1 | /* |
---|
2 | * dhcpcd - DHCP client daemon |
---|
3 | * Copyright (c) 2006-2014 Roy Marples <roy@marples.name> |
---|
4 | * All rights reserved |
---|
5 | |
---|
6 | * Redistribution and use in source and binary forms, with or without |
---|
7 | * modification, are permitted provided that the following conditions |
---|
8 | * are met: |
---|
9 | * 1. Redistributions of source code must retain the above copyright |
---|
10 | * notice, this list of conditions and the following disclaimer. |
---|
11 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
12 | * notice, this list of conditions and the following disclaimer in the |
---|
13 | * documentation and/or other materials provided with the distribution. |
---|
14 | * |
---|
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
---|
16 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
17 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
18 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
---|
19 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
20 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
21 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
22 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
23 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
24 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
25 | * SUCH DAMAGE. |
---|
26 | */ |
---|
27 | |
---|
28 | #include <sys/ioctl.h> |
---|
29 | #include <sys/param.h> |
---|
30 | #include <sys/socket.h> |
---|
31 | #include <net/if.h> |
---|
32 | #include <netinet/in.h> |
---|
33 | #include <netinet/ip6.h> |
---|
34 | #include <netinet/icmp6.h> |
---|
35 | |
---|
36 | #ifdef __linux__ |
---|
37 | # define _LINUX_IN6_H |
---|
38 | # include <linux/ipv6.h> |
---|
39 | #endif |
---|
40 | |
---|
41 | #include <errno.h> |
---|
42 | #include <stddef.h> |
---|
43 | #include <stdlib.h> |
---|
44 | #include <string.h> |
---|
45 | #include <syslog.h> |
---|
46 | #include <unistd.h> |
---|
47 | |
---|
48 | #define ELOOP_QUEUE 2 |
---|
49 | #include "common.h" |
---|
50 | #include "dhcpcd.h" |
---|
51 | #include "dhcp6.h" |
---|
52 | #include "eloop.h" |
---|
53 | #include "ipv6.h" |
---|
54 | #include "ipv6nd.h" |
---|
55 | #include "script.h" |
---|
56 | |
---|
57 | #if defined(LISTEN_DAD) && defined(INET6) |
---|
58 | # warning kernel does not report DAD results to userland |
---|
59 | # warning listening to duplicated addresses on the wire |
---|
60 | #endif |
---|
61 | |
---|
62 | /* Debugging Router Solicitations is a lot of spam, so disable it */ |
---|
63 | //#define DEBUG_RS |
---|
64 | |
---|
65 | #define RTR_SOLICITATION_INTERVAL 4 /* seconds */ |
---|
66 | #define MAX_RTR_SOLICITATIONS 3 /* times */ |
---|
67 | |
---|
68 | #ifndef ND_OPT_RDNSS |
---|
69 | #define ND_OPT_RDNSS 25 |
---|
70 | struct nd_opt_rdnss { /* RDNSS option RFC 6106 */ |
---|
71 | uint8_t nd_opt_rdnss_type; |
---|
72 | uint8_t nd_opt_rdnss_len; |
---|
73 | uint16_t nd_opt_rdnss_reserved; |
---|
74 | uint32_t nd_opt_rdnss_lifetime; |
---|
75 | /* followed by list of IP prefixes */ |
---|
76 | } __packed; |
---|
77 | #endif |
---|
78 | |
---|
79 | #ifndef ND_OPT_DNSSL |
---|
80 | #define ND_OPT_DNSSL 31 |
---|
81 | struct nd_opt_dnssl { /* DNSSL option RFC 6106 */ |
---|
82 | uint8_t nd_opt_dnssl_type; |
---|
83 | uint8_t nd_opt_dnssl_len; |
---|
84 | uint16_t nd_opt_dnssl_reserved; |
---|
85 | uint32_t nd_opt_dnssl_lifetime; |
---|
86 | /* followed by list of DNS servers */ |
---|
87 | } __packed; |
---|
88 | #endif |
---|
89 | |
---|
90 | /* Minimal IPv6 MTU */ |
---|
91 | #ifndef IPV6_MMTU |
---|
92 | #define IPV6_MMTU 1280 |
---|
93 | #endif |
---|
94 | |
---|
95 | #ifndef ND_RA_FLAG_RTPREF_HIGH |
---|
96 | #define ND_RA_FLAG_RTPREF_MASK 0x18 |
---|
97 | #define ND_RA_FLAG_RTPREF_HIGH 0x08 |
---|
98 | #define ND_RA_FLAG_RTPREF_MEDIUM 0x00 |
---|
99 | #define ND_RA_FLAG_RTPREF_LOW 0x18 |
---|
100 | #define ND_RA_FLAG_RTPREF_RSV 0x10 |
---|
101 | #endif |
---|
102 | |
---|
103 | /* RTPREF_MEDIUM has to be 0! */ |
---|
104 | #define RTPREF_HIGH 1 |
---|
105 | #define RTPREF_MEDIUM 0 |
---|
106 | #define RTPREF_LOW (-1) |
---|
107 | #define RTPREF_RESERVED (-2) |
---|
108 | #define RTPREF_INVALID (-3) /* internal */ |
---|
109 | |
---|
110 | #define MIN_RANDOM_FACTOR 500 /* millisecs */ |
---|
111 | #define MAX_RANDOM_FACTOR 1500 /* millisecs */ |
---|
112 | #define MIN_RANDOM_FACTOR_U MIN_RANDOM_FACTOR * 1000 /* usecs */ |
---|
113 | #define MAX_RANDOM_FACTOR_U MAX_RANDOM_FACTOR * 1000 /* usecs */ |
---|
114 | |
---|
115 | #if BYTE_ORDER == BIG_ENDIAN |
---|
116 | #define IPV6_ADDR_INT32_ONE 1 |
---|
117 | #define IPV6_ADDR_INT16_MLL 0xff02 |
---|
118 | #elif BYTE_ORDER == LITTLE_ENDIAN |
---|
119 | #define IPV6_ADDR_INT32_ONE 0x01000000 |
---|
120 | #define IPV6_ADDR_INT16_MLL 0x02ff |
---|
121 | #endif |
---|
122 | |
---|
123 | /* Debugging Neighbor Solicitations is a lot of spam, so disable it */ |
---|
124 | //#define DEBUG_NS |
---|
125 | // |
---|
126 | |
---|
127 | /* Currently, no known kernel allows us to send from the unspecified address |
---|
128 | * which is required for DAD to work. This isn't that much of a problem as |
---|
129 | * the kernel will do DAD for us correctly, however we don't know the exact |
---|
130 | * randomness the kernel applies to the timeouts. So we just follow the same |
---|
131 | * logic and have a little faith. |
---|
132 | * This define is purely for completeness */ |
---|
133 | // #define IPV6_SEND_DAD |
---|
134 | |
---|
135 | static int sock = -1; |
---|
136 | #ifdef IPV6_SEND_DAD |
---|
137 | static int unspec_sock = -1; |
---|
138 | #endif |
---|
139 | static struct sockaddr_in6 allrouters, from; |
---|
140 | static struct msghdr sndhdr; |
---|
141 | static struct iovec sndiov[2]; |
---|
142 | static unsigned char *sndbuf; |
---|
143 | static struct msghdr rcvhdr; |
---|
144 | static struct iovec rcviov[2]; |
---|
145 | static unsigned char *rcvbuf; |
---|
146 | static unsigned char ansbuf[1500]; |
---|
147 | static char ntopbuf[INET6_ADDRSTRLEN]; |
---|
148 | static const char *sfrom; |
---|
149 | static struct icmp6_filter filt; |
---|
150 | |
---|
151 | struct rahead ipv6_routers = TAILQ_HEAD_INITIALIZER(ipv6_routers); |
---|
152 | |
---|
153 | static void ipv6nd_handledata(void *arg); |
---|
154 | |
---|
155 | /* |
---|
156 | * Android ships buggy ICMP6 filter headers. |
---|
157 | * Supply our own until they fix their shit. |
---|
158 | * References: |
---|
159 | * https://android-review.googlesource.com/#/c/58438/ |
---|
160 | * http://code.google.com/p/android/issues/original?id=32621&seq=24 |
---|
161 | */ |
---|
162 | #ifdef __ANDROID__ |
---|
163 | #undef ICMP6_FILTER_WILLPASS |
---|
164 | #undef ICMP6_FILTER_WILLBLOCK |
---|
165 | #undef ICMP6_FILTER_SETPASS |
---|
166 | #undef ICMP6_FILTER_SETBLOCK |
---|
167 | #undef ICMP6_FILTER_SETPASSALL |
---|
168 | #undef ICMP6_FILTER_SETBLOCKALL |
---|
169 | #define ICMP6_FILTER_WILLPASS(type, filterp) \ |
---|
170 | ((((filterp)->icmp6_filt[(type) >> 5]) & (1 << ((type) & 31))) == 0) |
---|
171 | #define ICMP6_FILTER_WILLBLOCK(type, filterp) \ |
---|
172 | ((((filterp)->icmp6_filt[(type) >> 5]) & (1 << ((type) & 31))) != 0) |
---|
173 | #define ICMP6_FILTER_SETPASS(type, filterp) \ |
---|
174 | ((((filterp)->icmp6_filt[(type) >> 5]) &= ~(1 << ((type) & 31)))) |
---|
175 | #define ICMP6_FILTER_SETBLOCK(type, filterp) \ |
---|
176 | ((((filterp)->icmp6_filt[(type) >> 5]) |= (1 << ((type) & 31)))) |
---|
177 | #define ICMP6_FILTER_SETPASSALL(filterp) \ |
---|
178 | memset(filterp, 0, sizeof(struct icmp6_filter)); |
---|
179 | #define ICMP6_FILTER_SETBLOCKALL(filterp) \ |
---|
180 | memset(filterp, 0xff, sizeof(struct icmp6_filter)); |
---|
181 | #endif |
---|
182 | |
---|
183 | #if DEBUG_MEMORY |
---|
184 | static void |
---|
185 | ipv6nd_cleanup(void) |
---|
186 | { |
---|
187 | |
---|
188 | free(sndbuf); |
---|
189 | free(rcvbuf); |
---|
190 | } |
---|
191 | #endif |
---|
192 | |
---|
193 | static int |
---|
194 | ipv6nd_open(void) |
---|
195 | { |
---|
196 | int on; |
---|
197 | int len; |
---|
198 | #ifdef IPV6_SEND_DAD |
---|
199 | union { |
---|
200 | struct sockaddr sa; |
---|
201 | struct sockaddr_in6 sin; |
---|
202 | } su; |
---|
203 | #endif |
---|
204 | |
---|
205 | sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); |
---|
206 | if (sock == -1) |
---|
207 | return -1; |
---|
208 | |
---|
209 | memset(&allrouters, 0, sizeof(allrouters)); |
---|
210 | allrouters.sin6_family = AF_INET6; |
---|
211 | #ifdef SIN6_LEN |
---|
212 | allrouters.sin6_len = sizeof(allrouters); |
---|
213 | #endif |
---|
214 | if (inet_pton(AF_INET6, ALLROUTERS, &allrouters.sin6_addr.s6_addr) != 1) |
---|
215 | goto eexit; |
---|
216 | on = 1; |
---|
217 | if (setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, |
---|
218 | &on, sizeof(on)) == -1) |
---|
219 | goto eexit; |
---|
220 | |
---|
221 | on = 1; |
---|
222 | if (setsockopt(sock, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, |
---|
223 | &on, sizeof(on)) == -1) |
---|
224 | goto eexit; |
---|
225 | |
---|
226 | ICMP6_FILTER_SETBLOCKALL(&filt); |
---|
227 | ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt); |
---|
228 | if (setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, |
---|
229 | &filt, sizeof(filt)) == -1) |
---|
230 | goto eexit; |
---|
231 | |
---|
232 | set_cloexec(sock); |
---|
233 | #if DEBUG_MEMORY |
---|
234 | atexit(ipv6nd_cleanup); |
---|
235 | #endif |
---|
236 | |
---|
237 | len = CMSG_SPACE(sizeof(struct in6_pktinfo)) + CMSG_SPACE(sizeof(int)); |
---|
238 | sndbuf = calloc(1, len); |
---|
239 | if (sndbuf == NULL) |
---|
240 | goto eexit; |
---|
241 | sndhdr.msg_namelen = sizeof(struct sockaddr_in6); |
---|
242 | sndhdr.msg_iov = sndiov; |
---|
243 | sndhdr.msg_iovlen = 1; |
---|
244 | sndhdr.msg_control = sndbuf; |
---|
245 | sndhdr.msg_controllen = len; |
---|
246 | rcvbuf = calloc(1, len); |
---|
247 | if (rcvbuf == NULL) |
---|
248 | goto eexit; |
---|
249 | rcvhdr.msg_name = &from; |
---|
250 | rcvhdr.msg_namelen = sizeof(from); |
---|
251 | rcvhdr.msg_iov = rcviov; |
---|
252 | rcvhdr.msg_iovlen = 1; |
---|
253 | rcvhdr.msg_control = rcvbuf; |
---|
254 | rcvhdr.msg_controllen = len; |
---|
255 | rcviov[0].iov_base = ansbuf; |
---|
256 | rcviov[0].iov_len = sizeof(ansbuf); |
---|
257 | return sock; |
---|
258 | |
---|
259 | eexit: |
---|
260 | close(sock); |
---|
261 | sock = -1; |
---|
262 | free(sndbuf); |
---|
263 | sndbuf = NULL; |
---|
264 | free(rcvbuf); |
---|
265 | rcvbuf = NULL; |
---|
266 | return -1; |
---|
267 | } |
---|
268 | |
---|
269 | static int |
---|
270 | ipv6nd_naopen(void) |
---|
271 | { |
---|
272 | static int naopen = 0; |
---|
273 | struct icmp6_filter unspec_filt; |
---|
274 | #ifdef IPV6_SEND_DAD |
---|
275 | union { |
---|
276 | struct sockaddr sa; |
---|
277 | struct sockaddr_in6 sin; |
---|
278 | } su; |
---|
279 | #endif |
---|
280 | |
---|
281 | if (naopen) |
---|
282 | return sock; |
---|
283 | |
---|
284 | ICMP6_FILTER_SETBLOCKALL(&unspec_filt); |
---|
285 | |
---|
286 | #ifdef IPV6_SEND_DAD |
---|
287 | /* We send DAD requests from the unspecified address. */ |
---|
288 | unspec_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); |
---|
289 | if (unspec_sock == -1) |
---|
290 | return -1; |
---|
291 | if (setsockopt(unspec_sock, IPPROTO_ICMPV6, ICMP6_FILTER, |
---|
292 | &unspec_filt, sizeof(unspec_filt)) == -1) |
---|
293 | goto eexit; |
---|
294 | memset(&su, 0, sizeof(su)); |
---|
295 | su.sin.sin6_family = AF_INET6; |
---|
296 | #ifdef SIN6_LEN |
---|
297 | su.sin.sin6_len = sizeof(su.sin); |
---|
298 | #endif |
---|
299 | if (bind(unspec_sock, &su.sa, sizeof(su.sin)) == -1) |
---|
300 | goto eexit; |
---|
301 | #endif |
---|
302 | |
---|
303 | if (sock == -1) { |
---|
304 | if (ipv6nd_open() == -1) |
---|
305 | goto eexit; |
---|
306 | eloop_event_add(sock, ipv6nd_handledata, NULL); |
---|
307 | } |
---|
308 | |
---|
309 | ICMP6_FILTER_SETPASS(ND_NEIGHBOR_ADVERT, &filt); |
---|
310 | if (setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, |
---|
311 | &filt, sizeof(filt)) == -1) |
---|
312 | goto eexit; |
---|
313 | |
---|
314 | #ifdef LISTEN_DAD |
---|
315 | syslog(LOG_WARNING, "kernel does not report DAD results to userland"); |
---|
316 | syslog(LOG_WARNING, |
---|
317 | "warning listening to duplicated addresses on the wire"); |
---|
318 | #endif |
---|
319 | |
---|
320 | naopen = sock; |
---|
321 | return sock; |
---|
322 | |
---|
323 | eexit: |
---|
324 | syslog(LOG_ERR, "%s: %m", __func__); |
---|
325 | #ifdef IPV6_SEND_DAD |
---|
326 | close(unspec_sock); |
---|
327 | unspec_sock = -1; |
---|
328 | #endif |
---|
329 | return -1; |
---|
330 | } |
---|
331 | |
---|
332 | static int |
---|
333 | ipv6nd_makersprobe(struct interface *ifp) |
---|
334 | { |
---|
335 | struct rs_state *state; |
---|
336 | struct nd_router_solicit *rs; |
---|
337 | struct nd_opt_hdr *nd; |
---|
338 | |
---|
339 | state = RS_STATE(ifp); |
---|
340 | free(state->rs); |
---|
341 | state->rslen = sizeof(*rs) + ROUNDUP8(ifp->hwlen + 2); |
---|
342 | state->rs = calloc(1, state->rslen); |
---|
343 | if (state->rs == NULL) |
---|
344 | return -1; |
---|
345 | rs = (struct nd_router_solicit *)(void *)state->rs; |
---|
346 | rs->nd_rs_type = ND_ROUTER_SOLICIT; |
---|
347 | rs->nd_rs_code = 0; |
---|
348 | rs->nd_rs_cksum = 0; |
---|
349 | rs->nd_rs_reserved = 0; |
---|
350 | nd = (struct nd_opt_hdr *)(state->rs + sizeof(*rs)); |
---|
351 | nd->nd_opt_type = ND_OPT_SOURCE_LINKADDR; |
---|
352 | nd->nd_opt_len = (ROUNDUP8(ifp->hwlen + 2)) >> 3; |
---|
353 | memcpy(nd + 1, ifp->hwaddr, ifp->hwlen); |
---|
354 | return 0; |
---|
355 | } |
---|
356 | |
---|
357 | static void |
---|
358 | ipv6nd_sendrsprobe(void *arg) |
---|
359 | { |
---|
360 | struct interface *ifp = arg; |
---|
361 | struct rs_state *state; |
---|
362 | struct sockaddr_in6 dst; |
---|
363 | struct cmsghdr *cm; |
---|
364 | struct in6_pktinfo pi; |
---|
365 | int hoplimit = HOPLIMIT; |
---|
366 | |
---|
367 | if (ipv6_linklocal(ifp) == NULL) { |
---|
368 | syslog(LOG_DEBUG, |
---|
369 | "%s: delaying Router Solicitation for LL address", |
---|
370 | ifp->name); |
---|
371 | ipv6_addlinklocalcallback(ifp, ipv6nd_sendrsprobe, ifp); |
---|
372 | return; |
---|
373 | } |
---|
374 | |
---|
375 | dst = allrouters; |
---|
376 | dst.sin6_scope_id = ifp->index; |
---|
377 | |
---|
378 | state = RS_STATE(ifp); |
---|
379 | sndhdr.msg_name = (caddr_t)&dst; |
---|
380 | sndhdr.msg_iov[0].iov_base = state->rs; |
---|
381 | sndhdr.msg_iov[0].iov_len = state->rslen; |
---|
382 | |
---|
383 | /* Set the outbound interface */ |
---|
384 | cm = CMSG_FIRSTHDR(&sndhdr); |
---|
385 | cm->cmsg_level = IPPROTO_IPV6; |
---|
386 | cm->cmsg_type = IPV6_PKTINFO; |
---|
387 | cm->cmsg_len = CMSG_LEN(sizeof(pi)); |
---|
388 | memset(&pi, 0, sizeof(pi)); |
---|
389 | pi.ipi6_ifindex = ifp->index; |
---|
390 | memcpy(CMSG_DATA(cm), &pi, sizeof(pi)); |
---|
391 | |
---|
392 | /* Hop limit */ |
---|
393 | cm = CMSG_NXTHDR(&sndhdr, cm); |
---|
394 | cm->cmsg_level = IPPROTO_IPV6; |
---|
395 | cm->cmsg_type = IPV6_HOPLIMIT; |
---|
396 | cm->cmsg_len = CMSG_LEN(sizeof(hoplimit)); |
---|
397 | memcpy(CMSG_DATA(cm), &hoplimit, sizeof(hoplimit)); |
---|
398 | |
---|
399 | syslog(LOG_DEBUG, "%s: sending Router Solicitation", ifp->name); |
---|
400 | if (sendmsg(sock, &sndhdr, 0) == -1) { |
---|
401 | syslog(LOG_ERR, "%s: %s: sendmsg: %m", ifp->name, __func__); |
---|
402 | ipv6nd_drop(ifp); |
---|
403 | ifp->options->options &= ~(DHCPCD_IPV6 | DHCPCD_IPV6RS); |
---|
404 | return; |
---|
405 | } |
---|
406 | |
---|
407 | if (state->rsprobes++ < MAX_RTR_SOLICITATIONS) |
---|
408 | eloop_timeout_add_sec(RTR_SOLICITATION_INTERVAL, |
---|
409 | ipv6nd_sendrsprobe, ifp); |
---|
410 | else |
---|
411 | syslog(LOG_WARNING, "%s: no IPv6 Routers available", ifp->name); |
---|
412 | } |
---|
413 | |
---|
414 | static void |
---|
415 | ipv6nd_free_opts(struct ra *rap) |
---|
416 | { |
---|
417 | struct ra_opt *rao; |
---|
418 | |
---|
419 | while ((rao = TAILQ_FIRST(&rap->options))) { |
---|
420 | TAILQ_REMOVE(&rap->options, rao, next); |
---|
421 | free(rao->option); |
---|
422 | free(rao); |
---|
423 | } |
---|
424 | } |
---|
425 | |
---|
426 | int |
---|
427 | ipv6nd_addrexists(const struct ipv6_addr *addr) |
---|
428 | { |
---|
429 | struct ra *rap; |
---|
430 | struct ipv6_addr *ap; |
---|
431 | |
---|
432 | TAILQ_FOREACH(rap, &ipv6_routers, next) { |
---|
433 | TAILQ_FOREACH(ap, &rap->addrs, next) { |
---|
434 | if (addr == NULL) { |
---|
435 | if ((ap->flags & |
---|
436 | (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) == |
---|
437 | (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) |
---|
438 | return 1; |
---|
439 | } else if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr->addr)) |
---|
440 | return 1; |
---|
441 | } |
---|
442 | } |
---|
443 | return 0; |
---|
444 | } |
---|
445 | |
---|
446 | void ipv6nd_freedrop_ra(struct ra *rap, int drop) |
---|
447 | { |
---|
448 | |
---|
449 | eloop_timeout_delete(NULL, rap->iface); |
---|
450 | eloop_timeout_delete(NULL, rap); |
---|
451 | if (!drop) |
---|
452 | TAILQ_REMOVE(&ipv6_routers, rap, next); |
---|
453 | ipv6_freedrop_addrs(&rap->addrs, drop, NULL); |
---|
454 | ipv6nd_free_opts(rap); |
---|
455 | free(rap->data); |
---|
456 | free(rap->ns); |
---|
457 | free(rap); |
---|
458 | } |
---|
459 | |
---|
460 | ssize_t |
---|
461 | ipv6nd_free(struct interface *ifp) |
---|
462 | { |
---|
463 | struct rs_state *state; |
---|
464 | struct ra *rap, *ran; |
---|
465 | ssize_t n; |
---|
466 | |
---|
467 | state = RS_STATE(ifp); |
---|
468 | if (state) { |
---|
469 | free(state->rs); |
---|
470 | free(state); |
---|
471 | ifp->if_data[IF_DATA_IPV6ND] = NULL; |
---|
472 | } |
---|
473 | n = 0; |
---|
474 | TAILQ_FOREACH_SAFE(rap, &ipv6_routers, next, ran) { |
---|
475 | if (rap->iface == ifp) { |
---|
476 | ipv6nd_free_ra(rap); |
---|
477 | n++; |
---|
478 | } |
---|
479 | } |
---|
480 | return n; |
---|
481 | } |
---|
482 | |
---|
483 | static int |
---|
484 | rtpref(struct ra *rap) |
---|
485 | { |
---|
486 | |
---|
487 | switch (rap->flags & ND_RA_FLAG_RTPREF_MASK) { |
---|
488 | case ND_RA_FLAG_RTPREF_HIGH: |
---|
489 | return (RTPREF_HIGH); |
---|
490 | case ND_RA_FLAG_RTPREF_MEDIUM: |
---|
491 | case ND_RA_FLAG_RTPREF_RSV: |
---|
492 | return (RTPREF_MEDIUM); |
---|
493 | case ND_RA_FLAG_RTPREF_LOW: |
---|
494 | return (RTPREF_LOW); |
---|
495 | default: |
---|
496 | syslog(LOG_ERR, "rtpref: impossible RA flag %x", rap->flags); |
---|
497 | return (RTPREF_INVALID); |
---|
498 | } |
---|
499 | /* NOTREACHED */ |
---|
500 | } |
---|
501 | |
---|
502 | static void |
---|
503 | add_router(struct ra *router) |
---|
504 | { |
---|
505 | struct ra *rap; |
---|
506 | |
---|
507 | TAILQ_FOREACH(rap, &ipv6_routers, next) { |
---|
508 | if (router->iface->metric < rap->iface->metric || |
---|
509 | (router->iface->metric == rap->iface->metric && |
---|
510 | rtpref(router) > rtpref(rap))) |
---|
511 | { |
---|
512 | TAILQ_INSERT_BEFORE(rap, router, next); |
---|
513 | return; |
---|
514 | } |
---|
515 | } |
---|
516 | TAILQ_INSERT_TAIL(&ipv6_routers, router, next); |
---|
517 | } |
---|
518 | |
---|
519 | static void |
---|
520 | ipv6nd_scriptrun(struct ra *rap) |
---|
521 | { |
---|
522 | int hasdns; |
---|
523 | struct ipv6_addr *ap; |
---|
524 | const struct ra_opt *rao; |
---|
525 | |
---|
526 | /* If all addresses have completed DAD run the script */ |
---|
527 | TAILQ_FOREACH(ap, &rap->addrs, next) { |
---|
528 | if ((ap->flags & (IPV6_AF_ONLINK | IPV6_AF_AUTOCONF)) == |
---|
529 | (IPV6_AF_ONLINK | IPV6_AF_AUTOCONF)) |
---|
530 | { |
---|
531 | if (!(ap->flags & IPV6_AF_DADCOMPLETED) && |
---|
532 | ipv6_findaddr(ap->iface, &ap->addr)) |
---|
533 | ap->flags |= IPV6_AF_DADCOMPLETED; |
---|
534 | if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0) { |
---|
535 | syslog(LOG_DEBUG, |
---|
536 | "%s: waiting for Router Advertisement" |
---|
537 | " DAD to complete", |
---|
538 | rap->iface->name); |
---|
539 | return; |
---|
540 | } |
---|
541 | } |
---|
542 | } |
---|
543 | |
---|
544 | /* If we don't require RDNSS then set hasdns = 1 so we fork */ |
---|
545 | if (!(rap->iface->options->options & DHCPCD_IPV6RA_REQRDNSS)) |
---|
546 | hasdns = 1; |
---|
547 | else { |
---|
548 | hasdns = 0; |
---|
549 | TAILQ_FOREACH(rao, &rap->options, next) { |
---|
550 | if (rao->type == ND_OPT_RDNSS && |
---|
551 | rao->option && |
---|
552 | timerisset(&rao->expire)) |
---|
553 | { |
---|
554 | hasdns = 1; |
---|
555 | break; |
---|
556 | } |
---|
557 | } |
---|
558 | } |
---|
559 | |
---|
560 | script_runreason(rap->iface, "ROUTERADVERT"); |
---|
561 | if (hasdns) |
---|
562 | daemonise(); |
---|
563 | #if 0 |
---|
564 | else if (options & DHCPCD_DAEMONISE && |
---|
565 | !(options & DHCPCD_DAEMONISED) && new_data) |
---|
566 | syslog(LOG_WARNING, |
---|
567 | "%s: did not fork due to an absent" |
---|
568 | " RDNSS option in the RA", |
---|
569 | ifp->name); |
---|
570 | } |
---|
571 | #endif |
---|
572 | } |
---|
573 | |
---|
574 | static void |
---|
575 | ipv6nd_dadcallback(void *arg) |
---|
576 | { |
---|
577 | struct ipv6_addr *ap = arg, *rapap; |
---|
578 | struct interface *ifp; |
---|
579 | struct ra *rap; |
---|
580 | int wascompleted, found; |
---|
581 | |
---|
582 | wascompleted = (ap->flags & IPV6_AF_DADCOMPLETED); |
---|
583 | ipv6nd_cancelprobeaddr(ap); |
---|
584 | ap->flags |= IPV6_AF_DADCOMPLETED; |
---|
585 | if (ap->flags & IPV6_AF_DUPLICATED) |
---|
586 | /* No idea what how to try and make another address :( */ |
---|
587 | syslog(LOG_WARNING, "%s: DAD detected %s", |
---|
588 | ap->iface->name, ap->saddr); |
---|
589 | #ifdef IPV6_SEND_DAD |
---|
590 | else |
---|
591 | ipv6_addaddr(ap); |
---|
592 | #endif |
---|
593 | |
---|
594 | if (!wascompleted) { |
---|
595 | ifp = ap->iface; |
---|
596 | |
---|
597 | TAILQ_FOREACH(rap, &ipv6_routers, next) { |
---|
598 | if (rap->iface != ifp) |
---|
599 | continue; |
---|
600 | wascompleted = 1; |
---|
601 | found = 0; |
---|
602 | TAILQ_FOREACH(rapap, &rap->addrs, next) { |
---|
603 | if (rapap->flags & IPV6_AF_AUTOCONF && |
---|
604 | (rapap->flags & IPV6_AF_DADCOMPLETED) == 0) |
---|
605 | { |
---|
606 | wascompleted = 0; |
---|
607 | break; |
---|
608 | } |
---|
609 | if (rapap == ap) |
---|
610 | found = 1; |
---|
611 | } |
---|
612 | |
---|
613 | if (wascompleted && found && rap->lifetime) { |
---|
614 | syslog(LOG_DEBUG, |
---|
615 | "%s: Router Advertisement DAD completed", |
---|
616 | rap->iface->name); |
---|
617 | ipv6nd_scriptrun(rap); |
---|
618 | } |
---|
619 | } |
---|
620 | } |
---|
621 | } |
---|
622 | |
---|
623 | static void |
---|
624 | ipv6nd_handlera(struct interface *ifp, struct icmp6_hdr *icp, ssize_t len) |
---|
625 | { |
---|
626 | ssize_t l, m, n, olen; |
---|
627 | struct nd_router_advert *nd_ra; |
---|
628 | struct nd_opt_prefix_info *pi; |
---|
629 | struct nd_opt_mtu *mtu; |
---|
630 | struct nd_opt_rdnss *rdnss; |
---|
631 | struct nd_opt_dnssl *dnssl; |
---|
632 | uint32_t lifetime, mtuv; |
---|
633 | uint8_t *p, *op; |
---|
634 | struct in6_addr addr; |
---|
635 | char buf[INET6_ADDRSTRLEN]; |
---|
636 | const char *cbp; |
---|
637 | struct ra *rap; |
---|
638 | struct nd_opt_hdr *ndo; |
---|
639 | struct ra_opt *rao; |
---|
640 | struct ipv6_addr *ap; |
---|
641 | char *opt, *tmp; |
---|
642 | struct timeval expire; |
---|
643 | uint8_t new_rap, new_data; |
---|
644 | |
---|
645 | if ((size_t)len < sizeof(struct nd_router_advert)) { |
---|
646 | syslog(LOG_ERR, "IPv6 RA packet too short from %s", sfrom); |
---|
647 | return; |
---|
648 | } |
---|
649 | |
---|
650 | if (!IN6_IS_ADDR_LINKLOCAL(&from.sin6_addr)) { |
---|
651 | syslog(LOG_ERR, "RA from non local address %s", sfrom); |
---|
652 | return; |
---|
653 | } |
---|
654 | |
---|
655 | if (ifp == NULL) { |
---|
656 | #ifdef DEBUG_RS |
---|
657 | syslog(LOG_DEBUG, "RA for unexpected interface from %s", sfrom); |
---|
658 | #endif |
---|
659 | return; |
---|
660 | } |
---|
661 | if (!(ifp->options->options & DHCPCD_IPV6RS)) { |
---|
662 | #ifdef DEBUG_RS |
---|
663 | syslog(LOG_DEBUG, "%s: unexpected RA from %s", |
---|
664 | ifp->name, sfrom); |
---|
665 | #endif |
---|
666 | return; |
---|
667 | } |
---|
668 | |
---|
669 | /* We could receive a RA before we sent a RS*/ |
---|
670 | if (ipv6_linklocal(ifp) == NULL) { |
---|
671 | #ifdef DEBUG_RS |
---|
672 | syslog(LOG_DEBUG, "%s: received RA from %s (no link-local)", |
---|
673 | ifp->name, sfrom); |
---|
674 | #endif |
---|
675 | return; |
---|
676 | } |
---|
677 | |
---|
678 | TAILQ_FOREACH(rap, &ipv6_routers, next) { |
---|
679 | if (ifp == rap->iface && |
---|
680 | memcmp(rap->from.s6_addr, from.sin6_addr.s6_addr, |
---|
681 | sizeof(rap->from.s6_addr)) == 0) |
---|
682 | break; |
---|
683 | } |
---|
684 | |
---|
685 | nd_ra = (struct nd_router_advert *)icp; |
---|
686 | /* Don't bother doing anything if we don't know about a router |
---|
687 | * expiring */ |
---|
688 | if ((rap == NULL || rap->lifetime == 0) |
---|
689 | && nd_ra->nd_ra_router_lifetime == 0) |
---|
690 | return; |
---|
691 | |
---|
692 | /* We don't want to spam the log with the fact we got an RA every |
---|
693 | * 30 seconds or so, so only spam the log if it's different. */ |
---|
694 | if (rap == NULL || (rap->data_len != len || |
---|
695 | memcmp(rap->data, (unsigned char *)icp, rap->data_len) != 0)) |
---|
696 | { |
---|
697 | if (rap) { |
---|
698 | free(rap->data); |
---|
699 | rap->data_len = 0; |
---|
700 | free(rap->ns); |
---|
701 | rap->ns = NULL; |
---|
702 | rap->nslen = 0; |
---|
703 | } |
---|
704 | new_data = 1; |
---|
705 | } else |
---|
706 | new_data = 0; |
---|
707 | if (new_data || ifp->options->options & DHCPCD_DEBUG) |
---|
708 | syslog(LOG_INFO, "%s: Router Advertisement from %s", |
---|
709 | ifp->name, sfrom); |
---|
710 | |
---|
711 | if (rap == NULL) { |
---|
712 | rap = calloc(1, sizeof(*rap)); |
---|
713 | if (rap == NULL) { |
---|
714 | syslog(LOG_ERR, "%s: %m", __func__); |
---|
715 | return; |
---|
716 | } |
---|
717 | rap->iface = ifp; |
---|
718 | memcpy(rap->from.s6_addr, from.sin6_addr.s6_addr, |
---|
719 | sizeof(rap->from.s6_addr)); |
---|
720 | strlcpy(rap->sfrom, sfrom, sizeof(rap->sfrom)); |
---|
721 | TAILQ_INIT(&rap->addrs); |
---|
722 | TAILQ_INIT(&rap->options); |
---|
723 | new_rap = 1; |
---|
724 | } else |
---|
725 | new_rap = 0; |
---|
726 | if (rap->data_len == 0) { |
---|
727 | rap->data = malloc(len); |
---|
728 | if (rap->data == NULL) { |
---|
729 | syslog(LOG_ERR, "%s: %m", __func__); |
---|
730 | if (new_rap) |
---|
731 | free(rap); |
---|
732 | return; |
---|
733 | } |
---|
734 | memcpy(rap->data, icp, len); |
---|
735 | rap->data_len = len; |
---|
736 | } |
---|
737 | |
---|
738 | get_monotonic(&rap->received); |
---|
739 | rap->flags = nd_ra->nd_ra_flags_reserved; |
---|
740 | if (new_rap == 0 && rap->lifetime == 0) |
---|
741 | syslog(LOG_WARNING, "%s: %s router available", |
---|
742 | ifp->name, rap->sfrom); |
---|
743 | rap->lifetime = ntohs(nd_ra->nd_ra_router_lifetime); |
---|
744 | if (nd_ra->nd_ra_reachable) { |
---|
745 | rap->reachable = ntohl(nd_ra->nd_ra_reachable); |
---|
746 | if (rap->reachable > MAX_REACHABLE_TIME) |
---|
747 | rap->reachable = 0; |
---|
748 | } |
---|
749 | if (nd_ra->nd_ra_retransmit) |
---|
750 | rap->retrans = ntohl(nd_ra->nd_ra_retransmit); |
---|
751 | if (rap->lifetime) |
---|
752 | rap->expired = 0; |
---|
753 | |
---|
754 | len -= sizeof(struct nd_router_advert); |
---|
755 | p = ((uint8_t *)icp) + sizeof(struct nd_router_advert); |
---|
756 | olen = 0; |
---|
757 | lifetime = ~0U; |
---|
758 | for (olen = 0; len > 0; p += olen, len -= olen) { |
---|
759 | if ((size_t)len < sizeof(struct nd_opt_hdr)) { |
---|
760 | syslog(LOG_ERR, "%s: Short option", ifp->name); |
---|
761 | break; |
---|
762 | } |
---|
763 | ndo = (struct nd_opt_hdr *)p; |
---|
764 | olen = ndo->nd_opt_len * 8 ; |
---|
765 | if (olen == 0) { |
---|
766 | syslog(LOG_ERR, "%s: zero length option", ifp->name); |
---|
767 | break; |
---|
768 | } |
---|
769 | if (olen > len) { |
---|
770 | syslog(LOG_ERR, |
---|
771 | "%s: Option length exceeds message", ifp->name); |
---|
772 | break; |
---|
773 | } |
---|
774 | |
---|
775 | opt = NULL; |
---|
776 | switch (ndo->nd_opt_type) { |
---|
777 | case ND_OPT_PREFIX_INFORMATION: |
---|
778 | pi = (struct nd_opt_prefix_info *)(void *)ndo; |
---|
779 | if (pi->nd_opt_pi_len != 4) { |
---|
780 | syslog(LOG_ERR, |
---|
781 | "%s: invalid option len for prefix", |
---|
782 | ifp->name); |
---|
783 | break; |
---|
784 | } |
---|
785 | if (pi->nd_opt_pi_prefix_len > 128) { |
---|
786 | syslog(LOG_ERR, "%s: invalid prefix len", |
---|
787 | ifp->name); |
---|
788 | break; |
---|
789 | } |
---|
790 | if (IN6_IS_ADDR_MULTICAST(&pi->nd_opt_pi_prefix) || |
---|
791 | IN6_IS_ADDR_LINKLOCAL(&pi->nd_opt_pi_prefix)) |
---|
792 | { |
---|
793 | syslog(LOG_ERR, |
---|
794 | "%s: invalid prefix in RA", ifp->name); |
---|
795 | break; |
---|
796 | } |
---|
797 | if (ntohl(pi->nd_opt_pi_preferred_time) > |
---|
798 | ntohl(pi->nd_opt_pi_valid_time)) |
---|
799 | { |
---|
800 | syslog(LOG_ERR, |
---|
801 | "%s: pltime > vltime", ifp->name); |
---|
802 | break; |
---|
803 | } |
---|
804 | TAILQ_FOREACH(ap, &rap->addrs, next) |
---|
805 | if (ap->prefix_len ==pi->nd_opt_pi_prefix_len && |
---|
806 | memcmp(ap->prefix.s6_addr, |
---|
807 | pi->nd_opt_pi_prefix.s6_addr, |
---|
808 | sizeof(ap->prefix.s6_addr)) == 0) |
---|
809 | break; |
---|
810 | if (ap == NULL) { |
---|
811 | if (!(pi->nd_opt_pi_flags_reserved & |
---|
812 | ND_OPT_PI_FLAG_AUTO) && |
---|
813 | !(pi->nd_opt_pi_flags_reserved & |
---|
814 | ND_OPT_PI_FLAG_ONLINK)) |
---|
815 | break; |
---|
816 | ap = calloc(1, sizeof(*ap)); |
---|
817 | if (ap == NULL) { |
---|
818 | syslog(LOG_ERR, "%s: %m", __func__); |
---|
819 | break; |
---|
820 | } |
---|
821 | ap->iface = rap->iface; |
---|
822 | ap->flags = IPV6_AF_NEW; |
---|
823 | ap->prefix_len = pi->nd_opt_pi_prefix_len; |
---|
824 | memcpy(ap->prefix.s6_addr, |
---|
825 | pi->nd_opt_pi_prefix.s6_addr, |
---|
826 | sizeof(ap->prefix.s6_addr)); |
---|
827 | if (pi->nd_opt_pi_flags_reserved & |
---|
828 | ND_OPT_PI_FLAG_AUTO) |
---|
829 | { |
---|
830 | ap->flags |= IPV6_AF_AUTOCONF; |
---|
831 | ipv6_makeaddr(&ap->addr, ifp, |
---|
832 | &ap->prefix, |
---|
833 | pi->nd_opt_pi_prefix_len); |
---|
834 | cbp = inet_ntop(AF_INET6, |
---|
835 | ap->addr.s6_addr, |
---|
836 | ntopbuf, INET6_ADDRSTRLEN); |
---|
837 | if (cbp) |
---|
838 | snprintf(ap->saddr, |
---|
839 | sizeof(ap->saddr), |
---|
840 | "%s/%d", |
---|
841 | cbp, ap->prefix_len); |
---|
842 | else |
---|
843 | ap->saddr[0] = '\0'; |
---|
844 | } else { |
---|
845 | memset(&ap->addr, 0, sizeof(ap->addr)); |
---|
846 | ap->saddr[0] = '\0'; |
---|
847 | } |
---|
848 | ap->dadcallback = ipv6nd_dadcallback; |
---|
849 | TAILQ_INSERT_TAIL(&rap->addrs, ap, next); |
---|
850 | } |
---|
851 | if (pi->nd_opt_pi_flags_reserved & |
---|
852 | ND_OPT_PI_FLAG_ONLINK) |
---|
853 | ap->flags |= IPV6_AF_ONLINK; |
---|
854 | ap->prefix_vltime = |
---|
855 | ntohl(pi->nd_opt_pi_valid_time); |
---|
856 | ap->prefix_pltime = |
---|
857 | ntohl(pi->nd_opt_pi_preferred_time); |
---|
858 | ap->nsprobes = 0; |
---|
859 | if (opt) { |
---|
860 | l = strlen(opt); |
---|
861 | tmp = realloc(opt, |
---|
862 | l + strlen(ap->saddr) + 2); |
---|
863 | if (tmp) { |
---|
864 | opt = tmp; |
---|
865 | opt[l] = ' '; |
---|
866 | strcpy(opt + l + 1, ap->saddr); |
---|
867 | } |
---|
868 | } else |
---|
869 | opt = strdup(ap->saddr); |
---|
870 | lifetime = ap->prefix_vltime; |
---|
871 | break; |
---|
872 | |
---|
873 | case ND_OPT_MTU: |
---|
874 | mtu = (struct nd_opt_mtu *)(void *)p; |
---|
875 | mtuv = ntohl(mtu->nd_opt_mtu_mtu); |
---|
876 | if (mtuv < IPV6_MMTU) { |
---|
877 | syslog(LOG_ERR, "%s: invalid MTU %d", |
---|
878 | ifp->name, mtuv); |
---|
879 | break; |
---|
880 | } |
---|
881 | rap->mtu = mtuv; |
---|
882 | snprintf(buf, sizeof(buf), "%d", mtuv); |
---|
883 | opt = strdup(buf); |
---|
884 | break; |
---|
885 | |
---|
886 | case ND_OPT_RDNSS: |
---|
887 | rdnss = (struct nd_opt_rdnss *)p; |
---|
888 | lifetime = ntohl(rdnss->nd_opt_rdnss_lifetime); |
---|
889 | op = (uint8_t *)ndo; |
---|
890 | op += offsetof(struct nd_opt_rdnss, |
---|
891 | nd_opt_rdnss_lifetime); |
---|
892 | op += sizeof(rdnss->nd_opt_rdnss_lifetime); |
---|
893 | l = 0; |
---|
894 | for (n = ndo->nd_opt_len - 1; n > 1; n -= 2, |
---|
895 | op += sizeof(addr.s6_addr)) |
---|
896 | { |
---|
897 | m = ipv6_printaddr(NULL, 0, op, ifp->name); |
---|
898 | if (m != -1) |
---|
899 | l += m + 1; |
---|
900 | } |
---|
901 | op = (uint8_t *)ndo; |
---|
902 | op += offsetof(struct nd_opt_rdnss, |
---|
903 | nd_opt_rdnss_lifetime); |
---|
904 | op += sizeof(rdnss->nd_opt_rdnss_lifetime); |
---|
905 | tmp = opt = malloc(l); |
