1 /* $NetBSD: net.c,v 1.2 2024/02/21 22:52:28 christos Exp $ */ 2 3 /* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * SPDX-License-Identifier: MPL-2.0 7 * 8 * This Source Code Form is subject to the terms of the Mozilla Public 9 * License, v. 2.0. If a copy of the MPL was not distributed with this 10 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 * 12 * See the COPYRIGHT file distributed with this work for additional 13 * information regarding copyright ownership. 14 */ 15 16 #include <stdbool.h> 17 #include <sys/types.h> 18 19 #if defined(HAVE_SYS_SYSCTL_H) && !defined(__linux__) 20 #if defined(HAVE_SYS_PARAM_H) 21 #include <sys/param.h> 22 #endif /* if defined(HAVE_SYS_PARAM_H) */ 23 #include <sys/sysctl.h> 24 #endif /* if defined(HAVE_SYS_SYSCTL_H) && !defined(__linux__) */ 25 #include <errno.h> 26 #include <fcntl.h> 27 #include <sys/uio.h> 28 #include <unistd.h> 29 30 #include <isc/log.h> 31 #include <isc/net.h> 32 #include <isc/netdb.h> 33 #include <isc/once.h> 34 #include <isc/strerr.h> 35 #include <isc/string.h> 36 #include <isc/util.h> 37 38 #ifndef socklen_t 39 #define socklen_t unsigned int 40 #endif /* ifndef socklen_t */ 41 42 /*% 43 * Definitions about UDP port range specification. This is a total mess of 44 * portability variants: some use sysctl (but the sysctl names vary), some use 45 * system-specific interfaces, some have the same interface for IPv4 and IPv6, 46 * some separate them, etc... 47 */ 48 49 /*% 50 * The last resort defaults: use all non well known port space 51 */ 52 #ifndef ISC_NET_PORTRANGELOW 53 #define ISC_NET_PORTRANGELOW 1024 54 #endif /* ISC_NET_PORTRANGELOW */ 55 #ifndef ISC_NET_PORTRANGEHIGH 56 #define ISC_NET_PORTRANGEHIGH 65535 57 #endif /* ISC_NET_PORTRANGEHIGH */ 58 59 #ifdef HAVE_SYSCTLBYNAME 60 61 /*% 62 * sysctl variants 63 */ 64 #if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__) 65 #define USE_SYSCTL_PORTRANGE 66 #define SYSCTL_V4PORTRANGE_LOW "net.inet.ip.portrange.hifirst" 67 #define SYSCTL_V4PORTRANGE_HIGH "net.inet.ip.portrange.hilast" 68 #define SYSCTL_V6PORTRANGE_LOW "net.inet.ip.portrange.hifirst" 69 #define SYSCTL_V6PORTRANGE_HIGH "net.inet.ip.portrange.hilast" 70 #endif /* if defined(__FreeBSD__) || defined(__APPLE__) || \ 71 * defined(__DragonFly__) */ 72 73 #ifdef __NetBSD__ 74 #define USE_SYSCTL_PORTRANGE 75 #define SYSCTL_V4PORTRANGE_LOW "net.inet.ip.anonportmin" 76 #define SYSCTL_V4PORTRANGE_HIGH "net.inet.ip.anonportmax" 77 #define SYSCTL_V6PORTRANGE_LOW "net.inet6.ip6.anonportmin" 78 #define SYSCTL_V6PORTRANGE_HIGH "net.inet6.ip6.anonportmax" 79 #endif /* ifdef __NetBSD__ */ 80 81 #else /* !HAVE_SYSCTLBYNAME */ 82 83 #ifdef __OpenBSD__ 84 #define USE_SYSCTL_PORTRANGE 85 #define SYSCTL_V4PORTRANGE_LOW \ 86 { \ 87 CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPPORT_HIFIRSTAUTO \ 88 } 89 #define SYSCTL_V4PORTRANGE_HIGH \ 90 { \ 91 CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPPORT_HILASTAUTO \ 92 } 93 /* Same for IPv6 */ 94 #define SYSCTL_V6PORTRANGE_LOW SYSCTL_V4PORTRANGE_LOW 95 #define SYSCTL_V6PORTRANGE_HIGH SYSCTL_V4PORTRANGE_HIGH 96 #endif /* ifdef __OpenBSD__ */ 97 98 #endif /* HAVE_SYSCTLBYNAME */ 99 100 static isc_once_t once_ipv6only = ISC_ONCE_INIT; 101 #ifdef __notyet__ 102 static isc_once_t once_ipv6pktinfo = ISC_ONCE_INIT; 103 #endif /* ifdef __notyet__ */ 104 105 #ifndef ISC_CMSG_IP_TOS 