1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * BSD interface driver for dhcpcd 4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name> 5 * All rights reserved 6 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/ioctl.h> 30 #include <sys/param.h> 31 #include <sys/socket.h> 32 #include <sys/stat.h> 33 #include <sys/sysctl.h> 34 #include <sys/time.h> 35 #include <sys/types.h> 36 #include <sys/uio.h> 37 #include <sys/utsname.h> 38 39 #include "config.h" 40 41 #include <arpa/inet.h> 42 #include <net/bpf.h> 43 #include <net/if.h> 44 #include <net/if_dl.h> 45 #include <net/if_media.h> 46 #include <net/route.h> 47 #include <netinet/if_ether.h> 48 #include <netinet/in.h> 49 #include <netinet/in_var.h> 50 #include <netinet6/in6_var.h> 51 #include <netinet6/nd6.h> 52 #ifdef __NetBSD__ 53 #include <net/if_vlanvar.h> /* Needs netinet/if_ether.h */ 54 #elif defined(__DragonFly__) 55 #include <net/vlan/if_vlan_var.h> 56 #else 57 #include <net/if_vlan_var.h> 58 #endif 59 #ifdef __DragonFly__ 60 # include <netproto/802_11/ieee80211_ioctl.h> 61 #else 62 # include <net80211/ieee80211.h> 63 # include <net80211/ieee80211_ioctl.h> 64 #endif 65 66 #include <assert.h> 67 #include <errno.h> 68 #include <fcntl.h> 69 #include <fnmatch.h> 70 #include <paths.h> 71 #include <stddef.h> 72 #include <stdio.h> 73 #include <stdlib.h> 74 #include <string.h> 75 #include <unistd.h> 76 77 #if defined(OpenBSD) && OpenBSD >= 201411 78 /* OpenBSD dropped the global setting from sysctl but left the #define 79 * which causes a EPERM error when trying to use it. 80 * I think both the error and keeping the define are wrong, so we #undef it. */ 81 #undef IPV6CTL_ACCEPT_RTADV 82 #endif 83 84 #include "common.h" 85 #include "dhcp.h" 86 #include "if.h" 87 #include "if-options.h" 88 #include "ipv4.h" 89 #include "ipv4ll.h" 90 #include "ipv6.h" 91 #include "ipv6nd.h" 92 #include "logerr.h" 93 #include "privsep.h" 94 #include "route.h" 95 #include "sa.h" 96 97 #ifndef RT_ROUNDUP 98 #define RT_ROUNDUP(a) \ 99 ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) 100 #define RT_ADVANCE(x, n) (x += RT_ROUNDUP((n)->sa_len)) 101 #endif 102 103 /* Ignore these interface names which look like ethernet but are virtual or 104 * just won't work without explicit configuration. */ 105 static const char * const ifnames_ignore[] = { 106 "bridge", 107 "fwe", /* Firewire */ 108 "fwip", /* Firewire */ 109 "tap", 110 "xvif", /* XEN DOM0 -> guest interface */ 111 NULL 112 }; 113 114 struct priv { 115 int pf_inet6_fd; 116 }; 117 118 struct rtm 119 { 120 struct rt_msghdr hdr; 121 char buffer[sizeof(struct sockaddr_storage) * RTAX_MAX]; 122 }; 123 124 int 125 if_init(__unused struct interface *iface) 126 { 127 /* BSD promotes secondary address by default */ 128 return 0; 129 } 130 131 int 132 if_conf(__unused struct interface *iface) 133 { 134 /* No extra checks needed on BSD */ 135 return 0; 136 } 137 138 int 139 if_opensockets_os(struct dhcpcd_ctx *ctx) 140 { 141 struct priv *priv; 142 int n; 143 #if defined(RO_MSGFILTER) || defined(ROUTE_MSGFILTER) 144 unsigned char msgfilter[] = { 145 RTM_IFINFO, 146 #ifdef RTM_IFANNOUNCE 147 RTM_IFANNOUNCE, 148 #endif 149 RTM_ADD, RTM_CHANGE, RTM_DELETE, RTM_MISS, 150 #ifdef RTM_CHGADDR 151 RTM_CHGADDR, 152 #endif 153 RTM_NEWADDR, RTM_DELADDR 154 }; 155 #ifdef ROUTE_MSGFILTER 156 unsigned int i, msgfilter_mask; 157 #endif 158 #endif 159 160 if ((priv = malloc(sizeof(*priv))) == NULL) 161 return -1; 162 ctx->priv = priv; 163 164 #ifdef INET6 165 priv->pf_inet6_fd = xsocket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); 166 /* Don't return an error so we at least work on kernels witout INET6 167 * even though we expect INET6 support. 168 * We will fail noisily elsewhere anyway. */ 169 #else 170 priv->pf_inet6_fd = -1; 171 #endif 172 173 ctx->link_fd = xsocket(PF_ROUTE, SOCK_RAW | SOCK_CXNB, AF_UNSPEC); 174 if (ctx->link_fd == -1) 175 return -1; 176 177 #ifdef SO_RERROR 178 n = 1; 179 if (setsockopt(ctx->link_fd, SOL_SOCKET, SO_RERROR, &n,sizeof(n)) == -1) 180 logerr("%s: SO_RERROR", __func__); 181 #endif 182 183 /* Ignore our own route(4) messages. 184 * Sadly there is no way of doing this for route(4) messages 185 * generated from addresses we add/delete. */ 186 n = 0; 187 if (setsockopt(ctx->link_fd, SOL_SOCKET, SO_USELOOPBACK, 188 &n, sizeof(n)) == -1) 189 logerr("%s: SO_USELOOPBACK", __func__); 190 191 #if defined(RO_MSGFILTER) 192 if (setsockopt(ctx->link_fd, PF_ROUTE, RO_MSGFILTER, 193 &msgfilter, sizeof(msgfilter)) == -1) 194 logerr(__func__); 195 #elif defined(ROUTE_MSGFILTER) 196 /* Convert the array into a bitmask. */ 197 msgfilter_mask = 0; 198 for (i = 0; i < __arraycount(msgfilter); i++) 199 msgfilter_mask |= ROUTE_FILTER(msgfilter[i]); 200 if (setsockopt(ctx->link_fd, PF_ROUTE, ROUTE_MSGFILTER, 201 &msgfilter_mask, sizeof(msgfilter_mask)) == -1) 202 logerr(__func__); 203 #else 204 #warning kernel does not support route message filtering 205 #endif 206 207 return 0; 208 } 209 210 void 211 if_closesockets_os(struct dhcpcd_ctx *ctx) 212 { 213 struct priv *priv; 214 215 priv = (struct priv *)ctx->priv; 216 if (priv->pf_inet6_fd != -1) 217 close(priv->pf_inet6_fd); 218 free(priv); 219 ctx->priv = NULL; 220 } 221 222 #if defined(SIOCALIFADDR) && defined(IFLR_ACTIVE) /*NetBSD */ 223 static int 224 if_ioctllink(struct dhcpcd_ctx *ctx, unsigned long req, void *data, size_t len) 225 { 226 int s; 227 int retval; 228 229 #ifdef PRIVSEP 230 if (ctx->options & DHCPCD_PRIVSEP) 231 return (int)ps_root_ioctllink(ctx, req, data, len); 232 #else 233 UNUSED(ctx); 234 #endif 235 236 s = socket(PF_LINK, SOCK_DGRAM, 0); 237 if (s == -1) 238 return -1; 239 retval = ioctl(s, req, data, len); 240 close(s); 241 return retval; 242 } 243 #endif 244 245 int 246 if_setmac(struct interface *ifp, void *mac, uint8_t maclen) 247 { 248 249 if (ifp->hwlen != maclen) { 250 errno = EINVAL; 251 return -1; 252 } 253 254 #if defined(SIOCALIFADDR) && defined(IFLR_ACTIVE) /*NetBSD */ 255 struct if_laddrreq iflr = { .flags = IFLR_ACTIVE }; 256 struct sockaddr_dl *sdl = satosdl(&iflr.addr); 257 int retval; 258 259 strlcpy(iflr.iflr_name, ifp->name, sizeof(iflr.iflr_name)); 260 sdl->sdl_family = AF_LINK; 261 sdl->sdl_len = sizeof(*sdl); 262 sdl->sdl_alen = maclen; 263 memcpy(LLADDR(sdl), mac, maclen); 264 retval = if_ioctllink(ifp->ctx, SIOCALIFADDR, &iflr, sizeof(iflr)); 