1 /* 2 * dhcpcd - DHCP client daemon 3 * Copyright (c) 2006-2017 Roy Marples <roy@marples.name> 4 * All rights reserved 5 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/param.h> 29 #include <sys/types.h> 30 #include <sys/socket.h> 31 #include <sys/stat.h> 32 33 #include <net/if.h> 34 #include <net/route.h> 35 #include <netinet/in.h> 36 #include <netinet/if_ether.h> 37 38 #include "config.h" 39 40 #ifdef HAVE_SYS_BITOPS_H 41 #include <sys/bitops.h> 42 #else 43 #include "compat/bitops.h" 44 #endif 45 46 #ifdef BSD 47 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used 48 * to generate our CAN_ADD_LLADDR #define. */ 49 # include <netinet6/in6_var.h> 50 # include <netinet6/nd6.h> 51 #endif 52 53 #include <errno.h> 54 #include <ifaddrs.h> 55 #include <inttypes.h> 56 #include <stdlib.h> 57 #include <string.h> 58 #include <unistd.h> 59 60 #define ELOOP_QUEUE 7 61 #include "common.h" 62 #include "if.h" 63 #include "dhcpcd.h" 64 #include "dhcp6.h" 65 #include "eloop.h" 66 #include "ipv6.h" 67 #include "ipv6nd.h" 68 #include "logerr.h" 69 #include "sa.h" 70 #include "script.h" 71 72 #ifdef HAVE_MD5_H 73 # ifndef DEPGEN 74 # include <md5.h> 75 # endif 76 #endif 77 78 #ifdef SHA2_H 79 # include SHA2_H 80 #endif 81 82 #ifndef SHA256_DIGEST_LENGTH 83 # define SHA256_DIGEST_LENGTH 32 84 #endif 85 86 #ifdef IPV6_POLLADDRFLAG 87 # warning kernel does not report IPv6 address flag changes 88 # warning polling tentative address flags periodically 89 #endif 90 91 /* Hackery at it's finest. */ 92 #ifndef s6_addr32 93 # ifdef __sun 94 # define s6_addr32 _S6_un._S6_u32 95 # else 96 # define s6_addr32 __u6_addr.__u6_addr32 97 # endif 98 #endif 99 100 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \ 101 defined(IFF_NOLINKLOCAL) 102 /* Only add the LL address if we have a carrier, so DaD works. */ 103 #define CAN_ADD_LLADDR(ifp) \ 104 (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN) 105 #ifdef __sun 106 /* Although we can add our own LL address, we cannot drop it 107 * without unplumbing the if which is a lot of code. 108 * So just keep it for the time being. */ 109 #define CAN_DROP_LLADDR(ifp) (0) 110 #else 111 #define CAN_DROP_LLADDR(ifp) (1) 112 #endif 113 #else 114 /* We have no control over the OS adding the LLADDR, so just let it do it 115 * as we cannot force our own view on it. */ 116 #define CAN_ADD_LLADDR(ifp) (0) 117 #define CAN_DROP_LLADDR(ifp) (0) 118 #endif 119 120 #ifdef IPV6_MANAGETEMPADDR 121 static void ipv6_regentempifid(void *); 122 static void ipv6_regentempaddr(void *); 123 #else 124 #define ipv6_regentempifid(a) {} 125 #endif 126 127 int 128 ipv6_init(struct dhcpcd_ctx *ctx) 129 { 130 131 if (ctx->sndhdr.msg_iovlen == 1) 132 return 0; 133 134 if (ctx->ra_routers == NULL) { 135 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers)); 136 if (ctx->ra_routers == NULL) 137 return -1; 138 } 139 TAILQ_INIT(ctx->ra_routers); 140 141 ctx->sndhdr.msg_namelen = sizeof(struct sockaddr_in6); 142 ctx->sndhdr.msg_iov = ctx->sndiov; 143 ctx->sndhdr.msg_iovlen = 1; 144 ctx->sndhdr.msg_control = ctx->sndbuf; 145 ctx->sndhdr.msg_controllen = sizeof(ctx->sndbuf); 146 ctx->rcvhdr.msg_name = &ctx->from; 147 ctx->rcvhdr.msg_namelen = sizeof(ctx->from); 148 ctx->rcvhdr.msg_iov = ctx->iov; 149 ctx->rcvhdr.msg_iovlen = 1; 150 ctx->rcvhdr.msg_control = ctx->ctlbuf; 151 // controllen is set at recieve 152 //ctx->rcvhdr.msg_controllen = sizeof(ctx->rcvbuf); 153 154 ctx->nd_fd = -1; 155 ctx->dhcp6_fd = -1; 156 return 0; 157 } 158 159 static ssize_t 160 ipv6_readsecret(struct dhcpcd_ctx *ctx) 161 { 162 FILE *fp; 163 char line[1024]; 164 unsigned char *p; 165 size_t len; 166 uint32_t r; 167 int x; 168 169 if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0) 170 return (ssize_t)ctx->secret_len; 171 172 if (errno != ENOENT) 173 logerr("%s: %s", __func__, SECRET); 174 175 /* Chaining arc4random should be good enough. 176 * RFC7217 section 5.1 states the key SHOULD be at least 128 bits. 177 * To attempt and future proof ourselves, we'll generate a key of 178 * 512 bits (64 bytes). */ 179 if (ctx->secret_len < 64) { 180 if ((ctx->secret = malloc(64)) == NULL) { 181 logerr(__func__); 182 return -1; 183 } 184 ctx->secret_len = 64; 185 } 186 p = ctx->secret; 187 for (len = 0; len < 512 / NBBY; len += sizeof(r)) { 188 r = arc4random(); 189 memcpy(p, &r, sizeof(r)); 190 p += sizeof(r); 191 } 192 193 /* Ensure that only the dhcpcd user can read the secret. 194 * Write permission is also denied as chaning it would remove 195 * it's stability. */ 196 if ((fp = fopen(SECRET, "w")) == NULL || 197 chmod(SECRET, S_IRUSR) == -1) 198 goto eexit; 199 x = fprintf(fp, "%s\n", 200 hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line))); 201 if (fclose(fp) == EOF) 202 x = -1; 203 fp = NULL; 204 if (x > 0) 205 return (ssize_t)ctx->secret_len; 206 207 eexit: 208 logerr("%s: %s", __func__, SECRET); 209 if (fp != NULL) 210 fclose(fp); 211 unlink(SECRET); 212 ctx->secret_len = 0; 213 return -1; 214 } 215 216 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml 217 * RFC5453 */ 218 static const struct reslowhigh { 219 const uint8_t high[8]; 220 const uint8_t low[8]; 221 } reslowhigh[] = { 222 /* RFC4291 + RFC6543 */ 223 { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 }, 224 { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } }, 225 /* RFC2526 */ 226 { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 }, 227 { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } } 228 }; 229 230 static int 231 ipv6_reserved(const struct in6_addr *addr) 232 { 233 uint64_t id, low, high; 234 size_t i; 235 const struct reslowhigh *r; 236 237 id = be64dec(addr->s6_addr + sizeof(id)); 238 if (id == 0) /* RFC4291 */ 239 return 1; 240 for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) { 241 r = &reslowhigh[i]; 242 low = be64dec(r->low); 243 high = be64dec(r->high); 244 if (id >= low && id <= high) 245 return 1; 246 } 247 return 0; 248 } 249 250 /* RFC7217 */ 251 static int 252 ipv6_makestableprivate1(struct in6_addr *addr, 253 const struct in6_addr *prefix, int prefix_len, 254 const unsigned char *netiface, size_t netiface_len, 255 const unsigned char *netid, size_t netid_len, 256 uint32_t *dad_counter, 257 const unsigned char *secret, size_t secret_len) 258 { 259 unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH]; 260 size_t len, l; 261 SHA256_CTX ctx; 262 263 if (prefix_len < 0 || prefix_len > 120) { 264 errno = EINVAL; 265 return -1; 266 } 267 268 l = (size_t)(ROUNDUP8(prefix_len) / NBBY); 269 len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len; 270 if (len > sizeof(buf)) { 271 errno = ENOBUFS; 272 return -1; 273 } 274 275 for (;; (*dad_counter)++) { 276 /* Combine all parameters into one buffer */ 277 p = buf; 278 memcpy(p, prefix, l); 279 p += l; 280 memcpy(p, netiface, netiface_len); 281 p += netiface_len; 282 memcpy(p, netid, netid_len); 283 p += netid_len; 284 memcpy(p, dad_counter, sizeof(*dad_counter)); 285 p += sizeof(*dad_counter); 286 memcpy(p, secret, secret_len); 287 288 /* Make an address using the digest of the above. 289 * RFC7217 Section 5.1 states that we shouldn't use MD5. 290 * Pity as we use that for HMAC-MD5 which is still deemed OK. 291 * SHA-256 is recommended */ 292 SHA256_Init(&ctx); 293 SHA256_Update(&ctx, buf, len); 294 SHA256_Final(digest, &ctx); 295 296 p = addr->s6_addr; 297 memcpy(p, prefix, l); 298 /* RFC7217 section 5.2 says we need to start taking the id from 299 * the least significant bit */ 300 len = sizeof(addr->s6_addr) - l; 301 memcpy(p + l, digest + (sizeof(digest) - len), len); 302 303 /* Ensure that the Interface ID does not match a reserved one, 304 * if it does then treat it as a DAD failure. 