1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * dhcpcd - DHCP client daemon 4 * Copyright (c) 2006-2019 Roy Marples <roy@marples.name> 5 * All rights reserved 6 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/param.h> 30 #include <sys/types.h> 31 #include <sys/socket.h> 32 #include <sys/stat.h> 33 34 #include <arpa/inet.h> 35 #include <net/if.h> 36 #include <net/route.h> 37 #include <netinet/in.h> 38 #include <netinet/if_ether.h> 39 40 #include "config.h" 41 42 #ifdef HAVE_SYS_BITOPS_H 43 #include <sys/bitops.h> 44 #else 45 #include "compat/bitops.h" 46 #endif 47 48 #ifdef BSD 49 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used 50 * to generate our CAN_ADD_LLADDR #define. */ 51 # include <netinet6/in6_var.h> 52 # include <netinet6/nd6.h> 53 #endif 54 55 #include <errno.h> 56 #include <ifaddrs.h> 57 #include <inttypes.h> 58 #include <stdlib.h> 59 #include <string.h> 60 #include <unistd.h> 61 62 #define ELOOP_QUEUE 7 63 #include "common.h" 64 #include "if.h" 65 #include "dhcpcd.h" 66 #include "dhcp6.h" 67 #include "eloop.h" 68 #include "ipv6.h" 69 #include "ipv6nd.h" 70 #include "logerr.h" 71 #include "sa.h" 72 #include "script.h" 73 74 #ifdef HAVE_MD5_H 75 # ifndef DEPGEN 76 # include <md5.h> 77 # endif 78 #endif 79 80 #ifdef SHA2_H 81 # include SHA2_H 82 #endif 83 84 #ifndef SHA256_DIGEST_LENGTH 85 # define SHA256_DIGEST_LENGTH 32 86 #endif 87 88 #ifdef IPV6_POLLADDRFLAG 89 # warning kernel does not report IPv6 address flag changes 90 # warning polling tentative address flags periodically 91 #endif 92 93 /* Hackery at it's finest. */ 94 #ifndef s6_addr32 95 # ifdef __sun 96 # define s6_addr32 _S6_un._S6_u32 97 # else 98 # define s6_addr32 __u6_addr.__u6_addr32 99 # endif 100 #endif 101 102 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \ 103 defined(IFF_NOLINKLOCAL) 104 /* Only add the LL address if we have a carrier, so DaD works. */ 105 #define CAN_ADD_LLADDR(ifp) \ 106 (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN) 107 #ifdef __sun 108 /* Although we can add our own LL address, we cannot drop it 109 * without unplumbing the if which is a lot of code. 110 * So just keep it for the time being. */ 111 #define CAN_DROP_LLADDR(ifp) (0) 112 #else 113 #define CAN_DROP_LLADDR(ifp) (1) 114 #endif 115 #else 116 /* We have no control over the OS adding the LLADDR, so just let it do it 117 * as we cannot force our own view on it. */ 118 #define CAN_ADD_LLADDR(ifp) (0) 119 #define CAN_DROP_LLADDR(ifp) (0) 120 #endif 121 122 #ifdef IPV6_MANAGETEMPADDR 123 static void ipv6_regentempifid(void *); 124 static void ipv6_regentempaddr(void *); 125 #else 126 #define ipv6_regentempifid(a) {} 127 #endif 128 129 int 130 ipv6_init(struct dhcpcd_ctx *ctx) 131 { 132 133 if (ctx->ra_routers != NULL) 134 return 0; 135 136 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers)); 137 if (ctx->ra_routers == NULL) 138 return -1; 139 TAILQ_INIT(ctx->ra_routers); 140 141 #ifndef __sun 142 ctx->nd_fd = -1; 143 #endif 144 ctx->dhcp6_fd = -1; 145 return 0; 146 } 147 148 static ssize_t 149 ipv6_readsecret(struct dhcpcd_ctx *ctx) 150 { 151 FILE *fp; 152 char line[1024]; 153 unsigned char *p; 154 size_t len; 155 uint32_t r; 156 int x; 157 158 if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0) 159 return (ssize_t)ctx->secret_len; 160 161 if (errno != ENOENT) 162 logerr("%s: %s", __func__, SECRET); 163 164 /* Chaining arc4random should be good enough. 165 * RFC7217 section 5.1 states the key SHOULD be at least 128 bits. 166 * To attempt and future proof ourselves, we'll generate a key of 167 * 512 bits (64 bytes). */ 168 if (ctx->secret_len < 64) { 169 if ((ctx->secret = malloc(64)) == NULL) { 170 logerr(__func__); 171 return -1; 172 } 173 ctx->secret_len = 64; 174 } 175 p = ctx->secret; 176 for (len = 0; len < 512 / NBBY; len += sizeof(r)) { 177 r = arc4random(); 178 memcpy(p, &r, sizeof(r)); 179 p += sizeof(r); 180 } 181 182 /* Ensure that only the dhcpcd user can read the secret. 183 * Write permission is also denied as chaning it would remove 184 * it's stability. */ 185 if ((fp = fopen(SECRET, "w")) == NULL || 186 chmod(SECRET, S_IRUSR) == -1) 187 goto eexit; 188 x = fprintf(fp, "%s\n", 189 hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line))); 190 if (fclose(fp) == EOF) 191 x = -1; 192 fp = NULL; 193 if (x > 0) 194 return (ssize_t)ctx->secret_len; 195 196 eexit: 197 logerr("%s: %s", __func__, SECRET); 198 if (fp != NULL) 199 fclose(fp); 200 unlink(SECRET); 201 ctx->secret_len = 0; 202 return -1; 203 } 204 205 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml 206 * RFC5453 */ 207 static const struct reslowhigh { 208 const uint8_t high[8]; 209 const uint8_t low[8]; 210 } reslowhigh[] = { 211 /* RFC4291 + RFC6543 */ 212 { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 }, 213 { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } }, 214 /* RFC2526 */ 215 { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 }, 216 { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } } 217 }; 218 219 static int 220 ipv6_reserved(const struct in6_addr *addr) 221 { 222 uint64_t id, low, high; 223 size_t i; 224 const struct reslowhigh *r; 225 226 id = be64dec(addr->s6_addr + sizeof(id)); 227 if (id == 0) /* RFC4291 */ 228 return 1; 229 for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) { 230 r = &reslowhigh[i]; 231 low = be64dec(r->low); 232 high = be64dec(r->high); 233 if (id >= low && id <= high) 234 return 1; 235 } 236 return 0; 237 } 238 239 /* RFC7217 */ 240 static int 241 ipv6_makestableprivate1(struct in6_addr *addr, 242 const struct in6_addr *prefix, int prefix_len, 243 const unsigned char *netiface, size_t netiface_len, 244 const unsigned char *netid, size_t netid_len, 245 unsigned short vlanid, 246 uint32_t *dad_counter, 247 const unsigned char *secret, size_t secret_len) 248 { 249 unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH]; 250 size_t len, l; 251 SHA256_CTX ctx; 252 253 if (prefix_len < 0 || prefix_len > 120) { 254 errno = EINVAL; 255 return -1; 256 } 257 258 l = (size_t)(ROUNDUP8(prefix_len) / NBBY); 259 len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len; 260 if (vlanid != 0) 261 len += sizeof(vlanid); 262 if (len > sizeof(buf)) { 263 errno = ENOBUFS; 264 return -1; 265 } 266 267 for (;; (*dad_counter)++) { 268 /* Combine all parameters into one buffer */ 269 p = buf; 270 memcpy(p, prefix, l); 271 p += l; 272 memcpy(p, netiface, netiface_len); 273 p += netiface_len; 274 memcpy(p, netid, netid_len); 275 p += netid_len; 276 /* Don't use a vlanid if not set. 277 * This ensures prior versions have the same unique address. */ 278 if (vlanid != 0) { 279 memcpy(p, &vlanid, sizeof(vlanid)); 280 p += sizeof(vlanid); 281 } 282 memcpy(p, dad_counter, sizeof(*dad_counter)); 283 p += sizeof(*dad_counter); 284 memcpy(p, secret, secret_len); 285 286 /* Make an address using the digest of the above. 287 * RFC7217 Section 5.1 states that we shouldn't use MD5. 288 * Pity as we use that for HMAC-MD5 which is still deemed OK. 289 * SHA-256 is recommended */ 290 SHA256_Init(&ctx); 291 SHA256_Update(&ctx, buf, len); 292 SHA256_Final(digest, &ctx); 293 294 p = addr->s6_addr; 295 memcpy(p, prefix, l); 296 /* RFC7217 section 5.2 says we need to start taking the id from 297 * the least significant bit */ 298 len = sizeof(addr->s6_addr) - l; 299 memcpy(p + l, digest + (sizeof(digest) - len), len); 300 301 /* Ensure that the Interface ID does not match a reserved one, 302 * if it does then treat it as a DAD failure. 