36 int keep_capabilities = 0;
39 #ifdef HAVE_LIBSYSTEMD
40 #include <systemd/sd-daemon.h>
89 isc_boolean_t use_if_id = ISC_FALSE;
108 struct sockaddr_in
to;
113 struct stream_list *next;
115 struct sockaddr_in6 link;
117 } *downstreams, *upstreams;
119 static struct stream_list *parse_downstream(
char *);
120 static struct stream_list *parse_upstream(
char *);
121 static void setup_streams(
void);
129 char *dhcrelay_sub_id = NULL;
133 unsigned int,
unsigned int,
struct iaddr,
138 static int find_interface_by_agent_option(
struct dhcp_packet *,
144 static const char copyright[] =
145 "Copyright 2004-2014 Internet Systems Consortium.";
146 static const char arr[] =
"All rights reserved.";
147 static const char message[] =
148 "Internet Systems Consortium DHCP Relay Agent";
149 static const char url[] =
150 "For info, please visit https://www.isc.org/software/dhcp/";
153 #define DHCRELAY_USAGE \
154 "Usage: dhcrelay [-4] [-d] [-q] [-a] [-D]\n"\
155 " [-A <length>] [-c <hops>] [-p <port>]\n" \
156 " [-pf <pid-file>] [--no-pid]\n"\
157 " [-m append|replace|forward|discard]\n" \
158 " [-i interface0 [ ... -i interfaceN]\n" \
159 " server0 [ ... serverN]\n\n" \
160 " dhcrelay -6 [-d] [-q] [-I] [-c <hops>] [-p <port>]\n" \
161 " [-pf <pid-file>] [--no-pid]\n" \
162 " [-s <subscriber-id>]\n" \
163 " -l lower0 [ ... -l lowerN]\n" \
164 " -u upper0 [ ... -u upperN]\n" \
165 " lower (client link): [address%%]interface[#index]\n" \
166 " upper (server link): [address%%]interface"
168 #define DHCRELAY_USAGE \
169 "Usage: dhcrelay [-d] [-q] [-a] [-D] [-A <length>] [-c <hops>] [-p <port>]\n" \
170 " [-pf <pid-file>] [--no-pid]\n" \
171 " [-m append|replace|forward|discard]\n" \
172 " [-i interface0 [ ... -i interfaceN]\n" \
173 " server0 [ ... serverN]\n\n"
176 static void usage() {
186 char *service_local = NULL, *service_remote = NULL;
187 u_int16_t port_local = 0, port_remote = 0;
192 struct stream_list *sl = NULL;
193 int local_family_set = 0;
199 fd = open(
"/dev/null", O_RDWR | O_CLOEXEC);
201 fd = open(
"/dev/null", O_RDWR | O_CLOEXEC);
203 fd = open(
"/dev/null", O_RDWR | O_CLOEXEC);
212 setlogmask(LOG_UPTO(LOG_INFO));
218 if (status != ISC_R_SUCCESS)
219 log_fatal(
"Can't initialize context: %s",
220 isc_result_totext(status));
224 if (status != ISC_R_SUCCESS)
226 isc_result_totext(status));
231 for (i = 1; i < argc; i++) {
232 if (!strcmp(argv[i],
"-4")) {
237 local_family_set = 1;
239 }
else if (!strcmp(argv[i],
"-6")) {
243 local_family_set = 1;
246 }
else if (!strcmp(argv[i],
"-d")) {
248 }
else if (!strcmp(argv[i],
"-q")) {
251 }
else if (!strcmp(argv[i],
"-p")) {
255 log_debug(
"binding to user-specified port %d",
257 }
else if (!strcmp(argv[i],
"-c")) {
261 hcount = atoi(argv[i]);
266 }
else if (!strcmp(argv[i],
"-i")) {
271 local_family_set = 1;
277 if (strlen(argv[i]) >=
sizeof(tmp->
name)) {
280 argv[i], (
long)strlen(argv[i]));
282 status = interface_allocate(&tmp,
MDL);
283 if (status != ISC_R_SUCCESS) {
286 isc_result_totext(status));
288 strcpy(tmp->
name, argv[i]);
290 interface_dereference(&tmp,
MDL);
291 }
else if (!strcmp(argv[i],
"-a")) {
296 local_family_set = 1;
300 }
else if (!strcmp(argv[i],
"-A")) {