305 * RFC7217 section 5.2 */ 306 if (prefix_len != 64) 307 break; 308 if (!ipv6_reserved(addr)) 309 break; 310 } 311 312 return 0; 313 } 314 315 int 316 ipv6_makestableprivate(struct in6_addr *addr, 317 const struct in6_addr *prefix, int prefix_len, 318 const struct interface *ifp, 319 int *dad_counter) 320 { 321 uint32_t dad; 322 int r; 323 324 if (ifp->ctx->secret_len == 0) { 325 if (ipv6_readsecret(ifp->ctx) == -1) 326 return -1; 327 } 328 329 dad = (uint32_t)*dad_counter; 330 331 /* For our implementation, we shall set the hardware address 332 * as the interface identifier */ 333 r = ipv6_makestableprivate1(addr, prefix, prefix_len, 334 ifp->hwaddr, ifp->hwlen, 335 ifp->ssid, ifp->ssid_len, 336 &dad, 337 ifp->ctx->secret, ifp->ctx->secret_len); 338 339 if (r == 0) 340 *dad_counter = (int)dad; 341 return r; 342 } 343 344 int 345 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp, 346 const struct in6_addr *prefix, int prefix_len) 347 { 348 const struct ipv6_addr *ap; 349 int dad; 350 351 if (prefix_len < 0 || prefix_len > 120) { 352 errno = EINVAL; 353 return -1; 354 } 355 356 if (ifp->options->options & DHCPCD_SLAACPRIVATE) { 357 dad = 0; 358 if (ipv6_makestableprivate(addr, 359 prefix, prefix_len, ifp, &dad) == -1) 360 return -1; 361 return dad; 362 } 363 364 if (prefix_len > 64) { 365 errno = EINVAL; 366 return -1; 367 } 368 if ((ap = ipv6_linklocal(ifp)) == NULL) { 369 /* We delay a few functions until we get a local-link address 370 * so this should never be hit. */ 371 errno = ENOENT; 372 return -1; 373 } 374 375 /* Make the address from the first local-link address */ 376 memcpy(addr, prefix, sizeof(*prefix)); 377 addr->s6_addr32[2] = ap->addr.s6_addr32[2]; 378 addr->s6_addr32[3] = ap->addr.s6_addr32[3]; 379 return 0; 380 } 381 382 static int 383 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len) 384 { 385 int bytes, bits; 386 387 if (len < 0 || len > 128) { 388 errno = EINVAL; 389 return -1; 390 } 391 392 bytes = len / NBBY; 393 bits = len % NBBY; 394 memcpy(&prefix->s6_addr, &addr->s6_addr, (size_t)bytes); 395 if (bits != 0) { 396 /* Coverify false positive. 397 * bytelen cannot be 16 if bitlen is non zero */ 398 /* coverity[overrun-local] */ 399 prefix->s6_addr[bytes] = 400 (uint8_t)(prefix->s6_addr[bytes] >> (NBBY - bits)); 401 } 402 memset((char *)prefix->s6_addr + bytes, 0, 403 sizeof(prefix->s6_addr) - (size_t)bytes); 404 return 0; 405 } 406 407 int 408 ipv6_mask(struct in6_addr *mask, int len) 409 { 410 static const unsigned char masks[NBBY] = 411 { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff }; 412 int bytes, bits, i; 413 414 if (len < 0 || len > 128) { 415 errno = EINVAL; 416 return -1; 417 } 418 419 memset(mask, 0, sizeof(*mask)); 420 bytes = len / NBBY; 421 bits = len % NBBY; 422 for (i = 0; i < bytes; i++) 423 mask->s6_addr[i] = 0xff; 424 if (bits) { 425 /* Coverify false positive. 426 * bytelen cannot be 16 if bitlen is non zero */ 427 /* coverity[overrun-local] */ 428 mask->s6_addr[bytes] = masks[bits - 1]; 429 } 430 return 0; 431 } 432 433 uint8_t 434 ipv6_prefixlen(const struct in6_addr *mask) 435 { 436 int x = 0, y; 437 const unsigned char *lim, *p; 438 439 lim = (const unsigned char *)mask + sizeof(*mask); 440 for (p = (const unsigned char *)mask; p < lim; x++, p++) { 441 if (*p != 0xff) 442 break; 443 } 444 y = 0; 445 if (p < lim) { 446 for (y = 0; y < NBBY; y++) { 447 if ((*p & (0x80 >> y)) == 0) 448 break; 449 } 450 } 451 452 /* 453 * when the limit pointer is given, do a stricter check on the 454 * remaining bits. 455 */ 456 if (p < lim) { 457 if (y != 0 && (*p & (0x00ff >> y)) != 0) 458 return 0; 459 for (p = p + 1; p < lim; p++) 460 if (*p != 0) 461 return 0; 462 } 463 464 return (uint8_t)(x * NBBY + y); 465 } 466 467 static void 468 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr) 469 { 470 471 *vhigh = be64dec(addr->s6_addr); 472 *vlow = be64dec(addr->s6_addr + 8); 473 } 474 475 static void 476 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow) 477 { 478 479 be64enc(addr->s6_addr, vhigh); 480 be64enc(addr->s6_addr + 8, vlow); 481 } 482 483 int 484 ipv6_userprefix( 485 const struct in6_addr *prefix, // prefix from router 486 short prefix_len, // length of prefix received 487 uint64_t user_number, // "random" number from user 488 struct in6_addr *result, // resultant prefix 489 short result_len) // desired prefix length 490 { 491 uint64_t vh, vl, user_low, user_high; 492 493 if (prefix_len < 1 || prefix_len > 128 || 494 result_len < 1 || result_len > 128) 495 { 496 errno = EINVAL; 497 return -1; 498 } 499 500 /* Check that the user_number fits inside result_len less prefix_len */ 501 if (result_len < prefix_len || 502 fls64(user_number) > result_len - prefix_len) 503 { 504 errno = ERANGE; 505 return -1; 506 } 507 508 /* If user_number is zero, just copy the prefix into the result. */ 509 if (user_number == 0) { 510 *result = *prefix; 511 return 0; 512 } 513 514 /* Shift user_number so it fit's just inside result_len. 515 * Shifting by 0 or sizeof(user_number) is undefined, 516 * so we cater for that. */ 517 if (result_len == 128) { 518 user_high = 0; 519 user_low = user_number; 520 } else if (result_len > 64) { 521 if (prefix_len >= 64) 522 user_high = 0; 523 else 524 user_high = user_number >> (result_len - prefix_len); 525 user_low = user_number << (128 - result_len); 526 } else if (result_len == 64) { 527 user_high = user_number; 528 user_low = 0; 529 } else { 530 user_high = user_number << (64 - result_len); 531 user_low = 0; 532 } 533 534 /* convert to two 64bit host order values */ 535 in6_to_h64(&vh, &vl, prefix); 536 537 vh |= user_high; 538 vl |= user_low; 539 540 /* copy back result */ 541 h64_to_in6(result, vh, vl); 542 543 return 0; 544 } 545 546 #ifdef IPV6_POLLADDRFLAG 547 void 548 ipv6_checkaddrflags(void *arg) 549 { 550 struct ipv6_addr *ia; 551 int flags; 552 const char *alias; 553 554 ia = arg; 555 #ifdef ALIAS_ADDR 556 alias = ia->alias; 557 #else 558 alias = NULL; 559 #endif 560 if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) { 561 logerr("%s: if_addrflags6", ia->iface->name); 562 return; 563 } 564 565 if (!(flags & IN6_IFF_TENTATIVE)) { 566 /* Simulate the kernel announcing the new address. */ 567 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR, 568 ia->iface->ctx->ifaces, ia->iface->name, 569 &ia->addr, ia->prefix_len, flags); 570 } else { 571 /* Still tentative? Check again in a bit. */ 572 struct timespec tv; 573 574 ms_to_ts(&tv, RETRANS_TIMER / 2); 575 eloop_timeout_add_tv(ia->iface->ctx->eloop, &tv, 576 ipv6_checkaddrflags, ia); 577 } 578 } 579 #endif 580 581 static void 582 ipv6_deletedaddr(struct ipv6_addr *ia) 583 { 584 585 #ifdef SMALL 586 UNUSED(ia); 587 #else 588 /* NOREJECT is set if we delegated exactly the prefix to another 589 * address. 590 * This can only be one address, so just clear the flag. 591 * This should ensure the reject route will be restored. */ 592 if (ia->delegating_prefix != NULL) 593 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT; 594 #endif 595 } 596 597 void 598 ipv6_deleteaddr(struct ipv6_addr *ia) 599 { 600 struct ipv6_state *state; 601 struct ipv6_addr *ap; 602 603 loginfox("%s: deleting address %s", ia->iface->name, ia->saddr); 604 if (if_address6(RTM_DELADDR, ia) == -1 && 605 errno != EADDRNOTAVAIL && errno != ESRCH && 606 errno != ENXIO && errno != ENODEV) 607 logerr(__func__); 608 609 ipv6_deletedaddr(ia); 610 611 state = IPV6_STATE(ia->iface); 612 TAILQ_FOREACH(ap, &state->addrs, next) { 613 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) { 614 TAILQ_REMOVE(&state->addrs, ap, next); 615 ipv6_freeaddr(ap); 616 break; 617 } 618 } 619 } 620 621 static int 622 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now) 623 { 624 struct interface *ifp; 625 struct ipv6_state *state; 626 struct ipv6_addr *ia2; 627 uint32_t pltime, vltime; 628 __printflike(1, 2) void (*logfunc)(const char *, ...); 629 630 /* Ensure no other interface has this address */ 631 TAILQ_FOREACH(ifp, ia->iface->ctx->ifaces, next) { 632 if (ifp == ia->iface) 633 continue; 634 state = IPV6_STATE(ifp); 635 if (state == NULL) 636 continue; 637 TAILQ_FOREACH(ia2, &state->addrs, next) { 638 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr)) { 639 ipv6_deleteaddr(ia2); 640 break; 641 } 642 } 643 } 644 645 /* Remember the interface of the address. */ 646 ifp = ia->iface; 647 648 if (!