On Wed, Apr 02, 2025 at 07:23:39PM +0200, Laurent Vivier wrote:

Needs a commit message.

> Signed-off-by: Laurent Vivier <lvivier@redhat.com>
> ---
>  dhcpv6.c | 57 +++++++++++++++++++++++++++-----------------------------
>  1 file changed, 27 insertions(+), 30 deletions(-)
> 
> diff --git a/dhcpv6.c b/dhcpv6.c
> index ccc64172a480..1e83f2c2ad23 100644
> --- a/dhcpv6.c
> +++ b/dhcpv6.c
> @@ -278,30 +278,25 @@ static struct resp_not_on_link_t {
>  
>  /**
>   * dhcpv6_opt() - Get option from DHCPv6 message
> - * @p:		Packet pool, single packet with UDP header
> - * @offset:	Offset to look at, 0: end of header, set to option start
> + * @data:	Data to look at
>   * @type:	Option type to look up, network order
>   *
>   * Return: pointer to option header, or NULL on malformed or missing option
>   */
> -static struct opt_hdr *dhcpv6_opt(const struct pool *p, size_t *offset,
> -				  uint16_t type)
> +static struct opt_hdr *dhcpv6_opt(struct iov_tail *data, uint16_t type)
>  {
> -	struct opt_hdr *o;
> -	size_t left;
> +	struct opt_hdr *o, oc;
>  
> -	ASSERT(*offset >= UDP_MSG_HDR_SIZE);
> -
> -	while ((o = packet_get_try(p, 0, *offset, sizeof(*o), &left))) {
> +	while ((o = IOV_PEEK_HEADER(data, oc))) {
>  		unsigned int opt_len = ntohs(o->l) + sizeof(*o);
>  
> -		if (ntohs(o->l) > left)
> +		if (opt_len > iov_tail_size(data))
>  			return NULL;

>  
>  		if (o->t == type)
>  			return o;

This is no good.  If peek_header() ended up copying the header you'll
now be returning a pointer to a local variable.

Also, you've only verified the contiguity of the option header with
IOV_PEEK_HEADER, the body of the option could still be discontiguous,
which is not what the callers expect.

> -		*offset += opt_len;
> +		data->off += opt_len;

I think you want iov_drop() or REMOVE_HEADER() here rather than
reaching into the iov_tail structure.

