1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3 * BSD interface driver for dhcpcd
4 * Copyright (c) 2006-2023 Roy Marples <roy@marples.name>
5 * All rights reserved
6
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <sys/ioctl.h>
30 #include <sys/param.h>
31 #include <sys/socket.h>
32 #include <sys/stat.h>
33 #include <sys/sysctl.h>
34 #include <sys/time.h>
35 #include <sys/types.h>
36 #include <sys/uio.h>
37 #include <sys/utsname.h>
38
39 #include "config.h"
40
41 #include <arpa/inet.h>
42 #include <net/bpf.h>
43 #include <net/if.h>
44 #include <net/if_dl.h>
45 #include <net/if_media.h>
46 #include <net/route.h>
47 #include <netinet/if_ether.h>
48 #include <netinet/in.h>
49 #include <netinet/in_var.h>
50 #include <netinet6/in6_var.h>
51 #include <netinet6/nd6.h>
52 #ifdef __NetBSD__
53 #include <net/if_vlanvar.h> /* Needs netinet/if_ether.h */
54 #elif defined(__DragonFly__)
55 #include <net/vlan/if_vlan_var.h>
56 #else
57 #include <net/if_vlan_var.h>
58 #endif
59 #ifdef __DragonFly__
60 # include <netproto/802_11/ieee80211_ioctl.h>
61 #else
62 # include <net80211/ieee80211.h>
63 # include <net80211/ieee80211_ioctl.h>
64 #endif
65
66 #include <assert.h>
67 #include <errno.h>
68 #include <fcntl.h>
69 #include <fnmatch.h>
70 #include <paths.h>
71 #include <stddef.h>
72 #include <stdio.h>
73 #include <stdlib.h>
74 #include <string.h>
75 #include <unistd.h>
76
77 #if defined(OpenBSD) && OpenBSD >= 201411
78 /* OpenBSD dropped the global setting from sysctl but left the #define
79 * which causes a EPERM error when trying to use it.
80 * I think both the error and keeping the define are wrong, so we #undef it. */
81 #undef IPV6CTL_ACCEPT_RTADV
82 #endif
83
84 #include "common.h"
85 #include "dhcp.h"
86 #include "if.h"
87 #include "if-options.h"
88 #include "ipv4.h"
89 #include "ipv4ll.h"
90 #include "ipv6.h"
91 #include "ipv6nd.h"
92 #include "logerr.h"
93 #include "privsep.h"
94 #include "route.h"
95 #include "sa.h"
96
97 #ifndef RT_ROUNDUP
98 #define RT_ROUNDUP(a) \
99 ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
100 #define RT_ADVANCE(x, n) (x += RT_ROUNDUP((n)->sa_len))
101 #endif
102
103 /* Ignore these interface names which look like ethernet but are virtual or
104 * just won't work without explicit configuration. */
105 static const char * const ifnames_ignore[] = {
106 "bridge",
107 "epair", /* Virtual patch cable */
108 "fwe", /* Firewire */
109 "fwip", /* Firewire */
110 "tap",
111 "vether",
112 "xvif", /* XEN DOM0 -> guest interface */
113 NULL
114 };
115
116 struct rtm
117 {
118 struct rt_msghdr hdr;
119 char buffer[sizeof(struct sockaddr_storage) * RTAX_MAX];
120 };
121
122 int
os_init(void)123 os_init(void)
124 {
125 return 0;
126 }
127
128 int
if_init(__unused struct interface * iface)129 if_init(__unused struct interface *iface)
130 {
131 /* BSD promotes secondary address by default */
132 return 0;
133 }
134
135 int
if_conf(__unused struct interface * iface)136 if_conf(__unused struct interface *iface)
137 {
138 /* No extra checks needed on BSD */
139 return 0;
140 }
141
142 int
if_opensockets_os(struct dhcpcd_ctx * ctx)143 if_opensockets_os(struct dhcpcd_ctx *ctx)
144 {
145 struct priv *priv;
146 int n;
147 #if defined(RO_MSGFILTER) || defined(ROUTE_MSGFILTER)
148 unsigned char msgfilter[] = {
149 RTM_IFINFO,
150 #ifdef RTM_IFANNOUNCE
151 RTM_IFANNOUNCE,
152 #endif
153 RTM_ADD, RTM_CHANGE, RTM_DELETE, RTM_MISS,
154 #ifdef RTM_CHGADDR
155 RTM_CHGADDR,
156 #endif
157 #ifdef RTM_DESYNC
158 RTM_DESYNC,
159 #endif
160 RTM_NEWADDR, RTM_DELADDR
161 };
162 #ifdef ROUTE_MSGFILTER
163 unsigned int i, msgfilter_mask;
164 #endif
165 #endif
166
167 if ((priv = malloc(sizeof(*priv))) == NULL)
168 return -1;
169 ctx->priv = priv;
170
171 #ifdef INET6
172 priv->pf_inet6_fd = xsocket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
173 /* Don't return an error so we at least work on kernels witout INET6
174 * even though we expect INET6 support.
175 * We will fail noisily elsewhere anyway. */
176 #ifdef PRIVSEP_RIGHTS
177 if (priv->pf_inet6_fd != -1 && IN_PRIVSEP(ctx))
178 ps_rights_limit_ioctl(priv->pf_inet6_fd);
179 #endif
180 #endif
181
182 ctx->link_fd = xsocket(PF_ROUTE, SOCK_RAW | SOCK_CXNB, AF_UNSPEC);
183 if (ctx->link_fd == -1)
184 return -1;
185
186 #ifdef SO_RERROR
187 n = 1;
188 if (setsockopt(ctx->link_fd, SOL_SOCKET, SO_RERROR, &n,sizeof(n)) == -1)
189 logerr("%s: SO_RERROR", __func__);
190 #endif
191
192 /* Ignore our own route(4) messages.
193 * Sadly there is no way of doing this for route(4) messages
194 * generated from addresses we add/delete. */
195 n = 0;
196 if (setsockopt(ctx->link_fd, SOL_SOCKET, SO_USELOOPBACK,
197 &n, sizeof(n)) == -1)
198 logerr("%s: SO_USELOOPBACK", __func__);
199
200 #ifdef PRIVSEP
201 if (ctx->options & DHCPCD_PRIVSEPROOT) {
202 /* We only want to write to this socket, so set
203 * a small as possible buffer size. */
204 socklen_t smallbuf = 1;
205
206 if (setsockopt(ctx->link_fd, SOL_SOCKET, SO_RCVBUF,
207 &smallbuf, (socklen_t)sizeof(smallbuf)) == -1)
208 logerr("%s: setsockopt(SO_RCVBUF)", __func__);
209 }
210 #endif
211
212 #if defined(RO_MSGFILTER)
213 if (setsockopt(ctx->link_fd, PF_ROUTE, RO_MSGFILTER,
214 &msgfilter, sizeof(msgfilter)) == -1)
215 logerr(__func__);
216 #elif defined(ROUTE_MSGFILTER)
217 /* Convert the array into a bitmask. */
218 msgfilter_mask = 0;
219 for (i = 0; i < __arraycount(msgfilter); i++)
220 msgfilter_mask |= ROUTE_FILTER(msgfilter[i]);
221 if (setsockopt(ctx->link_fd, PF_ROUTE, ROUTE_MSGFILTER,
222 &msgfilter_mask, sizeof(msgfilter_mask)) == -1)
223 logerr(__func__);
224 #else
225 #warning kernel does not support route message filtering
226 #endif
227
228 #ifdef PRIVSEP_RIGHTS
229 /* We need to getsockopt for SO_RCVBUF and
230 * setsockopt for RO_MISSFILTER. */
231 if (IN_PRIVSEP(ctx))
232 ps_rights_limit_fd_sockopt(ctx->link_fd);
233 #endif
234
235 #if defined(SIOCALIFADDR) && defined(IFLR_ACTIVE) /*NetBSD */
236 priv->pf_link_fd = xsocket(PF_LINK, SOCK_DGRAM, 0);
237 if (priv->pf_link_fd == -1)
238 logerr("%s: socket(PF_LINK)", __func__);
239 #endif
240 return 0;
241 }
242
243 void
if_closesockets_os(struct dhcpcd_ctx * ctx)244 if_closesockets_os(struct dhcpcd_ctx *ctx)
245 {
246 struct priv *priv;
247
248 priv = (struct priv *)ctx->priv;
249 if (priv == NULL)
250 return;
251
252 #ifdef INET6
253 if (priv->pf_inet6_fd != -1) {
254 close(priv->pf_inet6_fd);
255 priv->pf_inet6_fd = -1;
256 }
257 #endif
258 #if defined(SIOCALIFADDR) && defined(IFLR_ACTIVE) /*NetBSD */
259 if (priv->pf_link_fd != -1) {
260 close(priv->pf_link_fd);
261 priv->pf_link_fd = -1;
262 }
263 #endif
264 free(priv);
265 ctx->priv = NULL;
266 free(ctx->rt_missfilter);
267 }
268
269 #if defined(SIOCALIFADDR) && defined(IFLR_ACTIVE) /*NetBSD */
270 static int
if_ioctllink(struct dhcpcd_ctx * ctx,unsigned long req,void * data,size_t len)271 if_ioctllink(struct dhcpcd_ctx *ctx, unsigned long req, void *data, size_t len)
272 {
273 struct priv *priv = (struct priv *)ctx->priv;
274
275 #ifdef PRIVSEP
276 if (ctx->options & DHCPCD_PRIVSEP)
