Adding upstream version 20080615.upstream/20080615 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 18:43:02 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 18:43:02 +0000
commit: f2c49875c1ce6e1d3c51968f7b058b1b0c55428c (patch)
tree: 233b80410596436a63c870ab8e22e4e828867515 /dhcp6c.c
parent: Initial commit. (diff)
download: wide-dhcpv6-f2c49875c1ce6e1d3c51968f7b058b1b0c55428c.tar.xz
wide-dhcpv6-f2c49875c1ce6e1d3c51968f7b058b1b0c55428c.zip
3 files changed, 2842 insertions, 0 deletions
diff --git a/dhcp6c.c b/dhcp6c.c
new file mode 100644
index 0000000..1caaaa5
--- /dev/null
+++ b/dhcp6c.c
@@ -0,0 +1,2148 @@
+/*	$KAME: dhcp6c.c,v 1.164 2006/01/10 02:46:09 jinmei Exp $	*/
+/*
+ * Copyright (C) 1998 and 1999 WIDE Project.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+#include <sys/queue.h>
+#include <errno.h>
+#include <limits.h>
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+# include <time.h>
+#else
+# if HAVE_SYS_TIME_H
+#  include <sys/time.h>
+# else
+#  include <time.h>
+# endif
+#endif
+#include <net/if.h>
+#ifdef __FreeBSD__
+#include <net/if_var.h>
+#endif
+
+#include <netinet/in.h>
+#ifdef __KAME__
+#include <net/if_dl.h>
+#include <netinet6/in6_var.h>
+#endif
+
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <signal.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <syslog.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <err.h>
+#include <ifaddrs.h>
+
+#include <dhcp6.h>
+#include <config.h>
+#include <common.h>
+#include <timer.h>
+#include <dhcp6c.h>
+#include <control.h>
+#include <dhcp6_ctl.h>
+#include <dhcp6c_ia.h>
+#include <prefixconf.h>
+#include <auth.h>
+
+static int debug = 0;
+static int exit_ok = 0;
+static sig_atomic_t sig_flags = 0;
+#define SIGF_TERM 0x1
+#define SIGF_HUP 0x2
+
+const dhcp6_mode_t dhcp6_mode = DHCP6_MODE_CLIENT;
+
+int sock;	/* inbound/outbound udp port */
+int rtsock;	/* routing socket */
+int ctlsock = -1;		/* control TCP port */
+char *ctladdr = DEFAULT_CLIENT_CONTROL_ADDR;
+char *ctlport = DEFAULT_CLIENT_CONTROL_PORT;
+
+#define DEFAULT_KEYFILE SYSCONFDIR "/dhcp6cctlkey"
+#define CTLSKEW 300
+
+static char *conffile = DHCP6C_CONF;
+
+static const struct sockaddr_in6 *sa6_allagent;
+static struct duid client_duid;
+static char *pid_file = DHCP6C_PIDFILE;
+
+static char *ctlkeyfile = DEFAULT_KEYFILE;
+static struct keyinfo *ctlkey = NULL;
+static int ctldigestlen;
+
+static int infreq_mode = 0;
+
+static inline int get_val32 __P((char **, int *, u_int32_t *));
+static inline int get_ifname __P((char **, int *, char *, int));
+
+static void usage __P((void));
+static void client6_init __P((void));
+static void client6_startall __P((int));
+static void free_resources __P((struct dhcp6_if *));
+static void client6_mainloop __P((void));
+static int client6_do_ctlcommand __P((char *, ssize_t));
+static void client6_reload __P((void));
+static int client6_ifctl __P((char *ifname, u_int16_t));
+static void check_exit __P((void));
+static void process_signals __P((void));
+static struct dhcp6_serverinfo *find_server __P((struct dhcp6_event *,
+						 struct duid *));
+static struct dhcp6_serverinfo *select_server __P((struct dhcp6_event *));
+static void client6_recv __P((void));
+static int client6_recvadvert __P((struct dhcp6_if *, struct dhcp6 *,
+				   ssize_t, struct dhcp6_optinfo *));
+static int client6_recvreply __P((struct dhcp6_if *, struct dhcp6 *,
+				  ssize_t, struct dhcp6_optinfo *));
+static void client6_signal __P((int));
+static struct dhcp6_event *find_event_withid __P((struct dhcp6_if *,
+						  u_int32_t));
+static int construct_confdata __P((struct dhcp6_if *, struct dhcp6_event *));
+static int construct_reqdata __P((struct dhcp6_if *, struct dhcp6_optinfo *,
+    struct dhcp6_event *));
+static void destruct_iadata __P((struct dhcp6_eventdata *));
+static void tv_sub __P((struct timeval *, struct timeval *, struct timeval *));
+static struct dhcp6_timer *client6_expire_refreshtime __P((void *));
+static int process_auth __P((struct authparam *, struct dhcp6 *dh6, ssize_t,
+    struct dhcp6_optinfo *));
+static int set_auth __P((struct dhcp6_event *, struct dhcp6_optinfo *));
+
+struct dhcp6_timer *client6_timo __P((void *));
+int client6_start __P((struct dhcp6_if *));
+static void info_printf __P((const char *, ...));
+
+extern int client6_script __P((char *, int, struct dhcp6_optinfo *));
+
+#define MAX_ELAPSED_TIME 0xffff
+
+int
+main(argc, argv)
+	int argc;
+	char **argv;
+{
+	int ch, pid;
+	char *progname;
+	FILE *pidfp;
+	struct dhcp6_if *ifp;
+
+#ifndef HAVE_ARC4RANDOM
+	srandom(time(NULL) & getpid());
+#endif
+
+	if ((progname = strrchr(*argv, '/')) == NULL)
+		progname = *argv;
+	else
+		progname++;
+
+	while ((ch = getopt(argc, argv, "c:dDfik:p:")) != -1) {
+		switch (ch) {
+		case 'c':
+			conffile = optarg;
+			break;
+		case 'd':
+			debug = 1;
+			break;
+		case 'D':
+			debug = 2;
+			break;
+		case 'f':
+			foreground++;
+			break;
+		case 'i':
+			infreq_mode = 1;
+			break;
+		case 'k':
+			ctlkeyfile = optarg;
+			break;
+		case 'p':
+			pid_file = optarg;
+			break;
+		default:
+			usage();
+			exit(0);
+		}
+	}
+	argc -= optind;
+	argv += optind;
+
+	if (argc == 0) {
+		usage();
+		exit(0);
+	}
+
+	if (foreground == 0)
+		openlog(progname, LOG_NDELAY|LOG_PID, LOG_DAEMON);
+
+	setloglevel(debug);
+
+	client6_init();
+	while (argc-- > 0) { 
+		if ((ifp = ifinit(argv[0])) == NULL) {
+			dprintf(LOG_ERR, FNAME, "failed to initialize %s",
+			    argv[0]);
+			exit(1);
+		}
+		argv++;
+	}
+
+	if (infreq_mode == 0 && (cfparse(conffile)) != 0) {
+		dprintf(LOG_ERR, FNAME, "failed to parse configuration file");
+		exit(1);
+	}
+
+	if (foreground == 0 && infreq_mode == 0) {
+		if (daemon(0, 0) < 0)
+			err(1, "daemon");
+	}
+
+	/* dump current PID */
+	pid = getpid();
+	if ((pidfp = fopen(pid_file, "w")) != NULL) {
+		fprintf(pidfp, "%d\n", pid);
+		fclose(pidfp);
+	}
+
+	client6_startall(0);
+	client6_mainloop();
+	exit(0);
+}
+
+static void
+usage()
+{
+
+	fprintf(stderr, "usage: dhcp6c [-c configfile] [-dDfi] "
+	    "[-p pid-file] interface [interfaces...]\n");
+}
+
+/*------------------------------------------------------------*/
+
+void
+client6_init()
+{
+	struct addrinfo hints, *res;
+	static struct sockaddr_in6 sa6_allagent_storage;
+	int error, on = 1;
+
+	/* get our DUID */
+	if (get_duid(DUID_FILE, &client_duid)) {
+		dprintf(LOG_ERR, FNAME, "failed to get a DUID");
+		exit(1);
+	}
+
+	if (dhcp6_ctl_authinit(ctlkeyfile, &ctlkey, &ctldigestlen) != 0) {
+		dprintf(LOG_NOTICE, FNAME,
+		    "failed initialize control message authentication");
+		/* run the server anyway */
+	}
+
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = PF_INET6;
+	hints.ai_socktype = SOCK_DGRAM;
+	hints.ai_protocol = IPPROTO_UDP;
+	hints.ai_flags = AI_PASSIVE;
+	error = getaddrinfo(NULL, DH6PORT_DOWNSTREAM, &hints, &res);
+	if (error) {
+		dprintf(LOG_ERR, FNAME, "getaddrinfo: %s",
+		    gai_strerror(error));
+		exit(1);
+	}
+	sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+	if (sock < 0) {
+		dprintf(LOG_ERR, FNAME, "socket");
+		exit(1);
+	}
+	if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT,
+		       &on, sizeof(on)) < 0) {
+		dprintf(LOG_ERR, FNAME,
+		    "setsockopt(SO_REUSEPORT): %s", strerror(errno));
+		exit(1);
+	}
+#ifdef IPV6_RECVPKTINFO
+	if (setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on,
+		       sizeof(on)) < 0) {
+		dprintf(LOG_ERR, FNAME,
+			"setsockopt(IPV6_RECVPKTINFO): %s",
+			strerror(errno));
+		exit(1);
+	}
+#else
+	if (setsockopt(sock, IPPROTO_IPV6, IPV6_PKTINFO, &on,
+		       sizeof(on)) < 0) {
+		dprintf(LOG_ERR, FNAME,
+		    "setsockopt(IPV6_PKTINFO): %s",
+		    strerror(errno));
+		exit(1);
+	}
+#endif
+	if (setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &on,
+		       sizeof(on)) < 0) {
+		dprintf(LOG_ERR, FNAME,
+		    "setsockopt(sock, IPV6_MULTICAST_LOOP): %s",
+		    strerror(errno));
+		exit(1);
+	}
+#ifdef IPV6_V6ONLY
+	if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
+	    &on, sizeof(on)) < 0) {
+		dprintf(LOG_ERR, FNAME, "setsockopt(IPV6_V6ONLY): %s",
+		    strerror(errno));
+		exit(1);
+	}
+#endif
+
+	/*
+	 * According RFC3315 2.2, only the incoming port should be bound to UDP
+	 * port 546.  However, to have an interoperability with some servers,
+	 * the outgoing port is also bound to the DH6PORT_DOWNSTREAM.
