Better fix for interfaces without broadcast address on *BSD.

.gitignore

@@ -0,0 +1,13 @@
+src/*.o
+src/*.mo
+src/dnsmasq.pot
+src/dnsmasq
+src/.configured
+contrib/wrt/dhcp_lease_time
+contrib/wrt/dhcp_release
+debian/base/
+debian/daemon/
+debian/files
+debian/substvars
+debian/utils-substvars
+debian/utils/

CHANGELOG

@@ -1,8 +1,35 @@
+version 2.66
+            Add the ability to act as an authoritative DNS
+            server. Dnsmasq can now answer queries from the wider 'net
+            with local data, as long as the correct NS records are set
+            up. Only local data is provided, to avoid creating an open
+            DNS relay. Zone transfer is supported, to allow secondary
+            servers to be configured.
+
+	    Add "constructed DHCP ranges" for DHCPv6. This is intended
+	    for IPv6 routers which get prefixes dynamically via prefix
+	    delegation. With suitable configuration, stateful DHCPv6
+	    and RA can happen automatically as prefixes are delegated
+	    and then deprecated, without having  to re-write the
+	    dnsmasq configuration file or restart the daemon. Thanks to
+	    Steven Barth for extensive testing and development work on
+	    this idea.
+
+	    Fix crash on startup on Solaris 11. Regression probably
+	    introduced in 2.61.  Thanks to Geoff Johnstone for the patch.
+  
+
 version 2.65
 	    Fix regression which broke forwarding of queries sent via
 	    TCP which are not for A and AAAA and which were directed to
 	    non-default servers. Thanks to Niax for the bug report.
 
+	    Fix failure to build with DHCP support excluded. Thanks to 
+	    Gustavo Zacarias for the patch.
+	    
+	    Fix nasty regression in 2.64 which completely broke cacheing.
+
+
 version 2.64
             Handle DHCP FQDN options with all flag bits zero and
             --dhcp-client-update set. Thanks to Bernd Krumbroeck for

bld/get-version

@@ -17,7 +17,7 @@ elif grep '\$Format:%d\$' $1/VERSION >/dev/null 2>&1; then
 # unsubstituted VERSION, but no git available.
     echo UNKNOWN
 else
-     vers=`cat $1/VERSION | sed 's/[(), ]/,/ g' | tr ',' '\n' | grep $v[0-9]`
+     vers=`cat $1/VERSION | sed 's/[(), ]/,/ g' | tr ',' '\n' | grep ^v[0-9]`
 
      if [ $? -eq 0 ]; then
          echo "${vers}" | sort | head -n 1 | sed 's/^v//'

debian/changelog

@@ -1,8 +1,14 @@
+dnsmasq (2.66-1) unstable; urgency=low
+
+   * New upstream.
+
+ -- Simon Kelley <simon@thekelleys.org.uk>  Fri, 14 Dec 2012 11:58:41 +0000
+
 dnsmasq (2.65-1) unstable; urgency=low
 
    * New upstream.
 
- -- Simon Kelley <simon@thekelleys.org.uk>  Tue, 4 Dec 2012 20:58:12 +0000
+ -- Simon Kelley <simon@thekelleys.org.uk>  Fri, 14 Dec 2012 11:34:12 +0000
 
 dnsmasq (2.64-1) unstable; urgency=low
 

man/dnsmasq.8

@@ -6,24 +6,25 @@ dnsmasq \- A lightweight DHCP and caching DNS server.
 .I [OPTION]...
 .SH "DESCRIPTION"
 .BR dnsmasq
-is a lightweight DNS, TFTP and DHCP server. It is intended to provide 
+is a lightweight DNS, TFTP, PXE, router advertisement and DHCP server. It is intended to provide 
 coupled DNS and DHCP service to a LAN.
 .PP
 Dnsmasq accepts DNS queries and either answers them from a small, local,
 cache or forwards them to a real, recursive, DNS server. It loads the
 contents of /etc/hosts so that local hostnames
 which do not appear in the global DNS can be resolved and also answers
-DNS queries for DHCP configured hosts.
+DNS queries for DHCP configured hosts. It can also act as the authoritative DNS server for one or more domains, allowing local names to appear in the global DNS.
 .PP
 The dnsmasq DHCP server supports static address assignments and multiple
 networks. It automatically
 sends a sensible default set of DHCP options, and can be configured to
 send any desired set of DHCP options, including vendor-encapsulated
 options. It includes a secure, read-only,
-TFTP server to allow net/PXE boot of DHCP hosts and also supports BOOTP.
+TFTP server to allow net/PXE boot of DHCP hosts and also supports BOOTP. The PXE support is full featured, and includes a proxy mode which supplies PXE information to clients whilst DHCP address allocation is done by another server.
 .PP
-Dnsmasq 
-supports IPv6 for all functions and a minimal router-advertisement daemon.
+The dnsmasq DHCPv6 server provides the same set of features as the DHCPv4 server, and in addition, it includes router advertisements and a neat feature which allows nameing for clients which use DHCPv4 and RA only for IPv6 configuration. There is support for doing address allocation (both DHCPv6 and RA) from subnets which are dynamically delegated via DHCPv6 prefix delegation.
+.PP
+Dnsmasq is coded with small embedded systems in mind. It aims for the smallest possible memory footprint compatible with the supported functions,  and allows uneeded functions to be omitted from the compiled binary.  
 .SH OPTIONS
 Note that in general missing parameters are allowed and switch off
 functions, for instance "--pid-file" disables writing a PID file. On
@@ -74,6 +75,9 @@ the upstream DNS servers.
 .B --max-cache-ttl=<time>
 Set a maximum TTL value for entries in the cache.
 .TP
+.B --auth-ttl=<time>
+Set the TTL value returned in answers from the authoritative server.
+.TP
 .B \-k, --keep-in-foreground
 Do not go into the background at startup but otherwise run as
 normal. This is intended for use when dnsmasq is run under daemontools
@@ -178,6 +182,16 @@ and
 options does not matter and that 
 .B --except-interface
 options always override the others.
+.TP
+.B --auth-server=<domain>,<interface>|<ip-address>
+Enable DNS authoritative mode for queries arriving at an interface or address. Note that the the interface or address
+need not be mentioned in 
+.B --interface
+or 
+.B --listen-address
+configuration, indeed
+.B --auth-server
+will overide these and provide a different DNS service on the specified interface. The <domain> is the "glue record". It should resolve in the global DNS to a A and/or AAAA record which points to the address dnsmasq is listening on.
 .TP 
 .B \-2, --no-dhcp-interface=<interface name>
 Do not provide DHCP or TFTP on the specified interface, but do provide DNS service.
@@ -528,6 +542,29 @@ If you use the first DNSSEC mode, validating resolvers in clients,
 this option is not required. Dnsmasq always returns all the data
 needed for a client to do validation itself. 
 .TP
+.B --auth-zone=<domain>[,<subnet>[,<subnet>.....]]
+Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain
+will be served, except that A and AAAA records must be in one of the
+specified subnets, or in a subnet corresponding to a contructed DHCP
+range. The subnet(s) are also used to define in-addr.arpa and
+ipv6.arpa domains which are served for reverse-DNS queries.
+.TP
+.B --auth-soa=<serial>[,<hostmaster>[,<refresh>[,<retry>[,<expiry>]]]]
+Specify fields in the SOA record associated with authoritative
+zones. Note that this is optional, all the values are set to sane defaults.
+.TP
+.B --auth-sec-servers=<domain>[,<domain>[,<domain>...]]
+Specify any secondary servers for a zone for which dnsmasq is
+authoritative. These servers must be configured to get zone data from
+dnsmasq by zone transfer, and answer queries for the same
+authoritative zones and dnsmasq.
+.TP
+.B --auth-peer=<ip-address>[,<ip-address>[,<ip-address>...]]
+Specify the addresses of secondary servers which are allowed to
+initiate zone transfer (AXFR) requests for zones for which dnsmasq is
+authoritative. If this option is not given, then AXFR requests wil be
+accepted from any secondary. 
+.TP 
 .B --conntrack
 Read the Linux connection track mark associated with incoming DNS
 queries and set the same mark value on upstream traffic used to answer
@@ -540,7 +577,7 @@ included and configured. This option cannot be combined with
 .TP
 .B \-F, --dhcp-range=[tag:<tag>[,tag:<tag>],][set:<tag],]<start-addr>[,<end-addr>][,<mode>][,<netmask>[,<broadcast>]][,<lease time>]
 .TP
-.B \-F, --dhcp-range=[tag:<tag>[,tag:<tag>],][set:<tag],]<start-IPv6addr>[,<end-IPv6addr>][,<mode>][,<prefix-len>][,<lease time>]
+.B \-F, --dhcp-range=[tag:<tag>[,tag:<tag>],][set:<tag],]<start-IPv6addr>[,<end-IPv6addr>|constuctor:<interface>][,<mode>][,<prefix-len>][,<lease time>]
 
 Enable the DHCP server. Addresses will be given out from the range
 <start-addr> to <end-addr> and from statically defined addresses given
@@ -572,6 +609,14 @@ given, this defaults to 64. Unlike the IPv4 case, the prefix length is not
 automatically derived from the interface configuration. The mimimum
 size of the prefix length is 64.
 
+IPv6 (only) supports another type of range. In this, the start address and optional end address contain only the network part (ie ::1) and they are followed by
+.B constructor:<interface>.
+This forms a template which describes how to create ranges, based on the addresses assigned to the interface. For instance
+
+.B --dhcp-range=::1,::4,constructor:eth0
+
+will look for addreses of the form <network>::1 on eth0 and then create a range from <network>::1 to <network>::400. If the interface is assigned more than one network, then the corresponding ranges will be automatically created, and then deprecated and finally removed again as the address is deprecated and then deleted. The interface name may have a final "*" wildcard.
+
 The optional 
 .B set:<tag> 
 sets an alphanumeric label which marks this network so that
@@ -1648,6 +1693,153 @@ parameter in a BOOTP request is used as a tag,
 as is the tag "bootp", allowing some control over the options returned to
 different classes of hosts.
 
+.SH AUTHORITATIVE CONFIGURATION
+.PP 
+Configuring dnsmasq to act as an authoritative DNS server is
+complicated by the fact that it involves configuration of external DNS
+servers to provide delegation. We will walk through three scenarios of
+increasing complexity. Prerequisites for all of these scenarios
+are a globally accesible IP address, an A or AAAA record pointing to that address,
+and an external DNS server capable of doing delegation of the zone in
+question. For the first part of this explanation, we will call the A (or AAAA) record
+for the globally accessible address server.example.com, and the zone
+for which dnsmasq is authoritative our.zone.com.
+
+The simplest configuration consists of two lines of dnsmasq configuration; something like
+
+.nf
+.B auth-server=server.example.com,eth0
+.B auth=zone=our.zone.com,1.2.3.0/24
+.fi
+
+and two records in the external DNS
+
+.nf
+server.example.com       A    192.0.43.10
+our.zone.com            NS    server.example.com
+.fi
+
+eth0 is the external network interface on which dnsmasq is listening,
+and has (globally accessible) address 192.0.43.10. 
+
+Note that the external IP address may well be dynamic (ie assigned
+from an ISP by DHCP or PPP) If so, the A record must be linked to this
+dynamic assignment by one of the usual dynamic-DNS systems.
+
+A more complex, but practically useful configuration has the address
+record for the globally accessible IP address residing in the
+authoritative zone which dnsmasq is serving, typically at the root. Now
+we have
+
+.nf
+.B auth-server=our.zone.com,eth0
+.B auth=zone=our.zone.com,1.2.3.0/24
+.fi
+
+.nf
+our.zone.com             A    192.0.43.10
+our.zone.com            NS    our.zone.com
+.fi
+
+The A record for our.zone.com has now become a glue record, it solves
+the chicken-and-egg problem of finding the IP address of the
+nameserver for our.zone.com when the A record is within that
+zone. Note that this is the only role of this record: as dnsmasq is
+now authoritative from our.zone.com it too must provide this
+record. If the external address is static, this can be done with an
+.B /etc/hosts 
+entry or 
+.B --host-record.
+If the external address is dynamic,
+then it must be done using something like
+
+.nf
+.B --interface-name=our.zone.com,eth0
+.fi
+
+Our final configuration builds on that above, but also adds a
+secondary DNS server. This is another DNS server which learns the DNS data
+for the zone by doing zones transfer, and acts as a backup should
+the primary server become inaccessible. The configuration of the
+secondary is beyond the scope of this man-page, but the extra
+configuration of dnsmasq is simple:
+
+.nf
+.B auth-sec-servers=secondary.myisp.com
+.fi
+
+and
+
+.nf
+our.zone.com           NS    secondary.myisp.com
+.fi
+
+Adding auth-sec-servers enables zone transfer in dnsmasq, to allow the
+secondary to collect the DNS data. If you wish to restrict this data
+to particular hosts then
+
+.nf
+.B auth-peer=<IP address of secondary>
+.fi
+
+will do so.
+
+Dnsmasq acts as an authoritative server for  in-addr.arpa and
+ipv6.arpa domains associated with the subnets given in auth-zone
+declarations, so reverse (address to name) lookups can be simply
+configured with a suitable NS record, for instance in this example,
+where we allow 1.2.3.0/24 addresses.
+
+.nf
+ 3.2.1.in-addr.arpa  NS    our.zone.com
+.fi
+
+Note that at present, reverse (in-addr.arpa and ip6.arpa) zones are
+not available in zone transfers, so there is no point arranging
+secondary servers for reverse lookups.
+
+.PP
+When dnsmasq is configured to act as an authoritative server, the
+following data is used to populate the authoritative zone.
+.PP
+.B --mx-host, --srv-host, --dns-rr, --txt-record, --naptr-record
+, as long as the record names are in the authoritative domain.
+.PP
+.B --cname
+as long as the record name is in  the authoritative domain. If the
+target of the CNAME is unqualified, then it  is qualified with the
+authoritative zone name.
+.PP
+IPv4 and IPv6 addresses from /etc/hosts (and 
+.B --addn-hosts
+) and
+.B --host-record
+provided the address falls into one of the subnets specified in the
+.B --auth-zone.
+.PP
+Addresses specified by 
+.B --interface-name.
+In this case, the address is not contrained to a subnet from
+.B --auth-zone. 
+
+.PP
+Addresses of DHCP leases, provided the address falls into one of the subnets specified in the
+.B --auth-zone
+OR a constructed DHCP range. In the default mode, where a DHCP lease
+has an unqualified name, and possibly a qualified name constructed
+using 
+.B --domain
+then the name in the authoritative zone is constructed from the
+unqualified name and the zone's domain. This may or may not equal
+that specified by 
+.B --domain.
+If 
+.B --dhcp-fqdn
+is set, then the fully qualified names associated with DHCP leases are
+used, and must match the zone's domain.
+ 
+
+
 .SH EXIT CODES
 .PP
 0 - Dnsmasq successfully forked into the background, or terminated

src/auth.c

@@ -16,6 +16,7 @@
 
 #include "dnsmasq.h"
 