277 return (int)ps_root_ioctllink(ctx, req, data, len);
278 #endif
279
280 return ioctl(priv->pf_link_fd, req, data, len);
281 }
282 #endif
283
284 int
if_setmac(struct interface * ifp,void * mac,uint8_t maclen)285 if_setmac(struct interface *ifp, void *mac, uint8_t maclen)
286 {
287
288 if (ifp->hwlen != maclen) {
289 errno = EINVAL;
290 return -1;
291 }
292
293 #if defined(SIOCALIFADDR) && defined(IFLR_ACTIVE) /*NetBSD */
294 struct if_laddrreq iflr = { .flags = IFLR_ACTIVE };
295 struct sockaddr_dl *sdl = satosdl(&iflr.addr);
296 int retval;
297
298 strlcpy(iflr.iflr_name, ifp->name, sizeof(iflr.iflr_name));
299 sdl->sdl_family = AF_LINK;
300 sdl->sdl_len = sizeof(*sdl);
301 sdl->sdl_alen = maclen;
302 memcpy(LLADDR(sdl), mac, maclen);
303 retval = if_ioctllink(ifp->ctx, SIOCALIFADDR, &iflr, sizeof(iflr));
304
305 /* Try and remove the old address */
306 memcpy(LLADDR(sdl), ifp->hwaddr, ifp->hwlen);
307 if_ioctllink(ifp->ctx, SIOCDLIFADDR, &iflr, sizeof(iflr));
308
309 return retval;
310 #else
311 struct ifreq ifr = {
312 .ifr_addr.sa_family = AF_LINK,
313 .ifr_addr.sa_len = maclen,
314 };
315
316 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
317 memcpy(ifr.ifr_addr.sa_data, mac, maclen);
318 return if_ioctl(ifp->ctx, SIOCSIFLLADDR, &ifr, sizeof(ifr));
319 #endif
320 }
321
322 static bool
if_ignore1(const char * drvname)323 if_ignore1(const char *drvname)
324 {
325 const char * const *p;
326
327 for (p = ifnames_ignore; *p; p++) {
328 if (strcmp(*p, drvname) == 0)
329 return true;
330 }
331 return false;
332 }
333
334 #ifdef SIOCGIFGROUP
335 int
if_ignoregroup(int s,const char * ifname)336 if_ignoregroup(int s, const char *ifname)
337 {
338 struct ifgroupreq ifgr = { .ifgr_len = 0 };
339 struct ifg_req *ifg;
340 size_t ifg_len;
341
342 /* Sadly it is possible to remove the device name
343 * from the interface groups, but hopefully this
344 * will be very unlikely.... */
345
346 strlcpy(ifgr.ifgr_name, ifname, sizeof(ifgr.ifgr_name));
347 if (ioctl(s, SIOCGIFGROUP, &ifgr) == -1 ||
348 (ifgr.ifgr_groups = malloc(ifgr.ifgr_len)) == NULL ||
349 ioctl(s, SIOCGIFGROUP, &ifgr) == -1)
350 {
351 logerr(__func__);
352 return -1;
353 }
354
355 for (ifg = ifgr.ifgr_groups, ifg_len = ifgr.ifgr_len;
356 ifg && ifg_len >= sizeof(*ifg);
357 ifg++, ifg_len -= sizeof(*ifg))
358 {
359 if (if_ignore1(ifg->ifgrq_group))
360 return 1;
361 }
362 return 0;
363 }
364 #endif
365
366 bool
if_ignore(struct dhcpcd_ctx * ctx,const char * ifname)367 if_ignore(struct dhcpcd_ctx *ctx, const char *ifname)
368 {
369 struct if_spec spec;
370
371 if (if_nametospec(ifname, &spec) != 0)
372 return false;
373
374 if (if_ignore1(spec.drvname))
375 return true;
376
377 #ifdef SIOCGIFGROUP
378 #if defined(PRIVSEP) && defined(HAVE_PLEDGE)
379 if (IN_PRIVSEP(ctx))
380 return ps_root_ifignoregroup(ctx, ifname) == 1 ? true : false;
381 #endif
382 else
383 return if_ignoregroup(ctx->pf_inet_fd, ifname) == 1 ?
384 true : false;
385 #else
386 UNUSED(ctx);
387 return false;
388 #endif
389 }
390
if_indirect_ioctl(struct dhcpcd_ctx * ctx,const char * ifname,unsigned long cmd,void * data,size_t len)391 static int if_indirect_ioctl(struct dhcpcd_ctx *ctx,
392 const char *ifname, unsigned long cmd, void *data, size_t len)
393 {
394 struct ifreq ifr = { .ifr_flags = 0 };
395
396 #if defined(PRIVSEP) && (defined(HAVE_CAPSICUM) || defined(HAVE_PLEDGE))
397 if (IN_PRIVSEP(ctx))
398 return (int)ps_root_indirectioctl(ctx, cmd, ifname, data, len);
399 #else
400 UNUSED(len);
401 #endif
402
403 strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
404 ifr.ifr_data = data;
405 return ioctl(ctx->pf_inet_fd, cmd, &ifr);
406 }
407
408 int
if_carrier(struct interface * ifp,const void * ifadata)409 if_carrier(struct interface *ifp, const void *ifadata)
410 {
411 const struct if_data *ifi = ifadata;
412
413 /*
414 * Every BSD returns this and it is the sole source of truth.
415 * Not all BSD's support SIOCGIFDATA and not all interfaces
416 * support SIOCGIFMEDIA.
417 */
418 assert(ifadata != NULL);
419
420 if (ifi->ifi_link_state >= LINK_STATE_UP)
421 return LINK_UP;
422 if (ifi->ifi_link_state == LINK_STATE_UNKNOWN) {
423 /*
424 * Work around net80211 issues in some BSDs.
425 * Wireless MUST support link state change.
426 */
427 if (ifp->wireless)
428 return LINK_DOWN;
429 return LINK_UNKNOWN;
430 }
431 return LINK_DOWN;
432 }
433
434 bool
if_roaming(struct interface * ifp)435 if_roaming(struct interface *ifp)
436 {
437
438 /* Check for NetBSD as a safety measure.
439 * If other BSD's gain IN_IFF_TENTATIVE check they re-do DAD
440 * when the carrier comes up again. */
441 #if defined(IN_IFF_TENTATIVE) && defined(__NetBSD__)
442 return ifp->flags & IFF_UP && ifp->carrier == LINK_DOWN;
443 #else
444 UNUSED(ifp);
445 return false;
446 #endif
447 }
448
449 static void
if_linkaddr(struct sockaddr_dl * sdl,const struct interface * ifp)450 if_linkaddr(struct sockaddr_dl *sdl, const struct interface *ifp)
451 {
452
453 memset(sdl, 0, sizeof(*sdl));
454 sdl->sdl_family = AF_LINK;
455 sdl->sdl_len = sizeof(*sdl);
456 sdl->sdl_nlen = sdl->sdl_alen = sdl->sdl_slen = 0;
457 sdl->sdl_index = (unsigned short)ifp->index;
458 }
459
460 static int
if_getssid1(struct dhcpcd_ctx * ctx,const char * ifname,void * ssid)461 if_getssid1(struct dhcpcd_ctx *ctx, const char *ifname, void *ssid)
462 {
463 int retval = -1;
464 #if defined(SIOCG80211NWID)
465 struct ieee80211_nwid nwid;
466 #elif defined(IEEE80211_IOC_SSID)
467 struct ieee80211req ireq;
468 char nwid[IEEE80211_NWID_LEN];
469 #endif
470
471 #if defined(SIOCG80211NWID) /* NetBSD */
472 memset(&nwid, 0, sizeof(nwid));
473 if (if_indirect_ioctl(ctx, ifname, SIOCG80211NWID,
474 &nwid, sizeof(nwid)) == 0)
475 {
476 if (ssid == NULL)
477 retval = nwid.i_len;
478 else if (nwid.i_len > IF_SSIDLEN)
479 errno = ENOBUFS;
480 else {
481 retval = nwid.i_len;
482 memcpy(ssid, nwid.i_nwid, nwid.i_len);
483 }
484 }
485 #elif defined(IEEE80211_IOC_SSID) /* FreeBSD */
486 memset(&ireq, 0, sizeof(ireq));
487 strlcpy(ireq.i_name, ifname, sizeof(ireq.i_name));
488 ireq.i_type = IEEE80211_IOC_SSID;
489 ireq.i_val = -1;
490 memset(nwid, 0, sizeof(nwid));
491 ireq.i_data = &nwid;
492 if (ioctl(ctx->pf_inet_fd, SIOCG80211, &ireq) == 0) {
493 if (ssid == NULL)
494 retval = ireq.i_len;
495 else if (ireq.i_len > IF_SSIDLEN)
496 errno = ENOBUFS;
497 else {
498 retval = ireq.i_len;
499 memcpy(ssid, nwid, ireq.i_len);
500 }
501 }
502 #else
503 errno = ENOSYS;
504 #endif
505
506 return retval;
507 }
508
509 int
if_getssid(struct interface * ifp)510 if_getssid(struct interface *ifp)
511 {
512 int r;
513
514 r = if_getssid1(ifp->ctx, ifp->name, ifp->ssid);
515 if (r != -1)
516 ifp->ssid_len = (unsigned int)r;
517 else
518 ifp->ssid_len = 0;
519 ifp->ssid[ifp->ssid_len] = '\0';
520 return r;
521 }
522
523 /*
524 * FreeBSD allows for Virtual Access Points
525 * We need to check if the interface is a Virtual Interface Master
526 * and if so, don't use it.
527 * This check is made by virtue of being a IEEE80211 device but
528 * returning the SSID gives an error.