(ia->flags & IPV6_AF_DADCOMPLETED) && 649 ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE)) 650 ia->flags |= IPV6_AF_DADCOMPLETED; 651 652 /* Adjust plftime and vltime based on acquired time */ 653 pltime = ia->prefix_pltime; 654 vltime = ia->prefix_vltime; 655 if (timespecisset(&ia->acquired) && 656 (ia->prefix_pltime != ND6_INFINITE_LIFETIME || 657 ia->prefix_vltime != ND6_INFINITE_LIFETIME)) 658 { 659 struct timespec n; 660 661 if (now == NULL) { 662 clock_gettime(CLOCK_MONOTONIC, &n); 663 now = &n; 664 } 665 timespecsub(now, &ia->acquired, &n); 666 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) { 667 ia->prefix_pltime -= (uint32_t)n.tv_sec; 668 /* This can happen when confirming a 669 * deprecated but still valid lease. */ 670 if (ia->prefix_pltime > pltime) 671 ia->prefix_pltime = 0; 672 } 673 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) { 674 ia->prefix_vltime -= (uint32_t)n.tv_sec; 675 /* This should never happen. */ 676 if (ia->prefix_vltime > vltime) { 677 logerrx("%s: %s: lifetime overflow", 678 ifp->name, ia->saddr); 679 ia->prefix_vltime = ia->prefix_pltime = 0; 680 } 681 } 682 } 683 684 logfunc = ia->flags & IPV6_AF_NEW ? loginfox : logdebugx; 685 logfunc("%s: adding %saddress %s", ifp->name, 686 #ifdef IPV6_AF_TEMPORARY 687 ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "", 688 #else 689 "", 690 #endif 691 ia->saddr); 692 if (ia->prefix_pltime == ND6_INFINITE_LIFETIME && 693 ia->prefix_vltime == ND6_INFINITE_LIFETIME) 694 logdebugx("%s: pltime infinity, vltime infinity", 695 ifp->name); 696 else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME) 697 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds", 698 ifp->name, ia->prefix_vltime); 699 else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME) 700 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity", 701 ifp->name, ia->prefix_pltime); 702 else 703 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32 704 " seconds", 705 ifp->name, ia->prefix_pltime, ia->prefix_vltime); 706 707 708 if (if_address6(RTM_NEWADDR, ia) == -1) { 709 logerr(__func__); 710 /* Restore real pltime and vltime */ 711 ia->prefix_pltime = pltime; 712 ia->prefix_vltime = vltime; 713 return -1; 714 } 715 716 #ifdef IPV6_MANAGETEMPADDR 717 /* RFC4941 Section 3.4 */ 718 if (ia->flags & IPV6_AF_TEMPORARY && 719 ia->prefix_pltime && 720 ia->prefix_vltime && 721 ip6_use_tempaddr(ifp->name)) 722 eloop_timeout_add_sec(ifp->ctx->eloop, 723 (time_t)ia->prefix_pltime - REGEN_ADVANCE, 724 ipv6_regentempaddr, ia); 725 #endif 726 727 /* Restore real pltime and vltime */ 728 ia->prefix_pltime = pltime; 729 ia->prefix_vltime = vltime; 730 731 ia->flags &= ~IPV6_AF_NEW; 732 ia->flags |= IPV6_AF_ADDED; 733 #ifndef SMALL 734 if (ia->delegating_prefix != NULL) 735 ia->flags |= IPV6_AF_DELEGATED; 736 #endif 737 738 #ifdef IPV6_POLLADDRFLAG 739 eloop_timeout_delete(ifp->ctx->eloop, 740 ipv6_checkaddrflags, ia); 741 if (!(ia->flags & IPV6_AF_DADCOMPLETED)) { 742 struct timespec tv; 743 744 ms_to_ts(&tv, RETRANS_TIMER / 2); 745 eloop_timeout_add_tv(ifp->ctx->eloop, 746 &tv, ipv6_checkaddrflags, ia); 747 } 748 #endif 749 750 #ifdef __sun 751 /* Solaris does not announce new addresses which need DaD 752 * so we need to take a copy and add it to our list. 753 * Otherwise aliasing gets confused if we add another 754 * address during DaD. */ 755 756 state = IPV6_STATE(ifp); 757 TAILQ_FOREACH(ia2, &state->addrs, next) { 758 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr)) 759 break; 760 } 761 if (ia2 == NULL) { 762 if ((ia2 = malloc(sizeof(*ia2))) == NULL) { 763 logerr(__func__); 764 return 0; /* Well, we did add the address */ 765 } 766 memcpy(ia2, ia, sizeof(*ia2)); 767 TAILQ_INSERT_TAIL(&state->addrs, ia2, next); 768 } 769 #endif 770 771 return 0; 772 } 773 774 #ifdef ALIAS_ADDR 775 /* Find the next logical aliase address we can use. */ 776 static int 777 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl) 778 { 779 struct ipv6_state *state; 780 struct ipv6_addr *iap; 781 unsigned int unit; 782 char alias[IF_NAMESIZE]; 783 784 if (ia->alias[0] != '\0') 785 return 0; 786 state = IPV6_STATE(ia->iface); 787 788 /* First find an existng address. 789 * This can happen when dhcpcd restarts as ND and DHCPv6 790 * maintain their own lists of addresses. */ 791 TAILQ_FOREACH(iap, &state->addrs, next) { 792 if (iap->alias[0] != '\0' && 793 IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr)) 794 { 795 strlcpy(ia->alias, iap->alias, sizeof(ia->alias)); 796 return 0; 797 } 798 } 799 800 unit = 0; 801 find_unit: 802 if (unit == 0) 803 strlcpy(alias, ia->iface->name, sizeof(alias)); 804 else 805 snprintf(alias, sizeof(alias), "%s:%u", ia->iface->name, unit); 806 TAILQ_FOREACH(iap, &state->addrs, next) { 807 if (iap->alias[0] == '\0') 808 continue; 809 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) { 810 /* No address assigned? Lets use it. */ 811 strlcpy(ia->alias, iap->alias, sizeof(ia->alias)); 812 if (repl) 813 *repl = iap; 814 return 1; 815 } 816 if (strcmp(iap->alias, alias) == 0) 817 break; 818 } 819 820 if (iap != NULL) { 821 if (unit == UINT_MAX) { 822 errno = ERANGE; 823 return -1; 824 } 825 unit++; 826 goto find_unit; 827 } 828 829 strlcpy(ia->alias, alias, sizeof(ia->alias)); 830 return 0; 831 } 832 #endif 833 834 int 835 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now) 836 { 837 int r; 838 #ifdef ALIAS_ADDR 839 int replaced, blank; 840 struct ipv6_addr *replaced_ia; 841 842 blank = (ia->alias[0] == '\0'); 843 if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1) 844 return -1; 845 if (blank) 846 logdebugx("%s: aliased %s", ia->alias, ia->saddr); 847 #endif 848 849 if ((r = ipv6_addaddr1(ia, now)) == 0) { 850 #ifdef ALIAS_ADDR 851 if (replaced) { 852 struct ipv6_state *state; 853 854 state = IPV6_STATE(ia->iface); 855 TAILQ_REMOVE(&state->addrs, replaced_ia, next); 856 ipv6_freeaddr(replaced_ia); 857 } 858 #endif 859 } 860 return r; 861 } 862 863 int 864 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match, 865 unsigned int flags) 866 { 867 868 if (match == NULL) { 869 if ((addr->flags & 870 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) == 871 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) 872 return 1; 873 } else if (addr->prefix_vltime && 874 IN6_ARE_ADDR_EQUAL(&addr->addr, match) && 875 (!flags || addr->flags & flags)) 876 return 1; 877 878 return 0; 879 } 880 881 struct ipv6_addr * 882 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags) 883 { 884 struct ipv6_addr *dap, *nap; 885 886 dap = dhcp6_findaddr(ctx, addr, flags); 887 nap = ipv6nd_findaddr(ctx, addr, flags); 888 if (!dap && !nap) 889 return NULL; 890 if (dap && !nap) 891 return dap; 892 if (nap && !dap) 893 return nap; 894 if (nap->iface->metric < dap->iface->metric) 895 return nap; 896 return dap; 897 } 898 899 ssize_t 900 ipv6_addaddrs(struct ipv6_addrhead *addrs) 901 { 902 struct ipv6_addr *ap, *apn, *apf; 903 ssize_t i; 904 struct timespec now; 905 906 i = 0; 907 timespecclear(&now); 908 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) { 909 /* A delegated prefix is not an address. */ 910 if (ap->flags & IPV6_AF_DELEGATEDPFX) 911 continue; 912 if (ap->prefix_vltime == 0) { 913 if (ap->flags & IPV6_AF_ADDED) { 914 ipv6_deleteaddr(ap); 915 i++; 916 } 917 eloop_q_timeout_delete(ap->iface->ctx->eloop, 918 0, NULL, ap); 919 if (ap->flags & IPV6_AF_REQUEST) { 920 ap->flags &= ~IPV6_AF_ADDED; 921 } else { 922 TAILQ_REMOVE(addrs, ap, next); 923 ipv6_freeaddr(ap); 924 } 925 } else if (!