265 266 /* Try and remove the old address */ 267 memcpy(LLADDR(sdl), ifp->hwaddr, ifp->hwlen); 268 if_ioctllink(ifp->ctx, SIOCDLIFADDR, &iflr, sizeof(iflr)); 269 270 return retval; 271 #else 272 struct ifreq ifr = { 273 .ifr_addr.sa_family = AF_LINK, 274 .ifr_addr.sa_len = maclen, 275 }; 276 277 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name)); 278 memcpy(ifr.ifr_addr.sa_data, mac, maclen); 279 return if_ioctl(ifp->ctx, SIOCSIFLLADDR, &ifr, sizeof(ifr)); 280 #endif 281 } 282 283 static bool 284 if_ignore1(const char *drvname) 285 { 286 const char * const *p; 287 288 for (p = ifnames_ignore; *p; p++) { 289 if (strcmp(*p, drvname) == 0) 290 return true; 291 } 292 return false; 293 } 294 295 bool 296 if_ignore(struct dhcpcd_ctx *ctx, const char *ifname) 297 { 298 struct if_spec spec; 299 300 if (if_nametospec(ifname, &spec) != 0) 301 return false; 302 303 if (if_ignore1(spec.drvname)) 304 return true; 305 306 #ifdef SIOCGIFGROUP 307 #ifdef HAVE_PLEDGE 308 #warning Fix SIOCGIFGROUP to use privsep to remove inet pledge requirement 309 #endif 310 struct ifgroupreq ifgr = { .ifgr_len = 0 }; 311 struct ifg_req *ifg; 312 size_t ifg_len; 313 314 /* Sadly it is possible to remove the device name 315 * from the interface groups, but hopefully this 316 * will be very unlikely.... */ 317 318 strlcpy(ifgr.ifgr_name, ifname, sizeof(ifgr.ifgr_name)); 319 if (ioctl(ctx->pf_inet_fd, SIOCGIFGROUP, &ifgr) == -1 || 320 (ifgr.ifgr_groups = malloc(ifgr.ifgr_len)) == NULL || 321 ioctl(ctx->pf_inet_fd, SIOCGIFGROUP, &ifgr) == -1) 322 { 323 logerr(__func__); 324 return false; 325 } 326 327 for (ifg = ifgr.ifgr_groups, ifg_len = ifgr.ifgr_len; 328 ifg && ifg_len >= sizeof(*ifg); 329 ifg++, ifg_len -= sizeof(*ifg)) 330 { 331 if (if_ignore1(ifg->ifgrq_group)) 332 return true; 333 } 334 #else 335 UNUSED(ctx); 336 #endif 337 338 return false; 339 } 340 341 int 342 if_carrier(struct interface *ifp) 343 { 344 struct ifmediareq ifmr = { .ifm_status = 0 }; 345 346 strlcpy(ifmr.ifm_name, ifp->name, sizeof(ifmr.ifm_name)); 347 if (ioctl(ifp->ctx->pf_inet_fd, SIOCGIFMEDIA, &ifmr) == -1 || 348 !(ifmr.ifm_status & IFM_AVALID)) 349 return LINK_UNKNOWN; 350 351 return (ifmr.ifm_status & IFM_ACTIVE) ? LINK_UP : LINK_DOWN; 352 } 353 354 static void 355 if_linkaddr(struct sockaddr_dl *sdl, const struct interface *ifp) 356 { 357 358 memset(sdl, 0, sizeof(*sdl)); 359 sdl->sdl_family = AF_LINK; 360 sdl->sdl_len = sizeof(*sdl); 361 sdl->sdl_nlen = sdl->sdl_alen = sdl->sdl_slen = 0; 362 sdl->sdl_index = (unsigned short)ifp->index; 363 } 364 365 #if defined(SIOCG80211NWID) || defined(SIOCGETVLAN) 366 static int if_indirect_ioctl(struct dhcpcd_ctx *ctx, 367 const char *ifname, unsigned long cmd, void *data, size_t len) 368 { 369 struct ifreq ifr = { .ifr_flags = 0 }; 370 371 #if defined(PRIVSEP) && defined(HAVE_PLEDGE) 372 if (IN_PRIVSEP(ctx)) 373 return (int)ps_root_indirectioctl(ctx, cmd, ifname, data, len); 374 #else 375 UNUSED(len); 376 #endif 377 378 strlcpy(ifr.ifr_name, ifname, IFNAMSIZ); 379 ifr.ifr_data = data; 380 return ioctl(ctx->pf_inet_fd, cmd, &ifr); 381 } 382 #endif 383 384 static int 385 if_getssid1(struct dhcpcd_ctx *ctx, const char *ifname, void *ssid) 386 { 387 int retval = -1; 388 #if defined(SIOCG80211NWID) 389 struct ieee80211_nwid nwid; 390 #elif defined(IEEE80211_IOC_SSID) 391 struct ieee80211req ireq; 392 char nwid[IEEE80211_NWID_LEN]; 393 #endif 394 395 #if defined(SIOCG80211NWID) /* NetBSD */ 396 memset(&nwid, 0, sizeof(nwid)); 397 if (if_indirect_ioctl(ctx, ifname, SIOCG80211NWID, 398 &nwid, sizeof(nwid)) == 0) 399 { 400 if (ssid == NULL) 401 retval = nwid.i_len; 402 else if (nwid.i_len > IF_SSIDLEN) 403 errno = ENOBUFS; 404 else { 405 retval = nwid.i_len; 406 memcpy(ssid, nwid.i_nwid, nwid.i_len); 407 } 408 } 409 #elif defined(IEEE80211_IOC_SSID) /* FreeBSD */ 410 memset(&ireq, 0, sizeof(ireq)); 411 strlcpy(ireq.i_name, ifname, sizeof(ireq.i_name)); 412 ireq.i_type = IEEE80211_IOC_SSID; 413 ireq.i_val = -1; 414 memset(nwid, 0, sizeof(nwid)); 415 ireq.i_data = &nwid; 416 if (ioctl(ctx->pf_inet_fd, SIOCG80211, &ireq) == 0) { 417 if (ssid == NULL) 418 retval = ireq.i_len; 419 else if (ireq.i_len > IF_SSIDLEN) 420 errno = ENOBUFS; 421 else { 422 retval = ireq.i_len; 423 memcpy(ssid, nwid, ireq.i_len); 424 } 425 } 426 #else 427 errno = ENOSYS; 428 #endif 429 430 return retval; 431 } 432 433 int 434 if_getssid(struct interface *ifp) 435 { 436 int r; 437 438 r = if_getssid1(ifp->ctx, ifp->name, ifp->ssid); 439 if (r != -1) 440 ifp->ssid_len = (unsigned int)r; 441 else 442 ifp->ssid_len = 0; 443 ifp->ssid[ifp->ssid_len] = '\0'; 444 return r; 445 } 446 447 /* 448 * FreeBSD allows for Virtual Access Points 449 * We need to check if the interface is a Virtual Interface Master 450 * and if so, don't use it. 451 * This check is made by virtue of being a IEEE80211 device but 452 * returning the SSID gives an error. 453 */ 454 int 455 if_vimaster(struct dhcpcd_ctx *ctx, const char *ifname) 456 { 457 int r; 458 struct ifmediareq ifmr = { .ifm_active = 0 }; 459 460 strlcpy(ifmr.ifm_name, ifname, sizeof(ifmr.ifm_name)); 461 r = ioctl(ctx->pf_inet_fd, SIOCGIFMEDIA, &ifmr); 462 if (r == -1) 463 return -1; 464 if (ifmr.ifm_status & IFM_AVALID && 465 IFM_TYPE(ifmr.ifm_active) == IFM_IEEE80211) 466 { 467 if (if_getssid1(ctx, ifname, NULL) == -1) 468 return 1; 469 } 470 return 0; 471 } 472 473 unsigned short 474 if_vlanid(const struct interface *ifp) 475 { 476 #ifdef SIOCGETVLAN 477 struct vlanreq vlr = { .vlr_tag = 0 }; 478 479 if (if_indirect_ioctl(ifp->ctx, ifp->name, SIOCGETVLAN, 480 &vlr, sizeof(vlr)) != 0) 481 return 0; /* 0 means no VLANID */ 482 return vlr.vlr_tag; 483 #elif defined(SIOCGVNETID) 484 struct ifreq ifr = { .ifr_vnetid = 0 }; 485 486 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name)); 487 if (ioctl(ifp->ctx->pf_inet_fd, SIOCGVNETID, &ifr) != 0) 488 return 0; /* 0 means no VLANID */ 489 return ifr.ifr_vnetid; 490 #else 491 UNUSED(ifp); 492 return 0; /* 0 means no VLANID */ 493 #endif 494 } 495 496 static int 497 get_addrs(int type, const void *data, size_t data_len, 498 const struct sockaddr **sa) 499 { 500 const char *cp, *ep; 501 int i; 502 503 cp = data; 504 ep = cp + data_len; 505 for (i = 0; i < RTAX_MAX; i++) { 506 if (type & (1 << i)) { 507 if (cp >= ep) { 508 errno = EINVAL; 509 return -1; 510 } 