+	 */
+	if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
+		dprintf(LOG_ERR, FNAME, "bind: %s", strerror(errno));
+		exit(1);
+	}
+	freeaddrinfo(res);
+
+	/* open a routing socket to watch the routing table */
+	if ((rtsock = socket(PF_ROUTE, SOCK_RAW, 0)) < 0) {
+		dprintf(LOG_ERR, FNAME, "open a routing socket: %s",
+		    strerror(errno));
+		exit(1);
+	}
+
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = PF_INET6;
+	hints.ai_socktype = SOCK_DGRAM;
+	hints.ai_protocol = IPPROTO_UDP;
+	error = getaddrinfo(DH6ADDR_ALLAGENT, DH6PORT_UPSTREAM, &hints, &res);
+	if (error) {
+		dprintf(LOG_ERR, FNAME, "getaddrinfo: %s",
+		    gai_strerror(error));
+		exit(1);
+	}
+	memcpy(&sa6_allagent_storage, res->ai_addr, res->ai_addrlen);
+	sa6_allagent = (const struct sockaddr_in6 *)&sa6_allagent_storage;
+	freeaddrinfo(res);
+
+	/* set up control socket */
+	if (ctlkey == NULL)
+		dprintf(LOG_NOTICE, FNAME, "skip opening control port");
+	else if (dhcp6_ctl_init(ctladdr, ctlport,
+	    DHCP6CTL_DEF_COMMANDQUEUELEN, &ctlsock)) {
+		dprintf(LOG_ERR, FNAME,
+		    "failed to initialize control channel");
+		exit(1);
+	}
+
+	if (signal(SIGHUP, client6_signal) == SIG_ERR) {
+		dprintf(LOG_WARNING, FNAME, "failed to set signal: %s",
+		    strerror(errno));
+		exit(1);
+	}
+	if (signal(SIGTERM, client6_signal) == SIG_ERR) {
+		dprintf(LOG_WARNING, FNAME, "failed to set signal: %s",
+		    strerror(errno));
+		exit(1);
+	}
+}
+
+int
+client6_start(ifp)
+	struct dhcp6_if *ifp;
+{
+	struct dhcp6_event *ev;
+
+	/* make sure that the interface does not have a timer */
+	if (ifp->timer != NULL) {
+		dprintf(LOG_DEBUG, FNAME,
+		    "removed existing timer on %s", ifp->ifname);
+		dhcp6_remove_timer(&ifp->timer);
+	}
+
+	/* create an event for the initial delay */
+	if ((ev = dhcp6_create_event(ifp, DHCP6S_INIT)) == NULL) {
+		dprintf(LOG_NOTICE, FNAME, "failed to create an event");
+		return (-1);
+	}
+	TAILQ_INSERT_TAIL(&ifp->event_list, ev, link);
+
+	if ((ev->authparam = new_authparam(ifp->authproto,
+	    ifp->authalgorithm, ifp->authrdm)) == NULL) {
+		dprintf(LOG_WARNING, FNAME, "failed to allocate "
+		    "authentication parameters");
+		dhcp6_remove_event(ev);
+		return (-1);
+	}
+
+	if ((ev->timer = dhcp6_add_timer(client6_timo, ev)) == NULL) {
+		dprintf(LOG_NOTICE, FNAME, "failed to add a timer for %s",
+		    ifp->ifname);
+		dhcp6_remove_event(ev);
+		return (-1);
+	}
+	dhcp6_reset_timer(ev);
+
+	return (0);
+}
+
+static void
+client6_startall(isrestart)
+	int isrestart;
+{
+	struct dhcp6_if *ifp;
+
+	for (ifp = dhcp6_if; ifp; ifp = ifp->next) {
+		if (isrestart &&ifreset(ifp)) {
+			dprintf(LOG_NOTICE, FNAME, "failed to reset %s",
+			    ifp->ifname);
+			continue; /* XXX: try to recover? */
+		}
+		if (client6_start(ifp))
+			exit(1); /* initialization failure.  we give up. */
+	}
+}
+
+static void
+free_resources(freeifp)
+	struct dhcp6_if *freeifp;
+{
+	struct dhcp6_if *ifp;
+
+	for (ifp = dhcp6_if; ifp; ifp = ifp->next) {
+		struct dhcp6_event *ev, *ev_next;
+
+		if (freeifp != NULL && freeifp != ifp)
+			continue;
+
+		/* release all IAs as well as send RELEASE message(s) */
+		release_all_ia(ifp);
+
+		/*
+		 * Cancel all outstanding events for each interface except
+		 * ones being released.
+		 */
+		for (ev = TAILQ_FIRST(&ifp->event_list); ev; ev = ev_next) {
+			ev_next = TAILQ_NEXT(ev, link);
+
+			if (ev->state == DHCP6S_RELEASE)
+				continue; /* keep it for now */
+
+			dhcp6_remove_event(ev);
+		}
+	}
+}
+
+static void
+check_exit()
+{
+	struct dhcp6_if *ifp;
+
+	if (!exit_ok)
+		return;
+
+	for (ifp = dhcp6_if; ifp; ifp = ifp->next) {
+		/*
+		 * Check if we have an outstanding event.  If we do, we cannot
+		 * exit for now.
+		 */
+		if (!TAILQ_EMPTY(&ifp->event_list))
+			return;
+	}
+
+	/* We have no existing event.  Do exit. */
+	dprintf(LOG_INFO, FNAME, "exiting");
+
+	exit(0);
+}
+
+static void
+process_signals()
+{
+	if ((sig_flags & SIGF_TERM)) {
+		exit_ok = 1;
+		free_resources(NULL);
+		unlink(pid_file);
+		check_exit();
+	}
+	if ((sig_flags & SIGF_HUP)) {
+		dprintf(LOG_INFO, FNAME, "restarting");
+		free_resources(NULL);
+		client6_startall(1);
+	}
+
+	sig_flags = 0;
+}
+
+static void
+client6_mainloop()
+{
+	struct timeval *w;
+	int ret, maxsock;
+	fd_set r;
+
+	while(1) {
+		if (sig_flags)
+			process_signals();
+
+		w = dhcp6_check_timer();
+
+		FD_ZERO(&r);
+		FD_SET(sock, &r);
+		maxsock = sock;
+		if (ctlsock >= 0) {
+			FD_SET(ctlsock, &r);
+			maxsock = (sock > ctlsock) ? sock : ctlsock;
+			(void)dhcp6_ctl_setreadfds(&r, &maxsock);
+		}
+
+		ret = select(maxsock + 1, &r, NULL, NULL, w);
+
+		switch (ret) {
+		case -1:
+			if (errno != EINTR) {
+				dprintf(LOG_ERR, FNAME, "select: %s",
+				    strerror(errno));
+				exit(1);
+			}
+			continue;
+		case 0:	/* timeout */
+			break;	/* dhcp6_check_timer() will treat the case */
+		default:
+			break;
+		}
+		if (FD_ISSET(sock, &r))
+			client6_recv();
+		if (ctlsock >= 0) {
+			if (FD_ISSET(ctlsock, &r)) {
+				(void)dhcp6_ctl_acceptcommand(ctlsock,
+				    client6_do_ctlcommand);
+			}
+			(void)dhcp6_ctl_readcommand(&r);
+		}
+	}
+}
+
+static inline int
+get_val32(bpp, lenp, valp)
+	char **bpp;
+	int *lenp;
+	u_int32_t *valp;
+{
+	char *bp = *bpp;
+	int len = *lenp;
+	u_int32_t i32;
+
+	if (len < sizeof(*valp))
+		return (-1);
+
+	memcpy(&i32, bp, sizeof(i32));
+	*valp = ntohl(i32);
+
+	*bpp = bp + sizeof(*valp);
+	*lenp = len - sizeof(*valp);
+
+	return (0);
+}
+
+static inline int
+get_ifname(bpp, lenp, ifbuf, ifbuflen)
+	char **bpp;
+	int *lenp;
+	char *ifbuf;
+	int ifbuflen;
+{
+	char *bp = *bpp;
+	int len = *lenp, ifnamelen;
+	u_int32_t i32;
+
+	if (get_val32(bpp, lenp, &i32))
+		return (-1);
+	ifnamelen = (int)i32;
+
+	if (*lenp < ifnamelen || ifnamelen > ifbuflen)
+		return (-1);
+
+	memset(ifbuf, 0, sizeof(ifbuf));
+	memcpy(ifbuf, *bpp, ifnamelen);
+	if (ifbuf[ifbuflen - 1] != '\0')
+		return (-1);	/* not null terminated */
+
+	*bpp = bp + sizeof(i32) + ifnamelen;
+	*lenp = len - (sizeof(i32) + ifnamelen);
+
+	return (0);
+}
+
+static int
+client6_do_ctlcommand(buf, len)
+	char *buf;
+	ssize_t len;
+{
+	struct dhcp6ctl *ctlhead;
+	u_int16_t command, version;
+	u_int32_t p32, ts, ts0;
+	int commandlen;
+	char *bp;
+	char ifname[IFNAMSIZ];
+	time_t now;
+
+	memset(ifname, 0, sizeof(ifname));
+
+	ctlhead = (struct dhcp6ctl *)buf;
+
+	command = ntohs(ctlhead->command);
+	commandlen = (int)(ntohs(ctlhead->len));
+	version = ntohs(ctlhead->version);
+	if (len != sizeof(struct dhcp6ctl) + commandlen) {
+		dprintf(LOG_ERR, FNAME,
+		    "assumption failure: command length mismatch");
+		return (DHCP6CTL_R_FAILURE);
+	}
+
+	/* replay protection and message authentication */
+	if ((now = time(NULL)) < 0) {
+		dprintf(LOG_ERR, FNAME, "failed to get current time: %s",
+		    strerror(errno));
+		return (DHCP6CTL_R_FAILURE);
+	}
+	ts0 = (u_int32_t)now;
+	ts = ntohl(ctlhead->timestamp);
+	if (ts + CTLSKEW < ts0 || (ts - CTLSKEW) > ts0) {
+		dprintf(LOG_INFO, FNAME, "timestamp is out of range");
+		return (DHCP6CTL_R_FAILURE);
+	}
+
+	if (ctlkey == NULL) {	/* should not happen!! */
+		dprintf(LOG_ERR, FNAME, "no secret key for control channel");
+		return (DHCP6CTL_R_FAILURE);
+	}
+	if (dhcp6_verify_mac(buf, len, DHCP6CTL_AUTHPROTO_UNDEF,
+	    DHCP6CTL_AUTHALG_HMACMD5, sizeof(*ctlhead), ctlkey) != 0) {
+		dprintf(LOG_INFO, FNAME, "authentication failure");
+		return (DHCP6CTL_R_FAILURE);
+	}
+
+	bp = buf + sizeof(*ctlhead) + ctldigestlen;
+	commandlen -= ctldigestlen;
+
+	if (version > DHCP6CTL_VERSION) {
+		dprintf(LOG_INFO, FNAME, "unsupported version: %d", version);
+		return (DHCP6CTL_R_FAILURE);
+	}
+
+	switch (command) {
+	case DHCP6CTL_COMMAND_RELOAD:
+		if (commandlen != 0) {
+			dprintf(LOG_INFO, FNAME, "invalid command length "
+			    "for reload: %d", commandlen);
+			return (DHCP6CTL_R_DONE);
+		}
+		client6_reload();
+		break;
+	case DHCP6CTL_COMMAND_START:
+		if (get_val32(&bp, &commandlen, &p32))
+			return (DHCP6CTL_R_FAILURE);
+		switch (p32) {
+		case DHCP6CTL_INTERFACE:
+			if (get_ifname(&bp, &commandlen, ifname,
+			    sizeof(ifname))) {
+				return (DHCP6CTL_R_FAILURE);
+			}
+			if (client6_ifctl(ifname, DHCP6CTL_COMMAND_START))
+				return (DHCP6CTL_R_FAILURE);
+			break;
+		default:
+			dprintf(LOG_INFO, FNAME,
+			    "unknown start target: %ul", p32);
+			return (DHCP6CTL_R_FAILURE);
+		}
+		break;
+	case DHCP6CTL_COMMAND_STOP:
+		if (commandlen == 0) {
+			exit_ok = 1;
+			free_resources(NULL);
+			unlink(pid_file);
+			check_exit();
+		} else {
+			if (get_val32(&bp, &commandlen, &p32))
+				return (DHCP6CTL_R_FAILURE);
+
+			switch (p32) {
+			case DHCP6CTL_INTERFACE:
+				if (get_ifname(&bp, &commandlen, ifname,
+				    sizeof(ifname))) {
+					return (DHCP6CTL_R_FAILURE);
+				}
+				if (client6_ifctl(ifname,
+				    DHCP6CTL_COMMAND_STOP)) {
+					return (DHCP6CTL_R_FAILURE);
+				}
+				break;
+			default:
+				dprintf(LOG_INFO, FNAME,
+				    "unknown start target: %ul", p32);
+				return (DHCP6CTL_R_FAILURE);
+			}
+		}
+		break;
+	default:
+		dprintf(LOG_INFO, FNAME,
+		    "unknown control command: %d (len=%d)",
+		    (int)command, commandlen);
+		return (DHCP6CTL_R_FAILURE);
+	}
+
+  	return (DHCP6CTL_R_DONE);
+}
+
+static void
+client6_reload()
+{
+	/* reload the configuration file */
+	if (cfparse(conffile) != 0) {
+		dprintf(LOG_WARNING, FNAME,
+		    "failed to reload configuration file");
+		return;
+	}
+
+	dprintf(LOG_NOTICE, FNAME, "client reloaded");
+
+	return;
+}
+
+static int
+client6_ifctl(ifname, command)
+	char *ifname;
+	u_int16_t command;
+{
+	struct dhcp6_if *ifp;
+
+	if ((ifp = find_ifconfbyname(ifname)) == NULL) {
+		dprintf(LOG_INFO, FNAME,
+		    "failed to find interface configuration for %s",
+		    ifname);
+		return (-1);
+	}
+
+	dprintf(LOG_DEBUG, FNAME, "%s interface %s",
+	    command == DHCP6CTL_COMMAND_START ? "start" : "stop", ifname);
+
+	switch(command) {
+	case DHCP6CTL_COMMAND_START:
+		free_resources(ifp);
+		if (client6_start(ifp)) {
+			dprintf(LOG_NOTICE, FNAME, "failed to restart %s",
+			    ifname);
+			return (-1);
+		}
+		break;
+	case DHCP6CTL_COMMAND_STOP:
+		free_resources(ifp);
+		if (ifp->timer != NULL) {
+			dprintf(LOG_DEBUG, FNAME,
+			    "removed existing timer on %s", ifp->ifname);
+			dhcp6_remove_timer(&ifp->timer);
+		}
+		break;
+	default:		/* impossible case, should be a bug */
+		dprintf(LOG_ERR, FNAME, "unknown command: %d", (int)command);
+		break;
+	}
+
+	return (0);
+}
+
+static struct dhcp6_timer *
+client6_expire_refreshtime(arg)
+	void *arg;
+{
+	struct dhcp6_if *ifp = arg;
+
+	dprintf(LOG_DEBUG, FNAME,
+	    "information refresh time on %s expired", ifp->ifname);
+
+	dhcp6_remove_timer(&ifp->timer);
+	client6_start(ifp);
+
+	return (NULL);
+}
+
+struct dhcp6_timer *
+client6_timo(arg)
+	void *arg;
+{
+	struct dhcp6_event *ev = (struct dhcp6_event *)arg;
+	struct dhcp6_if *ifp;
+	int state = ev->state;
+
+	ifp = ev->ifp;
+	ev->timeouts++;
+
+	/*
+	 * Unless MRC is zero, the message exchange fails once the client has
+	 * transmitted the message MRC times.