529 */
530 int
if_vimaster(struct dhcpcd_ctx * ctx,const char * ifname)531 if_vimaster(struct dhcpcd_ctx *ctx, const char *ifname)
532 {
533 int r;
534 struct ifmediareq ifmr = { .ifm_active = 0 };
535
536 strlcpy(ifmr.ifm_name, ifname, sizeof(ifmr.ifm_name));
537 r = ioctl(ctx->pf_inet_fd, SIOCGIFMEDIA, &ifmr);
538 if (r == -1)
539 return -1;
540 if (ifmr.ifm_status & IFM_AVALID &&
541 IFM_TYPE(ifmr.ifm_active) == IFM_IEEE80211)
542 {
543 if (if_getssid1(ctx, ifname, NULL) == -1)
544 return 1;
545 }
546 return 0;
547 }
548
549 unsigned short
if_vlanid(const struct interface * ifp)550 if_vlanid(const struct interface *ifp)
551 {
552 #ifdef SIOCGETVLAN
553 struct vlanreq vlr = { .vlr_tag = 0 };
554
555 if (if_indirect_ioctl(ifp->ctx, ifp->name, SIOCGETVLAN,
556 &vlr, sizeof(vlr)) != 0)
557 return 0; /* 0 means no VLANID */
558 return vlr.vlr_tag;
559 #elif defined(SIOCGVNETID)
560 struct ifreq ifr = { .ifr_vnetid = 0 };
561
562 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
563 if (ioctl(ifp->ctx->pf_inet_fd, SIOCGVNETID, &ifr) != 0)
564 return 0; /* 0 means no VLANID */
565 return ifr.ifr_vnetid;
566 #else
567 UNUSED(ifp);
568 return 0; /* 0 means no VLANID */
569 #endif
570 }
571
572 static int
get_addrs(int type,const void * data,size_t data_len,const struct sockaddr ** sa)573 get_addrs(int type, const void *data, size_t data_len,
574 const struct sockaddr **sa)
575 {
576 const char *cp, *ep;
577 int i;
578
579 cp = data;
580 ep = cp + data_len;
581 for (i = 0; i < RTAX_MAX; i++) {
582 if (type & (1 << i)) {
583 if (cp >= ep) {
584 errno = EINVAL;
585 return -1;
586 }
587 sa[i] = (const struct sockaddr *)cp;
588 RT_ADVANCE(cp, sa[i]);
589 } else
590 sa[i] = NULL;
591 }
592
593 return 0;
594 }
595
596 static struct interface *
if_findsdl(struct dhcpcd_ctx * ctx,const struct sockaddr_dl * sdl)597 if_findsdl(struct dhcpcd_ctx *ctx, const struct sockaddr_dl *sdl)
598 {
599
600 if (sdl->sdl_index)
601 return if_findindex(ctx->ifaces, sdl->sdl_index);
602
603 if (sdl->sdl_nlen) {
604 char ifname[IF_NAMESIZE];
605
606 memcpy(ifname, sdl->sdl_data, sdl->sdl_nlen);
607 ifname[sdl->sdl_nlen] = '\0';
608 return if_find(ctx->ifaces, ifname);
609 }
610 if (sdl->sdl_alen) {
611 struct interface *ifp;
612
613 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
614 if (ifp->hwlen == sdl->sdl_alen &&
615 memcmp(ifp->hwaddr,
616 sdl->sdl_data, sdl->sdl_alen) == 0)
617 return ifp;
618 }
619 }
620
621 errno = ENOENT;
622 return NULL;
623 }
624
625 static struct interface *
if_findsa(struct dhcpcd_ctx * ctx,const struct sockaddr * sa)626 if_findsa(struct dhcpcd_ctx *ctx, const struct sockaddr *sa)
627 {
628 if (sa == NULL) {
629 errno = EINVAL;
630 return NULL;
631 }
632
633 switch (sa->sa_family) {
634 case AF_LINK:
635 {
636 const struct sockaddr_dl *sdl;
637
638 sdl = (const void *)sa;
639 return if_findsdl(ctx, sdl);
640 }
641 #ifdef INET
642 case AF_INET:
643 {
644 const struct sockaddr_in *sin;
645 struct ipv4_addr *ia;
646
647 sin = (const void *)sa;
648 if ((ia = ipv4_findmaskaddr(ctx, &sin->sin_addr)))
649 return ia->iface;
650 if ((ia = ipv4_findmaskbrd(ctx, &sin->sin_addr)))
651 return ia->iface;
652 break;
653 }
654 #endif
655 #ifdef INET6
656 case AF_INET6:
657 {
658 const struct sockaddr_in6 *sin;
659 unsigned int scope;
660 struct ipv6_addr *ia;
661
662 sin = (const void *)sa;
663 scope = ipv6_getscope(sin);
664 if (scope != 0)
665 return if_findindex(ctx->ifaces, scope);
666 if ((ia = ipv6_findmaskaddr(ctx, &sin->sin6_addr)))
667 return ia->iface;
668 break;
669 }
670 #endif
671 default:
672 errno = EAFNOSUPPORT;
673 return NULL;
674 }
675
676 errno = ENOENT;
677 return NULL;
678 }
679
680 static void
if_copysa(struct sockaddr * dst,const struct sockaddr * src)681 if_copysa(struct sockaddr *dst, const struct sockaddr *src)
682 {
683
684 assert(dst != NULL);
685 assert(src != NULL);
686
687 memcpy(dst, src, src->sa_len);
688 #if defined(INET6) && defined(__KAME__)
689 if (dst->sa_family == AF_INET6) {
690 struct in6_addr *in6;
691
692 in6 = &satosin6(dst)->sin6_addr;
693 if (IN6_IS_ADDR_LINKLOCAL(in6))
694 in6->s6_addr[2] = in6->s6_addr[3] = '\0';
695 }
696 #endif
697 }
698
699 int
if_route(unsigned char cmd,const struct rt * rt)700 if_route(unsigned char cmd, const struct rt *rt)
701 {
702 struct dhcpcd_ctx *ctx;
703 struct rtm rtmsg;
704 struct rt_msghdr *rtm = &rtmsg.hdr;
705 char *bp = rtmsg.buffer;
706 struct sockaddr_dl sdl;
707 bool gateway_unspec;
708
709 assert(rt != NULL);
710 assert(rt->rt_ifp != NULL);
711 assert(rt->rt_ifp->ctx != NULL);
712 ctx = rt->rt_ifp->ctx;
713
714 #define ADDSA(sa) do { \
715 memcpy(bp, (sa), (sa)->sa_len); \
716 bp += RT_ROUNDUP((sa)->sa_len); \
717 } while (0 /* CONSTCOND */)
718
719 memset(&rtmsg, 0, sizeof(rtmsg));
720 rtm->rtm_version = RTM_VERSION;
721 rtm->rtm_type = cmd;
722 #ifdef __OpenBSD__
723 rtm->rtm_pid = getpid();
724 #endif
725 rtm->rtm_seq = ++ctx->seq;
726 rtm->rtm_flags = (int)rt->rt_flags;
727 rtm->rtm_addrs = RTA_DST;
728 #ifdef RTF_PINNED
729 if (cmd != RTM_ADD)
730 rtm->rtm_flags |= RTF_PINNED;
731 #endif
732
733 gateway_unspec = sa_is_unspecified(&rt->rt_gateway);
734
735 if (cmd == RTM_ADD || cmd == RTM_CHANGE) {
736 bool netmask_bcast = sa_is_allones(&rt->rt_netmask);
737
738 rtm->rtm_flags |= RTF_UP;
739 rtm->rtm_addrs |= RTA_GATEWAY;
740 if (!(rtm->rtm_flags & RTF_REJECT) &&
741 !sa_is_loopback(&rt->rt_gateway))
742 {
743 rtm->rtm_index = (unsigned short)rt->rt_ifp->index;
744 /*
745 * OpenBSD rejects the message for on-link routes.
746 * FreeBSD-12 kernel apparently panics.
747 * I can't replicate the panic, but better safe than sorry!
748 * https://roy.marples.name/archives/dhcpcd-discuss/0002286.html
749 *
750 * Neither OS currently allows IPv6 address sharing anyway, so let's
751 * try to encourage someone to fix that by logging a waring during compile.
752 */
753 #if defined(__FreeBSD__) || defined(__OpenBSD__)
754 #warning kernel does not allow IPv6 address sharing
755 if (!gateway_unspec || rt->rt_dest.sa_family!=AF_INET6)
756 #endif
757 rtm->rtm_addrs |= RTA_IFP;
758 if (!sa_is_unspecified(&rt->rt_ifa))
759 rtm->rtm_addrs |= RTA_IFA;
760 }
761 if (netmask_bcast)
762 rtm->rtm_flags |= RTF_HOST;
763 /* Network routes are cloning or connected if supported.
764 * All other routes are static. */
765 if (gateway_unspec) {
766 #ifdef RTF_CLONING
767 rtm->rtm_flags |= RTF_CLONING;
768 #endif
769 #ifdef RTF_CONNECTED
770 rtm->rtm_flags |= RTF_CONNECTED;
771 #endif
772 #ifdef RTP_CONNECTED
773 rtm->rtm_priority = RTP_CONNECTED;
774 #endif
775 #ifdef RTF_CLONING
776 if (netmask_bcast) {
777 /*
778 * We add a cloning network route for a single
779 * host. Traffic to the host will generate a
780 * cloned route and the hardware address will
781 * resolve correctly.
782 * It might be more correct to use RTF_HOST
783 * instead of RTF_CLONING, and that does work,
784 * but some OS generate an arp warning
785 * diagnostic which we don't want to do.
