BIND 10 trac2325, updated. f2a03c4538343e2a6941e5037925a63a7e71f68c Merge remote-tracking branch 'origin/trac2325' into trac2325
BIND 10 source code commits
bind10-changes at lists.isc.org
Tue Dec 4 13:42:01 UTC 2012
The branch, trac2325 has been updated
via f2a03c4538343e2a6941e5037925a63a7e71f68c (commit)
via 936137b0b10508b395cbd4a71ad07c1ec0ffb655 (commit)
via cacc927a7096327c8e19479058258cecec0eb27e (commit)
via 650e0b501ab48af61704efe9cb503490716c8eec (commit)
via f634e891b21b4533c16871bab7bcd65f6422986d (commit)
via 159af7d5de17a74269cd4af69ac3b569495c4a4e (commit)
from 54663a3c7bda67a6813d2478ff44c8a07d9c48b8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f2a03c4538343e2a6941e5037925a63a7e71f68c
Merge: 936137b 54663a3
Author: Tomek Mrugalski <tomasz at isc.org>
Date: Tue Dec 4 14:41:06 2012 +0100
Merge remote-tracking branch 'origin/trac2325' into trac2325
commit 936137b0b10508b395cbd4a71ad07c1ec0ffb655
Author: Tomek Mrugalski <tomasz at isc.org>
Date: Tue Dec 4 13:49:04 2012 +0100
[2325] Remaining tests for RENEW implemented.
commit cacc927a7096327c8e19479058258cecec0eb27e
Author: Tomek Mrugalski <tomasz at isc.org>
Date: Tue Dec 4 13:46:41 2012 +0100
[2325] Option6IA::setIAID() implemented.
commit 650e0b501ab48af61704efe9cb503490716c8eec
Author: Tomek Mrugalski <tomasz at isc.org>
Date: Mon Dec 3 20:07:24 2012 +0100
[2325] Renew support implemented.
commit f634e891b21b4533c16871bab7bcd65f6422986d
Author: Tomek Mrugalski <tomasz at isc.org>
Date: Mon Dec 3 16:30:22 2012 +0100
[2325] Sanity checks for DHCPv6 server implemented.
commit 159af7d5de17a74269cd4af69ac3b569495c4a4e
Author: Tomek Mrugalski <tomasz at isc.org>
Date: Thu Nov 29 17:30:50 2012 +0100
[2325] Option::equal() method implemented.
-----------------------------------------------------------------------
Summary of changes:
src/bin/dhcp6/dhcp6_messages.mes | 6 +
src/bin/dhcp6/dhcp6_srv.cc | 243 +++++++++++++++++++----
src/bin/dhcp6/dhcp6_srv.h | 66 ++++++-
src/bin/dhcp6/tests/dhcp6_srv_unittest.cc | 301 +++++++++++++++++++++++++++--
src/lib/dhcp/option6_ia.h | 9 +-
src/lib/dhcp/tests/option6_ia_unittest.cc | 3 +
src/lib/dhcpsrv/subnet.h | 2 +-
7 files changed, 572 insertions(+), 58 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/dhcp6/dhcp6_messages.mes b/src/bin/dhcp6/dhcp6_messages.mes
index 6b82344..be50591 100644
--- a/src/bin/dhcp6/dhcp6_messages.mes
+++ b/src/bin/dhcp6/dhcp6_messages.mes
@@ -81,6 +81,12 @@ This message indicates that the server failed to grant (in response to
received REQUEST) a lease for a given client. There may be many reasons for
such failure. Each specific failure is logged in a separate log entry.
+% DHCP6_REQUIRED_OPTIONS_CHECK_FAIL %1 message received from %2 failed the following check: %3
+This message indicates that received message has invalid number of options:
+mandatory client-id option is missing, server-id forbidden in that particular
+type of message is present, there is more than one instance of client-id
+or server-id etc. Exact reason for rejecting the packed is printed.
+
% DHCP6_NOT_RUNNING IPv6 DHCP server is not running
A warning message is issued when an attempt is made to shut down the
IPv6 DHCP server but it is not running.
diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc
index 876e954..5edb6ea 100644
--- a/src/bin/dhcp6/dhcp6_srv.cc
+++ b/src/bin/dhcp6/dhcp6_srv.cc
@@ -132,44 +132,51 @@ bool Dhcpv6Srv::run() {
.arg(query->getBuffer().getLength())
.arg(query->toText());
- switch (query->getType()) {
- case DHCPV6_SOLICIT:
- rsp = processSolicit(query);
- break;
+ try {
+ switch (query->getType()) {
+ case DHCPV6_SOLICIT:
+ rsp = processSolicit(query);
+ break;
- case DHCPV6_REQUEST:
- rsp = processRequest(query);
- break;
+ case DHCPV6_REQUEST:
+ rsp = processRequest(query);
+ break;
- case DHCPV6_RENEW:
- rsp = processRenew(query);
- break;
+ case DHCPV6_RENEW:
+ rsp = processRenew(query);
+ break;
- case DHCPV6_REBIND:
- rsp = processRebind(query);
- break;
+ case DHCPV6_REBIND:
+ rsp = processRebind(query);
+ break;
- case DHCPV6_CONFIRM:
- rsp = processConfirm(query);
- break;
+ case DHCPV6_CONFIRM:
+ rsp = processConfirm(query);
+ break;
- case DHCPV6_RELEASE:
+ case DHCPV6_RELEASE:
rsp = processRelease(query);
break;
- case DHCPV6_DECLINE:
- rsp = processDecline(query);
- break;
+ case DHCPV6_DECLINE:
+ rsp = processDecline(query);
+ break;
- case DHCPV6_INFORMATION_REQUEST:
- rsp = processInfRequest(query);
- break;
+ case DHCPV6_INFORMATION_REQUEST:
+ rsp = processInfRequest(query);
+ break;
- default:
- // Only action is to output a message if debug is enabled,
- // and that will be covered by the debug statement before
- // the "switch" statement.