+#ifdef HAVE_AUTH
 
 static struct subnet *filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u)
 {
@@ -45,6 +46,21 @@ static struct subnet *filter_zone(struct auth_zone *zone, int flag, struct all_a
   return NULL;
 }
 
+static int filter_constructed_dhcp(struct auth_zone *zone, int flag, struct all_addr *addr_u)
+{
+#ifdef HAVE_DHCP6
+  struct dhcp_context *context;
+
+  if (flag | F_IPV6)
+    for (context = daemon->dhcp6; context; context = context->next)
+      if ((context->flags & CONTEXT_CONSTRUCTED) &&
+	  is_same_net6(&(addr_u->addr.addr6), &context->start6, context->prefix))
+	return 1;
+#endif
+  
+  return filter_zone(zone, flag, addr_u) != NULL;
+}
+
 static int in_zone(struct auth_zone *zone, char *name, char **cut)
 {
   size_t namelen = strlen(name);
@@ -72,7 +88,7 @@ static int in_zone(struct auth_zone *zone, char *name, char **cut)
 }
 
 
-size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now) 
+size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now, union mysockaddr *peer_addr) 
 {
   char *name = daemon->namebuff;
   unsigned char *p, *ansp;
@@ -84,7 +100,13 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
   struct auth_zone *zone = NULL;
   struct subnet *subnet = NULL;
   char *cut;
-
+  struct mx_srv_record *rec, *move, **up;
+  struct txt_record *txt;
+  struct interface_name *intr;
+  struct naptr *na;
+  struct all_addr addr;
+  struct cname *a;
+  
   if (ntohs(header->qdcount) == 0 || OPCODE(header) != QUERY )
     return 0;
   
@@ -99,13 +121,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
     {
       unsigned short flag = 0;
       int found = 0;
-      struct mx_srv_record *rec, *move, **up;
-      struct txt_record *txt;
-      struct interface_name *intr;
-      struct naptr *na;
-      struct all_addr addr;
-      struct cname *a;
-
+  
       /* save pointer to name for copying into answers */
       nameoffset = p - (unsigned char *)header;
 
@@ -117,7 +133,10 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
       GETSHORT(qclass, p);
       
       if (qclass != C_IN)
-	continue;
+	{
+	  auth = 0;
+	  continue;
+	}
 
       if (qtype == T_PTR)
 	{
@@ -345,30 +364,60 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	flag = F_IPV6;
 #endif
 
-      if (qtype == T_SOA && !cut)
+      if (!cut)
 	{
-	  soa = 1; /* inhibits auth section */
-	  found = 1;
-	  log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<SOA>");
+	  nxdomain = 0;
+	  
+	  if (qtype == T_SOA)
+	    {
+	      soa = 1; /* inhibits auth section */
+	      found = 1;
+	      log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<SOA>");
+	    }
+      	  else if (qtype == T_AXFR)
+	    {
+	      struct iname *peers;
+	      
+	      if (peer_addr->sa.sa_family == AF_INET)
+		peer_addr->in.sin_port = 0;
+#ifdef HAVE_IPV6
+	      else
+		peer_addr->in6.sin6_port = 0; 
+#endif
+	      
+	      for (peers = daemon->auth_peers; peers; peers = peers->next)
+		if (sockaddr_isequal(peer_addr, &peers->addr))
+		  break;
+	      
+	      /* Refuse all AXFR unless --auth-sec-servers is set */
+	      if ((!peers && daemon->auth_peers) || !daemon->secondary_forward_server)
+		{
+		  if (peer_addr->sa.sa_family == AF_INET)
+		    inet_ntop(AF_INET, &peer_addr->in.sin_addr, daemon->addrbuff, ADDRSTRLEN);
+#ifdef HAVE_IPV6
+		  else
+		    inet_ntop(AF_INET6, &peer_addr->in6.sin6_addr, daemon->addrbuff, ADDRSTRLEN); 
+#endif
+		  
+		  my_syslog(LOG_WARNING, _("ignoring zone transfer request from %s"), daemon->addrbuff);
+		  return 0;
+		}
+	       	      
+	      soa = 1; /* inhibits auth section */
+	      ns = 1; /* ensure we include NS records! */
+	      axfr = 1;
+	      found = 1;
+	      axfroffset = nameoffset;
+	      log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<AXFR>");
+	    }
+      	  else if (qtype == T_NS)
+	    {
+	      ns = 1; /* inhibits auth section */
+	      found = 1;
+	      log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<NS>"); 
+	    }
 	}
       
-      if (qtype == T_AXFR && !cut)
-	{
-	  soa = 1; /* inhibits auth section */
-	  axfr = 1;
-	  found = 1;
-	  axfroffset = nameoffset;
-	  log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<AXFR>");
-	}
-      
-      if (qtype == T_NS && !cut)
-	{
-	  ns = 1; /* inhibits auth section */
-	  found = 1;
-	  log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<NS>"); 
-	}
-      
-      
       if (!option_bool(OPT_DHCP_FQDN) && cut)
 	{	  
 	  *cut = 0; /* remove domain part */
@@ -379,7 +428,8 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 		do
 		  { 
 		    nxdomain = 0;
-		    if ((crecp->flags & flag) && filter_zone(zone, flag, &(crecp->addr.addr)))
+		    if ((crecp->flags & flag) && 
+			(filter_constructed_dhcp(zone, flag, &(crecp->addr.addr))))
 		      {
 			*cut = '.'; /* restore domain part */
 			log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));
@@ -402,7 +452,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	    do
 	      { 
 		 nxdomain = 0;
-		 if ((crecp->flags & flag) && filter_zone(zone, flag, &(crecp->addr.addr)))
+		 if ((crecp->flags & flag) && filter_constructed_dhcp(zone, flag, &(crecp->addr.addr)))
 		   {
 		     log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));
 		     found = 1;
@@ -423,7 +473,8 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
   if (auth)
     {
       char *authname;
-      
+      int newoffset, offset = 0;
+
       if (!subnet)
 	authname = zone->domain;
       else
@@ -464,17 +515,8 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	}
       
       /* handle NS and SOA in auth section or for explicit queries */
-      if ((anscount != 0 || ns) && 
-	  add_resource_record(header, limit, &trunc, 0, &ansp, 
-			      daemon->auth_ttl, NULL, T_NS, C_IN, "d", authname, daemon->authserver))
-	{
-	  if (ns) 
-	    anscount++;
-	  else
-	    authcount++;
-	}
-      
-      if ((anscount == 0 || soa) &&
+       newoffset = ansp - (unsigned char *)header;
+       if (((anscount == 0 && !ns) || soa) &&
 	  add_resource_record(header, limit, &trunc, 0, &ansp, 
 			      daemon->auth_ttl, NULL, T_SOA, C_IN, "ddlllll",
 			      authname, daemon->authserver,  daemon->hostmaster,
@@ -482,14 +524,149 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 			      daemon->soa_retry, daemon->soa_expiry, 
 			      daemon->auth_ttl))
 	{
+	  offset = newoffset;
 	  if (soa)
 	    anscount++;
 	  else
 	    authcount++;
 	}
+      
+      if (anscount != 0 || ns)
+	{
+	  struct name_list *secondary;
+	  
+	  newoffset = ansp - (unsigned char *)header;
+	  if (add_resource_record(header, limit, &trunc, -offset, &ansp, 
+				  daemon->auth_ttl, NULL, T_NS, C_IN, "d", offset == 0 ? authname : NULL, daemon->authserver))
+	    {
+	      if (offset == 0) 
+		offset = newoffset;
+	      if (ns) 
+		anscount++;
+	      else
+		authcount++;
+	    }
 
+	  if (!subnet)
+	    for (secondary = daemon->secondary_forward_server; secondary; secondary = secondary->next)
+	      if (add_resource_record(header, limit, &trunc, offset, &ansp, 
+				      daemon->auth_ttl, NULL, T_NS, C_IN, "d", secondary->name))
+		{
+		  if (ns) 
+		    anscount++;
+		  else
+		    authcount++;
+		}
+	}
+      
       if (axfr)
 	{
+	  for (rec = daemon->mxnames; rec; rec = rec->next)
+	    if (in_zone(zone, rec->name, &cut))
+	      {
+		if (cut)
+		   *cut = 0;
+
+		if (rec->issrv)
+		  {
+		    if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
+					    NULL, T_SRV, C_IN, "sssd", cut ? rec->name : NULL,
+					    rec->priority, rec->weight, rec->srvport, rec->target))
+		      
+		      anscount++;
+		  }
+		else
+		  {
+		    if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
+					    NULL, T_MX, C_IN, "sd", cut ? rec->name : NULL, rec->weight, rec->target))
+		      anscount++;
+		  }
+		
+		/* restore config data */
+		if (cut)
+		  *cut = '.';
+	      }
+	      
+	  for (txt = daemon->rr; txt; txt = txt->next)
+	    if (in_zone(zone, txt->name, &cut))
+	      {
+		if (cut)
+		  *cut = 0;
+		
+		if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
+					NULL, txt->class, C_IN, "t",  cut ? txt->name : NULL, txt->len, txt->txt))
+		  anscount++;
+		
+		/* restore config data */
+		if (cut)
+		  *cut = '.';
+	      }
+	  
+	  for (txt = daemon->txt; txt; txt = txt->next)
+	    if (txt->class == C_IN && in_zone(zone, txt->name, &cut))
+	      {
+		if (cut)
+		  *cut = 0;
+		
+		if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
+					NULL, T_TXT, C_IN, "t", cut ? txt->name : NULL, txt->len, txt->txt))
+		  anscount++;
+		
+		/* restore config data */
+		if (cut)
+		  *cut = '.';
+	      }
+	  
+	  for (na = daemon->naptr; na; na = na->next)
+	    if (in_zone(zone, na->name, &cut))
+	      {
+		if (cut)
+		  *cut = 0;
+		
+		if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl, 
+					NULL, T_NAPTR, C_IN, "sszzzd", cut ? na->name : NULL,
+					na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
+		  anscount++;
+		
+		/* restore config data */
+		if (cut)
+		  *cut = '.'; 
+	      }
+	  
+	  for (intr = daemon->int_names; intr; intr = intr->next)
+	    if (in_zone(zone, intr->name, &cut) && (addr.addr.addr4 = get_ifaddr(intr->intr)).s_addr != (in_addr_t) -1)
+	      {
+		if (cut)
+		  *cut = 0;
+		
+		if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, 
+					daemon->auth_ttl, NULL, T_A, C_IN, "4", cut ? intr->name : NULL, &addr))
+		  anscount++;
+		
+		/* restore config data */
+		if (cut)
+		  *cut = '.'; 
+	      }
+	  
+	  for (a = daemon->cnames; a; a = a->next)
+	    if (in_zone(zone, a->alias, &cut))
+	      {
+		strcpy(name, a->target);
+		if (!strchr(name, '.'))
+		  {
+		    strcat(name, ".");
+		    strcat(name, zone->domain);
+		  }
+		
+		if (cut)
+		  *cut = 0;
+		
+		if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, 
+					daemon->auth_ttl, NULL,
+					T_CNAME, C_IN, "d",  cut ? a->alias : NULL, name))
+		  anscount++;
+	      }
+	
 	  cache_enumerate(1);
 	  while ((crecp = cache_enumerate(0)))
 	    {
@@ -500,7 +677,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 		  if ((crecp->flags & F_DHCP) && !option_bool(OPT_DHCP_FQDN))
 		    {
 		      char *cache_name = cache_get_name(crecp);
-		      if (!strchr(cache_name, '.') && filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))
+		      if (!strchr(cache_name, '.') && filter_constructed_dhcp(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))
 			{
 			  qtype = T_A;
 #ifdef HAVE_IPV6
@@ -517,7 +694,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 		  if ((crecp->flags & F_HOSTS) || (((crecp->flags & F_DHCP) && option_bool(OPT_DHCP_FQDN))))
 		    {
 		      strcpy(name, cache_get_name(crecp));
-		      if (in_zone(zone, name, &cut) && filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))
+		      if (in_zone(zone, name, &cut) && filter_constructed_dhcp(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))
 			{
 			  qtype = T_A;
 #ifdef HAVE_IPV6
@@ -525,20 +702,12 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 			    qtype = T_AAAA;
 #endif
 			   if (cut)
-			     {
-			       *cut = 0;
-			       if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, 
-						       daemon->auth_ttl, NULL, qtype, C_IN, 
-						       (crecp->flags & F_IPV4) ? "4" : "6", name, &crecp->addr))
-				 anscount++;
-			     }
-			   else
-			     {
-			       if (add_resource_record(header, limit, &trunc, axfroffset, &ansp, 
-						       daemon->auth_ttl, NULL, qtype, C_IN, 
-						       (crecp->flags & F_IPV4) ? "4" : "6", &crecp->addr))
-				 anscount++;  
-			     }
+			     *cut = 0;
+
+			   if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, 
+						   daemon->auth_ttl, NULL, qtype, C_IN, 
+						   (crecp->flags & F_IPV4) ? "4" : "6", cut ? name : NULL, &crecp->addr))
+			     anscount++;
 			}
 		    }
 		}
@@ -555,7 +724,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	
 	}
   
-    }
+}
   
   /* done all questions, set up header and return length of result */
   /* clear authoritative and truncated flags, set QR flag */
@@ -581,7 +750,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
   return ansp - (unsigned char *)header;
 }
   
-  
+#endif  
   
 
 

src/bpf.c

@@ -111,7 +111,7 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 	{
 	  int iface_index = if_nametoindex(addrs->ifa_name);
 
-	  if (iface_index == 0)
+	  if (iface_index == 0 || !addrs->ifa_addr || !addrs->ifa_netmask)
 	    continue;
 
 	  if (family == AF_INET)
@@ -119,7 +119,10 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 	      struct in_addr addr, netmask, broadcast;
 	      addr = ((struct sockaddr_in *) addrs->ifa_addr)->sin_addr;
 	      netmask = ((struct sockaddr_in *) addrs->ifa_netmask)->sin_addr;
-	      broadcast = ((struct sockaddr_in *) addrs->ifa_broadaddr)->sin_addr; 
+	      if (addrs->ifa_broadaddr)
+		broadcast = ((struct sockaddr_in *) addrs->ifa_broadaddr)->sin_addr; 
+	      else 
+		broadcast.s_addr = 0;	      
 	      if (!((*callback)(addr, iface_index, netmask, broadcast, parm)))
 		goto err;
 	    }
@@ -147,7 +150,8 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 		  addr->s6_addr[3] = 0;
 		}
 	      
-	      if (!((*callback)(addr, prefix, scope_id, iface_index, 0, parm)))
+	      /* preferred and valid times == forever until we known how to dtermine them. */
+	      if (!((*callback)(addr, prefix, scope_id, iface_index, 0, -1, -1, parm)))
 		goto err;
 	}
 #endif

src/cache.c

@@ -394,7 +394,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
   int freed_all = flags & F_REVERSE;
   int free_avail = 0;
 
-  if(daemon->max_cache_ttl < ttl)
+  if (daemon->max_cache_ttl != 0 && daemon->max_cache_ttl < ttl)
     ttl = daemon->max_cache_ttl;
 
   /* Don't log keys */

src/config.h

@@ -46,6 +46,7 @@
 #define SOA_REFRESH 1200 /* SOA refresh default */
 #define SOA_RETRY 180 /* SOA retry default */
 #define SOA_EXPIRY 1209600 /* SOA expiry default */
+#define RA_INTERVAL 600 /* Send unsolicited RA's this often when not provoked. */
  
 /* compile-time options: uncomment below to enable or do eg.
    make COPTS=-DHAVE_BROKEN_RTC
@@ -96,12 +97,18 @@ HAVE_CONNTRACK
    a build-dependency on libnetfilter_conntrack, but the resulting binary will
    still run happily on a kernel without conntrack support.
 