(ap->flags & IPV6_AF_STALE) && 926 !IN6_IS_ADDR_UNSPECIFIED(&ap->addr)) 927 { 928 apf = ipv6_findaddr(ap->iface->ctx, 929 &ap->addr, IPV6_AF_ADDED); 930 if (apf && apf->iface != ap->iface) { 931 if (apf->iface->metric <= ap->iface->metric) { 932 loginfox("%s: preferring %s on %s", 933 ap->iface->name, 934 ap->saddr, 935 apf->iface->name); 936 continue; 937 } 938 loginfox("%s: preferring %s on %s", 939 apf->iface->name, 940 ap->saddr, 941 ap->iface->name); 942 if (if_address6(RTM_DELADDR, apf) == -1 && 943 errno != EADDRNOTAVAIL && errno != ENXIO) 944 logerr(__func__); 945 apf->flags &= 946 ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED); 947 } else if (apf) 948 apf->flags &= ~IPV6_AF_ADDED; 949 if (ap->flags & IPV6_AF_NEW) 950 i++; 951 if (!timespecisset(&now)) 952 clock_gettime(CLOCK_MONOTONIC, &now); 953 ipv6_addaddr(ap, &now); 954 } 955 } 956 957 return i; 958 } 959 960 void 961 ipv6_freeaddr(struct ipv6_addr *ia) 962 { 963 #ifndef SMALL 964 struct ipv6_addr *iad; 965 966 /* Forget the reference */ 967 if (ia->flags & IPV6_AF_DELEGATEDPFX) { 968 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) { 969 iad->delegating_prefix = NULL; 970 } 971 } else if (ia->delegating_prefix != NULL) { 972 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next); 973 } 974 #endif 975 976 if (ia->dhcp6_fd != -1) { 977 close(ia->dhcp6_fd); 978 eloop_event_delete(ia->iface->ctx->eloop, ia->dhcp6_fd); 979 } 980 981 eloop_q_timeout_delete(ia->iface->ctx->eloop, 0, NULL, ia); 982 free(ia); 983 } 984 985 void 986 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop, 987 const struct interface *ifd) 988 { 989 struct ipv6_addr *ap, *apn, *apf; 990 struct timespec now; 991 992 #ifdef SMALL 993 UNUSED(ifd); 994 #endif 995 timespecclear(&now); 996 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) { 997 #ifndef SMALL 998 if (ifd != NULL && 999 (ap->delegating_prefix == NULL || 1000 ap->delegating_prefix->iface != ifd)) 1001 continue; 1002 #endif 1003 if (drop != 2) 1004 TAILQ_REMOVE(addrs, ap, next); 1005 if (drop && ap->flags & IPV6_AF_ADDED && 1006 (ap->iface->options->options & 1007 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) != 1008 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) 1009 { 1010 /* Don't drop link-local addresses. */ 1011 if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) || 1012 CAN_DROP_LLADDR(ap->iface)) 1013 { 1014 if (drop == 2) 1015 TAILQ_REMOVE(addrs, ap, next); 1016 /* Find the same address somewhere else */ 1017 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr, 1018 0); 1019 if ((apf == NULL || 1020 (apf->iface != ap->iface))) 1021 ipv6_deleteaddr(ap); 1022 if (!(ap->iface->options->options & 1023 DHCPCD_EXITING) && apf) 1024 { 1025 if (!timespecisset(&now)) 1026 clock_gettime(CLOCK_MONOTONIC, 1027 &now); 1028 ipv6_addaddr(apf, &now); 1029 } 1030 if (drop == 2) 1031 ipv6_freeaddr(ap); 1032 } 1033 } 1034 if (drop != 2) 1035 ipv6_freeaddr(ap); 1036 } 1037 } 1038 1039 static struct ipv6_state * 1040 ipv6_getstate(struct interface *ifp) 1041 { 1042 struct ipv6_state *state; 1043 1044 state = IPV6_STATE(ifp); 1045 if (state == NULL) { 1046 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state)); 1047 state = IPV6_STATE(ifp); 1048 if (state == NULL) { 1049 logerr(__func__); 1050 return NULL; 1051 } 1052 TAILQ_INIT(&state->addrs); 1053 TAILQ_INIT(&state->ll_callbacks); 1054 1055 /* Regenerate new ids */ 1056 if (ifp->options && 1057 ip6_use_tempaddr(ifp->name)) 1058 ipv6_regentempifid(ifp); 1059 } 1060 return state; 1061 } 1062 1063 void 1064 ipv6_handleifa(struct dhcpcd_ctx *ctx, 1065 int cmd, struct if_head *ifs, const char *ifname, 1066 const struct in6_addr *addr, uint8_t prefix_len, int addrflags) 1067 { 1068 struct interface *ifp; 1069 struct ipv6_state *state; 1070 struct ipv6_addr *ia; 1071 struct ll_callback *cb; 1072 1073 #if 0 1074 char dbuf[INET6_ADDRSTRLEN]; 1075 const char *dbp; 1076 1077 dbp = inet_ntop(AF_INET6, &addr->s6_addr, 1078 dbuf, INET6_ADDRSTRLEN); 1079 loginfox("%s: cmd %d addr %s", 1080 ifname, cmd, dbp); 1081 #endif 1082 1083 if (ifs == NULL) 1084 ifs = ctx->ifaces; 1085 if (ifs == NULL) 1086 return; 1087 if ((ifp = if_find(ifs, ifname)) == NULL) 1088 return; 1089 if ((state = ipv6_getstate(ifp)) == NULL) 1090 return; 1091 1092 TAILQ_FOREACH(ia, &state->addrs, next) { 1093 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr)) 1094 break; 1095 } 1096 1097 switch (cmd) { 1098 case RTM_DELADDR: 1099 if (ia != NULL) { 1100 TAILQ_REMOVE(&state->addrs, ia, next); 1101 /* We'll free it at the end of the function. */ 1102 } 1103 break; 1104 case RTM_NEWADDR: 1105 if (ia == NULL) { 1106 char buf[INET6_ADDRSTRLEN]; 1107 const char *cbp; 1108 1109 if ((ia = calloc(1, sizeof(*ia))) == NULL) { 1110 logerr(__func__); 1111 break; 1112 } 1113 #ifdef ALIAS_ADDR 1114 strlcpy(ia->alias, ifname, sizeof(ia->alias)); 1115 #endif 1116 ia->iface = ifp; 1117 ia->addr = *addr; 1118 ia->prefix_len = prefix_len; 1119 ipv6_makeprefix(&ia->prefix, &ia->addr, 1120 ia->prefix_len); 1121 cbp = inet_ntop(AF_INET6, &addr->s6_addr, 1122 buf, sizeof(buf)); 1123 if (cbp) 1124 snprintf(ia->saddr, sizeof(ia->saddr), 1125 "%s/%d", cbp, prefix_len); 1126 if (if_getlifetime6(ia) == -1) { 1127 /* No support or address vanished. 1128 * Either way, just set a deprecated 1129 * infinite time lifetime and continue. 1130 * This is fine because we only want 1131 * to know this when trying to extend 1132 * temporary addresses. 1133 * As we can't extend infinite, we'll 1134 * create a new temporary address. */ 1135 ia->prefix_pltime = 0; 1136 ia->prefix_vltime = 1137 ND6_INFINITE_LIFETIME; 1138 } 1139 /* This is a minor regression against RFC 4941 1140 * because the kernel only knows when the 1141 * lifetimes were last updated, not when the 1142 * address was initially created. 1143 * Provided dhcpcd is not restarted, this 1144 * won't be a problem. 1145 * If we don't like it, we can always 1146 * pretend lifetimes are infinite and always 1147 * generate a new temporary address on 1148 * restart. */ 1149 ia->acquired = ia->created; 1150 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 1151 } 1152 ia->addr_flags = addrflags; 1153 #ifdef IPV6_MANAGETEMPADDR 1154 if (ia->addr_flags & IN6_IFF_TEMPORARY) 1155 ia->flags |= IPV6_AF_TEMPORARY; 1156 #endif 1157 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) { 1158 #ifdef IPV6_POLLADDRFLAG 1159 if (ia->addr_flags & IN6_IFF_TENTATIVE) { 1160 struct timespec tv; 1161 1162 ms_to_ts(&tv, RETRANS_TIMER / 2); 1163 eloop_timeout_add_tv( 1164 ia->iface->ctx->eloop, 1165 &tv, ipv6_checkaddrflags, ia); 1166 break; 1167 } 1168 #endif 1169 1170 if (ia->dadcallback) 1171 ia->dadcallback(ia); 1172 1173 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) && 1174 !(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1175 { 1176 /* Now run any callbacks. 