786 */
787 rtm->rtm_flags &= ~RTF_HOST;
788 }
789 #endif
790 } else
791 rtm->rtm_flags |= RTF_GATEWAY;
792
793 if (rt->rt_dflags & RTDF_STATIC)
794 rtm->rtm_flags |= RTF_STATIC;
795
796 if (rt->rt_mtu != 0) {
797 rtm->rtm_inits |= RTV_MTU;
798 rtm->rtm_rmx.rmx_mtu = rt->rt_mtu;
799 }
800 }
801
802 if (!(rtm->rtm_flags & RTF_HOST))
803 rtm->rtm_addrs |= RTA_NETMASK;
804
805 if_linkaddr(&sdl, rt->rt_ifp);
806
807 ADDSA(&rt->rt_dest);
808
809 if (rtm->rtm_addrs & RTA_GATEWAY) {
810 if (gateway_unspec)
811 ADDSA((struct sockaddr *)&sdl);
812 else {
813 union sa_ss gateway;
814
815 if_copysa(&gateway.sa, &rt->rt_gateway);
816 #ifdef INET6
817 if (gateway.sa.sa_family == AF_INET6)
818 ipv6_setscope(&gateway.sin6, rt->rt_ifp->index);
819 #endif
820 ADDSA(&gateway.sa);
821 }
822 }
823
824 if (rtm->rtm_addrs & RTA_NETMASK)
825 ADDSA(&rt->rt_netmask);
826
827 if (rtm->rtm_addrs & RTA_IFP)
828 ADDSA((struct sockaddr *)&sdl);
829
830 if (rtm->rtm_addrs & RTA_IFA)
831 ADDSA(&rt->rt_ifa);
832
833 #undef ADDSA
834
835 rtm->rtm_msglen = (unsigned short)(bp - (char *)rtm);
836
837 #ifdef PRIVSEP
838 if (ctx->options & DHCPCD_PRIVSEP) {
839 if (ps_root_route(ctx, rtm, rtm->rtm_msglen) == -1)
840 return -1;
841 return 0;
842 }
843 #endif
844 if (write(ctx->link_fd, rtm, rtm->rtm_msglen) == -1)
845 return -1;
846 return 0;
847 }
848
849 static bool
if_realroute(const struct rt_msghdr * rtm)850 if_realroute(const struct rt_msghdr *rtm)
851 {
852
853 #ifdef RTF_CLONED
854 if (rtm->rtm_flags & RTF_CLONED)
855 return false;
856 #endif
857 #ifdef RTF_WASCLONED
858 if (rtm->rtm_flags & RTF_WASCLONED)
859 return false;
860 #endif
861 #ifdef RTF_LOCAL
862 if (rtm->rtm_flags & RTF_LOCAL)
863 return false;
864 #endif
865 #ifdef RTF_BROADCAST
866 if (rtm->rtm_flags & RTF_BROADCAST)
867 return false;
868 #endif
869 return true;
870 }
871
872 static int
if_copyrt(struct dhcpcd_ctx * ctx,struct rt * rt,const struct rt_msghdr * rtm)873 if_copyrt(struct dhcpcd_ctx *ctx, struct rt *rt, const struct rt_msghdr *rtm)
874 {
875 const struct sockaddr *rti_info[RTAX_MAX];
876
877 if (!(rtm->rtm_addrs & RTA_DST)) {
878 errno = EINVAL;
879 return -1;
880 }
881 if (rtm->rtm_type != RTM_MISS && !(rtm->rtm_addrs & RTA_GATEWAY)) {
882 errno = EINVAL;
883 return -1;
884 }
885
886 if (get_addrs(rtm->rtm_addrs, (const char *)rtm + sizeof(*rtm),
887 rtm->rtm_msglen - sizeof(*rtm), rti_info) == -1)
888 return -1;
889 memset(rt, 0, sizeof(*rt));
890
891 rt->rt_flags = (unsigned int)rtm->rtm_flags;
892 if_copysa(&rt->rt_dest, rti_info[RTAX_DST]);
893 if (rtm->rtm_addrs & RTA_NETMASK) {
894 if_copysa(&rt->rt_netmask, rti_info[RTAX_NETMASK]);
895 if (rt->rt_netmask.sa_family == 255) /* Why? */
896 rt->rt_netmask.sa_family = rt->rt_dest.sa_family;
897 }
898
899 /* dhcpcd likes an unspecified gateway to indicate via the link.
900 * However we need to know if gateway was a link with an address. */
901 if (rtm->rtm_addrs & RTA_GATEWAY) {
902 if (rti_info[RTAX_GATEWAY]->sa_family == AF_LINK) {
903 const struct sockaddr_dl *sdl;
904
905 sdl = (const struct sockaddr_dl*)
906 (const void *)rti_info[RTAX_GATEWAY];
907 if (sdl->sdl_alen != 0)
908 rt->rt_dflags |= RTDF_GATELINK;
909 } else if (rtm->rtm_flags & RTF_GATEWAY)
910 if_copysa(&rt->rt_gateway, rti_info[RTAX_GATEWAY]);
911 }
912
913 if (rtm->rtm_addrs & RTA_IFA)
914 if_copysa(&rt->rt_ifa, rti_info[RTAX_IFA]);
915
916 rt->rt_mtu = (unsigned int)rtm->rtm_rmx.rmx_mtu;
917
918 if (rtm->rtm_index)
919 rt->rt_ifp = if_findindex(ctx->ifaces, rtm->rtm_index);
920 else if (rtm->rtm_addrs & RTA_IFP)
921 rt->rt_ifp = if_findsa(ctx, rti_info[RTAX_IFP]);
922 else if (rtm->rtm_addrs & RTA_GATEWAY)
923 rt->rt_ifp = if_findsa(ctx, rti_info[RTAX_GATEWAY]);
924 else
925 rt->rt_ifp = if_findsa(ctx, rti_info[RTAX_DST]);
926
927 if (rt->rt_ifp == NULL && rtm->rtm_type == RTM_MISS)
928 rt->rt_ifp = if_find(ctx->ifaces, "lo0");
929
930 if (rt->rt_ifp == NULL) {
931 errno = ESRCH;
932 return -1;
933 }
934 return 0;
935 }
936
937 static int
if_sysctl(struct dhcpcd_ctx * ctx,const int * name,u_int namelen,void * oldp,size_t * oldlenp,void * newp,size_t newlen)938 if_sysctl(struct dhcpcd_ctx *ctx,
939 const int *name, u_int namelen,
940 void *oldp, size_t *oldlenp, void *newp, size_t newlen)
941 {
942 #if defined(PRIVSEP) && defined(HAVE_CAPSICUM)
943 if (IN_PRIVSEP(ctx))
944 return (int)ps_root_sysctl(ctx, name, namelen,
945 oldp, oldlenp, newp, newlen);
946 #else
947 UNUSED(ctx);
948 #endif
949
950 return sysctl(name, namelen, oldp, oldlenp, newp, newlen);
951 }
952
953 int
if_initrt(struct dhcpcd_ctx * ctx,rb_tree_t * kroutes,int af)954 if_initrt(struct dhcpcd_ctx *ctx, rb_tree_t *kroutes, int af)
955 {
956 struct rt_msghdr *rtm;
957 int mib[6] = { CTL_NET, PF_ROUTE, 0, af, NET_RT_DUMP, 0 };
958 size_t bufl;
959 char *buf, *p, *end;
960 struct rt rt, *rtn;
961
962 if (if_sysctl(ctx, mib, __arraycount(mib), NULL, &bufl, NULL, 0) == -1)
963 return -1;
964 if (bufl == 0)
965 return 0;
966 if ((buf = malloc(bufl)) == NULL)
967 return -1;
968 if (if_sysctl(ctx, mib, __arraycount(mib), buf, &bufl, NULL, 0) == -1)
969 {
970 free(buf);
971 return -1;
972 }
973
974 end = buf + bufl;
975 for (p = buf; p < end; p += rtm->rtm_msglen) {
976 rtm = (void *)p;
977 if (p + sizeof(*rtm) > end || p + rtm->rtm_msglen > end) {
978 errno = EINVAL;
979 break;
980 }
981 if (!if_realroute(rtm))
982 continue;
983 if (if_copyrt(ctx, &rt, rtm) != 0)
984 continue;
985 if ((rtn = rt_new(rt.rt_ifp)) == NULL) {
986 logerr(__func__);
987 break;
988 }
989 memcpy(rtn, &rt, sizeof(*rtn));
990 if (rb_tree_insert_node(kroutes, rtn) != rtn)
991 rt_free(rtn);
992 }
993 free(buf);
994 return p == end ? 0 : -1;
995 }
996
997 #ifdef INET
998 int
if_address(unsigned char cmd,const struct ipv4_addr * ia)999 if_address(unsigned char cmd, const struct ipv4_addr *ia)
1000 {
1001 int r;
1002 struct in_aliasreq ifra;
1003 struct dhcpcd_ctx *ctx = ia->iface->ctx;
1004
1005 memset(&ifra, 0, sizeof(ifra));
1006 strlcpy(ifra.ifra_name, ia->iface->name, sizeof(ifra.ifra_name));
1007
1008 #define ADDADDR(var, addr) do { \
1009 (var)->sin_family = AF_INET; \
1010 (var)->sin_len = sizeof(*(var)); \
1011 (var)->sin_addr = *(addr); \
1012 } while (/*CONSTCOND*/0)
1013 ADDADDR(&ifra.ifra_addr, &ia->addr);
1014 ADDADDR(&ifra.ifra_mask, &ia->mask);
1015 if (cmd == RTM_NEWADDR && ia->brd.s_addr != INADDR_ANY)
1016 ADDADDR(&ifra.ifra_broadaddr, &ia->brd);
1017 #undef ADDADDR
1018
1019 r = if_ioctl(ctx,
1020 cmd == RTM_DELADDR ? SIOCDIFADDR : SIOCAIFADDR, &ifra,sizeof(ifra));
1021 return r;
1022 }
1023
1024 #if !(defined(HAVE_IFADDRS_ADDRFLAGS) && defined(HAVE_IFAM_ADDRFLAGS))
1025 int
if_addrflags(const struct interface * ifp,const struct in_addr * addr,__unused const char * alias)1026 if_addrflags(const struct interface *ifp, const struct in_addr *addr,
1027 __unused const char *alias)
1028 {
1029 #ifdef SIOCGIFAFLAG_IN
1030 struct ifreq ifr;
1031 struct sockaddr_in *sin;
1032
1033 memset(&ifr, 0, sizeof(ifr));
1034 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
1035 sin = (void *)&ifr.ifr_addr;
1036 sin->sin_family = AF_INET;
1037 sin->sin_addr = *addr;
1038 if (ioctl(ifp->ctx->pf_inet_fd, SIOCGIFAFLAG_IN, &ifr) == -1)
1039 return -1;
1040 return ifr.ifr_addrflags;
1041 #else
1042 UNUSED(ifp);
1043 UNUSED(addr);
1044 return 0;
1045 #endif
1046 }
1047 #endif
1048 #endif /* INET */
1049
1050 #ifdef INET6
1051 static int
if_ioctl6(struct dhcpcd_ctx * ctx,unsigned long req,void * data,size_t len)1052 if_ioctl6(struct dhcpcd_ctx *ctx, unsigned long req, void *data, size_t len)
1053 {
1054 struct priv *priv;
1055
1056 #ifdef PRIVSEP
1057 if (ctx->options & DHCPCD_PRIVSEP)
1058 return (int)ps_root_ioctl6(ctx, req, data, len);
1059 #endif
1060
1061 priv = ctx->priv;
1062 return ioctl(priv->pf_inet6_fd, req, data, len);
1063 }
1064
