/* dnsmasq is Copyright (c) 2000-2025 Simon Kelley

   This program is free software; you can redistribute it and/or modify

   it under the terms of the GNU General Public License as published by

   the Free Software Foundation; version 2 dated June, 1991, or

   (at your option) version 3 dated 29 June, 2007.

   This program is distributed in the hope that it will be useful,

   but WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License

   along with this program.  If not, see <http://www.gnu.org/licenses/>.

*/

#include "dnsmasq.h"

#ifdef HAVE_DHCP6

struct state {

  unsigned char *clid;

  int multicast_dest, clid_len, ia_type, interface, hostname_auth, lease_allocate;

  char *client_hostname, *hostname, *domain, *send_domain;

  struct dhcp_context *context;

  struct in6_addr *link_address, *fallback, *ll_addr, *ula_addr;

  unsigned int xid, fqdn_flags, iaid;

  char *iface_name;

  void *packet_options, *end;

  struct dhcp_netid *tags, *context_tags;

  unsigned char mac[DHCP_CHADDR_MAX];

  unsigned int mac_len, mac_type;

};

static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, 

           struct in6_addr *client_addr, int is_unicast, time_t now);

static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now);

static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts);

static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string);

static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string);

static void *opt6_find (uint8_t *opts, uint8_t *end, unsigned int search, unsigned int minsize);

static void *opt6_next(uint8_t *opts, uint8_t *end);

static unsigned int opt6_uint(unsigned char *opt, int offset, int size);

static void get_context_tag(struct state *state, struct dhcp_context *context);

static int check_ia(struct state *state, void *opt, void **endp, void **ia_option);

static int build_ia(struct state *state, int *t1cntr);

static void end_ia(int t1cntr, unsigned int min_time, int do_fuzz);

static void mark_context_used(struct state *state, struct in6_addr *addr);

static void mark_config_used(struct dhcp_context *context, struct in6_addr *addr);

static int check_address(struct state *state, struct in6_addr *addr);

static int config_valid(struct dhcp_config *config, struct dhcp_context *context, struct in6_addr *addr, struct state *state, time_t now);

static struct addrlist *config_implies(struct dhcp_config *config, struct dhcp_context *context, struct in6_addr *addr);

static void add_address(struct state *state, struct dhcp_context *context, unsigned int lease_time, void *ia_option, 

      unsigned int *min_time, struct in6_addr *addr, time_t now);

static void update_leases(struct state *state, struct dhcp_context *context, struct in6_addr *addr, unsigned int lease_time, time_t now);

static int add_local_addrs(struct dhcp_context *context);

static struct dhcp_netid *add_options(struct state *state, int do_refresh);

static void calculate_times(struct dhcp_context *context, unsigned int *min_time, unsigned int *valid_timep, 

          unsigned int *preferred_timep, unsigned int lease_time);

#define opt6_len(opt) ((int)(opt6_uint(opt, -2, 2)))

#define opt6_type(opt) (opt6_uint(opt, -4, 2))

#define opt6_ptr(opt, i) ((void *)&(((uint8_t *)(opt))[4+(i)]))

#define opt6_user_vendor_ptr(opt, i) ((void *)&(((uint8_t *)(opt))[2+(i)]))

#define opt6_user_vendor_len(opt) ((int)(opt6_uint(opt, -4, 2)))

#define opt6_user_vendor_next(opt, end) (opt6_next(((uint8_t *) opt) - 2, end))

unsigned short dhcp6_reply(struct dhcp_context *context, int multicast_dest, int interface, char *iface_name,

         struct in6_addr *fallback,  struct in6_addr *ll_addr, struct in6_addr *ula_addr,

         size_t sz, struct in6_addr *client_addr, time_t now)

{

  struct dhcp_vendor *vendor;

  int msg_type;

  struct state state;

  if (sz <= 4)

    return 0;

  msg_type = *((unsigned char *)daemon->dhcp_packet.iov_base);