+HAVE_AUTH
+   define this to include the facility to act as an authoritative DNS
+   server for one or more zones.
+
+
 NO_IPV6
 NO_TFTP
 NO_DHCP
 NO_DHCP6
 NO_SCRIPT
 NO_LARGEFILE
+NO_AUTH
    these are avilable to explictly disable compile time options which would 
    otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or 
    which are enabled  by default in the distributed source tree. Building dnsmasq
@@ -123,6 +130,7 @@ RESOLVFILE
 #define HAVE_DHCP6 
 #define HAVE_TFTP
 #define HAVE_SCRIPT
+#define HAVE_AUTH
 /* #define HAVE_LUASCRIPT */
 /* #define HAVE_BROKEN_RTC */
 /* #define HAVE_DBUS */
@@ -311,6 +319,9 @@ HAVE_SOCKADDR_SA_LEN
 #define HAVE_SCRIPT
 #endif
 
+#ifdef NO_AUTH
+#undef HAVE_AUTH
+#endif
 
 /* Define a string indicating which options are in use.
    DNSMASQP_COMPILE_OPTS is only defined in dnsmasq.c */
@@ -369,7 +380,11 @@ static char *compile_opts =
 #ifndef HAVE_CONNTRACK
 "no-"
 #endif
-"conntrack";
+"conntrack "
+#ifndef HAVE_AUTH
+"no-"
+#endif
+  "auth";
 
 #endif
 

src/dhcp-common.c

@@ -333,83 +333,6 @@ void dhcp_update_configs(struct dhcp_config *configs)
 
 }
 
-#ifdef HAVE_DHCP6
-static int join_multicast_worker(struct in6_addr *local, int prefix, 
-				 int scope, int if_index, int dad, void *vparam)
-{
-  char ifrn_name[IFNAMSIZ];
-  struct ipv6_mreq mreq;
-  int fd, i, max = *((int *)vparam);
-  struct iname *tmp;
-
-  (void)prefix;
-  (void)scope;
-  (void)dad;
-  
-  /* record which interfaces we join on, so that we do it at most one per 
-     interface, even when they have multiple addresses. Use outpacket
-     as an array of int, since it's always allocated here and easy
-     to expand for theoretical vast numbers of interfaces. */
-  for (i = 0; i < max; i++)
-    if (if_index == ((int *)daemon->outpacket.iov_base)[i])
-      return 1;
-  
-  if ((fd = socket(PF_INET6, SOCK_DGRAM, 0)) == -1)
-    return 0;
-  
-  if (!indextoname(fd, if_index, ifrn_name))
-    {
-      close(fd);
-      return 0;
-    }
-  
-  close(fd);
-
-  /* Are we doing DHCP on this interface? */
-  if (!iface_check(AF_INET6, (struct all_addr *)local, ifrn_name, NULL))
-    return 1;
- 
-  for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
-    if (tmp->name && (strcmp(tmp->name, ifrn_name) == 0))
-      return 1;
-
-  mreq.ipv6mr_interface = if_index;
-  
-  inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
-  
-  if (daemon->dhcp6 &&
-      setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
-    return 0;
-
-  inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
-  
-  if (daemon->dhcp6 && 
-      setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
-    return 0;
-  
-  inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr);
-  
-  if (daemon->ra_contexts &&
-      setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
-    return 0;
-  
-  expand_buf(&daemon->outpacket, (max+1) * sizeof(int));
-  ((int *)daemon->outpacket.iov_base)[max++] = if_index;
-  
-  *((int *)vparam) = max;
-  
-  return 1;
-}
-
-void join_multicast(void)
-{
-  int count = 0;
-
-   if (!iface_enumerate(AF_INET6, &count, join_multicast_worker))
-     die(_("failed to join DHCPv6 multicast group: %s"), NULL, EC_BADNET);
-}
-#endif
-
 #ifdef HAVE_LINUX_NETWORK 
 void bindtodevice(int fd)
 {
@@ -750,4 +673,91 @@ char *option_string(int prot, unsigned int opt, unsigned char *val, int opt_len,
 
 }
 
+void log_context(int family, struct dhcp_context *context)
+{
+  /* Cannot use dhcp_buff* for RA contexts */
+
+  void *start = &context->start;
+  void *end = &context->end;
+  char *n = "", *m = "", *p = daemon->namebuff;
+  
+  *p = 0;
+    
+#ifdef HAVE_DHCP6
+  if (family == AF_INET6)
+    {
+      struct in6_addr subnet = context->start6;
+      if (!(context->flags & CONTEXT_TEMPLATE))
+	setaddr6part(&subnet, 0);
+      inet_ntop(AF_INET6, &subnet, daemon->addrbuff, ADDRSTRLEN); 
+      start = &context->start6;
+      end = &context->end6;
+    }
+#endif
+	
+  if ((context->flags & CONTEXT_DHCP) || 
+      !(context->flags & (CONTEXT_CONSTRUCTED | CONTEXT_TEMPLATE)))
+    {
+      if (family != AF_INET && (context->flags & CONTEXT_DEPRECATE))
+	strcpy(daemon->namebuff, _(", prefix deprecated"));
+      else
+	{
+	  p += sprintf(p, _(", lease time "));
+	  m = p;
+	  prettyprint_time(p, context->lease_time);
+	  p += strlen(p);
+	}
+    }
+    
+#ifdef HAVE_DHCP6
+  if (context->flags & CONTEXT_CONSTRUCTED)
+   {
+     char ifrn_name[IFNAMSIZ];
+     if (indextoname(daemon->doing_dhcp6 ? daemon->dhcp6fd : daemon->icmp6fd, context->if_index, ifrn_name))
+       {
+	 n = p;
+	 p += sprintf(p, ", constructed for %s", ifrn_name);
+       }
+   }
+
+ if (context->flags & CONTEXT_TEMPLATE)
+   {
+     n = p;
+     p += sprintf(p, ", template for %s%s", context->template_interface, 
+		  (context->flags & CONTEXT_WILDCARD) ? "*" : "");  
+   }
+#endif
+
+  if ((context->flags & CONTEXT_DHCP) || family == AF_INET) 
+    {
+      inet_ntop(family, start, daemon->dhcp_buff, 256);
+      inet_ntop(family, end, daemon->dhcp_buff3, 256);
+      my_syslog(MS_DHCP | LOG_INFO, 
+	      (context->flags & CONTEXT_RA_STATELESS) ? 
+	      _("%s stateless on %s%.0s%.0s") :
+	      (context->flags & CONTEXT_STATIC) ? 
+	      _("%s, static leases only on %.0s%s%s") :
+	      (context->flags & CONTEXT_PROXY) ?
+	      _("%s, proxy on subnet %.0s%s%.0s") :
+	      _("%s, IP range %s -- %s%s"),
+	      (family != AF_INET) ? "DHCPv6" : "DHCP",
+	      daemon->dhcp_buff, daemon->dhcp_buff3, daemon->namebuff);
+    }
+  
+#ifdef HAVE_DHCP6
+  if (context->flags & CONTEXT_RA_NAME)
+    my_syslog(MS_DHCP | LOG_INFO, _("DHCPv4-derived IPv6 names on %s%s"), 
+	      daemon->addrbuff, n);
+  
+       
+  if (context->flags & CONTEXT_RA)
+    my_syslog(MS_DHCP | LOG_INFO, _("router advertisement on %s%s%s"), 
+	      daemon->addrbuff,
+	      (context->flags & (CONTEXT_CONSTRUCTED | CONTEXT_TEMPLATE)) ? "" : ", prefix valid ",
+	      (context->flags & (CONTEXT_CONSTRUCTED | CONTEXT_TEMPLATE)) ? n : m);
+#endif
+
+}
+      
+
 #endif

src/dhcp6.c

@@ -25,7 +25,8 @@ struct iface_param {
 };
 
 static int complete_context6(struct in6_addr *local,  int prefix,
-			     int scope, int if_index, int dad, void *vparam);
+			     int scope, int if_index, int flags, 
+			     unsigned int preferred, unsigned int valid, void *vparam);
 
 static int make_duid1(int index, unsigned int type, char *mac, size_t maclen, void *parm); 
 
@@ -181,15 +182,15 @@ void dhcp6_packet(time_t now)
 }
 
 static int complete_context6(struct in6_addr *local,  int prefix,
-			     int scope, int if_index, int dad, void *vparam)
+			     int scope, int if_index, int flags, unsigned int preferred, 
+			     unsigned int valid, void *vparam)
 {
   struct dhcp_context *context;
   struct iface_param *param = vparam;
   struct iname *tmp;
  
   (void)scope; /* warning */
-  (void)dad;
-      
+  
   if (if_index == param->ind &&
       !IN6_IS_ADDR_LOOPBACK(local) &&
       !IN6_IS_ADDR_LINKLOCAL(local) &&
@@ -210,16 +211,39 @@ static int complete_context6(struct in6_addr *local,  int prefix,
       
       for (context = daemon->dhcp6; context; context = context->next)
 	{
-	  if (prefix == context->prefix &&
+	  if (!(context->flags & CONTEXT_TEMPLATE) &&
+	      prefix == context->prefix &&
 	      is_same_net6(local, &context->start6, prefix) &&
 	      is_same_net6(local, &context->end6, prefix))
 	    {
+
+
 	      /* link it onto the current chain if we've not seen it before */
 	      if (context->current == context)
 		{
-		  context->current = param->current;
-		  param->current = context;
+		  struct dhcp_context *tmp, **up;
+		  
+		  /* use interface values only for contructed contexts */
+		  if (!(context->flags & CONTEXT_CONSTRUCTED))
+		    preferred = valid = 0xffffffff;
+		  else if (flags & IFACE_DEPRECATED)
+		    preferred = 0;
+
+		  if (context->flags & CONTEXT_DEPRECATE)
+		    preferred = 0;
+		  
+		  /* order chain, longest preferred time first */
+		  for (up = &param->current, tmp = param->current; tmp; tmp = tmp->current)
+		    if (tmp->preferred <= preferred)
+		      break;
+		    else
+		      up = &tmp->current;
+		  
+		  context->current = *up;
+		  *up = context;
 		  context->local6 = *local;
+		  context->preferred = preferred;
+		  context->valid = valid;
 		}
 	    }
 	}
@@ -304,6 +328,7 @@ int address6_allocate(struct dhcp_context *context,  unsigned char *clid, int cl
   return 0;
 }
 
+/* can dynamically allocate addr */
 struct dhcp_context *address6_available(struct dhcp_context *context, 
 					struct in6_addr *taddr,
 					struct dhcp_netid *netids)
@@ -328,6 +353,22 @@ struct dhcp_context *address6_available(struct dhcp_context *context,
   return NULL;
 }
 
+/* address OK if configured */
+struct dhcp_context *address6_valid(struct dhcp_context *context, 
+					struct in6_addr *taddr,
+					struct dhcp_netid *netids)
+{
+  struct dhcp_context *tmp;
+ 
+  for (tmp = context; tmp; tmp = tmp->current)
+    if ((tmp->flags & CONTEXT_STATIC) &&
+	is_same_net6(&tmp->start6, taddr, tmp->prefix) &&
+	match_netid(tmp->filter, netids, 1))
+      return tmp;
+
+  return NULL;
+}
+
 struct dhcp_context *narrow_context6(struct dhcp_context *context, 
 				     struct in6_addr *taddr,
 				     struct dhcp_netid *netids)
@@ -342,21 +383,12 @@ struct dhcp_context *narrow_context6(struct dhcp_context *context,
   
   struct dhcp_context *tmp;
 
-  if (!(tmp = address6_available(context, taddr, netids)))
-    {
-      for (tmp = context; tmp; tmp = tmp->current)
-        if (match_netid(tmp->filter, netids, 1) &&
-            is_same_net6(taddr, &tmp->start6, tmp->prefix) && 
-            (tmp->flags & CONTEXT_STATIC))
-          break;
-      
-      if (!tmp)
-        for (tmp = context; tmp; tmp = tmp->current)
-          if (match_netid(tmp->filter, netids, 1) &&
-              is_same_net6(taddr, &tmp->start6, tmp->prefix) &&
-              !(tmp->flags & CONTEXT_PROXY))
-            break;
-    }
+  if (!(tmp = address6_available(context, taddr, netids)) &&
+      !(tmp = address6_valid(context, taddr, netids)))
+    for (tmp = context; tmp; tmp = tmp->current)
+      if (match_netid(tmp->filter, netids, 1) &&
+	  is_same_net6(taddr, &tmp->start6, tmp->prefix))
+	break;
   