---|
906 | if (opt) { |
---|
907 | for (n = ndo->nd_opt_len - 1; n > 1; n -= 2, |
---|
908 | op += sizeof(addr.s6_addr)) |
---|
909 | { |
---|
910 | m = ipv6_printaddr(tmp, l, op, |
---|
911 | ifp->name); |
---|
912 | if (m != -1) { |
---|
913 | l -= (m + 1); |
---|
914 | tmp += m; |
---|
915 | *tmp++ = ' '; |
---|
916 | } |
---|
917 | } |
---|
918 | if (tmp != opt) |
---|
919 | (*--tmp) = '\0'; |
---|
920 | else |
---|
921 | *opt = '\0'; |
---|
922 | } |
---|
923 | break; |
---|
924 | |
---|
925 | case ND_OPT_DNSSL: |
---|
926 | dnssl = (struct nd_opt_dnssl *)p; |
---|
927 | lifetime = ntohl(dnssl->nd_opt_dnssl_lifetime); |
---|
928 | op = p + offsetof(struct nd_opt_dnssl, |
---|
929 | nd_opt_dnssl_lifetime); |
---|
930 | op += sizeof(dnssl->nd_opt_dnssl_lifetime); |
---|
931 | n = (dnssl->nd_opt_dnssl_len - 1) * 8; |
---|
932 | l = decode_rfc3397(NULL, 0, n, op); |
---|
933 | if (l < 1) { |
---|
934 | syslog(LOG_ERR, "%s: invalid DNSSL option", |
---|
935 | ifp->name); |
---|
936 | } else { |
---|
937 | tmp = malloc(l); |
---|
938 | if (tmp) { |
---|
939 | decode_rfc3397(tmp, l, n, op); |
---|
940 | n = print_string(NULL, 0, |
---|
941 | l - 1, (const uint8_t *)tmp); |
---|
942 | opt = malloc(n); |
---|
943 | if (opt) |
---|
944 | print_string(opt, n, |
---|
945 | l - 1, |
---|
946 | (const uint8_t *)tmp); |
---|
947 | free(tmp); |
---|
948 | } |
---|
949 | } |
---|
950 | break; |
---|
951 | |
---|
952 | default: |
---|
953 | continue; |
---|
954 | } |
---|
955 | |
---|
956 | if (opt == NULL) { |
---|
957 | syslog(LOG_ERR, "%s: %m", __func__); |
---|
958 | continue; |
---|
959 | } |
---|
960 | TAILQ_FOREACH(rao, &rap->options, next) { |
---|
961 | if (rao->type == ndo->nd_opt_type && |
---|
962 | strcmp(rao->option, opt) == 0) |
---|
963 | break; |
---|
964 | } |
---|
965 | if (lifetime == 0) { |
---|
966 | if (rao) { |
---|
967 | TAILQ_REMOVE(&rap->options, rao, next); |
---|
968 | free(rao->option); |
---|
969 | free(rao); |
---|
970 | } |
---|
971 | free(opt); |
---|
972 | continue; |
---|
973 | } |
---|
974 | |
---|
975 | if (rao == NULL) { |
---|
976 | rao = malloc(sizeof(*rao)); |
---|
977 | if (rao == NULL) { |
---|
978 | syslog(LOG_ERR, "%s: %m", __func__); |
---|
979 | continue; |
---|
980 | } |
---|
981 | rao->type = ndo->nd_opt_type; |
---|
982 | rao->option = opt; |
---|
983 | TAILQ_INSERT_TAIL(&rap->options, rao, next); |
---|
984 | } else |
---|
985 | free(opt); |
---|
986 | if (lifetime == ~0U) |
---|
987 | timerclear(&rao->expire); |
---|
988 | else { |
---|
989 | expire.tv_sec = lifetime; |
---|
990 | expire.tv_usec = 0; |
---|
991 | timeradd(&rap->received, &expire, &rao->expire); |
---|
992 | } |
---|
993 | } |
---|
994 | |
---|
995 | if (new_rap) |
---|
996 | add_router(rap); |
---|
997 | if (options & DHCPCD_TEST) { |
---|
998 | script_runreason(ifp, "TEST"); |
---|
999 | goto handle_flag; |
---|
1000 | } |
---|
1001 | ipv6nd_probeaddrs(&rap->addrs); |
---|
1002 | ipv6_buildroutes(); |
---|
1003 | |
---|
1004 | /* We will get run by the expire function */ |
---|
1005 | if (rap->lifetime) |
---|
1006 | ipv6nd_scriptrun(rap); |
---|
1007 | |
---|
1008 | eloop_timeout_delete(NULL, ifp); |
---|
1009 | eloop_timeout_delete(NULL, rap); /* reachable timer */ |
---|
1010 | |
---|
1011 | /* If we're owning the RA then we need to try and ensure the |
---|
1012 | * router is actually reachable */ |
---|
1013 | if (ifp->options->options & DHCPCD_IPV6RA_OWN || |
---|
1014 | ifp->options->options & DHCPCD_IPV6RA_OWN_DEFAULT) |
---|
1015 | { |
---|
1016 | rap->nsprobes = 0; |
---|
1017 | if (rap->lifetime) |
---|
1018 | ipv6nd_proberouter(rap); |
---|
1019 | } |
---|
1020 | |
---|
1021 | handle_flag: |
---|
1022 | if (rap->flags & ND_RA_FLAG_MANAGED) { |
---|
1023 | if (rap->lifetime && new_data && |
---|
1024 | dhcp6_start(ifp, DH6S_INIT) == -1) |
---|
1025 | syslog(LOG_ERR, "dhcp6_start: %s: %m", ifp->name); |
---|
1026 | } else if (rap->flags & ND_RA_FLAG_OTHER) { |
---|
1027 | if (rap->lifetime && new_data && |
---|
1028 | dhcp6_start(ifp, DH6S_INFORM) == -1) |
---|
1029 | syslog(LOG_ERR, "dhcp6_start: %s: %m", ifp->name); |
---|
1030 | } else { |
---|
1031 | if (rap->lifetime && new_data) |
---|
1032 | syslog(LOG_DEBUG, "%s: No DHCPv6 instruction in RA", |
---|
1033 | ifp->name); |
---|
1034 | if (options & DHCPCD_TEST) |
---|
1035 | exit(EXIT_SUCCESS); |
---|
1036 | } |
---|
1037 | |
---|
1038 | /* Expire should be called last as the rap object could be destroyed */ |
---|
1039 | ipv6nd_expirera(ifp); |
---|
1040 | } |
---|
1041 | |
---|
1042 | int |
---|
1043 | ipv6nd_has_ra(const struct interface *ifp) |
---|
1044 | { |
---|
1045 | const struct ra *rap; |
---|
1046 | |
---|
1047 | TAILQ_FOREACH(rap, &ipv6_routers, next) |
---|
1048 | if (rap->iface == ifp) |
---|
1049 | return 1; |
---|
1050 | return 0; |
---|
1051 | } |
---|
1052 | |
---|
1053 | ssize_t |
---|
1054 | ipv6nd_env(char **env, const char *prefix, const struct interface *ifp) |
---|
1055 | { |
---|
1056 | ssize_t l; |
---|
1057 | size_t len; |
---|
1058 | struct timeval now; |
---|
1059 | const struct ra *rap; |
---|
1060 | const struct ra_opt *rao; |
---|
1061 | int i; |
---|
1062 | char buffer[32]; |
---|
1063 | const char *optn; |
---|
1064 | char **pref, **mtu, **rdnss, **dnssl, ***var, *new; |
---|
1065 | |
---|
1066 | i = 0; |
---|
1067 | l = 0; |
---|
1068 | get_monotonic(&now); |
---|
1069 | TAILQ_FOREACH(rap, &ipv6_routers, next) { |
---|
1070 | i++; |
---|
1071 | if (rap->iface != ifp) |
---|
1072 | continue; |
---|
1073 | if (env) { |
---|
1074 | snprintf(buffer, sizeof(buffer), |
---|
1075 | "ra%d_from", i); |
---|
1076 | if (setvar(&env, prefix, buffer, rap->sfrom) == -1) |
---|
1077 | return -1; |
---|
1078 | } |
---|
1079 | l++; |
---|
1080 | |
---|
1081 | pref = mtu = rdnss = dnssl = NULL; |
---|
1082 | TAILQ_FOREACH(rao, &rap->options, next) { |
---|
1083 | if (rao->option == NULL) |
---|
1084 | continue; |
---|
1085 | var = NULL; |
---|
1086 | switch(rao->type) { |
---|
1087 | case ND_OPT_PREFIX_INFORMATION: |
---|
1088 | optn = "prefix"; |
---|
1089 | var = &pref; |
---|
1090 | break; |
---|
1091 | case ND_OPT_MTU: |
---|
1092 | optn = "mtu"; |
---|
1093 | var = &mtu; |
---|
1094 | break; |
---|
1095 | case ND_OPT_RDNSS: |
---|
1096 | optn = "rdnss"; |
---|
1097 | var = &rdnss; |
---|
1098 | break; |
---|
1099 | case ND_OPT_DNSSL: |
---|
1100 | optn = "dnssl"; |
---|
1101 | var = &dnssl; |
---|
1102 | break; |
---|
1103 | default: |
---|
1104 | continue; |
---|
1105 | } |
---|
1106 | if (*var == NULL) { |
---|
1107 | *var = env ? env : &new; |
---|
1108 | l++; |
---|
1109 | } else if (env) { |
---|
1110 | /* With single only options, last one takes |
---|
1111 | * precedence */ |
---|
1112 | if (rao->type == ND_OPT_MTU) { |
---|
1113 | new = strchr(**var, '='); |
---|
1114 | if (new == NULL) { |
---|
1115 | syslog(LOG_ERR, "new is null"); |
---|
1116 | continue; |
---|
1117 | } else |
---|
1118 | new++; |
---|
1119 | len = (new - **var) + |
---|
1120 | strlen(rao->option) + 1; |
---|
1121 | if (len > strlen(**var)) |
---|
1122 | new = realloc(**var, len); |
---|
1123 | else |
---|
1124 | new = **var; |
---|
1125 | if (new) { |
---|
1126 | **var = new; |
---|
1127 | new = strchr(**var, '='); |
---|
1128 | if (new) |
---|
1129 | strcpy(new + 1, |
---|
1130 | rao->option); |
---|
1131 | else |
---|
1132 | syslog(LOG_ERR, |
---|
1133 | "new is null"); |
---|
1134 | } |
---|
1135 | continue; |
---|
1136 | } |
---|
1137 | new = realloc(**var, |
---|
1138 | strlen(**var) + 1 + |
---|
1139 | strlen(rao->option) + 1); |
---|
1140 | if (new == NULL) |
---|
1141 | return -1; |
---|
1142 | **var = new; |
---|
1143 | new += strlen(new); |
---|
1144 | *new++ = ' '; |
---|
1145 | strcpy(new, rao->option); |
---|
1146 | continue; |
---|
1147 | } |
---|
1148 | if (env) { |
---|
1149 | snprintf(buffer, sizeof(buffer), |
---|
1150 | "ra%d_%s", i, optn); |
---|
1151 | if (setvar(&env, prefix, buffer, rao->option) |
---|
1152 | == -1) |
---|
1153 | return -1; |
---|
1154 | } |
---|
1155 | } |
---|
1156 | } |
---|
1157 | |
---|
1158 | if (env) { |
---|
1159 | if (setvard(&env, prefix, "ra_count", i) == -1) |
---|
1160 | return -1; |
---|
1161 | } |
---|
1162 | l++; |