  /* Mark these so we only match each at most once, to avoid tangled linked lists */

  for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)

    vendor->netid.next = &vendor->netid;

  reset_counter();

  state.context = context;

  state.multicast_dest = multicast_dest;

  state.interface = interface;

  state.iface_name = iface_name;

  state.fallback = fallback;

  state.ll_addr = ll_addr;

  state.ula_addr = ula_addr;

  state.mac_len = 0;

  state.tags = NULL;

  state.link_address = NULL;

  if (dhcp6_maybe_relay(&state, daemon->dhcp_packet.iov_base, sz, client_addr, 

      IN6_IS_ADDR_MULTICAST(client_addr), now))

    return msg_type == DHCP6RELAYFORW ? DHCPV6_SERVER_PORT : DHCPV6_CLIENT_PORT;

  return 0;

}

/* This cost me blood to write, it will probably cost you blood to understand - srk. */

static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, 

           struct in6_addr *client_addr, int is_unicast, time_t now)

{

  uint8_t *end = inbuff + sz;

  uint8_t *opts = inbuff + 34;

  int msg_type = *inbuff;

  unsigned char *outmsgtypep;

  uint8_t *opt;

  struct dhcp_vendor *vendor;

  /* if not an encapsulated relayed message, just do the stuff */

  if (msg_type != DHCP6RELAYFORW)

    {

      /* if link_address != NULL if points to the link address field of the 

   innermost nested RELAYFORW message, which is where we find the

   address of the network on which we can allocate an address.

   Recalculate the available contexts using that information. 

      link_address == NULL means there's no relay in use, so we try and find the client's 

      MAC address from the local ND cache. */

      if (!state->link_address)

  get_client_mac(client_addr, state->interface, state->mac, &state->mac_len, &state->mac_type, now);

      else

  {

    struct dhcp_context *c;

    struct shared_network *share = NULL;

    state->context = NULL;

    if (!IN6_IS_ADDR_LOOPBACK(state->link_address) &&

        !IN6_IS_ADDR_LINKLOCAL(state->link_address) &&

        !IN6_IS_ADDR_MULTICAST(state->link_address))

      for (c = daemon->dhcp6; c; c = c->next)

        {

    for (share = daemon->shared_networks; share; share = share->next)

      {

        if (share->shared_addr.s_addr != 0)

          continue;

        if (share->if_index != 0 ||

      !IN6_ARE_ADDR_EQUAL(state->link_address, &share->match_addr6))

          continue;

        if ((c->flags & CONTEXT_DHCP) &&

      !(c->flags & (CONTEXT_TEMPLATE | CONTEXT_OLD)) &&

      is_same_net6(&share->shared_addr6, &c->start6, c->prefix) &&

      is_same_net6(&share->shared_addr6, &c->end6, c->prefix))

          break;

      }

    if (share ||

        ((c->flags & CONTEXT_DHCP) &&

         !(c->flags & (CONTEXT_TEMPLATE | CONTEXT_OLD)) &&

         is_same_net6(state->link_address, &c->start6, c->prefix) &&

         is_same_net6(state->link_address, &c->end6, c->prefix)))

      {

        c->preferred = c->valid = 0xffffffff;

        c->current = state->context;

        state->context = c;

      }

        }

    if (!state->context)

      {

        inet_ntop(AF_INET6, state->link_address, daemon->addrbuff, ADDRSTRLEN); 

        my_syslog(MS_DHCP | LOG_WARNING, 

      _("no address range available for DHCPv6 request from relay at %s"),

      daemon->addrbuff);

        return 0;

      }

  }

      if (!state->context)

  {

    my_syslog(MS_DHCP | LOG_WARNING, 

        _("no address range available for DHCPv6 request via %s"), state->iface_name);

    return 0;

  }

      return dhcp6_no_relay(state, msg_type, inbuff, sz, is_unicast, now);

    }

  /* must have at least msg_type+hopcount+link_address+peer_address+minimal size option

     which is               1   +    1   +    16      +     16     + 2 + 2 = 38 */

  if (sz < 38)

    return 0;

  /* copy header stuff into reply message and set type to reply */

  if (!(outmsgtypep = put_opt6(inbuff, 34)))

    return 0;

  *outmsgtypep = DHCP6RELAYREPL;

  /* look for relay options and set tags if found. */

  for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)

    {

      int mopt;

      if (vendor->match_type == MATCH_SUBSCRIBER)

  mopt = OPTION6_SUBSCRIBER_ID;

      else if (vendor->match_type == MATCH_REMOTE)

  mopt = OPTION6_REMOTE_ID; 

      else

  continue;

      if ((opt = opt6_find(opts, end, mopt, 1)) &&

    vendor->len == opt6_len(opt) &&

    memcmp(vendor->data, opt6_ptr(opt, 0), vendor->len) == 0 &&

    vendor->netid.next != &vendor->netid)