   /* Only one context allowed now */
   if (tmp)
@@ -467,6 +499,142 @@ static int make_duid1(int index, unsigned int type, char *mac, size_t maclen, vo
 
   return 0;
 }
+
+struct cparam {
+  time_t now;
+  int newone, newname;
+};
+
+static int construct_worker(struct in6_addr *local, int prefix, 
+			    int scope, int if_index, int flags, 
+			    int preferred, int valid, void *vparam)
+{
+  char ifrn_name[IFNAMSIZ];
+  struct in6_addr start6, end6;
+  struct dhcp_context *template, *context;
+
+  (void)scope;
+  (void)flags;
+  (void)valid;
+  (void)preferred;
+
+  struct cparam *param = vparam;
+
+  if (IN6_IS_ADDR_LOOPBACK(local) ||
+      IN6_IS_ADDR_LINKLOCAL(local) ||
+      IN6_IS_ADDR_MULTICAST(local))
+    return 1;
+
+  if (!indextoname(daemon->doing_dhcp6 ? daemon->dhcp6fd : daemon->icmp6fd, if_index, ifrn_name))
+    return 0;
+  
+  for (template = daemon->dhcp6; template; template = template->next)
+    if (!(template->flags & CONTEXT_TEMPLATE))
+      {
+	/* non-template entries, just fill in interface and local addresses */
+	if (prefix == template->prefix &&
+	    is_same_net6(local, &template->start6, prefix) &&
+	    is_same_net6(local, &template->end6, prefix))
+	  {
+	    template->if_index = if_index;
+	    template->local6 = *local;
+	  }
+	
+      }
+    else if (addr6part(local) == addr6part(&template->start6) &&
+	     strncmp(template->template_interface, ifrn_name, strlen(template->template_interface)) == 0 &&
+	     (strlen(template->template_interface) == strlen(ifrn_name) || (template->flags & CONTEXT_WILDCARD)))
+      {
+	start6 = *local;
+	setaddr6part(&start6, addr6part(&template->start6));
+	end6 = *local;
+	setaddr6part(&end6, addr6part(&template->end6));
+	
+	for (context = daemon->dhcp6; context; context = context->next)
+	  if ((context->flags & CONTEXT_CONSTRUCTED) &&
+	      IN6_ARE_ADDR_EQUAL(&start6, &context->start6) &&
+	      IN6_ARE_ADDR_EQUAL(&end6, &context->end6))
+	    {
+	      context->flags &= ~CONTEXT_GC;
+	      break;
+	    }
+	
+	if (!context && (context = whine_malloc(sizeof (struct dhcp_context))))
+	  {
+	    *context = *template;
+	    context->start6 = start6;
+	    context->end6 = end6;
+	    context->flags &= ~CONTEXT_TEMPLATE;
+	    context->flags |= CONTEXT_CONSTRUCTED;
+	    context->if_index = if_index;
+	    context->local6 = *local;
+	    
+	    context->next = daemon->dhcp6;
+	    daemon->dhcp6 = context;
+
+	    ra_start_unsolicted(param->now, context);
+	    /* we created a new one, need to call
+	       lease_update_file to get periodic functions called */
+	    param->newone = 1; 
+
+	    /* Will need to add new putative SLAAC addresses to existing leases */
+	    if (context->flags & CONTEXT_RA_NAME)
+	      param->newname = 1;
+	    
+	    log_context(AF_INET6, context);
+	  } 
+      }
+  
+  return 1;
+}
+
+void dhcp_construct_contexts(time_t now)
+{ 
+  struct dhcp_context *tmp, *context, **up;
+  struct cparam param;
+  param.newone = 0;
+  param.newname = 0;
+  param.now = now;
+
+  for (context = daemon->dhcp6; context; context = context->next)
+    {
+      context->if_index = 0;
+      if (context->flags & CONTEXT_CONSTRUCTED)
+      	context->flags |= CONTEXT_GC;
+    }
+ 
+  iface_enumerate(AF_INET6, &param, construct_worker);
+
+  for (up = &daemon->dhcp6, context = daemon->dhcp6; context; context = tmp)
+    {
+      tmp = context->next;
+      
+      if (context->flags & CONTEXT_GC)
+	{
+	  *up = context->next;
+	  free(context);
+	  param.newone = 1; /* include deletion */ 
+	  if (context->flags & CONTEXT_RA_NAME)
+	    param.newname = 1;
+	}
+      else
+	up = &context->next;
+    }
+  
+  if (param.newone)
+    {
+      if (daemon->dhcp || daemon->doing_dhcp6)
+	{
+	  if (param.newname)
+	    lease_update_slaac(now);
+	  lease_update_file(now);
+	}
+      else 
+	/* Not doing DHCP, so no lease system, manage alarms for ra only */
+	send_alarm(periodic_ra(now), now);
+    }
+}
+
 #endif
 
 

src/dnsmasq.c

@@ -51,6 +51,7 @@ int main (int argc, char **argv)
   cap_user_header_t hdr = NULL;
   cap_user_data_t data = NULL;
 #endif 
+  struct dhcp_context *context;
 
 #ifdef LOCALEDIR
   setlocale(LC_ALL, "");
@@ -148,6 +149,11 @@ int main (int argc, char **argv)
     die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
 #endif
 
+#ifndef HAVE_AUTH
+  if (daemon->authserver)
+    die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
+#endif
+
   rand_init();
   
   now = dnsmasq_time();
@@ -162,63 +168,58 @@ int main (int argc, char **argv)
   
 #ifdef HAVE_DHCP
   if (daemon->dhcp || daemon->dhcp6)
-    {
+    { 
+      
+#  ifdef HAVE_DHCP6
+      if (daemon->dhcp6)
+	{
+	  daemon->doing_ra = option_bool(OPT_RA);
+	  
+	  for (context = daemon->dhcp6; context; context = context->next)
+	    {
+	      if (context->flags & CONTEXT_DHCP)
+		daemon->doing_dhcp6 = 1;
+	      if (context->flags & CONTEXT_RA)
+		daemon->doing_ra = 1;
+#ifndef  HAVE_LINUX_NETWORK
+	      if (context->flags & CONTEXT_TEMPLATE)
+		die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
+#endif 
+	    }
+	}
+#  endif
+
       /* Note that order matters here, we must call lease_init before
 	 creating any file descriptors which shouldn't be leaked
 	 to the lease-script init process. We need to call common_init
 	 before lease_init to allocate buffers it uses.*/
-      dhcp_common_init();
-      lease_init(now);
-  
+      if (daemon->dhcp || daemon->doing_dhcp6)
+	{
+	  dhcp_common_init();
+	  lease_init(now);
+	}
+
       if (daemon->dhcp)
 	dhcp_init();
-    }
-  
+ 
 #  ifdef HAVE_DHCP6
-  /* Start RA subsystem if --enable-ra OR dhcp-range=<subnet>, ra-only */
-  if (daemon->ra_contexts || option_bool(OPT_RA))
-    {
-      /* link the DHCP6 contexts to the ra-only ones so we can traverse them all 
-	 from ->ra_contexts, but only the non-ra-onlies from ->dhcp6 */
-      struct dhcp_context *context;
+      if (daemon->doing_ra)
+	ra_init(now);
       
-      if (!daemon->ra_contexts)
-	daemon->ra_contexts = daemon->dhcp6;
-      else
-	{
-	  for (context = daemon->ra_contexts; context->next; context = context->next);
-	  context->next = daemon->dhcp6;
-	}
-      ra_init(now);
-    }
-
-  if (daemon->dhcp6)
-    dhcp6_init();
-
+      if (daemon->doing_dhcp6)
+	dhcp6_init();
 #  endif
+    }
 
 #endif
 
 #ifdef HAVE_LINUX_NETWORK
-  /* After lease_init */
   netlink_init();
-
+  
   if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
     die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
 #endif
 
-#ifdef HAVE_DHCP6
-  /* after netlink_init */
-  if (daemon->ra_contexts || daemon->dhcp6)
-    join_multicast();
-#endif
-
-#ifdef HAVE_DHCP
-  /* after netlink_init */
-  if (daemon->dhcp || daemon->dhcp6)
-    lease_find_interfaces(now);
-#endif
-
   if (!enumerate_interfaces())
     die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
   
@@ -248,6 +249,12 @@ int main (int argc, char **argv)
     }
   else 
     create_wildcard_listeners();
+ 
+#ifdef HAVE_DHCP6
+  /* after enumerate_interfaces() */
+  if (daemon->doing_dhcp6 || daemon->doing_ra)
+    join_multicast(1);
+#endif
   
   if (daemon->port != 0)
     cache_init();
@@ -623,90 +630,27 @@ int main (int argc, char **argv)
 
   if (daemon->max_logs != 0)
     my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
- 
-  if (daemon->ra_contexts)
-    my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
+  
 
 #ifdef HAVE_DHCP
-  if (daemon->dhcp || daemon->dhcp6 || daemon->ra_contexts)
-    {
-      struct dhcp_context *dhcp_tmp;
-      int family = AF_INET;
-      dhcp_tmp = daemon->dhcp;
-     
-#ifdef HAVE_DHCP6
-    again:
-#endif
-      for (; dhcp_tmp; dhcp_tmp = dhcp_tmp->next)
-	{
-	  void *start = &dhcp_tmp->start;
-	  void *end = &dhcp_tmp->end;
-	  	  
-#ifdef HAVE_DHCP6
-	  if (family == AF_INET6)
-	    {
-	      start = &dhcp_tmp->start6;
-	      end = &dhcp_tmp->end6;
-	      struct in6_addr subnet = dhcp_tmp->start6;
-	      setaddr6part(&subnet, 0);
-	      inet_ntop(AF_INET6, &subnet, daemon->dhcp_buff2, 256);
-	    }
-#endif
-	  
-	  if (family != AF_INET && (dhcp_tmp->flags & CONTEXT_DEPRECATE))
-	    strcpy(daemon->namebuff, _("prefix deprecated"));
-	  else
-	    {
-	      char *p = daemon->namebuff;
-	      p += sprintf(p, _("lease time "));
-	      prettyprint_time(p, dhcp_tmp->lease_time);
-	    }
-	  
-	  inet_ntop(family, start, daemon->dhcp_buff, 256);
-	  inet_ntop(family, end, daemon->dhcp_buff3, 256);
-	  if ((dhcp_tmp->flags & CONTEXT_DHCP) || family == AF_INET) 
-	    my_syslog(MS_DHCP | LOG_INFO, 
-		      (dhcp_tmp->flags & CONTEXT_RA_STATELESS) ? 
-		      _("%s stateless on %s%.0s%.0s") :
-		      (dhcp_tmp->flags & CONTEXT_STATIC) ? 
-		      _("%s, static leases only on %.0s%s, %s") :
-		      (dhcp_tmp->flags & CONTEXT_PROXY) ?
-		      _("%s, proxy on subnet %.0s%s%.0s") :
-		      _("%s, IP range %s -- %s, %s"),
-		      (family != AF_INET) ? "DHCPv6" : "DHCP",
-		      daemon->dhcp_buff, daemon->dhcp_buff3, daemon->namebuff);
+  for (context = daemon->dhcp; context; context = context->next)
+    log_context(AF_INET, context);
 
-	  if (dhcp_tmp->flags & CONTEXT_RA_NAME)
-	    my_syslog(MS_DHCP | LOG_INFO, _("DHCPv4-derived IPv6 names on %s"), 
-		      daemon->dhcp_buff2);
-	  if (dhcp_tmp->flags & (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS))
-	    {
-	      if (!(dhcp_tmp->flags & CONTEXT_DEPRECATE))
-		{
-		  char *p = daemon->namebuff;
-		  p += sprintf(p, _("prefix valid "));
-		  prettyprint_time(p, dhcp_tmp->lease_time > 7200 ? dhcp_tmp->lease_time : 7200);
-		}
-	      my_syslog(MS_DHCP | LOG_INFO, _("SLAAC on %s %s"), 
-			daemon->dhcp_buff2, daemon->namebuff);
-	    }
-	}
-      
-#ifdef HAVE_DHCP6
-      if (family == AF_INET)
-	{
-	  family = AF_INET6;
-	  if (daemon->ra_contexts)
-	    dhcp_tmp = daemon->ra_contexts;
-	  else
-	    dhcp_tmp = daemon->dhcp6;
-	  goto again;
-	}
-#endif
+#  ifdef HAVE_DHCP6
+  for (context = daemon->dhcp6; context; context = context->next)
+    log_context(AF_INET6, context);
 
-    }
-#endif
+  if (daemon->doing_dhcp6 || daemon->doing_ra)
+    dhcp_construct_contexts(now);
+  
+  if (option_bool(OPT_RA))
+    my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
+#  endif
 
+  /* after dhcp_contruct_contexts */
+  if (daemon->dhcp || daemon->doing_dhcp6)
+    lease_find_interfaces(now);
+#endif
 
 #ifdef HAVE_TFTP
 	if (option_bool(OPT_TFTP))
@@ -813,13 +757,13 @@ int main (int argc, char **argv)
 #endif
 
 #ifdef HAVE_DHCP6
-      if (daemon->dhcp6)
+      if (daemon->doing_dhcp6)
 	{
 	  FD_SET(daemon->dhcp6fd, &rset);
 	  bump_maxfd(daemon->dhcp6fd, &maxfd);
 	}
 
-      if (daemon->ra_contexts)
+      if (daemon->doing_ra)
 	{
 	  FD_SET(daemon->icmp6fd, &rset);
 	  bump_maxfd(daemon->icmp6fd, &maxfd); 
@@ -883,7 +827,7 @@ int main (int argc, char **argv)
 
 #ifdef HAVE_LINUX_NETWORK
       if (FD_ISSET(daemon->netlinkfd, &rset))
-	netlink_multicast();
+	netlink_multicast(now);
 #endif
 
       /* Check for changes to resolv files once per second max. */
@@ -931,11 +875,11 @@ int main (int argc, char **argv)
 	}
 
 #ifdef HAVE_DHCP6
-      if (daemon->dhcp6 && FD_ISSET(daemon->dhcp6fd, &rset))
+      if (daemon->doing_dhcp6 && FD_ISSET(daemon->dhcp6fd, &rset))
 	dhcp6_packet(now);
 
-      if (daemon->ra_contexts && FD_ISSET(daemon->icmp6fd, &rset))
-	icmp6_packet();
+      if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
+	icmp6_packet(now);
 #endif
 
 #  ifdef HAVE_SCRIPT
@@ -1115,13 +1059,13 @@ static void async_event(int pipe, time_t now)
 	
       case EVENT_ALARM:
 #ifdef HAVE_DHCP
-	if (daemon->dhcp || daemon->dhcp6)
+	if (daemon->dhcp || daemon->doing_dhcp6)
 	  {
 	    lease_prune(NULL, now);
 	    lease_update_file(now);
 	  }
 #ifdef HAVE_DHCP6
-	else if (daemon->ra_contexts)
+	else if (daemon->doing_ra)
 	  /* Not doing DHCP, so no lease system, manage alarms for ra only */
 	    send_alarm(periodic_ra(now), now);
 #endif
@@ -1278,7 +1222,7 @@ void clear_cache_and_reload(time_t now)
     cache_reload();
   
 #ifdef HAVE_DHCP
-  if (daemon->dhcp || daemon->dhcp6)
+  if (daemon->dhcp || daemon->doing_dhcp6)
     {
       if (option_bool(OPT_ETHERS))
 	dhcp_read_ethers();
@@ -1289,7 +1233,7 @@ void clear_cache_and_reload(time_t now)
       lease_update_dns(1);
     }
 #ifdef HAVE_DHCP6
-  else if (daemon->ra_contexts)
+  else if (daemon->doing_ra)
     /* Not doing DHCP, so no lease system, manage 
        alarms for ra only */
     send_alarm(periodic_ra(now), now);
@@ -1592,7 +1536,7 @@ int icmp_ping(struct in_addr addr)
       set_log_writer(&wset, &maxfd);
       
 #ifdef HAVE_DHCP6
-      if (daemon->ra_contexts)
+      if (daemon->doing_ra)
 	{
 	  FD_SET(daemon->icmp6fd, &rset);
 	  bump_maxfd(daemon->icmp6fd, &maxfd); 
@@ -1611,8 +1555,8 @@ int icmp_ping(struct in_addr addr)
       check_dns_listeners(&rset, now);
 
 #ifdef HAVE_DHCP6
-      if (daemon->ra_contexts && FD_ISSET(daemon->icmp6fd, &rset))
-	icmp6_packet();
+      if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
+	icmp6_packet(now);
 #endif
       
 #ifdef HAVE_TFTP

src/dnsmasq.h

@@ -389,6 +389,11 @@ union mysockaddr {
 #endif
 };
 
