Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[master] Merged trac4015 (secure DHCPv6 definitions)

Francis Dupont 9 years ago
parent
ee52a28f7d 1860ab2b6d
commit
be2350d5ab
5 changed files with 180 additions and 15 deletions
Split View Show Diff Stats
  1. 26 0
      doc/guide/dhcp6-srv.xml
  2. 7 0
      src/lib/dhcp/dhcp4.h
  3. 123 14
      src/lib/dhcp/dhcp6.h
  4. 12 1
      src/lib/dhcp/std_option_defs.h
  5. 12 0
      src/lib/dhcp/tests/libdhcp++_unittest.cc

+ 26 - 0
doc/guide/dhcp6-srv.xml
View File 

@@ -861,6 +861,11 @@ temporarily override a list of interface names and listen on all interfaces.
 
       the various types is given in <xref linkend="dhcp-types"/>.
 
     </para>
 
     <para>
 
+      Experimental options (like standard options but with a code
 
+      which was not assigned by IANA) are listed in
 
+      <xref linkend="dhcp6-exp-options-list"/>.
 
+    </para>
 
+    <para>
 
       Some options are designated as arrays, which means that more than one
 
       value is allowed in such an option. For example the option dns-servers
 
       allows the specification of more than one IPv6 address, allowing
 
@@ -956,6 +961,27 @@ temporarily override a list of interface names and listen on all interfaces.
 
         </tgroup>
 
       </table>
 
     </para>
 
+
 
+    <para>
 
+      <table frame="all" id="dhcp6-exp-options-list">
 
+        <title>List of experimental DHCPv6 options</title>
 
+        <tgroup cols='4'>
 
+        <colspec colname='name'/>
 
+        <colspec colname='code' align='center'/>
 
+        <colspec colname='type' align='center'/>
 
+        <colspec colname='array' align='center'/>
 
+        <thead>
 
+          <row><entry>Name</entry><entry>Code</entry><entry>Type</entry><entry>Array?</entry></row>
 
+        </thead>
 
+        <tbody>
 
+<row><entry>public-key</entry><entry>701</entry><entry>binary</entry><entry>false</entry></row>
 
+<row><entry>certificate</entry><entry>702</entry><entry>binary</entry><entry>false</entry></row>
 
+<row><entry>signature</entry><entry>703</entry><entry>record</entry><entry>false</entry></row>
 
+<row><entry>timestamp</entry><entry>704</entry><entry>binary</entry><entry>false</entry></row>
 
+        </tbody>
 
+        </tgroup>
 
+      </table>
 
+    </para>
 
     </section>
 
 
     <section id="dhcp6-custom-options">

+ 7 - 0
src/lib/dhcp/dhcp4.h
View File 

@@ -36,6 +36,13 @@
 
 
 #include <stdint.h>
 
 
+/// @note Code points in comments are those assigned by IANA
 
+/// but not yet implemented in Kea.
 
+/// To implement a standard option, remove the comment characters,
 
+/// add an entry in std_option_defs.h, add a stdOptionDefs4 unit test
 
+/// in tests/libdhcp++_unittest.cc and update dhcp4-std-options-list-part2
 
+/// in the dhcp4-srv.xml source file of the user guide.
 
+
 
 namespace isc {
 
 namespace dhcp {

+ 123 - 14
src/lib/dhcp/dhcp6.h
View File 

@@ -1,4 +1,4 @@
 
-// Copyright (C) 2006-2011  Internet Systems Consortium, Inc. ("ISC")
 
+// Copyright (C) 2006-2011, 2015  Internet Systems Consortium, Inc. ("ISC")
 
 //
 
 // Permission to use, copy, modify, and/or distribute this software for any
 
 // purpose with or without fee is hereby granted, provided that the above
 
@@ -15,6 +15,13 @@
 
 #ifndef DHCP6_H
 
 #define DHCP6_H
 
 
+/// @note Code points in comments are those assigned by IANA
 
+/// but not yet implemented in Kea.
 
+/// To implement a standard option, remove the comment characters,
 
+/// add an entry in std_option_defs.h, add a stdOptionDefs6 unit test
 
+/// in tests/libdhcp++_unittest.cc and update dhcp6-std-options-list in
 
+/// the dhcp6-srv.xml source file of the user guide.
 