511 sa[i] = (const struct sockaddr *)cp; 512 RT_ADVANCE(cp, sa[i]); 513 } else 514 sa[i] = NULL; 515 } 516 517 return 0; 518 } 519 520 static struct interface * 521 if_findsdl(struct dhcpcd_ctx *ctx, const struct sockaddr_dl *sdl) 522 { 523 524 if (sdl->sdl_index) 525 return if_findindex(ctx->ifaces, sdl->sdl_index); 526 527 if (sdl->sdl_nlen) { 528 char ifname[IF_NAMESIZE]; 529 530 memcpy(ifname, sdl->sdl_data, sdl->sdl_nlen); 531 ifname[sdl->sdl_nlen] = '\0'; 532 return if_find(ctx->ifaces, ifname); 533 } 534 if (sdl->sdl_alen) { 535 struct interface *ifp; 536 537 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 538 if (ifp->hwlen == sdl->sdl_alen && 539 memcmp(ifp->hwaddr, 540 sdl->sdl_data, sdl->sdl_alen) == 0) 541 return ifp; 542 } 543 } 544 545 errno = ENOENT; 546 return NULL; 547 } 548 549 static struct interface * 550 if_findsa(struct dhcpcd_ctx *ctx, const struct sockaddr *sa) 551 { 552 if (sa == NULL) { 553 errno = EINVAL; 554 return NULL; 555 } 556 557 switch (sa->sa_family) { 558 case AF_LINK: 559 { 560 const struct sockaddr_dl *sdl; 561 562 sdl = (const void *)sa; 563 return if_findsdl(ctx, sdl); 564 } 565 #ifdef INET 566 case AF_INET: 567 { 568 const struct sockaddr_in *sin; 569 struct ipv4_addr *ia; 570 571 sin = (const void *)sa; 572 if ((ia = ipv4_findmaskaddr(ctx, &sin->sin_addr))) 573 return ia->iface; 574 break; 575 } 576 #endif 577 #ifdef INET6 578 case AF_INET6: 579 { 580 const struct sockaddr_in6 *sin; 581 unsigned int scope; 582 struct ipv6_addr *ia; 583 584 sin = (const void *)sa; 585 scope = ipv6_getscope(sin); 586 if (scope != 0) 587 return if_findindex(ctx->ifaces, scope); 588 if ((ia = ipv6_findmaskaddr(ctx, &sin->sin6_addr))) 589 return ia->iface; 590 break; 591 } 592 #endif 593 default: 594 errno = EAFNOSUPPORT; 595 return NULL; 596 } 597 598 errno = ENOENT; 599 return NULL; 600 } 601 602 static void 603 if_copysa(struct sockaddr *dst, const struct sockaddr *src) 604 { 605 606 assert(dst != NULL); 607 assert(src != NULL); 608 609 memcpy(dst, src, src->sa_len); 610 #if defined(INET6) && defined(__KAME__) 611 if (dst->sa_family == AF_INET6) { 612 struct in6_addr *in6; 613 614 in6 = &satosin6(dst)->sin6_addr; 615 if (IN6_IS_ADDR_LINKLOCAL(in6)) 616 in6->s6_addr[2] = in6->s6_addr[3] = '\0'; 617 } 618 #endif 619 } 620 621 int 622 if_route(unsigned char cmd, const struct rt *rt) 623 { 624 struct dhcpcd_ctx *ctx; 625 struct rtm rtmsg; 626 struct rt_msghdr *rtm = &rtmsg.hdr; 627 char *bp = rtmsg.buffer; 628 struct sockaddr_dl sdl; 629 bool gateway_unspec; 630 631 assert(rt != NULL); 632 assert(rt->rt_ifp != NULL); 633 assert(rt->rt_ifp->ctx != NULL); 634 ctx = rt->rt_ifp->ctx; 635 636 #define ADDSA(sa) do { \ 637 memcpy(bp, (sa), (sa)->sa_len); \ 638 bp += RT_ROUNDUP((sa)->sa_len); \ 639 } while (0 /* CONSTCOND */) 640 641 memset(&rtmsg, 0, sizeof(rtmsg)); 642 rtm->rtm_version = RTM_VERSION; 643 rtm->rtm_type = cmd; 644 #ifdef __OpenBSD__ 645 rtm->rtm_pid = getpid(); 646 #endif 647 rtm->rtm_seq = ++ctx->seq; 648 rtm->rtm_flags = (int)rt->rt_flags; 649 rtm->rtm_addrs = RTA_DST; 650 #ifdef RTF_PINNED 651 if (cmd != RTM_ADD) 652 rtm->rtm_flags |= RTF_PINNED; 653 #endif 654 655 gateway_unspec = sa_is_unspecified(&rt->rt_gateway); 656 657 if (cmd == RTM_ADD || cmd == RTM_CHANGE) { 658 bool netmask_bcast = sa_is_allones(&rt->rt_netmask); 659 660 rtm->rtm_flags |= RTF_UP; 661 rtm->rtm_addrs |= RTA_GATEWAY; 662 if (!(rtm->rtm_flags & RTF_REJECT) && 663 !sa_is_loopback(&rt->rt_gateway)) 664 { 665 rtm->rtm_index = (unsigned short)rt->rt_ifp->index; 666 /* 667 * OpenBSD rejects the message for on-link routes. 668 * FreeBSD-12 kernel apparently panics. 669 * I can't replicate the panic, but better safe than sorry! 670 * https://roy.marples.name/archives/dhcpcd-discuss/0002286.html 671 * 672 * Neither OS currently allows IPv6 address sharing anyway, so let's 673 * try to encourage someone to fix that by logging a waring during compile. 674 */ 675 #if defined(__FreeBSD__) || defined(__OpenBSD__) 676 #warning kernel does not allow IPv6 address sharing 677 if (!gateway_unspec || rt->rt_dest.sa_family!=AF_INET6) 678 #endif 679 rtm->rtm_addrs |= RTA_IFP; 680 if (!sa_is_unspecified(&rt->rt_ifa)) 681 rtm->rtm_addrs |= RTA_IFA; 682 } 683 if (netmask_bcast) 684 rtm->rtm_flags |= RTF_HOST; 685 /* Network routes are cloning or connected if supported. 686 * All other routes are static. */ 687 if (gateway_unspec) { 688 #ifdef RTF_CLONING 689 rtm->rtm_flags |= RTF_CLONING; 690 #endif 691 #ifdef RTF_CONNECTED 692 rtm->rtm_flags |= RTF_CONNECTED; 693 #endif 694 #ifdef RTP_CONNECTED 695 rtm->rtm_priority = RTP_CONNECTED; 696 #endif 697 #ifdef RTF_CLONING 698 if (netmask_bcast) { 699 /* 700 * We add a cloning network route for a single 701 * host. Traffic to the host will generate a 702 * cloned route and the hardware address will 703 * resolve correctly. 704 * It might be more correct to use RTF_HOST 705 * instead of RTF_CLONING, and that does work, 706 * but some OS generate an arp warning 707 * diagnostic which we don't want to do. 708 */ 709 rtm->rtm_flags &= ~RTF_HOST; 710 } 711 #endif 712 } else 713 rtm->rtm_flags |= RTF_GATEWAY; 714 715 /* Emulate the kernel by marking address generated 716 * network routes non-static. */ 717 if (!(rt->rt_dflags & RTDF_IFA_ROUTE)) 718 rtm->rtm_flags |= RTF_STATIC; 719 720 if (rt->rt_mtu != 0) { 721 rtm->rtm_inits |= RTV_MTU; 722 rtm->rtm_rmx.rmx_mtu = rt->rt_mtu; 723 } 724 } 725 726 if (!(rtm->rtm_flags & RTF_HOST)) 727 rtm->rtm_addrs |= RTA_NETMASK; 728 729 if_linkaddr(&sdl, rt->rt_ifp); 730 731 ADDSA(&rt->rt_dest); 732 733 if (rtm->rtm_addrs & RTA_GATEWAY) { 734 if (gateway_unspec) 735 ADDSA((struct sockaddr *)&sdl); 736 else { 737 union sa_ss gateway; 738 739 if_copysa(&gateway.sa, &rt->rt_gateway); 740 #ifdef INET6 741 if (gateway.sa.sa_family == AF_INET6) 742 ipv6_setscope(&gateway.sin6, rt->rt_ifp->index); 743 #endif 744 ADDSA(&gateway.sa); 745 } 746 } 747 748 if (rtm->rtm_addrs & RTA_NETMASK) 749 ADDSA(&rt->rt_netmask); 750 751 if (rtm->rtm_addrs & RTA_IFP) 752 ADDSA((struct sockaddr *)&sdl); 753 754 if (rtm->rtm_addrs & RTA_IFA) 755 ADDSA(&rt->rt_ifa); 756 757 #undef ADDSA 758 759 rtm->rtm_msglen = (unsigned short)(bp - (char *)rtm); 760 761 #ifdef PRIVSEP 762 if (ctx->options & DHCPCD_PRIVSEP) { 763 if (ps_root_route(ctx, rtm, rtm->rtm_msglen) == -1) 764 return -1; 765 return 0; 766 } 767 #endif 768 if (write(ctx->link_fd, rtm, rtm->rtm_msglen) == -1) 769 return -1; 770 return 0; 771 } 772 773 static bool 774 if_realroute(const struct rt_msghdr *rtm) 775 { 776 777 #ifdef RTF_CLONED 778 if (rtm->rtm_flags & RTF_CLONED) 779 return false; 780 #endif 781 #ifdef RTF_WASCLONED 782 if (rtm->rtm_flags & RTF_WASCLONED) 783 return false; 784 #endif 785 #ifdef RTF_LOCAL 786 if (rtm->rtm_flags & RTF_LOCAL) 787 return false; 788 #endif 789 #ifdef RTF_BROADCAST 790 if (rtm->rtm_flags & RTF_BROADCAST) 791 return false; 792 #endif 793 return true; 794 } 795 796 static int 797 if_copyrt(struct dhcpcd_ctx *ctx, struct rt *rt, const struct rt_msghdr *rtm) 798 { 799 const struct sockaddr *rti_info[RTAX_MAX]; 800 801 if (!