  {

    vendor->netid.next = state->tags;

    state->tags = &vendor->netid;

    break;

  }

    }

  /* RFC-6939 */

  if ((opt = opt6_find(opts, end, OPTION6_CLIENT_MAC, 3)))

    {

      if (opt6_len(opt) - 2 > DHCP_CHADDR_MAX) {

        return 0;

      }

      state->mac_type = opt6_uint(opt, 0, 2);

      state->mac_len = opt6_len(opt) - 2;

      memcpy(&state->mac[0], opt6_ptr(opt, 2), state->mac_len);

    }

  for (opt = opts; opt; opt = opt6_next(opt, end))

    {

      if ((uint8_t *)opt6_ptr(opt, 0) + opt6_len(opt) > end)

        return 0;

      /* Don't copy MAC address into reply. */

      if (opt6_type(opt) != OPTION6_CLIENT_MAC)

  {

    int o = new_opt6(opt6_type(opt));

    if (opt6_type(opt) == OPTION6_RELAY_MSG)

      {

        struct in6_addr align;

        /* the packet data is unaligned, copy to aligned storage */

        memcpy(&align, inbuff + 2, IN6ADDRSZ); 

        /* RFC6221 para 4 */

        if (!IN6_IS_ADDR_UNSPECIFIED(&align))

    state->link_address = &align;

        /* zero is_unicast since that is now known to refer to the 

     relayed packet, not the original sent by the client */

        if (!dhcp6_maybe_relay(state, opt6_ptr(opt, 0), opt6_len(opt), client_addr, 0, now))

    return 0;

      }

    else

      put_opt6(opt6_ptr(opt, 0), opt6_len(opt));

    end_opt6(o);

  }

    }

  return 1;

}

static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now)

{

  void *opt;

  int i, o, o1, start_opts, start_msg;

  struct dhcp_opt *opt_cfg;

  struct dhcp_netid *tagif;

  struct dhcp_config *config = NULL;

  struct dhcp_netid known_id, iface_id, v6_id;

  unsigned char outmsgtype;

  struct dhcp_vendor *vendor;

  struct dhcp_context *context_tmp;

  struct dhcp_mac *mac_opt;

  unsigned int ignore = 0;

  state->packet_options = inbuff + 4;

  state->end = inbuff + sz;

  state->clid = NULL;

  state->clid_len = 0;

  state->lease_allocate = 0;

  state->context_tags = NULL;

  state->domain = NULL;

  state->send_domain = NULL;

  state->hostname_auth = 0;

  state->hostname = NULL;

  state->client_hostname = NULL;

  state->fqdn_flags = 0x01; /* default to send if we receive no FQDN option */

  /* set tag with name == interface */

  iface_id.net = state->iface_name;

  iface_id.next = state->tags;

  state->tags = &iface_id; 

  /* set tag "dhcpv6" */

  v6_id.net = "dhcpv6";

  v6_id.next = state->tags;

  state->tags = &v6_id;

  start_msg = save_counter(-1);

  /* copy over transaction-id */

  if (!put_opt6(inbuff, 4))

    return 0;

  start_opts = save_counter(-1);

  state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16;

  /* We're going to be linking tags from all context we use. 

     mark them as unused so we don't link one twice and break the list */

  for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current)

    {

      context_tmp->netid.next = &context_tmp->netid;

      if (option_bool(OPT_LOG_OPTS))

  {

     inet_ntop(AF_INET6, &context_tmp->start6, daemon->dhcp_buff, ADDRSTRLEN); 

     inet_ntop(AF_INET6, &context_tmp->end6, daemon->dhcp_buff2, ADDRSTRLEN); 

     if (context_tmp->flags & (CONTEXT_STATIC))

       my_syslog(MS_DHCP | LOG_INFO, _("%u available DHCPv6 subnet: %s/%d"),

           state->xid, daemon->dhcp_buff, context_tmp->prefix);

     else

       my_syslog(MS_DHCP | LOG_INFO, _("%u available DHCP range: %s -- %s"), 

           state->xid, daemon->dhcp_buff, daemon->dhcp_buff2);

  }

    }

  if ((opt = opt6_find(state->packet_options, state->end, OPTION6_CLIENT_ID, 1)))