1065 int
if_address6(unsigned char cmd,const struct ipv6_addr * ia)1066 if_address6(unsigned char cmd, const struct ipv6_addr *ia)
1067 {
1068 struct in6_aliasreq ifa = { .ifra_flags = 0 };
1069 struct in6_addr mask;
1070 struct dhcpcd_ctx *ctx = ia->iface->ctx;
1071
1072 strlcpy(ifa.ifra_name, ia->iface->name, sizeof(ifa.ifra_name));
1073 #if defined(__FreeBSD__) || defined(__DragonFly__)
1074 /* This is a bug - the kernel should work this out. */
1075 if (ia->addr_flags & IN6_IFF_TENTATIVE)
1076 ifa.ifra_flags |= IN6_IFF_TENTATIVE;
1077 #endif
1078 #if (defined(__NetBSD__) || defined(__OpenBSD__)) && \
1079 (defined(IPV6CTL_ACCEPT_RTADV) || defined(ND6_IFF_ACCEPT_RTADV))
1080 /* These kernels don't accept userland setting IN6_IFF_AUTOCONF */
1081 #else
1082 if (ia->flags & IPV6_AF_AUTOCONF)
1083 ifa.ifra_flags |= IN6_IFF_AUTOCONF;
1084 #endif
1085 #ifdef IPV6_MANAGETEMPADDR
1086 if (ia->flags & IPV6_AF_TEMPORARY)
1087 ifa.ifra_flags |= IN6_IFF_TEMPORARY;
1088 #endif
1089
1090 #define ADDADDR(v, addr) { \
1091 (v)->sin6_family = AF_INET6; \
1092 (v)->sin6_len = sizeof(*v); \
1093 (v)->sin6_addr = *(addr); \
1094 }
1095
1096 ADDADDR(&ifa.ifra_addr, &ia->addr);
1097 ipv6_setscope(&ifa.ifra_addr, ia->iface->index);
1098 ipv6_mask(&mask, ia->prefix_len);
1099 ADDADDR(&ifa.ifra_prefixmask, &mask);
1100
1101 #undef ADDADDR
1102
1103 /*
1104 * Every BSD kernel wants to add the prefix of the address to it's
1105 * list of RA received prefixes.
1106 * THIS IS WRONG because there (as the comments in the kernel state)
1107 * is no API for managing prefix lifetime and the kernel should not
1108 * pretend it's from a RA either.
1109 *
1110 * The issue is that the very first assigned prefix will inherit the
1111 * lifetime of the address, but any subsequent alteration of the
1112 * address OR it's lifetime will not affect the prefix lifetime.
1113 * As such, we cannot stop the prefix from timing out and then
1114 * constantly removing the prefix route dhcpcd is capable of adding
1115 * in it's absense.
1116 *
1117 * What we can do to mitigate the issue is to add the address with
1118 * infinite lifetimes, so the prefix route will never time out.
1119 * Once done, we can then set lifetimes on the address and all is good.
1120 * The downside of this approach is that we need to manually remove
1121 * the kernel route because it has no lifetime, but this is OK as
1122 * dhcpcd will handle this too.
1123 *
1124 * This issue is discussed on the NetBSD mailing lists here:
1125 * http://mail-index.netbsd.org/tech-net/2016/08/05/msg006044.html
1126 *
1127 * Fixed in NetBSD-7.99.36
1128 * NOT fixed in FreeBSD - bug 195197
1129 * Fixed in OpenBSD-5.9
1130 */
1131
1132 #if !((defined(__NetBSD_Version__) && __NetBSD_Version__ >= 799003600) || \
1133 (defined(__OpenBSD__) && OpenBSD >= 201605))
1134 if (cmd == RTM_NEWADDR && !(ia->flags & IPV6_AF_ADDED)) {
1135 ifa.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
1136 ifa.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
1137 (void)if_ioctl6(ctx, SIOCAIFADDR_IN6, &ifa, sizeof(ifa));
1138 }
1139 #endif
1140
1141 #if defined(__OpenBSD__) && OpenBSD <= 201705
1142 /* BUT OpenBSD older than 6.2 does not reset the address lifetime
1143 * for subsequent calls...
1144 * Luckily dhcpcd will remove the lease when it expires so
1145 * just set an infinite lifetime, unless a temporary address. */
1146 if (ifa.ifra_flags & IN6_IFF_PRIVACY) {
1147 ifa.ifra_lifetime.ia6t_vltime = ia->prefix_vltime;
1148 ifa.ifra_lifetime.ia6t_pltime = ia->prefix_pltime;
1149 } else {
1150 ifa.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
1151 ifa.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
1152 }
1153 #else
1154 ifa.ifra_lifetime.ia6t_vltime = ia->prefix_vltime;
1155 ifa.ifra_lifetime.ia6t_pltime = ia->prefix_pltime;
1156 #endif
1157
1158 return if_ioctl6(ctx,
1159 cmd == RTM_DELADDR ? SIOCDIFADDR_IN6 : SIOCAIFADDR_IN6,
1160 &ifa, sizeof(ifa));
1161 }
1162
1163 int
if_addrflags6(const struct interface * ifp,const struct in6_addr * addr,__unused const char * alias)1164 if_addrflags6(const struct interface *ifp, const struct in6_addr *addr,
1165 __unused const char *alias)
1166 {
1167 int flags;
1168 struct in6_ifreq ifr6;
1169 struct priv *priv;
1170
1171 memset(&ifr6, 0, sizeof(ifr6));
1172 strlcpy(ifr6.ifr_name, ifp->name, sizeof(ifr6.ifr_name));
1173 ifr6.ifr_addr.sin6_family = AF_INET6;
1174 ifr6.ifr_addr.sin6_addr = *addr;
1175 ipv6_setscope(&ifr6.ifr_addr, ifp->index);
1176 priv = (struct priv *)ifp->ctx->priv;
1177 if (ioctl(priv->pf_inet6_fd, SIOCGIFAFLAG_IN6, &ifr6) != -1)
1178 flags = ifr6.ifr_ifru.ifru_flags6;
1179 else
1180 flags = -1;
1181 return flags;
1182 }
1183
1184 int
if_getlifetime6(struct ipv6_addr * ia)1185 if_getlifetime6(struct ipv6_addr *ia)
1186 {
1187 struct in6_ifreq ifr6;
1188 time_t t;
1189 struct in6_addrlifetime *lifetime;
1190 struct priv *priv;
1191
1192 memset(&ifr6, 0, sizeof(ifr6));
1193 strlcpy(ifr6.ifr_name, ia->iface->name, sizeof(ifr6.ifr_name));
1194 ifr6.ifr_addr.sin6_family = AF_INET6;
1195 ifr6.ifr_addr.sin6_addr = ia->addr;
1196 ipv6_setscope(&ifr6.ifr_addr, ia->iface->index);
1197 priv = (struct priv *)ia->iface->ctx->priv;
1198 if (ioctl(priv->pf_inet6_fd, SIOCGIFALIFETIME_IN6, &ifr6) == -1)
1199 return -1;
1200 clock_gettime(CLOCK_MONOTONIC, &ia->created);
1201
1202 #if defined(__FreeBSD__) || defined(__DragonFly__)
1203 t = ia->created.tv_sec;
1204 #else
1205 t = time(NULL);
1206 #endif
1207
1208 lifetime = &ifr6.ifr_ifru.ifru_lifetime;
1209 if (lifetime->ia6t_preferred)
1210 ia->prefix_pltime = (uint32_t)(lifetime->ia6t_preferred -
1211 MIN(t, lifetime->ia6t_preferred));
1212 else
1213 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1214 if (lifetime->ia6t_expire) {
1215 ia->prefix_vltime = (uint32_t)(lifetime->ia6t_expire -
1216 MIN(t, lifetime->ia6t_expire));
1217 /* Calculate the created time */
1218 ia->created.tv_sec -= lifetime->ia6t_vltime - ia->prefix_vltime;
1219 } else
1220 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1221 return 0;
1222 }
1223 #endif
1224
1225 static int
if_announce(struct dhcpcd_ctx * ctx,const struct if_announcemsghdr * ifan)1226 if_announce(struct dhcpcd_ctx *ctx, const struct if_announcemsghdr *ifan)
1227 {
1228
1229 if (ifan->ifan_msglen < sizeof(*ifan)) {
1230 errno = EINVAL;
1231 return -1;
1232 }
1233
1234 switch(ifan->ifan_what) {
1235 case IFAN_ARRIVAL:
1236 return dhcpcd_handleinterface(ctx, 1, ifan->ifan_name);
1237 case IFAN_DEPARTURE:
1238 return dhcpcd_handleinterface(ctx, -1, ifan->ifan_name);
1239 }
1240
1241 return 0;
1242 }
1243
1244 static int
if_ifinfo(struct dhcpcd_ctx * ctx,const struct if_msghdr * ifm)1245 if_ifinfo(struct dhcpcd_ctx *ctx, const struct if_msghdr *ifm)
1246 {
1247 struct interface *ifp;
1248 int link_state;
1249
1250 if (ifm->ifm_msglen < sizeof(*ifm)) {
1251 errno = EINVAL;
1252 return -1;
1253 }
1254
1255 if ((ifp = if_findindex(ctx->ifaces, ifm->ifm_index)) == NULL)
1256 return 0;
1257
1258 link_state = if_carrier(ifp, &ifm->ifm_data);
1259 dhcpcd_handlecarrier(ifp, link_state, (unsigned int)ifm->ifm_flags);
1260 return 0;
1261 }
1262
1263 static int
if_rtm(struct dhcpcd_ctx * ctx,const struct rt_msghdr * rtm)1264 if_rtm(struct dhcpcd_ctx *ctx, const struct rt_msghdr *rtm)
1265 {
1266 struct rt rt;
1267
1268 if (rtm->rtm_msglen < sizeof(*rtm)) {
1269 errno = EINVAL;
1270 return -1;
1271 }
1272
1273 /* Ignore errors. */
1274 if (rtm->rtm_errno != 0)
1275 return 0;
1276
1277 /* Ignore messages from ourself. */
1278 #ifdef PRIVSEP
1279 if (ctx->ps_root != NULL) {
1280 if (rtm->rtm_pid == ctx->ps_root->psp_pid)
1281 return 0;
1282 }
1283 #endif
1284
1285 if (if_copyrt(ctx, &rt, rtm) == -1)
1286 return errno == ENOTSUP ? 0 : -1;
1287
1288 #ifdef INET6
1289 /*
1290 * BSD announces host routes.
