Fix handling of RFC6603 Prefix Exclude Option#151
Fix handling of RFC6603 Prefix Exclude Option#151mmmspatz wants to merge 1 commit intoopenwrt:masterfrom
Conversation
mmmspatz
force-pushed
the
mspatz/fix_exclude
branch
4 times, most recently
from
62e7c3d to
2dfac89
Compare
|
You took a similar approach to how I did; when I started looking at this same problem, I began wondering whether we should just do 128 bit math, and skip the prefix/subnet handling altogether (especially when bit lengths approach those boundaries), since that means 4 blocks of 32 bits or 2 blocks of 64 bits. The restriction we hit for a single 128 bit uint is that the older 32 bit platform CPUs openwrt supports might not readily support a whole 128 bit uint. So .. two 64s it is, as you have here. The math in the original RFC goes with the whole 128. Because that's how this option is supposed to work - independent of mandates today ("a prefix is max 64 blah blah"), and just deal with the whole address length. It looks easy, and should be, but... I'll take another look with fresh eyes soon - I'm glad to see this is addressed by others in the community. |
|
Honestly I didn't even try to stretch my brain past the "32 bit hostid" limitation.
I did some testing of this against the RFC's pseudocode. It's messy, but if you're interested: https://github.com/mmmspatz/dhcp6_opt_pd_exlude_test |
mmmspatz
force-pushed
the
mspatz/fix_exclude
branch
from
2dfac89 to
5ed0f6a
Compare
|
Mostly for fun, here is an example of how we could support exclusions up to |
mmmspatz
force-pushed
the
mspatz/fix_exclude
branch
from
5ed0f6a to
193eb08
Compare
Several bugs in the encoding and (more importantly) decoding of DHCPV6_OPT_PD_EXCLUDE lead to the option being ignored in some received messages, or the excluded subnet id being mangled to an incorrect value. Fix both encoding and decoding, being more explicit and slightly more verbose for clarity. Signed-off-by: Mark H. Spatz <mark.h.spatz@gmail.com>
mmmspatz
force-pushed
the
mspatz/fix_exclude
branch
from
193eb08 to
3d8891e
Compare
2 participants
The encoding and decoding of option
DHCPV6_OPT_PD_EXCLUDEboth had several critical bugs.The encoding bugs are less important, because while the RFC specifies that requesting routers echo back excluded prefixes in
RELEASEmessages, it seems unlikely that a server would have any use for this information. But the decoding bugs render the feature completely unusable.I have spent frankly an embarrassing number of hours pondering the correct behavior as specified by the RFC, and I'm pretty sure I've got it.
I tried to be more explicit with variable names and comments for clarity.
I discovered this because I am working on adding support for
DHCPV6_OPT_PD_EXCLUDEtoodhcpd, I will make a PR there soon.In the encoding step in
dhcpv6_send():ia_pd[]one too far to the right (kwent fromex_len - 5downto1.)pd_entries[j].exclusion_length - pd_entries[j].length) % 8 == 0In the decoding step in
dhcpv6_parse_ia():slen == 2(valid, indicatesdelegated length - exclusion_length <= 8) are incorrectly ignored.if (slen <= bytes_needed)on line 1828 should beif (slen - 1 <= bytes_needed)(slenincludes one byte for theprefix-lenfield)subnet-idfield fromsdata[]in the wrong byte order (it's network order, MSB first)looking again, the order is correct.Looking for a third time, the order is indeed wrong.(exclude_length - entry.length) % 8 == 0