xref: /openbsd-src/sys/netinet6/nd6_rtr.c (revision 53555c846a0a6f917dbd0a191f826da995ab1c42) 
1 /*	$OpenBSD: nd6_rtr.c,v 1.171 2024/07/14 18:53:39 bluhm Exp $	*/
2 /*	$KAME: nd6_rtr.c,v 1.97 2001/02/07 11:09:13 itojun Exp $	*/
3 
4 /*
5  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of the project nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32 
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/timeout.h>
36 #include <sys/malloc.h>
37 #include <sys/mbuf.h>
38 #include <sys/socket.h>
39 #include <sys/sockio.h>
40 #include <sys/time.h>
41 #include <sys/kernel.h>
42 #include <sys/errno.h>
43 #include <sys/ioctl.h>
44 #include <sys/syslog.h>
45 #include <sys/queue.h>
46 
47 #include <net/if.h>
48 #include <net/if_dl.h>
49 #include <net/if_var.h>
50 #include <net/route.h>
51 #include <net/rtable.h>
52 
53 #include <netinet/in.h>
54 #include <netinet6/in6_var.h>
55 #include <netinet/ip6.h>
56 #include <netinet6/ip6_var.h>
57 #include <netinet6/nd6.h>
58 #include <netinet/icmp6.h>
59 
60 int rt6_deleteroute(struct rtentry *, void *, unsigned int);
61 
62 /*
63  * Process Source Link-layer Address Options from
64  * Router Solicitation / Advertisement Messages.
65  */
66 void
67 nd6_rtr_cache(struct mbuf *m, int off, int icmp6len, int icmp6_type)
68 {
69 	struct ifnet *ifp;
70 	struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
71 	struct nd_router_solicit *nd_rs;
72 	struct nd_router_advert *nd_ra;
73 	struct in6_addr saddr6 = ip6->ip6_src;
74 	char *lladdr = NULL;
75 	int lladdrlen = 0;
76 	int i_am_router = (atomic_load_int(&ip6_forwarding) != 0);
77 	struct nd_opts ndopts;
78 	char src[INET6_ADDRSTRLEN], dst[INET6_ADDRSTRLEN];
79 
80 	KASSERT(icmp6_type == ND_ROUTER_SOLICIT || icmp6_type ==
81 	    ND_ROUTER_ADVERT);
82 
83 	/* Sanity checks */
84 	if (ip6->ip6_hlim != 255) {
85 		nd6log((LOG_ERR,
86 		    "%s: invalid hlim (%d) from %s to %s on %u\n",
87 		    __func__, ip6->ip6_hlim,
88 		    inet_ntop(AF_INET6, &ip6->ip6_src, src, sizeof(src)),
89 		    inet_ntop(AF_INET6, &ip6->ip6_dst, dst, sizeof(dst)),
90 		    m->m_pkthdr.ph_ifidx));
91 		goto bad;
92 	}
93 
94 	switch (icmp6_type) {
95 	case ND_ROUTER_SOLICIT:
96 		/*
97 		 * Don't update the neighbor cache, if src = ::.
98 		 * This indicates that the src has no IP address assigned yet.
