« back to all changes in this revision
Viewing changes to ipv6.c
- browse files at revision 11
- compare with another revision
- download diff
- download tarball
- view history from revision 11
- Committer: Package Import Robot
- Author(s): Daniel Echeverry
- Date: 2015-06-03 10:43:23 UTC
- mfrom: (7.1.3 sid)
- Revision ID: package-import@ubuntu.com-20150603104323-74htea00somdput9
Tags: 6.9.0-1
* QA Upload
* New upstream release. Closes: #786772, #758713, #782085, #788693
* debian/control
+ Use Replaces instead Conflicts field
+ Bump Standards-Version 3.9.6
+ Update to DEP5 copyright format 1.0
* debian/rules
+ Add DEB_HOST_GNU_TYPE and DEB_BUILD_GNU_TYPE
* debian/patches
+ Add fix_ftbfs_kfreebsd.diff patch
+ Fix ftbfs on kfreebsd Closes: #770464
+ Add fix_manpage.diff patch
* Fix lintian warning
+ Remove CVE-2014-6060.patch patch
+ Merge with upstream
+ Remove kfreebsd.diff patch
* Upstream removed platform-bsd.c file in new version
* debian/prerm
+ Replace bashim with set -e
* debian/postint
+ Replace bashim with set -e
* debian/postrm
+ Replace bashim with set -e
* New upstream release. Closes: #786772, #758713, #782085, #788693
* debian/control
+ Use Replaces instead Conflicts field
+ Bump Standards-Version 3.9.6
+ Update to DEP5 copyright format 1.0
* debian/rules
+ Add DEB_HOST_GNU_TYPE and DEB_BUILD_GNU_TYPE
* debian/patches
+ Add fix_ftbfs_kfreebsd.diff patch
+ Fix ftbfs on kfreebsd Closes: #770464
+ Add fix_manpage.diff patch
* Fix lintian warning
+ Remove CVE-2014-6060.patch patch
+ Merge with upstream
+ Remove kfreebsd.diff patch
* Upstream removed platform-bsd.c file in new version
* debian/prerm
+ Replace bashim with set -e
* debian/postint
+ Replace bashim with set -e
* debian/postrm
+ Replace bashim with set -e
- files added:
- .pc/fix_ftbfs_kfreebsd.diff
- .pc/fix_ftbfs_kfreebsd.diff/crypt
- .pc/fix_manpage.diff
- crypt
- dev
- test
- files removed:
- .pc/CVE-2014-6060.patch
- .pc/kfreebsd.diff
- files modified:
- .pc/applied-patches
added
removed
ipv6.c
1
1
/*
2
2
* dhcpcd - DHCP client daemon
3
* Copyright (c) 2006-2013 Roy Marples <roy@marples.name>
3
* Copyright (c) 2006-2015 Roy Marples <roy@marples.name>
4
4
* All rights reserved
5
5
6
6
* Redistribution and use in source and binary forms, with or without
28
28
#include <sys/param.h>
29
29
#include <sys/types.h>
30
30
#include <sys/socket.h>
31
#include <sys/stat.h>
31
32
33
#include <net/if.h>
32
34
#include <net/route.h>
33
35
#include <netinet/in.h>
34
35
#ifdef __linux__
36
# include <asm/types.h> /* for systems with broken headers */
37
# include <linux/rtnetlink.h>
38
/* Match Linux defines to BSD */
39
# define IN6_IFF_TENTATIVE (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)
40
# define IN6_IFF_DUPLICATED IFA_F_DADFAILED
41
#else
42
#ifdef __FreeBSD__ /* Needed so that including netinet6/in6_var.h works */
43
# include <net/if.h>
44
# include <net/if_var.h>
45