1291 * As such, we should be notified of reachability by its
1292 * existance with a hardware address.
1293 * Ensure we don't call this for a newly incomplete state.
1294 */
1295 if (rt.rt_dest.sa_family == AF_INET6 &&
1296 (rt.rt_flags & RTF_HOST || rtm->rtm_type == RTM_MISS) &&
1297 !(rtm->rtm_type == RTM_ADD && !(rt.rt_dflags & RTDF_GATELINK)))
1298 {
1299 bool reachable;
1300
1301 reachable = (rtm->rtm_type == RTM_ADD ||
1302 rtm->rtm_type == RTM_CHANGE) &&
1303 rt.rt_dflags & RTDF_GATELINK;
1304 ipv6nd_neighbour(ctx, &rt.rt_ss_dest.sin6.sin6_addr, reachable);
1305 }
1306 #endif
1307
1308 if (rtm->rtm_type != RTM_MISS && if_realroute(rtm))
1309 rt_recvrt(rtm->rtm_type, &rt, rtm->rtm_pid);
1310 return 0;
1311 }
1312
1313 static int
if_ifa(struct dhcpcd_ctx * ctx,const struct ifa_msghdr * ifam)1314 if_ifa(struct dhcpcd_ctx *ctx, const struct ifa_msghdr *ifam)
1315 {
1316 struct interface *ifp;
1317 const struct sockaddr *rti_info[RTAX_MAX];
1318 int flags;
1319 pid_t pid;
1320
1321 if (ifam->ifam_msglen < sizeof(*ifam)) {
1322 errno = EINVAL;
1323 return -1;
1324 }
1325
1326 #ifdef HAVE_IFAM_PID
1327 /* Ignore address deletions from ourself.
1328 * We need to process address flag changes though. */
1329 if (ifam->ifam_type == RTM_DELADDR) {
1330 #ifdef PRIVSEP
1331 if (ctx->ps_root != NULL) {
1332 if (ifam->ifam_pid == ctx->ps_root->psp_pid)
1333 return 0;
1334 } else
1335 #endif
1336 /* address management is done via ioctl,
1337 * so SO_USELOOPBACK has no effect,
1338 * so we do need to check the pid. */
1339 if (ifam->ifam_pid == getpid())
1340 return 0;
1341 }
1342 pid = ifam->ifam_pid;
1343 #else
1344 pid = 0;
1345 #endif
1346
1347 if (~ifam->ifam_addrs & RTA_IFA)
1348 return 0;
1349 if ((ifp = if_findindex(ctx->ifaces, ifam->ifam_index)) == NULL)
1350 return 0;
1351
1352 if (get_addrs(ifam->ifam_addrs, (const char *)ifam + sizeof(*ifam),
1353 ifam->ifam_msglen - sizeof(*ifam), rti_info) == -1)
1354 return -1;
1355
1356 /* All BSD's set IFF_UP on the interface when adding an address.
1357 * But not all BSD's emit this via RTM_IFINFO when they do this ... */
1358 if (ifam->ifam_type == RTM_NEWADDR && !(ifp->flags & IFF_UP))
1359 dhcpcd_handlecarrier(ifp, ifp->carrier, ifp->flags | IFF_UP);
1360
1361 switch (rti_info[RTAX_IFA]->sa_family) {
1362 case AF_LINK:
1363 {
1364 struct sockaddr_dl sdl;
1365
1366 #ifdef RTM_CHGADDR
1367 if (ifam->ifam_type != RTM_CHGADDR)
1368 break;
1369 #else
1370 if (ifam->ifam_type != RTM_NEWADDR)
1371 break;
1372 #endif
1373 memcpy(&sdl, rti_info[RTAX_IFA], rti_info[RTAX_IFA]->sa_len);
1374 dhcpcd_handlehwaddr(ifp, ifp->hwtype,
1375 CLLADDR(&sdl), sdl.sdl_alen);
1376 break;
1377 }
1378 #ifdef INET
1379 case AF_INET:
1380 case 255: /* FIXME: Why 255? */
1381 {
1382 const struct sockaddr_in *sin;
1383 struct in_addr addr, mask, bcast;
1384
1385 sin = (const void *)rti_info[RTAX_IFA];
1386 addr.s_addr = sin != NULL && sin->sin_family == AF_INET ?
1387 sin->sin_addr.s_addr : INADDR_ANY;
1388 sin = (const void *)rti_info[RTAX_NETMASK];
1389 mask.s_addr = sin != NULL && sin->sin_family == AF_INET ?
1390 sin->sin_addr.s_addr : INADDR_ANY;
1391 sin = (const void *)rti_info[RTAX_BRD];
1392 bcast.s_addr = sin != NULL && sin->sin_family == AF_INET ?
1393 sin->sin_addr.s_addr : INADDR_ANY;
1394
1395 /*
1396 * NetBSD-7 and older send an invalid broadcast address.
1397 * So we need to query the actual address to get
1398 * the right one.
1399 * We can also use this to test if the address
1400 * has really been added or deleted.
1401 */
1402 #ifdef SIOCGIFALIAS
1403 struct in_aliasreq ifra;
1404
1405 memset(&ifra, 0, sizeof(ifra));
1406 strlcpy(ifra.ifra_name, ifp->name, sizeof(ifra.ifra_name));
1407 ifra.ifra_addr.sin_family = AF_INET;
1408 ifra.ifra_addr.sin_len = sizeof(ifra.ifra_addr);
1409 ifra.ifra_addr.sin_addr = addr;
1410 if (ioctl(ctx->pf_inet_fd, SIOCGIFALIAS, &ifra) == -1) {
1411 if (errno != ENXIO && errno != EADDRNOTAVAIL)
1412 logerr("%s: SIOCGIFALIAS", __func__);
1413 if (ifam->ifam_type != RTM_DELADDR)
1414 break;
1415 } else {
1416 if (ifam->ifam_type == RTM_DELADDR)
1417 break;
1418 #if defined(__NetBSD_Version__) && __NetBSD_Version__ < 800000000
1419 bcast = ifra.ifra_broadaddr.sin_addr;
1420 #endif
1421 }
1422 #else
1423 #warning No SIOCGIFALIAS support
1424 /*
1425 * No SIOCGIFALIAS? That sucks!
1426 * This makes this call very heavy weight, but we
1427 * really need to know if the message is late or not.
1428 */
1429 const struct sockaddr *sa;
1430 struct ifaddrs *ifaddrs = NULL, *ifa;
1431
1432 sa = rti_info[RTAX_IFA];
1433 #ifdef PRIVSEP_GETIFADDRS
1434 if (IN_PRIVSEP(ctx)) {
1435 if (ps_root_getifaddrs(ctx, &ifaddrs) == -1) {
1436 logerr("ps_root_getifaddrs");
1437 break;
1438 }
1439 } else
1440 #endif
1441 if (getifaddrs(&ifaddrs) == -1) {
1442 logerr("getifaddrs");
1443 break;
1444 }
1445 for (ifa = ifaddrs; ifa; ifa = ifa->ifa_next) {
1446 if (ifa->ifa_addr == NULL)
1447 continue;
1448 if (sa_cmp(ifa->ifa_addr, sa) == 0 &&
1449 strcmp(ifa->ifa_name, ifp->name) == 0)
1450 break;
1451 }
1452 #ifdef PRIVSEP_GETIFADDRS
1453 if (IN_PRIVSEP(ctx))
1454 free(ifaddrs);
1455 else
1456 #endif
1457 freeifaddrs(ifaddrs);
1458 if (ifam->ifam_type == RTM_DELADDR) {
1459 if (ifa != NULL)
1460 break;
1461 } else {
1462 if (ifa == NULL)
1463 break;
1464 }
1465 #endif
1466
1467 #ifdef HAVE_IFAM_ADDRFLAGS
1468 flags = ifam->ifam_addrflags;
1469 #else
1470 flags = 0;
1471 #endif
1472
1473 ipv4_handleifa(ctx, ifam->ifam_type, NULL, ifp->name,
1474 &addr, &mask, &bcast, flags, pid);
1475 break;
1476 }
1477 #endif
1478 #ifdef INET6
1479 case AF_INET6:
1480 {
1481 struct in6_addr addr6, mask6;
1482 const struct sockaddr_in6 *sin6;
1483
1484 sin6 = (const void *)rti_info[RTAX_IFA];
1485 addr6 = sin6->sin6_addr;
1486 sin6 = (const void *)rti_info[RTAX_NETMASK];
1487 mask6 = sin6->sin6_addr;
1488
1489 /*
1490 * If the address was deleted, lets check if it's
1491 * a late message and it still exists (maybe modified).
