1 /* $OpenBSD: nd6_rtr.c,v 1.167 2019/06/21 17:11:43 mpi Exp $ */ 2 /* $KAME: nd6_rtr.c,v 1.97 2001/02/07 11:09:13 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/param.h> 34 #include <sys/systm.h> 35 #include <sys/timeout.h> 36 #include <sys/malloc.h> 37 #include <sys/mbuf.h> 38 #include <sys/socket.h> 39 #include <sys/sockio.h> 40 #include <sys/time.h> 41 #include <sys/kernel.h> 42 #include <sys/errno.h> 43 #include <sys/ioctl.h> 44 #include <sys/syslog.h> 45 #include <sys/queue.h> 46 47 #include <net/if.h> 48 #include <net/if_dl.h> 49 #include <net/if_var.h> 50 #include <net/route.h> 51 #include <net/rtable.h> 52 53 #include <netinet/in.h> 54 #include <netinet6/in6_var.h> 55 #include <netinet/ip6.h> 56 #include <netinet6/ip6_var.h> 57 #include <netinet6/nd6.h> 58 #include <netinet/icmp6.h> 59 60 int rt6_deleteroute(struct rtentry *, void *, unsigned int); 61 62 /* 63 * Process Source Link-layer Address Options from 64 * Router Solicitation / Advertisement Messages. 65 */ 66 void 67 nd6_rtr_cache(struct mbuf *m, int off, int icmp6len, int icmp6_type) 68 { 69 struct ifnet *ifp; 70 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 71 struct nd_router_solicit *nd_rs; 72 struct nd_router_advert *nd_ra; 73 struct in6_addr saddr6 = ip6->ip6_src; 74 char *lladdr = NULL; 75 int lladdrlen = 0; 76 union nd_opts ndopts; 77 char src[INET6_ADDRSTRLEN], dst[INET6_ADDRSTRLEN]; 78 79 KASSERT(icmp6_type == ND_ROUTER_SOLICIT || icmp6_type == 80 ND_ROUTER_ADVERT); 81 82 /* Sanity checks */ 83 if (ip6->ip6_hlim != 255) { 84 nd6log((LOG_ERR, 85 "%s: invalid hlim (%d) from %s to %s on %u\n", 86 __func__, ip6->ip6_hlim, 87 inet_ntop(AF_INET6, &ip6->ip6_src, src, sizeof(src)), 88 inet_ntop(AF_INET6, &ip6->ip6_dst, dst, sizeof(dst)), 89 m->m_pkthdr.ph_ifidx)); 90 goto bad; 91 } 92 93 switch (icmp6_type) { 94 case ND_ROUTER_SOLICIT: 95 /* 96 * Don't update the neighbor cache, if src = ::. 97 * This indicates that the src has no IP address assigned yet. 98 */ 99 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) 100 goto freeit; 101 102 IP6_EXTHDR_GET(nd_rs, struct nd_router_solicit *, m, off, 103 icmp6len); 104 if (nd_rs == NULL) { 105 icmp6stat_inc(icp6s_tooshort); 106 return; 107 } 108 109 icmp6len -= sizeof(*nd_rs); 110 nd6_option_init(nd_rs + 1, icmp6len, &ndopts); 111 break; 112 case ND_ROUTER_ADVERT: 113 if (!IN6_IS_ADDR_LINKLOCAL(&saddr6)) { 114 nd6log((LOG_ERR, 115 "%s: src %s is not link-local\n", __func__, 116 inet_ntop(AF_INET6, &saddr6, src, sizeof(src)))); 117 goto bad; 118 } 119 120 IP6_EXTHDR_GET(nd_ra, struct nd_router_advert *, m, off, 121 icmp6len); 122 if (nd_ra == NULL) { 123 icmp6stat_inc(icp6s_tooshort); 124 return; 125 } 126 127 icmp6len -= sizeof(*nd_ra); 128 nd6_option_init(nd_ra + 1, icmp6len, &ndopts); 129 break; 130 } 131 132 if (nd6_options(&ndopts) < 0) { 133 nd6log((LOG_INFO, 134 "%s: invalid ND