- ;
+ default:
+ // Only action is to output a message if debug is enabled,
+ // and that will be covered by the debug statement before
+ // the "switch" statement.
+ ;
+ }
+ } catch (const RFCViolation& e) {
+ LOG_DEBUG(dhcp6_logger, DBG_DHCP6_BASIC, DHCP6_REQUIRED_OPTIONS_CHECK_FAIL)
+ .arg(query->getName())
+ .arg(query->getRemoteAddr())
+ .arg(e.what());
}
if (rsp) {
@@ -195,9 +202,6 @@ bool Dhcpv6Srv::run() {
}
}
}
-
- // TODO add support for config session (see src/bin/auth/main.cc)
- // so this daemon can be controlled from bob
}
return (true);
@@ -357,6 +361,54 @@ OptionPtr Dhcpv6Srv::createStatusCode(uint16_t code, const std::string& text) {
return (status);
}
+void Dhcpv6Srv::sanityCheck(const Pkt6Ptr& pkt, RequirementLevel clientid,
+ RequirementLevel serverid) {
+ Option::OptionCollection client_ids = pkt->getOptions(D6O_CLIENTID);
+ switch (clientid) {
+ case MANDATORY:
+ if (client_ids.size() != 1) {
+ isc_throw(RFCViolation, "Exactly 1 client-id option expected in "
+ << pkt->getName() << ", but " << client_ids.size()
+ << " received");
+ }
+ break;
+ case OPTIONAL:
+ if (client_ids.size() > 1) {
+ isc_throw(RFCViolation, "Too many (" << client_ids.size()
+ << ") client-id options received in " << pkt->getName());
+ }
+ break;
+
+ case FORBIDDEN:
+ // doesn't make sense - client-id is always allowed
+ break;
+ }
+
+ Option::OptionCollection server_ids = pkt->getOptions(D6O_SERVERID);
+ switch (serverid) {
+ case FORBIDDEN:
+ if (server_ids.size() > 0) {
+ isc_throw(RFCViolation, "Exactly 1 server-id option expected, but "
+ << server_ids.size() << " received in " << pkt->getName());
+ }
+ break;
+
+ case MANDATORY:
+ if (server_ids.size() != 1) {
+ isc_throw(RFCViolation, "Invalid number of server-id options received ("
+ << server_ids.size() << "), exactly 1 expected in message "
+ << pkt->getName());
+ }
+ break;
+
+ case OPTIONAL:
+ if (server_ids.size() > 1) {
+ isc_throw(RFCViolation, "Too many (" << server_ids.size()
+ << ") server-id options received in " << pkt->getName());
+ }
+ }
+}
+
Subnet6Ptr Dhcpv6Srv::selectSubnet(const Pkt6Ptr& question) {
Subnet6Ptr subnet = CfgMgr::instance().getSubnet6(question->getRemoteAddr());
@@ -370,7 +422,7 @@ void Dhcpv6Srv::assignLeases(const Pkt6Ptr& question, Pkt6Ptr& answer) {
// We need to select a subnet the client is connected in.
Subnet6Ptr subnet = selectSubnet(question);
- if (subnet) {
+ if (!subnet) {
// This particular client is out of luck today. We do not have
// information about the subnet he is connected to. This likely means
// misconfiguration of the server (or some relays). We will continue to
@@ -378,12 +430,13 @@ void Dhcpv6Srv::assignLeases(const Pkt6Ptr& question, Pkt6Ptr& answer) {
// addresses or prefixes, no subnet specific configuration etc. The only
// thing this client can get is some global information (like DNS
// servers).
- LOG_DEBUG(dhcp6_logger, DBG_DHCP6_DETAIL_DATA, DHCP6_SUBNET_SELECTED)
- .arg(subnet->toText());
- } else {
+
// perhaps this should be logged on some higher level? This is most likely
// configuration bug.
LOG_DEBUG(dhcp6_logger, DBG_DHCP6_BASIC, DHCP6_SUBNET_SELECTION_FAILED);
+ } else {
+ LOG_DEBUG(dhcp6_logger, DBG_DHCP6_DETAIL_DATA, DHCP6_SUBNET_SELECTED)
+ .arg(subnet->toText());
}
// @todo: We should implement Option6Duid some day, but we can do without it
@@ -397,6 +450,9 @@ void Dhcpv6Srv::assignLeases(const Pkt6Ptr& question, Pkt6Ptr& answer) {
OptionPtr opt_duid = question->getOption(D6O_CLIENTID);
if (opt_duid) {
duid = DuidPtr(new DUID(opt_duid->getData()));
+ } else {
+ // Let's drop the message. This client is not sane.