+
 
 /* DHCPv6 Option codes: */
 
 
 #define D6O_CLIENTID                            1 /* RFC3315 */
 
@@ -65,24 +72,102 @@
 
 #define D6O_CLT_TIME                            46 /* RFC5007 */
 
 #define D6O_LQ_RELAY_DATA                       47 /* RFC5007 */
 
 #define D6O_LQ_CLIENT_LINK                      48 /* RFC5007 */
 
+//#define D6O_MIP6_HNIDF                          49 /* RFC6610 */
 
+//#define D6O_MIP6_VDINF                          50 /* RFC6610 */
 
+//#define D6O_V6_LOST                             51 /* RFC5223 */
 
+//#define D6O_CAPWAP_AC_V6                        52 /* RFC5417 */
 
+//#define D6O_RELAY_ID                            53 /* RFC5460 */
 
+//#define D6O_IPV6_ADDRESS_MOS                    54 /* RFC5678 */
 
+//#define D6O_IPV6_FQDN_MOS                       55 /* RFC5678 */
 
+//#define D6O_NTP_SERVER                          56 /* RFC5908 */
 
+//#define D6O_V6_ACCESS_DOMAIN                    57 /* RFC5986 */
 
+//#define D6O_SIP_UA_CS_LIST                      58 /* RFC6011 */
 
+//#define D6O_BOOTFILE_URL                        59 /* RFC5970 */
 
+//#define D6O_BOOTFILE_PARAM                      60 /* RFC5970 */
 
+//#define D6O_CLIENT_ARCH_TYPE                    61 /* RFC5970 */
 
+//#define D6O_NII                                 62 /* RFC5970 */
 
+//#define D6O_GEOLOCATION                         63 /* RFC6225 */
 
+//#define D6O_AFTR_NAME                           64 /* RFC6334 */
 
 #define D6O_ERP_LOCAL_DOMAIN_NAME               65 /* RFC6440 */
 
 #define D6O_RSOO                                66 /* RFC6422 */
 
+//#define D6O_PD_EXCLUDE                          67 /* RFC6603 */
 
+//#define D6O_VSS                                 68 /* RFC6607 */
 
+//#define D6O_MIP6_IDINF                          69 /* RFC6610 */
 
+//#define D6O_MIP6_UDINF                          70 /* RFC6610 */
 
+//#define D6O_MIP6_HNP                            71 /* RFC6610 */
 
+//#define D6O_MIP6_HAA                            72 /* RFC6610 */
 
+//#define D6O_MIP6_HAF                            73 /* RFC6610 */
 
+//#define D6O_RDNSS_SELECTION                     74 /* RFC6731 */
 
+//#define D6O_KRB_PRINCIPAL_NAME                  75 /* RFC6784 */
 
+//#define D6O_KRB_REALM_NAME                      76 /* RFC6784 */
 
+//#define D6O_KRB_DEFAULT_REALM_NAME              77 /* RFC6784 */
 
+//#define D6O_KRB_KDC                             78 /* RFC6784 */
 
 #define D6O_CLIENT_LINKLAYER_ADDR               79 /* RFC6939 */
 
+//#define D6O_LINK_ADDRESS                        80 /* RFC6977 */
 
+//#define D6O_RADIUS                              81 /* RFC7037 */
 
+//#define D6O_SOL_MAX_RT                          82 /* RFC7083 */
 
+//#define D6O_INF_MAX_RT                          83 /* RFC7083 */
 
+//#define D6O_ADDRSEL                             84 /* RFC7078 */
 
+//#define D6O_ADDRSEL_TABLE                       85 /* RFC7078 */
 
+//#define D6O_V6_PCP_SERVER                       86 /* RFC7291 */
 
+//#define D6O_DHCPV4_MSG                          87 /* RFC7341 */
 
+//#define D6O_DHCPV4_O_DHCPV6_SERVER              88 /* RFC7341 */
 
+//#define D6O_S46_RULE                            89 /* RFC7598 */
 
+//#define D6O_S46_BR                              90 /* RFC7598 */
 
+//#define D6O_S46_DMR                             91 /* RFC7598 */
 
+//#define D6O_S46_V4V6BIND                        92 /* RFC7598 */
 
+//#define D6O_S46_PORTPARAMS                      93 /* RFC7598 */
 
+//#define D6O_S46_CONT_MAPE                       94 /* RFC7598 */
 
+//#define D6O_S46_CONT_MAPT                       95 /* RFC7598 */
 
+//#define D6O_S46_CONT_LW                         96 /* RFC7598 */
 
+//#define D6O_4RD                                 97 /* RFC7600 */
 
+//#define D6O_4RD_MAP_RULE                        98 /* RFC7600 */
 
+//#define D6O_4RD_NON_MAP_RULE                    99 /* RFC7600 */
 
+/* draft-ietf-dhc-dhcpv6-active-leasequery-04 */
 
+//#define D6O_LQ_BASE_TIME                       100
 
+//#define D6O_LQ_START_TIME                      101
 
+//#define D6O_LQ_END_TIME                        102
 
+/* 103-142 unassigned */
 
+//#define D6O_IPV6_ADDRESS_ANDSF                 143 /* RFC6153 */
 
+
 
+// The following are EXPERIMENTAL and may change when IANA assigns official
 
+// values.
 