305 local_family_set = 1;
315 "longest possible MTU\n",
317 }
else if (!strcmp(argv[i],
"-m")) {
322 local_family_set = 1;
327 if (!strcasecmp(argv[i],
"append")) {
329 }
else if (!strcasecmp(argv[i],
"replace")) {
331 }
else if (!strcasecmp(argv[i],
"forward")) {
333 }
else if (!strcasecmp(argv[i],
"discard")) {
337 }
else if (!strcmp(argv[i],
"-D")) {
342 local_family_set = 1;
347 }
else if (!strcmp(argv[i],
"-I")) {
351 local_family_set = 1;
353 use_if_id = ISC_TRUE;
354 }
else if (!strcmp(argv[i],
"-l")) {
358 local_family_set = 1;
360 if (downstreams != NULL)
361 use_if_id = ISC_TRUE;
364 sl = parse_downstream(argv[i]);
365 sl->next = downstreams;
367 }
else if (!strcmp(argv[i],
"-u")) {
371 local_family_set = 1;
375 sl = parse_upstream(argv[i]);
376 sl->next = upstreams;
378 }
else if (!strcmp(argv[i],
"-s")) {
382 local_family_set = 1;
386 dhcrelay_sub_id = argv[i];
388 }
else if (!strcmp(argv[i],
"-nc")) {
389 #ifdef HAVE_LIBCAP_NG
390 keep_capabilities = 1;
392 }
else if (!strcmp(argv[i],
"-pf")) {
397 }
else if (!strcmp(argv[i],
"--no-pid")) {
399 }
else if (!strcmp(argv[i],
"--version")) {
402 }
else if (!strcmp(argv[i],
"--help") ||
403 !strcmp(argv[i],
"-h")) {
406 }
else if (argv[i][0] ==
'-') {
410 struct in_addr ia, *iap = NULL;
416 local_family_set = 1;
419 if (inet_aton(argv[i], &ia)) {
422 he = gethostbyname(argv[i]);
426 iap = ((
struct in_addr *)
438 memcpy(&sp->
to.sin_addr, iap,
sizeof *iap);
462 #ifdef HAVE_LIBCAP_NG
464 if (!keep_capabilities) {
465 capng_clear(CAPNG_SELECT_BOTH);
466 capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
467 CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1);
468 capng_apply(CAPNG_SELECT_BOTH);
469 log_info (
"Dropped all unnecessary capabilities.");
483 service_local =
"bootps";
484 service_remote =
"bootpc";
485 port_local = htons(67);
486 port_remote = htons(68);
490 service_local =
"dhcpv6-server";
491 service_remote =
"dhcpv6-client";
492 port_local = htons(547);
493 port_remote = htons(546);
498 ent = getservbyname(service_local,
"udp");
504 ent = getservbyname(service_remote,
"udp");
523 sp->
to.sin_family = AF_INET;
525 sp->
to.sin_len =
sizeof sp->
to;
534 if (upstreams == NULL || downstreams == NULL) {
535 log_info(
"Must specify at least one lower "
536 "and one upper interface.\n");
545 if (!option_code_hash_lookup(&requested_opts[0],
548 log_fatal(
"Unable to find the RELAY_MSG "
549 "option definition.");
551 if (!option_code_hash_lookup(&requested_opts[1],
554 log_fatal(
"Unable to find the INTERFACE_ID "
555 "option definition.");
560 gettimeofday(&
cur_tv, NULL);
578 if ((pid = fork()) < 0)
585 O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644);
591 pf = fdopen(pfdesc,
"we");
596 fprintf(pf,
"%ld\n",(
long)getpid());
618 #if defined(ENABLE_GENTLE_SHUTDOWN)
625 #ifdef HAVE_LIBCAP_NG
627 if (!keep_capabilities) {
628 capng_clear(CAPNG_SELECT_BOTH);
629 capng_apply(CAPNG_SELECT_BOTH);
630 log_info (
"Dropped all capabilities.");
634 #ifdef HAVE_LIBSYSTEMD
636 sd_notifyf(0,
"READY=1\n"
637 "STATUS=Dispatching packets...\n"
639 (
unsigned long) getpid());
651 unsigned int length,
unsigned int from_port,
struct iaddr from,
654 struct sockaddr_in to;
