1 /* $KAME: rrenum.c,v 1.10 2001/01/21 15:32:16 itojun Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * $FreeBSD: src/usr.sbin/rtadvd/rrenum.c,v 1.2.2.2 2001/07/03 11:02:14 ume Exp $ 32 */ 33 #include <sys/types.h> 34 #include <sys/param.h> 35 #include <sys/ioctl.h> 36 #include <sys/socket.h> 37 #include <sys/sysctl.h> 38 39 #include <net/if.h> 40 #if defined(__DragonFly__) 41 #include <net/if_var.h> 42 #endif /* __DragonFly__ */ 43 #include <net/route.h> 44 #include <netinet/in.h> 45 #include <netinet/in_var.h> 46 #include <netinet/icmp6.h> 47 48 #include <arpa/inet.h> 49 50 #include <errno.h> 51 #include <string.h> 52 #include <stdlib.h> 53 #include <syslog.h> 54 #include "rtadvd.h" 55 #include "rrenum.h" 56 #include "if.h" 57 58 #define RR_ISSET_SEGNUM(segnum_bits, segnum) \ 59 ((((segnum_bits)[(segnum) >> 5]) & (1 << ((segnum) & 31))) != 0) 60 #define RR_SET_SEGNUM(segnum_bits, segnum) \ 61 (((segnum_bits)[(segnum) >> 5]) |= (1 << ((segnum) & 31))) 62 63 struct rr_operation { 64 u_long rro_seqnum; 65 u_long rro_segnum_bits[8]; 66 }; 67 68 static struct rr_operation rro; 69 static int rr_rcvifindex; 70 static int rrcmd2pco[RPM_PCO_MAX] = { 71 0, 72 SIOCAIFPREFIX_IN6, 73 SIOCCIFPREFIX_IN6, 74 SIOCSGIFPREFIX_IN6 75 }; 76 static int s = -1; 77 78 /* 79 * Check validity of a Prefix Control Operation(PCO). 80 * Return 0 on success, 1 on failure. 81 */ 82 static int 83 rr_pco_check(int len, struct rr_pco_match *rpm) 84 { 85 struct rr_pco_use *rpu, *rpulim; 86 int checklen; 87 88 /* rpm->rpm_len must be (4N * 3) as router-renum-05.txt */ 89 if ((rpm->rpm_len - 3) < 0 || /* must be at least 3 */ 90 (rpm->rpm_len - 3) & 0x3) { /* must be multiple of 4 */ 91 syslog(LOG_WARNING, "<%s> rpm_len %d is not 4N * 3", 92 __func__, rpm->rpm_len); 93 return 1; 94 } 95 /* rpm->rpm_code must be valid value */ 96 switch(rpm->rpm_code) { 97 case RPM_PCO_ADD: 98 case RPM_PCO_CHANGE: 99 case RPM_PCO_SETGLOBAL: 100 break; 101 default: 102 syslog(LOG_WARNING, "<%s> unknown rpm_code %d", __func__, 103 rpm->rpm_code); 104 return 1; 105 } 106 /* rpm->rpm_matchlen must be 0 to 128 inclusive */ 107 if (rpm->rpm_matchlen > 128) { 108 syslog(LOG_WARNING, "<%s> rpm_matchlen %d is over 128", 109 __func__, rpm->rpm_matchlen); 110 return 1; 111 } 112 113 /* 114 * rpu->rpu_uselen, rpu->rpu_keeplen, and sum of them must be 115 * between 0 and 128 inclusive 116 */ 117 for (rpu = (struct rr_pco_use *)(rpm + 1), 118 rpulim = (struct rr_pco_use *)((char *)rpm + len); 119 rpu < rpulim; 120 rpu += 1) { 121 checklen = rpu->rpu_uselen; 122 checklen += rpu->rpu_keeplen; 123 /* 124 * omit these check, because either of rpu_uselen 125 * and rpu_keeplen is unsigned char 126 * (128 > rpu_uselen > 0) 127 * (128 > rpu_keeplen > 0) 128 * (rpu_uselen + rpu_keeplen > 0) 129 */ 130 if (checklen > 128) { 131 syslog(LOG_WARNING, "<%s> sum of rpu_uselen %d and" 132 " rpu_keeplen %d is %d(over 128)", 133 __func__, rpu->rpu_uselen, 134 rpu->rpu_keeplen, 135 rpu->rpu_uselen + rpu->rpu_keeplen); 136 return 1; 137 } 138 } 139 return 0; 140 } 141 142 static void 143 do_use_prefix(int len, struct rr_pco_match *rpm, 144 struct in6_rrenumreq *irr, int ifindex) 145 { 146 struct rr_pco_use *rpu, *rpulim; 147 struct rainfo *rai; 148 struct prefix *pp; 149 150 rpu = (struct rr_pco_use *)(rpm + 1); 151 rpulim = (struct rr_pco_use *)((char *)rpm + len); 152 153 if (rpu == rpulim) { /* no use prefix */ 154 if (rpm->rpm_code == RPM_PCO_ADD) 155 return; 156 157 irr->irr_u_uselen = 0; 158 irr->irr_u_keeplen = 0; 159 irr->irr_raf_mask_onlink = 0; 160 irr->irr_raf_mask_auto = 0; 161 irr->irr_vltime = 0; 162 irr->irr_pltime = 0; 163 memset(&irr->irr_flags, 0, sizeof(irr->irr_flags)); 164 irr->irr_useprefix.sin6_len = 0; /* let it mean, no addition */ 165 irr->irr_useprefix.sin6_family = 0; 166 irr->irr_useprefix.sin6_addr = in6addr_any; 167 if (ioctl(s, rrcmd2pco[rpm->rpm_code], (caddr_t)irr) < 0 && 168 errno != EADDRNOTAVAIL) 169 syslog(LOG_ERR, "<%s> ioctl: %s", __func__, 170 strerror(errno)); 171 return; 172 } 173 174 for (rpu = (struct rr_pco_use *)(rpm + 1), 175 rpulim = (struct rr_pco_use *)((char *)rpm + len); 176 rpu < rpulim; 177 rpu += 1) { 178 /* init in6_rrenumreq fields */ 179 irr->irr_u_uselen = rpu->rpu_uselen; 180 irr->irr_u_keeplen = rpu->rpu_keeplen; 181 irr->irr_raf_mask_onlink = 182 (rpu->rpu_ramask & ICMP6_RR_PCOUSE_RAFLAGS_ONLINK) == 0 ? 0 : 1; 183 irr->irr_raf_mask_auto = 184 (rpu->rpu_ramask & ICMP6_RR_PCOUSE_RAFLAGS_AUTO); 185 irr->irr_vltime = ntohl(rpu->rpu_vltime); 186 irr->irr_pltime = ntohl(rpu->rpu_pltime); 187 irr->irr_raf_onlink = 188 (rpu->rpu_raflags & ICMP6_RR_PCOUSE_RAFLAGS_ONLINK) == 0 ? 0 : 1; 189 irr->irr_raf_auto = 190 (rpu->rpu_raflags & ICMP6_RR_PCOUSE_RAFLAGS_AUTO) == 0 ? 0 : 1; 191 irr->irr_rrf_decrvalid = 192 (rpu->rpu_flags & ICMP6_RR_PCOUSE_FLAGS_DECRVLTIME) == 0 ? 0 : 1; 193 irr->irr_rrf_decrprefd = 194 (rpu->rpu_flags & ICMP6_RR_PCOUSE_FLAGS_DECRPLTIME) == 0 ? 0 : 1; 195 irr->irr_useprefix.sin6_len = sizeof(irr->irr_useprefix); 196 irr->irr_useprefix.sin6_family = AF_INET6; 197 irr->irr_useprefix.sin6_addr = rpu->rpu_prefix; 198 199 if (ioctl(s, rrcmd2pco[rpm->rpm_code], (caddr_t)irr) < 0 && 200 errno != EADDRNOTAVAIL) 201 syslog(LOG_ERR, "<%s> ioctl: %s", __func__, 202 strerror(errno)); 203 204 /* very adhoc: should be rewritten */ 205 if (rpm->rpm_code == RPM_PCO_CHANGE && 206 