+/* bits in flag param to IPv6 callbacks from iface_enumerate() */
+#define IFACE_TENTATIVE   1
+#define IFACE_DEPRECATED  2
+
+
 #define SERV_FROM_RESOLV       1  /* 1 for servers from resolv, 0 for command line. */
 #define SERV_NO_ADDR           2  /* no server, this domain is local only */
 #define SERV_LITERAL_ADDRESS   4  /* addr is the answer, not the server */ 
@@ -428,8 +433,8 @@ struct server {
 struct irec {
   union mysockaddr addr;
   struct in_addr netmask; /* only valid for IPv4 */
-  int tftp_ok, dhcp_ok, mtu, done, dad, dns_auth;
-  char *name;
+  int tftp_ok, dhcp_ok, mtu, done, dad, dns_auth, index, multicast_done;
+  char *name; 
   struct irec *next;
 };
 
@@ -667,7 +672,7 @@ struct cond_domain {
 #endif
   int is6;
   struct cond_domain *next;
-};
+}; 
 
 struct dhcp_context {
   unsigned int lease_time, addr_epoch;
@@ -678,7 +683,9 @@ struct dhcp_context {
   struct in6_addr start6, end6; /* range of available addresses */
   struct in6_addr local6;
   int prefix, if_index;
-  time_t ra_time;
+  unsigned int valid, preferred;
+  time_t ra_time, ra_short_period_start;
+  char *template_interface;
 #endif
   int flags;
   struct dhcp_netid netid, *filter;
@@ -695,6 +702,11 @@ struct dhcp_context {
 #define CONTEXT_RA_STATELESS 128
 #define CONTEXT_DHCP         256
 #define CONTEXT_DEPRECATE    512
+#define CONTEXT_TEMPLATE    1024    /* create contexts using addresses */
+#define CONTEXT_CONSTRUCTED 2048
+#define CONTEXT_GC          4096
+#define CONTEXT_RA          8192
+#define CONTEXT_WILDCARD   16384
 
 struct ping_result {
   struct in_addr addr;
@@ -755,13 +767,15 @@ extern struct daemon {
   char *lease_file; 
   char *username, *groupname, *scriptuser;
   char *luascript;
-  char *authserver, *authinterface, *hostmaster;
+  char *authserver, *hostmaster;
+  struct iname *authinterface;
+  struct name_list *secondary_forward_server;
   int group_set, osport;
   char *domain_suffix;
   struct cond_domain *cond_domain;
   char *runfile; 
   char *lease_change_command;
-  struct iname *if_names, *if_addrs, *if_except, *dhcp_except;
+  struct iname *if_names, *if_addrs, *if_except, *dhcp_except, *auth_peers;
   struct bogus_addr *bogus_addr;
   struct server *servers;
   int log_fac; /* log facility */
@@ -771,7 +785,7 @@ extern struct daemon {
   int port, query_port, min_port;
   unsigned long local_ttl, neg_ttl, max_ttl, max_cache_ttl, auth_ttl;
   struct hostsfile *addn_hosts;
-  struct dhcp_context *dhcp, *dhcp6, *ra_contexts;
+  struct dhcp_context *dhcp, *dhcp6;
   struct dhcp_config *dhcp_conf;
   struct dhcp_opt *dhcp_opts, *dhcp_match, *dhcp_opts6, *dhcp_match6;
   struct dhcp_vendor *dhcp_vendors;
@@ -782,6 +796,7 @@ extern struct daemon {
   struct addr_list *override_relays;
   int override;
   int enable_pxe;
+  int doing_ra, doing_dhcp6;
   struct dhcp_netid_list *dhcp_ignore, *dhcp_ignore_names, *dhcp_gen_names; 
   struct dhcp_netid_list *force_broadcast, *bootp_dynamic;
   struct hostsfile *dhcp_hosts_file, *dhcp_opts_file;
@@ -901,14 +916,16 @@ size_t resize_packet(struct dns_header *header, size_t plen,
 size_t add_mac(struct dns_header *header, size_t plen, char *limit, union mysockaddr *l3);
 int add_resource_record(struct dns_header *header, char *limit, int *truncp,
 			int nameoffset, unsigned char **pp, unsigned long ttl, 
-			unsigned int *offset, unsigned short type, unsigned short class, char *format, ...);
+			int *offset, unsigned short type, unsigned short class, char *format, ...);
 unsigned char *skip_questions(struct dns_header *header, size_t plen);
 int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, 
 		 char *name, int isExtract, int extrabytes);
 int in_arpa_name_2_addr(char *namein, struct all_addr *addrp);
 
 /* auth.c */
-size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now);
+#ifdef HAVE_AUTH
+size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now, union mysockaddr *peer_addr);
+#endif
 
 /* util.c */
 void rand_init(void);
@@ -989,6 +1006,9 @@ struct in_addr get_ifaddr(char *intr);
 #ifdef HAVE_IPV6
 int set_ipv6pktinfo(int fd);
 #endif
+#ifdef HAVE_DHCP6
+void join_multicast(int dienow);
+#endif
 
 /* dhcp.c */
 #ifdef HAVE_DHCP
@@ -1028,6 +1048,7 @@ void lease6_filter(int lease_type, int iaid, struct dhcp_context *context);
 struct dhcp_lease *lease6_find_by_addr(struct in6_addr *net, int prefix, u64 addr);
 u64 lease_find_max_addr6(struct dhcp_context *context);
 void lease_ping_reply(struct in6_addr *sender, unsigned char *packet, char *interface);
+void lease_update_slaac(time_t now);
 #endif
 void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr,
 		      unsigned char *clid, int hw_len, int hw_type, int clid_len, time_t now, int force);
@@ -1070,7 +1091,7 @@ void poll_resolv(int force, int do_reload, time_t now);
 /* netlink.c */
 #ifdef HAVE_LINUX_NETWORK
 void netlink_init(void);
-void netlink_multicast(void);
+void netlink_multicast(time_t now);
 #endif
 
 /* bpf.c */
@@ -1128,6 +1149,9 @@ int is_addr_in_context6(struct dhcp_context *context, struct in6_addr *addr);
 struct dhcp_context *address6_available(struct dhcp_context *context, 
 					struct in6_addr *taddr,
 					struct dhcp_netid *netids);
+struct dhcp_context *address6_valid(struct dhcp_context *context, 
+				    struct in6_addr *taddr,
+				    struct dhcp_netid *netids);
 struct dhcp_context *narrow_context6(struct dhcp_context *context, 
 				     struct in6_addr *taddr,
 				     struct dhcp_netid *netids);
@@ -1138,6 +1162,7 @@ struct dhcp_config *find_config6(struct dhcp_config *configs,
 struct dhcp_config *config_find_by_address6(struct dhcp_config *configs, struct in6_addr *net, 
 					    int prefix, u64 addr);
 void make_duid(time_t now);
+void dhcp_construct_contexts(time_t now);
 #endif
 
 /* rfc3315.c */
@@ -1168,8 +1193,8 @@ void bindtodevice(int fd);
 #endif
 #  ifdef HAVE_DHCP6
 void display_opts6(void);
-void join_multicast(void);
 #  endif
+void log_context(int family, struct dhcp_context *context);
 #endif
 
 /* outpacket.c */
@@ -1188,16 +1213,14 @@ void put_opt6_string(char *s);
 /* radv.c */
 #ifdef HAVE_DHCP6
 void ra_init(time_t now);
-void icmp6_packet(void);
+void icmp6_packet(time_t now);
 time_t periodic_ra(time_t now);
 void ra_start_unsolicted(time_t now, struct dhcp_context *context);
 #endif
 
 /* slaac.c */ 
 #ifdef HAVE_DHCP6
-void build_subnet_map(void);
 void slaac_add_addrs(struct dhcp_lease *lease, time_t now, int force);
 time_t periodic_slaac(time_t now, struct dhcp_lease *leases);
 void slaac_ping_reply(struct in6_addr *sender, unsigned char *packet, char *interface, struct dhcp_lease *leases);
-void schedule_subnet_map(void);
 #endif

src/forward.c

@@ -812,14 +812,16 @@ void receive_query(struct listener *listen, time_t now)
 #endif
     }
 
+#ifdef HAVE_AUTH
   if (auth_dns)
     {
-      m = answer_auth(header, ((char *) header) + PACKETSZ, (size_t)n, now);
+      m = answer_auth(header, ((char *) header) + PACKETSZ, (size_t)n, now, &source_addr);
       if (m >= 1)
 	send_from(listen->fd, option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND),
 		  (char *)header, m, &source_addr, &dst_addr, if_index);
     }
   else
+#endif
     {
       m = answer_request(header, ((char *) header) + PACKETSZ, (size_t)n, 
 			 dst_addr_4, netmask, now);
@@ -903,9 +905,11 @@ unsigned char *tcp_request(int confd, time_t now,
       else
 	dst_addr_4.s_addr = 0;
       
+#ifdef HAVE_AUTH
       if (auth_dns)
-	m = answer_auth(header, ((char *) header) + 65536, (size_t)size, now);
+	m = answer_auth(header, ((char *) header) + 65536, (size_t)size, now, &peer_addr);
       else
+#endif
 	{
 	  /* m > 0 if answered from cache */
 	  m = answer_request(header, ((char *) header) + 65536, (size_t)size, 
@@ -1043,7 +1047,8 @@ unsigned char *tcp_request(int confd, time_t now,
       
       c1 = m>>8;
       c2 = m;
-      if (!read_write(confd, &c1, 1, 0) ||
+      if (m == 0 ||
+	  !read_write(confd, &c1, 1, 0) ||
 	  !read_write(confd, &c2, 1, 0) || 
 	  !read_write(confd, packet, m, 0))
 	return packet;

src/lease.c

@@ -308,7 +308,7 @@ void lease_update_file(time_t now)
 
 #ifdef HAVE_DHCP6
   /* do timed RAs and determine when the next is, also pings to potential SLAAC addresses */
-  if (daemon->ra_contexts)
+  if (daemon->doing_ra)
     {
       time_t event;
       
@@ -363,12 +363,15 @@ static int find_interface_v4(struct in_addr local, int if_index,
 
 #ifdef HAVE_DHCP6
 static int find_interface_v6(struct in6_addr *local,  int prefix,
-			     int scope, int if_index, int dad, void *vparam)
+			     int scope, int if_index, int flags, 
+			     int preferred, int valid, void *vparam)
 {
   struct dhcp_lease *lease;
   
   (void)scope;
-  (void)dad;
+  (void)flags;
+  (void)preferred;
+  (void)valid;
 
   for (lease = leases; lease; lease = lease->next)
     if ((lease->flags & (LEASE_TA | LEASE_NA)))
@@ -386,6 +389,18 @@ void lease_ping_reply(struct in6_addr *sender, unsigned char *packet, char *inte
     slaac_ping_reply(sender, packet, interface, leases);
 }
 
+void lease_update_slaac(time_t now)
+{
+  /* Called when we contruct a new RA-names context, to add putative
+     new SLAAC addresses to existing leases. */
+
+  struct dhcp_lease *lease;
+  
+  if (daemon->dhcp)
+    for (lease = leases; lease; lease = lease->next)
+      slaac_add_addrs(lease, now, 0);
+}
+
 #endif
 
 
@@ -395,10 +410,6 @@ void lease_ping_reply(struct in6_addr *sender, unsigned char *packet, char *inte
    start-time. */
 void lease_find_interfaces(time_t now)
 {
-#ifdef HAVE_DHCP6
-  build_subnet_map();
-#endif
-
   iface_enumerate(AF_INET, &now, find_interface_v4);
 #ifdef HAVE_DHCP6
   iface_enumerate(AF_INET6, &now, find_interface_v6);
@@ -420,6 +431,11 @@ void lease_update_dns(int force)
 
   if (daemon->port != 0 && (dns_dirty || force))
     {
+#ifndef HAVE_BROKEN_RTC
+      /* force transfer to authoritative secondaries */
+      daemon->soa_sn++;
+#endif
+      
       cache_unhash_dhcp();
 
       for (lease = leases; lease; lease = lease->next)

src/netlink.c

@@ -39,6 +39,7 @@ static struct iovec iov;
 static u32 netlink_pid;
 
 static int nl_async(struct nlmsghdr *h);
+static void nl_newaddress(time_t now);
 
 void netlink_init(void)
 {
@@ -50,10 +51,14 @@ void netlink_init(void)
   addr.nl_pid = 0; /* autobind */
   addr.nl_groups = RTMGRP_IPV4_ROUTE;
   if (option_bool(OPT_CLEVERBIND))
-    addr.nl_groups |= RTMGRP_IPV4_IFADDR;
+    addr.nl_groups |= RTMGRP_IPV4_IFADDR;  
 #ifdef HAVE_IPV6
   addr.nl_groups |= RTMGRP_IPV6_ROUTE;
-  if (daemon->ra_contexts || option_bool(OPT_CLEVERBIND))
+  if (option_bool(OPT_CLEVERBIND))
+    addr.nl_groups |= RTMGRP_IPV6_IFADDR;
+#endif
+#ifdef HAVE_DHCP6
+  if (daemon->doing_ra || daemon->doing_dhcp6)
     addr.nl_groups |= RTMGRP_IPV6_IFADDR;
 #endif
   
@@ -187,7 +192,7 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 	if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
 	  {
 	    /* May be multicast arriving async */
-	    if (nl_async(h) && option_bool(OPT_CLEVERBIND))
+	    if (nl_async(h))
 	      newaddr = 1; 
 	  }
 	else if (h->nlmsg_type == NLMSG_DONE)
@@ -195,11 +200,8 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 	    /* handle async new interface address arrivals, these have to be done
 	       after we complete as we're not re-entrant */
 	    if (newaddr) 
-	      {
-		enumerate_interfaces();
-		create_bound_listeners(0);
-	      }
-	    
+	      nl_newaddress(dnsmasq_time());
+		
 	    return callback_ok;
 	  }
 	else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL)
@@ -236,17 +238,32 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 		else if (ifa->ifa_family == AF_INET6)
 		  {
 		    struct in6_addr *addrp = NULL;
+		    u32 valid = 0, preferred = 0;
+		    int flags = 0;
+		    
 		    while (RTA_OK(rta, len1))
 		      {
 			if (rta->rta_type == IFA_ADDRESS)
 			  addrp = ((struct in6_addr *)(rta+1)); 
-			
+			else if (rta->rta_type == IFA_CACHEINFO)
+			  {
+			    struct ifa_cacheinfo *ifc = (struct ifa_cacheinfo *)(rta+1);
+			    preferred = ifc->ifa_prefered;
+			    valid = ifc->ifa_valid;
+			  }
 			rta = RTA_NEXT(rta, len1);
 		      }
 		    
+		    if (ifa->ifa_flags & IFA_F_TENTATIVE)
+		      flags |= IFACE_TENTATIVE;
+		    
+		    if (ifa->ifa_flags & IFA_F_DEPRECATED)
+		      flags |= IFACE_DEPRECATED;
+		    
 		    if (addrp && callback_ok)
 		      if (!((*callback)(addrp, (int)(ifa->ifa_prefixlen), (int)(ifa->ifa_scope), 
-					(int)(ifa->ifa_index), (int)(ifa->ifa_flags & IFA_F_TENTATIVE), parm)))
+					(int)(ifa->ifa_index), flags, 
+					(int) preferred, (int)valid, parm)))
 			callback_ok = 0;
 		  }
 #endif
@@ -305,7 +322,7 @@ int iface_enumerate(int family, void *parm, int (*callback)())
     }
 }
 