659 log_info(
"Discarding packet with invalid hlen, received on "
660 "%s interface.", ip->
name);
664 log_info(
"Discarding packet received on %s interface that "
665 "has no IPv4 address assigned.", ip->
name);
671 if (packet->
giaddr.s_addr) {
694 to.sin_addr = packet->
yiaddr;
700 to.sin_addr.s_addr = htonl(INADDR_BROADCAST);
706 to.sin_family = AF_INET;
708 to.sin_len =
sizeof to;
711 memcpy(&hto.hbuf[1], packet->
chaddr, packet->
hlen);
712 hto.hbuf[0] = packet->
htype;
713 hto.hlen = packet->
hlen + 1;
720 strip_relay_agent_options(ip, &out, packet, length)))
724 log_error(
"Packet to bogus giaddr %s.\n",
725 inet_ntoa(packet->
giaddr));
734 log_debug(
"Forwarded BOOTREPLY for %s to %s",
737 inet_ntoa(to.sin_addr));
751 if (!(length = add_relay_agent_options(ip, packet, length,
760 if (!packet->
giaddr.s_addr)
773 &sp->
to, NULL) < 0) {
776 log_debug(
"Forwarded BOOTREQUEST for %s to %s",
779 inet_ntoa(sp->
to.sin_addr));
796 u_int8_t *op, *nextop, *sp, *max;
797 int good_agent_option = 0;
810 max = ((u_int8_t *)packet) + length;
845 nextop = op + op[1] + 2;
849 status = find_interface_by_agent_option(packet,
855 good_agent_option = 1;
865 nextop = op + op[1] + 2;
870 memmove(sp, op, op[1] + 2);
890 if (!good_agent_option) {
898 length = sp -((u_int8_t *)packet);
923 find_interface_by_agent_option(
struct dhcp_packet *packet,
925 u_int8_t *buf,
int len) {
927 u_int8_t *circuit_id = 0;
928 unsigned circuit_id_len = 0;
935 i + buf[i + 1] + 2 > len) {
942 circuit_id = &buf[i + 2];
943 circuit_id_len = buf[i + 1];
944 i += circuit_id_len + 2;
963 for (ip = interfaces; ip; ip = ip->
next) {
966 !memcmp(ip->
circuit_id, circuit_id, circuit_id_len))
988 unsigned length,
struct in_addr
giaddr) {
989 int is_dhcp = 0, mms;
991 u_int8_t *op, *nextop, *sp, *max, *end_pad = NULL;
1006 sp = op = &packet->
options[4];
1021 if (end_pad == NULL)
1041 mms = ntohs(*(op + 2));
1044 max = ((u_int8_t *)packet) + mms;
1087 nextop = op + op[1] + 2;
1094 memmove(sp, op, op[1] + 2);
1112 if (end_pad != NULL)
1123 log_fatal(
"Circuit ID length %d out of range [1-255] on "
1129 log_fatal(
"Remote ID length %d out of range [1-255] "
1137 if ((optlen < 3) ||(optlen > 255))
1138 log_fatal(
"Total agent option length(%u) out of range "
1139 "[3 - 255] on %s\n", optlen, ip->
name);
1145 if (max - sp >= optlen + 3) {
1146 log_debug(
"Adding %d-byte relay agent option", optlen + 3);
1167 log_error(
"No room in packet (used %d of %d) "
1168 "for %d-byte relay agent option: omitted",
1169 (
int) (sp - ((u_int8_t *) packet)),
1170 (
int) (max - ((u_int8_t *) packet)),
1182 length = sp -((u_int8_t *)packet);
1197 static struct stream_list *
1198 parse_downstream(
char *arg) {
1199 struct stream_list *dp, *
up;
1201 char *ifname, *addr, *iid;
1202 isc_result_t status;
1205 (downstreams != NULL))
1206 log_fatal(
"No support for multiple interfaces.");
1209 ifname = strchr(arg,
'%');
1210 if (ifname == NULL) {
1217 iid = strchr(ifname,
'#');
1221 if (strlen(ifname) >=
sizeof(ifp->
name)) {
1222 log_error(
"Interface name '%s' too long", ifname);
1227 for (dp = downstreams; dp; dp = dp->next) {
1228 if (strcmp(ifname, dp->ifp->name) == 0)
1229 log_fatal(