303 * RFC7217 section 5.2 */ 304 if (prefix_len != 64) 305 break; 306 if (!ipv6_reserved(addr)) 307 break; 308 } 309 310 return 0; 311 } 312 313 int 314 ipv6_makestableprivate(struct in6_addr *addr, 315 const struct in6_addr *prefix, int prefix_len, 316 const struct interface *ifp, 317 int *dad_counter) 318 { 319 uint32_t dad; 320 int r; 321 322 if (ifp->ctx->secret_len == 0) { 323 if (ipv6_readsecret(ifp->ctx) == -1) 324 return -1; 325 } 326 327 dad = (uint32_t)*dad_counter; 328 329 /* For our implementation, we shall set the hardware address 330 * as the interface identifier */ 331 r = ipv6_makestableprivate1(addr, prefix, prefix_len, 332 ifp->hwaddr, ifp->hwlen, 333 ifp->ssid, ifp->ssid_len, 334 ifp->vlanid, &dad, 335 ifp->ctx->secret, ifp->ctx->secret_len); 336 337 if (r == 0) 338 *dad_counter = (int)dad; 339 return r; 340 } 341 342 int 343 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp, 344 const struct in6_addr *prefix, int prefix_len) 345 { 346 const struct ipv6_addr *ap; 347 int dad; 348 349 if (prefix_len < 0 || prefix_len > 120) { 350 errno = EINVAL; 351 return -1; 352 } 353 354 if (ifp->options->options & DHCPCD_SLAACPRIVATE) { 355 dad = 0; 356 if (ipv6_makestableprivate(addr, 357 prefix, prefix_len, ifp, &dad) == -1) 358 return -1; 359 return dad; 360 } 361 362 if (prefix_len > 64) { 363 errno = EINVAL; 364 return -1; 365 } 366 if ((ap = ipv6_linklocal(ifp)) == NULL) { 367 /* We delay a few functions until we get a local-link address 368 * so this should never be hit. */ 369 errno = ENOENT; 370 return -1; 371 } 372 373 /* Make the address from the first local-link address */ 374 memcpy(addr, prefix, sizeof(*prefix)); 375 addr->s6_addr32[2] = ap->addr.s6_addr32[2]; 376 addr->s6_addr32[3] = ap->addr.s6_addr32[3]; 377 return 0; 378 } 379 380 static int 381 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len) 382 { 383 int bytes, bits; 384 385 if (len < 0 || len > 128) { 386 errno = EINVAL; 387 return -1; 388 } 389 390 bytes = len / NBBY; 391 bits = len % NBBY; 392 memcpy(&prefix->s6_addr, &addr->s6_addr, (size_t)bytes); 393 if (bits != 0) { 394 /* Coverify false positive. 395 * bytelen cannot be 16 if bitlen is non zero */ 396 /* coverity[overrun-local] */ 397 prefix->s6_addr[bytes] = 398 (uint8_t)(prefix->s6_addr[bytes] >> (NBBY - bits)); 399 } 400 memset((char *)prefix->s6_addr + bytes, 0, 401 sizeof(prefix->s6_addr) - (size_t)bytes); 402 return 0; 403 } 404 405 int 406 ipv6_mask(struct in6_addr *mask, int len) 407 { 408 static const unsigned char masks[NBBY] = 409 { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff }; 410 int bytes, bits, i; 411 412 if (len < 0 || len > 128) { 413 errno = EINVAL; 414 return -1; 415 } 416 417 memset(mask, 0, sizeof(*mask)); 418 bytes = len / NBBY; 419 bits = len % NBBY; 420 for (i = 0; i < bytes; i++) 421 mask->s6_addr[i] = 0xff; 422 if (bits != 0) { 423 /* Coverify false positive. 424 * bytelen cannot be 16 if bitlen is non zero */ 425 /* coverity[overrun-local] */ 426 mask->s6_addr[bytes] = masks[bits - 1]; 427 } 428 return 0; 429 } 430 431 uint8_t 432 ipv6_prefixlen(const struct in6_addr *mask) 433 { 434 int x = 0, y; 435 const unsigned char *lim, *p; 436 437 lim = (const unsigned char *)mask + sizeof(*mask); 438 for (p = (const unsigned char *)mask; p < lim; x++, p++) { 439 if (*p != 0xff) 440 break; 441 } 442 y = 0; 443 if (p < lim) { 444 for (y = 0; y < NBBY; y++) { 445 if ((*p & (0x80 >> y)) == 0) 446 break; 447 } 448 } 449 450 /* 451 * when the limit pointer is given, do a stricter check on the 452 * remaining bits. 453 */ 454 if (p < lim) { 455 if (y != 0 && (*p & (0x00ff >> y)) != 0) 456 return 0; 457 for (p = p + 1; p < lim; p++) 458 if (*p != 0) 459 return 0; 460 } 461 462 return (uint8_t)(x * NBBY + y); 463 } 464 465 static void 466 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr) 467 { 468 469 *vhigh = be64dec(addr->s6_addr); 470 *vlow = be64dec(addr->s6_addr + 8); 471 } 472 473 static void 474 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow) 475 { 476 477 be64enc(addr->s6_addr, vhigh); 478 be64enc(addr->s6_addr + 8, vlow); 479 } 480 481 int 482 ipv6_userprefix( 483 const struct in6_addr *prefix, // prefix from router 484 short prefix_len, // length of prefix received 485 uint64_t user_number, // "random" number from user 486 struct in6_addr *result, // resultant prefix 487 short result_len) // desired prefix length 488 { 489 uint64_t vh, vl, user_low, user_high; 490 491 if (prefix_len < 1 || prefix_len > 128 || 492 result_len < 1 || result_len > 128) 493 { 494 errno = EINVAL; 495 return -1; 496 } 497 498 /* Check that the user_number fits inside result_len less prefix_len */ 499 if (result_len < prefix_len || 500 fls64(user_number) > result_len - prefix_len) 501 { 502 errno = ERANGE; 503 return -1; 504 } 505 506 /* If user_number is zero, just copy the prefix into the result. */ 507 if (user_number == 0) { 508 *result = *prefix; 509 return 0; 510 } 511 512 /* Shift user_number so it fit's just inside result_len. 513 * Shifting by 0 or sizeof(user_number) is undefined, 514 * so we cater for that. */ 515 if (result_len == 128) { 516 user_high = 0; 517 user_low = user_number; 518 } else if (result_len > 64) { 519 if (prefix_len >= 64) 520 user_high = 0; 521 else 522 user_high = user_number >> (result_len - prefix_len); 523 user_low = user_number << (128 - result_len); 524 } else if (result_len == 64) { 525 user_high = user_number; 526 user_low = 0; 527 } else { 528 user_high = user_number << (64 - result_len); 529 user_low = 0; 530 } 531 532 /* convert to two 64bit host order values */ 533 in6_to_h64(&vh, &vl, prefix); 534 535 vh |= user_high; 536 vl |= user_low; 537 538 /* copy back result */ 539 h64_to_in6(result, vh, vl); 540 541 return 0; 542 } 543 544 #ifdef IPV6_POLLADDRFLAG 545 void 546 ipv6_checkaddrflags(void *arg) 547 { 548 struct ipv6_addr *ia; 549 int flags; 550 const char *alias; 551 552 ia = arg; 553 #ifdef ALIAS_ADDR 554 alias = ia->alias; 555 #else 556 alias = NULL; 557 #endif 558 if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) { 559 if (errno != EEXIST && errno != EADDRNOTAVAIL) 560 logerr("%s: if_addrflags6", __func__); 561 return; 562 } 563 564 if (!(flags & IN6_IFF_TENTATIVE)) { 565 /* Simulate the kernel announcing the new address. */ 566 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR, 567 ia->iface->ctx->ifaces, ia->iface->name, 568 &ia->addr, ia->prefix_len, flags, 0); 569 } else { 570 /* Still tentative? Check again in a bit. */ 571 struct timespec tv; 572 573 ms_to_ts(&tv, RETRANS_TIMER / 2); 574 eloop_timeout_add_tv(ia->iface->ctx->eloop, &tv, 575 ipv6_checkaddrflags, ia); 576 } 577 } 578 #endif 579 580 static void 581 ipv6_deletedaddr(struct ipv6_addr *ia) 582 { 583 584 #ifdef SMALL 585 UNUSED(ia); 586 #else 587 /* NOREJECT is set if we delegated exactly the prefix to another 588 * address. 589 * This can only be one address, so just clear the flag. 590 * This should ensure the reject route will be restored. */ 591 if (ia->delegating_prefix != NULL) 592 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT; 593 #endif 594 } 595 596 void 597 ipv6_deleteaddr(struct ipv6_addr *ia) 598 { 599 struct ipv6_state *state; 600 struct ipv6_addr *ap; 601 602 loginfox("%s: deleting address %s", ia->iface->name, ia->saddr); 603 if (if_address6(RTM_DELADDR, ia) == -1 && 604 errno != EADDRNOTAVAIL && errno != ESRCH && 605 errno != ENXIO && errno != ENODEV) 606 logerr(__func__); 607 608 ipv6_deletedaddr(ia); 609 610 state = IPV6_STATE(ia->iface); 611 TAILQ_FOREACH(ap, &state->addrs, next) { 612 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) { 613 TAILQ_REMOVE(&state->addrs, ap, next); 614 ipv6_freeaddr(ap); 615 break; 616 } 617 } 618 619 #ifdef ND6_ADVERTISE 620 /* Advertise the address if it exists on another interface. */ 621 ipv6nd_advertise(ia); 622 #endif 623 } 624 625 static int 626 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now) 627 { 628 struct interface *ifp; 629 uint32_t pltime, vltime; 630 __printflike(1, 2) void (*logfunc)(const char *, ...); 631 #ifdef ND6_ADVERTISE 632 bool vltime_was_zero = ia->prefix_vltime == 0; 633 #endif 634 #ifdef __sun 635 struct ipv6_state *state; 636 struct ipv6_addr *ia2; 637 638 /* If we re-add then address on Solaris then the prefix 639 * route will be scrubbed and re-added. Something might 640 * be using it, so let's avoid it. */ 641 if (ia->flags & IPV6_AF_DADCOMPLETED) { 642 logdebugx("%s: IP address %s already exists", 643 ia->iface->name, ia->saddr); 644 #ifdef ND6_ADVERTISE 645 goto advertise; 646 #else 647 return 0; 648 #endif 649 } 650 #endif 651 652 /* Remember the interface of the address. */ 653 ifp = ia->iface; 654 655 if (!