+ isc_throw(RFCViolation, "Mandatory client-id is missing in received message");
}
// Now that we have all information about the client, let's iterate over all
@@ -409,7 +465,7 @@ void Dhcpv6Srv::assignLeases(const Pkt6Ptr& question, Pkt6Ptr& answer) {
opt != question->options_.end(); ++opt) {
switch (opt->second->getType()) {
case D6O_IA_NA: {
- OptionPtr answer_opt = handleIA_NA(subnet, duid, question,
+ OptionPtr answer_opt = assignIA_NA(subnet, duid, question,
boost::dynamic_pointer_cast<Option6IA>(opt->second));
if (answer_opt) {
answer->addOption(answer_opt);
@@ -422,8 +478,8 @@ void Dhcpv6Srv::assignLeases(const Pkt6Ptr& question, Pkt6Ptr& answer) {
}
}
-OptionPtr Dhcpv6Srv::handleIA_NA(const Subnet6Ptr& subnet, const DuidPtr& duid, Pkt6Ptr question,
- boost::shared_ptr<Option6IA> ia) {
+OptionPtr Dhcpv6Srv::assignIA_NA(const Subnet6Ptr& subnet, const DuidPtr& duid,
+ Pkt6Ptr question, boost::shared_ptr<Option6IA> ia) {
// If there is no subnet selected for handling this IA_NA, the only thing to do left is
// to say that we are sorry, but the user won't get an address. As a convenience, we
// use a different status text to indicate that (compare to the same status code,
@@ -512,8 +568,105 @@ OptionPtr Dhcpv6Srv::handleIA_NA(const Subnet6Ptr& subnet, const DuidPtr& duid,
return (ia_rsp);
}
+OptionPtr Dhcpv6Srv::renewIA_NA(const Subnet6Ptr& subnet, const DuidPtr& duid,
+ Pkt6Ptr question, boost::shared_ptr<Option6IA> ia) {
+ Lease6Ptr lease = LeaseMgrFactory::instance().getLease6(*duid, ia->getIAID(),
+ subnet->getID());
+
+ if (!lease) {
+ // client renewing a lease that we don't know about.
+
+ // Create empty IA_NA option with IAID matching the request.
+ boost::shared_ptr<Option6IA> ia_rsp(new Option6IA(D6O_IA_NA, ia->getIAID()));
+
+ // Insert status code NoAddrsAvail.
+ ia_rsp->addOption(createStatusCode(STATUS_NoAddrsAvail,
+ "Sorry, no known leases for this duid/iaid."));
+ return (ia_rsp);
+ }
+
+ lease->preferred_lft_ = subnet->getPreferred();
+ lease->valid_lft_ = subnet->getValid();
+ lease->t1_ = subnet->getT1();
+ lease->t2_ = subnet->getT2();
+ lease->cltt_ = time(NULL);
+
+ LeaseMgrFactory::instance().updateLease6(lease);
+
+ // Create empty IA_NA option with IAID matching the request.
+ boost::shared_ptr<Option6IA> ia_rsp(new Option6IA(D6O_IA_NA, ia->getIAID()));
+
+ ia_rsp->setT1(subnet->getT1());
+ ia_rsp->setT2(subnet->getT2());
+
+ boost::shared_ptr<Option6IAAddr> addr(new Option6IAAddr(D6O_IAADDR,
+ lease->addr_, lease->preferred_lft_,
+ lease->valid_lft_));
+ ia_rsp->addOption(addr);
+ return (ia_rsp);
+}
+
+void Dhcpv6Srv::renewLeases(const Pkt6Ptr& renew, Pkt6Ptr& reply) {
+
+ // We need to renew addresses for all IA_NA options in the client's
+ // RENEW message.
+
+ // We need to select a subnet the client is connected in.
+ Subnet6Ptr subnet = selectSubnet(renew);
+ if (!subnet) {
+ // This particular client is out of luck today. We do not have
+ // information about the subnet he is connected to. This likely means
+ // misconfiguration of the server (or some relays). We will continue to
+ // process this message, but our response will be almost useless: no
+ // addresses or prefixes, no subnet specific configuration etc. The only
+ // thing this client can get is some global information (like DNS
+ // servers).
+
+ // perhaps this should be logged on some higher level? This is most likely
+ // configuration bug.
+ LOG_DEBUG(dhcp6_logger, DBG_DHCP6_BASIC, DHCP6_SUBNET_SELECTION_FAILED);
+ } else {
+ LOG_DEBUG(dhcp6_logger, DBG_DHCP6_DETAIL_DATA, DHCP6_SUBNET_SELECTED)
+ .arg(subnet->toText());
+ }
+
+ // Let's find client's DUID. Client is supposed to include its client-id
+ // option almost all the time (the only exception is an anonymous inf-request,
+ // but that is mostly a theoretical case). Our allocation engine needs DUID
+ // and will refuse to allocate anything to anonymous clients.
+ OptionPtr opt_duid = renew->getOption(D6O_CLIENTID);
+ if (!opt_duid) {
+ // This should not happen. We have checked this before.