1177 * Typically IPv6RS or DHCPv6 */ 1178 while ((cb = 1179 TAILQ_FIRST(&state->ll_callbacks))) 1180 { 1181 TAILQ_REMOVE( 1182 &state->ll_callbacks, 1183 cb, next); 1184 cb->callback(cb->arg); 1185 free(cb); 1186 } 1187 } 1188 } 1189 break; 1190 } 1191 1192 if (ia != NULL) { 1193 if (!IN6_IS_ADDR_LINKLOCAL(&ia->addr)) { 1194 ipv6nd_handleifa(cmd, ia); 1195 dhcp6_handleifa(cmd, ia); 1196 } 1197 1198 /* Done with the ia now, so free it. */ 1199 if (cmd == RTM_DELADDR) 1200 ipv6_freeaddr(ia); 1201 } 1202 } 1203 1204 int 1205 ipv6_hasaddr(const struct interface *ifp) 1206 { 1207 1208 if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL) 1209 return 1; 1210 if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL) 1211 return 1; 1212 return 0; 1213 } 1214 1215 struct ipv6_addr * 1216 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr, 1217 int revflags) 1218 { 1219 struct ipv6_state *state; 1220 struct ipv6_addr *ap; 1221 1222 state = IPV6_STATE(ifp); 1223 if (state) { 1224 TAILQ_FOREACH(ap, &state->addrs, next) { 1225 if (addr == NULL) { 1226 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) && 1227 (!revflags || !(ap->addr_flags & revflags))) 1228 return ap; 1229 } else { 1230 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) && 1231 (!revflags || !(ap->addr_flags & revflags))) 1232 return ap; 1233 } 1234 } 1235 } 1236 return NULL; 1237 } 1238 1239 static struct ipv6_addr * 1240 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr) 1241 { 1242 struct ipv6_state *state; 1243 struct ipv6_addr *ap; 1244 struct in6_addr mask; 1245 1246 state = IPV6_STATE(ifp); 1247 if (state) { 1248 TAILQ_FOREACH(ap, &state->addrs, next) { 1249 if (ipv6_mask(&mask, ap->prefix_len) == -1) 1250 continue; 1251 if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask)) 1252 return ap; 1253 } 1254 } 1255 return NULL; 1256 } 1257 1258 struct ipv6_addr * 1259 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr) 1260 { 1261 struct interface *ifp; 1262 struct ipv6_addr *ap; 1263 1264 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 1265 ap = ipv6_iffindmaskaddr(ifp, addr); 1266 if (ap != NULL) 1267 return ap; 1268 } 1269 return NULL; 1270 } 1271 1272 int 1273 ipv6_addlinklocalcallback(struct interface *ifp, 1274 void (*callback)(void *), void *arg) 1275 { 1276 struct ipv6_state *state; 1277 struct ll_callback *cb; 1278 1279 state = ipv6_getstate(ifp); 1280 TAILQ_FOREACH(cb, &state->ll_callbacks, next) { 1281 if (cb->callback == callback && cb->arg == arg) 1282 break; 1283 } 1284 if (cb == NULL) { 1285 cb = malloc(sizeof(*cb)); 1286 if (cb == NULL) { 1287 logerr(__func__); 1288 return -1; 1289 } 1290 cb->callback = callback; 1291 cb->arg = arg; 1292 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next); 1293 } 1294 return 0; 1295 } 1296 1297 static struct ipv6_addr * 1298 ipv6_newlinklocal(struct interface *ifp) 1299 { 1300 struct ipv6_addr *ia; 1301 struct in6_addr in6; 1302 1303 memset(&in6, 0, sizeof(in6)); 1304 in6.s6_addr32[0] = htonl(0xfe800000); 1305 ia = ipv6_newaddr(ifp, &in6, 64, 0); 1306 if (ia != NULL) { 1307 ia->prefix_pltime = ND6_INFINITE_LIFETIME; 1308 ia->prefix_vltime = ND6_INFINITE_LIFETIME; 1309 } 1310 return ia; 1311 } 1312 1313 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 1314 static const uint8_t allone[8] = 1315 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1316 1317 static int 1318 ipv6_addlinklocal(struct interface *ifp) 1319 { 1320 struct ipv6_state *state; 1321 struct ipv6_addr *ap, *ap2; 1322 int dadcounter; 1323 1324 /* Check sanity before malloc */ 1325 if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) { 1326 switch (ifp->family) { 1327 case ARPHRD_ETHER: 1328 /* Check for a valid hardware address */ 1329 if (ifp->hwlen != 6 && ifp->hwlen != 8) { 1330 errno = ENOTSUP; 1331 return -1; 1332 } 1333 if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 || 1334 memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0) 1335 { 1336 errno = EINVAL; 1337 return -1; 1338 } 1339 break; 1340 default: 1341 errno = ENOTSUP; 1342 return -1; 1343 } 1344 } 1345 1346 state = ipv6_getstate(ifp); 1347 if (state == NULL) 1348 return -1; 1349 1350 ap = ipv6_newlinklocal(ifp); 1351 if (ap == NULL) 1352 return -1; 1353 1354 dadcounter = 0; 1355 if (ifp->options->options & DHCPCD_SLAACPRIVATE) { 1356 nextslaacprivate: 1357 if (ipv6_makestableprivate(&ap->addr, 1358 &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1) 1359 { 1360 free(ap); 1361 return -1; 1362 } 1363 ap->dadcounter = dadcounter; 1364 } else { 1365 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8); 1366 switch (ifp->family) { 1367 case ARPHRD_ETHER: 1368 if (ifp->hwlen == 6) { 1369 ap->addr.s6_addr[ 8] = ifp->hwaddr[0]; 1370 ap->addr.s6_addr[ 9] = ifp->hwaddr[1]; 1371 ap->addr.s6_addr[10] = ifp->hwaddr[2]; 1372 ap->addr.s6_addr[11] = 0xff; 1373 ap->addr.s6_addr[12] = 0xfe; 1374 ap->addr.s6_addr[13] = ifp->hwaddr[3]; 1375 ap->addr.s6_addr[14] = ifp->hwaddr[4]; 1376 ap->addr.s6_addr[15] = ifp->hwaddr[5]; 1377 } else if (ifp->hwlen == 8) 1378 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8); 1379 else { 1380 free(ap); 1381 errno = ENOTSUP; 1382 return -1; 1383 } 1384 break; 1385 } 1386 1387 /* Sanity check: g bit must not indciate "group" */ 1388 if (EUI64_GROUP(&ap->addr)) { 1389 free(ap); 1390 errno = EINVAL; 1391 return -1; 1392 } 1393 EUI64_TO_IFID(&ap->addr); 1394 } 1395 1396 /* Do we already have this address? */ 1397 TAILQ_FOREACH(ap2, &state->addrs, next) { 1398 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) { 1399 if (ap2->addr_flags & IN6_IFF_DUPLICATED) { 1400 if (ifp->options->options & 1401 DHCPCD_SLAACPRIVATE) 1402 { 1403 dadcounter++; 1404 goto nextslaacprivate; 1405 } 1406 free(ap); 1407 errno = EADDRNOTAVAIL; 1408 return -1; 1409 } 1410 1411 logwarnx("%s: waiting for %s to complete", 1412 ap2->iface->name, ap2->saddr); 1413 free(ap); 1414 errno = EEXIST; 1415 return 0; 1416 } 1417 } 1418 1419 inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr)); 1420 TAILQ_INSERT_TAIL(&state->addrs, ap, next); 1421 ipv6_addaddr(ap, NULL); 1422 return 1; 1423 } 1424 1425 static int 1426 ipv6_tryaddlinklocal(struct interface *ifp) 1427 { 1428 struct ipv6_addr *ia; 1429 1430 /* We can't assign a link-locak address to this, 1431 * the ppp process has to. */ 1432 if (ifp->flags & IFF_POINTOPOINT) 1433 return 0; 1434 1435 ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED); 1436 if (ia != NULL) { 1437 #ifdef IPV6_POLLADDRFLAG 1438 if (ia->addr_flags & IN6_IFF_TENTATIVE) { 1439 struct timespec tv; 1440 1441 ms_to_ts(&tv, RETRANS_TIMER / 2); 1442 eloop_timeout_add_tv( 1443 ia->iface->ctx->eloop, 1444 &tv, ipv6_checkaddrflags, ia); 1445 } 1446 #endif 1447 return 0; 1448 } 1449 if (!CAN_ADD_LLADDR(ifp)) 1450 return 0; 1451 1452 return ipv6_addlinklocal(ifp); 1453 } 1454 1455 struct ipv6_addr * 1456 ipv6_newaddr(struct interface *ifp, struct in6_addr *addr, uint8_t prefix_len, 1457 unsigned int flags) 1458 { 1459 struct ipv6_addr *ia; 1460 char buf[INET6_ADDRSTRLEN]; 1461 const char *cbp; 1462 bool tempaddr; 1463 int addr_flags; 1464 1465 /* If adding a new DHCP / RA derived address, check current flags 1466 * from an existing address. */ 1467 ia = ipv6_iffindaddr(ifp, addr, 0); 1468 if (ia != NULL) 1469 addr_flags = ia->addr_flags; 1470 else 1471 addr_flags = IN6_IFF_TENTATIVE; 1472 1473 ia = calloc(1, sizeof(*ia)); 1474 if (ia == NULL) 1475 goto err; 1476 1477 ia->iface = ifp; 1478 ia->flags = IPV6_AF_NEW | flags; 1479 ia->addr_flags = addr_flags; 1480 ia->prefix_len = prefix_len; 1481 ia->dhcp6_fd = -1; 1482 1483 #ifdef IPV6_AF_TEMPORARY 1484 tempaddr = ia->flags & IPV6_AF_TEMPORARY; 1485 #else 1486 tempaddr = false; 1487 #endif 1488 1489 if (ia->flags & IPV6_AF_AUTOCONF && !tempaddr) { 1490 ia->prefix = *addr; 1491 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp, 1492 &ia->prefix, 1493 ia->prefix_len); 1494 if (ia->dadcounter == -1) 1495 goto err; 1496 } else if (ia->flags & IPV6_AF_RAPFX) { 1497 ia->prefix = *addr; 1498 return ia; 1499 } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX) && 