>  	}
>  
>  	return NULL;
> @@ -309,31 +304,31 @@ static struct opt_hdr *dhcpv6_opt(const struct pool *p, size_t *offset,
>  
>  /**
>   * dhcpv6_ia_notonlink() - Check if any IA contains non-appropriate addresses
> - * @p:		Packet pool, single packet starting from UDP header
> + * @data:	Data to look at, packet starting from UDP header
>   * @la:		Address we want to lease to the client
>   *
>   * Return: pointer to non-appropriate IA_NA or IA_TA, if any, NULL otherwise
>   */
> -static struct opt_hdr *dhcpv6_ia_notonlink(const struct pool *p,
> +static struct opt_hdr *dhcpv6_ia_notonlink(const struct iov_tail *data,
>  					   struct in6_addr *la)
>  {
>  	int ia_types[2] = { OPT_IA_NA, OPT_IA_TA }, *ia_type;
>  	const struct opt_ia_addr *opt_addr;
>  	char buf[INET6_ADDRSTRLEN];
>  	struct in6_addr req_addr;
> +	struct iov_tail current;
>  	const struct opt_hdr *h;
>  	struct opt_hdr *ia;
> -	size_t offset;
>  
>  	foreach(ia_type, ia_types) {
> -		offset = UDP_MSG_HDR_SIZE;
> -		while ((ia = dhcpv6_opt(p, &offset, *ia_type))) {
> +		current = *data;
> +		while ((ia = dhcpv6_opt(&current, *ia_type))) {
>  			if (ntohs(ia->l) < OPT_VSIZE(ia_na))
>  				return NULL;
>  
> -			offset += sizeof(struct opt_ia_na);
> +			current.off += sizeof(struct opt_ia_na);
>  
> -			while ((h = dhcpv6_opt(p, &offset, OPT_IAAADR))) {
> +			while ((h = dhcpv6_opt(&current, OPT_IAAADR))) {
>  				if (ntohs(h->l) != OPT_VSIZE(ia_addr))
>  					return NULL;
>  
> @@ -342,7 +337,7 @@ static struct opt_hdr *dhcpv6_ia_notonlink(const struct pool *p,
>  				if (!IN6_ARE_ADDR_EQUAL(la, &req_addr))
>  					goto err;
>  
> -				offset += sizeof(struct opt_ia_addr);
> +				current.off += sizeof(struct opt_ia_addr);
>  			}
>  		}
>  	}
> @@ -434,13 +429,15 @@ search:
>  
>  /**
>   * dhcpv6_client_fqdn_fill() - Fill in client FQDN option
> + * @data:	Data to look at
>   * @c:		Execution context
>   * @buf:	Response message buffer where options will be appended
>   * @offset:	Offset in message buffer for new options
>   *
>   * Return: updated length of response message buffer.
>   */
> -static size_t dhcpv6_client_fqdn_fill(const struct pool *p, const struct ctx *c,
> +static size_t dhcpv6_client_fqdn_fill(struct iov_tail *data,
> +				      const struct ctx *c,
>  				      char *buf, int offset)
>  
>  {
> @@ -463,9 +460,8 @@ static size_t dhcpv6_client_fqdn_fill(const struct pool *p, const struct ctx *c,
>  
>  	o = (struct opt_client_fqdn *)(buf + offset);
>  	encode_domain_name(o->domain_name, c->fqdn);
> -	req_opt = (struct opt_client_fqdn *)dhcpv6_opt(p,
> -						&(size_t){ UDP_MSG_HDR_SIZE },
> -						OPT_CLIENT_FQDN);
> +	data->off += UDP_MSG_HDR_SIZE;
> +	req_opt = (struct opt_client_fqdn *)dhcpv6_opt(data, OPT_CLIENT_FQDN);
>  	if (req_opt && req_opt->flags & 0x01 /* S flag */)
>  		o->flags = 0x02 /* O flag */;
>  	else
> @@ -525,19 +521,19 @@ int dhcpv6(struct ctx *c, const struct pool *p,
>  
>  	src = &c->ip6.our_tap_ll;
>  
> -	mh = IOV_PEEK_HEADER(&data, mhc);
> +	mh = IOV_REMOVE_HEADER(&data, mhc);
>  	if (!mh)
>  		return -1;
>  
> -	client_id = dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_CLIENTID);
> +	client_id = dhcpv6_opt(&data, OPT_CLIENTID);
>  	if (!client_id || ntohs(client_id->l) > OPT_VSIZE(client_id))
>  		return -1;
>  
> -	server_id = dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_SERVERID);
> +	server_id = dhcpv6_opt(&data, OPT_SERVERID);
>  	if (server_id && ntohs(server_id->l) != OPT_VSIZE(server_id))
>  		return -1;
>  
> -	ia =        dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_IA_NA);
> +	ia =        dhcpv6_opt(&data, OPT_IA_NA);
>  	if (ia && ntohs(ia->l) < MIN(OPT_VSIZE(ia_na), OPT_VSIZE(ia_ta)))
>  		return -1;
>  
> @@ -553,7 +549,7 @@ int dhcpv6(struct ctx *c, const struct pool *p,
>  		if (mh->type == TYPE_CONFIRM && server_id)
>  			return -1;
>  
> -		if ((bad_ia = dhcpv6_ia_notonlink(p, &c->ip6.addr))) {
> +		if ((bad_ia = dhcpv6_ia_notonlink(&data, &c->ip6.addr))) {
>  			info("DHCPv6: received CONFIRM with inappropriate IA,"
>  			     " sending NotOnLink status in REPLY");
>  
> @@ -587,7 +583,7 @@ int dhcpv6(struct ctx *c, const struct pool *p,
>  		    memcmp(&resp.server_id, server_id, sizeof(resp.server_id)))
>  			return -1;
>  
> -		if (ia || dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_IA_TA))
> +		if (ia || dhcpv6_opt(&data, OPT_IA_TA))
>  			return -1;
>  
>  		info("DHCPv6: received INFORMATION_REQUEST, sending REPLY");
> @@ -619,7 +615,8 @@ int dhcpv6(struct ctx *c, const struct pool *p,
>  	n = offsetof(struct resp_t, client_id) +
>  	    sizeof(struct opt_hdr) + ntohs(client_id->l);
>  	n = dhcpv6_dns_fill(c, (char *)&resp, n);
> -	n = dhcpv6_client_fqdn_fill(p, c, (char *)&resp, n);
> +	packet_base(p, 0, &data);
> +	n = dhcpv6_client_fqdn_fill(&data, c, (char *)&resp, n);
>  
>  	resp.hdr.xid = mh->xid;
>  

-- 
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson