README revision d04ccbb3f3163ae5962a8b7465d9796bff6ca434
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsCDDL HEADER START
861a4860e4b1444b4942386a44bf56539d160c25Mark AndrewsThe contents of this file are subject to the terms of the
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsCommon Development and Distribution License (the "License").
ec5347e2c775f027573ce5648b910361aa926c01Automatic UpdaterYou may not use this file except in compliance with the License.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsYou can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsSee the License for the specific language governing permissions
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsand limitations under the License.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsWhen distributing Covered Code, include this CDDL HEADER in each
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsfile and include the License file at usr/src/OPENSOLARIS.LICENSE.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsIf applicable, add the following below this CDDL HEADER, with the
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsfields enclosed by brackets "[]" replaced with your own identifying
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsinformation: Portions Copyright [yyyy] [name of copyright owner]
95317501208f3bf5b159e6a40801b7069f68c486Mark AndrewsCDDL HEADER END
95317501208f3bf5b159e6a40801b7069f68c486Mark AndrewsCopyright 2007 Sun Microsystems, Inc. All rights reserved.
95317501208f3bf5b159e6a40801b7069f68c486Mark AndrewsUse is subject to license terms.
95317501208f3bf5b159e6a40801b7069f68c486Mark AndrewsArchitectural Overview for the DHCP agent
95317501208f3bf5b159e6a40801b7069f68c486Mark AndrewsPeter Memishian
95317501208f3bf5b159e6a40801b7069f68c486Mark Andrewsident "%Z%%M% %I% %E% SMI"
95317501208f3bf5b159e6a40801b7069f68c486Mark AndrewsThe Solaris DHCP agent (dhcpagent) is a DHCP client implementation
95317501208f3bf5b159e6a40801b7069f68c486Mark Andrewscompliant with RFCs 2131, 3315, and others. The major forces shaping
95317501208f3bf5b159e6a40801b7069f68c486Mark Andrewsits design were:
73cac2175470e9068829589476dda8bd6d88036fMark Andrews * Must be capable of managing multiple network interfaces.
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrews * Must consume little CPU, since it will always be running.
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrews * Must have a small memory footprint, since it will always be
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrews * Must not rely on any shared libraries outside of /lib, since
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrews it must run before all filesystems have been mounted.
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark AndrewsWhen a DHCP agent implementation is only required to control a single
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark Andrewsinterface on a machine, the problem is expressed well as a simple
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsstate-machine, as shown in RFC2131. However, when a DHCP agent is
01163d188b89911c3a23fe1125a4cab6764a408cMark Andrewsresponsible for managing more than one interface at a time, the
01163d188b89911c3a23fe1125a4cab6764a408cMark Andrewsproblem becomes much more complicated.
01163d188b89911c3a23fe1125a4cab6764a408cMark AndrewsThis can be resolved using threads or with an event-driven model.
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark AndrewsGiven that DHCP's behavior can be expressed concisely as a state
648ba62b1f156cbca14d54d06c535385f1193d13Mark Andrewsmachine, the event-driven model is the closest match.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsWhile tried-and-true, that model is subtle and easy to get wrong.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsIndeed, much of the agent's code is there to manage the complexity of
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsprogramming in an asynchronous event-driven paradigm.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsThe DHCP agent consists of roughly 30 source files, most with a
35665db4e49e3e4c0e3776e635449f931f3732cfMark Andrewscompanion header file. While the largest source file is around 1700
c6313caa6cd9d011ac075048d2b62fd3410162dfMark Andrewslines, most are much shorter. The source files can largely be broken
d6dc0d4f584352d2e4305435599ae8c93776d9b4Mark Andrewsup into three groups:
bdfd62f497fe0d5281c25b61271595a4c821a040Mark Andrews * Source files that, along with their companion header files,
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrews define an abstract "object" that is used by other parts of
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark Andrews the system. Examples include "packet.c", which along with
bdfd62f497fe0d5281c25b61271595a4c821a040Mark Andrews "packet.h" provide a Packet object for use by the rest of
bdfd62f497fe0d5281c25b61271595a4c821a040Mark Andrews the agent; and "async.c", which along with "async.h" defines
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark Andrews an interface for managing asynchronous transactions within
bdfd62f497fe0d5281c25b61271595a4c821a040Mark Andrews * Source files that implement a given state of the agent; for
bdfd62f497fe0d5281c25b61271595a4c821a040Mark Andrews instance, there is a "request.c" which comprises all of
bdfd62f497fe0d5281c25b61271595a4c821a040Mark Andrews the procedural "work" which must be done while in the
bdfd62f497fe0d5281c25b61271595a4c821a040Mark Andrews REQUESTING state of the agent. By encapsulating states in
bdfd62f497fe0d5281c25b61271595a4c821a040Mark Andrews files, it becomes easier to debug errors in the
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrews client/server protocol and adapt the agent to new
d6dc0d4f584352d2e4305435599ae8c93776d9b4Mark Andrews constraints, since all the relevant code is in one place.
