1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * dhcpcd - IPv6 ND handling 4 * Copyright (c) 2006-2023 Roy Marples <roy@marples.name> 5 * All rights reserved 6 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/ioctl.h> 30 #include <sys/param.h> 31 #include <sys/socket.h> 32 #include <net/if.h> 33 #include <net/route.h> 34 #include <netinet/in.h> 35 #include <netinet/ip6.h> 36 #include <netinet/icmp6.h> 37 38 #include <assert.h> 39 #include <errno.h> 40 #include <fcntl.h> 41 #include <stddef.h> 42 #include <stdlib.h> 43 #include <string.h> 44 #include <syslog.h> 45 #include <unistd.h> 46 47 #define ELOOP_QUEUE ELOOP_IPV6ND 48 #include "common.h" 49 #include "dhcpcd.h" 50 #include "dhcp-common.h" 51 #include "dhcp6.h" 52 #include "eloop.h" 53 #include "if.h" 54 #include "ipv6.h" 55 #include "ipv6nd.h" 56 #include "logerr.h" 57 #include "privsep.h" 58 #include "route.h" 59 #include "script.h" 60 61 /* Debugging Router Solicitations is a lot of spam, so disable it */ 62 //#define DEBUG_RS 63 64 #ifndef ND_RA_FLAG_HOME_AGENT 65 #define ND_RA_FLAG_HOME_AGENT 0x20 /* Home Agent flag in RA */ 66 #endif 67 #ifndef ND_RA_FLAG_PROXY 68 #define ND_RA_FLAG_PROXY 0x04 /* Proxy */ 69 #endif 70 #ifndef ND_OPT_PI_FLAG_ROUTER 71 #define ND_OPT_PI_FLAG_ROUTER 0x20 /* Router flag in PI */ 72 #endif 73 74 #ifndef ND_OPT_RI 75 #define ND_OPT_RI 24 76 struct nd_opt_ri { /* Route Information option RFC4191 */ 77 uint8_t nd_opt_ri_type; 78 uint8_t nd_opt_ri_len; 79 uint8_t nd_opt_ri_prefixlen; 80 uint8_t nd_opt_ri_flags_reserved; 81 uint32_t nd_opt_ri_lifetime; 82 struct in6_addr nd_opt_ri_prefix; 83 }; 84 __CTASSERT(sizeof(struct nd_opt_ri) == 24); 85 #define OPT_RI_FLAG_PREFERENCE(flags) ((flags & 0x18) >> 3) 86 #endif 87 88 #ifndef ND_OPT_RDNSS 89 #define ND_OPT_RDNSS 25 90 struct nd_opt_rdnss { /* RDNSS option RFC 6106 */ 91 uint8_t nd_opt_rdnss_type; 92 uint8_t nd_opt_rdnss_len; 93 uint16_t nd_opt_rdnss_reserved; 94 uint32_t nd_opt_rdnss_lifetime; 95 /* followed by list of IP prefixes */ 96 }; 97 __CTASSERT(sizeof(struct nd_opt_rdnss) == 8); 98 #endif 99 100 #ifndef ND_OPT_DNSSL 101 #define ND_OPT_DNSSL 31 102 struct nd_opt_dnssl { /* DNSSL option RFC 6106 */ 103 uint8_t nd_opt_dnssl_type; 104 uint8_t nd_opt_dnssl_len; 105 uint16_t nd_opt_dnssl_reserved; 106 uint32_t nd_opt_dnssl_lifetime; 107 /* followed by list of DNS servers */ 108 }; 109 __CTASSERT(sizeof(struct nd_opt_dnssl) == 8); 110 #endif 111 112 /* Impossible options, so we can easily add extras */ 113 #define _ND_OPT_PREFIX_ADDR 255 + 1 114 115 /* Minimal IPv6 MTU */ 116 #ifndef IPV6_MMTU 117 #define IPV6_MMTU 1280 118 #endif 119 120 #ifndef ND_RA_FLAG_RTPREF_HIGH 121 #define ND_RA_FLAG_RTPREF_MASK 0x18 122 #define ND_RA_FLAG_RTPREF_HIGH 0x08 123 #define ND_RA_FLAG_RTPREF_MEDIUM 0x00 124 #define ND_RA_FLAG_RTPREF_LOW 0x18 125 #define ND_RA_FLAG_RTPREF_RSV 0x10 126 #endif 127 128 #define EXPIRED_MAX 5 /* Remember 5 expired routers to avoid 129 logspam. */ 130 131 #define MIN_RANDOM_FACTOR 500 /* millisecs */ 132 #define MAX_RANDOM_FACTOR 1500 /* millisecs */ 133 #define MIN_RANDOM_FACTOR_U MIN_RANDOM_FACTOR * 1000 /* usecs */ 134 #define MAX_RANDOM_FACTOR_U MAX_RANDOM_FACTOR * 1000 /* usecs */ 135 136 #if BYTE_ORDER == BIG_ENDIAN 137 #define IPV6_ADDR_INT32_ONE 1 138 #define IPV6_ADDR_INT16_MLL 0xff02 139 #elif BYTE_ORDER == LITTLE_ENDIAN 140 #define IPV6_ADDR_INT32_ONE 0x01000000 141 #define IPV6_ADDR_INT16_MLL 0x02ff 142 #endif 143 144 /* Debugging Neighbor Solicitations is a lot of spam, so disable it */ 145 //#define DEBUG_NS 146 // 147 148 static void ipv6nd_handledata(void *, unsigned short); 149 static struct routeinfo *routeinfo_findalloc(struct ra *, const struct in6_addr *, uint8_t); 150 static void routeinfohead_free(struct routeinfohead *); 151 152 /* 153 * Android ships buggy ICMP6 filter headers. 154 * Supply our own until they fix their shit. 155 * References: 156 * https://android-review.googlesource.com/#/c/58438/ 157 * http://code.google.com/p/android/issues/original?id=32621&seq=24 158 */ 159 #ifdef __ANDROID__ 160 #undef ICMP6_FILTER_WILLPASS 161 #undef ICMP6_FILTER_WILLBLOCK 162 #undef ICMP6_FILTER_SETPASS 163 #undef ICMP6_FILTER_SETBLOCK 164 #undef ICMP6_FILTER_SETPASSALL 165 #undef ICMP6_FILTER_SETBLOCKALL 166 #define ICMP6_FILTER_WILLPASS(type, filterp) \ 167 ((((filterp)->icmp6_filt[(type) >> 5]) & (1 << ((type) & 31))) == 0) 168 #define ICMP6_FILTER_WILLBLOCK(type, filterp) \ 169 ((((filterp)->icmp6_filt[(type) >> 5]) & (1 << ((type) & 31))) != 0) 170 #define ICMP6_FILTER_SETPASS(type, filterp) \ 171 ((((filterp)->icmp6_filt[(type) >> 5]) &= ~(1 << ((type) & 31)))) 172 #define ICMP6_FILTER_SETBLOCK(type, filterp) \ 173 ((((filterp)->icmp6_filt[(type) >> 5]) |= (1 << ((type) & 31)))) 174 #define ICMP6_FILTER_SETPASSALL(filterp) \ 175 memset(filterp, 0, sizeof(struct icmp6_filter)); 176 #define ICMP6_FILTER_SETBLOCKALL(filterp) \ 177 memset(filterp, 0xff, sizeof(struct icmp6_filter)); 178 #endif 179 180 /* Support older systems with different defines */ 181 #if !defined(IPV6_RECVHOPLIMIT) && defined(IPV6_HOPLIMIT) 182 #define IPV6_RECVHOPLIMIT IPV6_HOPLIMIT 183 #endif 184 #if !defined(IPV6_RECVPKTINFO) && defined(IPV6_PKTINFO) 185 #define IPV6_RECVPKTINFO IPV6_PKTINFO 186 #endif 187 188 /* Handy defines */ 189 #define ipv6nd_free_ra(ra) ipv6nd_freedrop_ra((ra), 0) 190 #define ipv6nd_drop_ra(ra) ipv6nd_freedrop_ra((ra), 1) 191 192 void 193 ipv6nd_printoptions(const struct dhcpcd_ctx *ctx, 194 const struct dhcp_opt *opts, size_t opts_len) 195 { 196 size_t i, j; 197 const struct dhcp_opt *opt, *opt2; 198 int cols; 199 200 for (i = 0, opt = ctx->nd_opts; 201 i < ctx->nd_opts_len; i++, opt++) 202 { 203 for (j = 0, opt2 = opts; j < opts_len; j++, opt2++) 204 if (opt2->option == opt->option) 205 break; 206 if (j == opts_len) { 207 cols = printf("%03d %s", opt->option, opt->var); 208 dhcp_print_option_encoding(opt, cols); 209 } 210 } 211 for (i = 0, opt = opts; i < opts_len; i++, opt++) { 212 cols = printf("%03d %s", opt->option, opt->var); 213 dhcp_print_option_encoding(opt, cols); 214 } 215 } 216 217 int 218 ipv6nd_open(bool recv) 219 { 220 int fd, on; 221 struct icmp6_filter filt; 222 223 fd = xsocket(PF_INET6, SOCK_RAW | SOCK_CXNB, IPPROTO_ICMPV6); 224 if (fd == -1) 225 return -1; 226 227 ICMP6_FILTER_SETBLOCKALL(&filt); 228 229 /* RFC4861 4.1 */ 230 on = 255; 231 if (setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, 232 &on, sizeof(on)) == -1) 233 goto eexit; 234 235 if (recv) { 236 on = 1; 237 if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, 238 &on, sizeof(on)) == -1) 239 goto eexit; 240 241 on = 1; 242 if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, 243 &on, sizeof(on)) == -1) 244 goto eexit; 245 246 ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt); 247 248 #ifdef SO_RERROR 249 on = 1; 250 if (setsockopt(fd, SOL_SOCKET, SO_RERROR, 251 &on, sizeof(on)) == -1) 252 goto eexit; 253 #endif 254 } 255 256 if (setsockopt(fd, IPPROTO_ICMPV6, ICMP6_FILTER, 257 &filt, sizeof(filt)) == -1) 258 goto eexit; 259 260 return fd; 261 262 eexit: 263 close(fd); 264 return -1; 265 } 266 267 #ifdef __sun 268 int 269 ipv6nd_openif(struct interface *ifp) 270 { 271 int fd; 272 struct ipv6_mreq mreq = { 273 .ipv6mr_multiaddr = IN6ADDR_LINKLOCAL_ALLNODES_INIT, 274 .ipv6mr_interface = ifp->index 275 }; 276 struct rs_state *state = RS_STATE(ifp); 277 uint_t ifindex = ifp->index; 278 279 if (state->nd_fd != -1) 280 return state->nd_fd; 281 282 fd = ipv6nd_open(true); 283 if (fd == -1) 284 return -1; 285 286 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BOUND_IF, 