+/* secure DHCPv6 (draft-ietf-dhc-sedhcpv6-08) */
 
+/* temporary values for hackathon 93 */
 
+#define D6O_PUBLIC_KEY                         701
 
+#define D6O_CERTIFICATE                        702
 
+#define D6O_SIGNATURE                          703
 
+#define D6O_TIMESTAMP                          704
 
 
 /*
 
- * Status Codes, from RFC 3315 section 24.4, and RFC 3633, 5007.
 
+ * Status Codes, from RFC 3315 section 24.4, and RFC 3633, 5007, 5460.
 
  */
 
-#define STATUS_Success           0
 
-#define STATUS_UnspecFail        1
 
-#define STATUS_NoAddrsAvail      2
 
-#define STATUS_NoBinding         3
 
-#define STATUS_NotOnLink         4
 
-#define STATUS_UseMulticast      5
 
-#define STATUS_NoPrefixAvail     6
 
-#define STATUS_UnknownQueryType  7
 
-#define STATUS_MalformedQuery    8
 
-#define STATUS_NotConfigured     9
 
-#define STATUS_NotAllowed       10
 
+#define STATUS_Success                   0
 
+#define STATUS_UnspecFail                1
 
+#define STATUS_NoAddrsAvail              2
 
+#define STATUS_NoBinding                 3
 
+#define STATUS_NotOnLink                 4
 
+#define STATUS_UseMulticast              5
 
+#define STATUS_NoPrefixAvail             6
 
+#define STATUS_UnknownQueryType          7
 
+#define STATUS_MalformedQuery            8
 
+#define STATUS_NotConfigured             9
 
+#define STATUS_NotAllowed               10
 
+//#define STATUS_QueryTerminated          11
 
+/* draft-ietf-dhc-dhcpv6-active-leasequery-04 */
 
+//#define STATUS_DataMissing              12
 
+//#define STATUS_CatchUpComplete          13
 
+//#define STATUS_NotSupported             14
 
+//#define STATUS_TLSConnectionRefused     15
 
+
 
+// The following are EXPERIMENTAL and may change when IANA assigns official
 
+// values.
 
+/* secure DHCPv6 (draft-ietf-dhc-sedhcpv6-08) */
 
+/* temporary values for hackathon 93 */
 
+#define STATUS_AlgorithmNotSupported   705
 
+#define STATUS_AuthenticationFail      706
 
+#define STATUS_TimestampFail           707
 
+#define STATUS_SignatureFail           708
 
 
 /*
 
  * DHCPv6 message types, defined in section 5.3 of RFC 3315
 
@@ -100,8 +185,21 @@
 
 #define DHCPV6_INFORMATION_REQUEST 11
 
 #define DHCPV6_RELAY_FORW          12
 
 #define DHCPV6_RELAY_REPL          13
 
+/* RFC 5007 */
 
 #define DHCPV6_LEASEQUERY          14
 
 #define DHCPV6_LEASEQUERY_REPLY    15
 
+/* RFC 5460 */
 
+//#define DHCPV6_LEASEQUERY_DONE     16
 
+//#define DHCPV6_LEASEQUERY_DATA     17
 
+/* RFC 6977 */
 
+//#define DHCPV6_RECONFIGURE_REQUEST 18
 
+//#define DHCPV6_RECONFIGURE_REPLY   19
 
+/* RFC 7341 */
 
+//#define DHCPV6_DHCPV4_QUERY        20
 
+//#define DHCPV6_DHCPV4_RESPONSE     21
 
+/* draft-ietf-dhc-dhcpv6-active-leasequery-04 */
 
+//#define DHCPV6_ACTIVELEASEQUERY    22
 
+//#define DHCPV6_STARTTLS            23
 
 
 extern const char *dhcpv6_type_names[];
 
 extern const int dhcpv6_type_name_max;
 
@@ -114,6 +212,14 @@ extern const int dhcpv6_type_name_max;
 
 #define HWTYPE_ETHERNET    0x0001
 
 #define HWTYPE_INFINIBAND  0x0020
 
 
+// The following are EXPERIMENTAL and may change when IANA assigns official
 
+// values.
 