    {

      state->clid = opt6_ptr(opt, 0);

      state->clid_len = opt6_len(opt);

      o = new_opt6(OPTION6_CLIENT_ID);

      put_opt6(state->clid, state->clid_len);

      end_opt6(o);

    }

  else if (msg_type != DHCP6IREQ)

    return 0;

  opt = opt6_find(state->packet_options, state->end, OPTION6_SERVER_ID, 1);

  if (msg_type == DHCP6SOLICIT || msg_type == DHCP6CONFIRM || msg_type == DHCP6REBIND || msg_type == DHCP6IREQ)

    {

      /* Above message types must be multicast 3315 Section 15. */

      if (!state->multicast_dest)

  return 0;

      /* server-id must match except for SOLICIT, CONFIRM and REBIND messages, which MUST NOT

   have a server-id.  3315 para 15.x */

      if (msg_type == DHCP6IREQ)

  {

    /* If server-id provided in IREQ, it must match. */

    if (opt && (opt6_len(opt) != daemon->duid_len ||

          memcmp(opt6_ptr(opt, 0), daemon->duid, daemon->duid_len) != 0))

      return 0;

  }

      else if (opt) 

  return 0;

    }

  else

    {

      /* Everything else MUST have a server-id that matches ours. */

      if (!opt || opt6_len(opt) != daemon->duid_len ||

    memcmp(opt6_ptr(opt, 0), daemon->duid, daemon->duid_len) != 0)

  return 0;

    }

  o = new_opt6(OPTION6_SERVER_ID);

  put_opt6(daemon->duid, daemon->duid_len);

  end_opt6(o);

  if (is_unicast &&

      (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE))

    {  

      outmsgtype = DHCP6REPLY;

      o1 = new_opt6(OPTION6_STATUS_CODE);

      put_opt6_short(DHCP6USEMULTI);

      put_opt6_string("Use multicast");

      end_opt6(o1);

      goto done;

    }

  /* match vendor and user class options */

  for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)

    {

      int mopt;

      if (vendor->match_type == MATCH_VENDOR)

  mopt = OPTION6_VENDOR_CLASS;

      else if (vendor->match_type == MATCH_USER)

  mopt = OPTION6_USER_CLASS; 

      else

  continue;

      if ((opt = opt6_find(state->packet_options, state->end, mopt, 2)))

  {

    void *enc_opt, *enc_end = opt6_ptr(opt, opt6_len(opt));

    int offset = 0;

    if (mopt == OPTION6_VENDOR_CLASS)

      {

        if (opt6_len(opt) < 4)

    continue;

        if (vendor->enterprise != opt6_uint(opt, 0, 4))

    continue;

        offset = 4;

      }

    /* Note that format if user/vendor classes is different to DHCP options - no option types. */

    for (enc_opt = opt6_ptr(opt, offset); enc_opt; enc_opt = opt6_user_vendor_next(enc_opt, enc_end))

      for (i = 0; i <= (opt6_user_vendor_len(enc_opt) - vendor->len); i++)

        if (memcmp(vendor->data, opt6_user_vendor_ptr(enc_opt, i), vendor->len) == 0)

    {

      vendor->netid.next = state->tags;

      state->tags = &vendor->netid;

      break;

    }

  }

    }

  if (option_bool(OPT_LOG_OPTS) && (opt = opt6_find(state->packet_options, state->end, OPTION6_VENDOR_CLASS, 4)))

    my_syslog(MS_DHCP | LOG_INFO, _("%u vendor class: %u"), state->xid, opt6_uint(opt, 0, 4));

  /* dhcp-match. If we have hex-and-wildcards, look for a left-anchored match.

     Otherwise assume the option is an array, and look for a matching element. 