287 &ifindex, sizeof(ifindex)) == -1) 288 { 289 close(fd); 290 return -1; 291 } 292 293 if (setsockopt(fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, 294 &mreq, sizeof(mreq)) == -1) 295 { 296 close(fd); 297 return -1; 298 } 299 300 if (eloop_event_add(ifp->ctx->eloop, fd, ELE_READ, 301 ipv6nd_handledata, ifp) == -1) 302 { 303 close(fd); 304 return -1; 305 } 306 307 state->nd_fd = fd; 308 return fd; 309 } 310 #endif 311 312 static int 313 ipv6nd_makersprobe(struct interface *ifp) 314 { 315 struct rs_state *state; 316 struct nd_router_solicit *rs; 317 318 state = RS_STATE(ifp); 319 free(state->rs); 320 state->rslen = sizeof(*rs); 321 if (ifp->hwlen != 0) 322 state->rslen += (size_t)ROUNDUP8(ifp->hwlen + 2); 323 state->rs = calloc(1, state->rslen); 324 if (state->rs == NULL) 325 return -1; 326 rs = state->rs; 327 rs->nd_rs_type = ND_ROUTER_SOLICIT; 328 //rs->nd_rs_code = 0; 329 //rs->nd_rs_cksum = 0; 330 //rs->nd_rs_reserved = 0; 331 332 if (ifp->hwlen != 0) { 333 struct nd_opt_hdr *nd; 334 335 nd = (struct nd_opt_hdr *)(state->rs + 1); 336 nd->nd_opt_type = ND_OPT_SOURCE_LINKADDR; 337 nd->nd_opt_len = (uint8_t)((ROUNDUP8(ifp->hwlen + 2)) >> 3); 338 memcpy(nd + 1, ifp->hwaddr, ifp->hwlen); 339 } 340 return 0; 341 } 342 343 static void 344 ipv6nd_sendrsprobe(void *arg) 345 { 346 struct interface *ifp = arg; 347 struct rs_state *state = RS_STATE(ifp); 348 struct sockaddr_in6 dst = { 349 .sin6_family = AF_INET6, 350 .sin6_addr = IN6ADDR_LINKLOCAL_ALLROUTERS_INIT, 351 .sin6_scope_id = ifp->index, 352 }; 353 struct iovec iov = { .iov_base = state->rs, .iov_len = state->rslen }; 354 union { 355 struct cmsghdr hdr; 356 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; 357 } cmsgbuf = { .buf = { 0 } }; 358 struct msghdr msg = { 359 .msg_name = &dst, .msg_namelen = sizeof(dst), 360 .msg_iov = &iov, .msg_iovlen = 1, 361 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf), 362 }; 363 struct cmsghdr *cm; 364 struct in6_pktinfo pi = { .ipi6_ifindex = ifp->index }; 365 int s; 366 #ifndef __sun 367 struct dhcpcd_ctx *ctx = ifp->ctx; 368 #endif 369 370 if (ipv6_linklocal(ifp) == NULL) { 371 logdebugx("%s: delaying Router Solicitation for LL address", 372 ifp->name); 373 ipv6_addlinklocalcallback(ifp, ipv6nd_sendrsprobe, ifp); 374 return; 375 } 376 377 #ifdef HAVE_SA_LEN 378 dst.sin6_len = sizeof(dst); 379 #endif 380 381 /* Set the outbound interface */ 382 cm = CMSG_FIRSTHDR(&msg); 383 if (cm == NULL) /* unlikely */ 384 return; 385 cm->cmsg_level = IPPROTO_IPV6; 386 cm->cmsg_type = IPV6_PKTINFO; 387 cm->cmsg_len = CMSG_LEN(sizeof(pi)); 388 memcpy(CMSG_DATA(cm), &pi, sizeof(pi)); 389 390 logdebugx("%s: sending Router Solicitation", ifp->name); 391 #ifdef PRIVSEP 392 if (IN_PRIVSEP(ifp->ctx)) { 393 if (ps_inet_sendnd(ifp, &msg) == -1) 394 logerr(__func__); 395 goto sent; 396 } 397 #endif 398 #ifdef __sun 399 if (state->nd_fd == -1) { 400 if (ipv6nd_openif(ifp) == -1) { 401 logerr(__func__); 402 return; 403 } 404 } 405 s = state->nd_fd; 406 #else 407 if (ctx->nd_fd == -1) { 408 ctx->nd_fd = ipv6nd_open(true); 409 if (ctx->nd_fd == -1) { 410 logerr(__func__); 411 return; 412 } 413 if (eloop_event_add(ctx->eloop, ctx->nd_fd, ELE_READ, 414 ipv6nd_handledata, ctx) == -1) 415 logerr("%s: eloop_event_add", __func__); 416 } 417 s = ifp->ctx->nd_fd; 418 #endif 419 if (sendmsg(s, &msg, 0) == -1) { 420 logerr(__func__); 421 /* Allow IPv6ND to continue .... at most a few errors 422 * would be logged. 423 * Generally the error is ENOBUFS when struggling to 424 * associate with an access point. */ 425 } 426 427 #ifdef PRIVSEP 428 sent: 429 #endif 430 if (state->rsprobes++ < MAX_RTR_SOLICITATIONS) 431 eloop_timeout_add_sec(ifp->ctx->eloop, 432 RTR_SOLICITATION_INTERVAL, ipv6nd_sendrsprobe, ifp); 433 else 434 logwarnx("%s: no IPv6 Routers available", ifp->name); 435 } 436 437 #ifdef ND6_ADVERTISE 438 static void 439 ipv6nd_sendadvertisement(void *arg) 440 { 441 struct ipv6_addr *ia = arg; 442 struct interface *ifp = ia->iface; 443 struct dhcpcd_ctx *ctx = ifp->ctx; 444 struct sockaddr_in6 dst = { 445 .sin6_family = AF_INET6, 446 .sin6_addr = IN6ADDR_LINKLOCAL_ALLNODES_INIT, 447 .sin6_scope_id = ifp->index, 448 }; 449 struct iovec iov = { .iov_base = ia->na, .iov_len = ia->na_len }; 450 union { 451 struct cmsghdr hdr; 452 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; 453 } cmsgbuf = { .buf = { 0 } }; 454 struct msghdr msg = { 455 .msg_name = &dst, .msg_namelen = sizeof(dst), 456 .msg_iov = &iov, .msg_iovlen = 1, 457 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf), 458 }; 459 struct cmsghdr *cm; 460 struct in6_pktinfo pi = { .ipi6_ifindex = ifp->index }; 461 const struct rs_state *state = RS_CSTATE(ifp); 462 int s; 463 464 if (state == NULL || !if_is_link_up(ifp)) 465 goto freeit; 466 467 #ifdef SIN6_LEN 468 dst.sin6_len = sizeof(dst); 469 #endif 470 471 /* Set the outbound interface. */ 472 cm = CMSG_FIRSTHDR(&msg); 473 assert(cm != NULL); 474 cm->cmsg_level = IPPROTO_IPV6; 475 cm->cmsg_type = IPV6_PKTINFO; 476 cm->cmsg_len = CMSG_LEN(sizeof(pi)); 477 memcpy(CMSG_DATA(cm), &pi, sizeof(pi)); 478 logdebugx("%s: sending NA for %s", ifp->name, ia->saddr); 479 480 #ifdef PRIVSEP 481 if (IN_PRIVSEP(ifp->ctx)) { 482 if (ps_inet_sendnd(ifp, &msg) == -1) 483 logerr(__func__); 484 goto sent; 485 } 486 #endif 487 #ifdef __sun 488 s = state->nd_fd; 489 #else 490 s = ctx->nd_fd; 491 #endif 492 if (sendmsg(s, &msg, 0) == -1) 493 logerr(__func__); 494 495 #ifdef PRIVSEP 496 sent: 497 #endif 498 if (++ia->na_count < MAX_NEIGHBOR_ADVERTISEMENT) { 499 eloop_timeout_add_sec(ctx->eloop, 500 state->retrans / 1000, ipv6nd_sendadvertisement, ia); 501 return; 502 } 503 504 freeit: 505 free(ia->na); 506 ia->na = NULL; 507 ia->na_count = 0; 508 } 509 510 void 511 ipv6nd_advertise(struct ipv6_addr *ia) 512 { 513 struct dhcpcd_ctx *ctx; 514 struct interface *ifp; 515 struct ipv6_state *state; 516 struct ipv6_addr *iap, *iaf; 517 struct nd_neighbor_advert *na; 518 519 if (IN6_IS_ADDR_MULTICAST(&ia->addr)) 520 return; 521 522 #ifdef __sun 523 if (!(ia->flags & IPV6_AF_AUTOCONF) && ia->flags & IPV6_AF_RAPFX) 524 return; 525 #endif 526 527 ctx = ia->iface->ctx; 528 /* Find the most preferred address to advertise. */ 529 iaf = NULL; 530 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 531 state = IPV6_STATE(ifp); 532 if (state == NULL || !if_is_link_up(ifp)) 533 continue; 534 535 TAILQ_FOREACH(iap, &state->addrs, next) { 536 if (!IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr)) 537 continue; 538 539 /* Cancel any current advertisement. */ 540 eloop_timeout_delete(ctx->eloop, 541 ipv6nd_sendadvertisement, iap); 542 543 /* Don't advertise what we can't use. */ 544 if (iap->prefix_vltime == 0 || 545 iap->addr_flags & IN6_IFF_NOTUSEABLE) 546 continue; 547 548 if (iaf == NULL || 549 iaf->iface->metric > iap->iface->metric) 550 iaf = iap; 551 } 552 } 553 if (iaf == NULL) 554 return; 555 556 /* Make the packet. */ 557 ifp = iaf->iface; 558 iaf->na_len = sizeof(*na); 559 if (ifp->hwlen != 0) 560 iaf->na_len += (size_t)ROUNDUP8(ifp->hwlen + 2); 561 na = calloc(1, iaf->na_len); 562 if (na == NULL) { 563 logerr(__func__); 564 return; 565 } 566 567 na->nd_na_type = ND_NEIGHBOR_ADVERT; 568 na->nd_na_flags_reserved = ND_NA_FLAG_OVERRIDE; 569 #if defined(PRIVSEP) && (defined(__linux__) || defined(HAVE_PLEDGE)) 570 if (IN_PRIVSEP(ctx)) { 571 if (ps_root_ip6forwarding(ctx, ifp->name) != 0) 572 na->nd_na_flags_reserved |= ND_NA_FLAG_ROUTER; 573 } else 574 #endif 575 if (ip6_forwarding(ifp->name) != 0) 576 na->nd_na_flags_reserved |= ND_NA_FLAG_ROUTER; 577 na->nd_na_target = ia->addr; 