1500 prefix_len != 128) 1501 { 1502 ia->prefix = *addr; 1503 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf)); 1504 goto paddr; 1505 } else { 1506 ia->addr = *addr; 1507 if (ipv6_makeprefix(&ia->prefix, 1508 &ia->addr, ia->prefix_len) == -1) 1509 goto err; 1510 } 1511 1512 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf)); 1513 paddr: 1514 if (cbp == NULL) 1515 goto err; 1516 snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len); 1517 1518 return ia; 1519 1520 err: 1521 logerr(__func__); 1522 free(ia); 1523 return NULL; 1524 } 1525 1526 static void 1527 ipv6_staticdadcallback(void *arg) 1528 { 1529 struct ipv6_addr *ia = arg; 1530 int wascompleted; 1531 1532 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED); 1533 ia->flags |= IPV6_AF_DADCOMPLETED; 1534 if (ia->flags & IPV6_AF_DUPLICATED) 1535 logwarnx("%s: DAD detected %s", ia->iface->name, 1536 ia->saddr); 1537 else if (!wascompleted) { 1538 logdebugx("%s: IPv6 static DAD completed", 1539 ia->iface->name); 1540 } 1541 1542 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED) 1543 if (!wascompleted) { 1544 struct interface *ifp; 1545 struct ipv6_state *state; 1546 1547 ifp = ia->iface; 1548 state = IPV6_STATE(ifp); 1549 TAILQ_FOREACH(ia, &state->addrs, next) { 1550 if (ia->flags & IPV6_AF_STATIC && 1551 (ia->flags & FINISHED) != FINISHED) 1552 { 1553 wascompleted = 1; 1554 break; 1555 } 1556 } 1557 if (!wascompleted) 1558 script_runreason(ifp, "STATIC6"); 1559 } 1560 #undef FINISHED 1561 } 1562 1563 ssize_t 1564 ipv6_env(char **env, const char *prefix, const struct interface *ifp) 1565 { 1566 char **ep; 1567 ssize_t n; 1568 struct ipv6_addr *ia; 1569 1570 ep = env; 1571 n = 0; 1572 ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6, 1573 IN6_IFF_NOTUSEABLE); 1574 if (ia) { 1575 if (env) 1576 addvar(&ep, prefix, "ip6_address", ia->saddr); 1577 n++; 1578 } 1579 1580 return n; 1581 } 1582 1583 int 1584 ipv6_staticdadcompleted(const struct interface *ifp) 1585 { 1586 const struct ipv6_state *state; 1587 const struct ipv6_addr *ia; 1588 int n; 1589 1590 if ((state = IPV6_CSTATE(ifp)) == NULL) 1591 return 0; 1592 n = 0; 1593 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED) 1594 TAILQ_FOREACH(ia, &state->addrs, next) { 1595 if ((ia->flags & COMPLETED) == COMPLETED && 1596 !(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1597 n++; 1598 } 1599 return n; 1600 } 1601 1602 int 1603 ipv6_startstatic(struct interface *ifp) 1604 { 1605 struct ipv6_addr *ia; 1606 int run_script; 1607 1608 if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6)) 1609 return 0; 1610 1611 ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0); 1612 if (ia != NULL && 1613 (ia->prefix_len != ifp->options->req_prefix_len || 1614 ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1615 { 1616 ipv6_deleteaddr(ia); 1617 ia = NULL; 1618 } 1619 if (ia == NULL) { 1620 struct ipv6_state *state; 1621 1622 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6, 1623 ifp->options->req_prefix_len, 0); 1624 if (ia == NULL) 1625 return -1; 1626 state = IPV6_STATE(ifp); 1627 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 1628 run_script = 0; 1629 } else 1630 run_script = 1; 1631 ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK; 1632 ia->prefix_vltime = ND6_INFINITE_LIFETIME; 1633 ia->prefix_pltime = ND6_INFINITE_LIFETIME; 1634 ia->dadcallback = ipv6_staticdadcallback; 1635 ipv6_addaddr(ia, NULL); 1636 if_initrt(ifp->ctx, AF_INET6); 1637 rt_build(ifp->ctx, AF_INET6); 1638 if (run_script) 1639 script_runreason(ifp, "STATIC6"); 1640 return 1; 1641 } 1642 1643 /* Ensure the interface has a link-local address */ 1644 int 1645 ipv6_start(struct interface *ifp) 1646 { 1647 #ifdef IPV6_POLLADDRFLAG 1648 struct ipv6_state *state; 1649 1650 /* We need to update the address flags. */ 1651 if ((state = IPV6_STATE(ifp)) != NULL) { 1652 struct ipv6_addr *ia; 1653 const char *alias; 1654 int flags; 1655 1656 TAILQ_FOREACH(ia, &state->addrs, next) { 1657 #ifdef ALIAS_ADDR 1658 alias = ia->alias; 1659 #else 1660 alias = NULL; 1661 #endif 1662 flags = if_addrflags6(ia->iface, &ia->addr, alias); 1663 if (flags != -1) 1664 ia->addr_flags = flags; 1665 } 1666 } 1667 #endif 1668 1669 if (ipv6_tryaddlinklocal(ifp) == -1) 1670 return -1; 1671 1672 if (IPV6_CSTATE(ifp)) { 1673 /* Regenerate new ids */ 1674 if (ip6_use_tempaddr(ifp->name)) 1675 ipv6_regentempifid(ifp); 1676 } 1677 1678 /* Load existing routes */ 1679 if_initrt(ifp->ctx, AF_INET6); 1680 return 0; 1681 } 1682 1683 void 1684 ipv6_freedrop(struct interface *ifp, int drop) 1685 { 1686 struct ipv6_state *state; 1687 struct ll_callback *cb; 1688 1689 if (ifp == NULL) 1690 return; 1691 1692 if ((state = IPV6_STATE(ifp)) == NULL) 1693 return; 1694 1695 /* If we got here, we can get rid of any LL callbacks. */ 1696 while ((cb = TAILQ_FIRST(&state->ll_callbacks))) { 1697 TAILQ_REMOVE(&state->ll_callbacks, cb, next); 1698 free(cb); 1699 } 1700 1701 ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL); 1702 if (drop) { 1703 if (ifp->ctx->ra_routers != NULL) { 1704 if_initrt(ifp->ctx, AF_INET6); 1705 rt_build(ifp->ctx, AF_INET6); 1706 } 1707 } else { 1708 /* Because we need to cache the addresses we don't control, 1709 * we only free the state on when NOT dropping addresses. */ 1710 free(state); 1711 ifp->if_data[IF_DATA_IPV6] = NULL; 1712 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 1713 } 1714 } 1715 1716 void 1717 ipv6_ctxfree(struct dhcpcd_ctx *ctx) 1718 { 1719 1720 free(ctx->ra_routers); 1721 free(ctx->secret); 1722 } 1723 1724 int 1725 ipv6_handleifa_addrs(int cmd, 1726 struct ipv6_addrhead *addrs, const struct ipv6_addr *addr) 1727 { 1728 struct ipv6_addr *ia, *ian; 1729 uint8_t found, alldadcompleted; 1730 1731 alldadcompleted = 1; 1732 found = 0; 1733 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) { 1734 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) { 1735 if (ia->flags & IPV6_AF_ADDED && 1736 !(ia->flags & IPV6_AF_DADCOMPLETED)) 1737 alldadcompleted = 0; 1738 continue; 1739 } 1740 switch (cmd) { 1741 case RTM_DELADDR: 1742 if (ia->flags & IPV6_AF_ADDED) { 1743 logwarnx("%s: deleted address %s", 1744 ia->iface->name, ia->saddr); 1745 ia->flags &= ~IPV6_AF_ADDED; 1746 } 1747 if (ia->flags & IPV6_AF_DELEGATED) { 1748 TAILQ_REMOVE(addrs, ia, next); 1749 ipv6_deletedaddr(ia); 1750 ipv6_freeaddr(ia); 1751 } 1752 break; 1753 case RTM_NEWADDR: 1754 /* Safety - ignore tentative announcements */ 1755 if (addr->addr_flags & 1756 (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE)) 1757 break; 1758 if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) { 1759 found++; 1760 if (addr->addr_flags & IN6_IFF_DUPLICATED) 1761 ia->flags |= IPV6_AF_DUPLICATED; 1762 else 1763 ia->flags &= ~IPV6_AF_DUPLICATED; 1764 if (ia->dadcallback) 1765 ia->dadcallback(ia); 1766 /* We need to set this here in-case the 1767 * dadcallback function checks it */ 1768 ia->flags |= IPV6_AF_DADCOMPLETED; 1769 } 1770 break; 1771 } 1772 } 1773 1774 return alldadcompleted ? found : 0; 1775 } 1776 1777 #ifdef IPV6_MANAGETEMPADDR 1778 static const struct ipv6_addr * 1779 ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr) 1780 { 1781 const struct interface *ifp; 1782 const struct ipv6_state *state; 1783 const struct ipv6_addr *ia; 1784 1785 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 1786 if ((state = IPV6_CSTATE(ifp))) { 1787 TAILQ_FOREACH(ia, &state->addrs, next) { 1788 if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0) 1789 return ia; 1790 } 1791 } 1792 } 1793 return NULL; 1794 } 1795 1796 static const uint8_t nullid[8]; 1797 static const uint8_t anycastid[8] = { 1798 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 }; 1799 static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe }; 1800 1801 static void 1802 ipv6_regen_desync(struct interface *ifp, int force) 1803 { 1804 struct ipv6_state *state; 1805 time_t max; 1806 1807 state = IPV6_STATE(ifp); 1808 1809 /* RFC4941 Section 5 states that DESYNC_FACTOR must never be 1810 * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE. 1811 * I believe this is an error and it should be never be greateter than 1812 * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */ 1813 max = ip6_temp_preferred_lifetime(ifp->name) - REGEN_ADVANCE; 1814 if (state->desync_factor && !force && state->desync_factor < max) 1815 return; 1816 if (state->desync_factor == 0) 1817 state->desync_factor = 1818 (time_t)arc4random_uniform(MIN(MAX_DESYNC_FACTOR, 1819 (uint32_t)max)); 1820 max = ip6_temp_preferred_lifetime(ifp->name) - 1821 state->desync_factor - REGEN_ADVANCE; 1822 eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp); 1823 } 1824 1825 void 1826 ipv6_gentempifid(struct interface *ifp) 1827 { 1828 struct ipv6_state *state; 1829 MD5_CTX md5; 1830 uint8_t seed[16], digest[16]; 1831 int retry; 1832 1833 if ((state = IPV6_STATE(ifp)) == NULL) 1834 return; 1835 1836 retry = 0; 1837 if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) { 1838 uint32_t r; 1839 1840 r = arc4random(); 1841 memcpy(seed, &r, sizeof(r)); 1842 r = arc4random(); 1843 memcpy(seed + sizeof(r), &r, sizeof(r)); 1844 } else 1845 memcpy(seed, state->randomseed0, sizeof(state->randomseed0)); 1846 1847 memcpy(seed + sizeof(state->randomseed0), 1848 state->randomseed1, sizeof(state->randomseed1)); 1849 1850 again: 1851 MD5Init(&md5); 1852 MD5Update(&md5, seed, sizeof(seed)); 1853 MD5Final(digest, &md5); 1854 1855 /* RFC4941 Section 3.2.1.1 1856 * Take the left-most 64bits and set bit 6 to zero */ 1857 memcpy(state->randomid, digest, sizeof(state->randomid)); 1858 state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT); 1859 1860 /* RFC4941 Section 3.2.1.4 1861 * Reject reserved or existing id's */ 1862 if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 || 1863 (memcmp(anycastid, state->randomid, 7) == 0 && 1864 (anycastid[7] & state->randomid[7]) == anycastid[7]) || 1865 memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 || 1866 ipv6_findaddrid(ifp->ctx, state->randomid)) 1867 { 1868 if (++retry < GEN_TEMPID_RETRY_MAX) { 1869 memcpy(seed, digest + 8, 8); 1870 goto again; 1871 } 1872 memset(state->randomid, 0, sizeof(state->randomid)); 1873 } 1874 1875 /* RFC4941 Section 3.2.1.6 1876 * Save the right-most 64bits of the digest */ 1877 memcpy(state->randomseed0, digest + 8, 1878 sizeof(state->randomseed0)); 1879 } 1880 1881 /* RFC4941 Section 3.3.7 */ 1882 static void 1883 ipv6_tempdadcallback(void *arg) 1884 { 1885 struct ipv6_addr *ia = arg; 1886 1887 if (ia->flags & IPV6_AF_DUPLICATED) { 1888 struct ipv6_addr *ia1; 1889 struct timespec tv; 1890 1891 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) { 1892 logerrx("%s: too many duplicate temporary addresses", 1893 ia->iface->name); 1894 return; 1895 } 1896 clock_gettime(CLOCK_MONOTONIC, &tv); 1897 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL) 1898 logerr(__func__); 1899 else 1900 ia1->dadcounter = ia->dadcounter; 1901 ipv6_deleteaddr(ia); 1902 if (ia1) 1903 ipv6_addaddr(ia1, &ia1->acquired); 1904 } 1905 } 1906 1907 struct ipv6_addr * 1908 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now) 1909 { 1910 struct ipv6_state *state; 1911 const struct ipv6_state *cstate; 1912 int genid; 1913 struct in6_addr addr, mask; 1914 uint32_t randid[2]; 1915 const struct interface *ifp; 1916 const struct ipv6_addr *ap; 1917 struct ipv6_addr *ia; 1918 uint32_t i, trylimit; 1919 1920 trylimit = TEMP_IDGEN_RETRIES; 1921 state = IPV6_STATE(ia0->iface); 1922 genid = 0; 1923 1924 addr = ia0->addr; 1925 ipv6_mask(&mask, ia0->prefix_len); 1926 /* clear the old ifid */ 1927 for (i = 0; i < 4; i++) 1928 addr.s6_addr32[i] &= mask.s6_addr32[i]; 1929 1930 again: 1931 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) 1932 genid = 1; 1933 if (genid) { 1934 memcpy(state->randomseed1, &ia0->addr.s6_addr[8], 1935 sizeof(state->randomseed1)); 1936 ipv6_gentempifid(ia0->iface); 1937 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) { 1938 errno = EFAULT; 1939 return NULL; 1940 } 1941 } 1942 memcpy(&randid[0], state->randomid, sizeof(randid[0])); 1943 memcpy(&randid[1], state->randomid + sizeof(randid[1]), 1944 sizeof(randid[2])); 1945 addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2]; 1946 addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3]; 1947 1948 /* Ensure we don't already have it */ 1949 TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) { 1950 cstate = IPV6_CSTATE(ifp); 1951 if (cstate) { 1952 TAILQ_FOREACH(ap, &cstate->addrs, next) { 1953 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) { 1954 if (--trylimit == 0) { 1955 errno = EEXIST; 1956 return NULL; 1957 } 1958 genid = 1; 1959 goto again; 1960 } 1961 } 1962 } 1963 } 1964 1965 ia = ipv6_newaddr(ia0->iface, &addr, ia0->prefix_len, 1966 IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY); 1967 /* Must be made tentative, for our DaD to work */ 1968 ia->addr_flags = IN6_IFF_TENTATIVE; 1969 ia->dadcallback = ipv6_tempdadcallback; 1970 ia->created = ia->acquired = now ? *now : ia0->acquired; 1971 1972 /* Ensure desync is still valid */ 1973 ipv6_regen_desync(ia->iface, 0); 1974 1975 /* RFC4941 Section 3.3.4 */ 1976 i = (uint32_t)(ip6_temp_preferred_lifetime(ia0->iface->name) - 1977 state->desync_factor); 1978 ia->prefix_pltime = MIN(ia0->prefix_pltime, i); 1979 i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name); 1980 ia->prefix_vltime = MIN(ia0->prefix_vltime, i); 1981 if (ia->prefix_pltime <= REGEN_ADVANCE || 1982 ia->prefix_pltime > ia0->prefix_vltime) 1983 { 1984 errno = EINVAL; 1985 free(ia); 1986 return NULL; 1987 } 1988 1989 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 1990 return ia; 1991 } 1992 1993 void 1994 ipv6_settempstale(struct interface *ifp) 1995 { 1996 struct ipv6_state *state; 1997 struct ipv6_addr *ia; 1998 1999 state = IPV6_STATE(ifp); 2000 TAILQ_FOREACH(ia, &state->addrs, next) { 2001 if (ia->flags & IPV6_AF_TEMPORARY) 2002 ia->flags |= IPV6_AF_STALE; 2003 } 2004 } 2005 2006 struct ipv6_addr * 2007 ipv6_settemptime(struct ipv6_addr *ia, int flags) 2008 { 2009 struct ipv6_state *state; 2010 struct ipv6_addr *ap, *first; 2011 2012 state = IPV6_STATE(ia->iface); 2013 first = NULL; 2014 TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) { 2015 if (ap->flags & IPV6_AF_TEMPORARY && 2016 ap->prefix_pltime && 2017 IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix)) 2018 { 2019 time_t max, ext; 2020 2021 if (flags == 0) { 2022 if (ap->prefix_pltime - 2023 (uint32_t)(ia->acquired.tv_sec - 2024 ap->acquired.tv_sec) 2025 < REGEN_ADVANCE) 2026 continue; 2027 2028 return ap; 2029 } 2030 2031 if (!(ap->flags & IPV6_AF_ADDED)) 2032 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF; 2033 ap->flags &= ~IPV6_AF_STALE; 2034 2035 /* RFC4941 Section 3.4 2036 * Deprecated prefix, deprecate the temporary address */ 2037 if (ia->prefix_pltime == 0) { 2038 ap->prefix_pltime = 0; 2039 goto valid; 2040 } 2041 2042 /* Ensure desync is still valid */ 2043 ipv6_regen_desync(ap->iface, 0); 2044 2045 /* RFC4941 Section 3.3.2 2046 * Extend temporary times, but ensure that they 2047 * never last beyond the system limit. */ 2048 ext = ia->acquired.tv_sec + (time_t)ia->prefix_pltime; 2049 max = ap->created.tv_sec + 2050 ip6_temp_preferred_lifetime(ap->iface->name) - 2051 state->desync_factor; 2052 if (ext < max) 2053 ap->prefix_pltime = ia->prefix_pltime; 2054 else 2055 ap->prefix_pltime = 2056 (uint32_t)(max - ia->acquired.tv_sec); 2057 2058 valid: 2059 ext = ia->acquired.tv_sec + (time_t)ia->prefix_vltime; 2060 max = ap->created.tv_sec + 2061 ip6_temp_valid_lifetime(ap->iface->name); 2062 if (ext < max) 2063 ap->prefix_vltime = ia->prefix_vltime; 2064 else 2065 ap->prefix_vltime = 2066 (uint32_t)(max - ia->acquired.tv_sec); 2067 2068 /* Just extend the latest matching prefix */ 2069 ap->acquired = ia->acquired; 2070 2071 /* If extending return the last match as 2072 * it's the most current. 