 }
3273 /* If for some reason the client has more than one lease
3274 on the subnet that matches its uid, pick the one that
3275 it asked for and (if we can) free the other. */
3286 (print_hw_addr
3294 /* If the client is REQUESTing the lease,
3295 it shouldn't still be using the old
3296 one, so we can free it for allocation. */
3304 }
3307 }
3308 }
3310 /* If we get to here and fixed_lease is not null, that means
3311 that there are both a dynamic lease and a fixed-address
3312 declaration for the same IP address. */
3315 db_conflict:
3327 );
3332 }
3335 #if defined (DEBUG_FIND_LEASE)
3337 #endif
3339 }
3340 }
3342 /* If we get to here with both fixed_lease and ip_lease not
3343 null, then we have a configuration file bug. */
3347 /* Toss extra pointers to the same lease... */
3349 #if defined (DEBUG_FIND_LEASE)
3351 #endif
3353 }
3356 #if defined (DEBUG_FIND_LEASE)
3358 #endif
3359 }
3362 #if defined (DEBUG_FIND_LEASE)
3364 #endif
3365 }
3367 /* Make sure the client is permitted to use the requested lease. */
3376 }
3386 }
3396 }
3398 /* If we've already eliminated the lease, it wasn't there to
3399 begin with. If we have come up with a matching lease,
3400 set the message to bad network in case we have to throw it out. */
3403 }
3405 /* If this is a DHCPREQUEST, make sure the lease we're going to return
3406 matches the requested IP address. If it doesn't, don't return a
3407 lease at all. */
3410 #if defined (DEBUG_FIND_LEASE)
3412 #endif
3414 }
3416 /* At this point, if fixed_lease is nonzero, we can assign it to
3417 this client. */
3421 #if defined (DEBUG_FIND_LEASE)
3423 #endif
3424 }
3426 /* If we got a lease that matched the ip address and don't have
3427 a better offer, use that; otherwise, release it. */
3432 #if defined (DEBUG_FIND_LEASE)
3434 #endif
3436 #if defined (DEBUG_FIND_LEASE)
3438 #endif
3442 }
3444 }
3446 /* If we got a lease that matched the client identifier, we may want
3447 to use it, but if we already have a lease we like, we must free
3448 the lease that matched the client identifier. */
3455 #if defined (DEBUG_FIND_LEASE)
3457 #endif
3462 #if defined (DEBUG_FIND_LEASE)
3464 #endif
3465 }
3467 }
3469 /* The lease that matched the hardware address is treated likewise. */
3472 #if defined (DEBUG_FIND_LEASE)
3474 #endif
3476 /* We're a little lax here - if the client didn't
3477 send a client identifier and it's a bootp client,
3478 but the lease has a client identifier, we still
3479 let the client have a lease. */
3481 (have_client_identifier
3491 #if defined (DEBUG_FIND_LEASE)
3493 #endif
3495 #if defined (DEBUG_FIND_LEASE)
3498 #endif
3499 }
3500 }
3502 }
3504 /* If we found a host_decl but no matching address, try to
3505 find a host_decl that has no address, and if there is one,
3506 hang it off the lease so that we can use the supplied
3507 options. */
3517 }
3524 }
3525 }
3526 }
3528 /* If we find an abandoned lease, but it's the one the client
3529 requested, we assume that previous bugginess on the part
3530 of the client, or a server database loss, caused the lease to
3531 be abandoned, so we reclaim it and let the client have it. */
3539 /* Otherwise, if it's not the one the client requested, we do not
3540 return it - instead, we claim it's ours, causing a DHCPNAK to be
3541 sent if this lookup is for a DHCPREQUEST, and force the client
3542 to go back through the allocation process. */
3546 }
3551 out:
3567 #if defined (DEBUG_FIND_LEASE)
3570 #endif
3574 }
3575 #if defined (DEBUG_FIND_LEASE)
3577 #endif
3579 }
3581 /* Search the provided host_decl structure list for an address that's on
3582 the specified shared network. If one is found, mock up and return a
3583 lease structure for it; otherwise return the null pointer. */
3587 {
3596 }
3602 }
3606 else
3612 }
3626 }
3628 /* Look through all the pools in a list starting with the specified pool
3629 for a free lease. We try to find a virgin lease if we can. If we
3630 don't find a virgin lease, we try to find a non-virgin lease that's
3631 free. If we can't find one of those, we try to reclaim an abandoned
3632 lease. If all of these possibilities fail to pan out, we don't return
3633 a lease at all. */
3637 {
3648 #if defined (FAILOVER_PROTOCOL)
3649 /* Peer_has_leases just says that we found at least one
3650 free lease. If no free lease is returned, the caller
3651 can deduce that this means the peer is hogging all the
3652 free leases, so we can print a better error message. */
3653 /* XXX Do we need code here to ignore PEER_IS_OWNER and
3654 * XXX just check tstp if we're in, e.g., PARTNER_DOWN?
3655 * XXX Where do we deal with CONFLICT_DETECTED, et al? */
3656 /* XXX This should be handled by the lease binding "state
3657 * XXX machine" - that is, when we get here, if a lease
3658 * XXX could be allocated, it will have the correct
3659 * XXX binding state so that the following code will
3660 * XXX result in its being allocated. */
3661 /* Skip to the most expired lease in the pool that is not
3662 * owned by a failover peer. */
3674 }
3676 #endif
3677 {
3680 else
3682 }
3690 }
3710 }
3719 }
3722 }
3724 /* Determine whether or not a permit exists on a particular permit list
3725 that matches the specified packet, returning nonzero if so, zero if
3726 not. */
3731 {
3775 }
3777 }
3778 }
3780 }
3784 {
3790 /* See if there's a subnet selection option. */
3792 DHO_SUBNET_SELECTION);
3794 /* If there's no SSO and no giaddr, then use the shared_network
3795 from the interface, if there is one. If not, fail. */
3798 shared_network_reference
3802 }
3804 }
3806 /* If there's an SSO, and it's valid, use it to figure out the
3807 subnet. If it's not valid, fail. */
3816 }
3819 }
3826 }
3828 /* If we know the subnet on which the IP address lives, use it. */
3834 }
3836 /* Otherwise, fail. */
3838 }