#endif
46
# include <netinet6/in6_var.h>
47
#endif
36
#include <netinet/if_ether.h>
48
37
49
38
#include <errno.h>
50
39
#include <ifaddrs.h>
51
40
#include <inttypes.h>
52
41
#include <stdlib.h>
53
42
#include <string.h>
54
#include <syslog.h>
55
43
#include <unistd.h>
56
44
45
#define ELOOP_QUEUE 7
57
46
#include "common.h"
47
#include "if.h"
58
48
#include "dhcpcd.h"
59
49
#include "dhcp6.h"
60
50
#include "eloop.h"
61
51
#include "ipv6.h"
62
#include "ipv6rs.h"
52
#include "ipv6nd.h"
53
54
#ifdef HAVE_MD5_H
55
# ifndef DEPGEN
56
# include <md5.h>
57
# endif
58
#else
59
# include "md5.h"
60
#endif
61
62
#ifdef SHA2_H
63
# include SHA2_H
64
#else
65
# include "sha256.h"
66
#endif
67
68
#ifndef SHA256_DIGEST_LENGTH
69
# define SHA256_DIGEST_LENGTH 32
70
#endif
71
72
#ifdef IPV6_POLLADDRFLAG
73
# warning kernel does not report IPv6 address flag changes
74
# warning polling tentative address flags periodically
75
#endif
76
77
#ifdef __linux__
78
/* Match Linux defines to BSD */
79
# define IN6_IFF_TEMPORARY IFA_F_TEMPORARY
80
# ifdef IFA_F_OPTIMISTIC
81
# define IN6_IFF_TENTATIVE (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)
82
# else
83
# define IN6_IFF_TENTATIVE (IFA_F_TENTATIVE | 0x04)
84
# endif
85
# ifdef IF_F_DADFAILED
86
# define IN6_IFF_DUPLICATED IFA_F_DADFAILED
87
# else
88
# define IN6_IFF_DUPLICATED 0x08
89
# endif
90
# define IN6_IFF_DETACHED 0
91
#endif
92
93
#define IN6_IFF_NOTUSEABLE \
94
(IN6_IFF_TENTATIVE | IN6_IFF_DUPLICATED | IN6_IFF_DETACHED)
63
95
64
96
/* Hackery at it's finest. */
65
97
#ifndef s6_addr32
66
# define s6_addr32 __u6_addr.__u6_addr32
67
#endif
68
69
#define EUI64_GBIT 0x01
70
#define EUI64_UBIT 0x02
71
#define EUI64_TO_IFID(in6) do {(in6)->s6_addr[8] ^= EUI64_UBIT; } \
72
while (/*CONSTCOND*/ 0)
73
#define EUI64_GROUP(in6) ((in6)->s6_addr[8] & EUI64_GBIT)
74
75
static struct rt6head *routes;
76
77
#ifdef DEBUG_MEMORY
78
static void
79
ipv6_cleanup()
80
{
81
struct rt6 *rt;
82
83
while ((rt = TAILQ_FIRST(routes))) {
84
TAILQ_REMOVE(routes, rt, next);
85
free(rt);
86
}
87
free(routes);
88
}
89
#endif
90
91
int
92
ipv6_init(void)
93
{
94
95
if (routes == NULL) {
96
routes = malloc(sizeof(*routes));
97
if (routes == NULL)
98
return -1;
99
TAILQ_INIT(routes);
100
#ifdef DEBUG_MEMORY
101
atexit(ipv6_cleanup);
102
#endif
103
}
104
return 0;
98
# ifdef __sun
99
# define s6_addr32 _S6_un._S6_u32
100
# else
101
# define s6_addr32 __u6_addr.__u6_addr32
102
# endif
103
#endif
104
105
106
#ifdef IPV6_MANAGETEMPADDR
107
static void ipv6_regentempifid(void *);
108
static void ipv6_regentempaddr(void *);
109
#else
110
#define ipv6_regentempifid(a) {}
111
#endif
112
113
struct ipv6_ctx *
114
ipv6_init(struct dhcpcd_ctx *dhcpcd_ctx)
115
{
116
struct ipv6_ctx *ctx;
117
118
if (dhcpcd_ctx->ipv6)
119
return dhcpcd_ctx->ipv6;
120
121
ctx = calloc(1, sizeof(*ctx));
122
if (ctx == NULL)
123
return NULL;
124
125