578 579 if (ifp->hwlen != 0) { 580 struct nd_opt_hdr *opt; 581 582 opt = (struct nd_opt_hdr *)(na + 1); 583 opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; 584 opt->nd_opt_len = (uint8_t)((ROUNDUP8(ifp->hwlen + 2)) >> 3); 585 memcpy(opt + 1, ifp->hwaddr, ifp->hwlen); 586 } 587 588 iaf->na_count = 0; 589 free(iaf->na); 590 iaf->na = na; 591 eloop_timeout_delete(ctx->eloop, ipv6nd_sendadvertisement, iaf); 592 ipv6nd_sendadvertisement(iaf); 593 } 594 #elif !defined(SMALL) 595 #warning kernel does not support userland sending ND6 advertisements 596 #endif /* ND6_ADVERTISE */ 597 598 static void 599 ipv6nd_expire(void *arg) 600 { 601 struct interface *ifp = arg; 602 struct ra *rap; 603 604 if (ifp->ctx->ra_routers == NULL) 605 return; 606 607 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) { 608 if (rap->iface == ifp && rap->willexpire) 609 rap->doexpire = true; 610 } 611 ipv6nd_expirera(ifp); 612 } 613 614 void 615 ipv6nd_startexpire(struct interface *ifp) 616 { 617 struct ra *rap; 618 619 if (ifp->ctx->ra_routers == NULL) 620 return; 621 622 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) { 623 if (rap->iface == ifp) 624 rap->willexpire = true; 625 } 626 eloop_q_timeout_add_sec(ifp->ctx->eloop, ELOOP_IPV6RA_EXPIRE, 627 RTR_CARRIER_EXPIRE, ipv6nd_expire, ifp); 628 } 629 630 int 631 ipv6nd_rtpref(uint8_t flags) 632 { 633 634 switch (flags & ND_RA_FLAG_RTPREF_MASK) { 635 case ND_RA_FLAG_RTPREF_HIGH: 636 return RTPREF_HIGH; 637 case ND_RA_FLAG_RTPREF_MEDIUM: 638 case ND_RA_FLAG_RTPREF_RSV: 639 return RTPREF_MEDIUM; 640 case ND_RA_FLAG_RTPREF_LOW: 641 return RTPREF_LOW; 642 default: 643 logerrx("%s: impossible RA flag %x", __func__, flags); 644 return RTPREF_INVALID; 645 } 646 /* NOTREACHED */ 647 } 648 649 static void 650 ipv6nd_sortrouters(struct dhcpcd_ctx *ctx) 651 { 652 struct ra_head sorted_routers = TAILQ_HEAD_INITIALIZER(sorted_routers); 653 struct ra *ra1, *ra2; 654 655 while ((ra1 = TAILQ_FIRST(ctx->ra_routers)) != NULL) { 656 TAILQ_REMOVE(ctx->ra_routers, ra1, next); 657 TAILQ_FOREACH(ra2, &sorted_routers, next) { 658 if (ra1->iface->metric > ra2->iface->metric) 659 continue; 660 if (ra1->expired && !ra2->expired) 661 continue; 662 if (ra1->willexpire && !ra2->willexpire) 663 continue; 664 if (ra1->lifetime == 0 && ra2->lifetime != 0) 665 continue; 666 if (!ra1->isreachable && ra2->reachable) 667 continue; 668 if (ipv6nd_rtpref(ra1->flags) <= ipv6nd_rtpref(ra2->flags)) 669 continue; 670 /* All things being equal, prefer older routers. */ 671 /* We don't need to check time, becase newer 672 * routers are always added to the tail and then 673 * sorted. */ 674 TAILQ_INSERT_BEFORE(ra2, ra1, next); 675 break; 676 } 677 if (ra2 == NULL) 678 TAILQ_INSERT_TAIL(&sorted_routers, ra1, next); 679 } 680 681 TAILQ_CONCAT(ctx->ra_routers, &sorted_routers, next); 682 } 683 684 static void 685 ipv6nd_applyra(struct interface *ifp) 686 { 687 struct ra *rap; 688 struct rs_state *state = RS_STATE(ifp); 689 struct ra defra = { 690 .iface = ifp, 691 .hoplimit = IPV6_DEFHLIM , 692 .reachable = REACHABLE_TIME, 693 .retrans = RETRANS_TIMER, 694 }; 695 696 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) { 697 if (rap->iface == ifp) 698 break; 699 } 700 701 /* If we have no Router Advertisement, then set default values. */ 702 if (rap == NULL || rap->expired || rap->willexpire) 703 rap = &defra; 704 705 state->retrans = rap->retrans; 706 if (if_applyra(rap) == -1 && errno != ENOENT) 707 logerr(__func__); 708 } 709 710 /* 711 * Neighbour reachability. 712 * 713 * RFC 4681 6.2.5 says when a node is no longer a router it MUST 714 * send a RA with a zero lifetime. 715 * All OS's I know of set the NA router flag if they are a router 716 * or not and disregard that they are actively advertising or 717 * shutting down. If the interface is disabled, it cant't send a NA at all. 718 * 719 * As such we CANNOT rely on the NA Router flag and MUST use 720 * unreachability or receive a RA with a lifetime of zero to remove 721 * the node as a default router. 722 */ 723 void 724 ipv6nd_neighbour(struct dhcpcd_ctx *ctx, struct in6_addr *addr, bool reachable) 725 { 726 struct ra *rap, *rapr; 727 728 if (ctx->ra_routers == NULL) 729 return; 730 731 TAILQ_FOREACH(rap, ctx->ra_routers, next) { 732 if (IN6_ARE_ADDR_EQUAL(&rap->from, addr)) 733 break; 734 } 735 736 if (rap == NULL || rap->expired || rap->isreachable == reachable) 737 return; 738 739 rap->isreachable = reachable; 740 loginfox("%s: %s is %s", rap->iface->name, rap->sfrom, 741 reachable ? "reachable again" : "unreachable"); 742 743 /* See if we can install a reachable default router. */ 744 ipv6nd_sortrouters(ctx); 745 ipv6nd_applyra(rap->iface); 746 rt_build(ctx, AF_INET6); 747 748 if (reachable) 749 return; 750 751 /* If we have no reachable default routers, try and solicit one. */ 752 TAILQ_FOREACH(rapr, ctx->ra_routers, next) { 753 if (rap == rapr || rap->iface != rapr->iface) 754 continue; 755 if (rapr->isreachable && !rapr->expired && rapr->lifetime) 756 break; 757 } 758 759 if (rapr == NULL) 760 ipv6nd_startrs(rap->iface); 761 } 762 763 const struct ipv6_addr * 764 ipv6nd_iffindaddr(const struct interface *ifp, const struct in6_addr *addr, 765 unsigned int flags) 766 { 767 struct ra *rap; 768 struct ipv6_addr *ap; 769 770 if (ifp->ctx->ra_routers == NULL) 771 return NULL; 772 773 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) { 774 if (rap->iface != ifp) 775 continue; 776 TAILQ_FOREACH(ap, &rap->addrs, next) { 777 if (ipv6_findaddrmatch(ap, addr, flags)) 778 return ap; 779 } 780 } 781 return NULL; 782 } 783 784 struct ipv6_addr * 785 ipv6nd_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, 786 unsigned int flags) 787 { 788 struct ra *rap; 789 struct ipv6_addr *ap; 790 791 if (ctx->ra_routers == NULL) 792 return NULL; 793 794 TAILQ_FOREACH(rap, ctx->ra_routers, next) { 795 TAILQ_FOREACH(ap, &rap->addrs, next) { 796 if (ipv6_findaddrmatch(ap, addr, flags)) 797 return ap; 798 } 799 } 800 return NULL; 801 } 802 803 static struct ipv6_addr * 804 ipv6nd_rapfindprefix(struct ra *rap, 805 const struct in6_addr *pfx, uint8_t pfxlen) 806 { 807 struct ipv6_addr *ia; 808 809 TAILQ_FOREACH(ia, &rap->addrs, next) { 810 if (ia->prefix_vltime == 0) 811 continue; 812 if (ia->prefix_len == pfxlen && 813 IN6_ARE_ADDR_EQUAL(&ia->prefix, pfx)) 814 break; 815 } 816 return ia; 817 } 818 819 struct ipv6_addr * 820 ipv6nd_iffindprefix(struct interface *ifp, 821 const struct in6_addr *pfx, uint8_t pfxlen) 822 { 823 struct ra *rap; 824 struct ipv6_addr *ia; 825 826 ia = NULL; 827 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) { 828 if (rap->iface != ifp) 829 continue; 830 ia = ipv6nd_rapfindprefix(rap, pfx, pfxlen); 831 if (ia != NULL) 832 break; 833 } 834 return ia; 835 } 836 837 static void 838 ipv6nd_removefreedrop_ra(struct ra *rap, int remove_ra, int drop_ra) 839 { 840 841 eloop_timeout_delete(rap->iface->ctx->eloop, NULL, rap->iface); 842 eloop_timeout_delete(rap->iface->ctx->eloop, NULL, rap); 843 if (remove_ra) 844 TAILQ_REMOVE(rap->iface->ctx->ra_routers, rap, next); 845 ipv6_freedrop_addrs(&rap->addrs, drop_ra, NULL); 846 routeinfohead_free(&rap->rinfos); 847 free(rap->data); 848 free(rap); 849 } 850 851 static void 852 ipv6nd_freedrop_ra(struct ra *rap, int drop) 853 { 854 855 ipv6nd_removefreedrop_ra(rap, 1, drop); 856 } 857 858 ssize_t 859 ipv6nd_free(struct interface *ifp) 860 { 861 struct rs_state *state; 862 struct ra *rap, *ran; 863 struct dhcpcd_ctx *ctx; 864 ssize_t n; 865 866 state = RS_STATE(ifp); 867 if (state == NULL) 868 return 0; 869 870 ctx = ifp->ctx; 871 #ifdef __sun 872 eloop_event_delete(ctx->eloop, state->nd_fd); 873 close(state->nd_fd); 874 #endif 875 free(state->rs); 876 free(state); 877 ifp->if_data[IF_DATA_IPV6ND] = NULL; 878 n = 0; 879 TAILQ_FOREACH_SAFE(rap, ifp->ctx->ra_routers, next, ran) { 880 if (rap->iface == ifp) { 881 ipv6nd_free_ra(rap); 882 n++; 883 } 884 } 885 886 #ifndef __sun 887 /* If we don't have any more IPv6 enabled interfaces, 888 * close the global socket and release resources */ 889 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 890 if (RS_STATE(ifp)) 891 break; 892 } 893 if (ifp == NULL) { 894 if (ctx->nd_fd != -1) { 895 eloop_event_delete(ctx->eloop, ctx->nd_fd); 896 close(ctx->nd_fd); 897 ctx->nd_fd = -1; 898 } 899 } 900 #endif 901 902 return n; 903 } 904 905 static void 906 ipv6nd_scriptrun(struct ra *rap) 907 { 908 int hasdns, hasaddress; 909 struct ipv6_addr *ap; 910 911 hasaddress = 0; 912 /* If all addresses have completed DAD run the script */ 913 TAILQ_FOREACH(ap, &rap->addrs, next) { 914 if ((ap->flags & (IPV6_AF_AUTOCONF | IPV6_AF_ADDED)) == 915 (IPV6_AF_AUTOCONF | IPV6_AF_ADDED)) 916 { 917 hasaddress = 1; 918 if (!