-void netlink_multicast(void)
+void netlink_multicast(time_t now)
 {
   ssize_t len;
   struct nlmsghdr *h;
@@ -318,17 +335,14 @@ void netlink_multicast(void)
   
   if ((len = netlink_recv()) != -1)
     for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
-      if (nl_async(h) && option_bool(OPT_CLEVERBIND))
+      if (nl_async(h))
 	newaddr = 1;
   
   /* restore non-blocking status */
   fcntl(daemon->netlinkfd, F_SETFL, flags);
-
+  
   if (newaddr) 
-    {
-      enumerate_interfaces();
-      create_bound_listeners(0);
-    }
+    nl_newaddress(now);
 }
 
 static int nl_async(struct nlmsghdr *h)
@@ -371,25 +385,33 @@ static int nl_async(struct nlmsghdr *h)
 	}
       return 0;
     }
-  else if (h->nlmsg_type == RTM_NEWADDR) 
-    {
-#ifdef HAVE_DHCP6
-      /* force RAs to sync new network and pick up new interfaces.  */
-      if (daemon->ra_contexts)
-	{
-	  schedule_subnet_map();
-	  ra_start_unsolicted(dnsmasq_time(), NULL);
-	  /* cause lease_update_file to run after we return, in case we were called from
-	     iface_enumerate and can't re-enter it now */
-	  send_alarm(0, 0);
-	}
-#endif	 
-      return 1; /* clever bind mode - rescan */
-    }	 
+  else if (h->nlmsg_type == RTM_NEWADDR || h->nlmsg_type == RTM_DELADDR) 
+    return 1; /* clever bind mode - rescan */
   
   return 0;
 }
+  	
+static void nl_newaddress(time_t now)
+{
+  if (option_bool(OPT_CLEVERBIND) || daemon->doing_dhcp6 || daemon->doing_ra)
+    enumerate_interfaces();
   
+  if (option_bool(OPT_CLEVERBIND))
+    create_bound_listeners(0);
+  
+#ifdef HAVE_DHCP6
+  if (daemon->doing_dhcp6 || daemon->doing_ra)
+    {
+      join_multicast(0);
+      dhcp_construct_contexts(now);
+    }
+  
+  if (daemon->doing_dhcp6)
+    lease_find_interfaces(now);
+#endif
+}
+
+
 #endif
 
       

src/network.c

@@ -114,17 +114,9 @@ int iface_check(int family, struct all_addr *addr, char *name, int *auth)
 
   /* Note: have to check all and not bail out early, so that we set the
      "used" flags. */
-
+  
   if (auth)
-    {
-      if (daemon->authinterface && strcmp(daemon->authinterface, name) == 0)
-	{
-	  *auth = 1;
-	  return 1;
-	}
-      else 
-	*auth = 0;
-    }	
+    *auth = 0;
   
   if (daemon->if_names || daemon->if_addrs)
     {
@@ -134,25 +126,48 @@ int iface_check(int family, struct all_addr *addr, char *name, int *auth)
 	if (tmp->name && (strcmp(tmp->name, name) == 0))
 	  ret = tmp->used = 1;
 	        
-      for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
-	if (tmp->addr.sa.sa_family == family)
-	  {
-	    if (family == AF_INET &&
-		tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
-	      ret = tmp->used = 1;
+      if (addr)
+	for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
+	  if (tmp->addr.sa.sa_family == family)
+	    {
+	      if (family == AF_INET &&
+		  tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
+		ret = tmp->used = 1;
 #ifdef HAVE_IPV6
-	    else if (family == AF_INET6 &&
-		     IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, 
-					&addr->addr.addr6))
-	      ret = tmp->used = 1;
+	      else if (family == AF_INET6 &&
+		       IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, 
+					  &addr->addr.addr6))
+		ret = tmp->used = 1;
 #endif
-	  }          
+	    }          
     }
   
   for (tmp = daemon->if_except; tmp; tmp = tmp->next)
     if (tmp->name && (strcmp(tmp->name, name) == 0))
       ret = 0;
     
+
+  for (tmp = daemon->authinterface; tmp; tmp = tmp->next)
+    if (tmp->name)
+      {
+	if (strcmp(tmp->name, name) == 0)
+	  break;
+      }
+    else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET &&
+	     tmp->addr.in.sin_addr.s_addr == addr->addr.addr4.s_addr)
+      break;
+#ifdef HAVE_IPV6
+    else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 &&
+	     IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr.addr6))
+      break;
+#endif      
+
+  if (tmp && auth) 
+    {
+      *auth = 1;
+      ret = 1;
+    }
+
   return ret; 
 }
       
@@ -257,7 +272,8 @@ static int iface_allowed(struct irec **irecp, int if_index,
       iface->dns_auth = auth_dns;
       iface->mtu = mtu;
       iface->dad = dad;
-      iface->done = 0;
+      iface->done = iface->multicast_done = 0;
+      iface->index = if_index;
       if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1)))
 	{
 	  strcpy(iface->name, ifr.ifr_name);
@@ -266,6 +282,7 @@ static int iface_allowed(struct irec **irecp, int if_index,
 	  return 1;
 	}
       free(iface);
+
     }
   
   errno = ENOMEM; 
@@ -274,7 +291,8 @@ static int iface_allowed(struct irec **irecp, int if_index,
 
 #ifdef HAVE_IPV6
 static int iface_allowed_v6(struct in6_addr *local, int prefix, 
-			    int scope, int if_index, int dad, void *vparam)
+			    int scope, int if_index, int flags, 
+			    int preferred, int valid, void *vparam)
 {
   union mysockaddr addr;
   struct in_addr netmask; /* dummy */
@@ -282,6 +300,8 @@ static int iface_allowed_v6(struct in6_addr *local, int prefix,
 
   (void)prefix; /* warning */
   (void)scope; /* warning */
+  (void)preferred;
+  (void)valid;
   
   memset(&addr, 0, sizeof(addr));
 #ifdef HAVE_SOCKADDR_SA_LEN
@@ -292,7 +312,7 @@ static int iface_allowed_v6(struct in6_addr *local, int prefix,
   addr.in6.sin6_port = htons(daemon->port);
   addr.in6.sin6_scope_id = if_index;
   
-  return iface_allowed((struct irec **)vparam, if_index, &addr, netmask, dad);
+  return iface_allowed((struct irec **)vparam, if_index, &addr, netmask, !!(flags & IFACE_TENTATIVE));
 }
 #endif
 
@@ -569,6 +589,61 @@ int is_dad_listeners(void)
   
   return 0;
 }
+
+#ifdef HAVE_DHCP6
+void join_multicast(int dienow)      
+{
+  struct irec *iface, *tmp;
+
+  for (iface = daemon->interfaces; iface; iface = iface->next)
+    if (iface->addr.sa.sa_family == AF_INET6 && iface->dhcp_ok && !iface->multicast_done)
+      {
+	/* There's an irec per address but we only want to join for multicast 
+	   once per interface. Weed out duplicates. */
+	for (tmp = daemon->interfaces; tmp; tmp = tmp->next)
+	  if (tmp->multicast_done && tmp->index == iface->index)
+	    break;
+	
+	iface->multicast_done = 1;
+	
+	if (!tmp)
+	  {
+	    struct ipv6_mreq mreq;
+	    int err = 0;
+
+	    mreq.ipv6mr_interface = iface->index;
+	    
+	    inet_pton(AF_INET6, ALL_RELAY_AGENTS_AND_SERVERS, &mreq.ipv6mr_multiaddr);
+	    
+	    if (daemon->doing_dhcp6 &&
+		setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+	      err = 1;
+	    
+	    inet_pton(AF_INET6, ALL_SERVERS, &mreq.ipv6mr_multiaddr);
+	    
+	    if (daemon->doing_dhcp6 && 
+		setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+	      err = 1;
+	    
+	    inet_pton(AF_INET6, ALL_ROUTERS, &mreq.ipv6mr_multiaddr);
+	    
+	    if (daemon->doing_ra &&
+		setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) == -1)
+	      err = 1;
+	    
+	    if (err)
+	      {
+		char *s = _("interface %s failed to join DHCPv6 multicast group: %s");
+		if (dienow)
+		  die(s, iface->name, EC_BADNET);
+		else
+		  my_syslog(LOG_ERR, s, iface->name, strerror(errno));
+	      }
+	  }
+      }
+}
+#endif
+
 /* return a UDP socket bound to a random port, have to cope with straying into
    occupied port nos and reserved ones. */
 int random_sock(int family)

src/option.c

@@ -123,8 +123,10 @@ struct myoption {
 #define LOPT_MAXCTTL   312
 #define LOPT_AUTHZONE  313
 #define LOPT_AUTHSERV  314
-#define LOPT_AUTHTTL  315
+#define LOPT_AUTHTTL   315
 #define LOPT_AUTHSOA   316
+#define LOPT_AUTHSFS   317
+#define LOPT_AUTHPEER  318
 
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
@@ -255,6 +257,8 @@ static const struct myoption opts[] =
     { "auth-server", 1, 0, LOPT_AUTHSERV },
     { "auth-ttl", 1, 0, LOPT_AUTHTTL },
     { "auth-soa", 1, 0, LOPT_AUTHSOA },
+    { "auth-sec-servers", 1, 0, LOPT_AUTHSFS },
+    { "auth-peer", 1, 0, LOPT_AUTHPEER }, 
     { NULL, 0, 0, 0 }
   };
 
@@ -388,9 +392,11 @@ static struct {
   { LOPT_RR, ARG_DUP, "<name>,<RR-number>,[<data>]", gettext_noop("Specify arbitrary DNS resource record"), NULL },
   { LOPT_CLVERBIND, OPT_CLEVERBIND, NULL, gettext_noop("Bind to interfaces in use - check for new interfaces"), NULL },
   { LOPT_AUTHSERV, ARG_ONE, "<NS>,<interface>", gettext_noop("Export local names to global DNS"), NULL },
-  { LOPT_AUTHZONE, ARG_DUP, "<domain>,<subnet>[,<subnet>]", gettext_noop("Domain to export to global DNS"), NULL },
+  { LOPT_AUTHZONE, ARG_DUP, "<domain>,[<subnet>...]", gettext_noop("Domain to export to global DNS"), NULL },
   { LOPT_AUTHTTL, ARG_ONE, "<integer>", gettext_noop("Set TTL for authoritative replies"), NULL },
   { LOPT_AUTHSOA, ARG_ONE, "<serial>[,...]", gettext_noop("Set authoritive zone information"), NULL },
+  { LOPT_AUTHSFS, ARG_DUP, "<NS>[,<NS>...]", gettext_noop("Secondary authoritative nameservers for forward domains"), NULL },
+  { LOPT_AUTHPEER, ARG_DUP, "<ipaddr>[,<ipaddr>...]", gettext_noop("Peers which are allowed to do zone transfer"), NULL },
   { 0, 0, NULL, NULL, NULL }
 }; 
 
@@ -617,24 +623,6 @@ static void do_usage(void)
 
 #define ret_err(x) do { strcpy(errstr, (x)); return 0; } while (0)
 
-#ifdef HAVE_DHCP
-
-static int is_tag_prefix(char *arg)
-{
-  if (arg && (strstr(arg, "net:") == arg || strstr(arg, "tag:") == arg))
-    return 1;
-  
-  return 0;
-}
-
-static char *set_prefix(char *arg)
-{
-   if (strstr(arg, "set:") == arg)
-     return arg+4;
-   
-   return arg;
-}
-
 char *parse_server(char *arg, union mysockaddr *addr, union mysockaddr *source_addr, char *interface, int *flags)
 {
   int source_port = 0, serv_port = NAMESERVER_PORT;
@@ -722,6 +710,24 @@ char *parse_server(char *arg, union mysockaddr *addr, union mysockaddr *source_a
   return NULL;
 }
 
+#ifdef HAVE_DHCP
+
+static int is_tag_prefix(char *arg)
+{
+  if (arg && (strstr(arg, "net:") == arg || strstr(arg, "tag:") == arg))
+    return 1;
+  
+  return 0;
+}
+
+static char *set_prefix(char *arg)
+{
+   if (strstr(arg, "set:") == arg)
+     return arg+4;
+   
+   return arg;
+}
+
 /* This is too insanely large to keep in-line in the switch */
 static int parse_dhcp_opt(char *errstr, char *arg, int flags)
 {
@@ -1525,7 +1531,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	    new->next = daemon->dhcp_hosts_file;
 	    daemon->dhcp_hosts_file = new;
 	  }
-	else if (option ==  LOPT_DHCP_OPTS)
+	else if (option == LOPT_DHCP_OPTS)
 	  {
 	    new->next = daemon->dhcp_opts_file;
 	    daemon->dhcp_opts_file = new;
@@ -1538,19 +1544,51 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	ret_err(gen_err);
       
       daemon->authserver = opt_string_alloc(arg);
-      daemon->authinterface = opt_string_alloc(comma);
-      
+      arg = comma;
+      do {
+	struct iname *new = opt_malloc(sizeof(struct iname));
+	comma = split(arg);
+	new->name = NULL;
+	unhide_metas(arg);
+	if ((new->addr.in.sin_addr.s_addr = inet_addr(arg)) != (in_addr_t)-1)
+	  new->addr.sa.sa_family = AF_INET;
+#ifdef HAVE_IPV6
+	else if (inet_pton(AF_INET6, arg, &new->addr.in6.sin6_addr) > 0)
+	  new->addr.sa.sa_family = AF_INET6;
+#endif
+	else
+	  new->name = opt_string_alloc(arg);
+	
+	new->next = daemon->authinterface;
+	daemon->authinterface = new;
+	
+	arg = comma;
+      } while (arg);
+            
       break;
-      
+
+    case LOPT_AUTHSFS: /* --auth-sec-servers */
+      {
+	struct name_list *new;
+
+	do {
+	  comma = split(arg);
+	  new = opt_malloc(sizeof(struct name_list));
+	  new->name = opt_string_alloc(arg);
+	  new->next = daemon->secondary_forward_server;
+	  daemon->secondary_forward_server = new;
+	  arg = comma;
+	} while (arg);
+	break;
+      }
+	
     case LOPT_AUTHZONE: /* --auth-zone */
       {
 	struct auth_zone *new;
 	
 	comma = split(arg);
-	if (!comma)
-	  ret_err(gen_err);
-	
-	new = safe_malloc(sizeof(struct auth_zone));
+		
+	new = opt_malloc(sizeof(struct auth_zone));
 	new->domain = opt_string_alloc(arg);
 	new->subnet = NULL;
 	new->next = daemon->auth_zones;
@@ -1560,7 +1598,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	  {
 	    int prefixlen = 0;
 	    char *prefix;
-	    struct subnet *subnet =  safe_malloc(sizeof(struct subnet));
+	    struct subnet *subnet =  opt_malloc(sizeof(struct subnet));
 	    