+	 * [RFC3315 14.]
+	 */
+	if (ev->max_retrans_cnt && ev->timeouts >= ev->max_retrans_cnt) {
+		dprintf(LOG_INFO, FNAME, "no responses were received");
+		dhcp6_remove_event(ev);
+
+		if (state == DHCP6S_RELEASE)
+			check_exit();
+
+		return (NULL);
+	}
+
+	switch(ev->state) {
+	case DHCP6S_INIT:
+		ev->timeouts = 0; /* indicate to generate a new XID. */
+		if ((ifp->send_flags & DHCIFF_INFO_ONLY) || infreq_mode)
+			ev->state = DHCP6S_INFOREQ;
+		else {
+			ev->state = DHCP6S_SOLICIT;
+			if (construct_confdata(ifp, ev)) {
+				dprintf(LOG_ERR, FNAME, "can't send solicit");
+				exit(1); /* XXX */
+			}
+		}
+		dhcp6_set_timeoparam(ev); /* XXX */
+		/* fall through */
+	case DHCP6S_REQUEST:
+	case DHCP6S_RELEASE:
+	case DHCP6S_INFOREQ:
+		client6_send(ev);
+		break;
+	case DHCP6S_RENEW:
+	case DHCP6S_REBIND:
+		if (!TAILQ_EMPTY(&ev->data_list))
+			client6_send(ev);
+		else {
+			dprintf(LOG_INFO, FNAME,
+			    "all information to be updated was canceled");
+			dhcp6_remove_event(ev);
+			return (NULL);
+		}
+		break;
+	case DHCP6S_SOLICIT:
+		if (ev->servers) {
+			/*
+			 * Send a Request to the best server.
+			 * Note that when we set Rapid-commit in Solicit,
+			 * but a direct Reply has been delayed (very much),
+			 * the transition to DHCP6S_REQUEST (and the change of
+			 * transaction ID) will invalidate the reply even if it
+			 * ever arrives.
+			 */
+			ev->current_server = select_server(ev);
+			if (ev->current_server == NULL) {
+				/* this should not happen! */
+				dprintf(LOG_NOTICE, FNAME,
+				    "can't find a server");
+				exit(1); /* XXX */
+			}
+			if (duidcpy(&ev->serverid,
+			    &ev->current_server->optinfo.serverID)) {
+				dprintf(LOG_NOTICE, FNAME,
+				    "can't copy server ID");
+				return (NULL); /* XXX: better recovery? */
+			}
+			ev->timeouts = 0;
+			ev->state = DHCP6S_REQUEST;
+			dhcp6_set_timeoparam(ev);
+
+			if (ev->authparam != NULL)
+				free(ev->authparam);
+			ev->authparam = ev->current_server->authparam;
+			ev->current_server->authparam = NULL;
+
+			if (construct_reqdata(ifp,
+			    &ev->current_server->optinfo, ev)) {
+				dprintf(LOG_NOTICE, FNAME,
+				    "failed to construct request data");
+				break;
+			}
+		}
+		client6_send(ev);
+		break;
+	}
+
+	dhcp6_reset_timer(ev);
+
+	return (ev->timer);
+}
+
+static int
+construct_confdata(ifp, ev)
+	struct dhcp6_if *ifp;
+	struct dhcp6_event *ev;
+{
+	struct ia_conf *iac;
+	struct dhcp6_eventdata *evd = NULL;
+	struct dhcp6_list *ial = NULL, pl;
+	struct dhcp6_ia iaparam;
+
+	TAILQ_INIT(&pl);	/* for safety */
+
+	for (iac = TAILQ_FIRST(&ifp->iaconf_list); iac;
+	    iac = TAILQ_NEXT(iac, link)) {
+		/* ignore IA config currently used */
+		if (!TAILQ_EMPTY(&iac->iadata))
+			continue;
+
+		evd = NULL;
+		if ((evd = malloc(sizeof(*evd))) == NULL) {
+			dprintf(LOG_NOTICE, FNAME,
+			    "failed to create a new event data");
+			goto fail;
+		}
+		memset(evd, 0, sizeof(evd));
+
+		memset(&iaparam, 0, sizeof(iaparam));
+		iaparam.iaid = iac->iaid;
+		switch (iac->type) {
+		case IATYPE_PD:
+			ial = NULL;
+			if ((ial = malloc(sizeof(*ial))) == NULL)
+				goto fail;
+			TAILQ_INIT(ial);
+
+			TAILQ_INIT(&pl);
+			dhcp6_copy_list(&pl,
+			    &((struct iapd_conf *)iac)->iapd_prefix_list);
+			if (dhcp6_add_listval(ial, DHCP6_LISTVAL_IAPD,
+			    &iaparam, &pl) == NULL) {
+				goto fail;
+			}
+			dhcp6_clear_list(&pl);
+
+			evd->type = DHCP6_EVDATA_IAPD;
+			evd->data = ial;
+			evd->event = ev;
+			evd->destructor = destruct_iadata;
+			TAILQ_INSERT_TAIL(&ev->data_list, evd, link);
+			break;
+		case IATYPE_NA:
+			ial = NULL;
+			if ((ial = malloc(sizeof(*ial))) == NULL)
+				goto fail;
+			TAILQ_INIT(ial);
+
+			TAILQ_INIT(&pl);
+			dhcp6_copy_list(&pl,
+			    &((struct iana_conf *)iac)->iana_address_list);
+			if (dhcp6_add_listval(ial, DHCP6_LISTVAL_IANA,
+			    &iaparam, &pl) == NULL) {
+				goto fail;
+			}
+			dhcp6_clear_list(&pl);
+
+			evd->type = DHCP6_EVDATA_IANA;
+			evd->data = ial;
+			evd->event = ev;
+			evd->destructor = destruct_iadata;
+			TAILQ_INSERT_TAIL(&ev->data_list, evd, link);
+			break;
+		default:
+			dprintf(LOG_ERR, FNAME, "internal error");
+			exit(1);
+		}
+	}
+
+	return (0);
+
+  fail:
+	if (evd)
+		free(evd);
+	if (ial)
+		free(ial);
+	dhcp6_remove_event(ev);	/* XXX */
+	
+	return (-1);
+}
+
+static int
+construct_reqdata(ifp, optinfo, ev)
+	struct dhcp6_if *ifp;
+	struct dhcp6_optinfo *optinfo;
+	struct dhcp6_event *ev;
+{
+	struct ia_conf *iac;
+	struct dhcp6_eventdata *evd = NULL;
+	struct dhcp6_list *ial = NULL;
+	struct dhcp6_ia iaparam;
+
+	/* discard previous event data */
+	dhcp6_remove_evdata(ev);
+
+	if (optinfo == NULL)
+		return (0);
+
+	for (iac = TAILQ_FIRST(&ifp->iaconf_list); iac;
+	    iac = TAILQ_NEXT(iac, link)) {
+		struct dhcp6_listval *v;
+
+		/* ignore IA config currently used */
+		if (!TAILQ_EMPTY(&iac->iadata))
+			continue;
+
+		memset(&iaparam, 0, sizeof(iaparam));
+		iaparam.iaid = iac->iaid;
+
+		ial = NULL;
+		evd = NULL;
+
+		switch (iac->type) {
+		case IATYPE_PD:
+			if ((v = dhcp6_find_listval(&optinfo->iapd_list,
+			    DHCP6_LISTVAL_IAPD, &iaparam, 0)) == NULL)
+				continue;
+
+			if ((ial = malloc(sizeof(*ial))) == NULL)
+				goto fail;
+
+			TAILQ_INIT(ial);
+			if (dhcp6_add_listval(ial, DHCP6_LISTVAL_IAPD,
+			    &iaparam, &v->sublist) == NULL) {
+				goto fail;
+			}
+
+			if ((evd = malloc(sizeof(*evd))) == NULL)
+				goto fail;
+			memset(evd, 0, sizeof(*evd));
+			evd->type = DHCP6_EVDATA_IAPD;
+			evd->data = ial;
+			evd->event = ev;
+			evd->destructor = destruct_iadata;
+			TAILQ_INSERT_TAIL(&ev->data_list, evd, link);
+			break;
+		case IATYPE_NA:
+			if ((v = dhcp6_find_listval(&optinfo->iana_list,
+			    DHCP6_LISTVAL_IANA, &iaparam, 0)) == NULL)
+				continue;
+
+			if ((ial = malloc(sizeof(*ial))) == NULL)
+				goto fail;
+
+			TAILQ_INIT(ial);
+			if (dhcp6_add_listval(ial, DHCP6_LISTVAL_IANA,
+			    &iaparam, &v->sublist) == NULL) {
+				goto fail;
+			}
+
+			if ((evd = malloc(sizeof(*evd))) == NULL)
+				goto fail;
+			memset(evd, 0, sizeof(*evd));
+			evd->type = DHCP6_EVDATA_IANA;
+			evd->data = ial;
+			evd->event = ev;
+			evd->destructor = destruct_iadata;
+			TAILQ_INSERT_TAIL(&ev->data_list, evd, link);
+			break;
+		default:
+			dprintf(LOG_ERR, FNAME, "internal error");
+			exit(1);
+		}
+	}
+
+	return (0);
+
+  fail:
+	if (evd)
+		free(evd);
+	if (ial)
+		free(ial);
+	dhcp6_remove_event(ev);	/* XXX */
+	
+	return (-1);
+}
+
+static void
+destruct_iadata(evd)
+	struct dhcp6_eventdata *evd;
+{
+	struct dhcp6_list *ial;
+
+	if (evd->type != DHCP6_EVDATA_IAPD && evd->type != DHCP6_EVDATA_IANA) {
+		dprintf(LOG_ERR, FNAME, "assumption failure %d", evd->type);
+		exit(1);
+	}
+
+	ial = (struct dhcp6_list *)evd->data;
+	dhcp6_clear_list(ial);
+	free(ial);
+}
+
+static struct dhcp6_serverinfo *
+select_server(ev)
+	struct dhcp6_event *ev;
+{
+	struct dhcp6_serverinfo *s;
+
+	/*
+	 * pick the best server according to RFC3315 Section 17.1.3.
