dhcpv6: implement RFC9686

systemcrash · systemcrash · commit bb65e8cbb529 · 2025-12-14T02:54:17.000+01:00
Registering Self-Generated IPv6 Addresses Using DHCPv6 This functionality registers a clients SLAAC or static address in the DHCPv6 pool, primarily for diagnostic purposes as outlined in §1. Most of the machinery required for this functionality already exists, so we perform a few additional sets and checks in the IA code. The address registration mechanism overview: ``` +--------+ +------------------+ +---------------+ | CLIENT | | FIRST-HOP ROUTER | | DHCPv6 SERVER | +--------+ +---------+--------+ +-------+-------+ | SLAAC | | |<--------------------> | | | | | | | | src: link-local address | | --------------------------------------------> | | INFORMATION-REQUEST or SOLICIT/... | | - OPTION REQUEST OPTION | | -- OPTION_ADDR_REG_ENABLE | | | | ... | | | | | |<--------------------------------------------- | | REPLY or ADVERTISE MESSAGE | | - OPTION_ADDR_REG_ENABLE | | | | | | src: address being registered | | --------------------------------------------> | | ADDR-REG-INFORM MESSAGE |Register/ | |log addresses | | | | | <-------------------------------------------- | | ADDR-REG-REPLY MESSAGE | | | ``` Closes openwrt#349 Signed-off-by: Paul Donald <newtwen+github@gmail.com> Link: openwrt#353
diff --git a/src/dhcpv6-ia.c b/src/dhcpv6-ia.c
@@ -862,6 +862,9 @@ static void dhcpv6_log(uint8_t msgtype, struct interface *iface, time_t now,
 	case DHCPV6_MSG_DECLINE:
 		type = "DECLINE";
 		break;
+	case DHCPV6_MSG_ADDR_REG_INFORM:
+		type = "ADDR-REG-INFORM";
+		break;
 	}
 
 	switch (code) {
@@ -985,6 +988,8 @@ ssize_t dhcpv6_ia_handle_IAs(uint8_t *buf, size_t buflen, struct interface *ifac
 		bool is_pd = (otype == DHCPV6_OPT_IA_PD);
 		bool is_na = (otype == DHCPV6_OPT_IA_NA);
 		bool ia_addr_present = false;
+		uint32_t reg_addr_valid_lt = 0;
+		uint32_t reg_addr_preferred_lt = 0;
 		if (!is_pd && !is_na)
 			continue;
 
@@ -1052,6 +1057,19 @@ ssize_t dhcpv6_ia_handle_IAs(uint8_t *buf, size_t buflen, struct interface *ifac
 				if (stype != DHCPV6_OPT_IA_ADDR || slen < sizeof(struct dhcpv6_ia_addr) - 4)
 					continue;
 
+				if (hdr->msg_type == DHCPV6_MSG_ADDR_REG_INFORM) {
+					struct dhcpv6_ia_addr *ia_addr = (struct dhcpv6_ia_addr *)&sdata[-4];
+					/* RFC9686 §4.2 "fate sharing" or §4.2.1
+					 * Servers MUST discard any ADDR-REG-INFORM messages where
+					 * the IP address in the IA Address option does not match the
+					 * source address of the original ADDR-REG-INFORM message sent
+					 * by the client */
+					if(memcmp(&ia_addr->addr, &addr->sin6_addr, sizeof(struct in6_addr)) != 0)
+						return -1;
+					reg_addr_valid_lt = ntohl(ia_addr->valid_lt);
+					reg_addr_preferred_lt = ntohl(ia_addr->preferred_lt);
+				}
+
 				ia_addr_present = true;
 			}
 		}
@@ -1138,9 +1156,31 @@ ssize_t dhcpv6_ia_handle_IAs(uint8_t *buf, size_t buflen, struct interface *ifac
 
 		if (hdr->msg_type == DHCPV6_MSG_SOLICIT ||
 				hdr->msg_type == DHCPV6_MSG_REQUEST ||
-				(hdr->msg_type == DHCPV6_MSG_REBIND && !a)) {
+				(hdr->msg_type == DHCPV6_MSG_REBIND && !a) ||
+				(hdr->msg_type == DHCPV6_MSG_ADDR_REG_INFORM && !a)) {
 			bool assigned = !!a;
 