+ reply->addOption(createStatusCode(STATUS_UnspecFail,
+ "You did not include mandatory client-id"));
+ return;
+ }
+ DuidPtr duid(new DUID(opt_duid->getData()));
+
+ for (Option::OptionCollection::iterator opt = renew->options_.begin();
+ opt != renew->options_.end(); ++opt) {
+ switch (opt->second->getType()) {
+ case D6O_IA_NA: {
+ OptionPtr answer_opt = renewIA_NA(subnet, duid, renew,
+ boost::dynamic_pointer_cast<Option6IA>(opt->second));
+ if (answer_opt) {
+ reply->addOption(answer_opt);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+ }
+
+
+
+}
+
Pkt6Ptr Dhcpv6Srv::processSolicit(const Pkt6Ptr& solicit) {
+ sanityCheck(solicit, MANDATORY, FORBIDDEN);
+
Pkt6Ptr advertise(new Pkt6(DHCPV6_ADVERTISE, solicit->getTransid()));
copyDefaultOptions(solicit, advertise);
@@ -526,6 +679,9 @@ Pkt6Ptr Dhcpv6Srv::processSolicit(const Pkt6Ptr& solicit) {
}
Pkt6Ptr Dhcpv6Srv::processRequest(const Pkt6Ptr& request) {
+
+ sanityCheck(request, MANDATORY, MANDATORY);
+
Pkt6Ptr reply(new Pkt6(DHCPV6_REPLY, request->getTransid()));
copyDefaultOptions(request, reply);
@@ -538,8 +694,17 @@ Pkt6Ptr Dhcpv6Srv::processRequest(const Pkt6Ptr& request) {
}
Pkt6Ptr Dhcpv6Srv::processRenew(const Pkt6Ptr& renew) {
- /// @todo: Implement this
+
+ sanityCheck(renew, MANDATORY, MANDATORY);
+
Pkt6Ptr reply(new Pkt6(DHCPV6_REPLY, renew->getTransid()));
+
+ copyDefaultOptions(renew, reply);
+ appendDefaultOptions(renew, reply);
+ appendRequestedOptions(renew, reply);
+
+ renewLeases(renew, reply);
+
return reply;
}
diff --git a/src/bin/dhcp6/dhcp6_srv.h b/src/bin/dhcp6/dhcp6_srv.h
index 60bc292..8490d9b 100644
--- a/src/bin/dhcp6/dhcp6_srv.h
+++ b/src/bin/dhcp6/dhcp6_srv.h
@@ -30,6 +30,23 @@
namespace isc {
namespace dhcp {
+
+/// An exception that is thrown if a DHCPv6 protocol violation occurs while
+/// processing a message (e.g. a mandatory option is missing)
+class RFCViolation : public isc::Exception {
+public:
+
+/// @brief constructor
+///
+/// @param file name of the file, where exception occurred
+/// @param line line of the file, where exception occurred
+/// @param what text description of the issue that caused exception
+RFCViolation(const char* file, size_t line, const char* what) :
+ isc::Exception(file, line, what) {}
+};
+
+
+
/// @brief DHCPv6 server service.
///
/// This class represents DHCPv6 server. It contains all
@@ -45,6 +62,12 @@ namespace dhcp {
class Dhcpv6Srv : public boost::noncopyable {
public:
+ /// @brief defines if certain option may, must or must not appear
+ typedef enum {
+ FORBIDDEN,
+ MANDATORY,
+ OPTIONAL
+ } RequirementLevel;
/// @brief Minimum length of a MAC address to be used in DUID generation.
static const size_t MIN_MAC_LEN = 6;
@@ -84,6 +107,19 @@ public:
void shutdown();
protected:
+
+ /// @brief verifies if specified packet meets RFC requirements
+ ///
+ /// Checks if mandatory option is really there, that forbidden option
+ /// is not there, and that client-id or server-id appears only once.
+ ///
+ /// @param pkt packet to be checked
+ /// @param clientid expectation regarding client-id option
+ /// @param serverid expectation regarding server-id option
+ /// @throw RFCViolation if any issues are detected
+ void sanityCheck(const Pkt6Ptr& pkt, RequirementLevel clientid,
+ RequirementLevel serverid);
+
/// @brief Processes incoming SOLICIT and returns response.
///
/// Processes received SOLICIT message and verifies that its sender
@@ -169,11 +205,24 @@ protected:
/// @param question client's message (typically SOLICIT or REQUEST)
/// @param ia pointer to client's IA_NA option (client's request)
/// @return IA_NA option (server's response)
- OptionPtr handleIA_NA(const isc::dhcp::Subnet6Ptr& subnet,
+ OptionPtr assignIA_NA(const isc::dhcp::Subnet6Ptr& subnet,
const isc::dhcp::DuidPtr& duid,
isc::dhcp::Pkt6Ptr question,
boost::shared_ptr<Option6IA> ia);
+ /// @brief Renews specific IA_NA option
+ ///
+ /// Generates response to IA_NA. This typically includes finding a lease that
+ /// corresponds to the received address. If no such lease is found, IA_NA
+ /// response is generates with appropriate status code.
+ ///
+ /// @param subnet subnet the sender belongs to
+ /// @param duid client's duid
+ /// @param question client's message
+ /// @param ia IA_NA option that is being renewed
+ OptionPtr renewIA_NA(const Subnet6Ptr& subnet, const DuidPtr& duid,
+ Pkt6Ptr question, boost::shared_ptr<Option6IA> ia);
+
/// @brief Copies required options from client message to server answer.