2073 * If deprecating, deprecate any other addresses we 2074 * may have, although this should not be needed */ 2075 if (ia->prefix_pltime) 2076 return ap; 2077 if (first == NULL) 2078 first = ap; 2079 } 2080 } 2081 return first; 2082 } 2083 2084 void 2085 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now) 2086 { 2087 struct ipv6_state *state; 2088 struct ipv6_addr *ia; 2089 2090 state = IPV6_STATE(ifp); 2091 TAILQ_FOREACH(ia, &state->addrs, next) { 2092 if (ia->flags & IPV6_AF_TEMPORARY && 2093 !(ia->flags & IPV6_AF_STALE)) 2094 ipv6_addaddr(ia, now); 2095 } 2096 } 2097 2098 static void 2099 ipv6_regentempaddr(void *arg) 2100 { 2101 struct ipv6_addr *ia = arg, *ia1; 2102 struct timespec tv; 2103 2104 logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr); 2105 clock_gettime(CLOCK_MONOTONIC, &tv); 2106 ia1 = ipv6_createtempaddr(ia, &tv); 2107 if (ia1) 2108 ipv6_addaddr(ia1, &tv); 2109 else 2110 logerr(__func__); 2111 } 2112 2113 static void 2114 ipv6_regentempifid(void *arg) 2115 { 2116 struct interface *ifp = arg; 2117 struct ipv6_state *state; 2118 2119 state = IPV6_STATE(ifp); 2120 if (memcmp(state->randomid, nullid, sizeof(state->randomid))) 2121 ipv6_gentempifid(ifp); 2122 2123 ipv6_regen_desync(ifp, 1); 2124 } 2125 #endif /* IPV6_MANAGETEMPADDR */ 2126 2127 2128 static struct rt * 2129 inet6_makeroute(struct interface *ifp, const struct ra *rap) 2130 { 2131 struct rt *rt; 2132 2133 if ((rt = rt_new(ifp)) == NULL) 2134 return NULL; 2135 2136 #ifdef HAVE_ROUTE_METRIC 2137 rt->rt_metric = ifp->metric; 2138 #endif 2139 if (rap != NULL) 2140 rt->rt_mtu = rap->mtu; 2141 return rt; 2142 } 2143 2144 static struct rt * 2145 inet6_makeprefix(struct interface *ifp, const struct ra *rap, 2146 const struct ipv6_addr *addr) 2147 { 2148 struct rt *rt; 2149 struct in6_addr netmask; 2150 2151 if (addr == NULL || addr->prefix_len > 128) { 2152 errno = EINVAL; 2153 return NULL; 2154 } 2155 2156 /* There is no point in trying to manage a /128 prefix, 2157 * ones without a lifetime or ones not on link or delegated */ 2158 if (addr->prefix_len == 128 || 2159 addr->prefix_vltime == 0 || 2160 !(addr->flags & (IPV6_AF_ONLINK | IPV6_AF_DELEGATEDPFX))) 2161 return NULL; 2162 2163 /* Don't install a reject route when not creating bigger prefixes */ 2164 if (addr->flags & IPV6_AF_NOREJECT) 2165 return NULL; 2166 2167 /* This address is the delegated prefix, so add a reject route for 2168 * it via the loopback interface. */ 2169 if (addr->flags & IPV6_AF_DELEGATEDPFX) { 2170 struct interface *lo0; 2171 2172 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) { 2173 if (lo0->flags & IFF_LOOPBACK) 2174 break; 2175 } 2176 if (lo0 == NULL) 2177 logwarnx("cannot find a loopback interface " 2178 "to reject via"); 2179 else 2180 ifp = lo0; 2181 } 2182 2183 if ((rt = inet6_makeroute(ifp, rap)) == NULL) 2184 return NULL; 2185 2186 sa_in6_init(&rt->rt_dest, &addr->prefix); 2187 ipv6_mask(&netmask, addr->prefix_len); 2188 sa_in6_init(&rt->rt_netmask, &netmask); 2189 if (addr->flags & IPV6_AF_DELEGATEDPFX) { 2190 rt->rt_flags |= RTF_REJECT; 2191 /* Linux does not like a gateway for a reject route. */ 2192 #ifndef __linux__ 2193 sa_in6_init(&rt->rt_gateway, &in6addr_loopback); 2194 #endif 2195 } else 2196 rt->rt_gateway.sa_family = AF_UNSPEC; 2197 sa_in6_init(&rt->rt_ifa, &addr->addr); 2198 return rt; 2199 } 2200 2201 static struct rt * 2202 inet6_makerouter(struct ra *rap) 2203 { 2204 struct rt *rt; 2205 2206 if ((rt = inet6_makeroute(rap->iface, rap)) == NULL) 2207 return NULL; 2208 sa_in6_init(&rt->rt_dest, &in6addr_any); 2209 sa_in6_init(&rt->rt_netmask, &in6addr_any); 2210 sa_in6_init(&rt->rt_gateway, &rap->from); 2211 return rt; 2212 } 2213 2214 #define RT_IS_DEFAULT(rtp) \ 2215 (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) && \ 2216 IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any)) 2217 2218 static int 2219 inet6_staticroutes(struct rt_head *routes, struct dhcpcd_ctx *ctx) 2220 { 2221 struct interface *ifp; 2222 struct ipv6_state *state; 2223 struct ipv6_addr *ia; 2224 struct rt *rt; 2225 2226 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 2227 if ((state = IPV6_STATE(ifp)) == NULL) 2228 continue; 2229 TAILQ_FOREACH(ia, &state->addrs, next) { 2230 if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) == 2231 (IPV6_AF_ADDED | IPV6_AF_STATIC)) 2232 { 2233 rt = inet6_makeprefix(ifp, NULL, ia); 2234 if (rt) 2235 TAILQ_INSERT_TAIL(routes, rt, rt_next); 2236 } 2237 } 2238 } 2239 return 0; 2240 } 2241 2242 static int 2243 inet6_raroutes(struct rt_head *routes, struct dhcpcd_ctx *ctx, int expired, 2244 bool *have_default) 2245 { 2246 struct rt *rt; 2247 struct ra *rap; 2248 const struct ipv6_addr *addr; 2249 2250 TAILQ_FOREACH(rap, ctx->ra_routers, next) { 2251 if (rap->expired != expired) 2252 continue; 2253 TAILQ_FOREACH(addr, &rap->addrs, next) { 2254 if (addr->prefix_vltime == 0) 2255 continue; 2256 rt = inet6_makeprefix(rap->iface, rap, addr); 2257 if (rt) 2258 TAILQ_INSERT_TAIL(routes, rt, rt_next); 2259 } 2260 if (rap->lifetime) { 2261 rt = inet6_makerouter(rap); 2262 if (rt) { 2263 TAILQ_INSERT_TAIL(routes, rt, rt_next); 2264 if (have_default) 2265 *have_default = true; 2266 } 2267 } 2268 } 2269 return 0; 2270 } 2271 2272 static int 2273 inet6_dhcproutes(struct rt_head *routes, struct dhcpcd_ctx *ctx, 2274 enum DH6S dstate) 2275 { 2276 struct interface *ifp; 2277 const struct dhcp6_state *d6_state; 2278 const struct ipv6_addr *addr; 2279 struct rt *rt; 2280 2281 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 2282 d6_state = D6_CSTATE(ifp); 2283 if (d6_state && d6_state->state == dstate) { 2284 TAILQ_FOREACH(addr, &d6_state->addrs, next) { 2285 rt = inet6_makeprefix(ifp, NULL, addr); 2286 if (rt) 2287 TAILQ_INSERT_TAIL(routes, rt, rt_next); 2288 } 2289 } 2290 } 2291 return 0; 2292 } 2293 2294 bool 2295 inet6_getroutes(struct dhcpcd_ctx *ctx, struct rt_head *routes) 2296 { 2297 bool have_default; 2298 2299 /* Should static take priority? */ 2300 if (inet6_staticroutes(routes, ctx) == -1) 2301 return false; 2302 2303 /* First add reachable routers and their prefixes */ 2304 have_default = false; 2305 if (inet6_raroutes(routes, ctx, 0, &have_default) == -1) 2306 return false; 2307 2308 /* We have no way of knowing if prefixes added by DHCP are reachable 2309 * or not, so we have to assume they are. 2310 * Add bound before delegated so we can prefer interfaces better */ 2311 if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1) 2312 return false; 2313 if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1) 2314 return false; 2315 2316 #ifdef HAVE_ROUTE_METRIC 2317 /* If we have an unreachable router, we really do need to remove the 2318 * route to it beause it could be a lower metric than a reachable 2319 * router. Of course, we should at least have some routers if all 2320 * are unreachable. */ 2321 if (!have_default) { 2322 #endif 2323 /* Add our non-reachable routers and prefixes 2324 * Unsure if this is needed, but it's a close match to kernel 2325 * behaviour */ 2326 if (inet6_raroutes(routes, ctx, 1, NULL) == -1) 2327 return false; 2328 #ifdef HAVE_ROUTE_METRIC 2329 } 2330 #endif 2331 2332 return true; 2333 } 2334