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrews * Source files, which along with their companion header files,
64cde9d94a2f6c7050f00d9651df6b05e63d09f2Mark Andrews encapsulate a given task or related set of tasks. The
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrews difference between this and the first group is that the
cbb94d52f98b48e8c3a8866dbf8c67860764f349Mark Andrews interfaces exported from these files do not operate on
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrews an "object", but rather perform a specific task. Examples
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrews include "dlpi_io.c", which provides a useful interface
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrews to DLPI-related i/o operations.
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark AndrewsHere we discuss the essential objects and subtle aspects of the
11b07ea523314b123b4e503ce3813443a018c8d3Mark AndrewsDHCP agent implementation. Note that there is of course much more
11b07ea523314b123b4e503ce3813443a018c8d3Mark Andrewsthat is not discussed here, but after this overview you should be able
11b07ea523314b123b4e503ce3813443a018c8d3Mark Andrewsto fend for yourself in the source code.
11b07ea523314b123b4e503ce3813443a018c8d3Mark AndrewsFor details on the DHCPv6 aspects of the design, and how this relates
11b07ea523314b123b4e503ce3813443a018c8d3Mark Andrewsto the implementation present in previous releases of Solaris, see the
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark AndrewsEvent Handlers and Timer Queues
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrews-------------------------------
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark AndrewsThe most important object in the agent is the event handler, whose
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrewsinterface is in libinetutil.h and whose implementation is in
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrewslibinetutil. The event handler is essentially an object-oriented
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrewswrapper around poll(2): other components of the agent can register to
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrewsbe called back when specific events on file descriptors happen -- for
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrewsinstance, to wait for requests to arrive on its IPC socket, the agent
11b07ea523314b123b4e503ce3813443a018c8d3Mark Andrewsregisters a callback function (accept_event()) that will be called
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrewsback whenever a new connection arrives on the file descriptor
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrewsassociated with the IPC socket. When the agent initially begins in
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrewsmain(), it registers a number of events with the event handler, and
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsthen calls iu_handle_events(), which proceeds to wait for events to
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewshappen -- this function does not return until the agent is shutdown
d6dc0d4f584352d2e4305435599ae8c93776d9b4Mark AndrewsWhen the registered events occur, the callback functions are called
d6dc0d4f584352d2e4305435599ae8c93776d9b4Mark Andrewsback, which in turn might lead to additional callbacks being
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark Andrewsregistered -- this is the classic event-driven model. (As an aside,
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsnote that programming in an event-driven model means that callbacks
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewscannot block, or else the agent will become unresponsive.)
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsA special kind of "event" is a timeout. Since there are many timers
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark Andrewswhich must be maintained for each DHCP-controlled interface (such as a
61a03692ab84504fb2bd85b71facfe0f6456b466Mark Andrewslease expiration timer, time-to-first-renewal (t1) timer, and so
61a03692ab84504fb2bd85b71facfe0f6456b466Mark Andrewsforth), an object-oriented abstraction to timers called a "timer
61a03692ab84504fb2bd85b71facfe0f6456b466Mark Andrewsqueue" is provided, whose interface is in libinetutil.h with a
61a03692ab84504fb2bd85b71facfe0f6456b466Mark Andrewscorresponding implementation in libinetutil. The timer queue allows
61a03692ab84504fb2bd85b71facfe0f6456b466Mark Andrewscallback functions to be "scheduled" for callback after a certain
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark Andrewsamount of time has passed.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsThe event handler and timer queue objects work hand-in-hand: the event
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewshandler is passed a pointer to a timer queue in iu_handle_events() --
8f8634e66351e292925dde8ab6b0418a0141f86aMark Andrewsfrom there, it can use the iu_earliest_timer() routine to find the
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewstimer which will next fire, and use this to set its timeout value in
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsits call to poll(2). If poll(2) returns due to a timeout, the event
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewshandler calls iu_expire_timers() to expire all timers that expired
61a03692ab84504fb2bd85b71facfe0f6456b466Mark Andrews(note that more than one may have expired if, for example, multiple
68843c99b695bf194b019d465f6d33e6297fd02aMark Andrewstimers were set to expire at the same time).
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsAlthough it is possible to instantiate more than one timer queue or
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsevent handler object, it doesn't make a lot of sense -- these objects
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrewsare really "singletons". Accordingly, the agent has two global
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrewsvariables, `eh' and `tq', which store pointers to the global event
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrewshandler and timer queue.