(ia->flags & IPV6_AF_DADCOMPLETED) && 656 ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE)) 657 ia->flags |= IPV6_AF_DADCOMPLETED; 658 659 /* Adjust plftime and vltime based on acquired time */ 660 pltime = ia->prefix_pltime; 661 vltime = ia->prefix_vltime; 662 if (timespecisset(&ia->acquired) && 663 (ia->prefix_pltime != ND6_INFINITE_LIFETIME || 664 ia->prefix_vltime != ND6_INFINITE_LIFETIME)) 665 { 666 struct timespec n; 667 668 if (now == NULL) { 669 clock_gettime(CLOCK_MONOTONIC, &n); 670 now = &n; 671 } 672 timespecsub(now, &ia->acquired, &n); 673 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) { 674 ia->prefix_pltime -= (uint32_t)n.tv_sec; 675 /* This can happen when confirming a 676 * deprecated but still valid lease. */ 677 if (ia->prefix_pltime > pltime) 678 ia->prefix_pltime = 0; 679 } 680 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) { 681 ia->prefix_vltime -= (uint32_t)n.tv_sec; 682 /* This should never happen. */ 683 if (ia->prefix_vltime > vltime) { 684 logerrx("%s: %s: lifetime overflow", 685 ifp->name, ia->saddr); 686 ia->prefix_vltime = ia->prefix_pltime = 0; 687 } 688 } 689 } 690 691 logfunc = ia->flags & IPV6_AF_NEW ? loginfox : logdebugx; 692 logfunc("%s: adding %saddress %s", ifp->name, 693 #ifdef IPV6_AF_TEMPORARY 694 ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "", 695 #else 696 "", 697 #endif 698 ia->saddr); 699 if (ia->prefix_pltime == ND6_INFINITE_LIFETIME && 700 ia->prefix_vltime == ND6_INFINITE_LIFETIME) 701 logdebugx("%s: pltime infinity, vltime infinity", 702 ifp->name); 703 else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME) 704 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds", 705 ifp->name, ia->prefix_vltime); 706 else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME) 707 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity", 708 ifp->name, ia->prefix_pltime); 709 else 710 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32 711 " seconds", 712 ifp->name, ia->prefix_pltime, ia->prefix_vltime); 713 714 if (if_address6(RTM_NEWADDR, ia) == -1) { 715 logerr(__func__); 716 /* Restore real pltime and vltime */ 717 ia->prefix_pltime = pltime; 718 ia->prefix_vltime = vltime; 719 return -1; 720 } 721 722 #ifdef IPV6_MANAGETEMPADDR 723 /* RFC4941 Section 3.4 */ 724 if (ia->flags & IPV6_AF_TEMPORARY && 725 ia->prefix_pltime && 726 ia->prefix_vltime && 727 ip6_use_tempaddr(ifp->name)) 728 eloop_timeout_add_sec(ifp->ctx->eloop, 729 (time_t)ia->prefix_pltime - REGEN_ADVANCE, 730 ipv6_regentempaddr, ia); 731 #endif 732 733 /* Restore real pltime and vltime */ 734 ia->prefix_pltime = pltime; 735 ia->prefix_vltime = vltime; 736 737 ia->flags &= ~IPV6_AF_NEW; 738 ia->flags |= IPV6_AF_ADDED; 739 #ifndef SMALL 740 if (ia->delegating_prefix != NULL) 741 ia->flags |= IPV6_AF_DELEGATED; 742 #endif 743 744 #ifdef IPV6_POLLADDRFLAG 745 eloop_timeout_delete(ifp->ctx->eloop, 746 ipv6_checkaddrflags, ia); 747 if (!(ia->flags & IPV6_AF_DADCOMPLETED)) { 748 struct timespec tv; 749 750 ms_to_ts(&tv, RETRANS_TIMER / 2); 751 eloop_timeout_add_tv(ifp->ctx->eloop, 752 &tv, ipv6_checkaddrflags, ia); 753 } 754 #endif 755 756 #ifdef __sun 757 /* Solaris does not announce new addresses which need DaD 758 * so we need to take a copy and add it to our list. 759 * Otherwise aliasing gets confused if we add another 760 * address during DaD. */ 761 762 state = IPV6_STATE(ifp); 763 TAILQ_FOREACH(ia2, &state->addrs, next) { 764 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr)) 765 break; 766 } 767 if (ia2 == NULL) { 768 if ((ia2 = malloc(sizeof(*ia2))) == NULL) { 769 logerr(__func__); 770 return 0; /* Well, we did add the address */ 771 } 772 memcpy(ia2, ia, sizeof(*ia2)); 773 TAILQ_INSERT_TAIL(&state->addrs, ia2, next); 774 } 775 #endif 776 777 #ifdef ND6_ADVERTISE 778 #ifdef __sun 779 advertise: 780 #endif 781 /* Re-advertise the preferred address to be safe. */ 782 if (!vltime_was_zero) 783 ipv6nd_advertise(ia); 784 #endif 785 786 return 0; 787 } 788 789 #ifdef ALIAS_ADDR 790 /* Find the next logical alias address we can use. */ 791 static int 792 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl) 793 { 794 struct ipv6_state *state; 795 struct ipv6_addr *iap; 796 unsigned int lun; 797 char alias[IF_NAMESIZE]; 798 799 if (ia->alias[0] != '\0') 800 return 0; 801 state = IPV6_STATE(ia->iface); 802 803 /* First find an existng address. 804 * This can happen when dhcpcd restarts as ND and DHCPv6 805 * maintain their own lists of addresses. */ 806 TAILQ_FOREACH(iap, &state->addrs, next) { 807 if (iap->alias[0] != '\0' && 808 IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr)) 809 { 810 strlcpy(ia->alias, iap->alias, sizeof(ia->alias)); 811 return 0; 812 } 813 } 814 815 lun = 0; 816 find_unit: 817 if (if_makealias(alias, IF_NAMESIZE, ia->iface->name, lun) >= 818 IF_NAMESIZE) 819 { 820 errno = ENOMEM; 821 return -1; 822 } 823 TAILQ_FOREACH(iap, &state->addrs, next) { 824 if (iap->alias[0] == '\0') 825 continue; 826 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) { 827 /* No address assigned? Lets use it. */ 828 strlcpy(ia->alias, iap->alias, sizeof(ia->alias)); 829 if (repl) 830 *repl = iap; 831 return 1; 832 } 833 if (strcmp(iap->alias, alias) == 0) 834 break; 835 } 836 837 if (iap != NULL) { 838 if (lun == UINT_MAX) { 839 errno = ERANGE; 840 return -1; 841 } 842 lun++; 843 goto find_unit; 844 } 845 846 strlcpy(ia->alias, alias, sizeof(ia->alias)); 847 return 0; 848 } 849 #endif 850 851 int 852 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now) 853 { 854 int r; 855 #ifdef ALIAS_ADDR 856 int replaced, blank; 857 struct ipv6_addr *replaced_ia; 858 859 blank = (ia->alias[0] == '\0'); 860 if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1) 861 return -1; 862 if (blank) 863 logdebugx("%s: aliased %s", ia->alias, ia->saddr); 864 #endif 865 866 if ((r = ipv6_addaddr1(ia, now)) == 0) { 867 #ifdef ALIAS_ADDR 868 if (replaced) { 869 struct ipv6_state *state; 870 871 state = IPV6_STATE(ia->iface); 872 TAILQ_REMOVE(&state->addrs, replaced_ia, next); 873 ipv6_freeaddr(replaced_ia); 874 } 875 #endif 876 } 877 return r; 878 } 879 880 int 881 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match, 882 unsigned int flags) 883 { 884 885 if (match == NULL) { 886 if ((addr->flags & 887 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) == 888 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) 889 return 1; 890 } else if (addr->prefix_vltime && 891 IN6_ARE_ADDR_EQUAL(&addr->addr, match) && 892 (!flags || addr->flags & flags)) 893 return 1; 894 895 return 0; 896 } 897 898 struct ipv6_addr * 899 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags) 900 { 901 struct ipv6_addr *nap; 902 #ifdef DHCP6 903 struct ipv6_addr *dap; 904 #endif 905 906 nap = ipv6nd_findaddr(ctx, addr, flags); 907 #ifdef DHCP6 908 dap = dhcp6_findaddr(ctx, addr, flags); 909 if (!dap && !nap) 910 return NULL; 911 if (dap && !nap) 912 return dap; 913 if (nap && !dap) 914 return nap; 915 if (nap->iface->metric < dap->iface->metric) 916 return nap; 917 return dap; 918 #else 919 return nap; 920 #endif 921 } 922 923 int 924 ipv6_doaddr(struct ipv6_addr *ia, struct timespec *now) 925 { 926 927 /* A delegated prefix is not an address. */ 928 if (ia->flags & IPV6_AF_DELEGATEDPFX) 929 return 0; 930 931 if (ia->prefix_vltime == 0) { 932 if (ia->flags & IPV6_AF_ADDED) 933 ipv6_deleteaddr(ia); 934 eloop_q_timeout_delete(ia->iface->ctx->eloop, 935 0, NULL, ia); 936 if (ia->flags & IPV6_AF_REQUEST) { 937 ia->flags &= ~IPV6_AF_ADDED; 938 return 0; 939 } 940 return -1; 941 } 942 943 if (ia->flags & IPV6_AF_STALE || 944 IN6_IS_ADDR_UNSPECIFIED(&ia->addr)) 945 return 0; 946 947 if (!timespecisset(now)) 948 clock_gettime(CLOCK_MONOTONIC, now); 949 ipv6_addaddr(ia, now); 950 return ia->flags & IPV6_AF_NEW ? 