 	    subnet->next = new->subnet;
 	    new->subnet = subnet;
@@ -1639,7 +1677,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	    {
 	      if (comma)
 		{
-		  struct cond_domain *new = safe_malloc(sizeof(struct cond_domain));
+		  struct cond_domain *new = opt_malloc(sizeof(struct cond_domain));
 		  char *netpart;
 
 		  unhide_metas(comma);
@@ -1853,14 +1891,15 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
       }
       
     case 'a':  /* --listen-address */
+    case LOPT_AUTHPEER: /* --auth-peer */
       do {
 	struct iname *new = opt_malloc(sizeof(struct iname));
 	comma = split(arg);
 	unhide_metas(arg);
-	new->next = daemon->if_addrs;
 	if (arg && (new->addr.in.sin_addr.s_addr = inet_addr(arg)) != (in_addr_t)-1)
 	  {
 	    new->addr.sa.sa_family = AF_INET;
+	    new->addr.in.sin_port = 0;
 #ifdef HAVE_SOCKADDR_SA_LEN
 	    new->addr.in.sin_len = sizeof(new->addr.in);
 #endif
@@ -1871,6 +1910,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	    new->addr.sa.sa_family = AF_INET6;
 	    new->addr.in6.sin6_flowinfo = 0;
 	    new->addr.in6.sin6_scope_id = 0;
+	    new->addr.in6.sin6_port = 0;
 #ifdef HAVE_SOCKADDR_SA_LEN
 	    new->addr.in6.sin6_len = sizeof(new->addr.in6);
 #endif
@@ -1880,7 +1920,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	  ret_err(gen_err);
 
 	new->used = 0;
-	daemon->if_addrs = new;
+	if (option == 'a')
+	  {
+	    new->next = daemon->if_addrs;
+	    daemon->if_addrs = new;
+	  }
+	else
+	  {
+	    new->next = daemon->auth_peers;
+	    daemon->auth_peers = new;
+	  } 
 	arg = comma;
       } while (arg);
       break;
@@ -2129,7 +2178,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
     case 'F':  /* --dhcp-range */
       {
 	int k, leasepos = 2;
-	char *cp, *a[7] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL };
+	char *cp, *a[8] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL };
 	struct dhcp_context *new = opt_malloc(sizeof(struct dhcp_context));
 	
 	memset (new, 0, sizeof(*new));
@@ -2176,7 +2225,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	      }
 	  }
 	
-	for (k = 1; k < 7; k++)
+	for (k = 1; k < 8; k++)
 	  if (!(a[k] = split(a[k-1])))
 	    break;
 	
@@ -2233,28 +2282,30 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 		if (strcmp(a[leasepos], "static") == 0)
 		  new->flags |= CONTEXT_STATIC | CONTEXT_DHCP;
 		else if (strcmp(a[leasepos], "ra-only") == 0 || strcmp(a[leasepos], "slaac") == 0 )
-		  new->flags |= CONTEXT_RA_ONLY;
+		  new->flags |= CONTEXT_RA_ONLY | CONTEXT_RA;
 		else if (strcmp(a[leasepos], "ra-names") == 0)
-		  new->flags |= CONTEXT_RA_NAME;
+		  new->flags |= CONTEXT_RA_NAME | CONTEXT_RA;
 		else if (strcmp(a[leasepos], "ra-stateless") == 0)
-		  new->flags |= CONTEXT_RA_STATELESS | CONTEXT_DHCP;
+		  new->flags |= CONTEXT_RA_STATELESS | CONTEXT_DHCP | CONTEXT_RA;
 		else if (leasepos == 1 && inet_pton(AF_INET6, a[leasepos], &new->end6))
 		  new->flags |= CONTEXT_DHCP; 
+		else if (strstr(a[leasepos], "constructor:") == a[leasepos])
+		  {
+		    if (a[leasepos][strlen(a[leasepos])-1] == '*')
+		      {
+			a[leasepos][strlen(a[leasepos])-1] = 0;
+			new->flags |= CONTEXT_WILDCARD;
+		      }
+		    new->template_interface = opt_string_alloc(a[leasepos] + 12);
+		    new->flags |= CONTEXT_TEMPLATE;
+		  }
 		else  
 		  break;
 	      }
 	    
-	    if (new->flags & CONTEXT_DHCP)
-	      {
-		new->next = daemon->dhcp6;
-		daemon->dhcp6 = new;
-	      }
-	    else
-	      {
-		new->next = daemon->ra_contexts;
-		daemon->ra_contexts = new;
-	      }
-	     
+	    new->next = daemon->dhcp6;
+	    daemon->dhcp6 = new;
+	    	     
 	    /* bare integer < 128 is prefix value */
 	    if (leasepos < k)
 	      {
@@ -2266,10 +2317,14 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 		  {
 		    new->prefix = pref;
 		    leasepos++;
-		    if ((new->flags & (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS)) && 
-			new->prefix != 64)
-		      ret_err(_("prefix must be exactly 64 for RA subnets"));
-		    else if (new->prefix < 64)
+		    if (new->prefix != 64)
+		      {
+			if ((new->flags & (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS)))
+			  ret_err(_("prefix must be exactly 64 for RA subnets"));
+			else if (new->template_interface)
+			  ret_err(_("prefix must be exactly 64 for subnet constructors"));
+		      }
+		    if (new->prefix < 64)
 		      ret_err(_("prefix must be at least 64"));
 		  }
 	      }
@@ -2319,6 +2374,13 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 			a[leasepos][strlen(a[leasepos]) - 1] = 0;
 		      }
 		    
+		    for (cp = a[leasepos]; *cp; cp++)
+		      if (!(*cp >= '0' && *cp <= '9'))
+			break;
+
+		    if (!cp || (leasepos+1 < k))
+		      ret_err(_("bad dhcp-range"));
+		    
 		    new->lease_time = atoi(a[leasepos]) * fac;
 		    /* Leases of a minute or less confuse
 		       some clients, notably Apple's */

src/radv.c

@@ -27,25 +27,28 @@
 #include <netinet/icmp6.h>
 
 struct ra_param {
+  time_t now;
   int ind, managed, other, found_context, first;
   char *if_name;
   struct dhcp_netid *tags;
-  struct in6_addr link_local;
+  struct in6_addr link_local, link_global;
+  unsigned int pref_time;
 };
 
 struct search_param {
   time_t now; int iface;
 };
 
-static void send_ra(int iface, char *iface_name, struct in6_addr *dest);
+static void send_ra(time_t now, int iface, char *iface_name, struct in6_addr *dest);
 static int add_prefixes(struct in6_addr *local,  int prefix,
-			int scope, int if_index, int dad, void *vparam);
+			int scope, int if_index, int flags, 
+			unsigned int preferred, unsigned int valid, void *vparam);
 static int iface_search(struct in6_addr *local,  int prefix,
-			int scope, int if_index, int dad, void *vparam);
+			int scope, int if_index, int flags, 
+			int prefered, int valid, void *vparam);
 static int add_lla(int index, unsigned int type, char *mac, size_t maclen, void *parm);
 
 static int hop_limit;
-static time_t ra_short_period_start;
 
 void ra_init(time_t now)
 {
@@ -62,7 +65,7 @@ void ra_init(time_t now)
   expand_buf(&daemon->outpacket, sizeof(struct dhcp_packet));
  
   /* See if we're guessing SLAAC addresses, if so we need to recieve ping replies */
-  for (context = daemon->ra_contexts; context; context = context->next)
+  for (context = daemon->dhcp6; context; context = context->next)
     if ((context->flags & CONTEXT_RA_NAME))
       break;
   
@@ -94,18 +97,20 @@ void ra_start_unsolicted(time_t now, struct dhcp_context *context)
      if it's not appropriate to advertise those contexts.
      This gets re-called on a netlink route-change to re-do the advertisement
      and pick up new interfaces */
-
+  
   if (context)
-     context->ra_time = now;
+    context->ra_short_period_start = context->ra_time = now;
   else
-    for (context = daemon->ra_contexts; context; context = context->next)
-      context->ra_time = now + (rand16()/13000); /* range 0 - 5 */
-
-   /* re-do frequently for a minute or so, in case the first gets lost. */
-   ra_short_period_start = now;
+    for (context = daemon->dhcp6; context; context = context->next)
+      if (!(context->flags & CONTEXT_TEMPLATE))
+	{
+	  context->ra_time = now + (rand16()/13000); /* range 0 - 5 */
+	  /* re-do frequently for a minute or so, in case the first gets lost. */
+	  context->ra_short_period_start = now;
+	}
 }
 
-void icmp6_packet(void)
+void icmp6_packet(time_t now)
 {
   char interface[IF_NAMESIZE+1];
   ssize_t sz; 
@@ -174,11 +179,11 @@ void icmp6_packet(void)
          
       my_syslog(MS_DHCP | LOG_INFO, "RTR-SOLICIT(%s) %s", interface, mac);
       /* source address may not be valid in solicit request. */
-      send_ra(if_index, interface, !IN6_IS_ADDR_UNSPECIFIED(&from.sin6_addr) ? &from.sin6_addr : NULL);
+      send_ra(now, if_index, interface, !IN6_IS_ADDR_UNSPECIFIED(&from.sin6_addr) ? &from.sin6_addr : NULL);
     }
 }
 
-static void send_ra(int iface, char *iface_name, struct in6_addr *dest)
+static void send_ra(time_t now, int iface, char *iface_name, struct in6_addr *dest)
 {
   struct ra_packet *ra;
   struct ra_param parm;
@@ -188,7 +193,10 @@ static void send_ra(int iface, char *iface_name, struct in6_addr *dest)
   struct dhcp_netid iface_id;
   struct dhcp_opt *opt_cfg;
   int done_dns = 0;
- 
+#ifdef HAVE_LINUX_NETWORK
+  FILE *f;
+#endif
+
   save_counter(0);
   ra = expand(sizeof(struct ra_packet));
   
@@ -196,7 +204,7 @@ static void send_ra(int iface, char *iface_name, struct in6_addr *dest)
   ra->code = 0;
   ra->hop_limit = hop_limit;
   ra->flags = 0x00;
-  ra->lifetime = htons(1800); /* AdvDefaultLifetime*/
+  ra->lifetime = htons(RA_INTERVAL * 3); /* AdvDefaultLifetime * 3 */
   ra->reachable_time = 0;
   ra->retrans_time = 0;
 
@@ -206,13 +214,15 @@ static void send_ra(int iface, char *iface_name, struct in6_addr *dest)
   parm.found_context = 0;
   parm.if_name = iface_name;
   parm.first = 1;
-
+  parm.now = now;
+  parm.pref_time = 0;
+  
   /* set tag with name == interface */
   iface_id.net = iface_name;
   iface_id.next = NULL;
   parm.tags = &iface_id; 
   
-  for (context = daemon->ra_contexts; context; context = context->next)
+  for (context = daemon->dhcp6; context; context = context->next)
     {
       context->flags &= ~CONTEXT_RA_DONE;
       context->netid.next = &context->netid;
@@ -223,14 +233,23 @@ static void send_ra(int iface, char *iface_name, struct in6_addr *dest)
     return;
 
   strncpy(ifr.ifr_name, iface_name, IF_NAMESIZE);
-  
-  if (ioctl(daemon->icmp6fd, SIOCGIFMTU, &ifr) != -1)
+
+#ifdef HAVE_LINUX_NETWORK
+  /* Note that IPv6 MTU is not necessarilly the same as the IPv4 MTU
+     available from SIOCGIFMTU */
+  sprintf(daemon->namebuff, "/proc/sys/net/ipv6/conf/%s/mtu", iface_name);
+  if ((f = fopen(daemon->namebuff, "r")))
     {
-      put_opt6_char(ICMP6_OPT_MTU);
-      put_opt6_char(1);
-      put_opt6_short(0);
-      put_opt6_long(ifr.ifr_mtu);
+      if (fgets(daemon->namebuff, MAXDNAME, f))
+	{
+	  put_opt6_char(ICMP6_OPT_MTU);
+	  put_opt6_char(1);
+	  put_opt6_short(0);
+	  put_opt6_long(atoi(daemon->namebuff));
+	}
+      fclose(f);
     }
+#endif
      
   iface_enumerate(AF_LOCAL, &iface, add_lla);
  
@@ -256,11 +275,11 @@ static void send_ra(int iface, char *iface_name, struct in6_addr *dest)
 	  put_opt6_char(ICMP6_OPT_RDNSS);
 	  put_opt6_char((opt_cfg->len/8) + 1);
 	  put_opt6_short(0);
-	  put_opt6_long(1800); /* lifetime - twice RA retransmit */
+	  put_opt6_long(RA_INTERVAL * 2); /* lifetime - twice RA retransmit */
 	  /* zero means "self" */
 	  for (i = 0; i < opt_cfg->len; i += IN6ADDRSZ, a++)
 	    if (IN6_IS_ADDR_UNSPECIFIED(a))
-	      put_opt6(&parm.link_local, IN6ADDRSZ);
+	      put_opt6(&parm.link_global, IN6ADDRSZ);
 	    else
 	      put_opt6(a, IN6ADDRSZ);
 	}
@@ -287,8 +306,8 @@ static void send_ra(int iface, char *iface_name, struct in6_addr *dest)
       put_opt6_char(ICMP6_OPT_RDNSS);
       put_opt6_char(3);
       put_opt6_short(0);
-      put_opt6_long(1800); /* lifetime - twice RA retransmit */
-      put_opt6(&parm.link_local, IN6ADDRSZ);
+      put_opt6_long(RA_INTERVAL * 2); /* lifetime - twice RA retransmit */
+      put_opt6(&parm.link_global, IN6ADDRSZ);
     }
 
   /* set managed bits unless we're providing only RA on this link */
@@ -320,29 +339,30 @@ static void send_ra(int iface, char *iface_name, struct in6_addr *dest)
 }
 
 static int add_prefixes(struct in6_addr *local,  int prefix,
-			int scope, int if_index, int dad, void *vparam)
+			int scope, int if_index, int flags, 
+			unsigned int preferred, unsigned int valid, void *vparam)
 {
   struct ra_param *param = vparam;
 
   (void)scope; /* warning */
-  (void)dad;
-
+  
   if (if_index == param->ind)
     {
       if (IN6_IS_ADDR_LINKLOCAL(local))
 	param->link_local = *local;
       else if (!IN6_IS_ADDR_LOOPBACK(local) &&
-	       !IN6_IS_ADDR_LINKLOCAL(local) &&
 	       !IN6_IS_ADDR_MULTICAST(local))
 	{
 	  int do_prefix = 0;
 	  int do_slaac = 0;
 	  int deprecate  = 0;
+	  int constructed = 0;
 	  unsigned int time = 0xffffffff;
 	  struct dhcp_context *context;
 	  