ctx->routes = malloc(sizeof(*ctx->routes));
126
if (ctx->routes == NULL) {
127
free(ctx);
128
return NULL;
129
}
130
TAILQ_INIT(ctx->routes);
131
132
ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
133
if (ctx->ra_routers == NULL) {
134
free(ctx->routes);
135
free(ctx);
136
return NULL;
137
}
138
TAILQ_INIT(ctx->ra_routers);
139
140
TAILQ_INIT(&ctx->kroutes);
141
142
ctx->sndhdr.msg_namelen = sizeof(struct sockaddr_in6);
143
ctx->sndhdr.msg_iov = ctx->sndiov;
144
ctx->sndhdr.msg_iovlen = 1;
145
ctx->sndhdr.msg_control = ctx->sndbuf;
146
ctx->sndhdr.msg_controllen = sizeof(ctx->sndbuf);
147
ctx->rcvhdr.msg_name = &ctx->from;
148
ctx->rcvhdr.msg_namelen = sizeof(ctx->from);
149
ctx->rcvhdr.msg_iov = ctx->rcviov;
150
ctx->rcvhdr.msg_iovlen = 1;
151
ctx->rcvhdr.msg_control = ctx->rcvbuf;
152
// controllen is set at recieve
153
//ctx->rcvhdr.msg_controllen = sizeof(ctx->rcvbuf);
154
ctx->rcviov[0].iov_base = ctx->ansbuf;
155
ctx->rcviov[0].iov_len = sizeof(ctx->ansbuf);
156
157
ctx->nd_fd = -1;
158
ctx->dhcp_fd = -1;
159
160
dhcpcd_ctx->ipv6 = ctx;
161
162
return ctx;
105
163
}
106
164
107
165
ssize_t
108
ipv6_printaddr(char *s, ssize_t sl, const uint8_t *d, const char *ifname)
166
ipv6_printaddr(char *s, size_t sl, const uint8_t *d, const char *ifname)
109
167
{
110
168
char buf[INET6_ADDRSTRLEN];
111
169
const char *p;
112
ssize_t l;
170
size_t l;
113
171
114
172
p = inet_ntop(AF_INET6, d, buf, sizeof(buf));
115
173
if (p == NULL)
120
178
l += 1 + strlen(ifname);
121
179
122
180
if (s == NULL)
123
return l;
181
return (ssize_t)l;
124
182
125
183
if (sl < l) {
126
184
errno = ENOMEM;
133
191
s += strlcpy(s, ifname, sl);
134
192
}
135
193
*s = '\0';
136
return l;
194
return (ssize_t)l;
195
}
196
197
static ssize_t
198
ipv6_readsecret(struct dhcpcd_ctx *ctx)
199
{
200
FILE *fp;
201
char line[1024];
202
unsigned char *p;
203
size_t len;
204
uint32_t r;
205
int x;
206
207
if ((fp = fopen(SECRET, "r"))) {
208
len = 0;
209
while (fgets(line, sizeof(line), fp)) {
210
len = strlen(line);
211
if (len) {
212
if (line[len - 1] == '\n')
213
line[len - 1] = '\0';
214
}
215
len = hwaddr_aton(NULL, line);
216
if (len) {
217
ctx->secret_len = hwaddr_aton(ctx->secret,
218
line);
219
break;
220
}
221
len = 0;
222
}
223
fclose(fp);
224
if (len)
225
return (ssize_t)len;
226
} else {
227
if (errno != ENOENT)
228
logger(ctx, LOG_ERR,
229
"error reading secret: %s: %m", SECRET);
230
}
231
232
/* Chaining arc4random should be good enough.
233
* RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
234
* To attempt and future proof ourselves, we'll generate a key of
235
* 512 bits (64 bytes). */
236
p = ctx->secret;
237
ctx->secret_len = 0;
238
for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
239
r = arc4random();
240
memcpy(p, &r, sizeof(r));
241
p += sizeof(r);
242
ctx->secret_len += sizeof(r);
243
244
}
245
246
/* Ensure that only the dhcpcd user can read the secret.