     If no data given, existence of the option is enough. This code handles 

     V-I opts too. */

  for (opt_cfg = daemon->dhcp_match6; opt_cfg; opt_cfg = opt_cfg->next)

    {

      int match = 0;

      if (opt_cfg->flags & DHOPT_RFC3925)

  {

    for (opt = opt6_find(state->packet_options, state->end, OPTION6_VENDOR_OPTS, 4);

         opt;

         opt = opt6_find(opt6_next(opt, state->end), state->end, OPTION6_VENDOR_OPTS, 4))

      {

        void *vopt;

        void *vend = opt6_ptr(opt, opt6_len(opt));

        for (vopt = opt6_find(opt6_ptr(opt, 4), vend, opt_cfg->opt, 0);

       vopt;

       vopt = opt6_find(opt6_next(vopt, vend), vend, opt_cfg->opt, 0))

    if ((match = match_bytes(opt_cfg, opt6_ptr(vopt, 0), opt6_len(vopt))))

      break;

      }

    if (match)

      break;

  }

      else

  {

    if (!(opt = opt6_find(state->packet_options, state->end, opt_cfg->opt, 1)))

      continue;

    match = match_bytes(opt_cfg, opt6_ptr(opt, 0), opt6_len(opt));

  } 

      if (match)

  {

    opt_cfg->netid->next = state->tags;

    state->tags = opt_cfg->netid;

  }

    }

  if (state->mac_len != 0)

    {

      if (option_bool(OPT_LOG_OPTS))

  {

    print_mac(daemon->dhcp_buff, state->mac, state->mac_len);

    my_syslog(MS_DHCP | LOG_INFO, _("%u client MAC address: %s"), state->xid, daemon->dhcp_buff);

  }

      for (mac_opt = daemon->dhcp_macs; mac_opt; mac_opt = mac_opt->next)

  if ((unsigned)mac_opt->hwaddr_len == state->mac_len &&

      ((unsigned)mac_opt->hwaddr_type == state->mac_type || mac_opt->hwaddr_type == 0) &&

      memcmp_masked(mac_opt->hwaddr, state->mac, state->mac_len, mac_opt->mask))

    {

      mac_opt->netid.next = state->tags;

      state->tags = &mac_opt->netid;

    }

    }

  else if (option_bool(OPT_LOG_OPTS))

    my_syslog(MS_DHCP | LOG_INFO, _("%u cannot determine client MAC address"), state->xid);

  if ((opt = opt6_find(state->packet_options, state->end, OPTION6_FQDN, 1)))

    {

      /* RFC4704 refers */

       int len = opt6_len(opt) - 1;

       state->fqdn_flags = opt6_uint(opt, 0, 1);

       /* Always force update, since the client has no way to do it itself. */

       if (!option_bool(OPT_FQDN_UPDATE) && !(state->fqdn_flags & 0x01))

   state->fqdn_flags |= 0x03;

       state->fqdn_flags &= ~0x04;

       if (len != 0 && len < 255)

   {

     unsigned char *pp, *op = opt6_ptr(opt, 1);

     char *pq = daemon->dhcp_buff;

     pp = op;

     while (*op != 0 && ((op + (*op)) - pp) < len)

       {

         memcpy(pq, op+1, *op);

         pq += *op;

         op += (*op)+1;

         *(pq++) = '.';

       }

     if (pq != daemon->dhcp_buff)

       pq--;

     *pq = 0;

     if (legal_hostname(daemon->dhcp_buff))

       {

         struct dhcp_match_name *m;

         size_t nl = strlen(daemon->dhcp_buff);

         state->client_hostname = daemon->dhcp_buff;

         if (option_bool(OPT_LOG_OPTS))

     my_syslog(MS_DHCP | LOG_INFO, _("%u client provides name: %s"), state->xid, state->client_hostname);

         for (m = daemon->dhcp_name_match; m; m = m->next)

     {

       size_t ml = strlen(m->name);

       char save = 0;

       if (nl < ml)

         continue;

       if (nl > ml)

         {

           save = state->client_hostname[ml];

           state->client_hostname[ml] = 0;

         }

       if (hostname_isequal(state->client_hostname, m->name) &&

           (save == 0 || m->wildcard))

         {

           m->netid->next = state->tags;

           state->tags = m->netid;

         }

       if (save != 0)

         state->client_hostname[ml] = save;

     }

       }

   }

    }  

  if (state->clid &&

      (config = find_config(daemon->dhcp_conf, state->context, state->clid, state->clid_len,

          state->mac, state->mac_len, state->mac_type, NULL, run_tag_if(state->tags))) &&

      have_config(config, CONFIG_NAME))

    {

      state->hostname = config->hostname;

      state->domain = config->domain;

      state->hostname_auth = 1;

    }

  else if (state->client_hostname)

    {

      state->domain = strip_hostname(state->client_hostname);

      if (strlen(state->client_hostname) != 0)

  {

    state->hostname = state->client_hostname;

    if (!config)

      {

        /* Search again now we have a hostname. 