1 : 0; 951 } 952 953 ssize_t 954 ipv6_addaddrs(struct ipv6_addrhead *iaddrs) 955 { 956 struct timespec now; 957 struct ipv6_addr *ia, *ian; 958 ssize_t i, r; 959 960 i = 0; 961 timespecclear(&now); 962 TAILQ_FOREACH_SAFE(ia, iaddrs, next, ian) { 963 r = ipv6_doaddr(ia, &now); 964 if (r != 0) 965 i++; 966 if (r == -1) { 967 TAILQ_REMOVE(iaddrs, ia, next); 968 ipv6_freeaddr(ia); 969 } 970 } 971 return i; 972 } 973 974 void 975 ipv6_freeaddr(struct ipv6_addr *ia) 976 { 977 #ifndef SMALL 978 struct ipv6_addr *iad; 979 980 /* Forget the reference */ 981 if (ia->flags & IPV6_AF_DELEGATEDPFX) { 982 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) { 983 iad->delegating_prefix = NULL; 984 } 985 } else if (ia->delegating_prefix != NULL) { 986 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next); 987 } 988 #endif 989 990 if (ia->dhcp6_fd != -1) { 991 close(ia->dhcp6_fd); 992 eloop_event_delete(ia->iface->ctx->eloop, ia->dhcp6_fd); 993 } 994 995 eloop_q_timeout_delete(ia->iface->ctx->eloop, 0, NULL, ia); 996 free(ia->na); 997 free(ia); 998 } 999 1000 void 1001 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop, 1002 const struct interface *ifd) 1003 { 1004 struct ipv6_addr *ap, *apn, *apf; 1005 struct timespec now; 1006 1007 #ifdef SMALL 1008 UNUSED(ifd); 1009 #endif 1010 timespecclear(&now); 1011 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) { 1012 #ifndef SMALL 1013 if (ifd != NULL && 1014 (ap->delegating_prefix == NULL || 1015 ap->delegating_prefix->iface != ifd)) 1016 continue; 1017 #endif 1018 if (drop != 2) 1019 TAILQ_REMOVE(addrs, ap, next); 1020 if (drop && ap->flags & IPV6_AF_ADDED && 1021 (ap->iface->options->options & 1022 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) != 1023 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) 1024 { 1025 /* Don't drop link-local addresses. */ 1026 if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) || 1027 CAN_DROP_LLADDR(ap->iface)) 1028 { 1029 if (drop == 2) 1030 TAILQ_REMOVE(addrs, ap, next); 1031 /* Find the same address somewhere else */ 1032 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr, 1033 0); 1034 if ((apf == NULL || 1035 (apf->iface != ap->iface))) 1036 ipv6_deleteaddr(ap); 1037 if (!(ap->iface->options->options & 1038 DHCPCD_EXITING) && apf) 1039 { 1040 if (!timespecisset(&now)) 1041 clock_gettime(CLOCK_MONOTONIC, 1042 &now); 1043 ipv6_addaddr(apf, &now); 1044 } 1045 if (drop == 2) 1046 ipv6_freeaddr(ap); 1047 } 1048 } 1049 if (drop != 2) 1050 ipv6_freeaddr(ap); 1051 } 1052 } 1053 1054 static struct ipv6_state * 1055 ipv6_getstate(struct interface *ifp) 1056 { 1057 struct ipv6_state *state; 1058 1059 state = IPV6_STATE(ifp); 1060 if (state == NULL) { 1061 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state)); 1062 state = IPV6_STATE(ifp); 1063 if (state == NULL) { 1064 logerr(__func__); 1065 return NULL; 1066 } 1067 TAILQ_INIT(&state->addrs); 1068 TAILQ_INIT(&state->ll_callbacks); 1069 1070 /* Regenerate new ids */ 1071 if (ifp->options && 1072 ip6_use_tempaddr(ifp->name)) 1073 ipv6_regentempifid(ifp); 1074 } 1075 return state; 1076 } 1077 1078 struct ipv6_addr * 1079 ipv6_anyglobal(struct interface *sifp) 1080 { 1081 struct interface *ifp; 1082 struct ipv6_state *state; 1083 struct ipv6_addr *ia; 1084 1085 TAILQ_FOREACH(ifp, sifp->ctx->ifaces, next) { 1086 if (ifp != sifp && ip6_forwarding(ifp->name) != 1) 1087 continue; 1088 1089 state = IPV6_STATE(ifp); 1090 if (state == NULL) 1091 continue; 1092 1093 TAILQ_FOREACH(ia, &state->addrs, next) { 1094 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr)) 1095 continue; 1096 /* Let's be optimistic. 1097 * Any decent OS won't forward or accept traffic 1098 * from/to tentative or detached addresses. */ 1099 if (!(ia->addr_flags & IN6_IFF_DUPLICATED)) 1100 return ia; 1101 } 1102 } 1103 return NULL; 1104 } 1105 1106 void 1107 ipv6_handleifa(struct dhcpcd_ctx *ctx, 1108 int cmd, struct if_head *ifs, const char *ifname, 1109 const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid) 1110 { 1111 struct interface *ifp; 1112 struct ipv6_state *state; 1113 struct ipv6_addr *ia; 1114 struct ll_callback *cb; 1115 bool anyglobal; 1116 1117 #ifdef __sun 1118 struct sockaddr_in6 subnet; 1119 1120 /* Solaris on-link route is an unspecified address! */ 1121 if (IN6_IS_ADDR_UNSPECIFIED(addr)) { 1122 if (if_getsubnet(ctx, ifname, AF_INET6, 1123 &subnet, sizeof(subnet)) == -1) 1124 { 1125 logerr(__func__); 1126 return; 1127 } 1128 addr = &subnet.sin6_addr; 1129 } 1130 #endif 1131 1132 #if 0 1133 char dbuf[INET6_ADDRSTRLEN]; 1134 const char *dbp; 1135 1136 dbp = inet_ntop(AF_INET6, &addr->s6_addr, 1137 dbuf, INET6_ADDRSTRLEN); 1138 loginfox("%s: cmd %d addr %s addrflags %d", 1139 ifname, cmd, dbp, addrflags); 1140 #endif 1141 1142 if (ifs == NULL) 1143 ifs = ctx->ifaces; 1144 if (ifs == NULL) 1145 return; 1146 if ((ifp = if_find(ifs, ifname)) == NULL) 1147 return; 1148 if ((state = ipv6_getstate(ifp)) == NULL) 1149 return; 1150 anyglobal = ipv6_anyglobal(ifp) != NULL; 1151 1152 TAILQ_FOREACH(ia, &state->addrs, next) { 1153 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr)) 1154 break; 1155 } 1156 1157 switch (cmd) { 1158 case RTM_DELADDR: 1159 if (ia != NULL) { 1160 TAILQ_REMOVE(&state->addrs, ia, next); 1161 #ifdef ND6_ADVERTISE 1162 /* Advertise the address if it exists on 1163 * another interface. */ 1164 ipv6nd_advertise(ia); 1165 #endif 1166 /* We'll free it at the end of the function. */ 1167 } 1168 break; 1169 case RTM_NEWADDR: 1170 if (ia == NULL) { 1171 ia = ipv6_newaddr(ifp, addr, prefix_len, 0); 1172 #ifdef ALIAS_ADDR 1173 strlcpy(ia->alias, ifname, sizeof(ia->alias)); 1174 #endif 1175 if (if_getlifetime6(ia) == -1) { 1176 /* No support or address vanished. 1177 * Either way, just set a deprecated 1178 * infinite time lifetime and continue. 1179 * This is fine because we only want 1180 * to know this when trying to extend 1181 * temporary addresses. 1182 * As we can't extend infinite, we'll 1183 * create a new temporary address. */ 1184 ia->prefix_pltime = 0; 1185 ia->prefix_vltime = 1186 ND6_INFINITE_LIFETIME; 1187 } 1188 /* This is a minor regression against RFC 4941 1189 * because the kernel only knows when the 1190 * lifetimes were last updated, not when the 1191 * address was initially created. 1192 * Provided dhcpcd is not restarted, this 1193 * won't be a problem. 1194 * If we don't like it, we can always 1195 * pretend lifetimes are infinite and always 1196 * generate a new temporary address on 1197 * restart. */ 1198 ia->acquired = ia->created; 1199 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 1200 } 1201 ia->addr_flags = addrflags; 1202 ia->flags &= ~IPV6_AF_STALE; 1203 #ifdef IPV6_MANAGETEMPADDR 1204 if (ia->addr_flags & IN6_IFF_TEMPORARY) 1205 ia->flags |= IPV6_AF_TEMPORARY; 1206 #endif 1207 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) { 1208 #ifdef IPV6_POLLADDRFLAG 1209 if (ia->addr_flags & IN6_IFF_TENTATIVE) { 1210 struct timespec tv; 1211 1212 ms_to_ts(&tv, RETRANS_TIMER / 2); 1213 eloop_timeout_add_tv( 1214 ia->iface->ctx->eloop, 1215 &tv, ipv6_checkaddrflags, ia); 1216 break; 1217 } 1218 #endif 1219 1220 if (ia->dadcallback) { 1221 ia->dadcallback(ia); 1222 if (ctx->options & DHCPCD_FORKED) 1223 goto out; 1224 } 1225 1226 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) && 1227 !(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1228 { 1229 /* Now run any callbacks. 