1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3 * dhcpcd - IPv6 ND handling
4 * Copyright (c) 2006-2023 Roy Marples <roy@marples.name>
5 * All rights reserved
6
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <sys/ioctl.h>
30 #include <sys/param.h>
31 #include <sys/socket.h>
32 #include <net/if.h>
33 #include <net/route.h>
34 #include <netinet/in.h>
35 #include <netinet/ip6.h>
36 #include <netinet/icmp6.h>
37
38 #include <assert.h>
39 #include <errno.h>
40 #include <fcntl.h>
41 #include <stddef.h>
42 #include <stdlib.h>
43 #include <string.h>
44 #include <syslog.h>
45 #include <unistd.h>
46
47 #define ELOOP_QUEUE ELOOP_IPV6ND
48 #include "common.h"
49 #include "dhcpcd.h"
50 #include "dhcp-common.h"
51 #include "dhcp6.h"
52 #include "eloop.h"
53 #include "if.h"
54 #include "ipv6.h"
55 #include "ipv6nd.h"
56 #include "logerr.h"
57 #include "privsep.h"
58 #include "route.h"
59 #include "script.h"
60
61 /* Debugging Router Solicitations is a lot of spam, so disable it */
62 //#define DEBUG_RS
63
64 #ifndef ND_RA_FLAG_HOME_AGENT
65 #define ND_RA_FLAG_HOME_AGENT 0x20 /* Home Agent flag in RA */
66 #endif
67 #ifndef ND_RA_FLAG_PROXY
68 #define ND_RA_FLAG_PROXY 0x04 /* Proxy */
69 #endif
70 #ifndef ND_OPT_PI_FLAG_ROUTER
71 #define ND_OPT_PI_FLAG_ROUTER 0x20 /* Router flag in PI */
72 #endif
73
74 #ifndef ND_OPT_RI
75 #define ND_OPT_RI 24
76 struct nd_opt_ri { /* Route Information option RFC4191 */
77 uint8_t nd_opt_ri_type;
78 uint8_t nd_opt_ri_len;
79 uint8_t nd_opt_ri_prefixlen;
80 uint8_t nd_opt_ri_flags_reserved;
81 uint32_t nd_opt_ri_lifetime;
82 struct in6_addr nd_opt_ri_prefix;
83 };
84 __CTASSERT(sizeof(struct nd_opt_ri) == 24);
85 #define OPT_RI_FLAG_PREFERENCE(flags) ((flags & 0x18) >> 3)
86 #endif
87
88 #ifndef ND_OPT_RDNSS
89 #define ND_OPT_RDNSS 25
90 struct nd_opt_rdnss { /* RDNSS option RFC 6106 */
91 uint8_t nd_opt_rdnss_type;
92 uint8_t nd_opt_rdnss_len;
93 uint16_t nd_opt_rdnss_reserved;
94 uint32_t nd_opt_rdnss_lifetime;
95 /* followed by list of IP prefixes */
96 };
97 __CTASSERT(sizeof(struct nd_opt_rdnss) == 8);
98 #endif
99
100 #ifndef ND_OPT_DNSSL
101 #define ND_OPT_DNSSL 31
102 struct nd_opt_dnssl { /* DNSSL option RFC 6106 */
103 uint8_t nd_opt_dnssl_type;
104 uint8_t nd_opt_dnssl_len;
105 uint16_t nd_opt_dnssl_reserved;
106 uint32_t nd_opt_dnssl_lifetime;
107 /* followed by list of DNS servers */
108 };
109 __CTASSERT(sizeof(struct nd_opt_dnssl) == 8);
110 #endif
111
112 /* Impossible options, so we can easily add extras */
113 #define _ND_OPT_PREFIX_ADDR 255 + 1
114
115 /* Minimal IPv6 MTU */
116 #ifndef IPV6_MMTU
117 #define IPV6_MMTU 1280
118 #endif
119
120 #ifndef ND_RA_FLAG_RTPREF_HIGH
121 #define ND_RA_FLAG_RTPREF_MASK 0x18
122 #define ND_RA_FLAG_RTPREF_HIGH 0x08
123 #define ND_RA_FLAG_RTPREF_MEDIUM 0x00
124 #define ND_RA_FLAG_RTPREF_LOW 0x18
125 #define ND_RA_FLAG_RTPREF_RSV 0x10
126 #endif
127
128 #define EXPIRED_MAX 5 /* Remember 5 expired routers to avoid
129 logspam. */
130
131 #define MIN_RANDOM_FACTOR 500 /* millisecs */
132 #define MAX_RANDOM_FACTOR 1500 /* millisecs */
133 #define MIN_RANDOM_FACTOR_U MIN_RANDOM_FACTOR * 1000 /* usecs */
134 #define MAX_RANDOM_FACTOR_U MAX_RANDOM_FACTOR * 1000 /* usecs */
135
136 #if BYTE_ORDER == BIG_ENDIAN
137 #define IPV6_ADDR_INT32_ONE 1
138 #define IPV6_ADDR_INT16_MLL 0xff02
139 #elif BYTE_ORDER == LITTLE_ENDIAN
140 #define IPV6_ADDR_INT32_ONE 0x01000000
141 #define IPV6_ADDR_INT16_MLL 0x02ff
142 #endif
143
144 /* Debugging Neighbor Solicitations is a lot of spam, so disable it */
145 //#define DEBUG_NS
146 //
147
148 static void ipv6nd_handledata(void *, unsigned short);
149 static struct routeinfo *routeinfo_findalloc(struct ra *, const struct in6_addr *, uint8_t);
150 static void routeinfohead_free(struct routeinfohead *);
151
152 /*
153 * Android ships buggy ICMP6 filter headers.
154 * Supply our own until they fix their shit.
155 * References:
156 * https://android-review.googlesource.com/#/c/58438/
157 * http://code.google.com/p/android/issues/original?id=32621&seq=24
158 */
159 #ifdef __ANDROID__
160 #undef ICMP6_FILTER_WILLPASS
161 #undef ICMP6_FILTER_WILLBLOCK
162 #undef ICMP6_FILTER_SETPASS
163 #undef ICMP6_FILTER_SETBLOCK
164 #undef ICMP6_FILTER_SETPASSALL
165 #undef ICMP6_FILTER_SETBLOCKALL
166 #define ICMP6_FILTER_WILLPASS(type, filterp) \
167 ((((filterp)->icmp6_filt[(type) >> 5]) & (1 << ((type) & 31))) == 0)
168 #define ICMP6_FILTER_WILLBLOCK(type, filterp) \
169 ((((filterp)->icmp6_filt[(type) >> 5]) & (1 << ((type) & 31))) != 0)
170 #define ICMP6_FILTER_SETPASS(type, filterp) \
171 ((((filterp)->icmp6_filt[(type) >> 5]) &= ~(1 << ((type) & 31))))
172 #define ICMP6_FILTER_SETBLOCK(type, filterp) \
173 ((((filterp)->icmp6_filt[(type) >> 5]) |= (1 << ((type) & 31))))
174 #define ICMP6_FILTER_SETPASSALL(filterp) \
175 memset(filterp, 0, sizeof(struct icmp6_filter));
176 #define ICMP6_FILTER_SETBLOCKALL(filterp) \
177 memset(filterp, 0xff, sizeof(struct icmp6_filter));
178 #endif
179
180 /* Support older systems with different defines */
181 #if !defined(IPV6_RECVHOPLIMIT) && defined(IPV6_HOPLIMIT)
182 #define IPV6_RECVHOPLIMIT IPV6_HOPLIMIT
183 #endif
184 #if !defined(IPV6_RECVPKTINFO) && defined(IPV6_PKTINFO)
185 #define IPV6_RECVPKTINFO IPV6_PKTINFO
186 #endif
187
188 /* Handy defines */
189 #define ipv6nd_free_ra(ra) ipv6nd_freedrop_ra((ra), 0)
190 #define ipv6nd_drop_ra(ra) ipv6nd_freedrop_ra((ra), 1)
191
192 void
ipv6nd_printoptions(const struct dhcpcd_ctx * ctx,const struct dhcp_opt * opts,size_t opts_len)193 ipv6nd_printoptions(const struct dhcpcd_ctx *ctx,
194 const struct dhcp_opt *opts, size_t opts_len)
195 {
196 size_t i, j;
197 const struct dhcp_opt *opt, *opt2;
198 int cols;
199
200 for (i = 0, opt = ctx->nd_opts;
201 i < ctx->nd_opts_len; i++, opt++)
202 {
203 for (j = 0, opt2 = opts; j < opts_len; j++, opt2++)
204 if (opt2->option == opt->option)
205 break;
206 if (j == opts_len) {
207 cols = printf("%03d %s", opt->option, opt->var);
208 dhcp_print_option_encoding(opt, cols);
209 }
210 }
211 for (i = 0, opt = opts; i < opts_len; i++, opt++) {
212 cols = printf("%03d %s", opt->option, opt->var);
213 dhcp_print_option_encoding(opt, cols);
214 }
215 }
216
217 int
ipv6nd_open(bool recv)218 ipv6nd_open(bool recv)
219 {
220 int fd, on;
221 struct icmp6_filter filt;
222
223 fd = xsocket(PF_INET6, SOCK_RAW | SOCK_CXNB, IPPROTO_ICMPV6);
224 if (fd == -1)
225 return -1;
226
227 ICMP6_FILTER_SETBLOCKALL(&filt);
228
229 /* RFC4861 4.1 */
230 on = 255;
231 if (setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS,
232 &on, sizeof(on)) == -1)
233 goto eexit;
234
235 if (recv) {
236 on = 1;
237 if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
238 &on, sizeof(on)) == -1)
239 goto eexit;
240
241 on = 1;
242 if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT,
243 &on, sizeof(on)) == -1)
244 goto eexit;
245
246 ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt);
247
248 #ifdef SO_RERROR
249 on = 1;
250 if (setsockopt(fd, SOL_SOCKET, SO_RERROR,
251 &on, sizeof(on)) == -1)
252 goto eexit;
253 #endif
254 }
255
256 if (setsockopt(fd, IPPROTO_ICMPV6, ICMP6_FILTER,
257 &filt, sizeof(filt)) == -1)
258 goto eexit;
259
260 return fd;
261
262 eexit:
263 close(fd);
264 return -1;
265 }
266
267 #ifdef __sun
268 int
ipv6nd_openif(struct interface * ifp)269 ipv6nd_openif(struct interface *ifp)
270 {
271 int fd;
272 struct ipv6_mreq mreq = {
273 .ipv6mr_multiaddr = IN6ADDR_LINKLOCAL_ALLNODES_INIT,
274 .ipv6mr_interface = ifp->index
275 };
276 struct rs_state *state = RS_STATE(ifp);
277 uint_t ifindex = ifp->index;
278
279 if (state->nd_fd != -1)
280 return state->nd_fd;
281
282 fd = ipv6nd_open(true);
283 if (fd == -1)
284 return -1;
285
286 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BOUND_IF,
287 &ifindex, sizeof(ifindex)) == -1)
288 {
289 close(fd);
290 return -1;
291 }
292
293 if (setsockopt(fd, IPPROTO_IPV6, IPV6_JOIN_GROUP,
294 &mreq, sizeof(mreq)) == -1)
295 {
296 close(fd);
297 return -1;
298 }
299
300 if (eloop_event_add(ifp->ctx->eloop, fd, ELE_READ,
301 ipv6nd_handledata, ifp) == -1)
302 {
303 close(fd);
304 return -1;
305 }
306
307 state->nd_fd = fd;
308 return fd;