///
/// Copies options that must appear in any server response (ADVERTISE, REPLY)
@@ -204,14 +253,23 @@ protected:
/// @brief Assigns leases.
///
- /// TODO: This method is currently a stub. It just appends one
- /// hardcoded lease. It supports addresses (IA_NA) only. It does NOT
- /// support temporary addresses (IA_TA) nor prefixes (IA_PD).
+ /// It supports addresses (IA_NA) only. It does NOT support temporary
+ /// addresses (IA_TA) nor prefixes (IA_PD).
///
/// @param question client's message (with requested IA_NA)
/// @param answer server's message (IA_NA options will be added here)
void assignLeases(const Pkt6Ptr& question, Pkt6Ptr& answer);
+ /// @brief Attempts to renew received addresses
+ ///
+ /// It iterates through received IA_NA options and attempts to renew
+ /// received addresses. If no such leases are found, proper status
+ /// code is added to reply message. Renewed addresses are added
+ /// as IA_NA/IAADDR to reply packet.
+ /// @param renew client's message asking for renew
+ /// @param reply server's response
+ void renewLeases(const Pkt6Ptr& renew, Pkt6Ptr& reply);
+
/// @brief Sets server-identifier.
///
/// This method attempts to set server-identifier DUID. It loads it
diff --git a/src/bin/dhcp6/tests/dhcp6_srv_unittest.cc b/src/bin/dhcp6/tests/dhcp6_srv_unittest.cc
index 12f2a27..b02bee4 100644
--- a/src/bin/dhcp6/tests/dhcp6_srv_unittest.cc
+++ b/src/bin/dhcp6/tests/dhcp6_srv_unittest.cc
@@ -57,8 +57,10 @@ public:
using Dhcpv6Srv::processSolicit;
using Dhcpv6Srv::processRequest;
+ using Dhcpv6Srv::processRenew;
using Dhcpv6Srv::createStatusCode;
using Dhcpv6Srv::selectSubnet;
+ using Dhcpv6Srv::sanityCheck;
};
class Dhcpv6SrvTest : public ::testing::Test {
@@ -139,6 +141,31 @@ public:
return (addr);
}
+ // Checks that server rejected IA_NA, i.e. that it has no addresses and
+ // that expected status code really appears there.
+ // Status code indicates type of error encountered (in theory it can also
+ // indicate success, but servers typically don't send success status
+ // as this is the default result and it saves bandwidth)
+ void checkRejectedIA_NA(const boost::shared_ptr<Option6IA>& ia,
+ uint16_t expected_status_code) {
+ // Make sure there is no address assigned.
+ EXPECT_FALSE(ia->getOption(D6O_IAADDR));
+
+ // T1, T2 should be zeroed
+ EXPECT_EQ(0, ia->getT1());
+ EXPECT_EQ(0, ia->getT2());
+
+ OptionPtr status = ia->getOption(D6O_STATUS_CODE);
+ EXPECT_TRUE(status);
+
+ if (status) {
+ // We don't have dedicated class for status code, so let's just interpret
+ // first 2 bytes as status. Remainder of the status code option content is
+ // just a text explanation what went wrong.
+ EXPECT_EQ(static_cast<uint16_t>(expected_status_code), status->getUint16());
+ }
+ }
+
// Check that generated IAADDR option contains expected address.
void checkIAAddr(const boost::shared_ptr<Option6IAAddr>& addr,
const IOAddress& expected_addr,
@@ -617,7 +644,6 @@ TEST_F(Dhcpv6SrvTest, ManySolicits) {
cout << "Offered address to client3=" << addr3->getAddress().toText() << endl;
}
-
// This test verifies that incoming REQUEST can be handled properly, that a
// REPLY is generated, that the response has an address and that address
// really belongs to the configured pool.
@@ -651,6 +677,9 @@ TEST_F(Dhcpv6SrvTest, RequestBasic) {
OptionPtr clientid = generateClientId();
req->addOption(clientid);
+ // server-id is mandatory in REQUEST
+ req->addOption(srv->getServerID());
+
// Pass it to the server and hope for a REPLY
Pkt6Ptr reply = srv->processRequest(req);
@@ -709,6 +738,11 @@ TEST_F(Dhcpv6SrvTest, ManyRequests) {
req2->addOption(clientid2);
req3->addOption(clientid3);
+ // server-id is mandatory in REQUEST
+ req1->addOption(srv->getServerID());
+ req2->addOption(srv->getServerID());
+ req3->addOption(srv->getServerID());
+
// Pass it to the server and get an advertise
Pkt6Ptr reply1 = srv->processRequest(req1);
Pkt6Ptr reply2 = srv->processRequest(req2);
@@ -749,6 +783,204 @@ TEST_F(Dhcpv6SrvTest, ManyRequests) {
cout << "Assigned address to client3=" << addr3->getAddress().toText() << endl;
}
+// This test verifies that incoming (positive) RENEW can be handled properly, that a
+// REPLY is generated, that the response has an address and that address
+// really belongs to the configured pool and that lease is actually renewed.