option, ignored\n", __func__)); 135 /* nd6_options have incremented stats */ 136 goto freeit; 137 } 138 139 if (ndopts.nd_opts_src_lladdr) { 140 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1); 141 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 142 } 143 144 ifp = if_get(m->m_pkthdr.ph_ifidx); 145 if (ifp == NULL) 146 goto freeit; 147 148 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 149 nd6log((LOG_INFO, 150 "%s: lladdrlen mismatch for %s (if %d, RA/RS packet %d)\n", 151 __func__, inet_ntop(AF_INET6, &saddr6, src, sizeof(src)), 152 ifp->if_addrlen, lladdrlen - 2)); 153 if_put(ifp); 154 goto bad; 155 } 156 157 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, icmp6_type, 0); 158 if_put(ifp); 159 160 freeit: 161 m_freem(m); 162 return; 163 164 bad: 165 icmp6stat_inc(icmp6_type == ND_ROUTER_SOLICIT ? icp6s_badrs : 166 icp6s_badra); 167 m_freem(m); 168 } 169 170 /* 171 * Delete all the routing table entries that use the specified gateway. 172 * XXX: this function causes search through all entries of routing table, so 173 * it shouldn't be called when acting as a router. 174 * The gateway must already contain KAME's hack for link-local scope. 175 */ 176 int 177 rt6_flush(struct in6_addr *gateway, struct ifnet *ifp) 178 { 179 struct rt_addrinfo info; 180 struct sockaddr_in6 sa_mask; 181 struct rtentry *rt = NULL; 182 int error; 183 184 NET_ASSERT_LOCKED(); 185 186 /* We'll care only link-local addresses */ 187 if (!IN6_IS_ADDR_LINKLOCAL(gateway)) 188 return (0); 189 190 KASSERT(gateway->s6_addr16[1] != 0); 191 192 do { 193 error = rtable_walk(ifp->if_rdomain, AF_INET6, &rt, 194 rt6_deleteroute, gateway); 195 if (rt != NULL && error == EEXIST) { 196 memset(&info, 0, sizeof(info)); 197 info.rti_flags = rt->rt_flags; 198 info.rti_info[RTAX_DST] = rt_key(rt); 199 info.rti_info[RTAX_GATEWAY] = rt->rt_gateway; 200 info.rti_info[RTAX_NETMASK] = rt_plen2mask(rt, 201 &sa_mask); 202 error = rtrequest_delete(&info, RTP_ANY, ifp, NULL, 203 ifp->if_rdomain); 204 if (error == 0) 205 error = EAGAIN; 206 } 207 rtfree(rt); 208 rt = NULL; 209 } while (error == EAGAIN); 210 211 return (error); 212 } 213 214 int 215 rt6_deleteroute(struct rtentry *rt, void *arg, unsigned int id) 216 { 217 struct in6_addr *gate = (struct in6_addr *)arg; 218 219 if (rt->rt_gateway == NULL || rt->rt_gateway->sa_family != AF_INET6) 220 return (0); 221 222 if (!IN6_ARE_ADDR_EQUAL(gate, &satosin6(rt->rt_gateway)->sin6_addr)) 223 return (0); 224 225 /* 226 * Do not delete a static route. 227 * XXX: this seems to be a bit ad-hoc. Should we consider the 228 * 'cloned' bit instead? 229 */ 230 if ((rt->rt_flags & RTF_STATIC) != 0) 231 return (0); 232 233 /* 234 * We delete only host route. This means, in particular, we don't 235 * delete default route. 236 */ 237 if ((rt->rt_flags & RTF_HOST) == 0) 238 return (0); 239 240 return (EEXIST); 241 } 242