"Down interface '%s' declared twice.",
1234 for (up = upstreams;
up; up = up->next) {
1235 if (strcmp(ifname, up->ifp->name) == 0) {
1236 log_info(
"Interface '%s' is both down and up.",
1245 status = interface_allocate(&ifp,
MDL);
1246 if (status != ISC_R_SUCCESS)
1248 arg, isc_result_totext(status));
1249 strcpy(ifp->
name, ifname);
1251 interface_reference(&ifp->
next, interfaces,
MDL);
1252 interface_dereference(&interfaces,
MDL);
1254 interface_reference(&interfaces, ifp,
MDL);
1259 dp = (
struct stream_list *)
dmalloc(
sizeof(*dp),
MDL);
1269 if (addr && (inet_pton(AF_INET6, addr, &dp->link.sin6_addr) <= 0))
1270 log_fatal(
"Bad link address '%s'", addr);
1278 static struct stream_list *
1279 parse_upstream(
char *arg) {
1280 struct stream_list *
up, *dp;
1282 char *ifname, *addr;
1283 isc_result_t status;
1286 ifname = strchr(arg,
'%');
1287 if (ifname == NULL) {
1294 if (strlen(ifname) >=
sizeof(ifp->
name)) {
1295 log_fatal(
"Interface name '%s' too long", ifname);
1299 for (up = upstreams;
up; up = up->next) {
1300 if (strcmp(ifname, up->ifp->name) == 0) {
1305 for (dp = downstreams; dp; dp = dp->next) {
1306 if (strcmp(ifname, dp->ifp->name) == 0) {
1314 status = interface_allocate(&ifp,
MDL);
1315 if (status != ISC_R_SUCCESS)
1317 arg, isc_result_totext(status));
1318 strcpy(ifp->
name, ifname);
1320 interface_reference(&ifp->
next, interfaces,
MDL);
1321 interface_dereference(&interfaces,
MDL);
1323 interface_reference(&interfaces, ifp,
MDL);
1328 up = (
struct stream_list *)
dmalloc(
sizeof(*up),
MDL);
1334 if (inet_pton(AF_INET6, addr, &up->link.sin6_addr) <= 0)
1344 setup_streams(
void) {
1345 struct stream_list *dp, *
up;
1347 isc_boolean_t link_is_set;
1349 for (dp = downstreams; dp; dp = dp->next) {
1351 if (dp->ifp->v6address_count == 0)
1352 log_fatal(
"Interface '%s' has no IPv6 addresses.",
1356 if (IN6_IS_ADDR_UNSPECIFIED(&dp->link.sin6_addr))
1357 link_is_set = ISC_FALSE;
1359 link_is_set = ISC_TRUE;
1360 for (i = 0; i < dp->ifp->v6address_count; i++) {
1361 if (IN6_IS_ADDR_LINKLOCAL(&dp->ifp->v6addresses[i]))
1365 if (!memcmp(&dp->ifp->v6addresses[i],
1366 &dp->link.sin6_addr,
1367 sizeof(dp->link.sin6_addr)))
1370 if (i == dp->ifp->v6address_count)
1371 log_fatal(
"Interface %s does not have global IPv6 "
1372 "address assigned.", dp->ifp->name);
1374 memcpy(&dp->link.sin6_addr,
1375 &dp->ifp->v6addresses[i],
1376 sizeof(dp->link.sin6_addr));
1380 dp->id = dp->ifp->index;
1383 for (up = upstreams;
up; up = up->next) {
1385 up->link.sin6_family = AF_INET6;
1387 up->link.sin6_len =
sizeof(up->link);
1390 if (up->ifp->v6address_count == 0)
1391 log_fatal(
"Interface '%s' has no IPv6 addresses.",
1399 static const int required_forw_opts[] = {
1410 process_up6(
struct packet *packet,
struct stream_list *dp) {
1411 char forw_data[65535];
1415 struct stream_list *
up;
1429 log_info(
"Relaying %s from %s port %d going up.",
1440 log_info(
"Discarding %s from %s port %d going up.",
1447 log_info(
"Unknown %d type from %s port %d going up.",
1468 if (!use_if_id && downstreams->next) {
1469 log_info(
"Shan't get back the interface.");
1485 log_fatal(
"No memory for upwards options.");
1494 }
else if (!downstreams->next) {