309 }
310 #endif
311
312 static int
ipv6nd_makersprobe(struct interface * ifp)313 ipv6nd_makersprobe(struct interface *ifp)
314 {
315 struct rs_state *state;
316 struct nd_router_solicit *rs;
317
318 state = RS_STATE(ifp);
319 free(state->rs);
320 state->rslen = sizeof(*rs);
321 if (ifp->hwlen != 0)
322 state->rslen += (size_t)ROUNDUP8(ifp->hwlen + 2);
323 state->rs = calloc(1, state->rslen);
324 if (state->rs == NULL)
325 return -1;
326 rs = state->rs;
327 rs->nd_rs_type = ND_ROUTER_SOLICIT;
328 //rs->nd_rs_code = 0;
329 //rs->nd_rs_cksum = 0;
330 //rs->nd_rs_reserved = 0;
331
332 if (ifp->hwlen != 0) {
333 struct nd_opt_hdr *nd;
334
335 nd = (struct nd_opt_hdr *)(state->rs + 1);
336 nd->nd_opt_type = ND_OPT_SOURCE_LINKADDR;
337 nd->nd_opt_len = (uint8_t)((ROUNDUP8(ifp->hwlen + 2)) >> 3);
338 memcpy(nd + 1, ifp->hwaddr, ifp->hwlen);
339 }
340 return 0;
341 }
342
343 static void
ipv6nd_sendrsprobe(void * arg)344 ipv6nd_sendrsprobe(void *arg)
345 {
346 struct interface *ifp = arg;
347 struct rs_state *state = RS_STATE(ifp);
348 struct sockaddr_in6 dst = {
349 .sin6_family = AF_INET6,
350 .sin6_addr = IN6ADDR_LINKLOCAL_ALLROUTERS_INIT,
351 .sin6_scope_id = ifp->index,
352 };
353 struct iovec iov = { .iov_base = state->rs, .iov_len = state->rslen };
354 union {
355 struct cmsghdr hdr;
356 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
357 } cmsgbuf = { .buf = { 0 } };
358 struct msghdr msg = {
359 .msg_name = &dst, .msg_namelen = sizeof(dst),
360 .msg_iov = &iov, .msg_iovlen = 1,
361 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf),
362 };
363 struct cmsghdr *cm;
364 struct in6_pktinfo pi = { .ipi6_ifindex = ifp->index };
365 int s;
366 #ifndef __sun
367 struct dhcpcd_ctx *ctx = ifp->ctx;
368 #endif
369
370 if (ipv6_linklocal(ifp) == NULL) {
371 logdebugx("%s: delaying Router Solicitation for LL address",
372 ifp->name);
373 ipv6_addlinklocalcallback(ifp, ipv6nd_sendrsprobe, ifp);
374 return;
375 }
376
377 #ifdef HAVE_SA_LEN
378 dst.sin6_len = sizeof(dst);
379 #endif
380
381 /* Set the outbound interface */
382 cm = CMSG_FIRSTHDR(&msg);
383 if (cm == NULL) /* unlikely */
384 return;
385 cm->cmsg_level = IPPROTO_IPV6;
386 cm->cmsg_type = IPV6_PKTINFO;
387 cm->cmsg_len = CMSG_LEN(sizeof(pi));
388 memcpy(CMSG_DATA(cm), &pi, sizeof(pi));
389
390 logdebugx("%s: sending Router Solicitation", ifp->name);
391 #ifdef PRIVSEP
392 if (IN_PRIVSEP(ifp->ctx)) {
393 if (ps_inet_sendnd(ifp, &msg) == -1)
394 logerr(__func__);
395 goto sent;
396 }
397 #endif
398 #ifdef __sun
399 if (state->nd_fd == -1) {
400 if (ipv6nd_openif(ifp) == -1) {
401 logerr(__func__);
402 return;
403 }
404 }
405 s = state->nd_fd;
406 #else
407 if (ctx->nd_fd == -1) {
408 ctx->nd_fd = ipv6nd_open(true);
409 if (ctx->nd_fd == -1) {
410 logerr(__func__);
411 return;
412 }
413 if (eloop_event_add(ctx->eloop, ctx->nd_fd, ELE_READ,
414 ipv6nd_handledata, ctx) == -1)
415 logerr("%s: eloop_event_add", __func__);
416 }
417 s = ifp->ctx->nd_fd;
418 #endif
419 if (sendmsg(s, &msg, 0) == -1) {
420 logerr(__func__);
421 /* Allow IPv6ND to continue .... at most a few errors
422 * would be logged.
423 * Generally the error is ENOBUFS when struggling to
424 * associate with an access point. */
425 }
426
427 #ifdef PRIVSEP
428 sent:
429 #endif
430 if (state->rsprobes++ < MAX_RTR_SOLICITATIONS)
431 eloop_timeout_add_sec(ifp->ctx->eloop,
432 RTR_SOLICITATION_INTERVAL, ipv6nd_sendrsprobe, ifp);
433 else
434 logwarnx("%s: no IPv6 Routers available", ifp->name);
435 }
436
437 #ifdef ND6_ADVERTISE
438 static void
ipv6nd_sendadvertisement(void * arg)439 ipv6nd_sendadvertisement(void *arg)
440 {
441 struct ipv6_addr *ia = arg;
442 struct interface *ifp = ia->iface;
443 struct dhcpcd_ctx *ctx = ifp->ctx;
444 struct sockaddr_in6 dst = {
445 .sin6_family = AF_INET6,
446 .sin6_addr = IN6ADDR_LINKLOCAL_ALLNODES_INIT,
447 .sin6_scope_id = ifp->index,
448 };
449 struct iovec iov = { .iov_base = ia->na, .iov_len = ia->na_len };
450 union {
451 struct cmsghdr hdr;
452 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
453 } cmsgbuf = { .buf = { 0 } };
454 struct msghdr msg = {
455 .msg_name = &dst, .msg_namelen = sizeof(dst),
456 .msg_iov = &iov, .msg_iovlen = 1,
457 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf),
458 };
459 struct cmsghdr *cm;
460 struct in6_pktinfo pi = { .ipi6_ifindex = ifp->index };
461 const struct rs_state *state = RS_CSTATE(ifp);
462 int s;
463
464 if (state == NULL || !if_is_link_up(ifp))
465 goto freeit;
466
467 #ifdef SIN6_LEN
468 dst.sin6_len = sizeof(dst);
469 #endif
470
471 /* Set the outbound interface. */
472 cm = CMSG_FIRSTHDR(&msg);
473 assert(cm != NULL);
474 cm->cmsg_level = IPPROTO_IPV6;
475 cm->cmsg_type = IPV6_PKTINFO;
476 cm->cmsg_len = CMSG_LEN(sizeof(pi));
477 memcpy(CMSG_DATA(cm), &pi, sizeof(pi));
478 logdebugx("%s: sending NA for %s", ifp->name, ia->saddr);
479
480 #ifdef PRIVSEP
481 if (IN_PRIVSEP(ifp->ctx)) {
482 if (ps_inet_sendnd(ifp, &msg) == -1)
483 logerr(__func__);
484 goto sent;
485 }
486 #endif
487 #ifdef __sun
488 s = state->nd_fd;
489 #else
490 s = ctx->nd_fd;
491 #endif
492 if (sendmsg(s, &msg, 0) == -1)
493 logerr(__func__);
494
495 #ifdef PRIVSEP
496 sent:
497 #endif
498 if (++ia->na_count < MAX_NEIGHBOR_ADVERTISEMENT) {
499 eloop_timeout_add_sec(ctx->eloop,
500 state->retrans / 1000, ipv6nd_sendadvertisement, ia);
501 return;
502 }
503
504 freeit:
505 free(ia->na);
506 ia->na = NULL;
507 ia->na_count = 0;
508 }
509
510 void
ipv6nd_advertise(struct ipv6_addr * ia)511 ipv6nd_advertise(struct ipv6_addr *ia)
512 {
513 struct dhcpcd_ctx *ctx;
514 struct interface *ifp;
515 struct ipv6_state *state;
516 struct ipv6_addr *iap, *iaf;
517 struct nd_neighbor_advert *na;
518
519 if (IN6_IS_ADDR_MULTICAST(&ia->addr))
520 return;
521
522 #ifdef __sun
523 if (!(ia->flags & IPV6_AF_AUTOCONF) && ia->flags & IPV6_AF_RAPFX)
524 return;
525 #endif
526
527 ctx = ia->iface->ctx;
528 /* Find the most preferred address to advertise. */
529 iaf = NULL;
530 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
531 state = IPV6_STATE(ifp);
532 if (state == NULL || !if_is_link_up(ifp))
533 continue;
534
535 TAILQ_FOREACH(iap, &state->addrs, next) {
536 if (!IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
537 continue;
538
539 /* Cancel any current advertisement. */
540 eloop_timeout_delete(ctx->eloop,
541 ipv6nd_sendadvertisement, iap);
542
543 /* Don't advertise what we can't use. */
544 if (iap->prefix_vltime == 0 ||
545 iap->addr_flags & IN6_IFF_NOTUSEABLE)
546 continue;
547
548 if (iaf == NULL ||
549 iaf->iface->metric > iap->iface->metric)
550 iaf = iap;
551 }
552 }
553 if (iaf == NULL)
554 return;
555
556 /* Make the packet. */
557 ifp = iaf->iface;
558 iaf->na_len = sizeof(*na);
559 if (ifp->hwlen != 0)
560 iaf->na_len += (size_t)ROUNDUP8(ifp->hwlen + 2);
561 na = calloc(1, iaf->na_len);
562 if (na == NULL) {
563 logerr(__func__);
564 return;
565 }
566
567 na->nd_na_type = ND_NEIGHBOR_ADVERT;
568 na->nd_na_flags_reserved = ND_NA_FLAG_OVERRIDE;
569 #if defined(PRIVSEP) && (defined(__linux__) || defined(HAVE_PLEDGE))
570 if (IN_PRIVSEP(ctx)) {
571 if (ps_root_ip6forwarding(ctx, ifp->name) != 0)
572 na->nd_na_flags_reserved |= ND_NA_FLAG_ROUTER;
573 } else
574 #endif
575 if (ip6_forwarding(ifp->name) != 0)
576 na->nd_na_flags_reserved |= ND_NA_FLAG_ROUTER;
577 na->nd_na_target = ia->addr;
578
579 if (ifp->hwlen != 0) {
580 struct nd_opt_hdr *opt;
581
582 opt = (struct nd_opt_hdr *)(na + 1);
583 opt->nd_opt_type = ND_OPT_TARGET_LINKADDR;
584 opt->nd_opt_len = (uint8_t)((ROUNDUP8(ifp->hwlen + 2)) >> 3);
585 memcpy(opt + 1, ifp->hwaddr, ifp->hwlen);
586 }
587
588 iaf->na_count = 0;
589 free(iaf->na);
590 iaf->na = na;
591 eloop_timeout_delete(ctx->eloop, ipv6nd_sendadvertisement, iaf);
592 ipv6nd_sendadvertisement(iaf);
593 }
594 #elif !defined(SMALL)
595 #warning kernel does not support userland sending ND6 advertisements
596 #endif /* ND6_ADVERTISE */
597
598 static void
ipv6nd_expire(void * arg)599 ipv6nd_expire(void *arg)
600 {
601 struct interface *ifp = arg;
602 struct ra *rap;
603
604 if (ifp->ctx->ra_routers == NULL)
605 return;
606
607 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