IN6_ARE_ADDR_EQUAL(&rpm->rpm_prefix, &rpu->rpu_prefix) && 207 rpm->rpm_matchlen == rpu->rpu_uselen && 208 rpu->rpu_uselen == rpu->rpu_keeplen) { 209 if ((rai = if_indextorainfo(ifindex)) == NULL) 210 continue; /* non-advertising IF */ 211 212 for (pp = rai->prefix.next; pp != &rai->prefix; 213 pp = pp->next) { 214 struct timeval now; 215 216 if (prefix_match(&pp->prefix, pp->prefixlen, 217 &rpm->rpm_prefix, 218 rpm->rpm_matchlen)) { 219 /* change parameters */ 220 pp->validlifetime = ntohl(rpu->rpu_vltime); 221 pp->preflifetime = ntohl(rpu->rpu_pltime); 222 if (irr->irr_rrf_decrvalid) { 223 gettimeofday(&now, 0); 224 pp->vltimeexpire = 225 now.tv_sec + pp->validlifetime; 226 } else 227 pp->vltimeexpire = 0; 228 if (irr->irr_rrf_decrprefd) { 229 gettimeofday(&now, 0); 230 pp->pltimeexpire = 231 now.tv_sec + pp->preflifetime; 232 } else 233 pp->pltimeexpire = 0; 234 } 235 } 236 } 237 } 238 } 239 240 /* 241 * process a Prefix Control Operation(PCO). 242 * return 0 on success, 1 on failure 243 */ 244 static int 245 do_pco(struct icmp6_router_renum *rr, int len, struct rr_pco_match *rpm) 246 { 247 int ifindex = 0; 248 struct in6_rrenumreq irr; 249 250 if ((rr_pco_check(len, rpm) != 0)) 251 return 1; 252 253 if (s == -1 && (s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) { 254 syslog(LOG_ERR, "<%s> socket: %s", __func__, 255 strerror(errno)); 256 exit(1); 257 } 258 259 memset(&irr, 0, sizeof(irr)); 260 irr.irr_origin = PR_ORIG_RR; 261 irr.irr_m_len = rpm->rpm_matchlen; 262 irr.irr_m_minlen = rpm->rpm_minlen; 263 irr.irr_m_maxlen = rpm->rpm_maxlen; 264 irr.irr_matchprefix.sin6_len = sizeof(irr.irr_matchprefix); 265 irr.irr_matchprefix.sin6_family = AF_INET6; 266 irr.irr_matchprefix.sin6_addr = rpm->rpm_prefix; 267 268 while (if_indextoname(++ifindex, irr.irr_name)) { 269 /* 270 * if ICMP6_RR_FLAGS_FORCEAPPLY(A flag) is 0 and IFF_UP is off, 271 * the interface is not applied 272 */ 273 if ((rr->rr_flags & ICMP6_RR_FLAGS_FORCEAPPLY) == 0 && 274 (iflist[ifindex]->ifm_flags & IFF_UP) == 0) 275 continue; 276 /* TODO: interface scope check */ 277 do_use_prefix(len, rpm, &irr, ifindex); 278 } 279 if (errno == ENXIO) 280 return 0; 281 else if (errno) { 282 syslog(LOG_ERR, "<%s> if_indextoname: %s", __func__, 283 strerror(errno)); 284 return 1; 285 } 286 return 0; 287 } 288 289 /* 290 * call do_pco() for each Prefix Control Operations(PCOs) in a received 291 * Router Renumbering Command packet. 