247
* Write permission is also denied as chaning it would remove
248
* it's stability. */
249
if ((fp = fopen(SECRET, "w")) == NULL ||
250
chmod(SECRET, S_IRUSR) == -1)
251
goto eexit;
252
x = fprintf(fp, "%s\n",
253
hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)));
254
fclose(fp);
255
if (x > 0)
256
return (ssize_t)ctx->secret_len;
257
258
eexit:
259
logger(ctx, LOG_ERR, "error writing secret: %s: %m", SECRET);
260
unlink(SECRET);
261
ctx->secret_len = 0;
262
return -1;
263
}
264
265
/* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
266
* RFC5453 */
267
static const struct reslowhigh {
268
const uint8_t high[8];
269
const uint8_t low[8];
270
} reslowhigh[] = {
271
/* RFC4291 + RFC6543 */
272
{ { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
273
{ 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
274
/* RFC2526 */
275
{ { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
276
{ 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
277
};
278
279
static int
280
ipv6_reserved(const struct in6_addr *addr)
281
{
282
uint64_t id, low, high;
283
size_t i;
284
const struct reslowhigh *r;
285
286
id = be64dec(addr->s6_addr + sizeof(id));
287
if (id == 0) /* RFC4291 */
288
return 1;
289
for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) {
290
r = &reslowhigh[i];
291
low = be64dec(r->low);
292
high = be64dec(r->high);
293
if (id >= low && id <= high)
294
return 1;
295
}
296
return 0;
297
}
298
299
/* RFC7217 */
300
static int
301
ipv6_makestableprivate1(struct in6_addr *addr,
302
const struct in6_addr *prefix, int prefix_len,
303
const unsigned char *netiface, size_t netiface_len,
304
const unsigned char *netid, size_t netid_len,
305
uint32_t *dad_counter,
306
const unsigned char *secret, size_t secret_len)
307
{
308
unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
309
size_t len, l;
310
SHA256_CTX ctx;
311
312
if (prefix_len < 0 || prefix_len > 120) {
313
errno = EINVAL;
314
return -1;
315
}
316
317
l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
318
len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len;
319
if (len > sizeof(buf)) {
320
errno = ENOBUFS;
321
return -1;
322
}
323
324
for (;; (*dad_counter)++) {
325
/* Combine all parameters into one buffer */
326
p = buf;
327
memcpy(p, prefix, l);
328
p += l;
329
memcpy(p, netiface, netiface_len);
330
p += netiface_len;
331
memcpy(p, netid, netid_len);
332
p += netid_len;
333
memcpy(p, dad_counter, sizeof(*dad_counter));
334
p += sizeof(*dad_counter);
335
memcpy(p, secret, secret_len);
336
337
/* Make an address using the digest of the above.
338
* RFC7217 Section 5.1 states that we shouldn't use MD5.
339
* Pity as we use that for HMAC-MD5 which is still deemed OK.
340
* SHA-256 is recommended */
341
SHA256_Init(&ctx);
342
SHA256_Update(&ctx, buf, len);
343
SHA256_Final(digest, &ctx);
344
345
p = addr->s6_addr;
346
memcpy(p, prefix, l);
347
/* RFC7217 section 5.2 says we need to start taking the id from
348
* the least significant bit */
349
len = sizeof(addr->s6_addr) - l;
350
memcpy(p + l, digest + (sizeof(digest) - len), len);
351
352
/* Ensure that the Interface ID does not match a reserved one,
353
* if it does then treat it as a DAD failure.