+	 * XXX: we currently just choose the one that is active and has the
+	 * highest preference.
+	 */
+	for (s = ev->servers; s; s = s->next) {
+		if (s->active) {
+			dprintf(LOG_DEBUG, FNAME, "picked a server (ID: %s)",
+			    duidstr(&s->optinfo.serverID));
+			return (s);
+		}
+	}
+
+	return (NULL);
+}
+
+static void
+client6_signal(sig)
+	int sig;
+{
+
+	switch (sig) {
+	case SIGTERM:
+		sig_flags |= SIGF_TERM;
+		break;
+	case SIGHUP:
+		sig_flags |= SIGF_HUP;
+		break;
+	}
+}
+
+void
+client6_send(ev)
+	struct dhcp6_event *ev;
+{
+	struct dhcp6_if *ifp;
+	char buf[BUFSIZ];
+	struct sockaddr_in6 dst;
+	struct dhcp6 *dh6;
+	struct dhcp6_optinfo optinfo;
+	ssize_t optlen, len;
+	struct dhcp6_eventdata *evd;
+
+	ifp = ev->ifp;
+
+	dh6 = (struct dhcp6 *)buf;
+	memset(dh6, 0, sizeof(*dh6));
+
+	switch(ev->state) {
+	case DHCP6S_SOLICIT:
+		dh6->dh6_msgtype = DH6_SOLICIT;
+		break;
+	case DHCP6S_REQUEST:
+		dh6->dh6_msgtype = DH6_REQUEST;
+		break;
+	case DHCP6S_RENEW:
+		dh6->dh6_msgtype = DH6_RENEW;
+		break;
+	case DHCP6S_REBIND:
+		dh6->dh6_msgtype = DH6_REBIND;
+		break;
+	case DHCP6S_RELEASE:
+		dh6->dh6_msgtype = DH6_RELEASE;
+		break;
+	case DHCP6S_INFOREQ:
+		dh6->dh6_msgtype = DH6_INFORM_REQ;
+		break;
+	default:
+		dprintf(LOG_ERR, FNAME, "unexpected state");
+		exit(1);	/* XXX */
+	}
+
+	if (ev->timeouts == 0) {
+		/*
+		 * A client SHOULD generate a random number that cannot easily
+		 * be guessed or predicted to use as the transaction ID for
+		 * each new message it sends.
+		 *
+		 * A client MUST leave the transaction-ID unchanged in
+		 * retransmissions of a message. [RFC3315 15.1]
+		 */
+#ifdef HAVE_ARC4RANDOM
+		ev->xid = arc4random() & DH6_XIDMASK;
+#else
+		ev->xid = random() & DH6_XIDMASK;
+#endif
+		dprintf(LOG_DEBUG, FNAME, "a new XID (%x) is generated",
+		    ev->xid);
+	}
+	dh6->dh6_xid &= ~ntohl(DH6_XIDMASK);
+	dh6->dh6_xid |= htonl(ev->xid);
+	len = sizeof(*dh6);
+
+	/*
+	 * construct options
+	 */
+	dhcp6_init_options(&optinfo);
+
+	/* server ID */
+	switch (ev->state) {
+	case DHCP6S_REQUEST:
+	case DHCP6S_RENEW:
+	case DHCP6S_RELEASE:
+		if (duidcpy(&optinfo.serverID, &ev->serverid)) {
+			dprintf(LOG_ERR, FNAME, "failed to copy server ID");
+			goto end;
+		}
+		break;
+	}
+
+	/* client ID */
+	if (duidcpy(&optinfo.clientID, &client_duid)) {
+		dprintf(LOG_ERR, FNAME, "failed to copy client ID");
+		goto end;
+	}
+
+	/* rapid commit (in Solicit only) */
+	if (ev->state == DHCP6S_SOLICIT &&
+	    (ifp->send_flags & DHCIFF_RAPID_COMMIT)) {
+		optinfo.rapidcommit = 1;
+	}
+
+	/* elapsed time */
+	if (ev->timeouts == 0) {
+		gettimeofday(&ev->tv_start, NULL);
+		optinfo.elapsed_time = 0;
+	} else {
+		struct timeval now, tv_diff;
+		long et;
+
+		gettimeofday(&now, NULL);
+		tv_sub(&now, &ev->tv_start, &tv_diff);
+
+		/*
+		 * The client uses the value 0xffff to represent any elapsed
+		 * time values greater than the largest time value that can be
+		 * represented in the Elapsed Time option.
+		 * [RFC3315 22.9.]
+		 */
+		if (tv_diff.tv_sec >= (MAX_ELAPSED_TIME / 100) + 1) {
+			/*
+			 * Perhaps we are nervous too much, but without this
+			 * additional check, we would see an overflow in 248
+			 * days (of no responses). 
+			 */
+			et = MAX_ELAPSED_TIME;
+		} else {
+			et = tv_diff.tv_sec * 100 + tv_diff.tv_usec / 10000;
+			if (et >= MAX_ELAPSED_TIME)
+				et = MAX_ELAPSED_TIME;
+		}
+		optinfo.elapsed_time = (int32_t)et;
+	}
+
+	/* option request options */
+	if (ev->state != DHCP6S_RELEASE &&
+	    dhcp6_copy_list(&optinfo.reqopt_list, &ifp->reqopt_list)) {
+		dprintf(LOG_ERR, FNAME, "failed to copy requested options");
+		goto end;
+	}
+
+	/* configuration information specified as event data */
+	for (evd = TAILQ_FIRST(&ev->data_list); evd;
+	     evd = TAILQ_NEXT(evd, link)) {
+		switch(evd->type) {
+		case DHCP6_EVDATA_IAPD:
+			if (dhcp6_copy_list(&optinfo.iapd_list,
+			    (struct dhcp6_list *)evd->data)) {
+				dprintf(LOG_NOTICE, FNAME,
+				    "failed to add an IAPD");
+				goto end;
+			}
+			break;
+		case DHCP6_EVDATA_IANA:
+			if (dhcp6_copy_list(&optinfo.iana_list,
+			    (struct dhcp6_list *)evd->data)) {
+				dprintf(LOG_NOTICE, FNAME,
+				    "failed to add an IAPD");
+				goto end;
+			}
+			break;
+		default:
+			dprintf(LOG_ERR, FNAME, "unexpected event data (%d)",
+			    evd->type);
+			exit(1);
+		}
+	}
+
+	/* authentication information */
+	if (set_auth(ev, &optinfo)) {
+		dprintf(LOG_INFO, FNAME,
+		    "failed to set authentication option");
+		goto end;
+	}
+
+	/* set options in the message */
+	if ((optlen = dhcp6_set_options(dh6->dh6_msgtype,
+	    (struct dhcp6opt *)(dh6 + 1),
+	    (struct dhcp6opt *)(buf + sizeof(buf)), &optinfo)) < 0) {
+		dprintf(LOG_INFO, FNAME, "failed to construct options");
+		goto end;
+	}
+	len += optlen;
+
+	/* calculate MAC if necessary, and put it to the message */
+	if (ev->authparam != NULL) {
+		switch (ev->authparam->authproto) {
+		case DHCP6_AUTHPROTO_DELAYED:
+			if (ev->authparam->key == NULL)
+				break;
+
+			if (dhcp6_calc_mac((char *)dh6, len,
+			    optinfo.authproto, optinfo.authalgorithm,
+			    optinfo.delayedauth_offset + sizeof(*dh6),
+			    ev->authparam->key)) {
+				dprintf(LOG_WARNING, FNAME,
+				    "failed to calculate MAC");
+				goto end;
+			}
+			break;
+		default:
+			break;	/* do nothing */
+		}
+	}
+
+	/*
+	 * Unless otherwise specified in this document or in a document that
+	 * describes how IPv6 is carried over a specific type of link (for link
+	 * types that do not support multicast), a client sends DHCP messages
+	 * to the All_DHCP_Relay_Agents_and_Servers.
+	 * [RFC3315 Section 13.]