106 #ifdef __APPLE__ 107 #define ISC_CMSG_IP_TOS 0 /* As of 10.8.2. */ 108 #else /* ! __APPLE__ */ 109 #define ISC_CMSG_IP_TOS 1 110 #endif /* ! __APPLE__ */ 111 #endif /* ! ISC_CMSG_IP_TOS */ 112 113 static isc_once_t once = ISC_ONCE_INIT; 114 115 static isc_result_t ipv4_result = ISC_R_NOTFOUND; 116 static isc_result_t ipv6_result = ISC_R_NOTFOUND; 117 static isc_result_t unix_result = ISC_R_NOTFOUND; 118 static isc_result_t ipv6only_result = ISC_R_NOTFOUND; 119 static isc_result_t ipv6pktinfo_result = ISC_R_NOTFOUND; 120 121 static isc_result_t 122 try_proto(int domain) { 123 int s; 124 isc_result_t result = ISC_R_SUCCESS; 125 126 s = socket(domain, SOCK_STREAM, 0); 127 if (s == -1) { 128 switch (errno) { 129 #ifdef EAFNOSUPPORT 130 case EAFNOSUPPORT: 131 #endif /* ifdef EAFNOSUPPORT */ 132 #ifdef EPFNOSUPPORT 133 case EPFNOSUPPORT: 134 #endif /* ifdef EPFNOSUPPORT */ 135 #ifdef EPROTONOSUPPORT 136 case EPROTONOSUPPORT: 137 #endif /* ifdef EPROTONOSUPPORT */ 138 #ifdef EINVAL 139 case EINVAL: 140 #endif /* ifdef EINVAL */ 141 return (ISC_R_NOTFOUND); 142 default: 143 UNEXPECTED_SYSERROR(errno, "socket()"); 144 return (ISC_R_UNEXPECTED); 145 } 146 } 147 148 if (domain == PF_INET6) { 149 struct sockaddr_in6 sin6; 150 unsigned int len; 151 152 /* 153 * Check to see if IPv6 is broken, as is common on Linux. 154 */ 155 len = sizeof(sin6); 156 if (getsockname(s, (struct sockaddr *)&sin6, (void *)&len) < 0) 157 { 158 isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, 159 ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, 160 "retrieving the address of an IPv6 " 161 "socket from the kernel failed."); 162 isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, 163 ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, 164 "IPv6 is not supported."); 165 result = ISC_R_NOTFOUND; 166 } else { 167 if (len == sizeof(struct sockaddr_in6)) { 168 result = ISC_R_SUCCESS; 169 } else { 170 isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, 171 ISC_LOGMODULE_SOCKET, 172 ISC_LOG_ERROR, 173 "IPv6 structures in kernel and " 174 "user space do not match."); 175 isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, 176 ISC_LOGMODULE_SOCKET, 177 ISC_LOG_ERROR, 178 "IPv6 is not supported."); 179 result = ISC_R_NOTFOUND; 180 } 181 } 182 } 183 184 (void)close(s); 185 186 return (result); 187 } 188 189 static void 190 initialize_action(void) { 191 ipv4_result = try_proto(PF_INET); 192 ipv6_result = try_proto(PF_INET6); 193 unix_result = try_proto(PF_UNIX); 194 } 195 196 static void 197 initialize(void) { 198 RUNTIME_CHECK(isc_once_do(&once, initialize_action) == ISC_R_SUCCESS); 199 } 200 201 isc_result_t 202 isc_net_probeipv4(void) { 203 initialize(); 204 return (ipv4_result); 205 } 206 207 isc_result_t 208 isc_net_probeipv6(void) { 209 initialize(); 210 return (ipv6_result); 211 } 212 213 isc_result_t 214 isc_net_probeunix(void) { 215 initialize(); 216 return (unix_result); 217 } 218 219 static void 220 try_ipv6only(void) { 221 #ifdef IPV6_V6ONLY 222 int s, on; 223 #endif /* ifdef IPV6_V6ONLY */ 224 isc_result_t result; 225 226 result = isc_net_probeipv6(); 227 if (result != ISC_R_SUCCESS) { 228 ipv6only_result = result; 229 return; 230 } 231 232 #ifndef IPV6_V6ONLY 233 ipv6only_result = ISC_R_NOTFOUND; 234 return; 235 #else /* ifndef IPV6_V6ONLY */ 236 /* check for TCP sockets */ 237 s = socket(PF_INET6, SOCK_STREAM, 