608 if (rap->iface == ifp && rap->willexpire)
609 rap->doexpire = true;
610 }
611 ipv6nd_expirera(ifp);
612 }
613
614 void
ipv6nd_startexpire(struct interface * ifp)615 ipv6nd_startexpire(struct interface *ifp)
616 {
617 struct ra *rap;
618
619 if (ifp->ctx->ra_routers == NULL)
620 return;
621
622 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
623 if (rap->iface == ifp)
624 rap->willexpire = true;
625 }
626 eloop_q_timeout_add_sec(ifp->ctx->eloop, ELOOP_IPV6RA_EXPIRE,
627 RTR_CARRIER_EXPIRE, ipv6nd_expire, ifp);
628 }
629
630 int
ipv6nd_rtpref(uint8_t flags)631 ipv6nd_rtpref(uint8_t flags)
632 {
633
634 switch (flags & ND_RA_FLAG_RTPREF_MASK) {
635 case ND_RA_FLAG_RTPREF_HIGH:
636 return RTPREF_HIGH;
637 case ND_RA_FLAG_RTPREF_MEDIUM:
638 case ND_RA_FLAG_RTPREF_RSV:
639 return RTPREF_MEDIUM;
640 case ND_RA_FLAG_RTPREF_LOW:
641 return RTPREF_LOW;
642 default:
643 logerrx("%s: impossible RA flag %x", __func__, flags);
644 return RTPREF_INVALID;
645 }
646 /* NOTREACHED */
647 }
648
649 static void
ipv6nd_sortrouters(struct dhcpcd_ctx * ctx)650 ipv6nd_sortrouters(struct dhcpcd_ctx *ctx)
651 {
652 struct ra_head sorted_routers = TAILQ_HEAD_INITIALIZER(sorted_routers);
653 struct ra *ra1, *ra2;
654
655 while ((ra1 = TAILQ_FIRST(ctx->ra_routers)) != NULL) {
656 TAILQ_REMOVE(ctx->ra_routers, ra1, next);
657 TAILQ_FOREACH(ra2, &sorted_routers, next) {
658 if (ra1->iface->metric > ra2->iface->metric)
659 continue;
660 if (ra1->expired && !ra2->expired)
661 continue;
662 if (ra1->willexpire && !ra2->willexpire)
663 continue;
664 if (ra1->lifetime == 0 && ra2->lifetime != 0)
665 continue;
666 if (!ra1->isreachable && ra2->reachable)
667 continue;
668 if (ipv6nd_rtpref(ra1->flags) <= ipv6nd_rtpref(ra2->flags))
669 continue;
670 /* All things being equal, prefer older routers. */
671 /* We don't need to check time, becase newer
672 * routers are always added to the tail and then
673 * sorted. */
674 TAILQ_INSERT_BEFORE(ra2, ra1, next);
675 break;
676 }
677 if (ra2 == NULL)
678 TAILQ_INSERT_TAIL(&sorted_routers, ra1, next);
679 }
680
681 TAILQ_CONCAT(ctx->ra_routers, &sorted_routers, next);
682 }
683
684 static void
ipv6nd_applyra(struct interface * ifp)685 ipv6nd_applyra(struct interface *ifp)
686 {
687 struct ra *rap;
688 struct rs_state *state = RS_STATE(ifp);
689 struct ra defra = {
690 .iface = ifp,
691 .hoplimit = IPV6_DEFHLIM ,
692 .reachable = REACHABLE_TIME,
693 .retrans = RETRANS_TIMER,
694 };
695
696 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
697 if (rap->iface == ifp)
698 break;
699 }
700
701 /* If we have no Router Advertisement, then set default values. */
702 if (rap == NULL || rap->expired || rap->willexpire)
703 rap = &defra;
704
705 state->retrans = rap->retrans;
706 if (if_applyra(rap) == -1 && errno != ENOENT)
707 logerr(__func__);
708 }
709
710 /*
711 * Neighbour reachability.
712 *
713 * RFC 4681 6.2.5 says when a node is no longer a router it MUST
714 * send a RA with a zero lifetime.
715 * All OS's I know of set the NA router flag if they are a router
716 * or not and disregard that they are actively advertising or
717 * shutting down. If the interface is disabled, it cant't send a NA at all.
718 *
719 * As such we CANNOT rely on the NA Router flag and MUST use
720 * unreachability or receive a RA with a lifetime of zero to remove
721 * the node as a default router.
722 */
723 void
ipv6nd_neighbour(struct dhcpcd_ctx * ctx,struct in6_addr * addr,bool reachable)724 ipv6nd_neighbour(struct dhcpcd_ctx *ctx, struct in6_addr *addr, bool reachable)
725 {
726 struct ra *rap, *rapr;
727
728 if (ctx->ra_routers == NULL)
729 return;
730
731 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
732 if (IN6_ARE_ADDR_EQUAL(&rap->from, addr))
733 break;
734 }
735
736 if (rap == NULL || rap->expired || rap->isreachable == reachable)
737 return;
738
739 rap->isreachable = reachable;
740 loginfox("%s: %s is %s", rap->iface->name, rap->sfrom,
741 reachable ? "reachable again" : "unreachable");
742
743 /* See if we can install a reachable default router. */
744 ipv6nd_sortrouters(ctx);
745 ipv6nd_applyra(rap->iface);
746 rt_build(ctx, AF_INET6);
747
748 if (reachable)
749 return;
750
751 /* If we have no reachable default routers, try and solicit one. */
752 TAILQ_FOREACH(rapr, ctx->ra_routers, next) {
753 if (rap == rapr || rap->iface != rapr->iface)
754 continue;
755 if (rapr->isreachable && !rapr->expired && rapr->lifetime)
756 break;
757 }
758
759 if (rapr == NULL)
760 ipv6nd_startrs(rap->iface);
761 }
762
763 const struct ipv6_addr *
ipv6nd_iffindaddr(const struct interface * ifp,const struct in6_addr * addr,unsigned int flags)764 ipv6nd_iffindaddr(const struct interface *ifp, const struct in6_addr *addr,
765 unsigned int flags)
766 {
767 struct ra *rap;
768 struct ipv6_addr *ap;
769
770 if (ifp->ctx->ra_routers == NULL)
771 return NULL;
772
773 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
774 if (rap->iface != ifp)
775 continue;
776 TAILQ_FOREACH(ap, &rap->addrs, next) {
777 if (ipv6_findaddrmatch(ap, addr, flags))
778 return ap;
779 }
780 }
781 return NULL;
782 }
783
784 struct ipv6_addr *
ipv6nd_findaddr(struct dhcpcd_ctx * ctx,const struct in6_addr * addr,unsigned int flags)785 ipv6nd_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr,
786 unsigned int flags)
787 {
788 struct ra *rap;
789 struct ipv6_addr *ap;
790
791 if (ctx->ra_routers == NULL)
792 return NULL;
793
794 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
795 TAILQ_FOREACH(ap, &rap->addrs, next) {
796 if (ipv6_findaddrmatch(ap, addr, flags))
797 return ap;
798 }
799 }
800 return NULL;
801 }
802
803 static struct ipv6_addr *
ipv6nd_rapfindprefix(struct ra * rap,const struct in6_addr * pfx,uint8_t pfxlen)804 ipv6nd_rapfindprefix(struct ra *rap,
805 const struct in6_addr *pfx, uint8_t pfxlen)
806 {
807 struct ipv6_addr *ia;
808
809 TAILQ_FOREACH(ia, &rap->addrs, next) {
810 if (ia->prefix_vltime == 0)
811 continue;
812 if (ia->prefix_len == pfxlen &&
813 IN6_ARE_ADDR_EQUAL(&ia->prefix, pfx))
814 break;
815 }
816 return ia;
817 }
818
819 struct ipv6_addr *
ipv6nd_iffindprefix(struct interface * ifp,const struct in6_addr * pfx,uint8_t pfxlen)820 ipv6nd_iffindprefix(struct interface *ifp,
821 const struct in6_addr *pfx, uint8_t pfxlen)
822 {
823 struct ra *rap;
824 struct ipv6_addr *ia;
825
826 ia = NULL;
827 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
828 if (rap->iface != ifp)
829 continue;
830 ia = ipv6nd_rapfindprefix(rap, pfx, pfxlen);
831 if (ia != NULL)
832 break;
833 }
834 return ia;
835 }
836
837 static void
ipv6nd_removefreedrop_ra(struct ra * rap,int remove_ra,int drop_ra)838 ipv6nd_removefreedrop_ra(struct ra *rap, int remove_ra, int drop_ra)
839 {
840
841 eloop_timeout_delete(rap->iface->ctx->eloop, NULL, rap->iface);
842 eloop_timeout_delete(rap->iface->ctx->eloop, NULL, rap);
843 if (remove_ra)
844 TAILQ_REMOVE(rap->iface->ctx->ra_routers, rap, next);
845 ipv6_freedrop_addrs(&rap->addrs, drop_ra, NULL);
846 routeinfohead_free(&rap->rinfos);
847 free(rap->data);
848 free(rap);
849 }
850
851 static void
ipv6nd_freedrop_ra(struct ra * rap,int drop)852 ipv6nd_freedrop_ra(struct ra *rap, int drop)
853 {
854
855 ipv6nd_removefreedrop_ra(rap, 1, drop);
856 }
857
858 ssize_t
ipv6nd_free(struct interface * ifp)859 ipv6nd_free(struct interface *ifp)
860 {
861 struct rs_state *state;
862 struct ra *rap, *ran;
863 struct dhcpcd_ctx *ctx;
864 ssize_t n;
865
866 state = RS_STATE(ifp);
867 if (state == NULL)
868 return 0;
869
870 ctx = ifp->ctx;
871 #ifdef __sun
872 eloop_event_delete(ctx->eloop, state->nd_fd);
873 close(state->nd_fd);
874 #endif
875 free(state->rs);
876 free(state);
877 ifp->if_data[IF_DATA_IPV6ND] = NULL;
878 n = 0;
879 TAILQ_FOREACH_SAFE(rap, ifp->ctx->ra_routers, next, ran) {
880 if (rap->iface == ifp) {
881 ipv6nd_free_ra(rap);
882 n++;
883 }
884 }
885
886 #ifndef __sun
887 /* If we don't have any more IPv6 enabled interfaces,
888 * close the global socket and release resources */
889 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
890 if (RS_STATE(ifp))
891 break;
892 }
893 if (ifp == NULL) {
894 if (ctx->nd_fd != -1) {
895 eloop_event_delete(ctx->eloop, ctx->nd_fd);