292 * return 0 on success, 1 on failure 293 */ 294 static int 295 do_rr(int len, struct icmp6_router_renum *rr) 296 { 297 struct rr_pco_match *rpm; 298 char *cp, *lim; 299 300 lim = (char *)rr + len; 301 cp = (char *)(rr + 1); 302 len -= sizeof(struct icmp6_router_renum); 303 304 /* get iflist block from kernel again, to get up-to-date information */ 305 init_iflist(); 306 307 while (cp < lim) { 308 int rpmlen; 309 310 rpm = (struct rr_pco_match *)cp; 311 if (len < sizeof(struct rr_pco_match)) { 312 tooshort: 313 syslog(LOG_ERR, "<%s> pkt too short. left len = %d. " 314 "garbage at end of pkt?", __func__, len); 315 return 1; 316 } 317 rpmlen = rpm->rpm_len << 3; 318 if (len < rpmlen) 319 goto tooshort; 320 321 if (do_pco(rr, rpmlen, rpm)) { 322 syslog(LOG_WARNING, "<%s> invalid PCO", __func__); 323 goto next; 324 } 325 326 next: 327 cp += rpmlen; 328 len -= rpmlen; 329 } 330 331 return 0; 332 } 333 334 /* 335 * check validity of a router renumbering command packet 336 * return 0 on success, 1 on failure 337 */ 338 static int 339 rr_command_check(int len, struct icmp6_router_renum *rr, struct in6_addr *from, 340 struct in6_addr *dst) 341 { 342 u_char ntopbuf[INET6_ADDRSTRLEN]; 343 344 /* omit rr minimal length check. hope kernel have done it. */ 345 /* rr_command length check */ 346 if (len < (sizeof(struct icmp6_router_renum) + 347 sizeof(struct rr_pco_match))) { 348 syslog(LOG_ERR, "<%s> rr_command len %d is too short", 349 __func__, len); 350 return 1; 351 } 352 353 /* destination check. only for multicast. omit unicast check. */ 354 if (IN6_IS_ADDR_MULTICAST(dst) && !IN6_IS_ADDR_MC_LINKLOCAL(dst) && 355 !IN6_IS_ADDR_MC_SITELOCAL(dst)) { 356 syslog(LOG_ERR, "<%s> dst mcast addr %s is illegal", 357 __func__, 358 inet_ntop(AF_INET6, dst, ntopbuf, INET6_ADDRSTRLEN)); 359 return 1; 360 } 361 362 /* seqnum and segnum check */ 363 if (rro.rro_seqnum > rr->rr_seqnum) { 364 syslog(LOG_WARNING, 365 "<%s> rcvd old seqnum %d from %s", 366 __func__, (u_int32_t)ntohl(rr->rr_seqnum), 367 inet_ntop(AF_INET6, from, ntopbuf, INET6_ADDRSTRLEN)); 368 return 1; 369 } 370 if (rro.rro_seqnum == rr->rr_seqnum && 371 (rr->rr_flags & ICMP6_RR_FLAGS_TEST) == 0 && 372 RR_ISSET_SEGNUM(rro.rro_segnum_bits, rr->rr_segnum)) { 373 if ((rr->rr_flags & ICMP6_RR_FLAGS_REQRESULT) != 0) 374 syslog(LOG_WARNING, 375 "<%s> rcvd duped segnum %d from %s", 376 __func__, rr->rr_segnum, 377 inet_ntop(AF_INET6, from, ntopbuf, 378 INET6_ADDRSTRLEN)); 379 return 0; 380 } 381 382 /* update seqnum */ 383 if (rro.rro_seqnum != rr->rr_seqnum) { 384 /* then must be "<" */ 385 386 /* init rro_segnum_bits */ 387 memset(rro.rro_segnum_bits, 0, 388 sizeof(rro.rro_segnum_bits)); 389 } 390 rro.rro_seqnum = rr->rr_seqnum; 391 392 return 0; 393 } 394 395 static void 396 rr_command_input(int len, struct icmp6_router_renum *rr, 397 struct in6_addr *from, struct in6_addr *dst) 398 { 399 /* rr_command validity check */ 400 if (rr_command_check(len, rr, from, dst)) 401 goto failed; 