     Only accept configs without CLID here, (it won't match)

     to avoid impersonation by name. */

        struct dhcp_config *new = find_config(daemon->dhcp_conf, state->context, NULL, 0, NULL, 0, 0, state->hostname, run_tag_if(state->tags));

        if (new && !have_config(new, CONFIG_CLID) && !new->hwaddr)

    config = new;

      }

  }

    }

  if (config)

    {

      struct dhcp_netid_list *list;

      for (list = config->netid; list; list = list->next)

        {

          list->list->next = state->tags;

          state->tags = list->list;

        }

      /* set "known" tag for known hosts */

      known_id.net = "known";

      known_id.next = state->tags;

      state->tags = &known_id;

      if (have_config(config, CONFIG_DISABLE))

  ignore = 1;

    }

  else if (state->clid &&

     find_config(daemon->dhcp_conf, NULL, state->clid, state->clid_len,

           state->mac, state->mac_len, state->mac_type, NULL, run_tag_if(state->tags)))

    {

      known_id.net = "known-othernet";

      known_id.next = state->tags;

      state->tags = &known_id;

    }

  tagif = run_tag_if(state->tags);

  /* if all the netids in the ignore list are present, ignore this client */

  if (daemon->dhcp_ignore)

    {

      struct dhcp_netid_list *id_list;

      for (id_list = daemon->dhcp_ignore; id_list; id_list = id_list->next)

  if (match_netid(id_list->list, tagif, 0))

    ignore = 1;

    }

  /* if all the netids in the ignore_name list are present, ignore client-supplied name */

  if (!state->hostname_auth)

    {

       struct dhcp_netid_list *id_list;

       for (id_list = daemon->dhcp_ignore_names; id_list; id_list = id_list->next)

   if ((!id_list->list) || match_netid(id_list->list, tagif, 0))

     break;

       if (id_list)

   state->hostname = NULL;

    }

  switch (msg_type)

    {

    default:

      return 0;

    case DHCP6SOLICIT:

      {

        int address_assigned;

  /* tags without all prefix-class tags */

  struct dhcp_netid *solicit_tags;

  struct dhcp_context *c;

  outmsgtype = DHCP6ADVERTISE;

  if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0))

    {

      outmsgtype = DHCP6REPLY;

      state->lease_allocate = 1;

      o = new_opt6(OPTION6_RAPID_COMMIT);

      end_opt6(o);

    }

    log6_quiet(state, "DHCPSOLICIT", NULL, ignore ? _("ignored") : NULL);

      request_no_address:

  solicit_tags = tagif;

  address_assigned = 0;

  if (ignore)

    return 0;

  /* reset USED bits in leases */

  lease6_reset();

  /* Can use configured address max once per prefix */

  for (c = state->context; c; c = c->current)

    c->flags &= ~CONTEXT_CONF_USED;

  for (opt = state->packet_options; opt; opt = opt6_next(opt, state->end))

    {   

      void *ia_option, *ia_end;

      unsigned int min_time = 0xffffffff;

      int t1cntr;

      int ia_counter;

      /* set unless we're sending a particular prefix-class, when we

         want only dhcp-ranges with the correct tags set and not those without any tags. */

      int plain_range = 1;

      u32 lease_time;

      struct dhcp_lease *ltmp;

      struct in6_addr req_addr, addr;

      if (!check_ia(state, opt, &ia_end, &ia_option))

        continue;

      /* reset USED bits in contexts - one address per prefix per IAID */

      for (c = state->context; c; c = c->current)

        c->flags &= ~CONTEXT_USED;

      o = build_ia(state, &t1cntr);

      if (address_assigned)

    address_assigned = 2;

      for (ia_counter = 0; ia_option; ia_counter++, ia_option = opt6_find(opt6_next(ia_option, ia_end), ia_end, OPTION6_IAADDR, 24))

        {

    /* worry about alignment here. */

    memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);

    if ((c = address6_valid(state->context, &req_addr, solicit_tags, plain_range)))

      {

        lease_time = c->lease_time;

        /* If the client asks for an address on the same network as a configured address, 

           offer the configured address instead, to make moving to newly-configured

           addresses automatic. */

        if (!(c->flags & CONTEXT_CONF_USED) && config_valid(config, c, &addr, state, now))