---|
1163 | return l; |
---|
1164 | } |
---|
1165 | |
---|
1166 | void |
---|
1167 | ipv6nd_handleifa(int cmd, const char *ifname, |
---|
1168 | const struct in6_addr *addr, int flags) |
---|
1169 | { |
---|
1170 | struct ra *rap; |
---|
1171 | |
---|
1172 | TAILQ_FOREACH(rap, &ipv6_routers, next) { |
---|
1173 | if (strcmp(rap->iface->name, ifname)) |
---|
1174 | continue; |
---|
1175 | ipv6_handleifa_addrs(cmd, &rap->addrs, addr, flags); |
---|
1176 | } |
---|
1177 | } |
---|
1178 | |
---|
1179 | void |
---|
1180 | ipv6nd_expirera(void *arg) |
---|
1181 | { |
---|
1182 | struct interface *ifp; |
---|
1183 | struct ra *rap, *ran; |
---|
1184 | struct ra_opt *rao, *raon; |
---|
1185 | struct timeval now, lt, expire, next; |
---|
1186 | int expired, valid; |
---|
1187 | |
---|
1188 | ifp = arg; |
---|
1189 | get_monotonic(&now); |
---|
1190 | expired = 0; |
---|
1191 | timerclear(&next); |
---|
1192 | |
---|
1193 | TAILQ_FOREACH_SAFE(rap, &ipv6_routers, next, ran) { |
---|
1194 | if (rap->iface != ifp) |
---|
1195 | continue; |
---|
1196 | lt.tv_sec = rap->lifetime; |
---|
1197 | lt.tv_usec = 0; |
---|
1198 | timeradd(&rap->received, <, &expire); |
---|
1199 | if (rap->lifetime == 0 || timercmp(&now, &expire, >)) { |
---|
1200 | valid = 0; |
---|
1201 | if (!rap->expired) { |
---|
1202 | syslog(LOG_WARNING, |
---|
1203 | "%s: %s: router expired", |
---|
1204 | ifp->name, rap->sfrom); |
---|
1205 | rap->expired = expired = 1; |
---|
1206 | ipv6nd_cancelproberouter(rap); |
---|
1207 | } |
---|
1208 | } else { |
---|
1209 | valid = 1; |
---|
1210 | timersub(&expire, &now, <); |
---|
1211 | if (!timerisset(&next) || timercmp(&next, <, >)) |
---|
1212 | next = lt; |
---|
1213 | } |
---|
1214 | |
---|
1215 | /* Addresses are expired in ipv6ns_probeaddrs |
---|
1216 | * so that DHCPv6 addresses can be removed also. */ |
---|
1217 | TAILQ_FOREACH_SAFE(rao, &rap->options, next, raon) { |
---|
1218 | if (rap->expired) { |
---|
1219 | switch(rao->type) { |
---|
1220 | case ND_OPT_RDNSS: /* FALLTHROUGH */ |
---|
1221 | case ND_OPT_DNSSL: |
---|
1222 | /* RFC6018 end of section 5.2 states |
---|
1223 | * that if tha RA has a lifetime of 0 |
---|
1224 | * then we should expire these |
---|
1225 | * options */ |
---|
1226 | TAILQ_REMOVE(&rap->options, rao, next); |
---|
1227 | expired = 1; |
---|
1228 | free(rao->option); |
---|
1229 | free(rao); |
---|
1230 | continue; |
---|
1231 | } |
---|
1232 | } |
---|
1233 | if (!timerisset(&rao->expire)) |
---|
1234 | continue; |
---|
1235 | if (timercmp(&now, &rao->expire, >)) { |
---|
1236 | /* Expired prefixes are logged above */ |
---|
1237 | if (rao->type != ND_OPT_PREFIX_INFORMATION) |
---|
1238 | syslog(LOG_WARNING, |
---|
1239 | "%s: %s: expired option %d", |
---|
1240 | ifp->name, rap->sfrom, rao->type); |
---|
1241 | TAILQ_REMOVE(&rap->options, rao, next); |
---|
1242 | expired = 1; |
---|
1243 | free(rao->option); |
---|
1244 | free(rao); |
---|
1245 | continue; |
---|
1246 | } |
---|
1247 | valid = 1; |
---|
1248 | timersub(&rao->expire, &now, <); |
---|
1249 | if (!timerisset(&next) || timercmp(&next, <, >)) |
---|
1250 | next = lt; |
---|
1251 | } |
---|
1252 | |
---|
1253 | /* No valid lifetimes are left on the RA, so we might |
---|
1254 | * as well punt it. */ |
---|
1255 | if (!valid && TAILQ_FIRST(&rap->addrs) == NULL) |
---|
1256 | ipv6nd_free_ra(rap); |
---|
1257 | } |
---|
1258 | |
---|
1259 | if (timerisset(&next)) |
---|
1260 | eloop_timeout_add_tv(&next, ipv6nd_expirera, ifp); |
---|
1261 | if (expired) { |
---|
1262 | ipv6_buildroutes(); |
---|
1263 | script_runreason(ifp, "ROUTERADVERT"); |
---|
1264 | } |
---|
1265 | } |
---|
1266 | |
---|
1267 | void |
---|
1268 | ipv6nd_drop(struct interface *ifp) |
---|
1269 | { |
---|
1270 | struct ra *rap; |
---|
1271 | int expired = 0; |
---|
1272 | TAILQ_HEAD(rahead, ra) rtrs; |
---|
1273 | |
---|
1274 | eloop_timeout_delete(NULL, ifp); |
---|
1275 | TAILQ_INIT(&rtrs); |
---|
1276 | TAILQ_FOREACH(rap, &ipv6_routers, next) { |
---|
1277 | if (rap->iface == ifp) { |
---|
1278 | rap->expired = expired = 1; |
---|
1279 | TAILQ_REMOVE(&ipv6_routers, rap, next); |
---|
1280 | TAILQ_INSERT_TAIL(&rtrs, rap, next); |
---|
1281 | } |
---|
1282 | } |
---|
1283 | if (expired) { |
---|
1284 | while ((rap = TAILQ_FIRST(&rtrs))) { |
---|
1285 | TAILQ_REMOVE(&rtrs, rap, next); |
---|
1286 | ipv6nd_drop_ra(rap); |
---|
1287 | } |
---|
1288 | ipv6_buildroutes(); |
---|
1289 | if ((ifp->options->options & |
---|
1290 | (DHCPCD_EXITING | DHCPCD_PERSISTENT)) != |
---|
1291 | (DHCPCD_EXITING | DHCPCD_PERSISTENT)) |
---|
1292 | script_runreason(ifp, "ROUTERADVERT"); |
---|
1293 | } |
---|
1294 | } |
---|
1295 | static void |
---|
1296 | ipv6nd_unreachable(void *arg) |
---|
1297 | { |
---|
1298 | struct ra *rap = arg; |
---|
1299 | struct timeval tv; |
---|
1300 | |
---|
1301 | /* We could add an unreachable flag and persist the information, |
---|
1302 | * but that is more effort than it's probably worth. */ |
---|
1303 | syslog(LOG_WARNING, "%s: %s is unreachable, expiring it", |
---|
1304 | rap->iface->name, rap->sfrom); |
---|
1305 | rap->expired = 1; |
---|
1306 | ipv6_buildroutes(); |
---|
1307 | script_runreason(rap->iface, "ROUTERADVERT"); /* XXX not RA */ |
---|
1308 | |
---|
1309 | /* We should still test if it's reachable or not so |
---|
1310 | * incase it comes back to life and it's preferable. */ |
---|
1311 | if (rap->reachable) { |
---|
1312 | ms_to_tv(&tv, rap->reachable); |
---|
1313 | } else { |
---|
1314 | tv.tv_sec = REACHABLE_TIME; |
---|
1315 | tv.tv_usec = 0; |
---|
1316 | } |
---|
1317 | eloop_timeout_add_tv(&tv, ipv6nd_proberouter, rap); |
---|
1318 | } |
---|
1319 | |
---|
1320 | #ifdef LISTEN_DAD |
---|
1321 | void |
---|
1322 | ipv6nd_cancelprobeaddr(struct ipv6_addr *ap) |
---|
1323 | { |
---|
1324 | |
---|
1325 | eloop_timeout_delete(ipv6nd_probeaddr, ap); |
---|
1326 | if (ap->dadcallback) |
---|
1327 | eloop_timeout_delete(ap->dadcallback, ap); |
---|
1328 | } |
---|
1329 | #endif |
---|
1330 | |
---|
1331 | void |
---|
1332 | ipv6nd_probeaddr(void *arg) |
---|
1333 | { |
---|
1334 | struct ipv6_addr *ap = arg; |
---|
1335 | #ifdef IPV6_SEND_DAD |
---|
1336 | struct nd_neighbor_solicit *ns; |
---|
1337 | struct nd_opt_hdr *nd; |
---|
1338 | struct sockaddr_in6 dst; |
---|
1339 | struct cmsghdr *cm; |
---|
1340 | struct in6_pktinfo pi; |
---|
1341 | int hoplimit = HOPLIMIT; |
---|
1342 | #else |
---|
1343 | #ifdef LISTEN_DAD |
---|
1344 | struct timeval tv, rtv; |
---|
1345 | struct timeval mtv; |
---|
1346 | int i; |
---|
1347 | #endif |
---|
1348 | #endif |
---|
1349 | |
---|
1350 | if (ap->dadcallback && |
---|
1351 | ((ap->flags & IPV6_AF_NEW) == 0 || |
---|
1352 | ap->nsprobes >= ap->iface->options->dadtransmits)) |
---|
1353 | { |
---|
1354 | #ifdef IPV6_SEND_DAD |
---|
1355 | ap->dadcallback(ap); |
---|
1356 | #else |
---|
1357 | if (!(ap->flags & IPV6_AF_AUTOCONF) || |
---|
1358 | ap->iface->options->options & DHCPCD_IPV6RA_OWN) |
---|
1359 | ipv6_addaddr(ap); |
---|
1360 | #endif |
---|
1361 | return; |
---|
1362 | } |
---|
1363 | |
---|
1364 | if (ipv6nd_naopen() == -1) |
---|
1365 | return; |
---|
1366 | |
---|
1367 | ap->flags &= ~IPV6_AF_DADCOMPLETED; |
---|
1368 | |
---|
1369 | #ifdef IPV6_SEND_DAD |
---|
1370 | if (!ap->ns) { |
---|
1371 | ap->nslen = sizeof(*ns) + ROUNDUP8(ap->iface->hwlen + 2); |
---|
1372 | ap->ns = calloc(1, ap->nslen); |
---|
1373 | if (ap->ns == NULL) { |
---|
1374 | syslog(LOG_ERR, "%s: %m", __func__); |
---|
1375 | return; |
---|
1376 | } |
---|
1377 | ns = (struct nd_neighbor_solicit *)(void *)ap->ns; |
---|
1378 | ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; |
---|
1379 | //ns->nd_ns_cksum = 0; |
---|
1380 | //ns->nd_ns_code = 0; |
---|
1381 | //ns->nd_ns_reserved = 0; |
---|
1382 | ns->nd_ns_target = ap->addr; |
---|
1383 | nd = (struct nd_opt_hdr *)(ap->ns + sizeof(*ns)); |
---|
1384 | nd->nd_opt_type = ND_OPT_SOURCE_LINKADDR; |
---|
1385 | nd->nd_opt_len = (ROUNDUP8(ap->iface->hwlen + 2)) >> 3; |
---|
1386 | memcpy(nd + 1, ap->iface->hwaddr, ap->iface->hwlen); |
---|
1387 | } |
---|
1388 | |
---|
1389 | memset(&dst, 0, sizeof(dst)); |
---|
1390 | dst.sin6_family = AF_INET6; |
---|
1391 | #ifdef SIN6_LEN |