+//
+// expected:
+// - returned REPLY message has copy of client-id
+// - returned REPLY message has server-id
+// - returned REPLY message has IA that includes IAADDR
+// - lease is actually renewed in LeaseMgr
+TEST_F(Dhcpv6SrvTest, RenewBasic) {
+ boost::scoped_ptr<NakedDhcpv6Srv> srv;
+ ASSERT_NO_THROW( srv.reset(new NakedDhcpv6Srv(0)) );
+
+ IOAddress addr("2001:db8:1:1::cafe:babe");
+ const uint32_t iaid = 234;
+
+ // generate client-id also duid_
+ OptionPtr clientid = generateClientId();
+
+ // Note that preferred, valid, T1 and T2 timers and CLTT are set to invalid
+ // value on purpose. They should be updated during RENEW.
+ Lease6Ptr lease(new Lease6(Lease6::LEASE_IA_NA, addr, duid_, iaid,
+ 501, 502, 503, 504, subnet_->getID(), 0));
+ lease->cltt_ = 1234;
+ ASSERT_TRUE(LeaseMgrFactory::instance().addLease(lease));
+
+ // check that the lease is really in the database
+ Lease6Ptr l = LeaseMgrFactory::instance().getLease6(addr);
+ ASSERT_TRUE(l);
+
+ // Check that T1, T2, preferred, valid and cltt really
+ EXPECT_NE(l->t1_, subnet_->getT1());
+ EXPECT_NE(l->t2_, subnet_->getT2());
+ EXPECT_NE(l->preferred_lft_, subnet_->getPreferred());
+ EXPECT_NE(l->valid_lft_, subnet_->getValid());
+ EXPECT_NE(l->cltt_, time(NULL));
+
+ // Let's create a RENEW
+ Pkt6Ptr req = Pkt6Ptr(new Pkt6(DHCPV6_RENEW, 1234));
+ req->setRemoteAddr(IOAddress("fe80::abcd"));
+ boost::shared_ptr<Option6IA> ia = generateIA(iaid, 1500, 3000);
+
+ ASSERT_TRUE(subnet_->inPool(addr));
+ OptionPtr renewed_addr_opt(new Option6IAAddr(D6O_IAADDR, addr, 300, 500));
+ ia->addOption(renewed_addr_opt);
+ req->addOption(ia);
+ req->addOption(clientid);
+
+ // server-id is mandatory in RENEW
+ req->addOption(srv->getServerID());
+
+ // Pass it to the server and hope for a REPLY
+ Pkt6Ptr reply = srv->processRenew(req);
+
+ // check if we get response at all
+ checkResponse(reply, DHCPV6_REPLY, 1234);
+
+ OptionPtr tmp = reply->getOption(D6O_IA_NA);
+ ASSERT_TRUE(tmp);
+
+ // check that IA_NA was returned and that there's an address included
+ boost::shared_ptr<Option6IAAddr> addr_opt = checkIA_NA(reply, 234, subnet_->getT1(),
+ subnet_->getT2());
+
+ // check that we've got the address we requested
+ checkIAAddr(addr_opt, addr, subnet_->getPreferred(), subnet_->getValid());
+
+ // check DUIDs
+ checkServerId(reply, srv->getServerID());
+ checkClientId(reply, clientid);
+
+ // check that the lease is really in the database
+ l = checkLease(duid_, reply->getOption(D6O_IA_NA), addr_opt);
+ EXPECT_TRUE(l);
+
+ // Check that T1, T2, preferred, valid and cltt were really updated
+ EXPECT_EQ(l->t1_, subnet_->getT1());
+ EXPECT_EQ(l->t2_, subnet_->getT2());
+ EXPECT_EQ(l->preferred_lft_, subnet_->getPreferred());
+ EXPECT_EQ(l->valid_lft_, subnet_->getValid());
+
+ // checking for CLTT is a bit tricky if we want to avoid off by 1 errors
+ int32_t cltt = static_cast<int32_t>(l->cltt_);
+ int32_t expected = static_cast<int32_t>(time(NULL));
+ // 1 >= difference between cltt and expected
+ EXPECT_GE(1, abs(cltt - expected));
+
+ EXPECT_TRUE(LeaseMgrFactory::instance().deleteLease6(addr_opt->getAddress()));
+}
+
+// This test verifies that incoming (invalid) RENEW can be handled properly.