99 		 */
100 		if (IN6_IS_ADDR_UNSPECIFIED(&saddr6))
101 			goto freeit;
102 
103 		IP6_EXTHDR_GET(nd_rs, struct nd_router_solicit *, m, off,
104 		    icmp6len);
105 		if (nd_rs == NULL) {
106 			icmp6stat_inc(icp6s_tooshort);
107 			return;
108 		}
109 
110 		icmp6len -= sizeof(*nd_rs);
111 		if (nd6_options(nd_rs + 1, icmp6len, &ndopts) < 0) {
112 			nd6log((LOG_INFO,
113 			    "%s: invalid ND option, ignored\n", __func__));
114 			/* nd6_options have incremented stats */
115 			goto freeit;
116 		}
117 		break;
118 	case ND_ROUTER_ADVERT:
119 		if (!IN6_IS_ADDR_LINKLOCAL(&saddr6)) {
120 			nd6log((LOG_ERR,
121 			    "%s: src %s is not link-local\n", __func__,
122 			    inet_ntop(AF_INET6, &saddr6, src, sizeof(src))));
123 			goto bad;
124 		}
125 
126 		IP6_EXTHDR_GET(nd_ra, struct nd_router_advert *, m, off,
127 		    icmp6len);
128 		if (nd_ra == NULL) {
129 			icmp6stat_inc(icp6s_tooshort);
130 			return;
131 		}
132 
133 		icmp6len -= sizeof(*nd_ra);
134 		if (nd6_options(nd_ra + 1, icmp6len, &ndopts) < 0) {
135 			nd6log((LOG_INFO,
136 			    "%s: invalid ND option, ignored\n", __func__));
137 			/* nd6_options have incremented stats */
138 			goto freeit;
139 		}
140 		break;
141 	}
142 
143 	if (ndopts.nd_opts_src_lladdr) {
144 		lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
145 		lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
146 	}
147 
148 	ifp = if_get(m->m_pkthdr.ph_ifidx);
149 	if (ifp == NULL)
150 		goto freeit;
151 
152 	if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
153 		nd6log((LOG_INFO,
154 		    "%s: lladdrlen mismatch for %s (if %d, RA/RS packet %d)\n",
155 		     __func__, inet_ntop(AF_INET6, &saddr6, src, sizeof(src)),
156 		    ifp->if_addrlen, lladdrlen - 2));
157 		if_put(ifp);
158 		goto bad;
159 	}
160 
161 	nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, icmp6_type, 0,
162 	    i_am_router);
163 	if_put(ifp);
164 
165  freeit:
166 	m_freem(m);
167 	return;
168 
169  bad:
170 	icmp6stat_inc(icmp6_type == ND_ROUTER_SOLICIT ? icp6s_badrs :
171 	    icp6s_badra);
172 	m_freem(m);
173 }
174 
175 /*
176  * Delete all the routing table entries that use the specified gateway.
177  * XXX: this function causes search through all entries of routing table, so
178  * it shouldn't be called when acting as a router.
179  * The gateway must already contain KAME's hack for link-local scope.
180  */
181 int
182 rt6_flush(struct in6_addr *gateway, struct ifnet *ifp)
183 {
184 	struct rt_addrinfo info;
185 	struct sockaddr_in6 sa_mask;
186 	struct rtentry *rt = NULL;
187 	int error;
188 
189 	NET_ASSERT_LOCKED();
190 
191 	/* We'll care only link-local addresses */
192 	if (!IN6_IS_ADDR_LINKLOCAL(gateway))
193 		return (0);
194 
195 	KASSERT(gateway->s6_addr16[1] != 0);
196 
197 	do {
198 		error = rtable_walk(ifp->if_rdomain, AF_INET6, &rt,
199 		    rt6_deleteroute, gateway);
200 		if (rt != NULL && error == EEXIST) {
201 			memset(&info, 0, sizeof(info));
202 			info.rti_flags =  rt->rt_flags;
203 			info.rti_info[RTAX_DST] = rt_key(rt);
204 			info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
205 			info.rti_info[RTAX_NETMASK] = rt_plen2mask(rt,
206 			    &sa_mask);
207 			error = rtrequest_delete(&info, RTP_ANY, ifp, NULL,
208 			    ifp->if_rdomain);
209 			if (error == 0)
210 				error = EAGAIN;
211 		}
212 		rtfree(rt);
213 		rt = NULL;
214 	} while (error == EAGAIN);
215 
216 	return (error);
217 }
218 
219 int
220 rt6_deleteroute(struct rtentry *rt, void *arg, unsigned int id)
221 {
222 	struct in6_addr *gate = (struct in6_addr *)arg;
223 
224 	if (rt->rt_gateway == NULL || rt->rt_gateway->sa_family != AF_INET6)
225 		return (0);
226 
227 	if (!IN6_ARE_ADDR_EQUAL(gate, &satosin6(rt->rt_gateway)->sin6_addr))
228 		return (0);
229 
230 	/*
231 	 * Do not delete a static route.
232 	 * XXX: this seems to be a bit ad-hoc. Should we consider the
233 	 * 'cloned' bit instead?
234 	 */
235 	if ((rt->rt_flags & RTF_STATIC) != 0)
236 		return (0);
237 
238 	/*
239 	 * We delete only host route. This means, in particular, we don't
240 	 * delete default route.
241 	 */
242 	if ((rt->rt_flags & RTF_HOST) == 0)
243 		return (0);
244 
245 	return (EEXIST);
246 }
247