1230 * Typically IPv6RS or DHCPv6 */ 1231 while ((cb = 1232 TAILQ_FIRST(&state->ll_callbacks))) 1233 { 1234 TAILQ_REMOVE( 1235 &state->ll_callbacks, 1236 cb, next); 1237 cb->callback(cb->arg); 1238 free(cb); 1239 if (ctx->options & DHCPCD_FORKED) 1240 goto out; 1241 } 1242 } 1243 } 1244 break; 1245 } 1246 1247 if (ia == NULL) 1248 return; 1249 1250 ctx->options &= ~DHCPCD_RTBUILD; 1251 ipv6nd_handleifa(cmd, ia, pid); 1252 #ifdef DHCP6 1253 dhcp6_handleifa(cmd, ia, pid); 1254 #endif 1255 1256 out: 1257 /* Done with the ia now, so free it. */ 1258 if (cmd == RTM_DELADDR) 1259 ipv6_freeaddr(ia); 1260 else if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1261 ia->flags |= IPV6_AF_DADCOMPLETED; 1262 1263 /* If we've not already called rt_build via the IPv6ND 1264 * or DHCP6 handlers and the existance of any useable 1265 * global address on the interface has changed, 1266 * call rt_build to add/remove the default route. */ 1267 if (ifp->active && 1268 ((ifp->options != NULL && ifp->options->options & DHCPCD_IPV6) || 1269 (ifp->options == NULL && ctx->options & DHCPCD_IPV6)) && 1270 !(ctx->options & DHCPCD_RTBUILD) && 1271 (ipv6_anyglobal(ifp) != NULL) != anyglobal) 1272 rt_build(ctx, AF_INET6); 1273 } 1274 1275 int 1276 ipv6_hasaddr(const struct interface *ifp) 1277 { 1278 1279 if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL) 1280 return 1; 1281 #ifdef DHCP6 1282 if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL) 1283 return 1; 1284 #endif 1285 return 0; 1286 } 1287 1288 struct ipv6_addr * 1289 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr, 1290 int revflags) 1291 { 1292 struct ipv6_state *state; 1293 struct ipv6_addr *ap; 1294 1295 state = IPV6_STATE(ifp); 1296 if (state) { 1297 TAILQ_FOREACH(ap, &state->addrs, next) { 1298 if (addr == NULL) { 1299 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) && 1300 (!revflags || !(ap->addr_flags & revflags))) 1301 return ap; 1302 } else { 1303 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) && 1304 (!revflags || !(ap->addr_flags & revflags))) 1305 return ap; 1306 } 1307 } 1308 } 1309 return NULL; 1310 } 1311 1312 static struct ipv6_addr * 1313 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr) 1314 { 1315 struct ipv6_state *state; 1316 struct ipv6_addr *ap; 1317 struct in6_addr mask; 1318 1319 state = IPV6_STATE(ifp); 1320 if (state) { 1321 TAILQ_FOREACH(ap, &state->addrs, next) { 1322 if (ipv6_mask(&mask, ap->prefix_len) == -1) 1323 continue; 1324 if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask)) 1325 return ap; 1326 } 1327 } 1328 return NULL; 1329 } 1330 1331 struct ipv6_addr * 1332 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr) 1333 { 1334 struct interface *ifp; 1335 struct ipv6_addr *ap; 1336 1337 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 1338 ap = ipv6_iffindmaskaddr(ifp, addr); 1339 if (ap != NULL) 1340 return ap; 1341 } 1342 return NULL; 1343 } 1344 1345 int 1346 ipv6_addlinklocalcallback(struct interface *ifp, 1347 void (*callback)(void *), void *arg) 1348 { 1349 struct ipv6_state *state; 1350 struct ll_callback *cb; 1351 1352 state = ipv6_getstate(ifp); 1353 TAILQ_FOREACH(cb, &state->ll_callbacks, next) { 1354 if (cb->callback == callback && cb->arg == arg) 1355 break; 1356 } 1357 if (cb == NULL) { 1358 cb = malloc(sizeof(*cb)); 1359 if (cb == NULL) { 1360 logerr(__func__); 1361 return -1; 1362 } 1363 cb->callback = callback; 1364 cb->arg = arg; 1365 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next); 1366 } 1367 return 0; 1368 } 1369 1370 static struct ipv6_addr * 1371 ipv6_newlinklocal(struct interface *ifp) 1372 { 1373 struct ipv6_addr *ia; 1374 struct in6_addr in6; 1375 1376 memset(&in6, 0, sizeof(in6)); 1377 in6.s6_addr32[0] = htonl(0xfe800000); 1378 ia = ipv6_newaddr(ifp, &in6, 64, 0); 1379 if (ia != NULL) { 1380 ia->prefix_pltime = ND6_INFINITE_LIFETIME; 1381 ia->prefix_vltime = ND6_INFINITE_LIFETIME; 1382 } 1383 return ia; 1384 } 1385 1386 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 1387 static const uint8_t allone[8] = 1388 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1389 1390 static int 1391 ipv6_addlinklocal(struct interface *ifp) 1392 { 1393 struct ipv6_state *state; 1394 struct ipv6_addr *ap, *ap2; 1395 int dadcounter; 1396 1397 /* Check sanity before malloc */ 1398 if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) { 1399 switch (ifp->family) { 1400 case ARPHRD_ETHER: 1401 /* Check for a valid hardware address */ 1402 if (ifp->hwlen != 6 && ifp->hwlen != 8) { 1403 errno = ENOTSUP; 1404 return -1; 1405 } 1406 if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 || 1407 memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0) 1408 { 1409 errno = EINVAL; 1410 return -1; 1411 } 1412 break; 1413 default: 1414 errno = ENOTSUP; 1415 return -1; 1416 } 1417 } 1418 1419 state = ipv6_getstate(ifp); 1420 if (state == NULL) 1421 return -1; 1422 1423 ap = ipv6_newlinklocal(ifp); 1424 if (ap == NULL) 1425 return -1; 1426 1427 dadcounter = 0; 1428 if (ifp->options->options & DHCPCD_SLAACPRIVATE) { 1429 nextslaacprivate: 1430 if (ipv6_makestableprivate(&ap->addr, 1431 &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1) 1432 { 1433 free(ap); 1434 return -1; 1435 } 1436 ap->dadcounter = dadcounter; 1437 } else { 1438 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8); 1439 switch (ifp->family) { 1440 case ARPHRD_ETHER: 1441 if (ifp->hwlen == 6) { 1442 ap->addr.s6_addr[ 8] = ifp->hwaddr[0]; 1443 ap->addr.s6_addr[ 9] = ifp->hwaddr[1]; 1444 ap->addr.s6_addr[10] = ifp->hwaddr[2]; 1445 ap->addr.s6_addr[11] = 0xff; 1446 ap->addr.s6_addr[12] = 0xfe; 1447 ap->addr.s6_addr[13] = ifp->hwaddr[3]; 1448 ap->addr.s6_addr[14] = ifp->hwaddr[4]; 1449 ap->addr.s6_addr[15] = ifp->hwaddr[5]; 1450 } else if (ifp->hwlen == 8) 1451 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8); 1452 else { 1453 free(ap); 1454 errno = ENOTSUP; 1455 return -1; 1456 } 1457 break; 1458 } 1459 1460 /* Sanity check: g bit must not indciate "group" */ 1461 if (EUI64_GROUP(&ap->addr)) { 1462 free(ap); 1463 errno = EINVAL; 1464 return -1; 1465 } 1466 EUI64_TO_IFID(&ap->addr); 1467 } 1468 1469 /* Do we already have this address? */ 1470 TAILQ_FOREACH(ap2, &state->addrs, next) { 1471 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) { 1472 if (ap2->addr_flags & IN6_IFF_DUPLICATED) { 1473 if (ifp->options->options & 1474 DHCPCD_SLAACPRIVATE) 1475 { 1476 dadcounter++; 1477 goto nextslaacprivate; 1478 } 1479 free(ap); 1480 errno = EADDRNOTAVAIL; 1481 return -1; 1482 } 1483 1484 logwarnx("%s: waiting for %s to complete", 1485 ap2->iface->name, ap2->saddr); 1486 free(ap); 1487 errno = EEXIST; 1488 return 0; 1489 } 1490 } 1491 1492 inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr)); 1493 TAILQ_INSERT_TAIL(&state->addrs, ap, next); 1494 ipv6_addaddr(ap, NULL); 1495 return 1; 1496 } 1497 1498 static int 1499 ipv6_tryaddlinklocal(struct interface *ifp) 1500 { 1501 struct ipv6_addr *ia; 1502 1503 /* We can't assign a link-locak address to this, 1504 * the ppp process has to. */ 1505 if (ifp->flags & IFF_POINTOPOINT) 1506 return 0; 1507 1508 ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED); 1509 if (ia != NULL) { 1510 #ifdef IPV6_POLLADDRFLAG 1511 if (ia->addr_flags & IN6_IFF_TENTATIVE) { 1512 struct timespec tv; 1513 1514 ms_to_ts(&tv, RETRANS_TIMER / 2); 1515 eloop_timeout_add_tv( 1516 ia->iface->ctx->eloop, 1517 &tv, ipv6_checkaddrflags, ia); 1518 } 1519 #endif 1520 return 0; 1521 } 1522 if (!CAN_ADD_LLADDR(ifp)) 1523 return 0; 1524 1525 return ipv6_addlinklocal(ifp); 1526 } 1527 1528 struct ipv6_addr * 1529 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr, 1530 uint8_t prefix_len, unsigned int flags) 1531 { 1532 struct ipv6_addr *ia; 1533 char buf[INET6_ADDRSTRLEN]; 1534 const char *cbp; 1535 bool tempaddr; 1536 int addr_flags; 1537 1538 /* If adding a new DHCP / RA derived address, check current flags 1539 * from an existing address. */ 1540 ia = ipv6_iffindaddr(ifp, addr, 0); 1541 if (ia != NULL) 1542 addr_flags = ia->addr_flags; 1543 else 1544 addr_flags = IN6_IFF_TENTATIVE; 1545 1546 ia = calloc(1, sizeof(*ia)); 1547 if (ia == NULL) 1548 goto err; 1549 1550 ia->iface = ifp; 1551 ia->addr_flags = addr_flags; 1552 ia->flags = IPV6_AF_NEW | flags; 1553 if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1554 ia->flags |= IPV6_AF_DADCOMPLETED; 1555 ia->prefix_len = prefix_len; 1556 ia->dhcp6_fd = -1; 1557 1558 #ifndef SMALL 1559 TAILQ_INIT(&ia->pd_pfxs); 1560 #endif 1561 1562 #ifdef IPV6_AF_TEMPORARY 1563 tempaddr = ia->flags & IPV6_AF_TEMPORARY; 1564 #else 1565 tempaddr = false; 1566 #endif 1567 1568 if (ia->flags & IPV6_AF_AUTOCONF && !tempaddr) { 1569 ia->prefix = *addr; 1570 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp, 1571 &ia->prefix, 1572 ia->prefix_len); 1573 if (ia->dadcounter == -1) 1574 goto err; 1575 } else if (ia->flags & IPV6_AF_RAPFX) { 1576 ia->prefix = *addr; 1577 #ifdef __sun 1578 ia->addr = *addr; 1579 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf)); 1580 goto paddr; 1581 #else 1582 return ia; 1583 #endif 1584 } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX) && 1585 prefix_len != 128) 1586 { 1587 ia->prefix = *addr; 1588 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf)); 1589 goto paddr; 1590 } else { 1591 ia->addr = *addr; 1592 if (ipv6_makeprefix(&ia->prefix, 1593 &ia->addr, ia->prefix_len) == -1) 1594 goto err; 1595 } 1596 1597 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf)); 1598 paddr: 1599 if (cbp == NULL) 1600 goto err; 1601 snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len); 1602 1603 return ia; 1604 1605 err: 1606 logerr(__func__); 1607 free(ia); 1608 return NULL; 1609 } 1610 1611 static void 1612 ipv6_staticdadcallback(void *arg) 1613 { 1614 struct ipv6_addr *ia = arg; 1615 int wascompleted; 1616 1617 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED); 1618 ia->flags |= IPV6_AF_DADCOMPLETED; 1619 if (ia->flags & IPV6_AF_DUPLICATED) 1620 logwarnx("%s: DAD detected %s", ia->iface->name, 1621 ia->saddr); 1622 else if (!wascompleted) { 1623 logdebugx("%s: IPv6 static DAD completed", 1624 ia->iface->name); 1625 } 1626 1627 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED) 1628 if (!wascompleted) { 1629 struct interface *ifp; 1630 struct ipv6_state *state; 1631 1632 ifp = ia->iface; 1633 state = IPV6_STATE(ifp); 1634 TAILQ_FOREACH(ia, &state->addrs, next) { 1635 if (ia->flags & IPV6_AF_STATIC && 1636 (ia->flags & FINISHED) != FINISHED) 1637 { 1638 wascompleted = 1; 1639 break; 1640 } 1641 } 1642 if (!wascompleted) 1643 script_runreason(ifp, "STATIC6"); 1644 } 1645 #undef FINISHED 1646 } 1647 1648 ssize_t 1649 ipv6_env(FILE *fp, const char *prefix, const struct interface *ifp) 1650 { 1651 struct ipv6_addr *ia; 1652 1653 ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6, 1654 IN6_IFF_NOTUSEABLE); 1655 if (ia == NULL) 1656 return 0; 1657 if (efprintf(fp, "%s_ip6_address=%s", prefix, ia->saddr) == -1) 1658 return -1; 1659 return 1; 1660 } 1661 1662 int 1663 ipv6_staticdadcompleted(const struct interface *ifp) 1664 { 1665 const struct ipv6_state *state; 1666 const struct ipv6_addr *ia; 1667 int n; 1668 1669 if ((state = IPV6_CSTATE(ifp)) == NULL) 1670 return 0; 1671 n = 0; 1672 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED) 1673 TAILQ_FOREACH(ia, &state->addrs, next) { 1674 if ((ia->flags & COMPLETED) == COMPLETED && 1675 !(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1676 n++; 1677 } 1678 return n; 1679 } 1680 1681 int 1682 ipv6_startstatic(struct interface *ifp) 1683 { 1684 struct ipv6_addr *ia; 1685 int run_script; 1686 1687 if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6)) 1688 return 0; 1689 1690 ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0); 1691 if (ia != NULL && 1692 (ia->prefix_len != ifp->options->req_prefix_len || 1693 ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1694 { 1695 ipv6_deleteaddr(ia); 1696 ia = NULL; 1697 } 1698 if (ia == NULL) { 1699 struct ipv6_state *state; 1700 1701 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6, 1702 ifp->options->req_prefix_len, 0); 1703 if (ia == NULL) 1704 return -1; 1705 state = IPV6_STATE(ifp); 1706 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 1707 run_script = 0; 1708 } else 1709 run_script = 1; 1710 ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK; 1711 ia->prefix_vltime = ND6_INFINITE_LIFETIME; 1712 ia->prefix_pltime = ND6_INFINITE_LIFETIME; 1713 ia->dadcallback = ipv6_staticdadcallback; 1714 ipv6_addaddr(ia, NULL); 1715 rt_build(ifp->ctx, AF_INET6); 1716 if (run_script) 1717 script_runreason(ifp, "STATIC6"); 1718 return 1; 1719 } 1720 1721 /* Ensure the interface has a link-local address */ 1722 int 1723 ipv6_start(struct interface *ifp) 1724 { 1725 #ifdef IPV6_POLLADDRFLAG 1726 struct ipv6_state *state; 1727 1728 /* We need to update the address flags. */ 1729 if ((state = IPV6_STATE(ifp)) != NULL) { 1730 struct ipv6_addr *ia; 1731 const char *alias; 1732 int flags; 1733 1734 TAILQ_FOREACH(ia, &state->addrs, next) { 1735 #ifdef ALIAS_ADDR 1736 alias = ia->alias; 1737 #else 1738 alias = NULL; 1739 #endif 1740 flags = if_addrflags6(ia->iface, &ia->addr, alias); 1741 if (flags != -1) 1742 ia->addr_flags = flags; 1743 } 1744 } 1745 #endif 1746 1747 if (ipv6_tryaddlinklocal(ifp) == -1) 1748 return -1; 1749 1750 if (IPV6_CSTATE(ifp)) { 1751 /* Regenerate new ids */ 1752 if (ip6_use_tempaddr(ifp->name)) 1753 ipv6_regentempifid(ifp); 1754 } 1755 1756 return 0; 1757 } 1758 1759 void 1760 ipv6_freedrop(struct interface *ifp, int drop) 1761 { 1762 struct ipv6_state *state; 1763 struct ll_callback *cb; 1764 1765 if (ifp == NULL) 1766 return; 1767 1768 if ((state = IPV6_STATE(ifp)) == NULL) 1769 return; 1770 1771 /* If we got here, we can get rid of any LL callbacks. */ 1772 while ((cb = TAILQ_FIRST(&state->ll_callbacks))) { 1773 TAILQ_REMOVE(&state->ll_callbacks, cb, next); 1774 free(cb); 1775 } 1776 1777 ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL); 1778 if (drop) { 1779 if (ifp->ctx->ra_routers != NULL) 1780 rt_build(ifp->ctx, AF_INET6); 1781 } else { 1782 /* Because we need to cache the addresses we don't control, 1783 * we only free the state on when NOT dropping addresses. */ 1784 free(state); 1785 ifp->if_data[IF_DATA_IPV6] = NULL; 1786 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 1787 } 1788 } 1789 1790 void 1791 ipv6_ctxfree(struct dhcpcd_ctx *ctx) 1792 { 1793 1794 free(ctx->ra_routers); 1795 free(ctx->secret); 1796 } 1797 1798 int 1799 ipv6_handleifa_addrs(int cmd, 1800 struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid) 1801 { 1802 struct ipv6_addr *ia, *ian; 1803 uint8_t found, alldadcompleted; 1804 1805 alldadcompleted = 1; 1806 found = 0; 1807 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) { 1808 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) { 1809 if (ia->flags & IPV6_AF_ADDED && 1810 !(ia->flags & IPV6_AF_DADCOMPLETED)) 1811 alldadcompleted = 0; 1812 continue; 1813 } 1814 switch (cmd) { 1815 case RTM_DELADDR: 1816 if (ia->flags & IPV6_AF_ADDED) { 1817 logwarnx("%s: pid %d deleted address %s", 1818 ia->iface->name, pid, ia->saddr); 1819 ia->flags &= ~IPV6_AF_ADDED; 1820 } 1821 if (ia->flags & IPV6_AF_DELEGATED) { 1822 TAILQ_REMOVE(addrs, ia, next); 1823 ipv6_deletedaddr(ia); 1824 ipv6_freeaddr(ia); 1825 } 1826 break; 1827 case RTM_NEWADDR: 1828 /* Safety - ignore tentative announcements */ 1829 if (addr->addr_flags & 1830 (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE)) 1831 break; 1832 if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) { 1833 found++; 1834 if (addr->addr_flags & IN6_IFF_DUPLICATED) 1835 ia->flags |= IPV6_AF_DUPLICATED; 1836 else 1837 ia->flags &= ~IPV6_AF_DUPLICATED; 1838 if (ia->dadcallback) 1839 ia->dadcallback(ia); 1840 /* We need to set this here in-case the 1841 * dadcallback function checks it */ 1842 ia->flags |= IPV6_AF_DADCOMPLETED; 1843 } 1844 break; 1845 } 1846 } 1847 1848 return alldadcompleted ? found : 0; 1849 } 1850 1851 #ifdef IPV6_MANAGETEMPADDR 1852 static const struct ipv6_addr * 1853 ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr) 1854 { 1855 const struct interface *ifp; 1856 const struct