From 5fa042b687ad59f27df6f3b5d7afd08fc04f0396 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Tue, 19 Jul 2022 12:20:49 +0200 Subject: [PATCH] dhcp: more work on #5847 Make sure to use a proper example from ISC dhcpd itself. Here now we truncate the prefix and add the suffix, making sure the suffix is correct. If the upper 64 bits are empty we likely have the wrong format and we shift it up as e.g. "::2" is not a prefix range value, but "::2:0:0:0:0" is. Note that this is in contrast to static IPv6 where this has to be configured correctly in the first place. --- src/etc/inc/plugins.inc.d/dhcpd.inc | 23 ++++++++++++++++++++--- src/www/services_dhcpv6.php | 2 +- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/src/etc/inc/plugins.inc.d/dhcpd.inc b/src/etc/inc/plugins.inc.d/dhcpd.inc index 21587b520..99bc0c07b 100644 --- a/src/etc/inc/plugins.inc.d/dhcpd.inc +++ b/src/etc/inc/plugins.inc.d/dhcpd.inc @@ -1318,6 +1318,8 @@ function dhcpd_dhcp6_configure($verbose = false, $blacklist = array()) /* with enough room we can add dhcp6 prefix delegation */ $pdlen = calculate_ipv6_delegation_length($config['interfaces'][$ifname]['track6-interface']); if ($pdlen > 2) { + /* XXX calculation is probably out of whack, please fix */ + $pdlenmax = $pdlen; $pdlenhalf = $pdlenmax - 1; $pdlenmin = 64 - ceil($pdlenhalf / 4); @@ -1345,10 +1347,25 @@ function dhcpd_dhcp6_configure($verbose = false, $blacklist = array()) } if (!empty($dhcpdv6cfg[$ifname]['prefixrange']['from']) && !empty($dhcpdv6cfg[$ifname]['prefixrange']['to'])) { - $pdval = intval($dhcpdv6cfg[$ifname]['prefixrange']['prefixlength']); + /* XXX $pdlen is never validated against prefixlenght setting, but must be smaller or equal */ + $pdlen = 64 - calculate_ipv6_delegation_length($config['interfaces'][$ifname]['track6-interface']); - $dhcpdv6cfg[$ifname]['prefixrange']['from'] = merge_ipv6_address($ifcfgipv6, $dhcpdv6cfg[$ifname]['prefixrange']['from'], $pdval); - $dhcpdv6cfg[$ifname]['prefixrange']['to'] = merge_ipv6_address($ifcfgipv6, $dhcpdv6cfg[$ifname]['prefixrange']['to'], $pdval); + $range_from = merge_ipv6_address($dhcpdv6cfg[$ifname]['prefixrange']['from'], '::'); + if ($range_from == '::') { + log_error("Warning! '{$dhcpdv6cfg[$ifname]['prefixrange']['from']}' is not a valid prefix range value"); + /* XXX previously it was suggested to use suffix but it was actually infix so shift 64 bits if possible */ + $range_from = $dhcpdv6cfg[$ifname]['prefixrange']['from'] . ':0:0:0:0'; + } + + $range_to = merge_ipv6_address($dhcpdv6cfg[$ifname]['prefixrange']['to'], '::'); + if ($range_to == '::') { + log_error("Warning! '{$dhcpdv6cfg[$ifname]['prefixrange']['to']}' is not a valid prefix range value"); + /* XXX previously it was suggested to use suffix but it was actually infix so shift 64 bits if possible */ + $range_to = $dhcpdv6cfg[$ifname]['prefixrange']['to'] . ':0:0:0:0'; + } + + $dhcpdv6cfg[$ifname]['prefixrange']['from'] = merge_ipv6_address($ifcfgipv6, $range_from, $pdlen); + $dhcpdv6cfg[$ifname]['prefixrange']['to'] = merge_ipv6_address($ifcfgipv6, $range_to, $pdlen); } } } diff --git a/src/www/services_dhcpv6.php b/src/www/services_dhcpv6.php index 7dccefa8e..ec4df7c37 100644 --- a/src/www/services_dhcpv6.php +++ b/src/www/services_dhcpv6.php @@ -554,7 +554,7 @@ include("head.inc"); 'calculator to ensure you have entered a correct range if the dhcpd6 server fails to start.') ?>

- +