          {

      req_addr = addr;

      mark_config_used(c, &addr);

      if (have_config(config, CONFIG_TIME))

        lease_time = config->lease_time;

          }

        else if (!(c = address6_available(state->context, &req_addr, solicit_tags, plain_range)))

          continue; /* not an address we're allowed */

        else if (!check_address(state, &req_addr))

          continue; /* address leased elsewhere */

        /* add address to output packet */

        add_address(state, c, lease_time, ia_option, &min_time, &req_addr, now);

        mark_context_used(state, &req_addr);

        get_context_tag(state, c);

        address_assigned = 1;

      }

        }

      /* Suggest configured address(es) */

      for (c = state->context; c; c = c->current) 

        if (!(c->flags & CONTEXT_CONF_USED) &&

      match_netid(c->filter, solicit_tags, plain_range) &&

      config_valid(config, c, &addr, state, now))

    {

      mark_config_used(state->context, &addr);

      if (have_config(config, CONFIG_TIME))

        lease_time = config->lease_time;

      else

        lease_time = c->lease_time;

      /* add address to output packet */

      add_address(state, c, lease_time, NULL, &min_time, &addr, now);

      mark_context_used(state, &addr);

      get_context_tag(state, c);

      address_assigned = 1;

    }

      /* return addresses for existing leases */

      ltmp = NULL;

      while ((ltmp = lease6_find_by_client(ltmp, state->ia_type == OPTION6_IA_NA ? LEASE_NA : LEASE_TA, state->clid, state->clid_len, state->iaid)))

        {

    req_addr = ltmp->addr6;

    if ((c = address6_available(state->context, &req_addr, solicit_tags, plain_range)))

      {

        add_address(state, c, c->lease_time, NULL, &min_time, &req_addr, now);

        mark_context_used(state, &req_addr);

        get_context_tag(state, c);

        address_assigned = 1;

      }

        }

      /* Return addresses for all valid contexts which don't yet have one */

      while ((c = address6_allocate(state->context, state->clid, state->clid_len, state->ia_type == OPTION6_IA_TA,

            state->iaid, ia_counter, solicit_tags, plain_range, &addr)))

        {

    add_address(state, c, c->lease_time, NULL, &min_time, &addr, now);

    mark_context_used(state, &addr);

    get_context_tag(state, c);

    address_assigned = 1;

        }

      if (address_assigned != 1)

        {

    /* If the server cannot assign any addresses to an IA in the message

       from the client, the server MUST include the IA in the Reply message

       with no addresses in the IA and a Status Code option in the IA

       containing status code NoAddrsAvail. */

    o1 = new_opt6(OPTION6_STATUS_CODE);

    put_opt6_short(DHCP6NOADDRS);

    put_opt6_string(_("address unavailable"));

    end_opt6(o1);

        }

      end_ia(t1cntr, min_time, 0);

      end_opt6(o);  

    }

  if (address_assigned) 

    {

      o1 = new_opt6(OPTION6_STATUS_CODE);

      put_opt6_short(DHCP6SUCCESS);

      put_opt6_string(_("success"));

      end_opt6(o1);

      /* If --dhcp-authoritative is set, we can tell client not to wait for

         other possible servers */

      o = new_opt6(OPTION6_PREFERENCE);

      put_opt6_char(option_bool(OPT_AUTHORITATIVE) ? 255 : 0);

      end_opt6(o);

    }

  else

    { 

      /* no address, return error */

      o1 = new_opt6(OPTION6_STATUS_CODE);

      put_opt6_short(DHCP6NOADDRS);

      put_opt6_string(_("no addresses available"));

      end_opt6(o1);

      /* Some clients will ask repeatedly when we're not giving

         out addresses because we're in stateless mode. Avoid spamming

         the log in that case. */

      for (c = state->context; c; c = c->current)

        if (!(c->flags & CONTEXT_RA_STATELESS))

    {

      log6_packet(state, state->lease_allocate ? "DHCPREPLY" : "DHCPADVERTISE", NULL, _("no addresses available"));

      break;

    }

    }

  tagif = add_options(state, 0);

  break;

      }

    case DHCP6REQUEST:

      {

  int address_assigned = 0;

  int start = save_counter(-1);

  /* set reply message type */