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark AndrewsNetwork Interfaces
514f6f14245f42c96f3d5e90462ce2ebe0597d2eMark Andrews------------------
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsFor each network interface managed by the agent, there is a set of
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsassociated state that describes both its general properties (such as
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsthe maximum MTU) and its connections to DHCP-related state (the
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark Andrewsprotocol state machines). This state is stored in a pair of
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsstructures called `dhcp_pif_t' (the IP physical interface layer or
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsPIF) and `dhcp_lif_t' (the IP logical interface layer or LIF). Each
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsdhcp_pif_t represents a single physical interface, such as "hme0," for
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsa given IP protocol version (4 or 6), and has a list of dhcp_lif_t
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsstructures representing the logical interfaces (such as "hme0:1") in
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsuse by the agent.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsThis split is important because of differences between IPv4 and IPv6.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsFor IPv4, each DHCP state machine manages a single IP address and
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark Andrewsassociated configuration data. This corresponds to a single logical
d6dc0d4f584352d2e4305435599ae8c93776d9b4Mark Andrewsinterface, which must be specified by the user. For IPv6, however,
d6dc0d4f584352d2e4305435599ae8c93776d9b4Mark Andrewseach DHCP state machine manages a group of addresses, and is
d6dc0d4f584352d2e4305435599ae8c93776d9b4Mark Andrewsassociated with DUID value rather than with just an interface.
d6dc0d4f584352d2e4305435599ae8c93776d9b4Mark AndrewsThus, DHCPv6 behaves more like in.ndpd in its creation of "ADDRCONF"
d6dc0d4f584352d2e4305435599ae8c93776d9b4Mark Andrewsinterfaces. The agent automatically plumbs logical interfaces when
d6dc0d4f584352d2e4305435599ae8c93776d9b4Mark Andrewsneeded and removes them when the addresses expire.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsThe state for a given session is stored separately in `dhcp_smach_t'.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsThis state machine then points to the main LIF used for I/O, and to a
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewslist of `dhcp_lease_t' structures representing individual leases, and
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewseach of those points to a list of LIFs corresponding to the individual
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsaddresses being managed.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsOne point that was brushed over in the preceding discussion of event
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewshandlers and timer queues was context. Recall that the event-driven
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsnature of the agent requires that functions cannot block, lest they
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsstarve out others and impact the observed responsiveness of the agent.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsAs an example, consider the process of extending a lease: the agent
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsmust send a REQUEST packet and wait for an ACK or NAK packet in
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsresponse. This is done by sending a REQUEST and then returning to the
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsevent handler that waits for an ACK or NAK packet to arrive on the
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsfile descriptor associated with the interface. Note however, that
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewswhen the ACK or NAK does arrive, and the callback function called
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsback, it must know which state machine this packet is for (it must get
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsback its context). This could be handled through an ad-hoc mapping of
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark Andrewsfile descriptors to state machines, but a cleaner approach is to have
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsthe event handler's register function (iu_register_event()) take in an
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsopaque context pointer, which will then be passed back to the
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewscallback. In the agent, the context pointer used depends on the
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsnature of the event: events on LIFs use the dhcp_lif_t pointer, events
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewson the state machine use dhcp_smach_t, and so on.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsNote that there is nothing that guarantees the pointer passed into
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsiu_register_event() or iu_schedule_timer() will still be valid when
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsthe callback is called back (for instance, the memory may have been
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsfreed in the meantime). To solve this problem, all of the data
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsstructures used in this way are reference counted. For more details
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewson how the reference count scheme is implemented, see the closing
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewscomments in interface.h regarding memory management.
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsMany operations performed via DHCP must be performed in groups -- for
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsinstance, acquiring a lease requires several steps: sending a
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsDISCOVER, collecting OFFERs, selecting an OFFER, sending a REQUEST,
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsand receiving an ACK, assuming everything goes well. Note however
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsthat due to the event-driven model the agent operates in, these
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark Andrewsoperations are not inherently "grouped" -- instead, the agent sends a
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsDISCOVER, goes back into the main event loop, waits for events
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrews(perhaps even requests on the IPC channel to begin acquiring a lease
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewson another state machine), eventually checks to see if an acceptable
d9b4174233b951f25cd53a2787b9f14314258c2fMark AndrewsOFFER has come in, and so forth. To some degree, the notion of the
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsstate machine's current state (SELECTING, REQUESTING, etc) helps
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewscontrol the potential chaos of the event-driven model (for instance,
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsif while the agent is waiting for an OFFER on a given state machine,
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsan IPC event comes in requesting that the leases be RELEASED, the
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsagent knows to send back an error since the state machine must be in
b08e3be5dbfba22719ae9c428bd6853ac6f09798Mark Andrewsat least the BOUND state before a RELEASE can be performed.)
f91671c7dc877a52adc06d0a7d0ed1c7f6391e6eMark AndrewsHowever, states are not enough -- for instance, suppose that the agent
d9b4174233b951f25cd53a2787b9f14314258c2fMark Andrewsbegins trying to renew a lease. This is done by sending a REQUEST
behind a dozen or so interfaces (see packet.h) that abstract the
retransmission mechanism. See request.c for an example of this in
represents infinity (i.e., a permanent lease). The lease_t should be
been used. The function monosec() in util.c returns the current
that they are unaware of the passage of time across checkpoint/resume
events (e.g., those generated by sys-suspend(1M)). For example, if
To work around this (and other checkpoint/resume related problems),
set automatically by in.ndpd, and routes are discovered in the usual