Fix DHCPv6 options serialization to prevent extra bytes in replies

afritzler · afritzler · commit da08e07a1116 · 2024-12-04T14:46:51.000+01:00
In the `generate_reply_options` function, fixed an issue where DHCPv6 reply packets contained extra unintended bytes at the end. The problem was due to the `options` pointer not being incremented after copying the `opt_rapid` and `boot_file_url` options into the packet buffer.

Changes made:

- After copying `opt_rapid`, the `options` pointer is now incremented by `reply_options.opt_rapid_len`.
- After copying `boot_file_url`, the `options` pointer is now incremented by `reply_options.opt_boot_file_len`.

These changes ensure that all DHCPv6 options are correctly serialized in the packet buffer without overlaps or gaps. By properly advancing the `options` pointer, we prevent unintended data from being included at the end of the packet, eliminating the extra bytes that were being sent.

This fix addresses the issue where clients were receiving malformed DHCPv6 packets due to the extra bytes, which could lead to communication errors or unexpected behavior.
diff --git a/src/nodes/dhcpv6_node.c b/src/nodes/dhcpv6_node.c
@@ -213,54 +213,77 @@ static int generate_reply_options(struct rte_mbuf *m, uint8_t *options, int opti
 	int reply_options_len;
 	struct dhcpv6_opt_server_id_ll opt_sid;
 	struct dhcpv6_opt_dns_servers dns_opt;
-	struct dp_dhcpv6_reply_options reply_options = {0};  // this makes *_len fields 0, needed later
+	struct dp_dhcpv6_reply_options reply_options = {0};  // This initializes *_len fields to 0
 	const struct dp_conf_dhcp_dns *dhcpv6_dns = dp_conf_get_dhcpv6_dns();
 
+	// Parse the options from the incoming packet
 	if (DP_FAILED(parse_options(m, options, options_len, &reply_options))) {
 		DPS_LOG_WARNING("Invalid DHCPv6 options received");
 		return DP_ERROR;
 	}
 
+	// Prepare the DNS server option
 	dns_opt.opt_code = htons(DHCPV6_OPT_DNS);
 	dns_opt.opt_len = htons(dhcpv6_dns->len);
 
+	// Prepare the Server Identifier option
 	opt_sid = opt_sid_template;
 	rte_ether_addr_copy(&rte_pktmbuf_mtod(m, struct rte_ether_hdr *)->dst_addr, &opt_sid.id.mac);
 
-	reply_options_len = (int)sizeof(opt_sid) + reply_options.opt_cid_len + reply_options.opt_iana_len + reply_options.opt_rapid_len;
-	reply_options_len += (int)(sizeof(dns_opt.opt_code) + sizeof(dns_opt.opt_len) + ntohs(dns_opt.opt_len));
+	// Calculate the total length of reply options
+	reply_options_len = (int)sizeof(opt_sid)
+						+ reply_options.opt_cid_len
+						+ reply_options.opt_iana_len
+						+ reply_options.opt_rapid_len
+						+ (int)(sizeof(dns_opt.opt_code) + sizeof(dns_opt.opt_len) + ntohs(dns_opt.opt_len));
 
-	if (reply_options.pxe_mode != DP_PXE_MODE_NONE)
+	if (reply_options.pxe_mode != DP_PXE_MODE_NONE) {
 		reply_options_len += reply_options.opt_boot_file_len;
+	}
 
-	if (DP_FAILED(resize_packet(m, reply_options_len - options_len)))
+	// Resize the packet to accommodate the reply options
+	if (DP_FAILED(resize_packet(m, reply_options_len - options_len))) {
 		return DP_ERROR;
+	}
 
-	// had to use memcpy() here, because GCC's array-bounds check fails for rte_memcpy (using XMM optimization)
+	// Start copying the reply options into the packet buffer
+	// Copy Server Identifier option
 	memcpy(options, &opt_sid, sizeof(opt_sid));
 	options += sizeof(opt_sid);
+
+	// Copy Client Identifier option if present
 	if (reply_options.opt_cid_len) {
 		memcpy(options, (void *)&reply_options.opt_cid, reply_options.opt_cid_len);
 		options += reply_options.opt_cid_len;
 	}
+
+	// Copy IA_NA option if present
 	if (reply_options.opt_iana_len) {
 		memcpy(options, (void *)&reply_options.opt_iana, reply_options.opt_iana_len);
 		options += reply_options.opt_iana_len;
 	}
-	if (reply_options.opt_rapid_len)
+
+	// Copy Rapid Commit option if present
+	if (reply_options.opt_rapid_len) {
 		memcpy(options, &reply_options.opt_rapid, reply_options.opt_rapid_len);
+		options += reply_options.opt_rapid_len;  // Increment options pointer
+	}
 
-	// Add DNS server option
+	// Copy DNS Servers option
 	memcpy(options, &dns_opt.opt_code, sizeof(dns_opt.opt_code));
 	options += sizeof(dns_opt.opt_code);
 	memcpy(options, &dns_opt.opt_len, sizeof(dns_opt.opt_len));
 	options += sizeof(dns_opt.opt_len);
 	memcpy(options, dhcpv6_dns->array, dhcpv6_dns->len);
 	options += dhcpv6_dns->len;
 
-	if (reply_options.pxe_mode != DP_PXE_MODE_NONE)
+	// Copy Boot File URL option if PXE mode is enabled
+	if (reply_options.pxe_mode != DP_PXE_MODE_NONE) {
 		memcpy(options, &reply_options.boot_file_url, reply_options.opt_boot_file_len);
+		options += reply_options.opt_boot_file_len;  // Increment options pointer
+	}
 
+	// Return the total length of the reply options
 	return reply_options_len;
 }
 