---|
1392 | dst.sin6_len = sizeof(dst); |
---|
1393 | #endif |
---|
1394 | dst.sin6_addr.s6_addr16[0] = IPV6_ADDR_INT16_MLL; |
---|
1395 | dst.sin6_addr.s6_addr16[1] = 0; |
---|
1396 | dst.sin6_addr.s6_addr32[1] = 0; |
---|
1397 | dst.sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_ONE; |
---|
1398 | dst.sin6_addr.s6_addr32[3] = ap->addr.s6_addr32[3]; |
---|
1399 | dst.sin6_addr.s6_addr[12] = 0xff; |
---|
1400 | |
---|
1401 | //memcpy(&dst.sin6_addr, &ap->addr, sizeof(dst.sin6_addr)); |
---|
1402 | dst.sin6_scope_id = ap->iface->index; |
---|
1403 | |
---|
1404 | sndhdr.msg_name = (caddr_t)&dst; |
---|
1405 | sndhdr.msg_iov[0].iov_base = ap->ns; |
---|
1406 | sndhdr.msg_iov[0].iov_len = ap->nslen; |
---|
1407 | |
---|
1408 | /* Set the outbound interface */ |
---|
1409 | cm = CMSG_FIRSTHDR(&sndhdr); |
---|
1410 | cm->cmsg_level = IPPROTO_IPV6; |
---|
1411 | cm->cmsg_type = IPV6_PKTINFO; |
---|
1412 | cm->cmsg_len = CMSG_LEN(sizeof(pi)); |
---|
1413 | memset(&pi, 0, sizeof(pi)); |
---|
1414 | pi.ipi6_ifindex = ap->iface->index; |
---|
1415 | memcpy(CMSG_DATA(cm), &pi, sizeof(pi)); |
---|
1416 | |
---|
1417 | /* Hop limit */ |
---|
1418 | cm = CMSG_NXTHDR(&sndhdr, cm); |
---|
1419 | cm->cmsg_level = IPPROTO_IPV6; |
---|
1420 | cm->cmsg_type = IPV6_HOPLIMIT; |
---|
1421 | cm->cmsg_len = CMSG_LEN(sizeof(hoplimit)); |
---|
1422 | memcpy(CMSG_DATA(cm), &hoplimit, sizeof(hoplimit)); |
---|
1423 | |
---|
1424 | #ifdef DEBUG_NS |
---|
1425 | syslog(LOG_INFO, "%s: sending IPv6 NS for %s", |
---|
1426 | ap->iface->name, ap->saddr); |
---|
1427 | if (ap->dadcallback == NULL) |
---|
1428 | syslog(LOG_WARNING, "%s: no callback!", ap->iface->name); |
---|
1429 | #endif |
---|
1430 | if (sendmsg(unspec_sock, &sndhdr, 0) == -1) { |
---|
1431 | syslog(LOG_ERR, "%s: %s: sendmsg: %m", |
---|
1432 | ap->iface->name, __func__); |
---|
1433 | return; |
---|
1434 | } |
---|
1435 | |
---|
1436 | if (ap->dadcallback) { |
---|
1437 | ms_to_tv(&tv, RETRANS_TIMER); |
---|
1438 | ms_to_tv(&rtv, MIN_RANDOM_FACTOR); |
---|
1439 | timeradd(&tv, &rtv, &tv); |
---|
1440 | rtv.tv_sec = 0; |
---|
1441 | rtv.tv_usec = arc4random() % |
---|
1442 | (MAX_RANDOM_FACTOR_U - MIN_RANDOM_FACTOR_U); |
---|
1443 | timeradd(&tv, &rtv, &tv); |
---|
1444 | |
---|
1445 | eloop_timeout_add_tv(&tv, |
---|
1446 | ++(ap->nsprobes) < ap->iface->options->dadtransmits ? |
---|
1447 | ipv6nd_probeaddr : ap->dadcallback, |
---|
1448 | ap); |
---|
1449 | } |
---|
1450 | #else /* IPV6_SEND_DAD */ |
---|
1451 | |
---|
1452 | if (!(ap->flags & IPV6_AF_AUTOCONF) || |
---|
1453 | ap->iface->options->options & DHCPCD_IPV6RA_OWN) |
---|
1454 | ipv6_addaddr(ap); |
---|
1455 | |
---|
1456 | #ifdef LISTEN_DAD |
---|
1457 | /* Let the kernel handle DAD. |
---|
1458 | * We don't know the timings, so just wait for the max */ |
---|
1459 | if (ap->dadcallback) { |
---|
1460 | mtv.tv_sec = 0; |
---|
1461 | mtv.tv_usec = 0; |
---|
1462 | for (i = 0; i < ap->iface->options->dadtransmits; i++) { |
---|
1463 | ms_to_tv(&tv, RETRANS_TIMER); |
---|
1464 | ms_to_tv(&rtv, MAX_RANDOM_FACTOR); |
---|
1465 | timeradd(&tv, &rtv, &tv); |
---|
1466 | timeradd(&mtv, &tv, &mtv); |
---|
1467 | } |
---|
1468 | eloop_timeout_add_tv(&mtv, ap->dadcallback, ap); |
---|
1469 | } |
---|
1470 | #endif |
---|
1471 | #endif /* IPV6_SEND_DAD */ |
---|
1472 | } |
---|
1473 | |
---|
1474 | ssize_t |
---|
1475 | ipv6nd_probeaddrs(struct ipv6_addrhead *addrs) |
---|
1476 | { |
---|
1477 | struct ipv6_addr *ap, *apn; |
---|
1478 | ssize_t i; |
---|
1479 | |
---|
1480 | i = 0; |
---|
1481 | TAILQ_FOREACH_SAFE(ap, addrs, next, apn) { |
---|
1482 | if (ap->prefix_vltime == 0) { |
---|
1483 | TAILQ_REMOVE(addrs, ap, next); |
---|
1484 | if (ap->flags & IPV6_AF_ADDED) { |
---|
1485 | syslog(LOG_INFO, "%s: deleting address %s", |
---|
1486 | ap->iface->name, ap->saddr); |
---|
1487 | i++; |
---|
1488 | if (!IN6_IS_ADDR_UNSPECIFIED(&ap->addr) && |
---|
1489 | del_address6(ap) == -1 && |
---|
1490 | errno != EADDRNOTAVAIL && errno != ENXIO) |
---|
1491 | syslog(LOG_ERR, "del_address6 %m"); |
---|
1492 | } |
---|
1493 | if (ap->dadcallback) |
---|
1494 | eloop_q_timeout_delete(0, NULL, |
---|
1495 | ap->dadcallback); |
---|
1496 | free(ap); |
---|
1497 | } else if (!IN6_IS_ADDR_UNSPECIFIED(&ap->addr)) { |
---|
1498 | ipv6nd_probeaddr(ap); |
---|
1499 | if (ap->flags & IPV6_AF_NEW) |
---|
1500 | i++; |
---|
1501 | } |
---|
1502 | } |
---|
1503 | |
---|
1504 | return i; |
---|
1505 | } |
---|
1506 | |
---|
1507 | void |
---|
1508 | ipv6nd_proberouter(void *arg) |
---|
1509 | { |
---|
1510 | struct ra *rap = arg; |
---|
1511 | struct nd_neighbor_solicit *ns; |
---|
1512 | struct nd_opt_hdr *nd; |
---|
1513 | struct sockaddr_in6 dst; |
---|
1514 | struct cmsghdr *cm; |
---|
1515 | struct in6_pktinfo pi; |
---|
1516 | int hoplimit = HOPLIMIT; |
---|
1517 | struct timeval tv, rtv; |
---|
1518 | |
---|
1519 | if (ipv6nd_naopen() == -1) |
---|
1520 | return; |
---|
1521 | |
---|
1522 | if (!rap->ns) { |
---|
1523 | rap->nslen = sizeof(*ns) + ROUNDUP8(rap->iface->hwlen + 2); |
---|
1524 | rap->ns = calloc(1, rap->nslen); |
---|
1525 | if (rap->ns == NULL) { |
---|
1526 | syslog(LOG_ERR, "%s: %m", __func__); |
---|
1527 | return; |
---|
1528 | } |
---|
1529 | ns = (struct nd_neighbor_solicit *)(void *)rap->ns; |
---|
1530 | ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; |
---|
1531 | //ns->nd_ns_cksum = 0; |
---|
1532 | //ns->nd_ns_code = 0; |
---|
1533 | //ns->nd_ns_reserved = 0; |
---|
1534 | ns->nd_ns_target = rap->from; |
---|
1535 | nd = (struct nd_opt_hdr *)(rap->ns + sizeof(*ns)); |
---|
1536 | nd->nd_opt_type = ND_OPT_SOURCE_LINKADDR; |
---|
1537 | nd->nd_opt_len = (ROUNDUP8(rap->iface->hwlen + 2)) >> 3; |
---|
1538 | memcpy(nd + 1, rap->iface->hwaddr, rap->iface->hwlen); |
---|
1539 | } |
---|
1540 | |
---|
1541 | memset(&dst, 0, sizeof(dst)); |
---|
1542 | dst.sin6_family = AF_INET6; |
---|
1543 | #ifdef SIN6_LEN |
---|
1544 | dst.sin6_len = sizeof(dst); |
---|
1545 | #endif |
---|
1546 | memcpy(&dst.sin6_addr, &rap->from, sizeof(dst.sin6_addr)); |
---|
1547 | dst.sin6_scope_id = rap->iface->index; |
---|
1548 | |
---|
1549 | sndhdr.msg_name = (caddr_t)&dst; |
---|
1550 | sndhdr.msg_iov[0].iov_base = rap->ns; |
---|
1551 | sndhdr.msg_iov[0].iov_len = rap->nslen; |
---|
1552 | |
---|
1553 | /* Set the outbound interface */ |
---|
1554 | cm = CMSG_FIRSTHDR(&sndhdr); |
---|
1555 | cm->cmsg_level = IPPROTO_IPV6; |
---|
1556 | cm->cmsg_type = IPV6_PKTINFO; |
---|
1557 | cm->cmsg_len = CMSG_LEN(sizeof(pi)); |
---|
1558 | memset(&pi, 0, sizeof(pi)); |
---|
1559 | pi.ipi6_ifindex = rap->iface->index; |
---|
1560 | memcpy(CMSG_DATA(cm), &pi, sizeof(pi)); |
---|
1561 | |
---|
1562 | /* Hop limit */ |
---|
1563 | cm = CMSG_NXTHDR(&sndhdr, cm); |
---|
1564 | cm->cmsg_level = IPPROTO_IPV6; |
---|
1565 | cm->cmsg_type = IPV6_HOPLIMIT; |
---|
1566 | cm->cmsg_len = CMSG_LEN(sizeof(hoplimit)); |
---|
1567 | memcpy(CMSG_DATA(cm), &hoplimit, sizeof(hoplimit)); |
---|
1568 | |
---|
1569 | #ifdef DEBUG_NS |
---|
1570 | syslog(LOG_INFO, "%s: sending IPv6 NS for %s", |
---|
1571 | rap->iface->name, rap->sfrom); |
---|
1572 | #endif |
---|
1573 | if (sendmsg(sock, &sndhdr, 0) == -1) { |
---|
1574 | syslog(LOG_ERR, "%s: %s: sendmsg: %m", |
---|
1575 | rap->iface->name, __func__); |
---|
1576 | return; |
---|
1577 | } |
---|
1578 | |
---|
1579 | ms_to_tv(&tv, rap->retrans == 0 ? RETRANS_TIMER : rap->retrans); |
---|
1580 | ms_to_tv(&rtv, MIN_RANDOM_FACTOR); |
---|
1581 | timeradd(&tv, &rtv, &tv); |
---|
1582 | rtv.tv_sec = 0; |
---|
1583 | rtv.tv_usec = arc4random() % (MAX_RANDOM_FACTOR_U -MIN_RANDOM_FACTOR_U); |
---|
1584 | timeradd(&tv, &rtv, &tv); |
---|
1585 | eloop_timeout_add_tv(&tv, ipv6nd_proberouter, rap); |
---|
1586 | |
---|
1587 | if (rap->nsprobes++ == 0) |
---|
1588 | eloop_timeout_add_sec(DELAY_FIRST_PROBE_TIME, |
---|
1589 | ipv6nd_unreachable, rap); |
---|
1590 | } |
---|
1591 | |
---|
1592 | void |
---|
1593 | ipv6nd_cancelproberouter(struct ra *rap) |
---|
1594 | { |
---|
1595 | |
---|
1596 | eloop_timeout_delete(ipv6nd_proberouter, rap); |
---|
1597 | eloop_timeout_delete(ipv6nd_unreachable, rap); |
---|
1598 | } |
---|
1599 | |
---|
1600 | /* ARGSUSED */ |