896 close(ctx->nd_fd);
897 ctx->nd_fd = -1;
898 }
899 }
900 #endif
901
902 return n;
903 }
904
905 static void
ipv6nd_scriptrun(struct ra * rap)906 ipv6nd_scriptrun(struct ra *rap)
907 {
908 int hasdns, hasaddress;
909 struct ipv6_addr *ap;
910
911 hasaddress = 0;
912 /* If all addresses have completed DAD run the script */
913 TAILQ_FOREACH(ap, &rap->addrs, next) {
914 if ((ap->flags & (IPV6_AF_AUTOCONF | IPV6_AF_ADDED)) ==
915 (IPV6_AF_AUTOCONF | IPV6_AF_ADDED))
916 {
917 hasaddress = 1;
918 if (!(ap->flags & IPV6_AF_DADCOMPLETED) &&
919 ipv6_iffindaddr(ap->iface, &ap->addr,
920 IN6_IFF_TENTATIVE))
921 ap->flags |= IPV6_AF_DADCOMPLETED;
922 if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0) {
923 logdebugx("%s: waiting for Router Advertisement"
924 " DAD to complete",
925 rap->iface->name);
926 return;
927 }
928 }
929 }
930
931 /* If we don't require RDNSS then set hasdns = 1 so we fork */
932 if (!(rap->iface->options->options & DHCPCD_IPV6RA_REQRDNSS))
933 hasdns = 1;
934 else {
935 hasdns = rap->hasdns;
936 }
937
938 script_runreason(rap->iface, "ROUTERADVERT");
939 if (hasdns && (hasaddress ||
940 !(rap->flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER))))
941 dhcpcd_daemonise(rap->iface->ctx);
942 #if 0
943 else if (options & DHCPCD_DAEMONISE &&
944 !(options & DHCPCD_DAEMONISED) && new_data)
945 logwarnx("%s: did not fork due to an absent"
946 " RDNSS option in the RA",
947 ifp->name);
948 #endif
949 }
950
951 static void
ipv6nd_addaddr(void * arg)952 ipv6nd_addaddr(void *arg)
953 {
954 struct ipv6_addr *ap = arg;
955
956 ipv6_addaddr(ap, NULL);
957 }
958
959 int
ipv6nd_dadcompleted(const struct interface * ifp)960 ipv6nd_dadcompleted(const struct interface *ifp)
961 {
962 const struct ra *rap;
963 const struct ipv6_addr *ap;
964
965 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
966 if (rap->iface != ifp)
967 continue;
968 TAILQ_FOREACH(ap, &rap->addrs, next) {
969 if (ap->flags & IPV6_AF_AUTOCONF &&
970 ap->flags & IPV6_AF_ADDED &&
971 !(ap->flags & IPV6_AF_DADCOMPLETED))
972 return 0;
973 }
974 }
975 return 1;
976 }
977
978 static void
ipv6nd_dadcallback(void * arg)979 ipv6nd_dadcallback(void *arg)
980 {
981 struct ipv6_addr *ia = arg, *rapap;
982 struct interface *ifp;
983 struct ra *rap;
984 int wascompleted, found;
985 char buf[INET6_ADDRSTRLEN];
986 const char *p;
987 int dadcounter;
988
989 ifp = ia->iface;
990 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
991 ia->flags |= IPV6_AF_DADCOMPLETED;
992 if (ia->addr_flags & IN6_IFF_DUPLICATED) {
993 ia->dadcounter++;
994 logwarnx("%s: DAD detected %s", ifp->name, ia->saddr);
995
996 /* Try and make another stable private address.
997 * Because ap->dadcounter is always increamented,
998 * a different address is generated. */
999 /* XXX Cache DAD counter per prefix/id/ssid? */
1000 if (ifp->options->options & DHCPCD_SLAACPRIVATE &&
1001 IA6_CANAUTOCONF(ia))
1002 {
1003 unsigned int delay;
1004
1005 if (ia->dadcounter >= IDGEN_RETRIES) {
1006 logerrx("%s: unable to obtain a"
1007 " stable private address",
1008 ifp->name);
1009 goto try_script;
1010 }
1011 loginfox("%s: deleting address %s",
1012 ifp->name, ia->saddr);
1013 if (if_address6(RTM_DELADDR, ia) == -1 &&
1014 errno != EADDRNOTAVAIL && errno != ENXIO)
1015 logerr(__func__);
1016 dadcounter = ia->dadcounter;
1017 if (ipv6_makestableprivate(&ia->addr,
1018 &ia->prefix, ia->prefix_len,
1019 ifp, &dadcounter) == -1)
1020 {
1021 logerr("ipv6_makestableprivate");
1022 return;
1023 }
1024 ia->dadcounter = dadcounter;
1025 ia->flags &= ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED);
1026 ia->flags |= IPV6_AF_NEW;
1027 p = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1028 if (p)
1029 snprintf(ia->saddr,
1030 sizeof(ia->saddr),
1031 "%s/%d",
1032 p, ia->prefix_len);
1033 else
1034 ia->saddr[0] = '\0';
1035 delay = arc4random_uniform(IDGEN_DELAY * MSEC_PER_SEC);
1036 eloop_timeout_add_msec(ifp->ctx->eloop, delay,
1037 ipv6nd_addaddr, ia);
1038 return;
1039 }
1040 }
1041
1042 try_script:
1043 if (!wascompleted) {
1044 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
1045 if (rap->iface != ifp)
1046 continue;
1047 wascompleted = 1;
1048 found = 0;
1049 TAILQ_FOREACH(rapap, &rap->addrs, next) {
1050 if (rapap->flags & IPV6_AF_AUTOCONF &&
1051 rapap->flags & IPV6_AF_ADDED &&
1052 (rapap->flags & IPV6_AF_DADCOMPLETED) == 0)
1053 {
1054 wascompleted = 0;
1055 break;
1056 }
1057 if (rapap == ia)
1058 found = 1;
1059 }
1060
1061 if (wascompleted && found) {
1062 logdebugx("%s: Router Advertisement DAD "
1063 "completed",
1064 rap->iface->name);
1065 ipv6nd_scriptrun(rap);
1066 }
1067 }
1068 #ifdef ND6_ADVERTISE
1069 ipv6nd_advertise(ia);
1070 #endif
1071 }
1072 }
1073
1074 static struct ipv6_addr *
ipv6nd_findmarkstale(struct ra * rap,struct ipv6_addr * ia,bool mark)1075 ipv6nd_findmarkstale(struct ra *rap, struct ipv6_addr *ia, bool mark)
1076 {
1077 struct dhcpcd_ctx *ctx = ia->iface->ctx;
1078 struct ra *rap2;
1079 struct ipv6_addr *ia2;
1080
1081 TAILQ_FOREACH(rap2, ctx->ra_routers, next) {
1082 if (rap2 == rap ||
1083 rap2->iface != rap->iface ||
1084 rap2->expired)
1085 continue;
1086 TAILQ_FOREACH(ia2, &rap2->addrs, next) {
1087 if (!IN6_ARE_ADDR_EQUAL(&ia->prefix, &ia2->prefix))
1088 continue;
1089 if (!(ia2->flags & IPV6_AF_STALE))
1090 return ia2;
1091 if (mark)
1092 ia2->prefix_pltime = 0;
1093 }
1094 }
1095 return NULL;
1096 }
1097
1098 #ifndef DHCP6
1099 /* If DHCPv6 is compiled out, supply a shim to provide an error message
1100 * if IPv6RA requests DHCPv6. */
1101 enum DH6S {
1102 DH6S_REQUEST,
1103 DH6S_INFORM,
1104 };
1105 static int
dhcp6_start(__unused struct interface * ifp,__unused enum DH6S init_state)1106 dhcp6_start(__unused struct interface *ifp, __unused enum DH6S init_state)
1107 {
1108
1109 errno = ENOTSUP;
1110 return -1;
1111 }
1112 #endif
1113
1114 static void
ipv6nd_handlera(struct dhcpcd_ctx * ctx,const struct sockaddr_in6 * from,const char * sfrom,struct interface * ifp,struct icmp6_hdr * icp,size_t len,int hoplimit)1115 ipv6nd_handlera(struct dhcpcd_ctx *ctx,
1116 const struct sockaddr_in6 *from, const char *sfrom,
1117 struct interface *ifp, struct icmp6_hdr *icp, size_t len, int hoplimit)
1118 {
1119 size_t i, olen;
1120 struct nd_router_advert *nd_ra;
1121 struct nd_opt_hdr ndo;
1122 struct nd_opt_prefix_info pi;
1123 struct nd_opt_mtu mtu;
1124 struct nd_opt_rdnss rdnss;
1125 struct nd_opt_ri ri;
1126 struct routeinfo *rinfo;
1127 uint8_t *p;
1128 struct ra *rap;
1129 struct in6_addr pi_prefix;
1130 struct ipv6_addr *ia;
1131 struct dhcp_opt *dho;
1132 bool new_rap, new_data, has_address;
1133 uint32_t old_lifetime;
1134 int ifmtu;
1135 int loglevel;
1136 unsigned int flags;
1137 #ifdef IPV6_MANAGETEMPADDR
1138 bool new_ia;
1139 #endif
1140
1141 if (ifp == NULL || RS_STATE(ifp) == NULL) {
1142 #ifdef DEBUG_RS
1143 logdebugx("RA for unexpected interface from %s", sfrom);
1144 #endif
1145 return;
1146 }
1147
1148 if (len < sizeof(struct nd_router_advert)) {
1149 logerrx("IPv6 RA packet too short from %s", sfrom);
1150 return;
1151 }
1152
1153 /* RFC 4861 7.1.2 */
1154 if (hoplimit != 255) {
1155 logerrx("invalid hoplimit(%d) in RA from %s", hoplimit, sfrom);
1156 return;
1157 }
1158 if (!IN6_IS_ADDR_LINKLOCAL(&from->sin6_addr)) {
1159 logerrx("RA from non local address %s", sfrom);
1160 return;
1161 }
1162
1163 if (!(ifp->options->options & DHCPCD_IPV6RS)) {
1164 #ifdef DEBUG_RS
1165 logerrx("%s: unexpected RA from %s", ifp->name, sfrom);
1166 #endif
1167 return;
1168 }
1169
1170 /* We could receive a RA before we sent a RS*/
1171 if (ipv6_linklocal(ifp) == NULL) {
1172 #ifdef DEBUG_RS
1173 logdebugx("%s: received RA from %s (no link-local)",
1174 ifp->name, sfrom);
1175 #endif
1176 return;
1177 }
1178
1179 if (ipv6_iffindaddr(ifp, &from->sin6_addr, IN6_IFF_TENTATIVE)) {
1180 logdebugx("%s: ignoring RA from ourself %s",
1181 ifp->name, sfrom);
1182 return;
1183 }
1184
1185 /*
1186 * Because we preserve RA's and expire them quickly after
1187 * carrier up, it's important to reset the kernels notion of
1188 * reachable timers back to default values before applying
1189 * new RA values.