(ap->flags & IPV6_AF_DADCOMPLETED) && 919 ipv6_iffindaddr(ap->iface, &ap->addr, 920 IN6_IFF_TENTATIVE)) 921 ap->flags |= IPV6_AF_DADCOMPLETED; 922 if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0) { 923 logdebugx("%s: waiting for Router Advertisement" 924 " DAD to complete", 925 rap->iface->name); 926 return; 927 } 928 } 929 } 930 931 /* If we don't require RDNSS then set hasdns = 1 so we fork */ 932 if (!(rap->iface->options->options & DHCPCD_IPV6RA_REQRDNSS)) 933 hasdns = 1; 934 else { 935 hasdns = rap->hasdns; 936 } 937 938 script_runreason(rap->iface, "ROUTERADVERT"); 939 if (hasdns && (hasaddress || 940 !(rap->flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER)))) 941 dhcpcd_daemonise(rap->iface->ctx); 942 #if 0 943 else if (options & DHCPCD_DAEMONISE && 944 !(options & DHCPCD_DAEMONISED) && new_data) 945 logwarnx("%s: did not fork due to an absent" 946 " RDNSS option in the RA", 947 ifp->name); 948 #endif 949 } 950 951 static void 952 ipv6nd_addaddr(void *arg) 953 { 954 struct ipv6_addr *ap = arg; 955 956 ipv6_addaddr(ap, NULL); 957 } 958 959 int 960 ipv6nd_dadcompleted(const struct interface *ifp) 961 { 962 const struct ra *rap; 963 const struct ipv6_addr *ap; 964 965 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) { 966 if (rap->iface != ifp) 967 continue; 968 TAILQ_FOREACH(ap, &rap->addrs, next) { 969 if (ap->flags & IPV6_AF_AUTOCONF && 970 ap->flags & IPV6_AF_ADDED && 971 !(ap->flags & IPV6_AF_DADCOMPLETED)) 972 return 0; 973 } 974 } 975 return 1; 976 } 977 978 static void 979 ipv6nd_dadcallback(void *arg) 980 { 981 struct ipv6_addr *ia = arg, *rapap; 982 struct interface *ifp; 983 struct ra *rap; 984 int wascompleted, found; 985 char buf[INET6_ADDRSTRLEN]; 986 const char *p; 987 int dadcounter; 988 989 ifp = ia->iface; 990 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED); 991 ia->flags |= IPV6_AF_DADCOMPLETED; 992 if (ia->addr_flags & IN6_IFF_DUPLICATED) { 993 ia->dadcounter++; 994 logwarnx("%s: DAD detected %s", ifp->name, ia->saddr); 995 996 /* Try and make another stable private address. 997 * Because ap->dadcounter is always increamented, 998 * a different address is generated. */ 999 /* XXX Cache DAD counter per prefix/id/ssid? */ 1000 if (ifp->options->options & DHCPCD_SLAACPRIVATE && 1001 IA6_CANAUTOCONF(ia)) 1002 { 1003 unsigned int delay; 1004 1005 if (ia->dadcounter >= IDGEN_RETRIES) { 1006 logerrx("%s: unable to obtain a" 1007 " stable private address", 1008 ifp->name); 1009 goto try_script; 1010 } 1011 loginfox("%s: deleting address %s", 1012 ifp->name, ia->saddr); 1013 if (if_address6(RTM_DELADDR, ia) == -1 && 1014 errno != EADDRNOTAVAIL && errno != ENXIO) 1015 logerr(__func__); 1016 dadcounter = ia->dadcounter; 1017 if (ipv6_makestableprivate(&ia->addr, 1018 &ia->prefix, ia->prefix_len, 1019 ifp, &dadcounter) == -1) 1020 { 1021 logerr("ipv6_makestableprivate"); 1022 return; 1023 } 1024 ia->dadcounter = dadcounter; 1025 ia->flags &= ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED); 1026 ia->flags |= IPV6_AF_NEW; 1027 p = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf)); 1028 if (p) 1029 snprintf(ia->saddr, 1030 sizeof(ia->saddr), 1031 "%s/%d", 1032 p, ia->prefix_len); 1033 else 1034 ia->saddr[0] = '\0'; 1035 delay = arc4random_uniform(IDGEN_DELAY * MSEC_PER_SEC); 1036 eloop_timeout_add_msec(ifp->ctx->eloop, delay, 1037 ipv6nd_addaddr, ia); 1038 return; 1039 } 1040 } 1041 1042 try_script: 1043 if (!wascompleted) { 1044 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) { 1045 if (rap->iface != ifp) 1046 continue; 1047 wascompleted = 1; 1048 found = 0; 1049 TAILQ_FOREACH(rapap, &rap->addrs, next) { 1050 if (rapap->flags & IPV6_AF_AUTOCONF && 1051 rapap->flags & IPV6_AF_ADDED && 1052 (rapap->flags & IPV6_AF_DADCOMPLETED) == 0) 1053 { 1054 wascompleted = 0; 1055 break; 1056 } 1057 if (rapap == ia) 1058 found = 1; 1059 } 1060 1061 if (wascompleted && found) { 1062 logdebugx("%s: Router Advertisement DAD " 1063 "completed", 1064 rap->iface->name); 1065 ipv6nd_scriptrun(rap); 1066 } 1067 } 1068 #ifdef ND6_ADVERTISE 1069 ipv6nd_advertise(ia); 1070 #endif 1071 } 1072 } 1073 1074 static struct ipv6_addr * 1075 ipv6nd_findmarkstale(struct ra *rap, struct ipv6_addr *ia, bool mark) 1076 { 1077 struct dhcpcd_ctx *ctx = ia->iface->ctx; 1078 struct ra *rap2; 1079 struct ipv6_addr *ia2; 1080 1081 TAILQ_FOREACH(rap2, ctx->ra_routers, next) { 1082 if (rap2 == rap || 1083 rap2->iface != rap->iface || 1084 rap2->expired) 1085 continue; 1086 TAILQ_FOREACH(ia2, &rap2->addrs, next) { 1087 if (!IN6_ARE_ADDR_EQUAL(&ia->prefix, &ia2->prefix)) 1088 continue; 1089 if (!(ia2->flags & IPV6_AF_STALE)) 1090 return ia2; 1091 if (mark) 1092 ia2->prefix_pltime = 0; 1093 } 1094 } 1095 return NULL; 1096 } 1097 1098 #ifndef DHCP6 1099 /* If DHCPv6 is compiled out, supply a shim to provide an error message 1100 * if IPv6RA requests DHCPv6. */ 1101 enum DH6S { 1102 DH6S_REQUEST, 1103 DH6S_INFORM, 1104 }; 1105 static int 1106 dhcp6_start(__unused struct interface *ifp, __unused enum DH6S init_state) 1107 { 1108 1109 errno = ENOTSUP; 1110 return -1; 1111 } 1112 #endif 1113 1114 static void 1115 ipv6nd_handlera(struct dhcpcd_ctx *ctx, 1116 const struct sockaddr_in6 *from, const char *sfrom, 1117 struct interface *ifp, struct icmp6_hdr *icp, size_t len, int hoplimit) 1118 { 1119 size_t i, olen; 1120 struct nd_router_advert *nd_ra; 1121 struct nd_opt_hdr ndo; 1122 struct nd_opt_prefix_info pi; 1123 struct nd_opt_mtu mtu; 1124 struct nd_opt_rdnss rdnss; 1125 struct nd_opt_ri ri; 1126 struct routeinfo *rinfo; 1127 uint8_t *p; 1128 struct ra *rap; 1129 struct in6_addr pi_prefix; 1130 struct ipv6_addr *ia; 1131 struct dhcp_opt *dho; 1132 bool new_rap, new_data, has_address; 1133 uint32_t old_lifetime; 1134 int ifmtu; 1135 int loglevel; 1136 unsigned int flags; 1137 #ifdef IPV6_MANAGETEMPADDR 1138 bool new_ia; 1139 #endif 1140 1141 if (ifp == NULL || RS_STATE(ifp) == NULL) { 1142 #ifdef DEBUG_RS 1143 logdebugx("RA for unexpected interface from %s", sfrom); 1144 #endif 1145 return; 1146 } 1147 1148 if (len < sizeof(struct nd_router_advert)) { 1149 logerrx("IPv6 RA packet too short from %s", sfrom); 1150 return; 1151 } 1152 1153 /* RFC 4861 7.1.2 */ 1154 if (hoplimit != 255) { 1155 logerrx("invalid hoplimit(%d) in RA from %s", hoplimit, sfrom); 1156 return; 1157 } 1158 if (!IN6_IS_ADDR_LINKLOCAL(&from->sin6_addr)) { 1159 logerrx("RA from non local address %s", sfrom); 1160 return; 1161 } 1162 1163 if (!