---|
1601 | static void |
---|
1602 | ipv6nd_handlena(struct interface *ifp, struct icmp6_hdr *icp, ssize_t len) |
---|
1603 | { |
---|
1604 | struct nd_neighbor_advert *nd_na; |
---|
1605 | struct ra *rap; |
---|
1606 | int is_router, is_solicited; |
---|
1607 | #ifdef DEBUG_NS |
---|
1608 | int found; |
---|
1609 | #endif |
---|
1610 | struct timeval tv; |
---|
1611 | |
---|
1612 | #ifdef LISTEN_DAD |
---|
1613 | struct dhcp6_state *d6state; |
---|
1614 | struct ipv6_addr *ap; |
---|
1615 | #endif |
---|
1616 | |
---|
1617 | if ((size_t)len < sizeof(struct nd_neighbor_advert)) { |
---|
1618 | syslog(LOG_ERR, "IPv6 NA packet too short from %s", sfrom); |
---|
1619 | return; |
---|
1620 | } |
---|
1621 | |
---|
1622 | if (ifp == NULL) { |
---|
1623 | #ifdef DEBUG_NS |
---|
1624 | syslog(LOG_DEBUG, "NA for unexpected interface from %s", sfrom); |
---|
1625 | #endif |
---|
1626 | return; |
---|
1627 | } |
---|
1628 | |
---|
1629 | nd_na = (struct nd_neighbor_advert *)icp; |
---|
1630 | is_router = nd_na->nd_na_flags_reserved & ND_NA_FLAG_ROUTER; |
---|
1631 | is_solicited = nd_na->nd_na_flags_reserved & ND_NA_FLAG_SOLICITED; |
---|
1632 | |
---|
1633 | if (IN6_IS_ADDR_MULTICAST(&nd_na->nd_na_target)) { |
---|
1634 | syslog(LOG_ERR, "%s: NA for multicast address from %s", |
---|
1635 | ifp->name, sfrom); |
---|
1636 | return; |
---|
1637 | } |
---|
1638 | |
---|
1639 | #ifdef DEBUG_NS |
---|
1640 | found = 0; |
---|
1641 | #endif |
---|
1642 | TAILQ_FOREACH(rap, &ipv6_routers, next) { |
---|
1643 | if (rap->iface != ifp) |
---|
1644 | continue; |
---|
1645 | if (memcmp(rap->from.s6_addr, nd_na->nd_na_target.s6_addr, |
---|
1646 | sizeof(rap->from.s6_addr)) == 0) |
---|
1647 | break; |
---|
1648 | #ifdef LISTEN_DAD |
---|
1649 | TAILQ_FOREACH(ap, &rap->addrs, next) { |
---|
1650 | if (memcmp(ap->addr.s6_addr, |
---|
1651 | nd_na->nd_na_target.s6_addr, |
---|
1652 | sizeof(ap->addr.s6_addr)) == 0) |
---|
1653 | { |
---|
1654 | ap->flags |= IPV6_AF_DUPLICATED; |
---|
1655 | if (ap->dadcallback) |
---|
1656 | ap->dadcallback(ap); |
---|
1657 | #ifdef DEBUG_NS |
---|
1658 | found++; |
---|
1659 | #endif |
---|
1660 | } |
---|
1661 | } |
---|
1662 | #endif |
---|
1663 | } |
---|
1664 | if (rap == NULL) { |
---|
1665 | #ifdef LISTEN_DAD |
---|
1666 | d6state = D6_STATE(ifp); |
---|
1667 | if (d6state) { |
---|
1668 | TAILQ_FOREACH(ap, &d6state->addrs, next) { |
---|
1669 | if (memcmp(ap->addr.s6_addr, |
---|
1670 | nd_na->nd_na_target.s6_addr, |
---|
1671 | sizeof(ap->addr.s6_addr)) == 0) |
---|
1672 | { |
---|
1673 | ap->flags |= IPV6_AF_DUPLICATED; |
---|
1674 | if (ap->dadcallback) |
---|
1675 | ap->dadcallback(ap); |
---|
1676 | #ifdef DEBUG_NS |
---|
1677 | found++; |
---|
1678 | #endif |
---|
1679 | } |
---|
1680 | } |
---|
1681 | } |
---|
1682 | #endif |
---|
1683 | |
---|
1684 | #ifdef DEBUG_NS |
---|
1685 | if (found == 0) |
---|
1686 | syslog(LOG_DEBUG, "%s: unexpected NA from %s", |
---|
1687 | ifp->name, sfrom); |
---|
1688 | #endif |
---|
1689 | return; |
---|
1690 | } |
---|
1691 | |
---|
1692 | #ifdef DEBUG_NS |
---|
1693 | syslog(LOG_DEBUG, "%s: %sNA from %s", |
---|
1694 | ifp->name, is_solicited ? "solicited " : "", sfrom); |
---|
1695 | #endif |
---|
1696 | |
---|
1697 | /* Node is no longer a router, so remove it from consideration */ |
---|
1698 | if (!is_router && !rap->expired) { |
---|
1699 | syslog(LOG_INFO, "%s: %s is no longer a router", |
---|
1700 | ifp->name, sfrom); |
---|
1701 | rap->expired = 1; |
---|
1702 | ipv6nd_cancelproberouter(rap); |
---|
1703 | ipv6_buildroutes(); |
---|
1704 | script_runreason(ifp, "ROUTERADVERT"); |
---|
1705 | return; |
---|
1706 | } |
---|
1707 | |
---|
1708 | if (is_solicited && is_router && rap->lifetime) { |
---|
1709 | if (rap->expired) { |
---|
1710 | rap->expired = 0; |
---|
1711 | syslog(LOG_INFO, "%s: %s is reachable again", |
---|
1712 | ifp->name, sfrom); |
---|
1713 | ipv6_buildroutes(); |
---|
1714 | script_runreason(rap->iface, "ROUTERADVERT"); /* XXX */ |
---|
1715 | } |
---|
1716 | rap->nsprobes = 0; |
---|
1717 | if (rap->reachable) { |
---|
1718 | ms_to_tv(&tv, rap->reachable); |
---|
1719 | } else { |
---|
1720 | tv.tv_sec = REACHABLE_TIME; |
---|
1721 | tv.tv_usec = 0; |
---|
1722 | } |
---|
1723 | eloop_timeout_add_tv(&tv, ipv6nd_proberouter, rap); |
---|
1724 | eloop_timeout_delete(ipv6nd_unreachable, rap); |
---|
1725 | } |
---|
1726 | } |
---|
1727 | |
---|
1728 | /* ARGSUSED */ |
---|
1729 | static void |
---|
1730 | ipv6nd_handledata(__unused void *arg) |
---|
1731 | { |
---|
1732 | ssize_t len; |
---|
1733 | struct cmsghdr *cm; |
---|
1734 | int hoplimit; |
---|
1735 | struct in6_pktinfo pkt; |
---|
1736 | struct icmp6_hdr *icp; |
---|
1737 | struct interface *ifp; |
---|
1738 | |
---|
1739 | len = recvmsg(sock, &rcvhdr, 0); |
---|
1740 | if (len == -1) { |
---|
1741 | syslog(LOG_ERR, "recvmsg: %m"); |
---|
1742 | return; |
---|
1743 | } |
---|
1744 | sfrom = inet_ntop(AF_INET6, &from.sin6_addr, |
---|
1745 | ntopbuf, INET6_ADDRSTRLEN); |
---|
1746 | if ((size_t)len < sizeof(struct icmp6_hdr)) { |
---|
1747 | syslog(LOG_ERR, "IPv6 ICMP packet too short from %s", sfrom); |
---|
1748 | return; |
---|
1749 | } |
---|
1750 | |
---|
1751 | pkt.ipi6_ifindex = hoplimit = 0; |
---|
1752 | for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(&rcvhdr); |
---|
1753 | cm; |
---|
1754 | cm = (struct cmsghdr *)CMSG_NXTHDR(&rcvhdr, cm)) |
---|
1755 | { |
---|
1756 | if (cm->cmsg_level != IPPROTO_IPV6) |
---|
1757 | continue; |
---|
1758 | switch(cm->cmsg_type) { |
---|
1759 | case IPV6_PKTINFO: |
---|
1760 | if (cm->cmsg_len == CMSG_LEN(sizeof(pkt))) |
---|
1761 | memcpy(&pkt, CMSG_DATA(cm), sizeof(pkt)); |
---|
1762 | break; |
---|
1763 | case IPV6_HOPLIMIT: |
---|
1764 | if (cm->cmsg_len == CMSG_LEN(sizeof(int))) |
---|
1765 | memcpy(&hoplimit, CMSG_DATA(cm), sizeof(int)); |
---|
1766 | break; |
---|
1767 | } |
---|
1768 | } |
---|
1769 | |
---|
1770 | if (pkt.ipi6_ifindex == 0 || hoplimit == 0) { |
---|
1771 | syslog(LOG_ERR, |
---|
1772 | "IPv6 RA did not contain index or hop limit from %s", |
---|
1773 | sfrom); |
---|
1774 | return; |
---|
1775 | } |
---|
1776 | |
---|
1777 | TAILQ_FOREACH(ifp, ifaces, next) { |
---|
1778 | if (ifp->index == (unsigned int)pkt.ipi6_ifindex) |
---|
1779 | break; |
---|
1780 | } |
---|
1781 | |
---|
1782 | icp = (struct icmp6_hdr *)rcvhdr.msg_iov[0].iov_base; |
---|
1783 | if (icp->icmp6_code == 0) { |
---|
1784 | switch(icp->icmp6_type) { |
---|
1785 | case ND_NEIGHBOR_ADVERT: |
---|
1786 | ipv6nd_handlena(ifp, icp, len); |
---|
1787 | return; |
---|
1788 | case ND_ROUTER_ADVERT: |
---|
1789 | ipv6nd_handlera(ifp, icp, len); |
---|
1790 | return; |
---|
1791 | } |
---|
1792 | } |
---|
1793 | |
---|
1794 | syslog(LOG_ERR, "invalid IPv6 type %d or code %d from %s", |
---|
1795 | icp->icmp6_type, icp->icmp6_code, sfrom); |
---|
1796 | } |
---|
1797 | |
---|
1798 | int |
---|
1799 | ipv6nd_startrs(struct interface *ifp) |
---|
1800 | { |
---|
1801 | struct rs_state *state; |
---|
1802 | |
---|
1803 | syslog(LOG_INFO, "%s: soliciting an IPv6 router", ifp->name); |
---|
1804 | if (sock == -1) { |
---|
1805 | if (ipv6nd_open() == -1) { |
---|
1806 | syslog(LOG_ERR, "%s: ipv6nd_open: %m", __func__); |
---|
1807 | return -1; |
---|
1808 | } |
---|
1809 | eloop_event_add(sock, ipv6nd_handledata, NULL); |
---|
1810 | } |
---|
1811 | |
---|
1812 | eloop_timeout_delete(NULL, ifp); |
---|
1813 | |
---|
1814 | state = RS_STATE(ifp); |
---|
1815 | if (state == NULL) { |
---|
1816 | ifp->if_data[IF_DATA_IPV6ND] = calloc(1, sizeof(*state)); |
---|
1817 | state = RS_STATE(ifp); |
---|
1818 | if (state == NULL) { |
---|
1819 | syslog(LOG_ERR, "%s: %m", __func__); |
---|
1820 | return -1; |
---|
1821 | } |
---|
1822 | } |
---|
1823 | |
---|
1824 | /* Always make a new probe as the underlying hardware |
---|
1825 | * address could have changed. */ |
---|
1826 | ipv6nd_makersprobe(ifp); |
---|
1827 | if (state->rs == NULL) { |
---|
1828 | syslog(LOG_ERR, "%s: ipv6ns_makersprobe: %m", __func__); |
---|
1829 | return -1; |
---|
1830 | } |
---|
1831 | |
---|
1832 | state->rsprobes = 0; |
---|
1833 | ipv6nd_sendrsprobe(ifp); |
---|
1834 | return 0; |
---|
1835 | } |
---|