+	 */
+	dst = *sa6_allagent;
+	dst.sin6_scope_id = ifp->linkid;
+
+	if (sendto(sock, buf, len, 0, (struct sockaddr *)&dst,
+	    sysdep_sa_len((struct sockaddr *)&dst)) == -1) {
+		dprintf(LOG_ERR, FNAME,
+		    "transmit failed: %s", strerror(errno));
+		goto end;
+	}
+
+	dprintf(LOG_DEBUG, FNAME, "send %s to %s",
+	    dhcp6msgstr(dh6->dh6_msgtype), addr2str((struct sockaddr *)&dst));
+
+  end:
+	dhcp6_clear_options(&optinfo);
+	return;
+}
+
+/* result will be a - b */
+static void
+tv_sub(a, b, result)
+	struct timeval *a, *b, *result;
+{
+	if (a->tv_sec < b->tv_sec ||
+	    (a->tv_sec == b->tv_sec && a->tv_usec < b->tv_usec)) {
+		result->tv_sec = 0;
+		result->tv_usec = 0;
+
+		return;
+	}
+
+	result->tv_sec = a->tv_sec - b->tv_sec;
+	if (a->tv_usec < b->tv_usec) {
+		result->tv_usec = a->tv_usec + 1000000 - b->tv_usec;
+		result->tv_sec -= 1;
+	} else
+		result->tv_usec = a->tv_usec - b->tv_usec;
+
+	return;
+}
+
+static void
+client6_recv()
+{
+	char rbuf[BUFSIZ], cmsgbuf[BUFSIZ];
+	struct msghdr mhdr;
+	struct iovec iov;
+	struct sockaddr_storage from;
+	struct dhcp6_if *ifp;
+	struct dhcp6opt *p, *ep;
+	struct dhcp6_optinfo optinfo;
+	ssize_t len;
+	struct dhcp6 *dh6;
+	struct cmsghdr *cm;
+	struct in6_pktinfo *pi = NULL;
+
+	memset(&iov, 0, sizeof(iov));
+	memset(&mhdr, 0, sizeof(mhdr));
+
+	iov.iov_base = (caddr_t)rbuf;
+	iov.iov_len = sizeof(rbuf);
+	mhdr.msg_name = (caddr_t)&from;
+	mhdr.msg_namelen = sizeof(from);
+	mhdr.msg_iov = &iov;
+	mhdr.msg_iovlen = 1;
+	mhdr.msg_control = (caddr_t)cmsgbuf;
+	mhdr.msg_controllen = sizeof(cmsgbuf);
+	if ((len = recvmsg(sock, &mhdr, 0)) < 0) {
+		dprintf(LOG_ERR, FNAME, "recvmsg: %s", strerror(errno));
+		return;
+	}
+
+	/* detect receiving interface */
+	for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(&mhdr); cm;
+	     cm = (struct cmsghdr *)CMSG_NXTHDR(&mhdr, cm)) {
+		if (cm->cmsg_level == IPPROTO_IPV6 &&
+		    cm->cmsg_type == IPV6_PKTINFO &&
+		    cm->cmsg_len == CMSG_LEN(sizeof(struct in6_pktinfo))) {
+			pi = (struct in6_pktinfo *)(CMSG_DATA(cm));
+		}
+	}
+	if (pi == NULL) {
+		dprintf(LOG_NOTICE, FNAME, "failed to get packet info");
+		return;
+	}
+
+	if ((ifp = find_ifconfbyid((unsigned int)pi->ipi6_ifindex)) == NULL) {
+		dprintf(LOG_INFO, FNAME, "unexpected interface (%d)",
+		    (unsigned int)pi->ipi6_ifindex);
+		return;
+	}
+
+	if (len < sizeof(*dh6)) {
+		dprintf(LOG_INFO, FNAME, "short packet (%d bytes)", len);
+		return;
+	}
+
+	dh6 = (struct dhcp6 *)rbuf;
+
+	dprintf(LOG_DEBUG, FNAME, "receive %s from %s on %s",
+	    dhcp6msgstr(dh6->dh6_msgtype),
+	    addr2str((struct sockaddr *)&from), ifp->ifname);
+
+	/* get options */
+	dhcp6_init_options(&optinfo);
+	p = (struct dhcp6opt *)(dh6 + 1);
+	ep = (struct dhcp6opt *)((char *)dh6 + len);
+	if (dhcp6_get_options(p, ep, &optinfo) < 0) {
+		dprintf(LOG_INFO, FNAME, "failed to parse options");
+		return;
+	}
+
+	switch(dh6->dh6_msgtype) {
+	case DH6_ADVERTISE:
+		(void)client6_recvadvert(ifp, dh6, len, &optinfo);
+		break;
+	case DH6_REPLY:
+		(void)client6_recvreply(ifp, dh6, len, &optinfo);
+		break;
+	default:
+		dprintf(LOG_INFO, FNAME, "received an unexpected message (%s) "
+		    "from %s", dhcp6msgstr(dh6->dh6_msgtype),
+		    addr2str((struct sockaddr *)&from));
+		break;
+	}
+
+	dhcp6_clear_options(&optinfo);
+	return;
+}
+
+static int
+client6_recvadvert(ifp, dh6, len, optinfo)
+	struct dhcp6_if *ifp;
+	struct dhcp6 *dh6;
+	ssize_t len;
+	struct dhcp6_optinfo *optinfo;
+{
+	struct dhcp6_serverinfo *newserver, **sp;
+	struct dhcp6_event *ev;
+	struct dhcp6_eventdata *evd;
+	struct authparam *authparam = NULL, authparam0;
+
+	/* find the corresponding event based on the received xid */
+	ev = find_event_withid(ifp, ntohl(dh6->dh6_xid) & DH6_XIDMASK);
+	if (ev == NULL) {
+		dprintf(LOG_INFO, FNAME, "XID mismatch");
+		return (-1);
+	}
+
+	/* packet validation based on Section 15.3 of RFC3315. */
+	if (optinfo->serverID.duid_len == 0) {
+		dprintf(LOG_INFO, FNAME, "no server ID option");
+		return (-1);
+	} else {
+		dprintf(LOG_DEBUG, FNAME, "server ID: %s, pref=%d",
+		    duidstr(&optinfo->serverID),
+		    optinfo->pref);
+	}
+	if (optinfo->clientID.duid_len == 0) {
+		dprintf(LOG_INFO, FNAME, "no client ID option");
+		return (-1);
+	}
+	if (duidcmp(&optinfo->clientID, &client_duid)) {
+		dprintf(LOG_INFO, FNAME, "client DUID mismatch");
+		return (-1);
+	}
+
+	/* validate authentication */
+	authparam0 = *ev->authparam;
+	if (process_auth(&authparam0, dh6, len, optinfo)) {
+		dprintf(LOG_INFO, FNAME, "failed to process authentication");
+		return (-1);
+	}
+
+	/*
+	 * The requesting router MUST ignore any Advertise message that
+	 * includes a Status Code option containing the value NoPrefixAvail
+	 * [RFC3633 Section 11.1].
+	 * Likewise, the client MUST ignore any Advertise message that includes
+	 * a Status Code option containing the value NoAddrsAvail. 
+	 * [RFC3315 Section 17.1.3].
+	 * We only apply this when we are going to request an address or
+	 * a prefix.
+	 */
+	for (evd = TAILQ_FIRST(&ev->data_list); evd;
+	    evd = TAILQ_NEXT(evd, link)) {
+		u_int16_t stcode;
+		char *stcodestr;
+
+		switch (evd->type) {
+		case DHCP6_EVDATA_IAPD:
+			stcode = DH6OPT_STCODE_NOPREFIXAVAIL;
+			stcodestr = "NoPrefixAvail";
+			break;
+		case DHCP6_EVDATA_IANA:
+			stcode = DH6OPT_STCODE_NOADDRSAVAIL;
+			stcodestr = "NoAddrsAvail";
+			break;
+		default:
+			continue;
+		}
+		if (dhcp6_find_listval(&optinfo->stcode_list,
+		    DHCP6_LISTVAL_STCODE, &stcode, 0)) {
+			dprintf(LOG_INFO, FNAME,
+			    "advertise contains %s status", stcodestr);
+			return (-1);
+		}
+	}
+
+	if (ev->state != DHCP6S_SOLICIT ||
+	    (ifp->send_flags & DHCIFF_RAPID_COMMIT) || infreq_mode) {
+		/*
+		 * We expected a reply message, but do actually receive an
+		 * Advertise message.  The server should be configured not to
+		 * allow the Rapid Commit option.
+		 * We process the message as if we expected the Advertise.
+		 * [RFC3315 Section 17.1.4]
+		 */
+		dprintf(LOG_INFO, FNAME, "unexpected advertise");
+		/* proceed anyway */
+	}
+
+	/* ignore the server if it is known */
+	if (find_server(ev, &optinfo->serverID)) {
+		dprintf(LOG_INFO, FNAME, "duplicated server (ID: %s)",
+		    duidstr(&optinfo->serverID));
+		return (-1);
+	}
+
+	/* keep the server */
+	if ((newserver = malloc(sizeof(*newserver))) == NULL) {
+		dprintf(LOG_WARNING, FNAME,
+		    "memory allocation failed for server");
+		return (-1);
+	}
+	memset(newserver, 0, sizeof(*newserver));
+
+	/* remember authentication parameters */
+	newserver->authparam = ev->authparam;
+	newserver->authparam->flags = authparam0.flags;
+	newserver->authparam->prevrd = authparam0.prevrd;
+	newserver->authparam->key = authparam0.key;
+
+	/* allocate new authentication parameter for the soliciting event */
+	if ((authparam = new_authparam(ev->authparam->authproto,
+	    ev->authparam->authalgorithm, ev->authparam->authrdm)) == NULL) {
+		dprintf(LOG_WARNING, FNAME, "memory allocation failed "
+		    "for authentication parameters");
+		free(newserver);
+		return (-1);
+	}
+	ev->authparam = authparam;
+
+	/* copy options */
+	dhcp6_init_options(&newserver->optinfo);
+	if (dhcp6_copy_options(&newserver->optinfo, optinfo)) {
+		dprintf(LOG_ERR, FNAME, "failed to copy options");
+		if (newserver->authparam != NULL)
+			free(newserver->authparam);
+		free(newserver);
+		return (-1);
+	}
+	if (optinfo->pref != DH6OPT_PREF_UNDEF)
+		newserver->pref = optinfo->pref;
+	newserver->active = 1;
+	for (sp = &ev->servers; *sp; sp = &(*sp)->next) {
+		if ((*sp)->pref != DH6OPT_PREF_MAX &&
+		    (*sp)->pref < newserver->pref) {
+			break;
+		}
+	}
+	newserver->next = *sp;
+	*sp = newserver;
+
+	if (newserver->pref == DH6OPT_PREF_MAX) {
+		/*
+		 * If the client receives an Advertise message that includes a
+		 * Preference option with a preference value of 255, the client
+		 * immediately begins a client-initiated message exchange.
+		 * [RFC3315 Section 17.1.2]
+		 */
+		ev->current_server = newserver;
+		if (duidcpy(&ev->serverid,
+		    &ev->current_server->optinfo.serverID)) {
+			dprintf(LOG_NOTICE, FNAME, "can't copy server ID");
+			return (-1); /* XXX: better recovery? */
+		}
+		if (construct_reqdata(ifp, &ev->current_server->optinfo, ev)) {
+			dprintf(LOG_NOTICE, FNAME,
+			    "failed to construct request data");
+			return (-1); /* XXX */
+		}
+
+		ev->timeouts = 0;
+		ev->state = DHCP6S_REQUEST;
+
+		free(ev->authparam);
+		ev->authparam = newserver->authparam;
+		newserver->authparam = NULL;
+
+		client6_send(ev);
+
+		dhcp6_set_timeoparam(ev);
+		dhcp6_reset_timer(ev);
+	} else if (ev->servers->next == NULL) {
+		struct timeval *rest, elapsed, tv_rt, tv_irt, timo;
+
+		/*
+		 * If this is the first advertise, adjust the timer so that
+		 * the client can collect other servers until IRT elapses.
+		 * XXX: we did not want to do such "low level" timer
+		 *      calculation here.