1495 if_id = downstreams->id;
1497 log_info(
"Don't know the interface.");
1503 NULL, (
unsigned char *) &if_id,
1514 if (dhcrelay_sub_id != NULL) {
1516 (
unsigned char *) dhcrelay_sub_id,
1517 strlen(dhcrelay_sub_id),
1528 NULL, (
unsigned char *) packet->
raw,
1538 sizeof(forw_data) - cursor,
1540 required_forw_opts, NULL);
1544 for (up = upstreams;
up; up = up->next) {
1546 (
size_t) cursor, &up->link);
1554 process_down6(
struct packet *packet) {
1555 struct stream_list *dp;
1560 struct sockaddr_in6 to;
1566 log_info(
"Discarding %s from %s port %d going down.",
1571 log_info(
"Unknown %d type from %s port %d going down.",
1579 memset(&relay_msg, 0,
sizeof(relay_msg));
1580 memset(&if_id, 0,
sizeof(if_id));
1581 memset(&to, 0,
sizeof(to));
1582 to.sin6_family = AF_INET6;
1584 to.sin6_len =
sizeof(to);
1598 (relay_msg.len < offsetof(
struct dhcpv6_packet, options))) {
1613 (if_id.len !=
sizeof(
int))) {
1614 log_info(
"Can't evaluate interface-id.");
1617 memcpy(&if_index, if_id.data,
sizeof(
int));
1618 for (dp = downstreams; dp; dp = dp->next) {
1619 if (dp->id == if_index)
1628 for (dp = downstreams; dp; dp = dp->next) {
1630 if (!memcmp(&dp->link.sin6_addr,
1632 sizeof(
struct in6_addr)))
1637 if (!dp && downstreams && !downstreams->next)
1640 log_info(
"Can't find the down interface.");
1658 log_info(
"Relaying %s to %s port %d down.",
1661 ntohs(to.sin6_port));
1673 log_info(
"Discarding %s to %s port %d down.",
1676 ntohs(to.sin6_port));
1680 log_info(
"Unknown %d type to %s port %d down.",
1683 ntohs(to.sin6_port));
1688 send_packet6(dp->ifp, (
unsigned char *) relay_msg.data,
1689 (
size_t) relay_msg.len, &to);
1692 if (relay_msg.data != NULL)
1694 if (if_id.data != NULL)
1702 dhcpv6(
struct packet *packet) {
1703 struct stream_list *dp;
1707 process_down6(packet);
1711 for (dp = downstreams; dp; dp = dp->next) {
1714 process_up6(packet, dp);
1719 process_up6(packet, NULL);
1723 log_info(
"Can't process packet from interface '%s'.",
1750 find_class(
struct class **
class,
const char *c1,
const char *c2,
int i) {
1751 return ISC_R_NOTFOUND;
1763 return ISC_R_SUCCESS;
void do_packet6(struct interface_info *, const char *, int, int, const struct iaddr *, isc_boolean_t)
unsigned char peer_address[16]
#define DHO_DHCP_AGENT_OPTIONS
int drop_agent_mismatches
isc_boolean_t no_dhcrelay_pid
struct tree_cache * global_options[256]
struct binding_scope * global_scope
void(* dhcpv6_packet_handler)(struct interface_info *, const char *, int, int, const struct iaddr *, isc_boolean_t)
const char * piaddr(const struct iaddr addr)
void bootp(struct packet *packet)
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
int check_collection(struct packet *p, struct lease *l, struct collection *c)
void * dmalloc(unsigned, const char *, int)
char * print_hw_addr(int htype, const int hlen, const unsigned char *data) const
const char * dhcpv6_type_names[]
int int int log_debug(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_RECONFIGURE
const char * path_dhcrelay_pid
isc_result_t dhcp_set_control_state(control_object_state_t oldstate, control_object_state_t newstate)
#define DHCP_CONTEXT_PRE_DB
struct in_addr * addresses