(ifp->options->options & DHCPCD_IPV6RS)) { 1164 #ifdef DEBUG_RS 1165 logerrx("%s: unexpected RA from %s", ifp->name, sfrom); 1166 #endif 1167 return; 1168 } 1169 1170 /* We could receive a RA before we sent a RS*/ 1171 if (ipv6_linklocal(ifp) == NULL) { 1172 #ifdef DEBUG_RS 1173 logdebugx("%s: received RA from %s (no link-local)", 1174 ifp->name, sfrom); 1175 #endif 1176 return; 1177 } 1178 1179 if (ipv6_iffindaddr(ifp, &from->sin6_addr, IN6_IFF_TENTATIVE)) { 1180 logdebugx("%s: ignoring RA from ourself %s", 1181 ifp->name, sfrom); 1182 return; 1183 } 1184 1185 /* 1186 * Because we preserve RA's and expire them quickly after 1187 * carrier up, it's important to reset the kernels notion of 1188 * reachable timers back to default values before applying 1189 * new RA values. 1190 */ 1191 TAILQ_FOREACH(rap, ctx->ra_routers, next) { 1192 if (ifp == rap->iface) 1193 break; 1194 } 1195 if (rap != NULL && rap->willexpire) 1196 ipv6nd_applyra(ifp); 1197 1198 TAILQ_FOREACH(rap, ctx->ra_routers, next) { 1199 if (ifp == rap->iface && 1200 IN6_ARE_ADDR_EQUAL(&rap->from, &from->sin6_addr)) 1201 break; 1202 } 1203 1204 nd_ra = (struct nd_router_advert *)icp; 1205 1206 /* We don't want to spam the log with the fact we got an RA every 1207 * 30 seconds or so, so only spam the log if it's different. */ 1208 if (rap == NULL || (rap->data_len != len || 1209 memcmp(rap->data, (unsigned char *)icp, rap->data_len) != 0)) 1210 { 1211 if (rap) { 1212 free(rap->data); 1213 rap->data_len = 0; 1214 } 1215 new_data = true; 1216 } else 1217 new_data = false; 1218 if (rap == NULL) { 1219 rap = calloc(1, sizeof(*rap)); 1220 if (rap == NULL) { 1221 logerr(__func__); 1222 return; 1223 } 1224 rap->iface = ifp; 1225 rap->from = from->sin6_addr; 1226 strlcpy(rap->sfrom, sfrom, sizeof(rap->sfrom)); 1227 TAILQ_INIT(&rap->addrs); 1228 TAILQ_INIT(&rap->rinfos); 1229 new_rap = true; 1230 rap->isreachable = true; 1231 } else 1232 new_rap = false; 1233 if (rap->data_len == 0) { 1234 rap->data = malloc(len); 1235 if (rap->data == NULL) { 1236 logerr(__func__); 1237 if (new_rap) 1238 free(rap); 1239 return; 1240 } 1241 memcpy(rap->data, icp, len); 1242 rap->data_len = len; 1243 } 1244 1245 /* We could change the debug level based on new_data, but some 1246 * routers like to decrease the advertised valid and preferred times 1247 * in accordance with the own prefix times which would result in too 1248 * much needless log spam. */ 1249 if (rap->willexpire) 1250 new_data = true; 1251 loglevel = new_rap || rap->willexpire || !rap->isreachable ? 1252 LOG_INFO : LOG_DEBUG; 1253 logmessage(loglevel, "%s: Router Advertisement from %s", 1254 ifp->name, rap->sfrom); 1255 1256 clock_gettime(CLOCK_MONOTONIC, &rap->acquired); 1257 rap->flags = nd_ra->nd_ra_flags_reserved; 1258 old_lifetime = rap->lifetime; 1259 rap->lifetime = ntohs(nd_ra->nd_ra_router_lifetime); 1260 if (nd_ra->nd_ra_curhoplimit != 0) 1261 rap->hoplimit = nd_ra->nd_ra_curhoplimit; 1262 else 1263 rap->hoplimit = IPV6_DEFHLIM; 1264 if (nd_ra->nd_ra_reachable != 0) { 1265 rap->reachable = ntohl(nd_ra->nd_ra_reachable); 1266 if (rap->reachable > MAX_REACHABLE_TIME) 1267 rap->reachable = 0; 1268 } else 1269 rap->reachable = REACHABLE_TIME; 1270 if (nd_ra->nd_ra_retransmit != 0) 1271 rap->retrans = ntohl(nd_ra->nd_ra_retransmit); 1272 else 1273 rap->retrans = RETRANS_TIMER; 1274 rap->expired = rap->willexpire = rap->doexpire = false; 1275 rap->hasdns = false; 1276 rap->isreachable = true; 1277 has_address = false; 1278 rap->mtu = 0; 1279 1280 #ifdef IPV6_AF_TEMPORARY 1281 ipv6_markaddrsstale(ifp, IPV6_AF_TEMPORARY); 1282 #endif 1283 TAILQ_FOREACH(ia, &rap->addrs, next) { 1284 ia->flags |= IPV6_AF_STALE; 1285 } 1286 1287 len -= sizeof(struct nd_router_advert); 1288 p = ((uint8_t *)icp) + sizeof(struct nd_router_advert); 1289 for (; len > 0; p += olen, len -= olen) { 1290 if (len < sizeof(ndo)) { 1291 logerrx("%s: short option", ifp->name); 1292 break; 1293 } 1294 memcpy(&ndo, p, sizeof(ndo)); 1295 olen = (size_t)ndo.nd_opt_len * 8; 1296 if (olen == 0) { 1297 logerrx("%s: zero length option", ifp->name); 1298 break; 1299 } 1300 if (olen > len) { 1301 logerrx("%s: option length exceeds message", 1302 ifp->name); 1303 break; 1304 } 1305 1306 if (has_option_mask(ifp->options->rejectmasknd, 1307 ndo.nd_opt_type)) 1308 { 1309 for (i = 0, dho = ctx->nd_opts; 1310 i < ctx->nd_opts_len; 1311 i++, dho++) 1312 { 1313 if (dho->option == ndo.nd_opt_type) 1314 break; 1315 } 1316 if (dho != NULL) 1317 logwarnx("%s: reject RA (option %s) from %s", 1318 ifp->name, dho->var, rap->sfrom); 1319 else 1320 logwarnx("%s: reject RA (option %d) from %s", 1321 ifp->name, ndo.nd_opt_type, rap->sfrom); 1322 if (new_rap) 1323 ipv6nd_removefreedrop_ra(rap, 0, 0); 1324 else 1325 ipv6nd_free_ra(rap); 1326 return; 1327 } 1328 1329 if (has_option_mask(ifp->options->nomasknd, ndo.nd_opt_type)) 1330 continue; 1331 1332 switch (ndo.nd_opt_type) { 1333 case ND_OPT_PREFIX_INFORMATION: 1334 { 1335 uint32_t vltime, pltime; 1336 1337 loglevel = new_data ? LOG_ERR : LOG_DEBUG; 1338 if (ndo.nd_opt_len != 4) { 1339 logmessage(loglevel, 1340 "%s: invalid option len for prefix", 1341 ifp->name); 1342 continue; 1343 } 1344 memcpy(&pi, p, sizeof(pi)); 1345 if (pi.nd_opt_pi_prefix_len > 128) { 1346 logmessage(loglevel, "%s: invalid prefix len", 1347 ifp->name); 1348 continue; 1349 } 1350 /* nd_opt_pi_prefix is not aligned. */ 1351 memcpy(&pi_prefix, &pi.nd_opt_pi_prefix, 1352 sizeof(pi_prefix)); 1353 if (IN6_IS_ADDR_MULTICAST(&pi_prefix) || 1354 IN6_IS_ADDR_LINKLOCAL(&pi_prefix)) 1355 { 1356 logmessage(loglevel, "%s: invalid prefix in RA", 1357 ifp->name); 1358 continue; 1359 } 1360 1361 vltime = ntohl(pi.nd_opt_pi_valid_time); 1362 pltime = ntohl(pi.nd_opt_pi_preferred_time); 1363 if (pltime > vltime) { 1364 logmessage(loglevel, "%s: pltime > vltime", 1365 ifp->name); 1366 continue; 1367 } 1368 1369 flags = IPV6_AF_RAPFX; 1370 /* If no flags are set, that means the prefix is 1371 * available via the router. */ 1372 if (pi.nd_opt_pi_flags_reserved & ND_OPT_PI_FLAG_ONLINK) 1373 flags |= IPV6_AF_ONLINK; 1374 if (pi.nd_opt_pi_flags_reserved & ND_OPT_PI_FLAG_AUTO && 1375 rap->iface->options->options & 1376 DHCPCD_IPV6RA_AUTOCONF) 1377 flags |= IPV6_AF_AUTOCONF; 1378 if (pi.nd_opt_pi_flags_reserved & ND_OPT_PI_FLAG_ROUTER) 1379 flags |= IPV6_AF_ROUTER; 1380 1381 ia = ipv6nd_rapfindprefix(rap, 1382 &pi_prefix, pi.nd_opt_pi_prefix_len); 1383 if (ia == NULL) { 1384 ia = ipv6_newaddr(rap->iface, 1385 &pi_prefix, pi.nd_opt_pi_prefix_len, flags); 1386 if (ia == NULL) 1387 break; 1388 1389 ia->prefix = pi_prefix; 1390 ia->created = ia->acquired = rap->acquired; 1391 ia->prefix_vltime = vltime; 1392 ia->prefix_pltime = pltime; 1393 1394 if (flags & IPV6_AF_AUTOCONF) 1395 ia->dadcallback = ipv6nd_dadcallback; 1396 1397 TAILQ_INSERT_TAIL(&rap->addrs, ia, next); 1398 1399 #ifdef IPV6_MANAGETEMPADDR 1400 /* New address to dhcpcd RA handling. 1401 * If the address already exists and a valid 1402 * temporary address also exists then 1403 * extend the existing one rather than 1404 * create a new one */ 1405 if (flags & IPV6_AF_AUTOCONF && 1406 ipv6_iffindaddr(ifp, &ia->addr, 1407 IN6_IFF_NOTUSEABLE) && 1408 ipv6_settemptime(ia, 0)) 1409 new_ia = false; 1410 else 1411 new_ia = true; 1412 #endif 1413 1414 } else { 1415 uint32_t rmtime; 1416 1417 /* 1418 * RFC 4862 5.5.3.e 1419 * Don't terminate existing connections. 1420 * This means that to actually remove the 1421 * existing prefix, the RA needs to stop 1422 * broadcasting the prefix and just let it 1423 * expire in 2 hours. 