+			if (hdr->msg_type == DHCPV6_MSG_ADDR_REG_INFORM) {
+				/* RFC9686 - Address Registration
+				 * Handle client-initiated address registration (e.g. for SLAAC addresses).
+				 * The client registers addresses it has configured.
+				 */
+				char addrbuf[INET6_ADDRSTRLEN];
+				inet_ntop(AF_INET6, &addr->sin6_addr, addrbuf, sizeof(addrbuf));
+
+				if (ia_addr_present && !dhcpv6_ia_on_link(ia, a, iface)) {
+					/* RFC9686 §4.2.1 - the server MUST drop the message and SHOULD log this fact */
+					notice("Client %s attempted to register an address not on this link", addrbuf);
+					return -1;
+				} else if (!ia_addr_present) {
+					/* RFC9686 §4.2.1
+					 * Servers MUST discard any ADDR-REG-INFORM messages where
+					 * the message does not include the IA Address option */
+					notice("Client %s included no IA Address option in ADDR-REG-INFORM", addrbuf);
+					return -1;
+				}
+			}
+
 			if (!a) {
 				if ((!iface->no_dynamic_dhcp || (lease_cfg && is_na)) &&
 				    (iface->dhcpv6_pd || iface->dhcpv6_na)) {
@@ -1162,6 +1202,13 @@ ssize_t dhcpv6_ia_handle_IAs(uint8_t *buf, size_t buflen, struct interface *ifac
 						a->iface = iface;
 						a->flags = (is_pd ? OAF_DHCPV6_PD : OAF_DHCPV6_NA);
 
+						if (hdr->msg_type == DHCPV6_MSG_ADDR_REG_INFORM) {
+
+							a->valid_until = now + reg_addr_valid_lt;
+							a->preferred_until = now + reg_addr_preferred_lt;
+
+						}
+
 						if (first)
 							memcpy(a->key, first->key, sizeof(a->key));
 						else
@@ -1237,7 +1284,8 @@ ssize_t dhcpv6_ia_handle_IAs(uint8_t *buf, size_t buflen, struct interface *ifac
 			} else if (assigned &&
 				   ((hdr->msg_type == DHCPV6_MSG_SOLICIT && rapid_commit) ||
 				    hdr->msg_type == DHCPV6_MSG_REQUEST ||
-				    hdr->msg_type == DHCPV6_MSG_REBIND)) {
+				    hdr->msg_type == DHCPV6_MSG_REBIND ||
+				    hdr->msg_type == DHCPV6_MSG_ADDR_REG_INFORM)) {
 				if (hostname_len > 0 && (!a->lease_cfg || !a->lease_cfg->hostname)) {
 					char *tmp = realloc(a->hostname, hostname_len + 1);
 					if (tmp) {
@@ -1248,8 +1296,16 @@ ssize_t dhcpv6_ia_handle_IAs(uint8_t *buf, size_t buflen, struct interface *ifac
 					}
 				}
 				a->accept_fr_nonce = accept_reconf;
-				a->bound = true;
-				apply_lease(a, true);
+				/* RFC9686 §4.6.3 If the server receives a message with a
+				 * valid-lifetime of zero, it MUST act as if the address has expired.
+				 * A preferred lifetime of 0 means deprecated but still valid. */
+				if (hdr->msg_type == DHCPV6_MSG_ADDR_REG_INFORM && reg_addr_valid_lt == 0) {
+					a->bound = false;
+					apply_lease(a, false);
+				} else {
+					a->bound = true;
+					apply_lease(a, true);
+				}
 			} else if (!assigned) {
 				/* Clean up failed assignment */
 				dhcpv6_free_lease(a);
@@ -1295,6 +1351,9 @@ ssize_t dhcpv6_ia_handle_IAs(uint8_t *buf, size_t buflen, struct interface *ifac
 		buf += ia_response_len;
 		buflen -= ia_response_len;
 		response_len += ia_response_len;
+		/* RFC9686 §4.2.1 If the message passes the verification, the server: 
+		 * MUST log the address registration information.
+		 * odhcpd logs this here anyway as part of normal operation. */
 		dhcpv6_log(hdr->msg_type, iface, now, duidbuf, is_pd, a, status);
 	}
 
diff --git a/src/dhcpv6.c b/src/dhcpv6.c
@@ -190,6 +190,7 @@ enum {
 	IOV_TZDB_TZ_STR,
 	IOV_CAPT_PORTAL,
 	IOV_CAPT_PORTAL_URI,
+	IOV_REG_ENABLE,
 	IOV_TOTAL
 };
 
@@ -347,6 +348,7 @@ static void handle_client_request(void *addr, void *data, size_t len,
 	/* if we include DHCPV4 support, handle this message type */
 	case DHCPV6_MSG_DHCPV4_QUERY:
 #endif
+	case DHCPV6_MSG_ADDR_REG_INFORM:
 		break;
 	/* Invalid message types for clients i.e. server messages */
 	case DHCPV6_MSG_ADVERTISE:
@@ -358,6 +360,7 @@ static void handle_client_request(void *addr, void *data, size_t len,
 	case DHCPV6_MSG_DHCPV4_QUERY:
 #endif
 	case DHCPV6_MSG_DHCPV4_RESPONSE:
+	case DHCPV6_MSG_ADDR_REG_REPLY:
 	default:
 		return;
 	}
@@ -424,6 +427,15 @@ static void handle_client_request(void *addr, void *data, size_t len,
 	} refresh = {htons(DHCPV6_OPT_INFO_REFRESH), htons(sizeof(uint32_t)),
 			htonl(600)};
 