void data_string_forget(struct data_string *data, const char *file, int line)
int log_error(const char *,...) __attribute__((__format__(__printf__
int dhcp_max_agent_option_packet_length
struct option_state * options
unsigned char dhcpv6_hop_count
unsigned char link_address[16]
unsigned char dhcpv6_msg_type
void log_fatal(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_RELAY_REPL
#define DHCPV6_LEASEQUERY
#define DHCP_CONTEXT_POST_DB
isc_boolean_t no_pid_file
struct option * requested_opts[2]
u_int16_t validate_port(char *port)
void dhcp_signal_handler(int signal)
struct server_list * next
struct interface_info * fallback_interface
int option_state_allocate(struct option_state **ptr, const char *file, int line)
isc_result_t dhcp_context_create(int flags, struct in_addr *local4, struct in6_addr *local6)
int evaluate_option_cache(struct data_string *result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
enum @28 agent_relay_mode
#define _PATH_DHCRELAY6_PID
struct interface_info * interface
ssize_t send_packet6(struct interface_info *, const unsigned char *, size_t, struct sockaddr_in6 *)
void(* bootp_packet_handler)(struct interface_info *, struct dhcp_packet *, unsigned, unsigned int, struct iaddr, struct hardware *)
#define D6O_SUBSCRIBER_ID
int parse_allow_deny(struct option_cache **oc, struct parse *p, int i)
ssize_t send_packet(struct interface_info *, struct packet *, struct dhcp_packet *, size_t, struct in_addr, struct sockaddr_in *, struct hardware *)
#define DHCPV6_RELAY_FORW
int save_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
struct option_cache * lookup_option(struct universe *universe, struct option_state *options, unsigned code)
int int log_info(const char *,...) __attribute__((__format__(__printf__
int server_packets_relayed
struct interface_info * interfaces
void interface_snorf(struct interface_info *tmp, int ir)
void dhcp(struct packet *packet)
#define DHO_DHCP_MAX_MESSAGE_SIZE
#define DHCPV6_LEASEQUERY_REPLY
int store_options6(char *buf, int buflen, struct option_state *opt_state, struct packet *packet, const int *required_opts, struct data_string *oro)
int quiet_interface_discovery
int option_state_dereference(struct option_state **ptr, const char *file, int line)
void initialize_common_option_spaces()
void dhcpv6(struct packet *)
const int dhcpv6_type_name_max
struct interface_info * next
struct universe dhcpv6_universe
void classify(struct packet *p, struct class *c)
int supports_multiple_interfaces(struct interface_info *)
isc_result_t interface_setup()
#define INTERFACE_UPSTREAM
struct server_list * servers
#define INTERFACE_DOWNSTREAM
option_code_hash_t * code_hash
#define _PATH_DHCRELAY_PID
struct in6_addr dhcpv6_peer_address
int can_unicast_without_arp(struct interface_info *)
#define DHO_DHCP_MESSAGE_TYPE
int corrupt_agent_options
#define DHCPV6_INFORMATION_REQUEST
struct in6_addr dhcpv6_link_address
int main(int argc, char **argv)
void discover_interfaces(int state)
#define DHCP_OPTIONS_COOKIE
#define INTERFACE_REQUESTED
int client_packets_relayed
isc_result_t omapi_init(void)
unsigned char options[DHCP_MAX_OPTION_LEN]
isc_result_t find_class(struct class **class, const char *c1, const char *c2, int i)