1190 */
1191 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
1192 if (ifp == rap->iface)
1193 break;
1194 }
1195 if (rap != NULL && rap->willexpire)
1196 ipv6nd_applyra(ifp);
1197
1198 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
1199 if (ifp == rap->iface &&
1200 IN6_ARE_ADDR_EQUAL(&rap->from, &from->sin6_addr))
1201 break;
1202 }
1203
1204 nd_ra = (struct nd_router_advert *)icp;
1205
1206 /* We don't want to spam the log with the fact we got an RA every
1207 * 30 seconds or so, so only spam the log if it's different. */
1208 if (rap == NULL || (rap->data_len != len ||
1209 memcmp(rap->data, (unsigned char *)icp, rap->data_len) != 0))
1210 {
1211 if (rap) {
1212 free(rap->data);
1213 rap->data_len = 0;
1214 }
1215 new_data = true;
1216 } else
1217 new_data = false;
1218 if (rap == NULL) {
1219 rap = calloc(1, sizeof(*rap));
1220 if (rap == NULL) {
1221 logerr(__func__);
1222 return;
1223 }
1224 rap->iface = ifp;
1225 rap->from = from->sin6_addr;
1226 strlcpy(rap->sfrom, sfrom, sizeof(rap->sfrom));
1227 TAILQ_INIT(&rap->addrs);
1228 TAILQ_INIT(&rap->rinfos);
1229 new_rap = true;
1230 rap->isreachable = true;
1231 } else
1232 new_rap = false;
1233 if (rap->data_len == 0) {
1234 rap->data = malloc(len);
1235 if (rap->data == NULL) {
1236 logerr(__func__);
1237 if (new_rap)
1238 free(rap);
1239 return;
1240 }
1241 memcpy(rap->data, icp, len);
1242 rap->data_len = len;
1243 }
1244
1245 /* We could change the debug level based on new_data, but some
1246 * routers like to decrease the advertised valid and preferred times
1247 * in accordance with the own prefix times which would result in too
1248 * much needless log spam. */
1249 if (rap->willexpire)
1250 new_data = true;
1251 loglevel = new_rap || rap->willexpire || !rap->isreachable ?
1252 LOG_INFO : LOG_DEBUG;
1253 logmessage(loglevel, "%s: Router Advertisement from %s",
1254 ifp->name, rap->sfrom);
1255
1256 clock_gettime(CLOCK_MONOTONIC, &rap->acquired);
1257 rap->flags = nd_ra->nd_ra_flags_reserved;
1258 old_lifetime = rap->lifetime;
1259 rap->lifetime = ntohs(nd_ra->nd_ra_router_lifetime);
1260 if (nd_ra->nd_ra_curhoplimit != 0)
1261 rap->hoplimit = nd_ra->nd_ra_curhoplimit;
1262 else
1263 rap->hoplimit = IPV6_DEFHLIM;
1264 if (nd_ra->nd_ra_reachable != 0) {
1265 rap->reachable = ntohl(nd_ra->nd_ra_reachable);
1266 if (rap->reachable > MAX_REACHABLE_TIME)
1267 rap->reachable = 0;
1268 } else
1269 rap->reachable = REACHABLE_TIME;
1270 if (nd_ra->nd_ra_retransmit != 0)
1271 rap->retrans = ntohl(nd_ra->nd_ra_retransmit);
1272 else
1273 rap->retrans = RETRANS_TIMER;
1274 rap->expired = rap->willexpire = rap->doexpire = false;
1275 rap->hasdns = false;
1276 rap->isreachable = true;
1277 has_address = false;
1278 rap->mtu = 0;
1279
1280 #ifdef IPV6_AF_TEMPORARY
1281 ipv6_markaddrsstale(ifp, IPV6_AF_TEMPORARY);
1282 #endif
1283 TAILQ_FOREACH(ia, &rap->addrs, next) {
1284 ia->flags |= IPV6_AF_STALE;
1285 }
1286
1287 len -= sizeof(struct nd_router_advert);
1288 p = ((uint8_t *)icp) + sizeof(struct nd_router_advert);
1289 for (; len > 0; p += olen, len -= olen) {
1290 if (len < sizeof(ndo)) {
1291 logerrx("%s: short option", ifp->name);
1292 break;
1293 }
1294 memcpy(&ndo, p, sizeof(ndo));
1295 olen = (size_t)ndo.nd_opt_len * 8;
1296 if (olen == 0) {
1297 logerrx("%s: zero length option", ifp->name);
1298 break;
1299 }
1300 if (olen > len) {
1301 logerrx("%s: option length exceeds message",
1302 ifp->name);
1303 break;
1304 }
1305
1306 if (has_option_mask(ifp->options->rejectmasknd,
1307 ndo.nd_opt_type))
1308 {
1309 for (i = 0, dho = ctx->nd_opts;
1310 i < ctx->nd_opts_len;
1311 i++, dho++)
1312 {
1313 if (dho->option == ndo.nd_opt_type)
1314 break;
1315 }
1316 if (dho != NULL)
1317 logwarnx("%s: reject RA (option %s) from %s",
1318 ifp->name, dho->var, rap->sfrom);
1319 else
1320 logwarnx("%s: reject RA (option %d) from %s",
1321 ifp->name, ndo.nd_opt_type, rap->sfrom);
1322 if (new_rap)
1323 ipv6nd_removefreedrop_ra(rap, 0, 0);
1324 else
1325 ipv6nd_free_ra(rap);
1326 return;
1327 }
1328
1329 if (has_option_mask(ifp->options->nomasknd, ndo.nd_opt_type))
1330 continue;
1331
1332 switch (ndo.nd_opt_type) {
1333 case ND_OPT_PREFIX_INFORMATION:
1334 {
1335 uint32_t vltime, pltime;
1336
1337 loglevel = new_data ? LOG_ERR : LOG_DEBUG;
1338 if (ndo.nd_opt_len != 4) {
1339 logmessage(loglevel,
1340 "%s: invalid option len for prefix",
1341 ifp->name);
1342 continue;
1343 }
1344 memcpy(&pi, p, sizeof(pi));
1345 if (pi.nd_opt_pi_prefix_len > 128) {
1346 logmessage(loglevel, "%s: invalid prefix len",
1347 ifp->name);
1348 continue;
1349 }
1350 /* nd_opt_pi_prefix is not aligned. */
1351 memcpy(&pi_prefix, &pi.nd_opt_pi_prefix,
1352 sizeof(pi_prefix));
1353 if (IN6_IS_ADDR_MULTICAST(&pi_prefix) ||
1354 IN6_IS_ADDR_LINKLOCAL(&pi_prefix))
1355 {
1356 logmessage(loglevel, "%s: invalid prefix in RA",
1357 ifp->name);
1358 continue;
1359 }
1360
1361 vltime = ntohl(pi.nd_opt_pi_valid_time);
1362 pltime = ntohl(pi.nd_opt_pi_preferred_time);
1363 if (pltime > vltime) {
1364 logmessage(loglevel, "%s: pltime > vltime",
1365 ifp->name);
1366 continue;
1367 }
1368
1369 flags = IPV6_AF_RAPFX;
1370 /* If no flags are set, that means the prefix is
1371 * available via the router. */
1372 if (pi.nd_opt_pi_flags_reserved & ND_OPT_PI_FLAG_ONLINK)
1373 flags |= IPV6_AF_ONLINK;
1374 if (pi.nd_opt_pi_flags_reserved & ND_OPT_PI_FLAG_AUTO &&
1375 rap->iface->options->options &
1376 DHCPCD_IPV6RA_AUTOCONF)
1377 flags |= IPV6_AF_AUTOCONF;
1378 if (pi.nd_opt_pi_flags_reserved & ND_OPT_PI_FLAG_ROUTER)
1379 flags |= IPV6_AF_ROUTER;
1380
1381 ia = ipv6nd_rapfindprefix(rap,
1382 &pi_prefix, pi.nd_opt_pi_prefix_len);
1383 if (ia == NULL) {
1384 ia = ipv6_newaddr(rap->iface,
1385 &pi_prefix, pi.nd_opt_pi_prefix_len, flags);
1386 if (ia == NULL)
1387 break;
1388
1389 ia->prefix = pi_prefix;
1390 ia->created = ia->acquired = rap->acquired;
1391 ia->prefix_vltime = vltime;
1392 ia->prefix_pltime = pltime;
1393
1394 if (flags & IPV6_AF_AUTOCONF)
1395 ia->dadcallback = ipv6nd_dadcallback;
1396
1397 TAILQ_INSERT_TAIL(&rap->addrs, ia, next);
1398
1399 #ifdef IPV6_MANAGETEMPADDR
1400 /* New address to dhcpcd RA handling.
1401 * If the address already exists and a valid
1402 * temporary address also exists then
1403 * extend the existing one rather than
1404 * create a new one */
1405 if (flags & IPV6_AF_AUTOCONF &&
1406 ipv6_iffindaddr(ifp, &ia->addr,
1407 IN6_IFF_NOTUSEABLE) &&
1408 ipv6_settemptime(ia, 0))
1409 new_ia = false;
1410 else
1411 new_ia = true;
1412 #endif
1413
1414 } else {
1415 uint32_t rmtime;
1416
1417 /*
1418 * RFC 4862 5.5.3.e
1419 * Don't terminate existing connections.
1420 * This means that to actually remove the
1421 * existing prefix, the RA needs to stop
1422 * broadcasting the prefix and just let it
1423 * expire in 2 hours.