0); 238 if (s == -1) { 239 UNEXPECTED_SYSERROR(errno, "socket()"); 240 ipv6only_result = ISC_R_UNEXPECTED; 241 return; 242 } 243 244 on = 1; 245 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0) { 246 ipv6only_result = ISC_R_NOTFOUND; 247 goto close; 248 } 249 250 close(s); 251 252 /* check for UDP sockets */ 253 s = socket(PF_INET6, SOCK_DGRAM, 0); 254 if (s == -1) { 255 UNEXPECTED_SYSERROR(errno, "socket()"); 256 ipv6only_result = ISC_R_UNEXPECTED; 257 return; 258 } 259 260 on = 1; 261 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0) { 262 ipv6only_result = ISC_R_NOTFOUND; 263 goto close; 264 } 265 266 ipv6only_result = ISC_R_SUCCESS; 267 268 close: 269 close(s); 270 return; 271 #endif /* IPV6_V6ONLY */ 272 } 273 274 static void 275 initialize_ipv6only(void) { 276 RUNTIME_CHECK(isc_once_do(&once_ipv6only, try_ipv6only) == 277 ISC_R_SUCCESS); 278 } 279 280 #ifdef __notyet__ 281 static void 282 try_ipv6pktinfo(void) { 283 int s, on; 284 isc_result_t result; 285 int optname; 286 287 result = isc_net_probeipv6(); 288 if (result != ISC_R_SUCCESS) { 289 ipv6pktinfo_result = result; 290 return; 291 } 292 293 /* we only use this for UDP sockets */ 294 s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP); 295 if (s == -1) { 296 UNEXPECTED_SYSERROR(errno, "socket()"); 297 ipv6pktinfo_result = ISC_R_UNEXPECTED; 298 return; 299 } 300 301 #ifdef IPV6_RECVPKTINFO 302 optname = IPV6_RECVPKTINFO; 303 #else /* ifdef IPV6_RECVPKTINFO */ 304 optname = IPV6_PKTINFO; 305 #endif /* ifdef IPV6_RECVPKTINFO */ 306 on = 1; 307 if (setsockopt(s, IPPROTO_IPV6, optname, &on, sizeof(on)) < 0) { 308 ipv6pktinfo_result = ISC_R_NOTFOUND; 309 goto close; 310 } 311 312 ipv6pktinfo_result = ISC_R_SUCCESS; 313 314 close: 315 close(s); 316 return; 317 } 318 319 static void 320 initialize_ipv6pktinfo(void) { 321 RUNTIME_CHECK(isc_once_do(&once_ipv6pktinfo, try_ipv6pktinfo) == 322 ISC_R_SUCCESS); 323 } 324 #endif /* ifdef __notyet__ */ 325 326 isc_result_t 327 isc_net_probe_ipv6only(void) { 328 initialize_ipv6only(); 329 return (ipv6only_result); 330 } 331 332 isc_result_t 333 isc_net_probe_ipv6pktinfo(void) { 334 /* 335 * XXXWPK if pktinfo were supported then we could listen on :: for ipv6 and get 336 * the information about the destination address from pktinfo structure passed 337 * in recvmsg but this method is not portable and libuv doesn't support it - so 338 * we need to listen on all interfaces. 339 * We should verify that this doesn't impact performance (we already do it for 340 * ipv4) and either remove all the ipv6pktinfo detection code from above 341 * or think of fixing libuv. 342 */ 343 #ifdef __notyet__ 344 initialize_ipv6pktinfo(); 345 #endif /* ifdef __notyet__ */ 346 return (ipv6pktinfo_result); 347 } 348 349 #if defined(USE_SYSCTL_PORTRANGE) 350 #if defined(HAVE_SYSCTLBYNAME) 351 static isc_result_t 352 getudpportrange_sysctl(int af, in_port_t *low, in_port_t *high) { 353 int port_low, port_high; 354 size_t portlen; 355 const char *sysctlname_lowport, *sysctlname_hiport; 356 357 if (af == AF_INET) { 358 sysctlname_lowport = SYSCTL_V4PORTRANGE_LOW; 359 sysctlname_hiport = SYSCTL_V4PORTRANGE_HIGH; 360 } else { 361 sysctlname_lowport = SYSCTL_V6PORTRANGE_LOW; 362 sysctlname_hiport = SYSCTL_V6PORTRANGE_HIGH; 363 } 364 portlen = sizeof(port_low); 365 if (sysctlbyname(sysctlname_lowport, &port_low, &portlen, NULL, 