1424 * It might want to broadcast it to reduce 1425 * the vltime if it was greater than 2 hours 1426 * to start with/ 1427 */ 1428 ia->prefix_pltime = pltime; 1429 if (ia->prefix_vltime) { 1430 uint32_t elapsed; 1431 1432 elapsed = (uint32_t)eloop_timespec_diff( 1433 &rap->acquired, &ia->acquired, 1434 NULL); 1435 rmtime = ia->prefix_vltime - elapsed; 1436 if (rmtime > ia->prefix_vltime) 1437 rmtime = 0; 1438 } else 1439 rmtime = 0; 1440 if (vltime > MIN_EXTENDED_VLTIME || 1441 vltime > rmtime) 1442 ia->prefix_vltime = vltime; 1443 else if (rmtime <= MIN_EXTENDED_VLTIME) 1444 /* No SEND support from RFC 3971 so 1445 * leave vltime alone */ 1446 ia->prefix_vltime = rmtime; 1447 else 1448 ia->prefix_vltime = MIN_EXTENDED_VLTIME; 1449 1450 /* Ensure pltime still fits */ 1451 if (pltime < ia->prefix_vltime) 1452 ia->prefix_pltime = pltime; 1453 else 1454 ia->prefix_pltime = ia->prefix_vltime; 1455 1456 ia->flags |= flags; 1457 ia->flags &= ~IPV6_AF_STALE; 1458 ia->acquired = rap->acquired; 1459 1460 #ifdef IPV6_MANAGETEMPADDR 1461 new_ia = false; 1462 #endif 1463 } 1464 1465 if (ia->prefix_vltime != 0 && 1466 ia->flags & IPV6_AF_AUTOCONF) 1467 has_address = true; 1468 1469 #ifdef IPV6_MANAGETEMPADDR 1470 /* RFC4941 Section 3.3.3 */ 1471 if (ia->flags & IPV6_AF_AUTOCONF && 1472 ia->iface->options->options & DHCPCD_SLAACTEMP && 1473 IA6_CANAUTOCONF(ia)) 1474 { 1475 if (!new_ia) { 1476 if (ipv6_settemptime(ia, 1) == NULL) 1477 new_ia = true; 1478 } 1479 if (new_ia && ia->prefix_pltime) { 1480 if (ipv6_createtempaddr(ia, 1481 &ia->acquired) == NULL) 1482 logerr("ipv6_createtempaddr"); 1483 } 1484 } 1485 #endif 1486 break; 1487 } 1488 1489 case ND_OPT_MTU: 1490 if (len < sizeof(mtu)) { 1491 logmessage(loglevel, "%s: short MTU option", ifp->name); 1492 break; 1493 } 1494 memcpy(&mtu, p, sizeof(mtu)); 1495 mtu.nd_opt_mtu_mtu = ntohl(mtu.nd_opt_mtu_mtu); 1496 if (mtu.nd_opt_mtu_mtu < IPV6_MMTU) { 1497 logmessage(loglevel, "%s: invalid MTU %d", 1498 ifp->name, mtu.nd_opt_mtu_mtu); 1499 break; 1500 } 1501 ifmtu = if_getmtu(ifp); 1502 if (ifmtu == -1) 1503 logerr("if_getmtu"); 1504 else if (mtu.nd_opt_mtu_mtu > (uint32_t)ifmtu) { 1505 logmessage(loglevel, "%s: advertised MTU %d" 1506 " is greater than link MTU %d", 1507 ifp->name, mtu.nd_opt_mtu_mtu, ifmtu); 1508 rap->mtu = (uint32_t)ifmtu; 1509 } else 1510 rap->mtu = mtu.nd_opt_mtu_mtu; 1511 break; 1512 case ND_OPT_RDNSS: 1513 if (len < sizeof(rdnss)) { 1514 logmessage(loglevel, "%s: short RDNSS option", ifp->name); 1515 break; 1516 } 1517 memcpy(&rdnss, p, sizeof(rdnss)); 1518 if (rdnss.nd_opt_rdnss_lifetime && 1519 rdnss.nd_opt_rdnss_len > 1) 1520 rap->hasdns = 1; 1521 break; 1522 case ND_OPT_RI: 1523 if (ndo.nd_opt_len > 3) { 1524 logmessage(loglevel, "%s: invalid route info option", 1525 ifp->name); 1526 break; 1527 } 1528 memset(&ri, 0, sizeof(ri)); 1529 memcpy(&ri, p, olen); /* may be smaller than sizeof(ri), pad with zero */ 1530 if(ri.nd_opt_ri_prefixlen > 128) { 1531 logmessage(loglevel, "%s: invalid route info prefix length", 1532 ifp->name); 1533 break; 1534 } 1535 1536 /* rfc4191 3.1 - RI for ::/0 applies to default route */ 1537 if(ri.nd_opt_ri_prefixlen == 0) { 1538 rap->lifetime = ntohl(ri.nd_opt_ri_lifetime); 1539 1540 /* Update preference leaving other flags intact */ 1541 rap->flags = ((rap->flags & (~ (unsigned int)ND_RA_FLAG_RTPREF_MASK)) 1542 | ri.nd_opt_ri_flags_reserved) & 0xff; 1543 1544 break; 1545 } 1546 1547 /* Update existing route info instead of rebuilding all routes so that 1548 previously announced but now absent routes can stay alive. To kill a 1549 route early, an RI with lifetime=0 needs to be received (rfc4191 3.1)*/ 1550 rinfo = routeinfo_findalloc(rap, &ri.nd_opt_ri_prefix, ri.nd_opt_ri_prefixlen); 1551 if(rinfo == NULL) { 1552 logerr(__func__); 1553 break; 1554 } 1555 1556 /* Update/initialize other route info params */ 1557 rinfo->flags = ri.nd_opt_ri_flags_reserved; 1558 rinfo->lifetime = ntohl(ri.nd_opt_ri_lifetime); 1559 rinfo->acquired = rap->acquired; 1560 1561 break; 1562 default: 1563 continue; 1564 } 1565 } 1566 1567 for (i = 0, dho = ctx->nd_opts; 1568 i < ctx->nd_opts_len; 1569 i++, dho++) 1570 { 1571 if (has_option_mask(ifp->options->requiremasknd, 1572 dho->option)) 1573 { 1574 logwarnx("%s: reject RA (no option %s) from %s", 1575 ifp->name, dho->var, rap->sfrom); 1576 if (new_rap) 1577 ipv6nd_removefreedrop_ra(rap, 0, 0); 1578 else 1579 ipv6nd_free_ra(rap); 1580 return; 1581 } 1582 } 1583 1584 TAILQ_FOREACH(ia, &rap->addrs, next) { 1585 if (!(ia->flags & IPV6_AF_STALE) || ia->prefix_pltime == 0) 1586 continue; 1587 if (ipv6nd_findmarkstale(rap, ia, false) != NULL) 1588 continue; 1589 ipv6nd_findmarkstale(rap, ia, true); 1590 logdebugx("%s: %s: became stale", ifp->name, ia->saddr); 1591 /* Technically this violates RFC 4861 6.3.4, 1592 * but we need a mechanism to tell the kernel to 1593 * try and prefer other addresses. */ 1594 ia->prefix_pltime = 0; 1595 } 1596 1597 if (!new_rap && rap->lifetime == 0 && old_lifetime != 0) 1598 logwarnx("%s: %s: no longer a default router (lifetime = 0)", 1599 ifp->name, rap->sfrom); 1600 1601 if (new_data && !has_address && rap->lifetime && !ipv6_anyglobal(ifp)) 1602 logwarnx("%s: no global addresses for default route", 1603 ifp->name); 1604 1605 if (new_rap) 1606 TAILQ_INSERT_TAIL(ctx->ra_routers, rap, next); 1607 if (new_data) 1608 ipv6nd_sortrouters(ifp->ctx); 1609 1610 if (ifp->ctx->options & DHCPCD_TEST) { 1611 script_runreason(ifp, "TEST"); 1612 goto handle_flag; 1613 } 1614 1615 if (!(ifp->options->options & DHCPCD_CONFIGURE)) 1616 goto run; 1617 1618 ipv6nd_applyra(ifp); 1619 ipv6_addaddrs(&rap->addrs); 1620 #ifdef IPV6_MANAGETEMPADDR 1621 ipv6_addtempaddrs(ifp, &rap->acquired); 1622 #endif 1623 rt_build(ifp->ctx, AF_INET6); 1624 1625 run: 1626 ipv6nd_scriptrun(rap); 1627 1628 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 1629 eloop_timeout_delete(ifp->ctx->eloop, NULL, rap); /* reachable timer */ 1630 1631 handle_flag: 1632 if (!(ifp->options->options & DHCPCD_DHCP6)) 1633 goto nodhcp6; 1634 /* Only log a DHCPv6 start error if compiled in or debugging is enabled. */ 1635 #ifdef DHCP6 1636 #define LOG_DHCP6 logerr 1637 #else 1638 #define LOG_DHCP6 logdebug 1639 #endif 1640 if (rap->flags & ND_RA_FLAG_MANAGED) { 1641 if (new_data && dhcp6_start(ifp, DH6S_REQUEST) == -1) 1642 LOG_DHCP6("dhcp6_start: %s", ifp->name); 1643 } else if (rap->flags & ND_RA_FLAG_OTHER) { 1644 if (new_data && dhcp6_start(ifp, DH6S_INFORM) == -1) 1645 LOG_DHCP6("dhcp6_start: %s", ifp->name); 1646 } else { 1647 #ifdef DHCP6 1648 if (new_data) 1649 logdebugx("%s: No DHCPv6 instruction in RA", ifp->name); 1650 #endif 1651 nodhcp6: 1652 if (ifp->ctx->options & DHCPCD_TEST) { 1653 eloop_exit(ifp->ctx->eloop, EXIT_SUCCESS); 1654 return; 1655 } 1656 } 1657 1658 /* Expire should be called last as the rap object could be destroyed */ 1659 ipv6nd_expirera(ifp); 1660 } 1661 1662 bool 1663 ipv6nd_hasralifetime(const struct interface *ifp, bool lifetime) 1664 { 1665 const struct ra *rap; 1666 1667 if (ifp->ctx->ra_routers) { 1668 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) 1669 if (rap->iface == ifp && 1670 !rap->expired && 1671 (!lifetime ||rap->lifetime)) 1672 return true; 1673 } 1674 return false; 1675 } 1676 1677 bool 1678 ipv6nd_hasradhcp(const struct interface *ifp, bool managed) 1679 { 1680 const struct ra *rap; 1681 1682 if (ifp->ctx->ra_routers) { 1683 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) { 1684 if (rap->iface == ifp && 1685 !rap->expired && !rap->willexpire && 1686 ((managed && rap->flags & ND_RA_FLAG_MANAGED) || 1687 (!managed && rap->flags & ND_RA_FLAG_OTHER))) 1688 return true; 