+		 */
+		rest = dhcp6_timer_rest(ev->timer);
+		tv_rt.tv_sec = (ev->retrans * 1000) / 1000000;
+		tv_rt.tv_usec = (ev->retrans * 1000) % 1000000;
+		tv_irt.tv_sec = (ev->init_retrans * 1000) / 1000000;
+		tv_irt.tv_usec = (ev->init_retrans * 1000) % 1000000;
+		timeval_sub(&tv_rt, rest, &elapsed);
+		if (TIMEVAL_LEQ(elapsed, tv_irt))
+			timeval_sub(&tv_irt, &elapsed, &timo);
+		else
+			timo.tv_sec = timo.tv_usec = 0;
+
+		dprintf(LOG_DEBUG, FNAME, "reset timer for %s to %d.%06d",
+		    ifp->ifname, (int)timo.tv_sec, (int)timo.tv_usec);
+
+		dhcp6_set_timer(&timo, ev->timer);
+	}
+
+	return (0);
+}
+
+static struct dhcp6_serverinfo *
+find_server(ev, duid)
+	struct dhcp6_event *ev;
+	struct duid *duid;
+{
+	struct dhcp6_serverinfo *s;
+
+	for (s = ev->servers; s; s = s->next) {
+		if (duidcmp(&s->optinfo.serverID, duid) == 0)
+			return (s);
+	}
+
+	return (NULL);
+}
+
+static int
+client6_recvreply(ifp, dh6, len, optinfo)
+	struct dhcp6_if *ifp;
+	struct dhcp6 *dh6;
+	ssize_t len;
+	struct dhcp6_optinfo *optinfo;
+{
+	struct dhcp6_listval *lv;
+	struct dhcp6_event *ev;
+	int state;
+
+	/* find the corresponding event based on the received xid */
+	ev = find_event_withid(ifp, ntohl(dh6->dh6_xid) & DH6_XIDMASK);
+	if (ev == NULL) {
+		dprintf(LOG_INFO, FNAME, "XID mismatch");
+		return (-1);
+	}
+
+	state = ev->state;
+	if (state != DHCP6S_INFOREQ &&
+	    state != DHCP6S_REQUEST &&
+	    state != DHCP6S_RENEW &&
+	    state != DHCP6S_REBIND &&
+	    state != DHCP6S_RELEASE &&
+	    (state != DHCP6S_SOLICIT ||
+	     !(ifp->send_flags & DHCIFF_RAPID_COMMIT))) {
+		dprintf(LOG_INFO, FNAME, "unexpected reply");
+		return (-1);
+	}
+
+	/* A Reply message must contain a Server ID option */
+	if (optinfo->serverID.duid_len == 0) {
+		dprintf(LOG_INFO, FNAME, "no server ID option");
+		return (-1);
+	}
+
+	/*
+	 * DUID in the Client ID option (which must be contained for our
+	 * client implementation) must match ours.
+	 */
+	if (optinfo->clientID.duid_len == 0) {
+		dprintf(LOG_INFO, FNAME, "no client ID option");
+		return (-1);
+	}
+	if (duidcmp(&optinfo->clientID, &client_duid)) {
+		dprintf(LOG_INFO, FNAME, "client DUID mismatch");
+		return (-1);
+	}
+
+	/* validate authentication */
+	if (process_auth(ev->authparam, dh6, len, optinfo)) {
+		dprintf(LOG_INFO, FNAME, "failed to process authentication");
+		return (-1);
+	}
+
+	/*
+	 * If the client included a Rapid Commit option in the Solicit message,
+	 * the client discards any Reply messages it receives that do not
+	 * include a Rapid Commit option.
+	 * (should we keep the server otherwise?)
+	 * [RFC3315 Section 17.1.4]
+	 */
+	if (state == DHCP6S_SOLICIT &&
+	    (ifp->send_flags & DHCIFF_RAPID_COMMIT) &&
+	    !optinfo->rapidcommit) {
+		dprintf(LOG_INFO, FNAME, "no rapid commit");
+		return (-1);
+	}
+
+	/*
+	 * The client MAY choose to report any status code or message from the
+	 * status code option in the Reply message.
+	 * [RFC3315 Section 18.1.8]
+	 */
+	for (lv = TAILQ_FIRST(&optinfo->stcode_list); lv;
+	     lv = TAILQ_NEXT(lv, link)) {
+		dprintf(LOG_INFO, FNAME, "status code: %s",
+		    dhcp6_stcodestr(lv->val_num16));
+	}
+
+	if (!TAILQ_EMPTY(&optinfo->dns_list)) {
+		struct dhcp6_listval *d;
+		int i = 0;
+
+		for (d = TAILQ_FIRST(&optinfo->dns_list); d;
+		     d = TAILQ_NEXT(d, link), i++) {
+			info_printf("nameserver[%d] %s",
+			    i, in6addr2str(&d->val_addr6, 0));
+		}
+	}
+
+	if (!TAILQ_EMPTY(&optinfo->dnsname_list)) {
+		struct dhcp6_listval *d;
+		int i = 0;
+
+		for (d = TAILQ_FIRST(&optinfo->dnsname_list); d;
+		     d = TAILQ_NEXT(d, link), i++) {
+			info_printf("Domain search list[%d] %s",
+			    i, d->val_vbuf.dv_buf);
+		}
+	}
+
+	if (!TAILQ_EMPTY(&optinfo->ntp_list)) {
+		struct dhcp6_listval *d;
+		int i = 0;
+
+		for (d = TAILQ_FIRST(&optinfo->ntp_list); d;
+		     d = TAILQ_NEXT(d, link), i++) {
+			info_printf("NTP server[%d] %s",
+			    i, in6addr2str(&d->val_addr6, 0));
+		}
+	}
+
+	if (!TAILQ_EMPTY(&optinfo->sip_list)) {
+		struct dhcp6_listval *d;
+		int i = 0;
+
+		for (d = TAILQ_FIRST(&optinfo->sip_list); d;
+		     d = TAILQ_NEXT(d, link), i++) {
+			info_printf("SIP server address[%d] %s",
+			    i, in6addr2str(&d->val_addr6, 0));
+		}
+	}
+
+	if (!TAILQ_EMPTY(&optinfo->sipname_list)) {
+		struct dhcp6_listval *d;
+		int i = 0;
+
+		for (d = TAILQ_FIRST(&optinfo->sipname_list); d;
+		     d = TAILQ_NEXT(d, link), i++) {
+			info_printf("SIP domain name[%d] %s",
+			    i, d->val_vbuf.dv_buf);
+		}
+	}
+
+	/*
+	 * Call the configuration script, if specified, to handle various
+	 * configuration parameters.
+	 */
+	if (ifp->scriptpath != NULL && strlen(ifp->scriptpath) != 0) {
+		dprintf(LOG_DEBUG, FNAME, "executes %s", ifp->scriptpath);
+		client6_script(ifp->scriptpath, state, optinfo);
+	}
+
+	/*
+	 * Set refresh timer for configuration information specified in
+	 * information-request.  If the timer value is specified by the server
+	 * in an information refresh time option, use it; use the protocol
+	 * default otherwise.
+	 */
+	if (state == DHCP6S_INFOREQ) {
+		int64_t refreshtime = DHCP6_IRT_DEFAULT;
+
+		if (optinfo->refreshtime != DH6OPT_REFRESHTIME_UNDEF)
+			refreshtime = optinfo->refreshtime;
+
+		ifp->timer = dhcp6_add_timer(client6_expire_refreshtime, ifp);
+		if (ifp->timer == NULL) {
+			dprintf(LOG_WARNING, FNAME,
+			    "failed to add timer for refresh time");
+		} else {
+			struct timeval tv;
+
+			tv.tv_sec = (long)refreshtime;
+			tv.tv_usec = 0;
+
+			if (tv.tv_sec < 0) {
+				/*
+				 * XXX: tv_sec can overflow for an
+				 * unsigned 32bit value.
+				 */
+				dprintf(LOG_WARNING, FNAME,
+				    "refresh time is too large: %lu",
+				    (u_int32_t)refreshtime);
+				tv.tv_sec = 0x7fffffff;	/* XXX */
+			}
+
+			dhcp6_set_timer(&tv, ifp->timer);
+		}
+	} else if (optinfo->refreshtime != DH6OPT_REFRESHTIME_UNDEF) {
+		/*
+		 * draft-ietf-dhc-lifetime-02 clarifies that refresh time
+		 * is only used for information-request and reply exchanges.
+		 */
+		dprintf(LOG_INFO, FNAME,
+		    "unexpected information refresh time option (ignored)");
+	}
+
+	/* update stateful configuration information */
+	if (state != DHCP6S_RELEASE) {
+		update_ia(IATYPE_PD, &optinfo->iapd_list, ifp,
+		    &optinfo->serverID, ev->authparam);
+		update_ia(IATYPE_NA, &optinfo->iana_list, ifp,
+		    &optinfo->serverID, ev->authparam);
+	}
+
+	dhcp6_remove_event(ev);
+
+	if (state == DHCP6S_RELEASE) {
+		/*
+		 * When the client receives a valid Reply message in response
+		 * to a Release message, the client considers the Release event
+		 * completed, regardless of the Status Code option(s) returned
+		 * by the server.
+		 * [RFC3315 Section 18.1.8]
+		 */
+		check_exit();
+	}
+
+	dprintf(LOG_DEBUG, FNAME, "got an expected reply, sleeping.");
+
+	if (infreq_mode) {
+		exit_ok = 1;
+		free_resources(NULL);
+		unlink(pid_file);
+		check_exit();
+	}
+	return (0);
+}
+
+static struct dhcp6_event *
+find_event_withid(ifp, xid)
+	struct dhcp6_if *ifp;
+	u_int32_t xid;
+{
+	struct dhcp6_event *ev;
+
+	for (ev = TAILQ_FIRST(&ifp->event_list); ev;
+	     ev = TAILQ_NEXT(ev, link)) {
+		if (ev->xid == xid)
+			return (ev);
+	}
+
+	return (NULL);
+}
+
+static int
+process_auth(authparam, dh6, len, optinfo)
+	struct authparam *authparam;
+	struct dhcp6 *dh6;
+	ssize_t len;
+	struct dhcp6_optinfo *optinfo;
+{
+	struct keyinfo *key = NULL;
+	int authenticated = 0;
+
+	switch (optinfo->authproto) {
+	case DHCP6_AUTHPROTO_UNDEF:
+		/* server did not provide authentication option */
+		break;
+	case DHCP6_AUTHPROTO_DELAYED:
+		if ((optinfo->authflags & DHCP6OPT_AUTHFLAG_NOINFO)) {
+			dprintf(LOG_INFO, FNAME, "server did not include "
+			    "authentication information");
+			break;
+		}
+
+		if (optinfo->authalgorithm != DHCP6_AUTHALG_HMACMD5) {
+			dprintf(LOG_INFO, FNAME, "unknown authentication "
+			    "algorithm (%d)", optinfo->authalgorithm);
+			break;
+		}
+
+		if (optinfo->authrdm != DHCP6_AUTHRDM_MONOCOUNTER) {
+			dprintf(LOG_INFO, FNAME,"unknown RDM (%d)",
+			    optinfo->authrdm);
+			break;
+		}
+
+		/*
+		 * Replay protection.  If we do not know the previous RD value,
+		 * we accept the message anyway (XXX).
+		 */
+		if ((authparam->flags & AUTHPARAM_FLAGS_NOPREVRD)) {
+			dprintf(LOG_WARNING, FNAME, "previous RD value is "
+			    "unknown (accept it)");
+		} else {
+			if (dhcp6_auth_replaycheck(optinfo->authrdm,
+			    authparam->prevrd, optinfo->authrd)) {
+				dprintf(LOG_INFO, FNAME,
+				    "possible replay attack detected");
+				break;
+			}
+		}
+
+		/* identify the secret key */
+		if ((key = authparam->key) != NULL) {
+			/*
+			 * If we already know a key, its identification should
+			 * match that contained in the received option.