354
* RFC7217 section 5.2 */
355
if (prefix_len != 64)
356
break;
357
if (!ipv6_reserved(addr))
358
break;
359
}
360
361
return 0;
362
}
363
364
int
365
ipv6_makestableprivate(struct in6_addr *addr,
366
const struct in6_addr *prefix, int prefix_len,
367
const struct interface *ifp,
368
int *dad_counter)
369
{
370
uint32_t dad;
371
int r;
372
373
dad = (uint32_t)*dad_counter;
374
375
/* For our implementation, we shall set the hardware address
376
* as the interface identifier */
377
r = ipv6_makestableprivate1(addr, prefix, prefix_len,
378
ifp->hwaddr, ifp->hwlen,
379
ifp->ssid, ifp->ssid_len,
380
&dad,
381
ifp->ctx->secret, ifp->ctx->secret_len);
382
383
if (r == 0)
384
*dad_counter = (int)dad;
385
return r;
137
386
}
138
387
139
388
int
140
389
ipv6_makeaddr(struct in6_addr *addr, const struct interface *ifp,
141
390
const struct in6_addr *prefix, int prefix_len)
142
391
{
143
const struct ipv6_addr_l *ap;
144
#if 0
145
static u_int8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
146
static u_int8_t allone[8] =
147
{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
148
#endif
149
150
if (prefix_len < 0 || prefix_len > 64) {
151
errno = EINVAL;
152
return -1;
153
}
154
392
const struct ipv6_addr *ap;
393
int dad;
394
395
if (prefix_len < 0 || prefix_len > 120) {
396
errno = EINVAL;
397
return -1;
398
}
399
400
if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
401
if (ifp->ctx->secret_len == 0) {
402
if (ipv6_readsecret(ifp->ctx) == -1)
403
return -1;
404
}
405
dad = 0;
406
if (ipv6_makestableprivate(addr,
407
prefix, prefix_len, ifp, &dad) == -1)
408
return -1;
409
return dad;
410
}
411
412
if (prefix_len > 64) {
413
errno = EINVAL;
414
return -1;
415
}
416
if ((ap = ipv6_linklocal(ifp)) == NULL) {
417
/* We delay a few functions until we get a local-link address
418
* so this should never be hit. */
419
errno = ENOENT;
420
return -1;
421
}
422
423
/* Make the address from the first local-link address */
155
424
memcpy(addr, prefix, sizeof(*prefix));
156
157
/* Try and make the address from the first local-link address */
158
ap = ipv6_linklocal(ifp);
159
if (ap) {
160
addr->s6_addr32[2] = ap->addr.s6_addr32[2];
161
addr->s6_addr32[3] = ap->addr.s6_addr32[3];
162
return 0;
163
}
164
165
/* Because we delay a few functions until we get a local-link address
166
* there is little point in the below code.
167
* It exists in-case we need to create local-link addresses
168
* ourselves, but then we would need to be able to send RFC
169
* conformant DAD requests.
170
* See ipv6ns.c for why we need the kernel to do this. */
171
errno = ENOENT;
172
return -1;
173
174
#if 0
175
/* Make an EUI64 based off our hardware address */
176
switch (ifp->family) {
177
case ARPHRD_ETHER:
178
/* Check for a valid hardware address */
179
if (ifp->hwlen != 8 && ifp->hwlen != 6) {
180
errno = ENOTSUP;
181
return -1;
182
}
183
if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
184
memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
185
{
186
errno = EINVAL;