1424 * It might want to broadcast it to reduce
1425 * the vltime if it was greater than 2 hours
1426 * to start with/
1427 */
1428 ia->prefix_pltime = pltime;
1429 if (ia->prefix_vltime) {
1430 uint32_t elapsed;
1431
1432 elapsed = (uint32_t)eloop_timespec_diff(
1433 &rap->acquired, &ia->acquired,
1434 NULL);
1435 rmtime = ia->prefix_vltime - elapsed;
1436 if (rmtime > ia->prefix_vltime)
1437 rmtime = 0;
1438 } else
1439 rmtime = 0;
1440 if (vltime > MIN_EXTENDED_VLTIME ||
1441 vltime > rmtime)
1442 ia->prefix_vltime = vltime;
1443 else if (rmtime <= MIN_EXTENDED_VLTIME)
1444 /* No SEND support from RFC 3971 so
1445 * leave vltime alone */
1446 ia->prefix_vltime = rmtime;
1447 else
1448 ia->prefix_vltime = MIN_EXTENDED_VLTIME;
1449
1450 /* Ensure pltime still fits */
1451 if (pltime < ia->prefix_vltime)
1452 ia->prefix_pltime = pltime;
1453 else
1454 ia->prefix_pltime = ia->prefix_vltime;
1455
1456 ia->flags |= flags;
1457 ia->flags &= ~IPV6_AF_STALE;
1458 ia->acquired = rap->acquired;
1459
1460 #ifdef IPV6_MANAGETEMPADDR
1461 new_ia = false;
1462 #endif
1463 }
1464
1465 if (ia->prefix_vltime != 0 &&
1466 ia->flags & IPV6_AF_AUTOCONF)
1467 has_address = true;
1468
1469 #ifdef IPV6_MANAGETEMPADDR
1470 /* RFC4941 Section 3.3.3 */
1471 if (ia->flags & IPV6_AF_AUTOCONF &&
1472 ia->iface->options->options & DHCPCD_SLAACTEMP &&
1473 IA6_CANAUTOCONF(ia))
1474 {
1475 if (!new_ia) {
1476 if (ipv6_settemptime(ia, 1) == NULL)
1477 new_ia = true;
1478 }
1479 if (new_ia && ia->prefix_pltime) {
1480 if (ipv6_createtempaddr(ia,
1481 &ia->acquired) == NULL)
1482 logerr("ipv6_createtempaddr");
1483 }
1484 }
1485 #endif
1486 break;
1487 }
1488
1489 case ND_OPT_MTU:
1490 if (len < sizeof(mtu)) {
1491 logmessage(loglevel, "%s: short MTU option", ifp->name);
1492 break;
1493 }
1494 memcpy(&mtu, p, sizeof(mtu));
1495 mtu.nd_opt_mtu_mtu = ntohl(mtu.nd_opt_mtu_mtu);
1496 if (mtu.nd_opt_mtu_mtu < IPV6_MMTU) {
1497 logmessage(loglevel, "%s: invalid MTU %d",
1498 ifp->name, mtu.nd_opt_mtu_mtu);
1499 break;
1500 }
1501 ifmtu = if_getmtu(ifp);
1502 if (ifmtu == -1)
1503 logerr("if_getmtu");
1504 else if (mtu.nd_opt_mtu_mtu > (uint32_t)ifmtu) {
1505 logmessage(loglevel, "%s: advertised MTU %d"
1506 " is greater than link MTU %d",
1507 ifp->name, mtu.nd_opt_mtu_mtu, ifmtu);
1508 rap->mtu = (uint32_t)ifmtu;
1509 } else
1510 rap->mtu = mtu.nd_opt_mtu_mtu;
1511 break;
1512 case ND_OPT_RDNSS:
1513 if (len < sizeof(rdnss)) {
1514 logmessage(loglevel, "%s: short RDNSS option", ifp->name);
1515 break;
1516 }
1517 memcpy(&rdnss, p, sizeof(rdnss));
1518 if (rdnss.nd_opt_rdnss_lifetime &&
1519 rdnss.nd_opt_rdnss_len > 1)
1520 rap->hasdns = 1;
1521 break;
1522 case ND_OPT_RI:
1523 if (ndo.nd_opt_len > 3) {
1524 logmessage(loglevel, "%s: invalid route info option",
1525 ifp->name);
1526 break;
1527 }
1528 memset(&ri, 0, sizeof(ri));
1529 memcpy(&ri, p, olen); /* may be smaller than sizeof(ri), pad with zero */
1530 if(ri.nd_opt_ri_prefixlen > 128) {
1531 logmessage(loglevel, "%s: invalid route info prefix length",
1532 ifp->name);
1533 break;
1534 }
1535
1536 /* rfc4191 3.1 - RI for ::/0 applies to default route */
1537 if(ri.nd_opt_ri_prefixlen == 0) {
1538 rap->lifetime = ntohl(ri.nd_opt_ri_lifetime);
1539
1540 /* Update preference leaving other flags intact */
1541 rap->flags = ((rap->flags & (~ (unsigned int)ND_RA_FLAG_RTPREF_MASK))
1542 | ri.nd_opt_ri_flags_reserved) & 0xff;
1543
1544 break;
1545 }
1546
1547 /* Update existing route info instead of rebuilding all routes so that
1548 previously announced but now absent routes can stay alive. To kill a
1549 route early, an RI with lifetime=0 needs to be received (rfc4191 3.1)*/
1550 rinfo = routeinfo_findalloc(rap, &ri.nd_opt_ri_prefix, ri.nd_opt_ri_prefixlen);
1551 if(rinfo == NULL) {
1552 logerr(__func__);
1553 break;
1554 }
1555
1556 /* Update/initialize other route info params */
1557 rinfo->flags = ri.nd_opt_ri_flags_reserved;
1558 rinfo->lifetime = ntohl(ri.nd_opt_ri_lifetime);
1559 rinfo->acquired = rap->acquired;
1560
1561 break;
1562 default:
1563 continue;
1564 }
1565 }
1566
1567 for (i = 0, dho = ctx->nd_opts;
1568 i < ctx->nd_opts_len;
1569 i++, dho++)
1570 {
1571 if (has_option_mask(ifp->options->requiremasknd,
1572 dho->option))
1573 {
1574 logwarnx("%s: reject RA (no option %s) from %s",
1575 ifp->name, dho->var, rap->sfrom);
1576 if (new_rap)
1577 ipv6nd_removefreedrop_ra(rap, 0, 0);
1578 else
1579 ipv6nd_free_ra(rap);
1580 return;
1581 }
1582 }
1583
1584 TAILQ_FOREACH(ia, &rap->addrs, next) {
1585 if (!(ia->flags & IPV6_AF_STALE) || ia->prefix_pltime == 0)
1586 continue;
1587 if (ipv6nd_findmarkstale(rap, ia, false) != NULL)
1588 continue;
1589 ipv6nd_findmarkstale(rap, ia, true);
1590 logdebugx("%s: %s: became stale", ifp->name, ia->saddr);
1591 /* Technically this violates RFC 4861 6.3.4,
1592 * but we need a mechanism to tell the kernel to
1593 * try and prefer other addresses. */
1594 ia->prefix_pltime = 0;
1595 }
1596
1597 if (!new_rap && rap->lifetime == 0 && old_lifetime != 0)
1598 logwarnx("%s: %s: no longer a default router (lifetime = 0)",
1599 ifp->name, rap->sfrom);
1600
1601 if (new_data && !has_address && rap->lifetime && !ipv6_anyglobal(ifp))
1602 logwarnx("%s: no global addresses for default route",
1603 ifp->name);
1604
1605 if (new_rap)
1606 TAILQ_INSERT_TAIL(ctx->ra_routers, rap, next);
1607 if (new_data)
1608 ipv6nd_sortrouters(ifp->ctx);
1609
1610 if (ifp->ctx->options & DHCPCD_TEST) {
1611 script_runreason(ifp, "TEST");
1612 goto handle_flag;
1613 }
1614
1615 if (!(ifp->options->options & DHCPCD_CONFIGURE))
1616 goto run;
1617
1618 ipv6nd_applyra(ifp);
1619 ipv6_addaddrs(&rap->addrs);
1620 #ifdef IPV6_MANAGETEMPADDR
1621 ipv6_addtempaddrs(ifp, &rap->acquired);
1622 #endif
1623 rt_build(ifp->ctx, AF_INET6);
1624
1625 run:
1626 ipv6nd_scriptrun(rap);
1627
1628 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1629 eloop_timeout_delete(ifp->ctx->eloop, NULL, rap); /* reachable timer */
1630
1631 handle_flag:
1632 if (!(ifp->options->options & DHCPCD_DHCP6))
1633 goto nodhcp6;
1634 /* Only log a DHCPv6 start error if compiled in or debugging is enabled. */
1635 #ifdef DHCP6
1636 #define LOG_DHCP6 logerr
1637 #else
1638 #define LOG_DHCP6 logdebug
1639 #endif
1640 if (rap->flags & ND_RA_FLAG_MANAGED) {
1641 if (new_data && dhcp6_start(ifp, DH6S_REQUEST) == -1)
1642 LOG_DHCP6("dhcp6_start: %s", ifp->name);
1643 } else if (rap->flags & ND_RA_FLAG_OTHER) {
1644 if (new_data && dhcp6_start(ifp, DH6S_INFORM) == -1)
1645 LOG_DHCP6("dhcp6_start: %s", ifp->name);
1646 } else {
1647 #ifdef DHCP6
1648 if (new_data)
1649 logdebugx("%s: No DHCPv6 instruction in RA", ifp->name);
1650 #endif
1651 nodhcp6:
1652 if (ifp->ctx->options & DHCPCD_TEST) {
1653 eloop_exit(ifp->ctx->eloop, EXIT_SUCCESS);
1654 return;
1655 }
1656 }
1657
1658 /* Expire should be called last as the rap object could be destroyed */
1659 ipv6nd_expirera(ifp);
1660 }
1661
1662 bool
ipv6nd_hasralifetime(const struct interface * ifp,bool lifetime)1663 ipv6nd_hasralifetime(const struct interface *ifp, bool lifetime)
1664 {
1665 const struct ra *rap;
1666
1667 if (ifp->ctx->ra_routers) {
1668 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next)
1669 if (rap->iface == ifp &&
1670 !rap->expired &&
1671 (!lifetime ||rap->lifetime))
1672 return true;
1673 }
1674 return false;
1675 }
1676
1677 bool