+			 * (from Section 21.4.5.1 of RFC3315)
+			 */
+			if (optinfo->delayedauth_keyid != key->keyid ||
+			    optinfo->delayedauth_realmlen != key->realmlen ||
+			    memcmp(optinfo->delayedauth_realmval, key->realm,
+			    key->realmlen) != 0) {
+				dprintf(LOG_INFO, FNAME,
+				    "authentication key mismatch");
+				break;
+			}
+		} else {
+			key = find_key(optinfo->delayedauth_realmval,
+			    optinfo->delayedauth_realmlen,
+			    optinfo->delayedauth_keyid);
+			if (key == NULL) {
+				dprintf(LOG_INFO, FNAME, "failed to find key "
+				    "provided by the server (ID: %x)",
+				    optinfo->delayedauth_keyid);
+				break;
+			} else {
+				dprintf(LOG_DEBUG, FNAME, "found key for "
+				    "authentication: %s", key->name);
+			}
+			authparam->key = key;
+		}
+
+		/* check for the key lifetime */
+		if (dhcp6_validate_key(key)) {
+			dprintf(LOG_INFO, FNAME, "key %s has expired",
+			    key->name);
+			break;
+		}
+
+		/* validate MAC */
+		if (dhcp6_verify_mac((char *)dh6, len, optinfo->authproto,
+		    optinfo->authalgorithm,
+		    optinfo->delayedauth_offset + sizeof(*dh6), key) == 0) {
+			dprintf(LOG_DEBUG, FNAME, "message authentication "
+			    "validated");
+			authenticated = 1;
+		} else {
+			dprintf(LOG_INFO, FNAME, "invalid message "
+			    "authentication");
+		}
+
+		break;
+	default:
+		dprintf(LOG_INFO, FNAME, "server sent unsupported "
+		    "authentication protocol (%d)", optinfo->authproto);
+		break;
+	}
+
+	if (authenticated == 0) {
+		if (authparam->authproto != DHCP6_AUTHPROTO_UNDEF) {
+			dprintf(LOG_INFO, FNAME, "message not authenticated "
+			    "while authentication required");
+
+			/*
+			 * Right now, we simply discard unauthenticated
+			 * messages.
+			 */
+			return (-1);
+		}
+	} else {
+		/* if authenticated, update the "previous" RD value */
+		authparam->prevrd = optinfo->authrd;
+		authparam->flags &= ~AUTHPARAM_FLAGS_NOPREVRD;
+	}
+
+	return (0);
+}
+
+static int
+set_auth(ev, optinfo)
+	struct dhcp6_event *ev;
+	struct dhcp6_optinfo *optinfo;
+{
+	struct authparam *authparam = ev->authparam;
+
+	if (authparam == NULL)
+		return (0);
+
+	optinfo->authproto = authparam->authproto;
+	optinfo->authalgorithm = authparam->authalgorithm;
+	optinfo->authrdm = authparam->authrdm;
+
+	switch (authparam->authproto) {
+	case DHCP6_AUTHPROTO_UNDEF: /* we simply do not need authentication */
+		return (0);
+	case DHCP6_AUTHPROTO_DELAYED:
+		if (ev->state == DHCP6S_INFOREQ) {
+			/*
+			 * In the current implementation, delayed
+			 * authentication for Information-request and Reply
+			 * exchanges doesn't work.  Specification is also
+			 * unclear on this usage.
+			 */
+			dprintf(LOG_WARNING, FNAME, "delayed authentication "
+			    "cannot be used for Information-request yet");
+			return (-1);
+		}
+
+		if (ev->state == DHCP6S_SOLICIT) {
+			optinfo->authflags |= DHCP6OPT_AUTHFLAG_NOINFO;
+			return (0); /* no auth information is needed */
+		}
+
+		if (authparam->key == NULL) {
+			dprintf(LOG_INFO, FNAME,
+			    "no authentication key for %s",
+			    dhcp6_event_statestr(ev));
+			return (-1);
+		}
+
+		if (dhcp6_validate_key(authparam->key)) {
+			dprintf(LOG_INFO, FNAME, "key %s is invalid",
+			    authparam->key->name);
+			return (-1);
+		}
+
+		if (get_rdvalue(optinfo->authrdm, &optinfo->authrd,
+		    sizeof(optinfo->authrd))) {
+			dprintf(LOG_ERR, FNAME, "failed to get a replay "
+			    "detection value");
+			return (-1);
+		}
+
+		optinfo->delayedauth_keyid = authparam->key->keyid;
+		optinfo->delayedauth_realmlen = authparam->key->realmlen;
+		optinfo->delayedauth_realmval =
+		    malloc(optinfo->delayedauth_realmlen);
+		if (optinfo->delayedauth_realmval == NULL) {
+			dprintf(LOG_ERR, FNAME, "failed to allocate memory "
+			    "for authentication realm");
+			return (-1);
+		}
+		memcpy(optinfo->delayedauth_realmval, authparam->key->realm,
+		    optinfo->delayedauth_realmlen);
+
+		break;
+	default:
+		dprintf(LOG_ERR, FNAME, "unsupported authentication protocol "
+		    "%d", authparam->authproto);
+		return (-1);
+	}
+
+	return (0);
+}
+
+static void
+info_printf(const char *fmt, ...)
+{
+	va_list ap;
+	char logbuf[LINE_MAX];
+
+	va_start(ap, fmt);
+	vsnprintf(logbuf, sizeof(logbuf), fmt, ap);
+
+	dprintf(LOG_DEBUG, FNAME, "%s", logbuf);
+	if (infreq_mode)
+		printf("%s\n", logbuf);
+
+	return;
+}
diff --git a/dhcp6c.conf.5 b/dhcp6c.conf.5
new file mode 100644
index 0000000..611ab4f
--- /dev/null
+++ b/dhcp6c.conf.5
@@ -0,0 +1,670 @@
+.\"	$KAME: dhcp6c.conf.5,v 1.30 2005/05/03 06:54:26 jinmei Exp $
+.\"
+.\" Copyright (C) 2002 WIDE Project.
+.\" All rights reserved.
+.\" 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the project nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd July 29, 2004
+.Dt DHCP6C.CONF 5
+.Os KAME
+.\"
+.Sh NAME
+.Nm dhcp6c.conf
+.Nd DHCPv6 client configuration file
+.\"
+.Sh SYNOPSIS
+.Pa /usr/local/etc/dhcp6c.conf
+.\"
+.Sh DESCRIPTION
+The
+.Nm
+file contains configuration information for KAME's DHCPv6 client,
+.Nm dhcp6c .
+The configuration file consists of a sequence of statements terminated
+by a semi-colon (`;').
+Statements are composed of tokens separated by white space,
+which can be any combination of blanks,
+tabs and newlines.
+In some cases a set of statements is combined with a pair of brackets,
+which is regarded as a single token.
+Lines beginning with
+.Ql #
+are comments.
+.Sh Interface specification
+There are some statements that may or have to specify interface.
+Interfaces are specified in the form of "name unit", such as
+.Ar fxp0
+and
+.Ar gif1.
+.\"
+.Sh DHCPv6 options
+Some configuration statements take the description of a DHCPv6 option
+as an argument.
+The followings are the format and description of available DHCPv6
+options.
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic domain-name-servers
+.Xc
+means a Domain Name Server option.
+.It Xo
+.Ic domain-name
+.Xc
+means a domain name option.
+.It Xo
+.Ic ntp-servers
+.Xc
+means an NTP server option.
+As of this writing, the option type for this option is not officially
+assigned.
+.Nm dhcp6c
+will reject this option unless it is explicitly built to accept the option.
+.It Xo
+.Ic sip-server-address
+.Xc
+means a SIP Server address option.
+.It Xo
+.Ic sip-server-domain-name
+.Xc
+means a SIP server domain name option.
+.It Xo
+.Ic nis-server-address
+.Xc
+means a NIS Server address option.
+.It Xo
+.Ic nis-domain-name
+.Xc
+means a NIS domain name option.
+.It Xo
+.Ic nisp-server-address
+.Xc
+means a NIS+ Server address option.
+.It Xo
+.Ic nisp-domain-name
+.Xc
+means a NIS+ domain name option.
+.It Xo
+.Ic bcmcs-server-address
+.Xc
+means a BCMCS Server address option.
+.It Xo
+.Ic bcmcs-server-domain-name
+.Xc
+means a BCMCS server domain name option.
+.It Ic ia-pd Ar ID
+means an IA_PD
+.Pq Identity Association for Prefix Delegation
+option.
+.Ar ID
+is a decimal number of the IAID
+.Pq see below about identity associations .
+.It Ic ia-na Ar ID
+means an IA_PD
+.Pq Identity Association for Non-temporary Addresses
+option.
+.Ar ID
+is a decimal number of the IAID
+.Pq see below about identity associations .
+.It Ic rapid-commit
+means a rapid-commit option.
+.It Ic authentication Ar authname
+means an authentication option.
+.Ar authname
+is a string specifying parameters of the authentication protocol.
+An
+.Ic authentication
+statement for
+.Ar authname
+must be provided.
+.El
+.\"
+.Sh Interface statement
+An interface statement specifies configuration parameters on the
+interface.
+The generic format of an interface statement is as follows:
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic interface Ar interface
+{
+.Ar substatements
+};
+.Xc
+The followings are possible
+.Ar substatements
+in an interface statement.
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic send Ar send-options
+;
+.Xc
+This statement specifies DHCPv6 options to be sent to the server(s).
+Some options can only appear in particular messages according to the
+specification,
+in which case the appearance of the options is limited to be compliant
+with the specification.
+.Pp
+.Ar send-options
+is a comma-separated list of options,
+each of which should be specified as described above.
+Multiple
+.Ic send
+statements can also be specified,
+in which case all the specified options will be sent.
+.Pp
+When
+.Ic rapid-commit
+is specified,
+.Nm dhcp6c
+will include a rapid-commit option in solicit messages and wait for
+an immediate reply instead of advertisements.
+.Pp
+When
+.Ic ia-pd
+is specified,
+.Nm dhcp6c
+will initiate prefix delegation as a requesting router by 
+including an IA_PD option with the specified
+.Ar ID
+in solicit messages.
+.Pp
+When
+.Ic ia-na
+is specified,
+.Nm dhcp6c
+will initiate stateful address assignment by 
+including an IA_NA option with the specified
+.Ar ID
+in solicit messages.
+.Pp
+In either case, a corresponding identity association statement
+must exist with the same
+.Ar ID .
+.It Ic request Ar request-options ;
+This statement specifies DHCPv6 options to be included in an
+option-request option.
+.Ar request-options
+is a comma-separated list of options,
+which can consist of the following options.
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic domain-name-servers
+.Xc
+requests a list of Domain Name Server addresses.
+.It Xo
+.Ic domain-name
+.Xc
+requests a DNS search path.
+.It Xo
+.Ic ntp-servers
+.Xc
+requests a list of NTP server addresses.
+As of this writing, the option type for this option is not officially
+assigned.
+.Nm dhcp6c
+will reject this option unless it is explicitly built to accept the option.
+.It Xo
+.Ic sip-server-address
+.Xc
+requests a list of SIP server addresses.
+.It Xo
+.Ic sip-domain-name
+.Xc
+requests a SIP server domain name.
+.It Xo
+.Ic nis-server-address
+.Xc
+requests a list of NIS server addresses.
+.It Xo
+.Ic nis-domain-name
+.Xc
+requests a NIS domain name.
+.It Xo
+.Ic nisp-server-address
+.Xc
+requests a list of NIS+ server addresses.
+.It Xo
+.Ic nisp-domain-name
+.Xc
+requests a NIS+ domain name.
+.It Xo
+.Ic bcmcs-server-address
+.Xc
+requests a list of BCMCS server addresses.
+.It Xo
+.Ic bcmcs-domain-name
+.Xc
+requests a BCMCS domain name.
+.It Xo
+.Ic refreshtime
+.Xc
+means an information refresh time option.
+This can only be specified when sent with information-request
+messages;
+.Nm dhcp6c
+will ignore this option for other messages.
+.El
+Multiple
+.Ic request
+statements can also be specified,
+in which case all the specified options will be requested.
+.It Ic information-only ;
+This statement specifies
+.Nm dhcp6c
+to only exchange informational configuration parameters with servers.
+A list of DNS server addresses is an example of such parameters.
+This statement is useful when the client does not need stateful
+configuration parameters such as IPv6 addresses or prefixes.
+.It Ic script Ar \(dqscript-name\(dq ;
+This statement specifies a path to script invoked by
+.Nm dhcp6c
+on a certain condition including when the daemon receives a reply
+message.