1492 * If so, ignore it as deleting an address causes
1493 * dhcpcd to drop any lease to which it belongs.
1494 * Also check an added address was really added.
1495 */
1496 flags = if_addrflags6(ifp, &addr6, NULL);
1497 if (flags == -1) {
1498 if (errno != ENXIO && errno != EADDRNOTAVAIL)
1499 logerr("%s: if_addrflags6", __func__);
1500 if (ifam->ifam_type != RTM_DELADDR)
1501 break;
1502 flags = 0;
1503 } else if (ifam->ifam_type == RTM_DELADDR)
1504 break;
1505
1506 #ifdef __KAME__
1507 if (IN6_IS_ADDR_LINKLOCAL(&addr6))
1508 /* Remove the scope from the address */
1509 addr6.s6_addr[2] = addr6.s6_addr[3] = '\0';
1510 #endif
1511
1512 ipv6_handleifa(ctx, ifam->ifam_type, NULL,
1513 ifp->name, &addr6, ipv6_prefixlen(&mask6), flags, pid);
1514 break;
1515 }
1516 #endif
1517 }
1518
1519 return 0;
1520 }
1521
1522 static int
if_dispatch(struct dhcpcd_ctx * ctx,const struct rt_msghdr * rtm)1523 if_dispatch(struct dhcpcd_ctx *ctx, const struct rt_msghdr *rtm)
1524 {
1525
1526 if (rtm->rtm_version != RTM_VERSION)
1527 return 0;
1528
1529 switch(rtm->rtm_type) {
1530 #ifdef RTM_IFANNOUNCE
1531 case RTM_IFANNOUNCE:
1532 return if_announce(ctx, (const void *)rtm);
1533 #endif
1534 case RTM_IFINFO:
1535 return if_ifinfo(ctx, (const void *)rtm);
1536 case RTM_ADD: /* FALLTHROUGH */
1537 case RTM_CHANGE: /* FALLTHROUGH */
1538 case RTM_DELETE: /* FALLTHROUGH */
1539 case RTM_MISS:
1540 return if_rtm(ctx, (const void *)rtm);
1541 #ifdef RTM_CHGADDR
1542 case RTM_CHGADDR: /* FALLTHROUGH */
1543 #endif
1544 case RTM_DELADDR: /* FALLTHROUGH */
1545 case RTM_NEWADDR:
1546 return if_ifa(ctx, (const void *)rtm);
1547 #ifdef RTM_DESYNC
1548 case RTM_DESYNC:
1549 dhcpcd_linkoverflow(ctx);
1550 #elif !defined(SO_RERROR)
1551 #warning cannot detect route socket overflow within kernel
1552 #endif
1553 }
1554
1555 return 0;
1556 }
1557
1558 static int
if_missfilter0(struct dhcpcd_ctx * ctx,struct interface * ifp,struct sockaddr * sa)1559 if_missfilter0(struct dhcpcd_ctx *ctx, struct interface *ifp,
1560 struct sockaddr *sa)
1561 {
1562 size_t salen = (size_t)RT_ROUNDUP(sa->sa_len);
1563 size_t newlen = ctx->rt_missfilterlen + salen;
1564 size_t diff = salen - (sa->sa_len);
1565 uint8_t *cp;
1566
1567 if (ctx->rt_missfiltersize < newlen) {
1568 void *n = realloc(ctx->rt_missfilter, newlen);
1569 if (n == NULL)
1570 return -1;
1571 ctx->rt_missfilter = n;
1572 ctx->rt_missfiltersize = newlen;
1573 }
1574
1575 #ifdef INET6
1576 if (sa->sa_family == AF_INET6)
1577 ipv6_setscope(satosin6(sa), ifp->index);
1578 #else
1579 UNUSED(ifp);
1580 #endif
1581
1582 cp = ctx->rt_missfilter + ctx->rt_missfilterlen;
1583 memcpy(cp, sa, sa->sa_len);
1584 if (diff != 0)
1585 memset(cp + sa->sa_len, 0, diff);
1586 ctx->rt_missfilterlen += salen;
1587
1588 #ifdef INET6
1589 if (sa->sa_family == AF_INET6)
1590 ipv6_setscope(satosin6(sa), 0);
1591 #endif
1592
1593 return 0;
1594 }
1595
1596 int
if_missfilter(struct interface * ifp,struct sockaddr * sa)1597 if_missfilter(struct interface *ifp, struct sockaddr *sa)
1598 {
1599
1600 return if_missfilter0(ifp->ctx, ifp, sa);
1601 }
1602
1603 int
if_missfilter_apply(struct dhcpcd_ctx * ctx)1604 if_missfilter_apply(struct dhcpcd_ctx *ctx)
1605 {
1606 #ifdef RO_MISSFILTER
1607 if (ctx->rt_missfilterlen == 0) {
1608 struct sockaddr sa = {
1609 .sa_family = AF_UNSPEC,
1610 .sa_len = sizeof(sa),
1611 };
1612
1613 if (if_missfilter0(ctx, NULL, &sa) == -1)
1614 return -1;
1615 }
1616
1617 return setsockopt(ctx->link_fd, PF_ROUTE, RO_MISSFILTER,
1618 ctx->rt_missfilter, (socklen_t)ctx->rt_missfilterlen);
1619 #else
1620 #warning kernel does not support RTM_MISS DST filtering
1621 UNUSED(ctx);
1622 errno = ENOTSUP;
1623 return -1;
1624 #endif
1625 }
1626
1627 __CTASSERT(offsetof(struct rt_msghdr, rtm_msglen) == 0);
1628 int
if_handlelink(struct dhcpcd_ctx * ctx)1629 if_handlelink(struct dhcpcd_ctx *ctx)
1630 {
1631 struct rtm rtm;
1632 ssize_t len;
1633
1634 len = read(ctx->link_fd, &rtm, sizeof(rtm));
1635 if (len == -1)
1636 return -1;
1637 if (len == 0)
1638 return 0;
1639 if ((size_t)len < sizeof(rtm.hdr.rtm_msglen) ||
1640 len != rtm.hdr.rtm_msglen)
1641 {
1642 errno = EINVAL;
1643 return -1;
1644 }
1645 /*
1646 * Coverity thinks that the data could be tainted from here.
1647 * I have no idea how because the length of the data we read
1648 * is guarded by len and checked to match rtm_msglen.
1649 * The issue seems to be related to extracting the addresses
1650 * at the end of the header, but seems to have no issues with the
1651 * equivalent call in if_initrt.
1652 */
1653 /* coverity[tainted_data] */
1654 return if_dispatch(ctx, &rtm.hdr);
1655 }
1656
1657 #ifndef SYS_NMLN /* OSX */
1658 # define SYS_NMLN __SYS_NAMELEN
1659 #endif
1660 #ifndef HW_MACHINE_ARCH
1661 # ifdef HW_MODEL /* OpenBSD */
1662 # define HW_MACHINE_ARCH HW_MODEL
1663 # endif
1664 #endif
1665 int
if_machinearch(char * str,size_t len)1666 if_machinearch(char *str, size_t len)
1667 {
1668 int mib[2] = { CTL_HW, HW_MACHINE_ARCH };
1669
1670 return sysctl(mib, sizeof(mib) / sizeof(mib[0]), str, &len, NULL, 0);
1671 }
1672
1673 #ifdef INET6
1674 #if (defined(IPV6CTL_ACCEPT_RTADV) && !defined(ND6_IFF_ACCEPT_RTADV)) || \
1675 defined(IPV6CTL_FORWARDING)
1676 #define get_inet6_sysctl(code) inet6_sysctl(code, 0, 0)
1677 #define set_inet6_sysctl(code, val) inet6_sysctl(code, val, 1)
1678 static int
inet6_sysctl(int code,int val,int action)1679 inet6_sysctl(int code, int val, int action)
1680 {
1681 int mib[] = { CTL_NET, PF_INET6, IPPROTO_IPV6, 0 };
1682 size_t size;
1683
1684 mib[3] = code;
1685 size = sizeof(val);
1686 if (action) {
1687 if (sysctl(mib, __arraycount(mib), NULL, 0, &val, size) == -1)
1688 return -1;
1689 return 0;
1690 }
1691 if (sysctl(mib, __arraycount(mib), &val, &size, NULL, 0) == -1)
1692 return -1;
1693 return val;
1694 }
1695 #endif
1696
1697 int
if_applyra(const struct ra * rap)1698 if_applyra(const struct ra *rap)
1699 {
1700 #ifdef SIOCSIFINFO_IN6
1701 struct in6_ndireq nd = { .ndi.chlim = 0 };
1702 struct dhcpcd_ctx *ctx = rap->iface->ctx;
1703 int error;
1704
1705 strlcpy(nd.ifname, rap->iface->name, sizeof(nd.ifname));
1706
1707 #ifdef IPV6CTL_ACCEPT_RTADV
1708 struct priv *priv = ctx->priv;
1709
1710 /*
1711 * NetBSD changed SIOCSIFINFO_IN6 to NOT set flags when kernel
1712 * RA was removed, however both FreeBSD and DragonFlyBSD still do.
1713 * linkmtu was also removed.
1714 * Hopefully this guard will still work if either remove kernel RA.
1715 */
1716 if (ioctl(priv->pf_inet6_fd, SIOCGIFINFO_IN6, &nd, sizeof(nd)) == -1)
1717 return -1;
1718
1719 nd.ndi.linkmtu = rap->mtu;
1720 #endif
1721
1722 nd.ndi.chlim = rap->hoplimit;
1723 nd.ndi.retrans = rap->retrans;
1724 nd.ndi.basereachable = rap->reachable;
1725 error = if_ioctl6(ctx, SIOCSIFINFO_IN6, &nd, sizeof(nd));
1726 #ifdef IPV6CTL_ACCEPT_RTADV
1727 if (error == -1 && errno == EINVAL) {
1728 /*
1729 * Very likely that this is caused by a dodgy MTU
1730 * setting specific to the interface.