ipv6nd_hasradhcp(const struct interface * ifp,bool managed)1678 ipv6nd_hasradhcp(const struct interface *ifp, bool managed)
1679 {
1680 const struct ra *rap;
1681
1682 if (ifp->ctx->ra_routers) {
1683 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
1684 if (rap->iface == ifp &&
1685 !rap->expired && !rap->willexpire &&
1686 ((managed && rap->flags & ND_RA_FLAG_MANAGED) ||
1687 (!managed && rap->flags & ND_RA_FLAG_OTHER)))
1688 return true;
1689 }
1690 }
1691 return false;
1692 }
1693
1694 static const uint8_t *
ipv6nd_getoption(struct dhcpcd_ctx * ctx,size_t * os,unsigned int * code,size_t * len,const uint8_t * od,size_t ol,struct dhcp_opt ** oopt)1695 ipv6nd_getoption(struct dhcpcd_ctx *ctx,
1696 size_t *os, unsigned int *code, size_t *len,
1697 const uint8_t *od, size_t ol, struct dhcp_opt **oopt)
1698 {
1699 struct nd_opt_hdr ndo;
1700 size_t i;
1701 struct dhcp_opt *opt;
1702
1703 if (od) {
1704 *os = sizeof(ndo);
1705 if (ol < *os) {
1706 errno = EINVAL;
1707 return NULL;
1708 }
1709 memcpy(&ndo, od, sizeof(ndo));
1710 i = (size_t)(ndo.nd_opt_len * 8);
1711 if (i > ol) {
1712 errno = EINVAL;
1713 return NULL;
1714 }
1715 *len = i;
1716 *code = ndo.nd_opt_type;
1717 }
1718
1719 for (i = 0, opt = ctx->nd_opts;
1720 i < ctx->nd_opts_len; i++, opt++)
1721 {
1722 if (opt->option == *code) {
1723 *oopt = opt;
1724 break;
1725 }
1726 }
1727
1728 if (od)
1729 return od + sizeof(ndo);
1730 return NULL;
1731 }
1732
1733 ssize_t
ipv6nd_env(FILE * fp,const struct interface * ifp)1734 ipv6nd_env(FILE *fp, const struct interface *ifp)
1735 {
1736 size_t i, j, n, len, olen;
1737 struct ra *rap;
1738 char ndprefix[32];
1739 struct dhcp_opt *opt;
1740 uint8_t *p;
1741 struct nd_opt_hdr ndo;
1742 struct ipv6_addr *ia;
1743 struct timespec now;
1744 int pref;
1745
1746 clock_gettime(CLOCK_MONOTONIC, &now);
1747 i = n = 0;
1748 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
1749 if (rap->iface != ifp || rap->expired)
1750 continue;
1751 i++;
1752 snprintf(ndprefix, sizeof(ndprefix), "nd%zu", i);
1753 if (efprintf(fp, "%s_from=%s", ndprefix, rap->sfrom) == -1)
1754 return -1;
1755 if (efprintf(fp, "%s_acquired=%lld", ndprefix,
1756 (long long)rap->acquired.tv_sec) == -1)
1757 return -1;
1758 if (efprintf(fp, "%s_now=%lld", ndprefix,
1759 (long long)now.tv_sec) == -1)
1760 return -1;
1761 if (efprintf(fp, "%s_hoplimit=%u", ndprefix, rap->hoplimit) == -1)
1762 return -1;
1763 pref = ipv6nd_rtpref(rap->flags);
1764 if (efprintf(fp, "%s_flags=%s%s%s%s%s", ndprefix,
1765 rap->flags & ND_RA_FLAG_MANAGED ? "M" : "",
1766 rap->flags & ND_RA_FLAG_OTHER ? "O" : "",
1767 rap->flags & ND_RA_FLAG_HOME_AGENT ? "H" : "",
1768 pref == RTPREF_HIGH ? "h" : pref == RTPREF_LOW ? "l" : "",
1769 rap->flags & ND_RA_FLAG_PROXY ? "P" : "") == -1)
1770 return -1;
1771 if (efprintf(fp, "%s_lifetime=%u", ndprefix, rap->lifetime) == -1)
1772 return -1;
1773
1774 /* Zero our indexes */
1775 for (j = 0, opt = rap->iface->ctx->nd_opts;
1776 j < rap->iface->ctx->nd_opts_len;
1777 j++, opt++)
1778 dhcp_zero_index(opt);
1779 for (j = 0, opt = rap->iface->options->nd_override;
1780 j < rap->iface->options->nd_override_len;
1781 j++, opt++)
1782 dhcp_zero_index(opt);
1783
1784 /* Unlike DHCP, ND6 options *may* occur more than once.
1785 * There is also no provision for option concatenation
1786 * unlike DHCP. */
1787 len = rap->data_len - sizeof(struct nd_router_advert);
1788 for (p = rap->data + sizeof(struct nd_router_advert);
1789 len >= sizeof(ndo);
1790 p += olen, len -= olen)
1791 {
1792 memcpy(&ndo, p, sizeof(ndo));
1793 olen = (size_t)(ndo.nd_opt_len * 8);
1794 if (olen > len) {
1795 errno = EINVAL;
1796 break;
1797 }
1798 if (has_option_mask(rap->iface->options->nomasknd,
1799 ndo.nd_opt_type))
1800 continue;
1801 for (j = 0, opt = rap->iface->options->nd_override;
1802 j < rap->iface->options->nd_override_len;
1803 j++, opt++)
1804 if (opt->option == ndo.nd_opt_type)
1805 break;
1806 if (j == rap->iface->options->nd_override_len) {
1807 for (j = 0, opt = rap->iface->ctx->nd_opts;
1808 j < rap->iface->ctx->nd_opts_len;
1809 j++, opt++)
1810 if (opt->option == ndo.nd_opt_type)
1811 break;
1812 if (j == rap->iface->ctx->nd_opts_len)
1813 opt = NULL;
1814 }
1815 if (opt == NULL)
1816 continue;
1817 dhcp_envoption(rap->iface->ctx, fp,
1818 ndprefix, rap->iface->name,
1819 opt, ipv6nd_getoption,
1820 p + sizeof(ndo), olen - sizeof(ndo));
1821 }
1822
1823 /* We need to output the addresses we actually made
1824 * from the prefix information options as well. */
1825 j = 0;
1826 TAILQ_FOREACH(ia, &rap->addrs, next) {
1827 if (!(ia->flags & IPV6_AF_AUTOCONF) ||
1828 #ifdef IPV6_AF_TEMPORARY
1829 ia->flags & IPV6_AF_TEMPORARY ||
1830 #endif
1831 !(ia->flags & IPV6_AF_ADDED) ||
1832 ia->prefix_vltime == 0)
1833 continue;
1834 if (efprintf(fp, "%s_addr%zu=%s",
1835 ndprefix, ++j, ia->saddr) == -1)
1836 return -1;
1837 }
1838 }
1839 return 1;
1840 }
1841
1842 void
ipv6nd_handleifa(int cmd,struct ipv6_addr * addr,pid_t pid)1843 ipv6nd_handleifa(int cmd, struct ipv6_addr *addr, pid_t pid)
1844 {
1845 struct ra *rap;
1846
1847 /* IPv6 init may not have happened yet if we are learning
1848 * existing addresses when dhcpcd starts. */
1849 if (addr->iface->ctx->ra_routers == NULL)
1850 return;
1851
1852 TAILQ_FOREACH(rap, addr->iface->ctx->ra_routers, next) {
1853 if (rap->iface != addr->iface)
1854 continue;
1855 ipv6_handleifa_addrs(cmd, &rap->addrs, addr, pid);
1856 }
1857 }
1858
1859 void
ipv6nd_expirera(void * arg)1860 ipv6nd_expirera(void *arg)
1861 {
1862 struct interface *ifp;
1863 struct ra *rap, *ran;
1864 struct timespec now;
1865 uint32_t elapsed;
1866 bool expired, valid;
1867 struct ipv6_addr *ia;
1868 struct routeinfo *rinfo, *rinfob;
1869 size_t len, olen;
1870 uint8_t *p;
1871 struct nd_opt_hdr ndo;
1872 #if 0
1873 struct nd_opt_prefix_info pi;
1874 #endif
1875 struct nd_opt_dnssl dnssl;
1876 struct nd_opt_rdnss rdnss;
1877 unsigned int next = 0, ltime;
1878 size_t nexpired = 0;
1879
1880 ifp = arg;
1881 clock_gettime(CLOCK_MONOTONIC, &now);
1882 expired = false;
1883
1884 TAILQ_FOREACH_SAFE(rap, ifp->ctx->ra_routers, next, ran) {
1885 if (rap->iface != ifp || rap->expired)
1886 continue;
1887 valid = false;
1888 /* lifetime may be set to infinite by rfc4191 route information */
1889 if (rap->lifetime && rap->lifetime != ND6_INFINITE_LIFETIME) {
1890 elapsed = (uint32_t)eloop_timespec_diff(&now,
1891 &rap->acquired, NULL);
1892 if (elapsed >= rap->lifetime || rap->doexpire) {
1893 if (!rap->expired) {
1894 logwarnx("%s: %s: router expired",
1895 ifp->name, rap->sfrom);
1896 rap->lifetime = 0;
1897 expired = true;
1898 }
1899 } else {
1900 valid = true;
1901 ltime = rap->lifetime - elapsed;
1902 if (next == 0 || ltime < next)
1903 next = ltime;
1904 }
1905 }
1906
1907 /* Not every prefix is tied to an address which
1908 * the kernel can expire, so we need to handle it ourself.
1909 * Also, some OS don't support address lifetimes (Solaris). */
1910 TAILQ_FOREACH(ia, &rap->addrs, next) {
1911 if (ia->prefix_vltime == 0)
1912 continue;
1913 if (ia->prefix_vltime == ND6_INFINITE_LIFETIME &&
1914 !rap->doexpire)
1915 {
1916 valid = true;
1917 continue;
1918 }
1919 elapsed = (uint32_t)eloop_timespec_diff(&now,
1920 &ia->acquired, NULL);
1921 if (elapsed >= ia->prefix_vltime || rap->doexpire) {
1922 if (ia->flags & IPV6_AF_ADDED) {
1923 logwarnx("%s: expired %s %s",
1924 ia->iface->name,
1925 ia->flags & IPV6_AF_AUTOCONF ?