(rtm->rtm_addrs & RTA_DST)) { 802 errno = EINVAL; 803 return -1; 804 } 805 if (rtm->rtm_type != RTM_MISS && !(rtm->rtm_addrs & RTA_GATEWAY)) { 806 errno = EINVAL; 807 return -1; 808 } 809 810 if (get_addrs(rtm->rtm_addrs, (const char *)rtm + sizeof(*rtm), 811 rtm->rtm_msglen - sizeof(*rtm), rti_info) == -1) 812 return -1; 813 memset(rt, 0, sizeof(*rt)); 814 815 rt->rt_flags = (unsigned int)rtm->rtm_flags; 816 if_copysa(&rt->rt_dest, rti_info[RTAX_DST]); 817 if (rtm->rtm_addrs & RTA_NETMASK) { 818 if_copysa(&rt->rt_netmask, rti_info[RTAX_NETMASK]); 819 if (rt->rt_netmask.sa_family == 255) /* Why? */ 820 rt->rt_netmask.sa_family = rt->rt_dest.sa_family; 821 } 822 823 /* dhcpcd likes an unspecified gateway to indicate via the link. 824 * However we need to know if gateway was a link with an address. */ 825 if (rtm->rtm_addrs & RTA_GATEWAY) { 826 if (rti_info[RTAX_GATEWAY]->sa_family == AF_LINK) { 827 const struct sockaddr_dl *sdl; 828 829 sdl = (const struct sockaddr_dl*) 830 (const void *)rti_info[RTAX_GATEWAY]; 831 if (sdl->sdl_alen != 0) 832 rt->rt_dflags |= RTDF_GATELINK; 833 } else if (rtm->rtm_flags & RTF_GATEWAY) 834 if_copysa(&rt->rt_gateway, rti_info[RTAX_GATEWAY]); 835 } 836 837 if (rtm->rtm_addrs & RTA_IFA) 838 if_copysa(&rt->rt_ifa, rti_info[RTAX_IFA]); 839 840 rt->rt_mtu = (unsigned int)rtm->rtm_rmx.rmx_mtu; 841 842 if (rtm->rtm_index) 843 rt->rt_ifp = if_findindex(ctx->ifaces, rtm->rtm_index); 844 else if (rtm->rtm_addrs & RTA_IFP) 845 rt->rt_ifp = if_findsa(ctx, rti_info[RTAX_IFP]); 846 else if (rtm->rtm_addrs & RTA_GATEWAY) 847 rt->rt_ifp = if_findsa(ctx, rti_info[RTAX_GATEWAY]); 848 else 849 rt->rt_ifp = if_findsa(ctx, rti_info[RTAX_DST]); 850 851 if (rt->rt_ifp == NULL && rtm->rtm_type == RTM_MISS) 852 rt->rt_ifp = if_find(ctx->ifaces, "lo0"); 853 854 if (rt->rt_ifp == NULL) { 855 errno = ESRCH; 856 return -1; 857 } 858 return 0; 859 } 860 861 int 862 if_initrt(struct dhcpcd_ctx *ctx, rb_tree_t *kroutes, int af) 863 { 864 struct rt_msghdr *rtm; 865 int mib[6]; 866 size_t needed; 867 char *buf, *p, *end; 868 struct rt rt, *rtn; 869 870 mib[0] = CTL_NET; 871 mib[1] = PF_ROUTE; 872 mib[2] = 0; 873 mib[3] = af; 874 mib[4] = NET_RT_DUMP; 875 mib[5] = 0; 876 877 if (sysctl(mib, 6, NULL, &needed, NULL, 0) == -1) 878 return -1; 879 if (needed == 0) 880 return 0; 881 if ((buf = malloc(needed)) == NULL) 882 return -1; 883 if (sysctl(mib, 6, buf, &needed, NULL, 0) == -1) { 884 free(buf); 885 return -1; 886 } 887 888 end = buf + needed; 889 for (p = buf; p < end; p += rtm->rtm_msglen) { 890 rtm = (void *)p; 891 if (p + rtm->rtm_msglen >= end) { 892 errno = EINVAL; 893 break; 894 } 895 if (!if_realroute(rtm)) 896 continue; 897 if (if_copyrt(ctx, &rt, rtm) != 0) 898 continue; 899 if ((rtn = rt_new(rt.rt_ifp)) == NULL) { 900 logerr(__func__); 901 break; 902 } 903 memcpy(rtn, &rt, sizeof(*rtn)); 904 if (rb_tree_insert_node(kroutes, rtn) != rtn) 905 rt_free(rtn); 906 } 907 free(buf); 908 return p == end ? 0 : -1; 909 } 910 911 #ifdef INET 912 int 913 if_address(unsigned char cmd, const struct ipv4_addr *ia) 914 { 915 int r; 916 struct in_aliasreq ifra; 917 struct dhcpcd_ctx *ctx = ia->iface->ctx; 918 919 memset(&ifra, 0, sizeof(ifra)); 920 strlcpy(ifra.ifra_name, ia->iface->name, sizeof(ifra.ifra_name)); 921 922 #define ADDADDR(var, addr) do { \ 923 (var)->sin_family = AF_INET; \ 924 (var)->sin_len = sizeof(*(var)); \ 925 (var)->sin_addr = *(addr); \ 926 } while (/*CONSTCOND*/0) 927 ADDADDR(&ifra.ifra_addr, &ia->addr); 928 ADDADDR(&ifra.ifra_mask, &ia->mask); 929 if (cmd == RTM_NEWADDR && ia->brd.s_addr != INADDR_ANY) 930 ADDADDR(&ifra.ifra_broadaddr, &ia->brd); 931 #undef ADDADDR 932 933 r = if_ioctl(ctx, 934 cmd == RTM_DELADDR ? SIOCDIFADDR : SIOCAIFADDR, &ifra,sizeof(ifra)); 935 return r; 936 } 937 938 #if !(defined(HAVE_IFADDRS_ADDRFLAGS) && defined(HAVE_IFAM_ADDRFLAGS)) 939 int 940 if_addrflags(const struct interface *ifp, const struct in_addr *addr, 941 __unused const char *alias) 942 { 943 #ifdef SIOCGIFAFLAG_IN 944 struct ifreq ifr; 945 struct sockaddr_in *sin; 946 947 memset(&ifr, 0, sizeof(ifr)); 948 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name)); 949 sin = (void *)&ifr.ifr_addr; 950 sin->sin_family = AF_INET; 951 sin->sin_addr = *addr; 952 if (ioctl(ifp->ctx->pf_inet_fd, SIOCGIFAFLAG_IN, &ifr) == -1) 953 return -1; 954 return ifr.ifr_addrflags; 955 #else 956 UNUSED(ifp); 957 UNUSED(addr); 958 return 0; 959 #endif 960 } 961 #endif 962 #endif /* INET */ 963 964 #ifdef INET6 965 static int 966 if_ioctl6(struct dhcpcd_ctx *ctx, unsigned long req, void *data, size_t len) 967 { 968 struct priv *priv; 969 970 #ifdef PRIVSEP 971 if (ctx->options & DHCPCD_PRIVSEP) 972 return (int)ps_root_ioctl6(ctx, req, data, len); 973 #endif 974 975 priv = ctx->priv; 976 return ioctl(priv->pf_inet6_fd, req, data, len); 977 } 978 979 int 980 if_address6(unsigned char cmd, const struct ipv6_addr *ia) 981 { 982 struct in6_aliasreq ifa = { .ifra_flags = 0 }; 983 struct in6_addr mask; 984 struct dhcpcd_ctx *ctx = ia->iface->ctx; 985 986 strlcpy(ifa.ifra_name, ia->iface->name, sizeof(ifa.ifra_name)); 987 #if defined(__FreeBSD__) || defined(__DragonFly__) 988 /* This is a bug - the kernel should work this out. */ 989 if (ia->addr_flags & IN6_IFF_TENTATIVE) 990 ifa.ifra_flags |= IN6_IFF_TENTATIVE; 991 #endif 992 // #if (defined(__NetBSD__) && __NetBSD_Version__ >= 999005700) || 993 #if (defined(__OpenBSD__) && OpenBSD >= 201605) 994 if (ia->flags & IPV6_AF_AUTOCONF) 995 ifa.ifra_flags |= IN6_IFF_AUTOCONF; 996 #endif 997 #ifdef IPV6_MANAGETEMPADDR 998 if (ia->flags & IPV6_AF_TEMPORARY) 999 ifa.ifra_flags |= IN6_IFF_TEMPORARY; 1000 #endif 1001 1002 #define ADDADDR(v, addr) { \ 1003 (v)->sin6_family = AF_INET6; \ 1004 (v)->sin6_len = sizeof(*v); \ 1005 (v)->sin6_addr = *(addr); \ 1006 } 1007 1008 ADDADDR(&ifa.ifra_addr, &ia->addr); 1009 ipv6_setscope(&ifa.ifra_addr, ia->iface->index); 1010 ipv6_mask(&mask, ia->prefix_len); 1011 ADDADDR(&ifa.ifra_prefixmask, &mask); 1012 1013 #undef ADDADDR 1014 1015 /* 1016 * Every BSD kernel wants to add the prefix of the address to it's 1017 * list of RA received prefixes. 