+//
+// This test checks 3 scenarios:
+// 1. there is no such lease at all
+// 2. there is such a lease, but it is assigned to a different IAID
+// 3. there is such a lease, but it belongs to a different client
+//
+// expected:
+// - returned REPLY message has copy of client-id
+// - returned REPLY message has server-id
+// - returned REPLY message has IA that includes STATUS-CODE
+// - No lease in LeaseMgr
+TEST_F(Dhcpv6SrvTest, RenewReject) {
+ boost::scoped_ptr<NakedDhcpv6Srv> srv;
+ ASSERT_NO_THROW( srv.reset(new NakedDhcpv6Srv(0)) );
+
+ IOAddress addr("2001:db8:1:1::dead");
+ const uint32_t transid = 1234;
+ const uint32_t valid_iaid = 234;
+ const uint32_t bogus_iaid = 456;
+
+ // generate client-id also duid_
+ OptionPtr clientid = generateClientId();
+
+ // check that the lease is really in the database
+ Lease6Ptr l = LeaseMgrFactory::instance().getLease6(addr);
+ ASSERT_FALSE(l);
+
+ // Let's create a RENEW
+ Pkt6Ptr req = Pkt6Ptr(new Pkt6(DHCPV6_RENEW, transid));
+ req->setRemoteAddr(IOAddress("fe80::abcd"));
+ boost::shared_ptr<Option6IA> ia = generateIA(bogus_iaid, 1500, 3000);
+
+ ASSERT_TRUE(subnet_->inPool(addr));
+ OptionPtr renewed_addr_opt(new Option6IAAddr(D6O_IAADDR, addr, 300, 500));
+ ia->addOption(renewed_addr_opt);
+ req->addOption(ia);
+ req->addOption(clientid);
+
+ // server-id is mandatory in RENEW
+ req->addOption(srv->getServerID());
+
+ // Case 1: No lease known to server
+
+ // Pass it to the server and hope for a REPLY
+ Pkt6Ptr reply = srv->processRenew(req);
+
+ // Check if we get response at all
+ checkResponse(reply, DHCPV6_REPLY, transid);
+ OptionPtr tmp = reply->getOption(D6O_IA_NA);
+ ASSERT_TRUE(tmp);
+ // Check that IA_NA was returned and that there's an address included
+ ia = boost::dynamic_pointer_cast<Option6IA>(tmp);
+ ASSERT_TRUE(ia);
+ checkRejectedIA_NA(ia, STATUS_NoAddrsAvail);
+
+ // Check that there is no lease added
+ l = LeaseMgrFactory::instance().getLease6(addr);
+ ASSERT_FALSE(l);
+
+ // CASE 2: Lease is known and belongs to this client, but to a different IAID
+
+ // Note that preferred, valid, T1 and T2 timers and CLTT are set to invalid
+ // value on purpose. They should be updated during RENEW.
+ Lease6Ptr lease(new Lease6(Lease6::LEASE_IA_NA, addr, duid_, valid_iaid,
+ 501, 502, 503, 504, subnet_->getID(), 0));
+ lease->cltt_ = 123; // Let's use it as an indicator that the lease
+ // was NOT updated.
+ ASSERT_TRUE(LeaseMgrFactory::instance().addLease(lease));
+
+ // Pass it to the server and hope for a REPLY
+ reply = srv->processRenew(req);
+ checkResponse(reply, DHCPV6_REPLY, transid);
+ tmp = reply->getOption(D6O_IA_NA);
+ ASSERT_TRUE(tmp);
+ // Check that IA_NA was returned and that there's an address included
+ ia = boost::dynamic_pointer_cast<Option6IA>(tmp);
+ ASSERT_TRUE(ia);
+ checkRejectedIA_NA(ia, STATUS_NoAddrsAvail);
+
+ // There is a iaid mis-match, so server should respond that there is
+ // no such address to renew.
+
+ // CASE 3: Lease belongs to a client with different client-id
+ req->delOption(D6O_CLIENTID);
+ ia = boost::dynamic_pointer_cast<Option6IA>(req->getOption(D6O_IA_NA));
+ ia->setIAID(valid_iaid); // Now iaid in renew matches that in leasemgr
+ req->addOption(generateClientId(13)); // generate different DUID
+ // (with length 13)
+
+ reply = srv->processRenew(req);
+ checkResponse(reply, DHCPV6_REPLY, transid);
+ tmp = reply->getOption(D6O_IA_NA);
+ ASSERT_TRUE(tmp);
+ // Check that IA_NA was returned and that there's an address included
+ ia = boost::dynamic_pointer_cast<Option6IA>(tmp);
+ ASSERT_TRUE(ia);
+ checkRejectedIA_NA(ia, STATUS_NoAddrsAvail);
+
+
+ lease = LeaseMgrFactory::instance().getLease6(addr);
+ ASSERT_TRUE(lease);
+ // Verify that the lease was not updated.
+ EXPECT_EQ(123, lease->cltt_);
+
+ EXPECT_TRUE(LeaseMgrFactory::instance().deleteLease6(addr));
+}
+
// This test verifies if the status code option is generated properly.
TEST_F(Dhcpv6SrvTest, StatusCode) {
boost::scoped_ptr<NakedDhcpv6Srv> srv;
@@ -763,8 +995,8 @@ TEST_F(Dhcpv6SrvTest, StatusCode) {
EXPECT_TRUE(status->getData() == exp);
}
-// This test verifies if the selectSubnet() method works as expected.
-TEST_F(Dhcpv6SrvTest, SelectSubnet) {
+// This test verifies if the sanityCheck() really checks options presence.