+.Ar script-name
+must be the absolute path from root to the script file, be a regular
+file, and be created by the same owner who runs the daemon.
+.El
+.El
+.\"
+.Sh Identity association statement
+Identity association
+.Pq IA
+is a key notion of DHCPv6.
+An IA is uniquely identified in a client by a pair of IA type and
+IA identifier
+.Pq IAID .
+An IA is associated with configuration information dependent on the IA type.
+.Pp
+An identity association statement defines a single IA with some
+client-side configuration parameters.
+Its format is as follows:
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic id-assoc Ar type Op Ar ID
+{
+.Ar substatements
+};
+.Xc
+.Ar type
+is a string for the type of this IA.
+The current implementation supports
+.Ql Ic na
+(non-temporary address allocation)
+.Ql Ic pd 
+(prefix delegation) for the IA type.
+.Ar ID
+is a decimal number of IAID.
+If omitted, the value 0 will be used by default.
+.Ar substatements
+is a sequence of statements that specifies configuration parameters
+for this IA.
+Each statement may or may not be specific to the type of IA.
+.Pp
+The followings are possible
+.Ar substatements
+for an IA of type
+.Ic na .
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic address Ar ipv6-address pltime Op Ar vltime ;
+.Xc
+specifies an address and related parameters that the client wants to be
+allocated.
+Multiple addresses can be specified, each of which is described as a
+separate
+.Ic address
+substatement.
+.Nm dhcp6c
+will include all the addresses
+.Pq and related parameters
+in Solicit messages,
+as an IA_NA prefix option encapsulated in the corresponding IA_NA
+option.
+Note, however, that the server may or may not respect the specified
+prefix parameters.
+For parameters of the
+.Ic address
+substatement,
+see
+.Xr dhcp6s.conf 5 .
+.El
+.Pp
+The followings are possible
+.Ar substatements
+for an IA of type
+.Ic pd .
+.Bl -tag -width Ds -compact
+.It Xo
+.Ar prefix_interface_statement
+.Xc
+specifies the client's local configuration of how delegated prefixes
+should be used
+.Pq see below .
+.It Ic prefix Ar ipv6-prefix pltime Op Ar vltime ;
+specifies a prefix and related parameters that the client wants to be
+delegated.
+Multiple prefixes can be specified, each of which is described as a
+separate
+.Ic prefix
+substatement.
+.Nm dhcp6c
+will include all the prefixes
+.Pq and related parameters
+in Solicit messages,
+as an IA_PD prefix option encapsulated in the corresponding IA_PD
+option.
+Note, however, that the server may or may not respect the specified
+prefix parameters.
+For parameters of the
+.Ic prefix
+substatement,
+see
+.Xr dhcp6s.conf 5 .
+.El
+.El
+.\"
+.Sh Prefix interface statement
+A prefix interface statement specifies configuration parameters of
+prefixes on local interfaces that are derived from delegated prefixes.
+A prefix interface statement can only appear as a substatement of
+an identity association statement with the type
+.Ic pd .
+The generic format of an interface statement is as follows:
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic prefix-interface Ar interface
+{
+.Ar substatements
+};
+.Xc
+When an IPv6 prefix is delegated from a DHCPv6 server,
+.Nm dhcp6c
+will assign a prefix on the
+.Ar interface
+unless the interface receives the DHCPv6 message that contains the prefix
+with the delegated prefix and the parameters provided in
+.Ar substatements .
+Possible substatements are as follows:
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic sla-id Ar ID
+;
+.Xc
+This statement specifies the identifier value of the site-level aggregator
+.Pq SLA
+on the interface.
+.Ar ID
+must be a decimal integer which fits in the length of SLA IDs
+.Pq see below .
+For example,
+if
+.Ar ID
+is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48,
+.Nm dhcp6c
+will combine the two values into a single IPv6 prefix,
+2001:db8:ffff:1::/64,
+and will configure the prefix on the specified
+.Ar interface .
+.It Xo
+.Ic sla-len Ar length
+;
+.Xc
+This statement specifies the length of the SLA ID in bits.
+.Ar length
+must be a decimal number between 0 and 128.
+If the length is not specified by this statement,
+the default value 16 will be used.
+.El
+.El
+.\"
+.Sh Authentication statement
+An authentication statement defines a set of authentication parameters
+used in DHCPv6 exchanges with the server(s).
+The format of an authentication statement is as follows:
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic authentication Ar authname
+{
+.Ar substatements
+};
+.Xc
+.Ar authname
+is a string which is unique among all authentication statements in the
+configuration file.
+It will specify a particular set of authentication parameters when
+.Ic authentication
+option is specified in the
+.Ic interface
+statement.
+Possible substatements of the
+.Ic authentication
+statement are as follows:
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic protocol Ar authprotocol
+;
+.Xc
+specifies the authentication protocol.
+Currently, the only available protocol as
+.Ar authprotocol
+is
+.Ic delayed ,
+which means the DHCPv6 delayed authentication protocol.
+.It Xo
+.Ic algorithm Ar authalgorithm
+;
+.Xc
+specifies the algorithm for this authentication.
+Currently, the only available algorithm is HMAC-MD5,
+which can be specified as one of the followings:
+.Ic hmac-md5 ,
+.Ic HMAC-MD5 ,
+.Ic hmacmd5 ,
+or
+.Ic HMACMD5 .
+This substatement can be omitted.
+In this case,
+HMAC-MD5 will be used as the algorithm.
+.It Xo
+.Ic rdm Ar replay-detection-method
+;
+.Xc
+specifies the replay protection method for this authentication.
+Currently, the only available method is
+.Ic monocounter ,
+which means the use of a monotonically increasing counter.
+If this method is specified,
+.Ic dhcp6c
+will use an NTP-format timestamp when it authenticates the message.
+This substatement can be omitted,
+in which case
+.Ic monocounter
+will be used as the method.
+.El
+.El
+.\"
+.Sh Keyinfo statement
+A keyinfo statement defines a secret key shared with the server(s)
+to authenticate DHCPv6 messages.
+The format of a keyinfo statement is as follows:
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic keyinfo Ar keyname
+{
+.Ar substatements
+};
+.Xc
+.Ar keyname
+is an arbitrary string.
+It does not affect client's behavior but is provided for readability
+of log messages.
+Possible substatements of the
+.Ic keyinfo
+statement are as follows:
+.Bl -tag -width Ds -compact
+.It Xo
+.Ic realm Ar \(dqrealmname\(dq
+;
+.Xc
+specifies the DHCP realm.
+.Ar realmname
+is an arbitrary string,
+but is typically expected to be a domain name like \(dqkame.net\(dq .
+.It Xo
+.Ic keyid Ar ID
+;
+.Xc
+specifies the key identifier,
+.Ar ID ,
+as a decimal number.
+A secret key is uniquely identified within the client by the DHCP
+realm and the key identifier.
+.It Xo
+.Ic secret Ar \(dqsecret-value\(dq
+;
+.Xc
+specifies the shared secret of this key.
+.Ar \(dqsecret-value\(dq
+is a base-64 encoded string of the secret.
+.It Xo
+.Ic expire Ar \(dqexpiration-time\(dq
+;
+.Xc
+specifies the expiration time of this key.
+.Ar \(dqexpiration-time\(dq
+should be formatted in one of the followings:
+.Ar yyyy-mm-dd HH:MM ,
+.Ar mm-dd HH:MM ,
+or
+.Ar HH:MM ,
+where
+.Ar yyyy
+is the year with century (e.g., 2004),
+.Ar mm
+is the month,
+.Ar dd
+is the day of the month,
+.Ar HH
+is the hour of 24-hour clock,
+and
+.Ar MM
+is the minute,
+each of which is given as a decimal number.
+Additionally,
+a special keyword
+.Ic forever
+can be specified as
+.Ar expiration-time ,
+which means the key has an infinite lifetime and never expires.
+This substatement can be omitted,
+in which case
+.Ic forever
+will be used by default.
+.El
+.El
+.\"
+.Sh Examples
+The followings are a sample configuration to be delegated an IPv6
+prefix from an upstream service provider.
+With this configuration
+.Nm dhcp6c
+will send solicit messages containing an IA_PD option,
+with an IAID 0,
+on to an upstream PPP link,
+.Ar ppp0 .
+After receiving some prefixes from a server,
+.Nm dhcp6c
+will then configure derived IPv6 prefixes with the SLA ID 1 on a
+local ethernet interface,
+.Ar ne0 .
+Note that the IAID for the
+.Ic id-assoc
+statement is 0 according to the default.
+.Bd -literal -offset
+interface ppp0 {
+        send ia-pd 0;
+};
+
+id-assoc pd {
+	prefix-interface ne0 {
+		sla-id 1;
+	};
+};
+.Ed
+.Pp
+If a shared secret should be configured in both the client and the
+server for DHCPv6 authentication,
+it would be specified in the configuration file as follows:
+.Bd -literal -offset
+keyinfo kame-key {
+        realm "kame.net";
+        keyid 1;
+        secret "5pvW2g48OHPvkYMJSw0vZA==";
+};
+.Ed
+.Pp
+One easy way of generating a new secret in the base64 format is to
+execute the
+.Xr openssl 1
+command (when available) as follows,
+.Bd -literal -offset
+% openssl rand -base64 16
+.Ed
+.Pp
+and copy the output to the
+.Nm dhcp6c.conf
+file.
+.Pp
+To include an authentication option for DHCPv6 authentication,
+the
+.Ic interface
+statement should be modified and an
+.Ic authentication
+statement should be added as follows:
+.Bd -literal -offset
+interface ppp0 {
+        send ia-pd 0;
+        send authentication kame;
+};
+
+authentication kame {
+	protocol delayed;
+};
+.Ed
+.Pp
+.Bd -literal -offset
+interface fxp0 {
+        send ia-na 0;
+};
+.Ed
+.Sh SEE ALSO
+.Xr dhcp6s.conf 5
+.Xr dhcp6c 8
+.\"
+.Sh HISTORY
+The
+.Nm
+configuration file first appeared in the WIDE/KAME IPv6 protocol
+stack kit.
diff --git a/dhcp6c.conf.sample b/dhcp6c.conf.sample
new file mode 100644
index 0000000..3aeede1
--- /dev/null
+++ b/dhcp6c.conf.sample
@@ -0,0 +1,24 @@
+# The followings are a sample configuration for requiring the "stateless"
+# DHCPv6 service.
+interface ne0 {
+	information-only;
+};
+
+
+# The followings are a sample configuration to be delegated an IPv6 prefix
+# from an upstream service provider.  With this configuration dhcp6c will
+# send solicit messages containing an IA_PD option, with an IAID 0, on to
+# an upstream PPP link, ppp0.  After receiving some prefixes from a server,
+# dhcp6c will then configure derived IPv6 prefixes with the SLA ID 1 on a
+# local ethernet interface, ne0.  Note that the IAID for the id-assoc
+# statement is 0 according to the default.
+
+interface ppp0 {
+        send ia-pd 0;
+};
+
+id-assoc pd {
+        prefix-interface ne0 {
+                sla-id 1;
+        };
+};
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 18:43:02 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 18:43:02 +0000
commit	f2c49875c1ce6e1d3c51968f7b058b1b0c55428c (patch)
tree	233b80410596436a63c870ab8e22e4e828867515 /dhcp6c.c
parent	Initial commit. (diff)
download	wide-dhcpv6-f2c49875c1ce6e1d3c51968f7b058b1b0c55428c.tar.xz wide-dhcpv6-f2c49875c1ce6e1d3c51968f7b058b1b0c55428c.zip