1689 } 1690 } 1691 return false; 1692 } 1693 1694 static const uint8_t * 1695 ipv6nd_getoption(struct dhcpcd_ctx *ctx, 1696 size_t *os, unsigned int *code, size_t *len, 1697 const uint8_t *od, size_t ol, struct dhcp_opt **oopt) 1698 { 1699 struct nd_opt_hdr ndo; 1700 size_t i; 1701 struct dhcp_opt *opt; 1702 1703 if (od) { 1704 *os = sizeof(ndo); 1705 if (ol < *os) { 1706 errno = EINVAL; 1707 return NULL; 1708 } 1709 memcpy(&ndo, od, sizeof(ndo)); 1710 i = (size_t)(ndo.nd_opt_len * 8); 1711 if (i > ol) { 1712 errno = EINVAL; 1713 return NULL; 1714 } 1715 *len = i; 1716 *code = ndo.nd_opt_type; 1717 } 1718 1719 for (i = 0, opt = ctx->nd_opts; 1720 i < ctx->nd_opts_len; i++, opt++) 1721 { 1722 if (opt->option == *code) { 1723 *oopt = opt; 1724 break; 1725 } 1726 } 1727 1728 if (od) 1729 return od + sizeof(ndo); 1730 return NULL; 1731 } 1732 1733 ssize_t 1734 ipv6nd_env(FILE *fp, const struct interface *ifp) 1735 { 1736 size_t i, j, n, len, olen; 1737 struct ra *rap; 1738 char ndprefix[32]; 1739 struct dhcp_opt *opt; 1740 uint8_t *p; 1741 struct nd_opt_hdr ndo; 1742 struct ipv6_addr *ia; 1743 struct timespec now; 1744 int pref; 1745 1746 clock_gettime(CLOCK_MONOTONIC, &now); 1747 i = n = 0; 1748 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) { 1749 if (rap->iface != ifp || rap->expired) 1750 continue; 1751 i++; 1752 snprintf(ndprefix, sizeof(ndprefix), "nd%zu", i); 1753 if (efprintf(fp, "%s_from=%s", ndprefix, rap->sfrom) == -1) 1754 return -1; 1755 if (efprintf(fp, "%s_acquired=%lld", ndprefix, 1756 (long long)rap->acquired.tv_sec) == -1) 1757 return -1; 1758 if (efprintf(fp, "%s_now=%lld", ndprefix, 1759 (long long)now.tv_sec) == -1) 1760 return -1; 1761 if (efprintf(fp, "%s_hoplimit=%u", ndprefix, rap->hoplimit) == -1) 1762 return -1; 1763 pref = ipv6nd_rtpref(rap->flags); 1764 if (efprintf(fp, "%s_flags=%s%s%s%s%s", ndprefix, 1765 rap->flags & ND_RA_FLAG_MANAGED ? "M" : "", 1766 rap->flags & ND_RA_FLAG_OTHER ? "O" : "", 1767 rap->flags & ND_RA_FLAG_HOME_AGENT ? "H" : "", 1768 pref == RTPREF_HIGH ? "h" : pref == RTPREF_LOW ? "l" : "", 1769 rap->flags & ND_RA_FLAG_PROXY ? "P" : "") == -1) 1770 return -1; 1771 if (efprintf(fp, "%s_lifetime=%u", ndprefix, rap->lifetime) == -1) 1772 return -1; 1773 1774 /* Zero our indexes */ 1775 for (j = 0, opt = rap->iface->ctx->nd_opts; 1776 j < rap->iface->ctx->nd_opts_len; 1777 j++, opt++) 1778 dhcp_zero_index(opt); 1779 for (j = 0, opt = rap->iface->options->nd_override; 1780 j < rap->iface->options->nd_override_len; 1781 j++, opt++) 1782 dhcp_zero_index(opt); 1783 1784 /* Unlike DHCP, ND6 options *may* occur more than once. 1785 * There is also no provision for option concatenation 1786 * unlike DHCP. */ 1787 len = rap->data_len - sizeof(struct nd_router_advert); 1788 for (p = rap->data + sizeof(struct nd_router_advert); 1789 len >= sizeof(ndo); 1790 p += olen, len -= olen) 1791 { 1792 memcpy(&ndo, p, sizeof(ndo)); 1793 olen = (size_t)(ndo.nd_opt_len * 8); 1794 if (olen > len) { 1795 errno = EINVAL; 1796 break; 1797 } 1798 if (has_option_mask(rap->iface->options->nomasknd, 1799 ndo.nd_opt_type)) 1800 continue; 1801 for (j = 0, opt = rap->iface->options->nd_override; 1802 j < rap->iface->options->nd_override_len; 1803 j++, opt++) 1804 if (opt->option == ndo.nd_opt_type) 1805 break; 1806 if (j == rap->iface->options->nd_override_len) { 1807 for (j = 0, opt = rap->iface->ctx->nd_opts; 1808 j < rap->iface->ctx->nd_opts_len; 1809 j++, opt++) 1810 if (opt->option == ndo.nd_opt_type) 1811 break; 1812 if (j == rap->iface->ctx->nd_opts_len) 1813 opt = NULL; 1814 } 1815 if (opt == NULL) 1816 continue; 1817 dhcp_envoption(rap->iface->ctx, fp, 1818 ndprefix, rap->iface->name, 1819 opt, ipv6nd_getoption, 1820 p + sizeof(ndo), olen - sizeof(ndo)); 1821 } 1822 1823 /* We need to output the addresses we actually made 1824 * from the prefix information options as well. */ 1825 j = 0; 1826 TAILQ_FOREACH(ia, &rap->addrs, next) { 1827 if (!(ia->flags & IPV6_AF_AUTOCONF) || 1828 #ifdef IPV6_AF_TEMPORARY 1829 ia->flags & IPV6_AF_TEMPORARY || 1830 #endif 1831 !(ia->flags & IPV6_AF_ADDED) || 1832 ia->prefix_vltime == 0) 1833 continue; 1834 if (efprintf(fp, "%s_addr%zu=%s", 1835 ndprefix, ++j, ia->saddr) == -1) 1836 return -1; 1837 } 1838 } 1839 return 1; 1840 } 1841 1842 void 1843 ipv6nd_handleifa(int cmd, struct ipv6_addr *addr, pid_t pid) 1844 { 1845 struct ra *rap; 1846 1847 /* IPv6 init may not have happened yet if we are learning 1848 * existing addresses when dhcpcd starts. */ 1849 if (addr->iface->ctx->ra_routers == NULL) 1850 return; 1851 1852 TAILQ_FOREACH(rap, addr->iface->ctx->ra_routers, next) { 1853 if (rap->iface != addr->iface) 1854 continue; 1855 ipv6_handleifa_addrs(cmd, &rap->addrs, addr, pid); 1856 } 1857 } 1858 1859 void 1860 ipv6nd_expirera(void *arg) 1861 { 1862 struct interface *ifp; 1863 struct ra *rap, *ran; 1864 struct timespec now; 1865 uint32_t elapsed; 1866 bool expired, valid; 1867 struct ipv6_addr *ia; 1868 struct routeinfo *rinfo, *rinfob; 1869 size_t len, olen; 1870 uint8_t *p; 1871 struct nd_opt_hdr ndo; 1872 #if 0 1873 struct nd_opt_prefix_info pi; 1874 #endif 1875 struct nd_opt_dnssl dnssl; 1876 struct nd_opt_rdnss rdnss; 1877 unsigned int next = 0, ltime; 1878 size_t nexpired = 0; 1879 1880 ifp = arg; 1881 clock_gettime(CLOCK_MONOTONIC, &now); 1882 expired = false; 1883 1884 TAILQ_FOREACH_SAFE(rap, ifp->ctx->ra_routers, next, ran) { 1885 if (rap->iface != ifp || rap->expired) 1886 continue; 1887 valid = false; 1888 /* lifetime may be set to infinite by rfc4191 route information */ 1889 if (rap->lifetime && rap->lifetime != ND6_INFINITE_LIFETIME) { 1890 elapsed = (uint32_t)eloop_timespec_diff(&now, 1891 &rap->acquired, NULL); 1892 if (elapsed >= rap->lifetime || rap->doexpire) { 1893 if (!rap->expired) { 1894 logwarnx("%s: %s: router expired", 1895 ifp->name, rap->sfrom); 1896 rap->lifetime = 0; 1897 expired = true; 1898 } 1899 } else { 1900 valid = true; 1901 ltime = rap->lifetime - elapsed; 1902 if (next == 0 || ltime < next) 1903 next = ltime; 1904 } 1905 } 1906 1907 /* Not every prefix is tied to an address which 1908 * the kernel can expire, so we need to handle it ourself. 1909 * Also, some OS don't support address lifetimes (Solaris). */ 1910 TAILQ_FOREACH(ia, &rap->addrs, next) { 1911 if (ia->prefix_vltime == 0) 1912 continue; 1913 if (ia->prefix_vltime == ND6_INFINITE_LIFETIME && 1914 !rap->doexpire) 1915 { 1916 valid = true; 1917 continue; 1918 } 1919 elapsed = (uint32_t)eloop_timespec_diff(&now, 1920 &ia->acquired, NULL); 1921 if (elapsed >= ia->prefix_vltime || rap->doexpire) { 1922 if (ia->flags & IPV6_AF_ADDED) { 1923 logwarnx("%s: expired %s %s", 1924 ia->iface->name, 1925 ia->flags & IPV6_AF_AUTOCONF ? 