187
return -1;
188
}
189
190
/* make a EUI64 address */
191
if (ifp->hwlen == 8)
192
memcpy(&addr->s6_addr[8], ifp->hwaddr, 8);
193
else if (ifp->hwlen == 6) {
194
addr->s6_addr[8] = ifp->hwaddr[0];
195
addr->s6_addr[9] = ifp->hwaddr[1];
196
addr->s6_addr[10] = ifp->hwaddr[2];
197
addr->s6_addr[11] = 0xff;
198
addr->s6_addr[12] = 0xfe;
199
addr->s6_addr[13] = ifp->hwaddr[3];
200
addr->s6_addr[14] = ifp->hwaddr[4];
201
addr->s6_addr[15] = ifp->hwaddr[5];
202
}
203
break;
204
default:
205
errno = ENOTSUP;
206
return -1;
207
}
208
209
/* sanity check: g bit must not indicate "group" */
210
if (EUI64_GROUP(addr)) {
211
errno = EINVAL;
212
return -1;
213
}
214
215
EUI64_TO_IFID(addr);
216
217
/* sanity check: ifid must not be all zero, avoid conflict with
218
* subnet router anycast */
219
if ((addr->s6_addr[8] & ~(EUI64_GBIT | EUI64_UBIT)) == 0x00 &&
220
memcmp(&addr->s6_addr[9], allzero, 7) == 0)
221
{
222
errno = EINVAL;
223
return -1;
224
}
225
425
addr->s6_addr32[2] = ap->addr.s6_addr32[2];
426
addr->s6_addr32[3] = ap->addr.s6_addr32[3];
226
427
return 0;
227
#endif
228
428
}
229
429
230
430
int
239
439
240
440
bytelen = len / NBBY;
241
441
bitlen = len % NBBY;
242
memcpy(&prefix->s6_addr, &addr->s6_addr, bytelen);
442
memcpy(&prefix->s6_addr, &addr->s6_addr, (size_t)bytelen);
243
443
if (bitlen != 0)
244
prefix->s6_addr[bytelen] >>= NBBY - bitlen;
444
prefix->s6_addr[bytelen] =
445
(uint8_t)(prefix->s6_addr[bytelen] >> (NBBY - bitlen));
245
446
memset((char *)prefix->s6_addr + bytelen, 0,
246
sizeof(prefix->s6_addr) - bytelen);
447
sizeof(prefix->s6_addr) - (size_t)bytelen);
247
448
return 0;
248
449
}
249
450
269
470
return 0;
270
471
}
271
472
272
int
473
uint8_t
273
474
ipv6_prefixlen(const struct in6_addr *mask)
274
475
{
275
476
int x = 0, y;
294
495
*/
295
496
if (p < lim) {
296
497
if (y != 0 && (*p & (0x00ff >> y)) != 0)
297
return -1;
498
return 0;
298
499
for (p = p + 1; p < lim; p++)
299
500
if (*p != 0)
300
return -1;
501
return 0;
301
502
}
302
503
303
return x * NBBY + y;
304
}
305
306
static void
307
in6_to_h64(const struct in6_addr *add, uint64_t *vhigh, uint64_t *vlow)
308
{
309
uint64_t l, h;
310
const uint8_t *p = (const uint8_t *)&add->s6_addr;
311
312
h = ((uint64_t)p[0] << 56) |
313
((uint64_t)p[1] << 48) |
314
((uint64_t)p[2] << 40) |
315
((uint64_t)p[3] << 32) |
316
((uint64_t)p[4] << 24) |
317
((uint64_t)p[5] << 16) |
318
((uint64_t)p[6] << 8) |
319
(uint64_t)p[7];
320
p += 8;
321
l = ((uint64_t)p[0] << 56) |
322
((uint64_t)p[1] << 48) |
323
((uint64_t)p[2] << 40) |
324
((uint64_t)p[3] << 32) |
325
((uint64_t)p[4] << 24) |
326
((uint64_t)p[5] << 16) |
327
((uint64_t)p[6] << 8) |
328
(uint64_t)p[7];
329
330
*vhigh = h;
331
*vlow = l;
332
}
333
334
static void
335
h64_to_in6(uint64_t vhigh, uint64_t vlow, struct in6_addr *add)
336
{
337
uint8_t *p = (uint8_t *)&add->s6_addr;
338
339
p[0] = vhigh >> 56;
340
p[1] = vhigh >> 48;
341
p[2] = vhigh >> 40;
342
p[3] = vhigh >> 32;
343
p[4] = vhigh >> 24;
344
p[5] = vhigh >> 16;
345