1926 "address" : "prefix",
1927 ia->saddr);
1928 if (if_address6(RTM_DELADDR, ia)== -1 &&
1929 errno != EADDRNOTAVAIL &&
1930 errno != ENXIO)
1931 logerr(__func__);
1932 }
1933 ia->prefix_vltime = ia->prefix_pltime = 0;
1934 ia->flags &=
1935 ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED);
1936 expired = true;
1937 } else {
1938 valid = true;
1939 ltime = ia->prefix_vltime - elapsed;
1940 if (next == 0 || ltime < next)
1941 next = ltime;
1942 }
1943 }
1944
1945 /* Expire route information */
1946 TAILQ_FOREACH_SAFE(rinfo, &rap->rinfos, next, rinfob) {
1947 if (rinfo->lifetime == ND6_INFINITE_LIFETIME &&
1948 !rap->doexpire)
1949 continue;
1950 elapsed = (uint32_t)eloop_timespec_diff(&now,
1951 &rinfo->acquired, NULL);
1952 if (elapsed >= rinfo->lifetime || rap->doexpire) {
1953 logwarnx("%s: expired route %s",
1954 rap->iface->name, rinfo->sprefix);
1955 TAILQ_REMOVE(&rap->rinfos, rinfo, next);
1956 }
1957 }
1958
1959 /* Work out expiry for ND options */
1960 elapsed = (uint32_t)eloop_timespec_diff(&now,
1961 &rap->acquired, NULL);
1962 len = rap->data_len - sizeof(struct nd_router_advert);
1963 for (p = rap->data + sizeof(struct nd_router_advert);
1964 len >= sizeof(ndo);
1965 p += olen, len -= olen)
1966 {
1967 memcpy(&ndo, p, sizeof(ndo));
1968 olen = (size_t)(ndo.nd_opt_len * 8);
1969 if (olen > len) {
1970 errno = EINVAL;
1971 break;
1972 }
1973
1974 if (has_option_mask(rap->iface->options->nomasknd,
1975 ndo.nd_opt_type))
1976 continue;
1977
1978 switch (ndo.nd_opt_type) {
1979 /* Prefix info is already checked in the above loop. */
1980 #if 0
1981 case ND_OPT_PREFIX_INFORMATION:
1982 if (len < sizeof(pi))
1983 break;
1984 memcpy(&pi, p, sizeof(pi));
1985 ltime = pi.nd_opt_pi_valid_time;
1986 break;
1987 #endif
1988 case ND_OPT_DNSSL:
1989 if (len < sizeof(dnssl))
1990 continue;
1991 memcpy(&dnssl, p, sizeof(dnssl));
1992 ltime = dnssl.nd_opt_dnssl_lifetime;
1993 break;
1994 case ND_OPT_RDNSS:
1995 if (len < sizeof(rdnss))
1996 continue;
1997 memcpy(&rdnss, p, sizeof(rdnss));
1998 ltime = rdnss.nd_opt_rdnss_lifetime;
1999 break;
2000 default:
2001 continue;
2002 }
2003
2004 if (ltime == 0)
2005 continue;
2006 if (rap->doexpire) {
2007 expired = true;
2008 continue;
2009 }
2010 if (ltime == ND6_INFINITE_LIFETIME) {
2011 valid = true;
2012 continue;
2013 }
2014
2015 ltime = ntohl(ltime);
2016 if (elapsed >= ltime) {
2017 expired = true;
2018 continue;
2019 }
2020
2021 valid = true;
2022 ltime -= elapsed;
2023 if (next == 0 || ltime < next)
2024 next = ltime;
2025 }
2026
2027 if (valid)
2028 continue;
2029
2030 /* Router has expired. Let's not keep a lot of them. */
2031 rap->expired = true;
2032 if (++nexpired > EXPIRED_MAX)
2033 ipv6nd_free_ra(rap);
2034 }
2035
2036 if (next != 0)
2037 eloop_timeout_add_sec(ifp->ctx->eloop,
2038 next, ipv6nd_expirera, ifp);
2039 if (expired) {
2040 logwarnx("%s: part of a Router Advertisement expired",
2041 ifp->name);
2042 ipv6nd_sortrouters(ifp->ctx);
2043 ipv6nd_applyra(ifp);
2044 rt_build(ifp->ctx, AF_INET6);
2045 script_runreason(ifp, "ROUTERADVERT");
2046 }
2047 }
2048
2049 void
ipv6nd_drop(struct interface * ifp)2050 ipv6nd_drop(struct interface *ifp)
2051 {
2052 struct ra *rap, *ran;
2053 bool expired = false;
2054
2055 if (ifp->ctx->ra_routers == NULL)
2056 return;
2057
2058 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
2059 TAILQ_FOREACH_SAFE(rap, ifp->ctx->ra_routers, next, ran) {
2060 if (rap->iface == ifp) {
2061 rap->expired = expired = true;
2062 ipv6nd_drop_ra(rap);
2063 }
2064 }
2065 if (expired) {
2066 ipv6nd_applyra(ifp);
2067 rt_build(ifp->ctx, AF_INET6);
2068 if ((ifp->options->options & DHCPCD_NODROP) != DHCPCD_NODROP)
2069 script_runreason(ifp, "ROUTERADVERT");
2070 }
2071 }
2072
2073 void
ipv6nd_recvmsg(struct dhcpcd_ctx * ctx,struct msghdr * msg)2074 ipv6nd_recvmsg(struct dhcpcd_ctx *ctx, struct msghdr *msg)
2075 {
2076 struct sockaddr_in6 *from = (struct sockaddr_in6 *)msg->msg_name;
2077 char sfrom[INET6_ADDRSTRLEN];
2078 int hoplimit = 0;
2079 struct icmp6_hdr *icp;
2080 struct interface *ifp;
2081 size_t len = msg->msg_iov[0].iov_len;
2082
2083 inet_ntop(AF_INET6, &from->sin6_addr, sfrom, sizeof(sfrom));
2084 if ((size_t)len < sizeof(struct icmp6_hdr)) {
2085 logerrx("IPv6 ICMP packet too short from %s", sfrom);
2086 return;
2087 }
2088
2089 ifp = if_findifpfromcmsg(ctx, msg, &hoplimit);
2090 if (ifp == NULL) {
2091 logerr(__func__);
2092 return;
2093 }
2094
2095 /* Don't do anything if the user hasn't configured it. */
2096 if (ifp->active != IF_ACTIVE_USER ||
2097 !(ifp->options->options & DHCPCD_IPV6))
2098 return;
2099
2100 icp = (struct icmp6_hdr *)msg->msg_iov[0].iov_base;
2101 if (icp->icmp6_code == 0) {
2102 switch(icp->icmp6_type) {
2103 case ND_ROUTER_ADVERT:
2104 ipv6nd_handlera(ctx, from, sfrom,
2105 ifp, icp, (size_t)len, hoplimit);
2106 return;
2107 }
2108 }
2109
2110 logerrx("invalid IPv6 type %d or code %d from %s",
2111 icp->icmp6_type, icp->icmp6_code, sfrom);
2112 }
2113
2114 static void
ipv6nd_handledata(void * arg,unsigned short events)2115 ipv6nd_handledata(void *arg, unsigned short events)
2116 {
2117 struct dhcpcd_ctx *ctx;
2118 int fd;
2119 struct sockaddr_in6 from;
2120 union {
2121 struct icmp6_hdr hdr;
2122 uint8_t buf[64 * 1024]; /* Maximum ICMPv6 size */
2123 } iovbuf;
2124 struct iovec iov = {
2125 .iov_base = iovbuf.buf, .iov_len = sizeof(iovbuf.buf),
2126 };
2127 union {
2128 struct cmsghdr hdr;
2129 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo)) +
2130 CMSG_SPACE(sizeof(int))];
2131 } cmsgbuf = { .buf = { 0 } };
2132 struct msghdr msg = {
2133 .msg_name = &from, .msg_namelen = sizeof(from),
2134 .msg_iov = &iov, .msg_iovlen = 1,
2135 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf),
2136 };
2137 ssize_t len;
2138
2139 #ifdef __sun
2140 struct interface *ifp;
2141 struct rs_state *state;
2142
2143 ifp = arg;
2144 state = RS_STATE(ifp);
2145 ctx = ifp->ctx;
2146 fd = state->nd_fd;
2147 #else
2148 ctx = arg;
2149 fd = ctx->nd_fd;
2150 #endif
2151
2152 if (events != ELE_READ)
2153 logerrx("%s: unexpected event 0x%04x", __func__, events);
2154
2155 len = recvmsg(fd, &msg, 0);
2156 if (len == -1) {
2157 logerr(__func__);
2158 return;
2159 }
2160
2161 iov.iov_len = (size_t)len;
2162 ipv6nd_recvmsg(ctx, &msg);
2163 }
2164
2165 static void
ipv6nd_startrs1(void * arg)2166 ipv6nd_startrs1(void *arg)
2167 {
2168 struct interface *ifp = arg;
2169 struct rs_state *state;
2170
2171 loginfox("%s: soliciting an IPv6 router", ifp->name);
2172 state = RS_STATE(ifp);
2173 if (state == NULL) {
2174 ifp->if_data[IF_DATA_IPV6ND] = calloc(1, sizeof(*state));
2175 state = RS_STATE(ifp);
2176 if (state == NULL) {
2177 logerr(__func__);
2178 return;
2179 }
2180 #ifdef __sun
2181 state->nd_fd = -1;
2182 #endif
2183 }
2184
2185 /* Always make a new probe as the underlying hardware
2186 * address could have changed. */
2187 ipv6nd_makersprobe(ifp);
2188 if (state->rs == NULL) {
2189 logerr(__func__);
2190 return;
2191 }
2192
2193 state->retrans = RETRANS_TIMER;
2194 state->rsprobes = 0;
2195 ipv6nd_sendrsprobe(ifp);
2196 }
2197
2198 void
ipv6nd_startrs(struct interface * ifp)2199 ipv6nd_startrs(struct interface *ifp)
2200 {
2201 unsigned int delay;
2202
2203 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
2204 if (!(ifp->options->options & DHCPCD_INITIAL_DELAY)) {
2205 ipv6nd_startrs1(ifp);
2206 return;
2207 }
2208
2209 delay = arc4random_uniform(MAX_RTR_SOLICITATION_DELAY * MSEC_PER_SEC);
2210 logdebugx("%s: delaying IPv6 router solicitation for %0.1f seconds",
2211 ifp->name, (float)delay / MSEC_PER_SEC);
2212 eloop_timeout_add_msec(ifp->ctx->eloop, delay, ipv6nd_startrs1, ifp);
2213 return;
2214 }
2215
routeinfo_findalloc(struct ra * rap,const struct in6_addr * prefix,uint8_t prefix_len)2216 static struct routeinfo *routeinfo_findalloc(struct ra *rap, const struct in6_addr *prefix, uint8_t prefix_len)
2217 {
2218 struct routeinfo *ri;
2219 char buf[INET6_ADDRSTRLEN];
2220 const char *p;
2221
2222 TAILQ_FOREACH(ri, &rap->rinfos, next) {
2223 if (ri->prefix_len == prefix_len &&
2224 IN6_ARE_ADDR_EQUAL(&ri->prefix, prefix))
2225 return ri;
2226 }
2227
2228 ri = malloc(sizeof(struct routeinfo));
2229 if (ri == NULL)
2230 return NULL;
2231
2232 memcpy(&ri->prefix, prefix, sizeof(ri->prefix));
2233 ri->prefix_len = prefix_len;
2234 p = inet_ntop(AF_INET6, prefix, buf, sizeof(buf));
2235 if (p)
2236 snprintf(ri->sprefix,
2237 sizeof(ri->sprefix),
2238 "%s/%d",
2239 p, prefix_len);
2240 else
2241 ri->sprefix[0] = '\0';
2242 TAILQ_INSERT_TAIL(&rap->rinfos, ri, next);
2243 return ri;
2244 }
2245
routeinfohead_free(struct routeinfohead * head)2246 static void routeinfohead_free(struct routeinfohead *head)
2247 {
2248 struct routeinfo *ri;
2249
2250 while ((ri = TAILQ_FIRST(head))) {
2251 TAILQ_REMOVE(head, ri, next);
2252 free(ri);
2253 }
2254 }
2255