ipv6_state *state; 1857 const struct ipv6_addr *ia; 1858 1859 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 1860 if ((state = IPV6_CSTATE(ifp))) { 1861 TAILQ_FOREACH(ia, &state->addrs, next) { 1862 if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0) 1863 return ia; 1864 } 1865 } 1866 } 1867 return NULL; 1868 } 1869 1870 static const uint8_t nullid[8]; 1871 static const uint8_t anycastid[8] = { 1872 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 }; 1873 static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe }; 1874 1875 static void 1876 ipv6_regen_desync(struct interface *ifp, int force) 1877 { 1878 struct ipv6_state *state; 1879 time_t max; 1880 1881 state = IPV6_STATE(ifp); 1882 1883 /* RFC4941 Section 5 states that DESYNC_FACTOR must never be 1884 * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE. 1885 * I believe this is an error and it should be never be greateter than 1886 * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */ 1887 max = ip6_temp_preferred_lifetime(ifp->name) - REGEN_ADVANCE; 1888 if (state->desync_factor && !force && state->desync_factor < max) 1889 return; 1890 if (state->desync_factor == 0) 1891 state->desync_factor = 1892 (time_t)arc4random_uniform(MIN(MAX_DESYNC_FACTOR, 1893 (uint32_t)max)); 1894 max = ip6_temp_preferred_lifetime(ifp->name) - 1895 state->desync_factor - REGEN_ADVANCE; 1896 eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp); 1897 } 1898 1899 void 1900 ipv6_gentempifid(struct interface *ifp) 1901 { 1902 struct ipv6_state *state; 1903 MD5_CTX md5; 1904 uint8_t seed[16], digest[16]; 1905 int retry; 1906 1907 if ((state = IPV6_STATE(ifp)) == NULL) 1908 return; 1909 1910 retry = 0; 1911 if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) { 1912 uint32_t r; 1913 1914 r = arc4random(); 1915 memcpy(seed, &r, sizeof(r)); 1916 r = arc4random(); 1917 memcpy(seed + sizeof(r), &r, sizeof(r)); 1918 } else 1919 memcpy(seed, state->randomseed0, sizeof(state->randomseed0)); 1920 1921 memcpy(seed + sizeof(state->randomseed0), 1922 state->randomseed1, sizeof(state->randomseed1)); 1923 1924 again: 1925 MD5Init(&md5); 1926 MD5Update(&md5, seed, sizeof(seed)); 1927 MD5Final(digest, &md5); 1928 1929 /* RFC4941 Section 3.2.1.1 1930 * Take the left-most 64bits and set bit 6 to zero */ 1931 memcpy(state->randomid, digest, sizeof(state->randomid)); 1932 state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT); 1933 1934 /* RFC4941 Section 3.2.1.4 1935 * Reject reserved or existing id's */ 1936 if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 || 1937 (memcmp(anycastid, state->randomid, 7) == 0 && 1938 (anycastid[7] & state->randomid[7]) == anycastid[7]) || 1939 memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 || 1940 ipv6_findaddrid(ifp->ctx, state->randomid)) 1941 { 1942 if (++retry < GEN_TEMPID_RETRY_MAX) { 1943 memcpy(seed, digest + 8, 8); 1944 goto again; 1945 } 1946 memset(state->randomid, 0, sizeof(state->randomid)); 1947 } 1948 1949 /* RFC4941 Section 3.2.1.6 1950 * Save the right-most 64bits of the digest */ 1951 memcpy(state->randomseed0, digest + 8, 1952 sizeof(state->randomseed0)); 1953 } 1954 1955 /* RFC4941 Section 3.3.7 */ 1956 static void 1957 ipv6_tempdadcallback(void *arg) 1958 { 1959 struct ipv6_addr *ia = arg; 1960 1961 if (ia->flags & IPV6_AF_DUPLICATED) { 1962 struct ipv6_addr *ia1; 1963 struct timespec tv; 1964 1965 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) { 1966 logerrx("%s: too many duplicate temporary addresses", 1967 ia->iface->name); 1968 return; 1969 } 1970 clock_gettime(CLOCK_MONOTONIC, &tv); 1971 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL) 1972 logerr(__func__); 1973 else 1974 ia1->dadcounter = ia->dadcounter; 1975 ipv6_deleteaddr(ia); 1976 if (ia1) 1977 ipv6_addaddr(ia1, &ia1->acquired); 1978 } 1979 } 1980 1981 struct ipv6_addr * 1982 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now) 1983 { 1984 struct ipv6_state *state; 1985 const struct ipv6_state *cstate; 1986 int genid; 1987 struct in6_addr addr, mask; 1988 uint32_t randid[2]; 1989 const struct interface *ifp; 1990 const struct ipv6_addr *ap; 1991 struct ipv6_addr *ia; 1992 uint32_t i, trylimit; 1993 1994 trylimit = TEMP_IDGEN_RETRIES; 1995 state = IPV6_STATE(ia0->iface); 1996 genid = 0; 1997 1998 addr = ia0->addr; 1999 ipv6_mask(&mask, ia0->prefix_len); 2000 /* clear the old ifid */ 2001 for (i = 0; i < 4; i++) 2002 addr.s6_addr32[i] &= mask.s6_addr32[i]; 2003 2004 again: 2005 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) 2006 genid = 1; 2007 if (genid) { 2008 memcpy(state->randomseed1, &ia0->addr.s6_addr[8], 2009 sizeof(state->randomseed1)); 2010 ipv6_gentempifid(ia0->iface); 2011 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) { 2012 errno = EFAULT; 2013 return NULL; 2014 } 2015 } 2016 memcpy(&randid[0], state->randomid, sizeof(randid[0])); 2017 memcpy(&randid[1], state->randomid + sizeof(randid[1]), 2018 sizeof(randid[2])); 2019 addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2]; 2020 addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3]; 2021 2022 /* Ensure we don't already have it */ 2023 TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) { 2024 cstate = IPV6_CSTATE(ifp); 2025 if (cstate) { 2026 TAILQ_FOREACH(ap, &cstate->addrs, next) { 2027 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) { 2028 if (--trylimit == 0) { 2029 errno = EEXIST; 2030 return NULL; 2031 } 2032 genid = 1; 2033 goto again; 2034 } 2035 } 2036 } 2037 } 2038 2039 ia = ipv6_newaddr(ia0->iface, &addr, ia0->prefix_len, 2040 IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY); 2041 /* Must be made tentative, for our DaD to work */ 2042 ia->addr_flags = IN6_IFF_TENTATIVE; 2043 ia->dadcallback = ipv6_tempdadcallback; 2044 ia->created = ia->acquired = now ? *now : ia0->acquired; 2045 2046 /* Ensure desync is still valid */ 2047 ipv6_regen_desync(ia->iface, 0); 2048 2049 /* RFC4941 Section 3.3.4 */ 2050 i = (uint32_t)(ip6_temp_preferred_lifetime(ia0->iface->name) - 2051 state->desync_factor); 2052 ia->prefix_pltime = MIN(ia0->prefix_pltime, i); 2053 i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name); 2054 ia->prefix_vltime = MIN(ia0->prefix_vltime, i); 2055 if (ia->prefix_pltime <= REGEN_ADVANCE || 2056 ia->prefix_pltime > ia0->prefix_vltime) 2057 { 2058 errno = EINVAL; 2059 free(ia); 2060 return NULL; 2061 } 2062 2063 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 2064 return ia; 2065 } 2066 2067 struct ipv6_addr * 2068 ipv6_settemptime(struct ipv6_addr *ia, int flags) 2069 { 2070 struct ipv6_state *state; 2071 struct ipv6_addr *ap, *first; 2072 2073 state = IPV6_STATE(ia->iface); 2074 first = NULL; 2075 TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) { 2076 if (ap->flags & IPV6_AF_TEMPORARY && 2077 ap->prefix_pltime && 2078 IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix)) 2079 { 2080 time_t max, ext; 2081 2082 if (flags == 0) { 2083 if (ap->prefix_pltime - 2084 (uint32_t)(ia->acquired.tv_sec - 2085 ap->acquired.tv_sec) 2086 < REGEN_ADVANCE) 2087 continue; 2088 2089 return ap; 2090 } 2091 2092 if (!(ap->flags & IPV6_AF_ADDED)) 2093 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF; 2094 ap->flags &= ~IPV6_AF_STALE; 2095 2096 /* RFC4941 Section 3.4 2097 * Deprecated prefix, deprecate the temporary address */ 2098 if (ia->prefix_pltime == 0) { 2099 ap->prefix_pltime = 0; 2100 goto valid; 2101 } 2102 2103 /* Ensure desync is still valid */ 2104 ipv6_regen_desync(ap->iface, 0); 2105 2106 /* RFC4941 Section 3.3.2 2107 * Extend temporary times, but ensure that they 2108 * never last beyond the system limit. */ 2109 ext = ia->acquired.tv_sec + (time_t)ia->prefix_pltime; 2110 max = ap->created.tv_sec + 2111 ip6_temp_preferred_lifetime(ap->iface->name) - 2112 state->desync_factor; 2113 if (ext < max) 2114 ap->prefix_pltime = ia->prefix_pltime; 2115 else 2116 ap->prefix_pltime = 2117 (uint32_t)(max - ia->acquired.tv_sec); 2118 2119 valid: 2120 ext = ia->acquired.tv_sec + (time_t)ia->prefix_vltime; 2121 max = ap->created.tv_sec + 2122 ip6_temp_valid_lifetime(ap->iface->name); 2123 if (ext < max) 2124 ap->prefix_vltime = ia->prefix_vltime; 2125 else 2126 ap->prefix_vltime = 2127 (uint32_t)(max - ia->acquired.tv_sec); 2128 2129 /* Just extend the latest matching prefix */ 2130 ap->acquired = ia->acquired; 2131 2132 /* If extending return the last match as 2133 * it's the most current. 