p[6] = vhigh >> 8;
346
p[7] = vhigh;
347
p += 8;
348
p[0] = vlow >> 56;
349
p[1] = vlow >> 48;
350
p[2] = vlow >> 40;
351
p[3] = vlow >> 32;
352
p[4] = vlow >> 24;
353
p[5] = vlow >> 16;
354
p[6] = vlow >> 8;
355
p[7] = vlow;
504
return (uint8_t)(x * NBBY + y);
505
}
506
507
static void
508
in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
509
{
510
511
*vhigh = be64dec(addr->s6_addr);
512
*vlow = be64dec(addr->s6_addr + 8);
513
}
514
515
static void
516
h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
517
{
518
519
be64enc(addr->s6_addr, vhigh);
520
be64enc(addr->s6_addr + 8, vlow);
356
521
}
357
522
358
523
int
365
530
{
366
531
uint64_t vh, vl, user_low, user_high;
367
532
368
if (prefix_len < 0 || prefix_len > 64 ||
369
result_len < 0 || result_len > 64)
533
if (prefix_len < 0 || prefix_len > 120 ||
534
result_len < 0 || result_len > 120)
370
535
{
371
536
errno = EINVAL;
372
537
return -1;
390
555
}
391
556
392
557
/* convert to two 64bit host order values */
393
in6_to_h64(prefix, &vh, &vl);
558
in6_to_h64(&vh, &vl, prefix);
394
559
395
560
vh |= user_high;
396
561
vl |= user_low;
397
562
398
563
/* copy back result */
399
h64_to_in6(vh, vl, result);
564
h64_to_in6(result, vh, vl);
400
565
401
566
return 0;
402
567
}
403
568
569
#ifdef IPV6_POLLADDRFLAG
570
void
571
ipv6_checkaddrflags(void *arg)
572
{
573
struct ipv6_addr *ap;
574
int ifa_flags;
575
576
ap = arg;
577
ifa_flags = if_addrflags6(&ap->addr, ap->iface);
578
if (ifa_flags == -1)
579
logger(ap->iface->ctx, LOG_ERR,
580
"%s: if_addrflags6: %m", ap->iface->name);
581
else if (!(ifa_flags & IN6_IFF_TENTATIVE)) {
582
ipv6_handleifa(ap->iface->ctx, RTM_NEWADDR,
583
ap->iface->ctx->ifaces, ap->iface->name,
584
&ap->addr, ap->prefix_len, ifa_flags);
585
} else {
586
struct timespec tv;
587
588
ms_to_ts(&tv, RETRANS_TIMER / 2);
589
eloop_timeout_add_tv(ap->iface->ctx->eloop, &tv,
590
ipv6_checkaddrflags, ap);
591
}
592
}
593
#endif
594
595
596
static void
597
ipv6_deleteaddr(struct ipv6_addr *ia)
598
{
599
struct ipv6_state *state;
600
struct ipv6_addr *ap;
601
602
logger(ia->iface->ctx, LOG_INFO, "%s: deleting address %s",
603
ia->iface->name, ia->saddr);
604
if (if_deladdress6(ia) == -1 &&
605
errno != EADDRNOTAVAIL && errno != ENXIO && errno != ENODEV)
606
logger(ia->iface->ctx, LOG_ERR, "if_deladdress6: :%m");
607
608
state = IPV6_STATE(ia->iface);
609
TAILQ_FOREACH(ap, &state->addrs, next) {
610
if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
611
TAILQ_REMOVE(&state->addrs, ap, next);
612
ipv6_freeaddr(ap);
613
break;
614
}
615
}
616
}
617
404
618
int
405
ipv6_addaddr(struct ipv6_addr *ap)
619
ipv6_addaddr(struct ipv6_addr *ap, const struct timespec *now)
406
620
{
407
408
syslog(ap->flags & IPV6_AF_NEW ? LOG_INFO : LOG_DEBUG,
409
"%s: adding address %s", ap->iface->name, ap->saddr);
621
struct interface *ifp;
622
struct ipv6_state *state;
623
struct ipv6_addr *nap;
624
uint32_t pltime, vltime;
625
626
/* Ensure no other interface has this address */
627
TAILQ_FOREACH(ifp, ap->iface->ctx->ifaces, next) {