+	struct _o_packed {
+		uint16_t type;
+		uint16_t len;
+	} reg_enable = {
+		htons(DHCPV6_OPT_ADDR_REG_ENABLE),
+		htons(0),
+	};
+	bool client_addr_reg_enable = false;
+
 	struct in6_addr *dns_addrs6 = NULL, dns_addr6;
 	size_t dns_addrs6_cnt = 0;
 
@@ -611,6 +623,10 @@ static void handle_client_request(void *addr, void *data, size_t len,
 				memcpy(&d6dnr->len, &d6dnr_len_be, sizeof(d6dnr_len_be));
 			}
 			break;
+
+		case DHCPV6_OPT_ADDR_REG_ENABLE:
+			client_addr_reg_enable = true;
+			break;
 		}
 	}
 
@@ -667,7 +683,8 @@ static void handle_client_request(void *addr, void *data, size_t len,
 		[IOV_DHCPV4O6_SERVER] = {&dhcpv4o6_server, 0},
 		[IOV_CAPT_PORTAL] = {&capt_portal, capt_portal_len ? sizeof(capt_portal) : 0},
 		[IOV_CAPT_PORTAL_URI] = {capt_portal_ptr, capt_portal_len ? capt_portal_len : 0},
-		[IOV_BOOTFILE_URL] = {NULL, 0}
+		[IOV_BOOTFILE_URL] = {NULL, 0},
+		[IOV_REG_ENABLE] = {&reg_enable, client_addr_reg_enable ? sizeof(reg_enable) : 0},
 	};
 
 	if (hdr->msg_type == DHCPV6_MSG_RELAY_FORW)
@@ -687,13 +704,22 @@ static void handle_client_request(void *addr, void *data, size_t len,
 			memcpy(clientid.buf, odata, olen);
 			iov[IOV_CLIENTID].iov_len = offsetof(typeof(clientid), buf) + olen;
 		} else if (otype == DHCPV6_OPT_SERVERID) {
+			/* RFC9686 §4.2.1 Servers MUST discard any ADDR-REG-INFORM that
+			 * includes a Server Identifier option */
+			if (hdr->msg_type == DHCPV6_MSG_ADDR_REG_INFORM)
+				return;
 			if (olen != ntohs(dest.serverid_length) ||
 			    memcmp(odata, &dest.serverid_buf, olen))
 				return; /* Not for us */
 		} else if (otype == DHCPV6_OPT_RAPID_COMMIT && hdr->msg_type == DHCPV6_MSG_SOLICIT) {
 			iov[IOV_RAPID_COMMIT].iov_len = sizeof(rapid_commit);
 			o_rapid_commit = true;
 		} else if (otype == DHCPV6_OPT_ORO) {
+			/* RFC9686 §4.2.1 Servers MUST discard any ADDR-REG-INFORM that
+			 * includes an Option Request option */
+			if (hdr->msg_type == DHCPV6_MSG_ADDR_REG_INFORM)
+				return;
+
 			for (int i=0; i < olen/2; i++) {
 				uint16_t option = ntohs(((uint16_t *)odata)[i]);
 
@@ -751,6 +777,13 @@ static void handle_client_request(void *addr, void *data, size_t len,
 
 	if (hdr->msg_type == DHCPV6_MSG_SOLICIT && !o_rapid_commit) {
 		dest.msg_type = DHCPV6_MSG_ADVERTISE;
+	} else if (hdr->msg_type == DHCPV6_MSG_ADDR_REG_INFORM) {
+		/* RFC9686 §4.2 The client MUST include the Client Identifier option or
+		 * §4.2.1 Servers MUST discard any ADDR-REG-INFORM messages that do not
+		 * include a Client Identifier option */
+		if (clientid.len == 0)
+			return;
+		dest.msg_type = DHCPV6_MSG_ADDR_REG_REPLY;
 	} else if (hdr->msg_type == DHCPV6_MSG_INFORMATION_REQUEST) {
 		iov[IOV_REFRESH].iov_base = &refresh;
 		iov[IOV_REFRESH].iov_len = sizeof(refresh);
@@ -805,7 +838,8 @@ static void handle_client_request(void *addr, void *data, size_t len,
 				      iov[IOV_POSIX_TZ].iov_len + iov[IOV_POSIX_TZ_STR].iov_len +
 				      iov[IOV_TZDB_TZ].iov_len + iov[IOV_TZDB_TZ_STR].iov_len +
 				      iov[IOV_CAPT_PORTAL].iov_len + iov[IOV_CAPT_PORTAL_URI].iov_len +
-				      iov[IOV_DNR].iov_len + iov[IOV_BOOTFILE_URL].iov_len -
+				      iov[IOV_DNR].iov_len + iov[IOV_BOOTFILE_URL].iov_len +
+				      iov[IOV_REG_ENABLE].iov_len -
 				      (4 + opts_end - opts));
 