1018 * THIS IS WRONG because there (as the comments in the kernel state) 1019 * is no API for managing prefix lifetime and the kernel should not 1020 * pretend it's from a RA either. 1021 * 1022 * The issue is that the very first assigned prefix will inherit the 1023 * lifetime of the address, but any subsequent alteration of the 1024 * address OR it's lifetime will not affect the prefix lifetime. 1025 * As such, we cannot stop the prefix from timing out and then 1026 * constantly removing the prefix route dhcpcd is capable of adding 1027 * in it's absense. 1028 * 1029 * What we can do to mitigate the issue is to add the address with 1030 * infinite lifetimes, so the prefix route will never time out. 1031 * Once done, we can then set lifetimes on the address and all is good. 1032 * The downside of this approach is that we need to manually remove 1033 * the kernel route because it has no lifetime, but this is OK as 1034 * dhcpcd will handle this too. 1035 * 1036 * This issue is discussed on the NetBSD mailing lists here: 1037 * http://mail-index.netbsd.org/tech-net/2016/08/05/msg006044.html 1038 * 1039 * Fixed in NetBSD-7.99.36 1040 * NOT fixed in FreeBSD - bug 195197 1041 * Fixed in OpenBSD-5.9 1042 */ 1043 1044 #if !((defined(__NetBSD_Version__) && __NetBSD_Version__ >= 799003600) || \ 1045 (defined(__OpenBSD__) && OpenBSD >= 201605)) 1046 if (cmd == RTM_NEWADDR && !(ia->flags & IPV6_AF_ADDED)) { 1047 ifa.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME; 1048 ifa.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME; 1049 (void)if_ioctl6(ctx, SIOCAIFADDR_IN6, &ifa, sizeof(ifa)); 1050 } 1051 #endif 1052 1053 #if defined(__OpenBSD__) && OpenBSD <= 201705 1054 /* BUT OpenBSD older than 6.2 does not reset the address lifetime 1055 * for subsequent calls... 1056 * Luckily dhcpcd will remove the lease when it expires so 1057 * just set an infinite lifetime, unless a temporary address. */ 1058 if (ifa.ifra_flags & IN6_IFF_PRIVACY) { 1059 ifa.ifra_lifetime.ia6t_vltime = ia->prefix_vltime; 1060 ifa.ifra_lifetime.ia6t_pltime = ia->prefix_pltime; 1061 } else { 1062 ifa.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME; 1063 ifa.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME; 1064 } 1065 #else 1066 ifa.ifra_lifetime.ia6t_vltime = ia->prefix_vltime; 1067 ifa.ifra_lifetime.ia6t_pltime = ia->prefix_pltime; 1068 #endif 1069 1070 return if_ioctl6(ctx, 1071 cmd == RTM_DELADDR ? SIOCDIFADDR_IN6 : SIOCAIFADDR_IN6, 1072 &ifa, sizeof(ifa)); 1073 } 1074 1075 int 1076 if_addrflags6(const struct interface *ifp, const struct in6_addr *addr, 1077 __unused const char *alias) 1078 { 1079 int flags; 1080 struct in6_ifreq ifr6; 1081 struct priv *priv; 1082 1083 memset(&ifr6, 0, sizeof(ifr6)); 1084 strlcpy(ifr6.ifr_name, ifp->name, sizeof(ifr6.ifr_name)); 1085 ifr6.ifr_addr.sin6_family = AF_INET6; 1086 ifr6.ifr_addr.sin6_addr = *addr; 1087 ipv6_setscope(&ifr6.ifr_addr, ifp->index); 1088 priv = (struct priv *)ifp->ctx->priv; 1089 if (ioctl(priv->pf_inet6_fd, SIOCGIFAFLAG_IN6, &ifr6) != -1) 1090 flags = ifr6.ifr_ifru.ifru_flags6; 1091 else 1092 flags = -1; 1093 return flags; 1094 } 1095 1096 int 1097 if_getlifetime6(struct ipv6_addr *ia) 1098 { 1099 struct in6_ifreq ifr6; 1100 time_t t; 1101 struct in6_addrlifetime *lifetime; 1102 struct priv *priv; 1103 1104 memset(&ifr6, 0, sizeof(ifr6)); 1105 strlcpy(ifr6.ifr_name, ia->iface->name, sizeof(ifr6.ifr_name)); 1106 ifr6.ifr_addr.sin6_family = AF_INET6; 1107 ifr6.ifr_addr.sin6_addr = ia->addr; 1108 ipv6_setscope(&ifr6.ifr_addr, ia->iface->index); 1109 priv = (struct priv *)ia->iface->ctx->priv; 1110 if (ioctl(priv->pf_inet6_fd, SIOCGIFALIFETIME_IN6, &ifr6) == -1) 1111 return -1; 1112 clock_gettime(CLOCK_MONOTONIC, &ia->created); 1113 1114 #if defined(__FreeBSD__) || defined(__DragonFly__) 1115 t = ia->created.tv_sec; 1116 #else 1117 t = time(NULL); 1118 #endif 1119 1120 lifetime = &ifr6.ifr_ifru.ifru_lifetime; 1121 if (lifetime->ia6t_preferred) 1122 ia->prefix_pltime = (uint32_t)(lifetime->ia6t_preferred - 1123 MIN(t, lifetime->ia6t_preferred)); 1124 else 1125 ia->prefix_pltime = ND6_INFINITE_LIFETIME; 1126 if (lifetime->ia6t_expire) { 1127 ia->prefix_vltime = (uint32_t)(lifetime->ia6t_expire - 1128 MIN(t, lifetime->ia6t_expire)); 1129 /* Calculate the created time */ 1130 ia->created.tv_sec -= lifetime->ia6t_vltime - ia->prefix_vltime; 1131 } else 1132 ia->prefix_vltime = ND6_INFINITE_LIFETIME; 1133 return 0; 1134 } 1135 #endif 1136 1137 static int 1138 if_announce(struct dhcpcd_ctx *ctx, const struct if_announcemsghdr *ifan) 1139 { 1140 1141 if (ifan->ifan_msglen < sizeof(*ifan)) { 1142 errno = EINVAL; 1143 return -1; 1144 } 1145 1146 switch(ifan->ifan_what) { 1147 case IFAN_ARRIVAL: 1148 return dhcpcd_handleinterface(ctx, 1, ifan->ifan_name); 1149 case IFAN_DEPARTURE: 1150 return dhcpcd_handleinterface(ctx, -1, ifan->ifan_name); 1151 } 1152 1153 return 0; 1154 } 1155 1156 static int 1157 if_ifinfo(struct dhcpcd_ctx *ctx, const struct if_msghdr *ifm) 1158 { 1159 struct interface *ifp; 1160 int link_state; 1161 1162 if (ifm->ifm_msglen < sizeof(*ifm)) { 1163 errno = EINVAL; 1164 return -1; 1165 } 1166 1167 if ((ifp = if_findindex(ctx->ifaces, ifm->ifm_index)) == NULL) 1168 return 0; 1169 1170 switch (ifm->ifm_data.ifi_link_state) { 1171 case LINK_STATE_UNKNOWN: 1172 link_state = LINK_UNKNOWN; 1173 break; 1174 #ifdef LINK_STATE_FULL_DUPLEX 1175 case LINK_STATE_HALF_DUPLEX: /* FALLTHROUGH */ 1176 case LINK_STATE_FULL_DUPLEX: /* FALLTHROUGH */ 1177 #endif 1178 case LINK_STATE_UP: 1179 link_state = LINK_UP; 1180 break; 1181 default: 1182 link_state = LINK_DOWN; 1183 break; 1184 } 1185 1186 dhcpcd_handlecarrier(ctx, link_state, 1187 (unsigned int)ifm->ifm_flags, ifp->name); 1188 return 0; 1189 } 1190 1191 static int 1192 if_rtm(struct dhcpcd_ctx *ctx, const struct rt_msghdr *rtm) 1193 { 1194 struct rt rt; 1195 1196 if (rtm->rtm_msglen < sizeof(*rtm)) { 1197 errno = EINVAL; 1198 return -1; 1199 } 1200 1201 /* Ignore errors. */ 1202 if (rtm->rtm_errno != 0) 1203 return 0; 1204 1205 /* Ignore messages from ourself. */ 1206 #ifdef PRIVSEP 1207 if (ctx->ps_root_pid != 0) { 1208 if (rtm->rtm_pid == ctx->ps_root_pid) 1209 return 0; 1210 } 1211 #endif 1212 1213 if (if_copyrt(ctx, &rt, rtm) == -1) 1214 return errno == ENOTSUP ? 