402 if ((rr->rr_flags & (ICMP6_RR_FLAGS_TEST|ICMP6_RR_FLAGS_REQRESULT)) == 403 ICMP6_RR_FLAGS_TEST) 404 return; 405 406 /* do router renumbering */ 407 if (do_rr(len, rr)) { 408 goto failed; 409 } 410 411 /* update segnum */ 412 RR_SET_SEGNUM(rro.rro_segnum_bits, rr->rr_segnum); 413 414 return; 415 416 failed: 417 syslog(LOG_ERR, "<%s> received RR was invalid", __func__); 418 return; 419 } 420 421 void 422 rr_input(int len, struct icmp6_router_renum *rr, struct in6_pktinfo *pi, 423 struct sockaddr_in6 *from, struct in6_addr *dst) 424 { 425 u_char ntopbuf[2][INET6_ADDRSTRLEN], ifnamebuf[IFNAMSIZ]; 426 427 syslog(LOG_DEBUG, 428 "<%s> RR received from %s to %s on %s", 429 __func__, 430 inet_ntop(AF_INET6, &from->sin6_addr, 431 ntopbuf[0], INET6_ADDRSTRLEN), 432 inet_ntop(AF_INET6, &dst, ntopbuf[1], INET6_ADDRSTRLEN), 433 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 434 435 /* packet validation based on Section 4.1 of RFC2894 */ 436 if (len < sizeof(struct icmp6_router_renum)) { 437 syslog(LOG_NOTICE, 438 "<%s>: RR short message (size %d) from %s to %s on %s", 439 __func__, len, 440 inet_ntop(AF_INET6, &from->sin6_addr, 441 ntopbuf[0], INET6_ADDRSTRLEN), 442 inet_ntop(AF_INET6, &dst, ntopbuf[1], INET6_ADDRSTRLEN), 443 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 444 return; 445 } 446 447 /* 448 * If the IPv6 destination address is neither an All Routers multicast 449 * address [AARCH] nor one of the receiving router's unicast addresses, 450 * the message MUST be discarded and SHOULD be logged to network 451 * management. 452 * We rely on the kernel input routine for unicast addresses, and thus 453 * check multicast destinations only. 454 */ 455 if (IN6_IS_ADDR_MULTICAST(&pi->ipi6_addr) && 456 !IN6_ARE_ADDR_EQUAL(&in6a_site_allrouters, &pi->ipi6_addr)) { 457 syslog(LOG_NOTICE, 458 "<%s>: RR message with invalid destination (%s) " 459 "from %s on %s", 460 __func__, 461 inet_ntop(AF_INET6, &dst, ntopbuf[0], INET6_ADDRSTRLEN), 462 inet_ntop(AF_INET6, &from->sin6_addr, 463 ntopbuf[1], INET6_ADDRSTRLEN), 464 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 465 return; 466 } 467 468 rr_rcvifindex = pi->ipi6_ifindex; 469 470 switch (rr->rr_code) { 471 case ICMP6_ROUTER_RENUMBERING_COMMAND: 472 rr_command_input(len, rr, &from->sin6_addr, dst); 473 /* TODO: send reply msg */ 474 break; 475 case ICMP6_ROUTER_RENUMBERING_RESULT: 476 /* RESULT will be processed by rrenumd */ 477 break; 478 case ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET: 479 /* TODO: sequence number reset */ 480 break; 481 default: 482 syslog(LOG_ERR, "<%s> received unknown code %d", 483 __func__, rr->rr_code); 484 break; 485 486 } 487 488 return; 489 } 490