+// Secure DHCPv6 (draft-ietf-dhc-sedhcpv6-08.txt)
 
+// (can't use an enum because HashAlgorithm name is already taken)
 
+#define SHA_256                 1
 
+#define SHA_512                 2
 
+#define RSASSA_PKCS1v1_5        1
 
+
 
 // Taken from http://www.iana.org/assignments/enterprise-numbers
 
 #define ENTERPRISE_ID_ISC 2495
 
 
@@ -172,10 +278,13 @@ extern const int dhcpv6_type_name_max;
 
 #define LQ6_MAX_RT       10
 
 #define LQ6_MAX_RC        5
 
 
-/* Leasequery query-types (RFC 5007) */
 
+/* Leasequery query-types (RFC 5007, RFC 5460) */
 
 
 #define LQ6QT_BY_ADDRESS        1
 
 #define LQ6QT_BY_CLIENTID       2
 
+//#define LQ6QT_BY_RELAY_ID       3
 
+//#define LQ6QT_BY_LINK_ADDRESS   4
 
+//#define LQ6QT_BY_REMOTE_ID      5
 
 
 /*
 
  * DUID time starts 2000-01-01.

+ 12 - 1
src/lib/dhcp/std_option_defs.h
View File 

@@ -236,6 +236,9 @@ RECORD_DECL(REMOTE_ID_RECORDS, OPT_UINT32_TYPE, OPT_BINARY_TYPE);
 
 RECORD_DECL(STATUS_CODE_RECORDS, OPT_UINT16_TYPE, OPT_STRING_TYPE);
 
 // vendor-class
 
 RECORD_DECL(VENDOR_CLASS_RECORDS, OPT_UINT32_TYPE, OPT_BINARY_TYPE);
 
+// sedhcpv6 signature
 
+RECORD_DECL(SIGNATURE_RECORDS, OPT_UINT8_TYPE, OPT_UINT8_TYPE,
 
+            OPT_BINARY_TYPE);
 
 
 /// Standard DHCPv6 option definitions.
 
 ///
 
@@ -330,7 +333,15 @@ const OptionDefParams OPTION_DEF_PARAMS6[] = {
 
       NO_RECORD_DEF, "" },
 
     { "rsoo", D6O_RSOO, OPT_EMPTY_TYPE, false, NO_RECORD_DEF, "rsoo-opts" },
 
     { "client-linklayer-addr", D6O_CLIENT_LINKLAYER_ADDR, OPT_BINARY_TYPE, false,
 
-        NO_RECORD_DEF, "" }
 
+      NO_RECORD_DEF, "" },
 
+    { "public-key", D6O_PUBLIC_KEY, OPT_BINARY_TYPE, false,
 
+      NO_RECORD_DEF, "" },
 
+    { "certificate", D6O_CERTIFICATE, OPT_BINARY_TYPE, false,
 
+      NO_RECORD_DEF, "" },
 
+    { "signature", D6O_SIGNATURE, OPT_RECORD_TYPE, false,
 
+      RECORD_DEF(SIGNATURE_RECORDS), "" },
 
+    { "timestamp", D6O_TIMESTAMP, OPT_BINARY_TYPE, false,
 
+      NO_RECORD_DEF, "" }
 
 
     // @todo There is still a bunch of options for which we have to provide
 
     // definitions but we don't do it because they are not really

+ 12 - 0
src/lib/dhcp/tests/libdhcp++_unittest.cc
View File 

@@ -1168,6 +1168,18 @@ TEST_F(LibDhcpTest, stdOptionDefs6) {
 
     LibDhcpTest::testStdOptionDefs6(D6O_ERP_LOCAL_DOMAIN_NAME,
 
                                     fqdn_buf.begin(), fqdn_buf.end(),
 
                                     typeid(OptionCustom));
 
+
 
+    LibDhcpTest::testStdOptionDefs6(D6O_PUBLIC_KEY, begin, end,
 
+                                    typeid(Option));
 
+
 
+    LibDhcpTest::testStdOptionDefs6(D6O_CERTIFICATE, begin, end,
 
+                                    typeid(Option));
 
+
 
+    LibDhcpTest::testStdOptionDefs6(D6O_SIGNATURE, begin, end,
 
+                                    typeid(OptionCustom));
 
+
 
+    LibDhcpTest::testStdOptionDefs6(D6O_TIMESTAMP, begin, begin + 8,
 
+                                    typeid(Option));
 
 }
 
 
 // This test checks if the DHCPv6 option definition can be searched by