0 : -1; 1215 1216 #ifdef INET6 1217 /* 1218 * BSD announces host routes. 1219 * As such, we should be notified of reachability by its 1220 * existance with a hardware address. 1221 * Ensure we don't call this for a newly incomplete state. 1222 */ 1223 if (rt.rt_dest.sa_family == AF_INET6 && 1224 (rt.rt_flags & RTF_HOST || rtm->rtm_type == RTM_MISS) && 1225 !(rtm->rtm_type == RTM_ADD && !(rt.rt_dflags & RTDF_GATELINK))) 1226 { 1227 bool reachable; 1228 1229 reachable = (rtm->rtm_type == RTM_ADD || 1230 rtm->rtm_type == RTM_CHANGE) && 1231 rt.rt_dflags & RTDF_GATELINK; 1232 ipv6nd_neighbour(ctx, &rt.rt_ss_dest.sin6.sin6_addr, reachable); 1233 } 1234 #endif 1235 1236 if (rtm->rtm_type != RTM_MISS && if_realroute(rtm)) 1237 rt_recvrt(rtm->rtm_type, &rt, rtm->rtm_pid); 1238 return 0; 1239 } 1240 1241 static int 1242 if_ifa(struct dhcpcd_ctx *ctx, const struct ifa_msghdr *ifam) 1243 { 1244 struct interface *ifp; 1245 const struct sockaddr *rti_info[RTAX_MAX]; 1246 int flags; 1247 pid_t pid; 1248 1249 if (ifam->ifam_msglen < sizeof(*ifam)) { 1250 errno = EINVAL; 1251 return -1; 1252 } 1253 1254 #ifdef HAVE_IFAM_PID 1255 /* Ignore address deletions from ourself. 1256 * We need to process address flag changes though. */ 1257 if (ifam->ifam_type == RTM_DELADDR) { 1258 #ifdef PRIVSEP 1259 if (ctx->ps_root_pid != 0) { 1260 if (ifam->ifam_pid == ctx->ps_root_pid) 1261 return 0; 1262 } else 1263 #endif 1264 /* address management is done via ioctl, 1265 * so SO_USELOOPBACK has no effect, 1266 * so we do need to check the pid. */ 1267 if (ifam->ifam_pid == getpid()) 1268 return 0; 1269 } 1270 pid = ifam->ifam_pid; 1271 #else 1272 pid = 0; 1273 #endif 1274 1275 if (~ifam->ifam_addrs & RTA_IFA) 1276 return 0; 1277 if ((ifp = if_findindex(ctx->ifaces, ifam->ifam_index)) == NULL) 1278 return 0; 1279 1280 if (get_addrs(ifam->ifam_addrs, (const char *)ifam + sizeof(*ifam), 1281 ifam->ifam_msglen - sizeof(*ifam), rti_info) == -1) 1282 return -1; 1283 1284 switch (rti_info[RTAX_IFA]->sa_family) { 1285 case AF_LINK: 1286 { 1287 struct sockaddr_dl sdl; 1288 1289 #ifdef RTM_CHGADDR 1290 if (ifam->ifam_type != RTM_CHGADDR) 1291 break; 1292 #else 1293 if (ifam->ifam_type != RTM_NEWADDR) 1294 break; 1295 #endif 1296 memcpy(&sdl, rti_info[RTAX_IFA], rti_info[RTAX_IFA]->sa_len); 1297 dhcpcd_handlehwaddr(ifp, ifp->hwtype, 1298 CLLADDR(&sdl), sdl.sdl_alen); 1299 break; 1300 } 1301 #ifdef INET 1302 case AF_INET: 1303 case 255: /* FIXME: Why 255? */ 1304 { 1305 const struct sockaddr_in *sin; 1306 struct in_addr addr, mask, bcast; 1307 1308 sin = (const void *)rti_info[RTAX_IFA]; 1309 addr.s_addr = sin != NULL && sin->sin_family == AF_INET ? 1310 sin->sin_addr.s_addr : INADDR_ANY; 1311 sin = (const void *)rti_info[RTAX_NETMASK]; 1312 mask.s_addr = sin != NULL && sin->sin_family == AF_INET ? 1313 sin->sin_addr.s_addr : INADDR_ANY; 1314 sin = (const void *)rti_info[RTAX_BRD]; 1315 bcast.s_addr = sin != NULL && sin->sin_family == AF_INET ? 1316 sin->sin_addr.s_addr : INADDR_ANY; 1317 1318 /* 1319 * NetBSD-7 and older send an invalid broadcast address. 1320 * So we need to query the actual address to get 1321 * the right one. 1322 * We can also use this to test if the address 1323 * has really been added or deleted. 1324 */ 1325 #ifdef SIOCGIFALIAS 1326 struct in_aliasreq ifra; 1327 1328 memset(&ifra, 0, sizeof(ifra)); 1329 strlcpy(ifra.ifra_name, ifp->name, sizeof(ifra.ifra_name)); 1330 ifra.ifra_addr.sin_family = AF_INET; 1331 ifra.ifra_addr.sin_len = sizeof(ifra.ifra_addr); 1332 ifra.ifra_addr.sin_addr = addr; 1333 if (ioctl(ctx->pf_inet_fd, SIOCGIFALIAS, &ifra) == -1) { 1334 if (errno != ENXIO && errno != EADDRNOTAVAIL) 1335 logerr("%s: SIOCGIFALIAS", __func__); 1336 if (ifam->ifam_type != RTM_DELADDR) 1337 break; 1338 } else { 1339 if (ifam->ifam_type == RTM_DELADDR) 1340 break; 1341 #if defined(__NetBSD_Version__) && __NetBSD_Version__ < 800000000 1342 bcast = ifra.ifra_broadaddr.sin_addr; 1343 #endif 1344 } 1345 #else 1346 #warning No SIOCGIFALIAS support 1347 /* 1348 * No SIOCGIFALIAS? That sucks! 1349 * This makes this call very heavy weight, but we 1350 * really need to know if the message is late or not. 1351 */ 1352 const struct sockaddr *sa; 1353 struct ifaddrs *ifaddrs = NULL, *ifa; 1354 1355 sa = rti_info[RTAX_IFA]; 1356 getifaddrs(&ifaddrs); 1357 for (ifa = ifaddrs; ifa; ifa = ifa->ifa_next) { 1358 if (ifa->ifa_addr == NULL) 1359 continue; 1360 if (sa_cmp(ifa->ifa_addr, sa) == 0 && 1361 strcmp(ifa->ifa_name, ifp->name) == 0) 1362 break; 1363 } 1364 freeifaddrs(ifaddrs); 1365 if (ifam->ifam_type == RTM_DELADDR) { 1366 if (ifa != NULL) 1367 break; 1368 } else { 1369 if (ifa == NULL) 1370 break; 1371 } 1372 #endif 1373 1374 #ifdef HAVE_IFAM_ADDRFLAGS 1375 flags = ifam->ifam_addrflags; 1376 #else 1377 flags = 0; 1378 #endif 1379 1380 ipv4_handleifa(ctx, ifam->ifam_type, NULL, ifp->name, 1381 &addr, &mask, &bcast, flags, pid); 1382 break; 1383 } 1384 #endif 1385 #ifdef INET6 1386 case AF_INET6: 1387 { 1388 struct in6_addr addr6, mask6; 1389 const struct sockaddr_in6 *sin6; 1390 1391 sin6 = (const void *)rti_info[RTAX_IFA]; 1392 addr6 = sin6->sin6_addr; 1393 sin6 = (const void *)rti_info[RTAX_NETMASK]; 1394 mask6 = sin6->sin6_addr; 1395 1396 /* 1397 * If the address was deleted, lets check if it's 1398 * a late message and it still exists (maybe modified). 1399 * If so, ignore it as deleting an address causes 1400 * dhcpcd to drop any lease to which it belongs. 1401 * Also check an added address was really added. 