1926 "address" : "prefix", 1927 ia->saddr); 1928 if (if_address6(RTM_DELADDR, ia)== -1 && 1929 errno != EADDRNOTAVAIL && 1930 errno != ENXIO) 1931 logerr(__func__); 1932 } 1933 ia->prefix_vltime = ia->prefix_pltime = 0; 1934 ia->flags &= 1935 ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED); 1936 expired = true; 1937 } else { 1938 valid = true; 1939 ltime = ia->prefix_vltime - elapsed; 1940 if (next == 0 || ltime < next) 1941 next = ltime; 1942 } 1943 } 1944 1945 /* Expire route information */ 1946 TAILQ_FOREACH_SAFE(rinfo, &rap->rinfos, next, rinfob) { 1947 if (rinfo->lifetime == ND6_INFINITE_LIFETIME && 1948 !rap->doexpire) 1949 continue; 1950 elapsed = (uint32_t)eloop_timespec_diff(&now, 1951 &rinfo->acquired, NULL); 1952 if (elapsed >= rinfo->lifetime || rap->doexpire) { 1953 logwarnx("%s: expired route %s", 1954 rap->iface->name, rinfo->sprefix); 1955 TAILQ_REMOVE(&rap->rinfos, rinfo, next); 1956 } 1957 } 1958 1959 /* Work out expiry for ND options */ 1960 elapsed = (uint32_t)eloop_timespec_diff(&now, 1961 &rap->acquired, NULL); 1962 len = rap->data_len - sizeof(struct nd_router_advert); 1963 for (p = rap->data + sizeof(struct nd_router_advert); 1964 len >= sizeof(ndo); 1965 p += olen, len -= olen) 1966 { 1967 memcpy(&ndo, p, sizeof(ndo)); 1968 olen = (size_t)(ndo.nd_opt_len * 8); 1969 if (olen > len) { 1970 errno = EINVAL; 1971 break; 1972 } 1973 1974 if (has_option_mask(rap->iface->options->nomasknd, 1975 ndo.nd_opt_type)) 1976 continue; 1977 1978 switch (ndo.nd_opt_type) { 1979 /* Prefix info is already checked in the above loop. */ 1980 #if 0 1981 case ND_OPT_PREFIX_INFORMATION: 1982 if (len < sizeof(pi)) 1983 break; 1984 memcpy(&pi, p, sizeof(pi)); 1985 ltime = pi.nd_opt_pi_valid_time; 1986 break; 1987 #endif 1988 case ND_OPT_DNSSL: 1989 if (len < sizeof(dnssl)) 1990 continue; 1991 memcpy(&dnssl, p, sizeof(dnssl)); 1992 ltime = dnssl.nd_opt_dnssl_lifetime; 1993 break; 1994 case ND_OPT_RDNSS: 1995 if (len < sizeof(rdnss)) 1996 continue; 1997 memcpy(&rdnss, p, sizeof(rdnss)); 1998 ltime = rdnss.nd_opt_rdnss_lifetime; 1999 break; 2000 default: 2001 continue; 2002 } 2003 2004 if (ltime == 0) 2005 continue; 2006 if (rap->doexpire) { 2007 expired = true; 2008 continue; 2009 } 2010 if (ltime == ND6_INFINITE_LIFETIME) { 2011 valid = true; 2012 continue; 2013 } 2014 2015 ltime = ntohl(ltime); 2016 if (elapsed >= ltime) { 2017 expired = true; 2018 continue; 2019 } 2020 2021 valid = true; 2022 ltime -= elapsed; 2023 if (next == 0 || ltime < next) 2024 next = ltime; 2025 } 2026 2027 if (valid) 2028 continue; 2029 2030 /* Router has expired. Let's not keep a lot of them. */ 2031 rap->expired = true; 2032 if (++nexpired > EXPIRED_MAX) 2033 ipv6nd_free_ra(rap); 2034 } 2035 2036 if (next != 0) 2037 eloop_timeout_add_sec(ifp->ctx->eloop, 2038 next, ipv6nd_expirera, ifp); 2039 if (expired) { 2040 logwarnx("%s: part of a Router Advertisement expired", 2041 ifp->name); 2042 ipv6nd_sortrouters(ifp->ctx); 2043 ipv6nd_applyra(ifp); 2044 rt_build(ifp->ctx, AF_INET6); 2045 script_runreason(ifp, "ROUTERADVERT"); 2046 } 2047 } 2048 2049 void 2050 ipv6nd_drop(struct interface *ifp) 2051 { 2052 struct ra *rap, *ran; 2053 bool expired = false; 2054 2055 if (ifp->ctx->ra_routers == NULL) 2056 return; 2057 2058 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 2059 TAILQ_FOREACH_SAFE(rap, ifp->ctx->ra_routers, next, ran) { 2060 if (rap->iface == ifp) { 2061 rap->expired = expired = true; 2062 ipv6nd_drop_ra(rap); 2063 } 2064 } 2065 if (expired) { 2066 ipv6nd_applyra(ifp); 2067 rt_build(ifp->ctx, AF_INET6); 2068 if ((ifp->options->options & DHCPCD_NODROP) != DHCPCD_NODROP) 2069 script_runreason(ifp, "ROUTERADVERT"); 2070 } 2071 } 2072 2073 void 2074 ipv6nd_recvmsg(struct dhcpcd_ctx *ctx, struct msghdr *msg) 2075 { 2076 struct sockaddr_in6 *from = (struct sockaddr_in6 *)msg->msg_name; 2077 char sfrom[INET6_ADDRSTRLEN]; 2078 int hoplimit = 0; 2079 struct icmp6_hdr *icp; 2080 struct interface *ifp; 2081 size_t len = msg->msg_iov[0].iov_len; 2082 2083 inet_ntop(AF_INET6, &from->sin6_addr, sfrom, sizeof(sfrom)); 2084 if ((size_t)len < sizeof(struct icmp6_hdr)) { 2085 logerrx("IPv6 ICMP packet too short from %s", sfrom); 2086 return; 2087 } 2088 2089 ifp = if_findifpfromcmsg(ctx, msg, &hoplimit); 2090 if (ifp == NULL) { 2091 logerr(__func__); 2092 return; 2093 } 2094 2095 /* Don't do anything if the user hasn't configured it. */ 2096 if (ifp->active != IF_ACTIVE_USER || 2097 !(ifp->options->options & DHCPCD_IPV6)) 2098 return; 2099 2100 icp = (struct icmp6_hdr *)msg->msg_iov[0].iov_base; 2101 if (icp->icmp6_code == 0) { 2102 switch(icp->icmp6_type) { 2103 case ND_ROUTER_ADVERT: 2104 ipv6nd_handlera(ctx, from, sfrom, 2105 ifp, icp, (size_t)len, hoplimit); 2106 return; 2107 } 2108 } 2109 2110 logerrx("invalid IPv6 type %d or code %d from %s", 2111 icp->icmp6_type, icp->icmp6_code, sfrom); 2112 } 2113 2114 static void 2115 ipv6nd_handledata(void *arg, unsigned short events) 2116 { 2117 struct dhcpcd_ctx *ctx; 2118 int fd; 2119 struct sockaddr_in6 from; 2120 union { 2121 struct icmp6_hdr hdr; 2122 uint8_t buf[64 * 1024]; /* Maximum ICMPv6 size */ 2123 } iovbuf; 2124 struct iovec iov = { 2125 .iov_base = iovbuf.buf, .iov_len = sizeof(iovbuf.buf), 2126 }; 2127 union { 2128 struct cmsghdr hdr; 2129 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo)) + 2130 CMSG_SPACE(sizeof(int))]; 2131 } cmsgbuf = { .buf = { 0 } }; 2132 struct msghdr msg = { 2133 .msg_name = &from, .msg_namelen = sizeof(from), 2134 .msg_iov = &iov, .msg_iovlen = 1, 2135 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf), 2136 }; 2137 ssize_t len; 2138 2139 #ifdef __sun 2140 struct interface *ifp; 2141 struct rs_state *state; 2142 2143 ifp = arg; 2144 state = RS_STATE(ifp); 2145 ctx = ifp->ctx; 2146 fd = state->nd_fd; 2147 #else 2148 ctx = arg; 2149 fd = ctx->nd_fd; 2150 #endif 2151 2152 if (events != ELE_READ) 2153 logerrx("%s: unexpected event 0x%04x", __func__, events); 2154 2155 len = recvmsg(fd, &msg, 0); 2156 if (len == -1) { 2157 logerr(__func__); 2158 return; 2159 } 2160 2161 iov.iov_len = (size_t)len; 2162 ipv6nd_recvmsg(ctx, &msg); 2163 } 2164 2165 static void 2166 ipv6nd_startrs1(void *arg) 2167 { 2168 struct interface *ifp = arg; 2169 struct rs_state *state; 2170 2171 loginfox("%s: soliciting an IPv6 router", ifp->name); 2172 state = RS_STATE(ifp); 2173 if (state == NULL) { 2174 ifp->if_data[IF_DATA_IPV6ND] = calloc(1, sizeof(*state)); 2175 state = RS_STATE(ifp); 2176 if (state == NULL) { 2177 logerr(__func__); 2178 return; 2179 } 2180 #ifdef __sun 2181 state->nd_fd = -1; 2182 #endif 2183 } 2184 2185 /* Always make a new probe as the underlying hardware 2186 * address could have changed. */ 2187 ipv6nd_makersprobe(ifp); 2188 if (state->rs == NULL) { 2189 logerr(__func__); 2190 return; 2191 } 2192 2193 state->retrans = RETRANS_TIMER; 2194 state->rsprobes = 0; 2195 ipv6nd_sendrsprobe(ifp); 2196 } 2197 2198 void 2199 ipv6nd_startrs(struct interface *ifp) 2200 { 2201 unsigned int delay; 2202 2203 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 2204 if (!(ifp->options->options & DHCPCD_INITIAL_DELAY)) { 2205 ipv6nd_startrs1(ifp); 2206 return; 2207 } 2208 2209 delay = arc4random_uniform(MAX_RTR_SOLICITATION_DELAY * MSEC_PER_SEC); 2210 logdebugx("%s: delaying IPv6 router solicitation for %0.1f seconds", 2211 ifp->name, (float)delay / MSEC_PER_SEC); 2212 eloop_timeout_add_msec(ifp->ctx->eloop, delay, ipv6nd_startrs1, ifp); 2213 return; 2214 } 2215 2216 static struct routeinfo *routeinfo_findalloc(struct ra *rap, const struct in6_addr *prefix, uint8_t prefix_len) 2217 { 2218 struct routeinfo *ri; 2219 char buf[INET6_ADDRSTRLEN]; 2220 const char *p; 2221 2222 TAILQ_FOREACH(ri, &rap->rinfos, next) { 2223 if (ri->prefix_len == prefix_len && 2224 IN6_ARE_ADDR_EQUAL(&ri->prefix, prefix)) 2225 return ri; 2226 } 2227 2228 ri = malloc(sizeof(struct routeinfo)); 2229 if (ri == NULL) 2230 return NULL; 2231 2232 memcpy(&ri->prefix, prefix, sizeof(ri->prefix)); 2233 ri->prefix_len = prefix_len; 2234 p = inet_ntop(AF_INET6, prefix, buf, sizeof(buf)); 2235 if (p) 2236 snprintf(ri->sprefix, 2237 sizeof(ri->sprefix), 2238 "%s/%d", 2239 p, prefix_len); 2240 else 2241 ri->sprefix[0] = '\0'; 2242 TAILQ_INSERT_TAIL(&rap->rinfos, ri, next); 2243 return ri; 2244 } 2245 2246 static void routeinfohead_free(struct routeinfohead *head) 2247 { 2248 struct routeinfo *ri; 2249 2250 while ((ri = TAILQ_FIRST(head))) { 2251 TAILQ_REMOVE(head, ri, next); 2252 free(ri); 2253 } 2254 } 2255