-	  for (context = daemon->ra_contexts; context; context = context->next)
-	    if (prefix == context->prefix &&
+	  for (context = daemon->dhcp6; context; context = context->next)
+	    if (!(context->flags & CONTEXT_TEMPLATE) &&
+		prefix == context->prefix &&
 		is_same_net6(local, &context->start6, prefix) &&
 		is_same_net6(local, &context->end6, prefix))
 	      {
@@ -365,13 +385,21 @@ static int add_prefixes(struct in6_addr *local,  int prefix,
 		    param->managed = 1;
 		    param->other = 1;
 		  }
-
-		/* find floor time */
-		if (time > context->lease_time)
-		  time = context->lease_time;
 		
+		/* find floor time, don't reduce below RA interval. */
+		if (time > context->lease_time)
+		  {
+		    time = context->lease_time;
+		    if (time < ((unsigned int)RA_INTERVAL))
+		      time = RA_INTERVAL;
+		  }
+
 		if (context->flags & CONTEXT_DEPRECATE)
 		  deprecate = 1;
+		
+		if (context->flags & CONTEXT_CONSTRUCTED)
+		  constructed = 1;
+
 
 		/* collect dhcp-range tags */
 		if (context->netid.next == &context->netid && context->netid.net)
@@ -395,6 +423,26 @@ static int add_prefixes(struct in6_addr *local,  int prefix,
 		param->first = 0;	
 		param->found_context = 1;
 	      }
+
+	  /* configured time is ceiling */
+	  if (!constructed || valid > time)
+	    valid = time;
+	  
+	  if (flags & IFACE_DEPRECATED)
+	    preferred = 0;
+	  
+	  if (deprecate)
+	    time = 0;
+	  
+	  /* configured time is ceiling */
+	  if (!constructed || preferred > time)
+	    preferred = time;
+	    	  
+	  if (preferred > param->pref_time)
+	    {
+	      param->pref_time = preferred;
+	      param->link_global = *local;
+	    }
 	  
 	  if (do_prefix)
 	    {
@@ -405,17 +453,13 @@ static int add_prefixes(struct in6_addr *local,  int prefix,
 		  /* zero net part of address */
 		  setaddr6part(local, addr6part(local) & ~((prefix == 64) ? (u64)-1LL : (1LLU << (128 - prefix)) - 1LLU));
 		  
-		  /* lifetimes must be min 2 hrs, by RFC 2462 */
-		  if (time < 7200)
-		    time = 7200;
-		  
 		  opt->type = ICMP6_OPT_PREFIX;
 		  opt->len = 4;
 		  opt->prefix_len = prefix;
 		  /* autonomous only if we're not doing dhcp, always set "on-link" */
 		  opt->flags = do_slaac ? 0xC0 : 0x80;
-		  opt->valid_lifetime = htonl(time);
-		  opt->preferred_lifetime = htonl(deprecate ? 0 : time);
+		  opt->valid_lifetime = htonl(valid);
+		  opt->preferred_lifetime = htonl(preferred);
 		  opt->reserved = 0; 
 		  opt->prefix = *local;
 		  
@@ -462,7 +506,7 @@ time_t periodic_ra(time_t now)
   while (1)
     {
       /* find overdue events, and time of first future event */
-      for (next_event = 0, context = daemon->ra_contexts; context; context = context->next)
+      for (next_event = 0, context = daemon->dhcp6; context; context = context->next)
 	if (context->ra_time != 0)
 	  {
 	    if (difftime(context->ra_time, now) <= 0.0)
@@ -492,51 +536,55 @@ time_t periodic_ra(time_t now)
 	    if (tmp->name && (strcmp(tmp->name, interface) == 0))
 	      break;
 	  if (!tmp)
-	    send_ra(param.iface, interface, NULL); 
+	    send_ra(now, param.iface, interface, NULL); 
 	}
     }      
   return next_event;
 }
   
 static int iface_search(struct in6_addr *local,  int prefix,
-			int scope, int if_index, int dad, void *vparam)
+			int scope, int if_index, int flags, 
+			int preferred, int valid, void *vparam)
 {
   struct search_param *param = vparam;
   struct dhcp_context *context;
 
   (void)scope;
-  (void)dad;
+  (void)preferred;
+  (void)valid;
  
-  for (context = daemon->ra_contexts; context; context = context->next)
-    if (prefix == context->prefix &&
+  for (context = daemon->dhcp6; context; context = context->next)
+    if (!(context->flags & CONTEXT_TEMPLATE) &&
+	prefix == context->prefix &&
 	is_same_net6(local, &context->start6, prefix) &&
-	is_same_net6(local, &context->end6, prefix))
-      if (context->ra_time != 0 && difftime(context->ra_time, param->now) <= 0.0)
-	{
-	  /* found an interface that's overdue for RA determine new 
-	     timeout value and arrange for RA to be sent unless interface is
-	     still doing DAD.*/
-
-	  if (!dad)
-	    param->iface = if_index;
-	  
-	  if (difftime(param->now, ra_short_period_start) < 60.0)
-	    /* range 5 - 20 */
-	    context->ra_time = param->now + 5 + (rand16()/4400);
-	  else
-	    /* range 450 - 600 */
-	    context->ra_time = param->now + 450 + (rand16()/440);
-	  
-	  /* zero timers for other contexts on the same subnet, so they don't timeout 
-	     independently */
-	  for (context = context->next; context; context = context->next)
-	    if (prefix == context->prefix &&
-		is_same_net6(local, &context->start6, prefix) &&
-		is_same_net6(local, &context->end6, prefix))
-	      context->ra_time = 0;
-	  
-	  return 0; /* found, abort */
-	}
+	is_same_net6(local, &context->end6, prefix) &&
+	context->ra_time != 0 && 
+	difftime(context->ra_time, param->now) <= 0.0)
+      {
+	/* found an interface that's overdue for RA determine new 
+	   timeout value and arrange for RA to be sent unless interface is
+	   still doing DAD.*/
+	
+	if (!(flags & IFACE_TENTATIVE))
+	  param->iface = if_index;
+	
+	if (difftime(param->now, context->ra_short_period_start) < 60.0)
+	  /* range 5 - 20 */
+	  context->ra_time = param->now + 5 + (rand16()/4400);
+	else
+	  /* range 3/4 - 1 times RA_INTERVAL */
+	  context->ra_time = param->now + (3 * RA_INTERVAL)/4 + ((RA_INTERVAL * (unsigned int)rand16()) >> 18);
+	
+	/* zero timers for other contexts on the same subnet, so they don't timeout 
+	   independently */
+	for (context = context->next; context; context = context->next)
+	  if (prefix == context->prefix &&
+	      is_same_net6(local, &context->start6, prefix) &&
+	      is_same_net6(local, &context->end6, prefix))
+	    context->ra_time = 0;
+	
+	return 0; /* found, abort */
+      }
   
   return 1; /* keep searching */
 }

src/rfc1035.c

@@ -1186,7 +1186,7 @@ int check_for_bogus_wildcard(struct dns_header *header, size_t qlen, char *name,
 }
 
 int add_resource_record(struct dns_header *header, char *limit, int *truncp, int nameoffset, unsigned char **pp, 
-			unsigned long ttl, unsigned int *offset, unsigned short type, unsigned short class, char *format, ...)
+			unsigned long ttl, int *offset, unsigned short type, unsigned short class, char *format, ...)
 {
   va_list ap;
   unsigned char *sav, *p = *pp;
@@ -1206,7 +1206,9 @@ int add_resource_record(struct dns_header *header, char *limit, int *truncp, int
     }
   else
     {
-      p = do_rfc1035_name(p, va_arg(ap, char *));
+      char *name = va_arg(ap, char *);
+      if (name)
+	p = do_rfc1035_name(p, name);
       if (nameoffset < 0)
 	{
 	  PUTSHORT(-nameoffset | 0xc000, p);
@@ -1699,7 +1701,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		  ans = found = 1;
 		  if (!dryrun)
 		    {
-		      unsigned int offset;
+		      int offset;
 		      log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
 		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
 					      &offset, T_MX, C_IN, "sd", rec->weight, rec->target))
@@ -1737,7 +1739,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		    found = ans = 1;
 		    if (!dryrun)
 		      {
-			unsigned int offset;
+			int offset;
 			log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>");
 			if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, 
 						&offset, T_SRV, C_IN, "sssd", 

src/rfc3315.c

@@ -525,32 +525,38 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 		  {
 		    struct in6_addr *req_addr = opt6_ptr(ia_option, 0);
 		    requested_time = opt6_uint(ia_option, 16, 4);
-		    
-		    if (!address6_available(context, req_addr, tags) &&
-			(!have_config(config, CONFIG_ADDR6) || memcmp(&config->addr6, req_addr, IN6ADDRSZ) != 0))
+		    struct dhcp_context *dynamic;
+
+		    if ((dynamic = address6_available(context, req_addr, tags)) || address6_valid(context, req_addr, tags))
 		      {
-			if (msg_type == DHCP6REQUEST)
+			if (!dynamic && !(have_config(config, CONFIG_ADDR6) && memcmp(&config->addr6, req_addr, IN6ADDRSZ) == 0))
 			  {
-			    /* host has a lease, but it's not on the correct link */
+			    /* Static range, not configured. */
 			    o1 = new_opt6(OPTION6_STATUS_CODE);
-			    put_opt6_short(DHCP6NOTONLINK);
-			    put_opt6_string("Not on link");
+			    put_opt6_short(DHCP6UNSPEC);
+			    put_opt6_string("Address unavailable");
 			    end_opt6(o1);
 			  }
+			else if (lease6_find_by_addr(req_addr, 128, 0) &&
+				 !(lease = lease6_find(clid, clid_len, ia_type == OPTION6_IA_NA ? LEASE_NA : LEASE_TA, iaid, req_addr)))
+			  {
+			    /* Address leased to another DUID/IAID */
+			    o1 = new_opt6(OPTION6_STATUS_CODE);
+			    put_opt6_short(DHCP6UNSPEC);
+			    put_opt6_string("Address in use");
+			    end_opt6(o1);
+			  } 
+			else 
+			  addrp = req_addr;
 		      }
-		    else if ((lease = lease6_find(NULL, 0, ia_type == OPTION6_IA_NA ? LEASE_NA : LEASE_TA, 
-						  iaid, req_addr)) &&
-			     (clid_len != lease->clid_len ||
-			      memcmp(clid, lease->clid, clid_len) != 0))
+		    else if (msg_type == DHCP6REQUEST)
 		      {
-			/* Address leased to another DUID */
+			/* requested address not on the correct link */
 			o1 = new_opt6(OPTION6_STATUS_CODE);
-			put_opt6_short(DHCP6UNSPEC);
-			put_opt6_string("Address in use");
+			put_opt6_short(DHCP6NOTONLINK);
+			put_opt6_string("Not on link");
 			end_opt6(o1);
-		      } 
-		    else
-		      addrp = req_addr;
+		      }
 		  }
 		else
 		  {
@@ -625,10 +631,16 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 				  hostname = NULL;
 			      }
 			  }
+		       	
+			if (have_config(valid_config, CONFIG_TIME))
+			  lease_time = valid_config->lease_time;
+			else
+			  lease_time = this_context->lease_time;
 			
-			lease_time = have_config(valid_config, CONFIG_TIME) ? valid_config->lease_time : this_context->lease_time;
+			 if (this_context->valid < lease_time)
+			   lease_time = this_context->valid;
 			
-			if (ia_option)
+			 if (ia_option)
 			  {
 			    if (requested_time < 120u )
 			      requested_time = 120u; /* sanity */
@@ -740,7 +752,8 @@ static int dhcp6_no_relay(int msg_type, struct in6_addr *link_address, struct dh
 			    o1 =  new_opt6(OPTION6_IAADDR);
 			    put_opt6(addrp, sizeof(*addrp));
 			    /* preferred lifetime */
-			    put_opt6_long(this_context && (this_context->flags & CONTEXT_DEPRECATE) ? 0 : lease_time);
+			    put_opt6_long(this_context && (this_context->preferred < lease_time) ? 
+					  this_context->preferred : lease_time);
 			    put_opt6_long(lease_time); /* valid lifetime */
 			    end_opt6(o1);
 

src/slaac.c

@@ -20,7 +20,6 @@
 
 #include <netinet/icmp6.h>
 
-static int map_rebuild = 0;
 static int ping_id = 0;
 
 void slaac_add_addrs(struct dhcp_lease *lease, time_t now, int force)
@@ -38,7 +37,7 @@ void slaac_add_addrs(struct dhcp_lease *lease, time_t now, int force)
   old = lease->slaac_address;
   lease->slaac_address = NULL;
 
-  for (context = daemon->ra_contexts; context; context = context->next) 
+  for (context = daemon->dhcp6; context; context = context->next) 
     if ((context->flags & CONTEXT_RA_NAME) && lease->last_interface == context->if_index)
       {
 	struct in6_addr addr = context->start6;
@@ -123,7 +122,7 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases)
   struct slaac_address *slaac;
   time_t next_event = 0;
   
-  for (context = daemon->ra_contexts; context; context = context->next)
+  for (context = daemon->dhcp6; context; context = context->next)
     if ((context->flags & CONTEXT_RA_NAME))
       break;
 
@@ -134,12 +133,6 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases)
   while (ping_id == 0)
     ping_id = rand16();
 
-  if (map_rebuild)
-    {
-      map_rebuild = 0;
-      build_subnet_map();
-    }
-
   for (lease = leases; lease; lease = lease->next)
     for (slaac = lease->slaac_address; slaac; slaac = slaac->next)
       {
@@ -211,51 +204,4 @@ void slaac_ping_reply(struct in6_addr *sender, unsigned char *packet, char *inte
   lease_update_dns(gotone);
 }
 	
-/* Build a map from ra-names subnets to corresponding interfaces. This
-   is used to go from DHCPv4 leases to SLAAC addresses, 
-   interface->IPv6-subnet, IPv6-subnet + MAC address -> SLAAC.
-*/	      
-static int add_subnet(struct in6_addr *local,  int prefix,
-		      int scope, int if_index, int dad, void *vparam)
-{ 
-  struct dhcp_context *context;
- 
-  (void)scope;
-  (void)dad;
-  (void)vparam;
-
-  for (context = daemon->ra_contexts; context; context = context->next)
-    if ((context->flags & CONTEXT_RA_NAME) &&
-	prefix == context->prefix &&
-	is_same_net6(local, &context->start6, prefix) &&
-	is_same_net6(local, &context->end6, prefix))
-      {
-	context->if_index = if_index;
-	context->local6 = *local;
-      }
-
-  return 1;
-}
-
-void build_subnet_map(void)
-{
-  struct dhcp_context *context;
-  int ok = 0;
-
-  for (context = daemon->ra_contexts; context; context = context->next)
-    {
-      context->if_index = 0;
-      if ((context->flags & CONTEXT_RA_NAME))
-	ok = 1;
-    }
-
-  /* ra-names configured */
-  if (ok)
-    iface_enumerate(AF_INET6, NULL, add_subnet);
-}
-
-void schedule_subnet_map(void)
-{
-  map_rebuild = 1; 
-}
 #endif