+TEST_F(Dhcpv6SrvTest, sanityCheck) {
boost::scoped_ptr<NakedDhcpv6Srv> srv;
ASSERT_NO_THROW( srv.reset(new NakedDhcpv6Srv(0)) );
@@ -772,18 +1004,63 @@ TEST_F(Dhcpv6SrvTest, SelectSubnet) {
// check that the packets originating from local addresses can be
pkt->setRemoteAddr(IOAddress("fe80::abcd"));
- EXPECT_EQ(subnet_, srv->selectSubnet(pkt));
- // packets originating from subnet A will select subnet A
- pkt->setRemoteAddr(IOAddress("2001:db8:1::6789"));
- EXPECT_EQ(subnet_, srv->selectSubnet(pkt));
+ // client-id is optional for information-request, so
+ EXPECT_NO_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::OPTIONAL, Dhcpv6Srv::OPTIONAL));
+
+ // empty packet, no client-id, no server-id
+ EXPECT_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::MANDATORY, Dhcpv6Srv::FORBIDDEN),
+ RFCViolation);
+
+ // This doesn't make much sense, but let's check it for completeness
+ EXPECT_NO_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::FORBIDDEN, Dhcpv6Srv::FORBIDDEN));
+
+ OptionPtr clientid = generateClientId();
+ pkt->addOption(clientid);
+
+ // client-id is mandatory, server-id is forbidden (as in SOLICIT or REBIND)
+ EXPECT_NO_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::MANDATORY, Dhcpv6Srv::FORBIDDEN));
+
+ pkt->addOption(srv->getServerID());
+
+ // both client-id and server-id are mandatory (as in REQUEST, RENEW, RELEASE, DECLINE)
+ EXPECT_NO_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::MANDATORY, Dhcpv6Srv::MANDATORY));
+
+ // sane section ends here, let's do some negative tests as well
+
+ pkt->addOption(clientid);
+ pkt->addOption(clientid);
+
+ // with more than one client-id it should throw, no matter what
+ EXPECT_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::OPTIONAL, Dhcpv6Srv::OPTIONAL),
+ RFCViolation);
+ EXPECT_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::MANDATORY, Dhcpv6Srv::OPTIONAL),
+ RFCViolation);
+ EXPECT_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::OPTIONAL, Dhcpv6Srv::MANDATORY),
+ RFCViolation);
+ EXPECT_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::MANDATORY, Dhcpv6Srv::MANDATORY),
+ RFCViolation);
+
+ pkt->delOption(D6O_CLIENTID);
+ pkt->delOption(D6O_CLIENTID);
+
+ // again we have only one client-id
+
+ // let's try different type of insanity - several server-ids
+ pkt->addOption(srv->getServerID());
+ pkt->addOption(srv->getServerID());
+
+ // with more than one server-id it should throw, no matter what
+ EXPECT_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::OPTIONAL, Dhcpv6Srv::OPTIONAL),
+ RFCViolation);
+ EXPECT_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::MANDATORY, Dhcpv6Srv::OPTIONAL),
+ RFCViolation);
+ EXPECT_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::OPTIONAL, Dhcpv6Srv::MANDATORY),
+ RFCViolation);
+ EXPECT_THROW(srv->sanityCheck(pkt, Dhcpv6Srv::MANDATORY, Dhcpv6Srv::MANDATORY),
+ RFCViolation);
- // packets from a subnet that is not supported will not get
- // a subnet
- pkt->setRemoteAddr(IOAddress("3000::faf"));
- EXPECT_FALSE(srv->selectSubnet(pkt));
- /// @todo: expand this test once support for relays is implemented
}
} // end of anonymous namespace
diff --git a/src/lib/dhcp/option6_ia.h b/src/lib/dhcp/option6_ia.h
index 54624d0..32f3667 100644
--- a/src/lib/dhcp/option6_ia.h
+++ b/src/lib/dhcp/option6_ia.h
@@ -68,12 +68,17 @@ public:
/// Sets T1 timer.
///
/// @param t1 t1 value to be set
- void setT1(uint32_t t1) { t1_=t1; }
+ void setT1(uint32_t t1) { t1_ = t1; }
/// Sets T2 timer.
///
/// @param t2 t2 value to be set
- void setT2(uint32_t t2) { t2_=t2; }
+ void setT2(uint32_t t2) { t2_ = t2; }
+
+ /// Sets Identity Association Identifier.
+ ///
+ /// @param iaid IAID value to be set
+ void setIAID(uint32_t iaid) { iaid_ = iaid; }
/// Returns IA identifier.
///
diff --git a/src/lib/dhcp/tests/option6_ia_unittest.cc b/src/lib/dhcp/tests/option6_ia_unittest.cc
index 1ee618a..4e0bda1 100644
--- a/src/lib/dhcp/tests/option6_ia_unittest.cc
+++ b/src/lib/dhcp/tests/option6_ia_unittest.cc
@@ -119,6 +119,9 @@ TEST_F(Option6IATest, simple) {
EXPECT_EQ(2345, ia->getT1());
EXPECT_EQ(3456, ia->getT2());
+ ia->setIAID(890);
+ EXPECT_EQ(890, ia->getIAID());
+
EXPECT_NO_THROW(
delete ia;
);
diff --git a/src/lib/dhcpsrv/subnet.h b/src/lib/dhcpsrv/subnet.h
index aa1ef1f..c7d7ac7 100644
--- a/src/lib/dhcpsrv/subnet.h
+++ b/src/lib/dhcpsrv/subnet.h
@@ -172,7 +172,7 @@ public:
// Use option type as the index key. The type is held
// in OptionPtr object so we have to call Option::getType
// to retrieve this key for each element.
- boost::multi_index::mem_fun<
+ boost::multi_index::const_mem_fun<
Option,
uint16_t,
&Option::getType
More information about the bind10-changes
mailing list