1402 */ 1403 flags = if_addrflags6(ifp, &addr6, NULL); 1404 if (flags == -1) { 1405 if (errno != ENXIO && errno != EADDRNOTAVAIL) 1406 logerr("%s: if_addrflags6", __func__); 1407 if (ifam->ifam_type != RTM_DELADDR) 1408 break; 1409 flags = 0; 1410 } else if (ifam->ifam_type == RTM_DELADDR) 1411 break; 1412 1413 #ifdef __KAME__ 1414 if (IN6_IS_ADDR_LINKLOCAL(&addr6)) 1415 /* Remove the scope from the address */ 1416 addr6.s6_addr[2] = addr6.s6_addr[3] = '\0'; 1417 #endif 1418 1419 ipv6_handleifa(ctx, ifam->ifam_type, NULL, 1420 ifp->name, &addr6, ipv6_prefixlen(&mask6), flags, pid); 1421 break; 1422 } 1423 #endif 1424 } 1425 1426 return 0; 1427 } 1428 1429 static int 1430 if_dispatch(struct dhcpcd_ctx *ctx, const struct rt_msghdr *rtm) 1431 { 1432 1433 if (rtm->rtm_version != RTM_VERSION) 1434 return 0; 1435 1436 switch(rtm->rtm_type) { 1437 #ifdef RTM_IFANNOUNCE 1438 case RTM_IFANNOUNCE: 1439 return if_announce(ctx, (const void *)rtm); 1440 #endif 1441 case RTM_IFINFO: 1442 return if_ifinfo(ctx, (const void *)rtm); 1443 case RTM_ADD: /* FALLTHROUGH */ 1444 case RTM_CHANGE: /* FALLTHROUGH */ 1445 case RTM_DELETE: /* FALLTHROUGH */ 1446 case RTM_MISS: 1447 return if_rtm(ctx, (const void *)rtm); 1448 #ifdef RTM_CHGADDR 1449 case RTM_CHGADDR: /* FALLTHROUGH */ 1450 #endif 1451 case RTM_DELADDR: /* FALLTHROUGH */ 1452 case RTM_NEWADDR: 1453 return if_ifa(ctx, (const void *)rtm); 1454 #ifdef RTM_DESYNC 1455 case RTM_DESYNC: 1456 dhcpcd_linkoverflow(ctx); 1457 #elif !defined(SO_RERROR) 1458 #warning cannot detect route socket overflow within kernel 1459 #endif 1460 } 1461 1462 return 0; 1463 } 1464 1465 static int 1466 if_missfilter0(struct dhcpcd_ctx *ctx, struct interface *ifp, 1467 struct sockaddr *sa) 1468 { 1469 size_t salen = (size_t)RT_ROUNDUP(sa->sa_len); 1470 size_t newlen = ctx->rt_missfilterlen + salen; 1471 size_t diff = salen - (sa->sa_len); 1472 uint8_t *cp; 1473 1474 if (ctx->rt_missfiltersize < newlen) { 1475 void *n = realloc(ctx->rt_missfilter, newlen); 1476 if (n == NULL) 1477 return -1; 1478 ctx->rt_missfilter = n; 1479 ctx->rt_missfiltersize = newlen; 1480 } 1481 1482 #ifdef INET6 1483 if (sa->sa_family == AF_INET6) 1484 ipv6_setscope(satosin6(sa), ifp->index); 1485 #else 1486 UNUSED(ifp); 1487 #endif 1488 1489 cp = ctx->rt_missfilter + ctx->rt_missfilterlen; 1490 memcpy(cp, sa, sa->sa_len); 1491 if (diff != 0) 1492 memset(cp + sa->sa_len, 0, diff); 1493 ctx->rt_missfilterlen += salen; 1494 1495 #ifdef INET6 1496 if (sa->sa_family == AF_INET6) 1497 ipv6_setscope(satosin6(sa), 0); 1498 #endif 1499 1500 return 0; 1501 } 1502 1503 int 1504 if_missfilter(struct interface *ifp, struct sockaddr *sa) 1505 { 1506 1507 return if_missfilter0(ifp->ctx, ifp, sa); 1508 } 1509 1510 int 1511 if_missfilter_apply(struct dhcpcd_ctx *ctx) 1512 { 1513 #ifdef RO_MISSFILTER 1514 if (ctx->rt_missfilterlen == 0) { 1515 struct sockaddr sa = { 1516 .sa_family = AF_UNSPEC, 1517 .sa_len = sizeof(sa), 1518 }; 1519 1520 if (if_missfilter0(ctx, NULL, &sa) == -1) 1521 return -1; 1522 } 1523 1524 return setsockopt(ctx->link_fd, PF_ROUTE, RO_MISSFILTER, 1525 ctx->rt_missfilter, (socklen_t)ctx->rt_missfilterlen); 1526 #else 1527 #warning kernel does not support RTM_MISS DST filtering 1528 UNUSED(ctx); 1529 errno = ENOTSUP; 1530 return -1; 1531 #endif 1532 } 1533 1534 __CTASSERT(offsetof(struct rt_msghdr, rtm_msglen) == 0); 1535 int 1536 if_handlelink(struct dhcpcd_ctx *ctx) 1537 { 1538 struct rtm rtm; 1539 ssize_t len; 1540 1541 len = read(ctx->link_fd, &rtm, sizeof(rtm)); 1542 if (len == -1) 1543 return -1; 1544 if (len == 0) 1545 return 0; 1546 if ((size_t)len < sizeof(rtm.hdr.rtm_msglen) || 1547 len != rtm.hdr.rtm_msglen) 1548 { 1549 errno = EINVAL; 1550 return -1; 1551 } 1552 /* 1553 * Coverity thinks that the data could be tainted from here. 1554 * I have no idea how because the length of the data we read 1555 * is guarded by len and checked to match rtm_msglen. 1556 * The issue seems to be related to extracting the addresses 1557 * at the end of the header, but seems to have no issues with the 1558 * equivalent call in if_initrt. 1559 */ 1560 /* coverity[tainted_data] */ 1561 return if_dispatch(ctx, &rtm.hdr); 1562 } 1563 1564 #ifndef SYS_NMLN /* OSX */ 1565 # define SYS_NMLN __SYS_NAMELEN 1566 #endif 1567 #ifndef HW_MACHINE_ARCH 1568 # ifdef HW_MODEL /* OpenBSD */ 1569 # define HW_MACHINE_ARCH HW_MODEL 1570 # endif 1571 #endif 1572 int 1573 if_machinearch(char *str, size_t len) 1574 { 1575 int mib[2] = { CTL_HW, HW_MACHINE_ARCH }; 1576 1577 return sysctl(mib, sizeof(mib) / sizeof(mib[0]), str, &len, NULL, 0); 1578 } 1579 1580 #ifdef INET6 1581 #if (defined(IPV6CTL_ACCEPT_RTADV) && !defined(ND6_IFF_ACCEPT_RTADV)) || \ 1582 defined(IPV6CTL_FORWARDING) 1583 #define get_inet6_sysctl(code) inet6_sysctl(code, 0, 0) 1584 #define set_inet6_sysctl(code, val) inet6_sysctl(code, val, 1) 1585 static int 1586 inet6_sysctl(int code, int val, int action) 1587 { 1588 int mib[] = { CTL_NET, PF_INET6, IPPROTO_IPV6, 0 }; 1589 size_t size; 1590 1591 mib[3] = code; 1592 size = sizeof(val); 1593 if (action) { 1594 if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), 1595 NULL, 0, &val, size) == -1) 1596 return -1; 1597 return 0; 1598 } 1599 if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &val, &size, NULL, 0) == -1) 1600 return -1; 1601 return val; 1602 } 1603 #endif 1604 1605 int 1606 if_applyra(const struct ra *rap) 1607 { 1608 #ifdef SIOCSIFINFO_IN6 1609 struct in6_ndireq nd = { .ndi.chlim = 0 }; 1610 struct dhcpcd_ctx *ctx = rap->iface->ctx; 1611 int error; 1612 1613 strlcpy(nd.ifname, rap->iface->name, sizeof(nd.ifname)); 1614 1615 #ifdef IPV6CTL_ACCEPT_RTADV 1616 struct priv *priv = ctx->priv; 1617 1618 /* 1619 * NetBSD changed SIOCSIFINFO_IN6 to NOT set flags when kernel 1620 * RA was removed, however both FreeBSD and DragonFlyBSD still do. 1621 * linkmtu was also removed. 1622 * Hopefully this guard will still work if either remove kernel RA. 1623 */ 1624 if (ioctl(priv->pf_inet6_fd, SIOCGIFINFO_IN6, &nd, sizeof(nd)) == -1) 1625 return -1; 1626 1627 nd.ndi.linkmtu = rap->mtu; 1628 #endif 1629 1630 nd.ndi.chlim = rap->hoplimit; 1631 nd.ndi.retrans = rap->retrans; 1632 nd.ndi.basereachable = rap->reachable; 1633 error = if_ioctl6(ctx, SIOCSIFINFO_IN6, &nd, sizeof(nd)); 1634 #ifdef IPV6CTL_ACCEPT_RTADV 1635 if (error == -1 && errno == EINVAL) { 1636 /* 1637 * Very likely that this is caused by a dodgy MTU 1638 * setting specific to the interface. 1639 * Let's set it to "unspecified" and try again. 1640 * Doesn't really matter as we fix the MTU against the 1641 * routes we add as not all OS support SIOCSIFINFO_IN6. 