2134 * If deprecating, deprecate any other addresses we 2135 * may have, although this should not be needed */ 2136 if (ia->prefix_pltime) 2137 return ap; 2138 if (first == NULL) 2139 first = ap; 2140 } 2141 } 2142 return first; 2143 } 2144 2145 void 2146 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now) 2147 { 2148 struct ipv6_state *state; 2149 struct ipv6_addr *ia; 2150 2151 state = IPV6_STATE(ifp); 2152 TAILQ_FOREACH(ia, &state->addrs, next) { 2153 if (ia->flags & IPV6_AF_TEMPORARY && 2154 !(ia->flags & IPV6_AF_STALE)) 2155 ipv6_addaddr(ia, now); 2156 } 2157 } 2158 2159 static void 2160 ipv6_regentempaddr(void *arg) 2161 { 2162 struct ipv6_addr *ia = arg, *ia1; 2163 struct timespec tv; 2164 2165 logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr); 2166 clock_gettime(CLOCK_MONOTONIC, &tv); 2167 ia1 = ipv6_createtempaddr(ia, &tv); 2168 if (ia1) 2169 ipv6_addaddr(ia1, &tv); 2170 else 2171 logerr(__func__); 2172 } 2173 2174 static void 2175 ipv6_regentempifid(void *arg) 2176 { 2177 struct interface *ifp = arg; 2178 struct ipv6_state *state; 2179 2180 state = IPV6_STATE(ifp); 2181 if (memcmp(state->randomid, nullid, sizeof(state->randomid))) 2182 ipv6_gentempifid(ifp); 2183 2184 ipv6_regen_desync(ifp, 1); 2185 } 2186 #endif /* IPV6_MANAGETEMPADDR */ 2187 2188 void 2189 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags) 2190 { 2191 struct ipv6_state *state; 2192 struct ipv6_addr *ia; 2193 2194 state = IPV6_STATE(ifp); 2195 if (state == NULL) 2196 return; 2197 2198 TAILQ_FOREACH(ia, &state->addrs, next) { 2199 if (flags == 0 || ia->flags & flags) 2200 ia->flags |= IPV6_AF_STALE; 2201 } 2202 } 2203 2204 void 2205 ipv6_deletestaleaddrs(struct interface *ifp) 2206 { 2207 struct ipv6_state *state; 2208 struct ipv6_addr *ia, *ia1; 2209 2210 state = IPV6_STATE(ifp); 2211 if (state == NULL) 2212 return; 2213 2214 TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) { 2215 if (ia->flags & IPV6_AF_STALE) 2216 ipv6_handleifa(ifp->ctx, RTM_DELADDR, 2217 ifp->ctx->ifaces, ifp->name, 2218 &ia->addr, ia->prefix_len, 0, getpid()); 2219 } 2220 } 2221 2222 2223 static struct rt * 2224 inet6_makeroute(struct interface *ifp, const struct ra *rap) 2225 { 2226 struct rt *rt; 2227 2228 if ((rt = rt_new(ifp)) == NULL) 2229 return NULL; 2230 2231 #ifdef HAVE_ROUTE_METRIC 2232 rt->rt_metric = ifp->metric; 2233 #endif 2234 if (rap != NULL) 2235 rt->rt_mtu = rap->mtu; 2236 return rt; 2237 } 2238 2239 static struct rt * 2240 inet6_makeprefix(struct interface *ifp, const struct ra *rap, 2241 const struct ipv6_addr *addr) 2242 { 2243 struct rt *rt; 2244 struct in6_addr netmask; 2245 2246 if (addr == NULL || addr->prefix_len > 128) { 2247 errno = EINVAL; 2248 return NULL; 2249 } 2250 2251 /* There is no point in trying to manage a /128 prefix, 2252 * ones without a lifetime. */ 2253 if (addr->prefix_len == 128 || addr->prefix_vltime == 0) 2254 return NULL; 2255 2256 /* Don't install a reject route when not creating bigger prefixes. */ 2257 if (addr->flags & IPV6_AF_NOREJECT) 2258 return NULL; 2259 2260 /* This address is the delegated prefix, so add a reject route for 2261 * it via the loopback interface. */ 2262 if (addr->flags & IPV6_AF_DELEGATEDPFX) { 2263 struct interface *lo0; 2264 2265 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) { 2266 if (lo0->flags & IFF_LOOPBACK) 2267 break; 2268 } 2269 if (lo0 == NULL) 2270 logwarnx("cannot find a loopback interface " 2271 "to reject via"); 2272 else 2273 ifp = lo0; 2274 } 2275 2276 if ((rt = inet6_makeroute(ifp, rap)) == NULL) 2277 return NULL; 2278 2279 sa_in6_init(&rt->rt_dest, &addr->prefix); 2280 ipv6_mask(&netmask, addr->prefix_len); 2281 sa_in6_init(&rt->rt_netmask, &netmask); 2282 if (addr->flags & IPV6_AF_DELEGATEDPFX) { 2283 rt->rt_flags |= RTF_REJECT; 2284 /* Linux does not like a gateway for a reject route. */ 2285 #ifndef __linux__ 2286 sa_in6_init(&rt->rt_gateway, &in6addr_loopback); 2287 #endif 2288 } else if (!(addr->flags & IPV6_AF_ONLINK)) 2289 sa_in6_init(&rt->rt_gateway, &rap->from); 2290 else 2291 rt->rt_gateway.sa_family = AF_UNSPEC; 2292 sa_in6_init(&rt->rt_ifa, &addr->addr); 2293 return rt; 2294 } 2295 2296 static struct rt * 2297 inet6_makerouter(struct ra *rap) 2298 { 2299 struct rt *rt; 2300 2301 if ((rt = inet6_makeroute(rap->iface, rap)) == NULL) 2302 return NULL; 2303 sa_in6_init(&rt->rt_dest, &in6addr_any); 2304 sa_in6_init(&rt->rt_netmask, &in6addr_any); 2305 sa_in6_init(&rt->rt_gateway, &rap->from); 2306 return rt; 2307 } 2308 2309 #define RT_IS_DEFAULT(rtp) \ 2310 (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) && \ 2311 IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any)) 2312 2313 static int 2314 inet6_staticroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx) 2315 { 2316 struct interface *ifp; 2317 struct ipv6_state *state; 2318 struct ipv6_addr *ia; 2319 struct rt *rt; 2320 2321 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 2322 if ((state = IPV6_STATE(ifp)) == NULL) 2323 continue; 2324 TAILQ_FOREACH(ia, &state->addrs, next) { 2325 if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) == 2326 (IPV6_AF_ADDED | IPV6_AF_STATIC)) 2327 { 2328 rt = inet6_makeprefix(ifp, NULL, ia); 2329 if (rt) 2330 rt_proto_add(routes, rt); 2331 } 2332 } 2333 } 2334 return 0; 2335 } 2336 2337 static int 2338 inet6_raroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx) 2339 { 2340 struct rt *rt; 2341 struct ra *rap; 2342 const struct ipv6_addr *addr; 2343 2344 TAILQ_FOREACH(rap, ctx->ra_routers, next) { 2345 if (rap->expired) 2346 continue; 2347 TAILQ_FOREACH(addr, &rap->addrs, next) { 2348 if (addr->prefix_vltime == 0) 2349 continue; 2350 rt = inet6_makeprefix(rap->iface, rap, addr); 2351 if (rt) { 2352 rt->rt_dflags |= RTDF_RA; 2353 rt_proto_add(routes, rt); 2354 } 2355 } 2356 if (rap->lifetime == 0) 2357 continue; 2358 if (ipv6_anyglobal(rap->iface) == NULL) 2359 continue; 2360 rt = inet6_makerouter(rap); 2361 if (rt == NULL) 2362 continue; 2363 rt->rt_dflags |= RTDF_RA; 2364 rt_proto_add(routes, rt); 2365 } 2366 return 0; 2367 } 2368 2369 #ifdef DHCP6 2370 static int 2371 inet6_dhcproutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx, 2372 enum DH6S dstate) 2373 { 2374 struct interface *ifp; 2375 const struct dhcp6_state *d6_state; 2376 const struct ipv6_addr *addr; 2377 struct rt *rt; 2378 2379 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 2380 d6_state = D6_CSTATE(ifp); 2381 if (d6_state && d6_state->state == dstate) { 2382 TAILQ_FOREACH(addr, &d6_state->addrs, next) { 2383 rt = inet6_makeprefix(ifp, NULL, addr); 2384 if (rt == NULL) 2385 continue; 2386 rt->rt_dflags |= RTDF_DHCP; 2387 rt_proto_add(routes, rt); 2388 } 2389 } 2390 } 2391 return 0; 2392 } 2393 #endif 2394 2395 bool 2396 inet6_getroutes(struct dhcpcd_ctx *ctx, rb_tree_t *routes) 2397 { 2398 2399 /* Should static take priority? */ 2400 if (inet6_staticroutes(routes, ctx) == -1) 2401 return false; 2402 2403 /* First add reachable routers and their prefixes */ 2404 if (inet6_raroutes(routes, ctx) == -1) 2405 return false; 2406 2407 #ifdef DHCP6 2408 /* We have no way of knowing if prefixes added by DHCP are reachable 2409 * or not, so we have to assume they are. 2410 * Add bound before delegated so we can prefer interfaces better. */ 2411 if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1) 2412 return false; 2413 if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1) 2414 return false; 2415 #endif 2416 2417 return true; 2418 } 2419