 	debug("Sending a DHCPv6-%s on %s", iov[IOV_NESTED].iov_len ? "relay-reply" : "reply", iface->name);
@@ -957,6 +991,10 @@ static void relay_client_request(struct sockaddr_in6 *source,
 	struct interface *c;
 	struct odhcpd_ipaddr *ip;
 	struct sockaddr_in6 s;
+	uint16_t otype, olen;
+	uint8_t *start = (uint8_t *)&data, *odata;
+	const uint8_t *end = (uint8_t *)data + len;
+
 
 	switch (h->msg_type) {
 	/* Valid message types from clients */
@@ -970,13 +1008,15 @@ static void relay_client_request(struct sockaddr_in6 *source,
 	case DHCPV6_MSG_INFORMATION_REQUEST:
 	case DHCPV6_MSG_RELAY_FORW:
 	case DHCPV6_MSG_DHCPV4_QUERY:
+	case DHCPV6_MSG_ADDR_REG_INFORM:
 		break;
 	/* Invalid message types from clients i.e. server messages */
 	case DHCPV6_MSG_ADVERTISE:
 	case DHCPV6_MSG_REPLY:
 	case DHCPV6_MSG_RECONFIGURE:
 	case DHCPV6_MSG_RELAY_REPL:
 	case DHCPV6_MSG_DHCPV4_RESPONSE:
+	case DHCPV6_MSG_ADDR_REG_REPLY:
 		return;
 	default:
 		break;
@@ -991,6 +1031,31 @@ static void relay_client_request(struct sockaddr_in6 *source,
 		hdr.hop_count = h->hop_count + 1;
 	}
 
+	/* RFC9686 §4.2 "fate sharing" or 
+	 * RFC9686 §4.2.1 Servers MUST discard any ADDR-REG-INFORM messages where
+	 * the IP address in the IA Address option does not match the source address
+	 * of the original ADDR-REG-INFORM message sent by the client.
+	 * The source address of the original message is the source IP address of
+	 * the packet if it is not (yet) relayed. */
+	if (h->msg_type == DHCPV6_MSG_ADDR_REG_INFORM) {
+		dhcpv6_for_each_option(start, end, otype, olen, odata) {
+			bool is_na = (otype == DHCPV6_OPT_IA_NA);
+			struct dhcpv6_ia_hdr *ia = (struct dhcpv6_ia_hdr*)&odata[-4];
+			if (is_na) {
+				uint8_t *sdata;
+				uint16_t stype, slen;
+				dhcpv6_for_each_sub_option(&ia[1], odata + olen, stype, slen, sdata) {
+					if (stype != DHCPV6_OPT_IA_ADDR || slen < sizeof(struct dhcpv6_ia_addr) - 4)
+						return;
+
+					struct dhcpv6_ia_addr *ia_addr = (struct dhcpv6_ia_addr *)&sdata[-4];
+					if (memcmp(&ia_addr->addr, &source->sin6_addr, sizeof(struct in6_addr)) != 0)
+						return;
+				}
+			}
+		}
+	}
+
 	/* use memcpy here as the destination fields are unaligned */
 	memcpy(&hdr.peer_address, &source->sin6_addr, sizeof(struct in6_addr));
 	memcpy(&hdr.interface_id_data, &iface->ifindex, sizeof(iface->ifindex));
diff --git a/src/dhcpv6.h b/src/dhcpv6.h
@@ -41,6 +41,9 @@
 /* RFC7341 */
 #define DHCPV6_MSG_DHCPV4_QUERY 20
 #define DHCPV6_MSG_DHCPV4_RESPONSE 21
+/* RFC9686 */
+#define DHCPV6_MSG_ADDR_REG_INFORM 36
+#define DHCPV6_MSG_ADDR_REG_REPLY 37
 
 #define DHCPV6_OPT_CLIENTID 1
 #define DHCPV6_OPT_SERVERID 2
@@ -77,6 +80,8 @@
 /* RFC8910 */
 #define DHCPV6_OPT_CAPTIVE_PORTAL 103
 #define DHCPV6_OPT_DNR 144
+/* RFC9686 */
+#define DHCPV6_OPT_ADDR_REG_ENABLE 148
 
 #define DHCPV6_DUID_VENDOR 2
 