1731 * Let's set it to "unspecified" and try again.
1732 * Doesn't really matter as we fix the MTU against the
1733 * routes we add as not all OS support SIOCSIFINFO_IN6.
1734 */
1735 nd.ndi.linkmtu = 0;
1736 error = if_ioctl6(ctx, SIOCSIFINFO_IN6, &nd, sizeof(nd));
1737 }
1738 #endif
1739 return error;
1740 #else
1741 #warning OS does not allow setting of RA bits hoplimit, retrans or reachable
1742 UNUSED(rap);
1743 return 0;
1744 #endif
1745 }
1746
1747 #ifndef IPV6CTL_FORWARDING
1748 #define get_inet6_sysctlbyname(code) inet6_sysctlbyname(code, 0, 0)
1749 #define set_inet6_sysctlbyname(code, val) inet6_sysctlbyname(code, val, 1)
1750 static int
inet6_sysctlbyname(const char * name,int val,int action)1751 inet6_sysctlbyname(const char *name, int val, int action)
1752 {
1753 size_t size;
1754
1755 size = sizeof(val);
1756 if (action) {
1757 if (sysctlbyname(name, NULL, 0, &val, size) == -1)
1758 return -1;
1759 return 0;
1760 }
1761 if (sysctlbyname(name, &val, &size, NULL, 0) == -1)
1762 return -1;
1763 return val;
1764 }
1765 #endif
1766
1767 int
ip6_forwarding(__unused const char * ifname)1768 ip6_forwarding(__unused const char *ifname)
1769 {
1770 int val;
1771
1772 #ifdef IPV6CTL_FORWARDING
1773 val = get_inet6_sysctl(IPV6CTL_FORWARDING);
1774 #else
1775 val = get_inet6_sysctlbyname("net.inet6.ip6.forwarding");
1776 #endif
1777 return val < 0 ? 0 : val;
1778 }
1779
1780 #ifdef SIOCIFAFATTACH
1781 static int
if_af_attach(const struct interface * ifp,int af)1782 if_af_attach(const struct interface *ifp, int af)
1783 {
1784 struct if_afreq ifar = { .ifar_af = af };
1785
1786 strlcpy(ifar.ifar_name, ifp->name, sizeof(ifar.ifar_name));
1787 return if_ioctl6(ifp->ctx, SIOCIFAFATTACH, &ifar, sizeof(ifar));
1788 }
1789 #endif
1790
1791 #ifdef SIOCGIFXFLAGS
1792 static int
if_set_ifxflags(const struct interface * ifp)1793 if_set_ifxflags(const struct interface *ifp)
1794 {
1795 struct ifreq ifr;
1796 int flags;
1797 struct priv *priv = ifp->ctx->priv;
1798
1799 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
1800 if (ioctl(priv->pf_inet6_fd, SIOCGIFXFLAGS, &ifr) == -1)
1801 return -1;
1802 flags = ifr.ifr_flags;
1803 #ifdef IFXF_NOINET6
1804 flags &= ~IFXF_NOINET6;
1805 #endif
1806 /*
1807 * If not doing autoconf, don't disable the kernel from doing it.
1808 * If we need to, we should have another option actively disable it.
1809 *
1810 * OpenBSD moved from kernel based SLAAC to userland via slaacd(8).
1811 * It has a similar featureset to dhcpcd such as stable private
1812 * addresses, but lacks the ability to handle DNS inside the RA
1813 * which is a serious shortfall in this day and age.
1814 * Appease their user base by working alongside slaacd(8) if
1815 * dhcpcd is instructed not to do auto configuration of addresses.
1816 */
1817 #if defined(ND6_IFF_ACCEPT_RTADV)
1818 #define BSD_AUTOCONF DHCPCD_IPV6RS
1819 #else
1820 #define BSD_AUTOCONF DHCPCD_IPV6RA_AUTOCONF
1821 #endif
1822 if (ifp->options->options & BSD_AUTOCONF)
1823 flags &= ~IFXF_AUTOCONF6;
1824 if (ifr.ifr_flags == flags)
1825 return 0;
1826 ifr.ifr_flags = flags;
1827 return if_ioctl6(ifp->ctx, SIOCSIFXFLAGS, &ifr, sizeof(ifr));
1828 }
1829 #endif
1830
1831 /* OpenBSD removed ND6 flags entirely, so we need to check for their
1832 * existance. */
1833 #if defined(ND6_IFF_AUTO_LINKLOCAL) || \
1834 defined(ND6_IFF_PERFORMNUD) || \
1835 defined(ND6_IFF_ACCEPT_RTADV) || \
1836 defined(ND6_IFF_OVERRIDE_RTADV) || \
1837 defined(ND6_IFF_IFDISABLED)
1838 #define ND6_NDI_FLAGS
1839 #endif
1840
1841 void
if_disable_rtadv(void)1842 if_disable_rtadv(void)
1843 {
1844 #if defined(IPV6CTL_ACCEPT_RTADV) && !defined(ND6_IFF_ACCEPT_RTADV)
1845 int ra = get_inet6_sysctl(IPV6CTL_ACCEPT_RTADV);
1846
1847 if (ra == -1) {
1848 if (errno != ENOENT)
1849 logerr("IPV6CTL_ACCEPT_RTADV");
1850 else if (ra != 0)
1851 if (set_inet6_sysctl(IPV6CTL_ACCEPT_RTADV, 0) == -1)
1852 logerr("IPV6CTL_ACCEPT_RTADV");
1853 }
1854 #endif
1855 }
1856
1857 void
if_setup_inet6(const struct interface * ifp)1858 if_setup_inet6(const struct interface *ifp)
1859 {
1860 #ifdef ND6_NDI_FLAGS
1861 struct priv *priv;
1862 int s;
1863 struct in6_ndireq nd;
1864 int flags;
1865
1866 priv = (struct priv *)ifp->ctx->priv;
1867 s = priv->pf_inet6_fd;
1868
1869 memset(&nd, 0, sizeof(nd));
1870 strlcpy(nd.ifname, ifp->name, sizeof(nd.ifname));
1871 if (ioctl(s, SIOCGIFINFO_IN6, &nd) == -1)
1872 logerr("%s: SIOCGIFINFO_FLAGS", ifp->name);
1873 flags = (int)nd.ndi.flags;
1874
1875 #ifdef ND6_IFF_AUTO_LINKLOCAL
1876 /* Unlike the kernel, dhcpcd make make a stable private address. */
1877 flags &= ~ND6_IFF_AUTO_LINKLOCAL;
1878 #endif
1879
1880 #ifdef ND6_IFF_PERFORMNUD
1881 /* NUD is kind of essential. */
1882 flags |= ND6_IFF_PERFORMNUD;
1883 #endif
1884
1885 #ifdef ND6_IFF_IFDISABLED
1886 /* Ensure the interface is not disabled. */
1887 flags &= ~ND6_IFF_IFDISABLED;
1888 #endif
1889
1890 /*
1891 * If not doing autoconf, don't disable the kernel from doing it.
1892 * If we need to, we should have another option actively disable it.
1893 */
1894 #ifdef ND6_IFF_ACCEPT_RTADV
1895 if (ifp->options->options & DHCPCD_IPV6RS)
1896 flags &= ~ND6_IFF_ACCEPT_RTADV;
1897 #ifdef ND6_IFF_OVERRIDE_RTADV
1898 if (ifp->options->options & DHCPCD_IPV6RS)
1899 flags |= ND6_IFF_OVERRIDE_RTADV;
1900 #endif
1901 #endif
1902
1903 if (nd.ndi.flags != (uint32_t)flags) {
1904 nd.ndi.flags = (uint32_t)flags;
1905 if (if_ioctl6(ifp->ctx, SIOCSIFINFO_FLAGS,
1906 &nd, sizeof(nd)) == -1)
1907 logerr("%s: SIOCSIFINFO_FLAGS", ifp->name);
1908 }
1909 #endif /* ND6_NDI_FLAGS */
1910
1911 /* Enabling IPv6 by whatever means must be the
1912 * last action undertaken to ensure kernel RS and
1913 * LLADDR auto configuration are disabled where applicable. */
1914 #ifdef SIOCIFAFATTACH
1915 if (if_af_attach(ifp, AF_INET6) == -1)
1916 logerr("%s: if_af_attach", ifp->name);
1917 #endif
1918
1919 #ifdef SIOCGIFXFLAGS
1920 if (if_set_ifxflags(ifp) == -1)
1921 logerr("%s: set_ifxflags", ifp->name);
1922 #endif
1923
1924 #ifdef SIOCSRTRFLUSH_IN6
1925 /* Flush the kernel knowledge of advertised routers
1926 * and prefixes so the kernel does not expire prefixes
1927 * and default routes we are trying to own. */
1928 if (ifp->options->options & DHCPCD_IPV6RS) {
1929 struct in6_ifreq ifr;
1930
1931 memset(&ifr, 0, sizeof(ifr));
1932 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
1933 if (if_ioctl6(ifp->ctx, SIOCSRTRFLUSH_IN6,
1934 &ifr, sizeof(ifr)) == -1 &&
1935 errno != ENOTSUP && errno != ENOTTY)
1936 logwarn("SIOCSRTRFLUSH_IN6 %d", errno);
1937 #ifdef SIOCSPFXFLUSH_IN6
1938 if (if_ioctl6(ifp->ctx, SIOCSPFXFLUSH_IN6,
1939 &ifr, sizeof(ifr)) == -1 &&
1940 errno != ENOTSUP && errno != ENOTTY)
1941 logwarn("SIOCSPFXFLUSH_IN6");
1942 #endif
1943 }
1944 #endif
1945 }
1946 #endif
1947