1642 */ 1643 nd.ndi.linkmtu = 0; 1644 error = if_ioctl6(ctx, SIOCSIFINFO_IN6, &nd, sizeof(nd)); 1645 } 1646 #endif 1647 return error; 1648 #else 1649 #warning OS does not allow setting of RA bits hoplimit, retrans or reachable 1650 UNUSED(rap); 1651 return 0; 1652 #endif 1653 } 1654 1655 #ifndef IPV6CTL_FORWARDING 1656 #define get_inet6_sysctlbyname(code) inet6_sysctlbyname(code, 0, 0) 1657 #define set_inet6_sysctlbyname(code, val) inet6_sysctlbyname(code, val, 1) 1658 static int 1659 inet6_sysctlbyname(const char *name, int val, int action) 1660 { 1661 size_t size; 1662 1663 size = sizeof(val); 1664 if (action) { 1665 if (sysctlbyname(name, NULL, 0, &val, size) == -1) 1666 return -1; 1667 return 0; 1668 } 1669 if (sysctlbyname(name, &val, &size, NULL, 0) == -1) 1670 return -1; 1671 return val; 1672 } 1673 #endif 1674 1675 int 1676 ip6_forwarding(__unused const char *ifname) 1677 { 1678 int val; 1679 1680 #ifdef IPV6CTL_FORWARDING 1681 val = get_inet6_sysctl(IPV6CTL_FORWARDING); 1682 #else 1683 val = get_inet6_sysctlbyname("net.inet6.ip6.forwarding"); 1684 #endif 1685 return val < 0 ? 0 : val; 1686 } 1687 1688 #ifdef SIOCIFAFATTACH 1689 static int 1690 if_af_attach(const struct interface *ifp, int af) 1691 { 1692 struct if_afreq ifar; 1693 1694 strlcpy(ifar.ifar_name, ifp->name, sizeof(ifar.ifar_name)); 1695 ifar.ifar_af = af; 1696 return if_ioctl6(ifp->ctx, SIOCIFAFATTACH, &ifar, sizeof(ifar)); 1697 } 1698 #endif 1699 1700 #ifdef SIOCGIFXFLAGS 1701 static int 1702 if_set_ifxflags(const struct interface *ifp) 1703 { 1704 struct ifreq ifr; 1705 int flags; 1706 struct priv *priv = ifp->ctx->priv; 1707 1708 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name)); 1709 if (ioctl(priv->pf_inet6_fd, SIOCGIFXFLAGS, &ifr) == -1) 1710 return -1; 1711 flags = ifr.ifr_flags; 1712 #ifdef IFXF_NOINET6 1713 flags &= ~IFXF_NOINET6; 1714 #endif 1715 /* 1716 * If not doing autoconf, don't disable the kernel from doing it. 1717 * If we need to, we should have another option actively disable it. 1718 * 1719 * OpenBSD moved from kernel based SLAAC to userland via slaacd(8). 1720 * It has a similar featureset to dhcpcd such as stable private 1721 * addresses, but lacks the ability to handle DNS inside the RA 1722 * which is a serious shortfall in this day and age. 1723 * Appease their user base by working alongside slaacd(8) if 1724 * dhcpcd is instructed not to do auto configuration of addresses. 1725 */ 1726 #if defined(ND6_IFF_ACCEPT_RTADV) 1727 #define BSD_AUTOCONF DHCPCD_IPV6RS 1728 #else 1729 #define BSD_AUTOCONF DHCPCD_IPV6RA_AUTOCONF 1730 #endif 1731 if (ifp->options->options & BSD_AUTOCONF) 1732 flags &= ~IFXF_AUTOCONF6; 1733 if (ifr.ifr_flags == flags) 1734 return 0; 1735 ifr.ifr_flags = flags; 1736 return if_ioctl6(ifp->ctx, SIOCSIFXFLAGS, &ifr, sizeof(ifr)); 1737 } 1738 #endif 1739 1740 /* OpenBSD removed ND6 flags entirely, so we need to check for their 1741 * existance. */ 1742 #if defined(ND6_IFF_AUTO_LINKLOCAL) || \ 1743 defined(ND6_IFF_PERFORMNUD) || \ 1744 defined(ND6_IFF_ACCEPT_RTADV) || \ 1745 defined(ND6_IFF_OVERRIDE_RTADV) || \ 1746 defined(ND6_IFF_IFDISABLED) 1747 #define ND6_NDI_FLAGS 1748 #endif 1749 1750 void 1751 if_disable_rtadv(void) 1752 { 1753 #if defined(IPV6CTL_ACCEPT_RTADV) && !defined(ND6_IFF_ACCEPT_RTADV) 1754 int ra = get_inet6_sysctl(IPV6CTL_ACCEPT_RTADV); 1755 1756 if (ra == -1) { 1757 if (errno != ENOENT) 1758 logerr("IPV6CTL_ACCEPT_RTADV"); 1759 else if (ra != 0) 1760 if (set_inet6_sysctl(IPV6CTL_ACCEPT_RTADV, 0) == -1) 1761 logerr("IPV6CTL_ACCEPT_RTADV"); 1762 } 1763 #endif 1764 } 1765 1766 void 1767 if_setup_inet6(const struct interface *ifp) 1768 { 1769 struct priv *priv; 1770 int s; 1771 #ifdef ND6_NDI_FLAGS 1772 struct in6_ndireq nd; 1773 int flags; 1774 #endif 1775 1776 priv = (struct priv *)ifp->ctx->priv; 1777 s = priv->pf_inet6_fd; 1778 1779 #ifdef ND6_NDI_FLAGS 1780 memset(&nd, 0, sizeof(nd)); 1781 strlcpy(nd.ifname, ifp->name, sizeof(nd.ifname)); 1782 if (ioctl(s, SIOCGIFINFO_IN6, &nd) == -1) 1783 logerr("%s: SIOCGIFINFO_FLAGS", ifp->name); 1784 flags = (int)nd.ndi.flags; 1785 #endif 1786 1787 #ifdef ND6_IFF_AUTO_LINKLOCAL 1788 /* Unlike the kernel, dhcpcd make make a stable private address. */ 1789 flags &= ~ND6_IFF_AUTO_LINKLOCAL; 1790 #endif 1791 1792 #ifdef ND6_IFF_PERFORMNUD 1793 /* NUD is kind of essential. */ 1794 flags |= ND6_IFF_PERFORMNUD; 1795 #endif 1796 1797 #ifdef ND6_IFF_IFDISABLED 1798 /* Ensure the interface is not disabled. */ 1799 flags &= ~ND6_IFF_IFDISABLED; 1800 #endif 1801 1802 /* 1803 * If not doing autoconf, don't disable the kernel from doing it. 1804 * If we need to, we should have another option actively disable it. 1805 */ 1806 #ifdef ND6_IFF_ACCEPT_RTADV 1807 if (ifp->options->options & DHCPCD_IPV6RS) 1808 flags &= ~ND6_IFF_ACCEPT_RTADV; 1809 #ifdef ND6_IFF_OVERRIDE_RTADV 1810 if (ifp->options->options & DHCPCD_IPV6RS) 1811 flags |= ND6_IFF_OVERRIDE_RTADV; 1812 #endif 1813 #endif 1814 1815 #ifdef ND6_NDI_FLAGS 1816 if (nd.ndi.flags != (uint32_t)flags) { 1817 nd.ndi.flags = (uint32_t)flags; 1818 if (if_ioctl6(ifp->ctx, SIOCSIFINFO_FLAGS, 1819 &nd, sizeof(nd)) == -1) 1820 logerr("%s: SIOCSIFINFO_FLAGS", ifp->name); 1821 } 1822 #endif 1823 1824 /* Enabling IPv6 by whatever means must be the 1825 * last action undertaken to ensure kernel RS and 1826 * LLADDR auto configuration are disabled where applicable. */ 1827 #ifdef SIOCIFAFATTACH 1828 if (if_af_attach(ifp, AF_INET6) == -1) 1829 logerr("%s: if_af_attach", ifp->name); 1830 #endif 1831 1832 #ifdef SIOCGIFXFLAGS 1833 if (if_set_ifxflags(ifp) == -1) 1834 logerr("%s: set_ifxflags", ifp->name); 1835 #endif 1836 1837 #ifdef SIOCSRTRFLUSH_IN6 1838 /* Flush the kernel knowledge of advertised routers 1839 * and prefixes so the kernel does not expire prefixes 1840 * and default routes we are trying to own. */ 1841 if (ifp->options->options & DHCPCD_IPV6RS) { 1842 struct in6_ifreq ifr; 1843 1844 memset(&ifr, 0, sizeof(ifr)); 1845 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name)); 1846 if (if_ioctl6(ifp->ctx, SIOCSRTRFLUSH_IN6, 1847 &ifr, sizeof(ifr)) == -1 && 1848 errno != ENOTSUP && errno != ENOTTY) 1849 logwarn("SIOCSRTRFLUSH_IN6 %d", errno); 1850 #ifdef SIOCSPFXFLUSH_IN6 1851 if (if_ioctl6(ifp->ctx, SIOCSPFXFLUSH_IN6, 1852 &ifr, sizeof(ifr)) == -1 && 1853 errno != ENOTSUP && errno != ENOTTY) 1854 logwarn("SIOCSPFXFLUSH_IN6"); 1855 #endif 1856 } 1857 #endif 1858 } 1859 #endif 1860