0) < 0) 366 { 367 return (ISC_R_FAILURE); 368 } 369 portlen = sizeof(port_high); 370 if (sysctlbyname(sysctlname_hiport, &port_high, &portlen, NULL, 0) < 0) 371 { 372 return (ISC_R_FAILURE); 373 } 374 if ((port_low & ~0xffff) != 0 || (port_high & ~0xffff) != 0) { 375 return (ISC_R_RANGE); 376 } 377 378 *low = (in_port_t)port_low; 379 *high = (in_port_t)port_high; 380 381 return (ISC_R_SUCCESS); 382 } 383 #else /* !HAVE_SYSCTLBYNAME */ 384 static isc_result_t 385 getudpportrange_sysctl(int af, in_port_t *low, in_port_t *high) { 386 int mib_lo4[4] = SYSCTL_V4PORTRANGE_LOW; 387 int mib_hi4[4] = SYSCTL_V4PORTRANGE_HIGH; 388 int mib_lo6[4] = SYSCTL_V6PORTRANGE_LOW; 389 int mib_hi6[4] = SYSCTL_V6PORTRANGE_HIGH; 390 int *mib_lo, *mib_hi, miblen; 391 int port_low, port_high; 392 size_t portlen; 393 394 if (af == AF_INET) { 395 mib_lo = mib_lo4; 396 mib_hi = mib_hi4; 397 miblen = sizeof(mib_lo4) / sizeof(mib_lo4[0]); 398 } else { 399 mib_lo = mib_lo6; 400 mib_hi = mib_hi6; 401 miblen = sizeof(mib_lo6) / sizeof(mib_lo6[0]); 402 } 403 404 portlen = sizeof(port_low); 405 if (sysctl(mib_lo, miblen, &port_low, &portlen, NULL, 0) < 0) { 406 return (ISC_R_FAILURE); 407 } 408 409 portlen = sizeof(port_high); 410 if (sysctl(mib_hi, miblen, &port_high, &portlen, NULL, 0) < 0) { 411 return (ISC_R_FAILURE); 412 } 413 414 if ((port_low & ~0xffff) != 0 || (port_high & ~0xffff) != 0) { 415 return (ISC_R_RANGE); 416 } 417 418 *low = (in_port_t)port_low; 419 *high = (in_port_t)port_high; 420 421 return (ISC_R_SUCCESS); 422 } 423 #endif /* HAVE_SYSCTLBYNAME */ 424 #endif /* USE_SYSCTL_PORTRANGE */ 425 426 isc_result_t 427 isc_net_getudpportrange(int af, in_port_t *low, in_port_t *high) { 428 int result = ISC_R_FAILURE; 429 #if !defined(USE_SYSCTL_PORTRANGE) && defined(__linux) 430 FILE *fp; 431 #endif /* if !defined(USE_SYSCTL_PORTRANGE) && defined(__linux) */ 432 433 REQUIRE(low != NULL && high != NULL); 434 435 #if defined(USE_SYSCTL_PORTRANGE) 436 result = getudpportrange_sysctl(af, low, high); 437 #elif defined(__linux) 438 439 UNUSED(af); 440 441 /* 442 * Linux local ports are address family agnostic. 443 */ 444 fp = fopen("/proc/sys/net/ipv4/ip_local_port_range", "r"); 445 if (fp != NULL) { 446 int n; 447 unsigned int l, h; 448 449 n = fscanf(fp, "%u %u", &l, &h); 450 if (n == 2 && (l & ~0xffff) == 0 && (h & ~0xffff) == 0) { 451 *low = l; 452 *high = h; 453 result = ISC_R_SUCCESS; 454 } 455 fclose(fp); 456 } 457 #else /* if defined(USE_SYSCTL_PORTRANGE) */ 458 UNUSED(af); 459 #endif /* if defined(USE_SYSCTL_PORTRANGE) */ 460 461 if (result != ISC_R_SUCCESS) { 462 *low = ISC_NET_PORTRANGELOW; 463 *high = ISC_NET_PORTRANGEHIGH; 464 } 465 466 return (ISC_R_SUCCESS); /* we currently never fail in this function */ 467 } 468 469 void 470 isc_net_disableipv4(void) { 471 initialize(); 472 if (ipv4_result == ISC_R_SUCCESS) { 473 ipv4_result = ISC_R_DISABLED; 474 } 475 } 476 477 void 478 isc_net_disableipv6(void) { 479 initialize(); 480 if (ipv6_result == ISC_R_SUCCESS) { 481 ipv6_result = ISC_R_DISABLED; 482 } 483 } 484 485 void 486 isc_net_enableipv4(void) { 487 initialize(); 488 if (ipv4_result == ISC_R_DISABLED) { 489 ipv4_result = ISC_R_SUCCESS; 490 } 491 } 492 493 void 494 isc_net_enableipv6(void) { 495 initialize(); 496 if (ipv6_result == ISC_R_DISABLED) { 497 ipv6_result = ISC_R_SUCCESS; 498 } 499 } 500