628
if (ifp == ap->iface || strcmp(ifp->name, ap->iface->name) == 0)
629
continue;
630
state = IPV6_STATE(ifp);
631
if (state == NULL)
632
continue;
633
TAILQ_FOREACH(nap, &state->addrs, next) {
634
if (IN6_ARE_ADDR_EQUAL(&nap->addr, &ap->addr)) {
635
ipv6_deleteaddr(nap);
636
break;
637
}
638
}
639
}
640
410
641
if (!(ap->flags & IPV6_AF_DADCOMPLETED) &&
411
ipv6_findaddr(ap->iface, &ap->addr))
642
ipv6_iffindaddr(ap->iface, &ap->addr))
412
643
ap->flags |= IPV6_AF_DADCOMPLETED;
413
if (add_address6(ap) == -1) {
414
syslog(LOG_ERR, "add_address6 %m");
415
return -1;
416
}
417
ap->flags &= ~IPV6_AF_NEW;
418
ap->flags |= IPV6_AF_ADDED;
419
if (ap->delegating_iface)
420
ap->flags |= IPV6_AF_DELEGATED;
421
if (ap->iface->options->options & DHCPCD_IPV6RA_OWN &&
422
ipv6_removesubnet(ap->iface, ap) == -1)
423
syslog(LOG_ERR,"ipv6_removesubnet %m");
644
645
logger(ap->iface->ctx, ap->flags & IPV6_AF_NEW ? LOG_INFO : LOG_DEBUG,
646
"%s: adding address %s", ap->iface->name, ap->saddr);
424
647
if (ap->prefix_pltime == ND6_INFINITE_LIFETIME &&
425
648
ap->prefix_vltime == ND6_INFINITE_LIFETIME)
426
syslog(LOG_DEBUG,
427
"%s: vltime infinity, pltime infinity",
649
logger(ap->iface->ctx, LOG_DEBUG,
650
"%s: pltime infinity, vltime infinity",
428
651
ap->iface->name);
429
652
else if (ap->prefix_pltime == ND6_INFINITE_LIFETIME)
430
syslog(LOG_DEBUG,
431
"%s: vltime %"PRIu32" seconds, pltime infinity",
653
logger(ap->iface->ctx, LOG_DEBUG,
654
"%s: pltime infinity, vltime %"PRIu32" seconds",
432
655
ap->iface->name, ap->prefix_vltime);
433
656
else if (ap->prefix_vltime == ND6_INFINITE_LIFETIME)
434
syslog(LOG_DEBUG,
435
"%s: vltime infinity, pltime %"PRIu32"seconds",
657
logger(ap->iface->ctx, LOG_DEBUG,
658
"%s: pltime %"PRIu32"seconds, vltime infinity",
436
659
ap->iface->name, ap->prefix_pltime);
437
660
else
438
syslog(LOG_DEBUG,
439
"%s: vltime %"PRIu32" seconds, pltime %"PRIu32" seconds",
440
ap->iface->name, ap->prefix_vltime, ap->prefix_pltime);
661
logger(ap->iface->ctx, LOG_DEBUG,
662
"%s: pltime %"PRIu32" seconds, vltime %"PRIu32" seconds",
663
ap->iface->name, ap->prefix_pltime, ap->prefix_vltime);
664
665
/* Adjust plftime and vltime based on acquired time */
666
pltime = ap->prefix_pltime;
667
vltime = ap->prefix_vltime;
668
if (timespecisset(&ap->acquired) &&
669
(ap->prefix_pltime != ND6_INFINITE_LIFETIME ||
670
ap->prefix_vltime != ND6_INFINITE_LIFETIME))
671
{
672
struct timespec n;
673
674
if (now == NULL) {
675
clock_gettime(CLOCK_MONOTONIC, &n);
676
now = &n;
677
}
678
timespecsub(now, &ap->acquired, &n);
679
if (ap->prefix_pltime != ND6_INFINITE_LIFETIME) {
680
ap->prefix_pltime -= (uint32_t)n.tv_sec;
681
/* This can happen when confirming a
682
* deprecated but still valid lease. */
683
if (ap->prefix_pltime > pltime)
684
ap->prefix_pltime = 0;
685
}
686
if (ap->prefix_vltime != ND6_INFINITE_LIFETIME)
687
ap->prefix_vltime -= (uint32_t)n.tv_sec;
688
689
#if 0
690
logger(ap->iface->ctx, LOG_DEBUG,
691
"%s: acquired %lld.%.9ld, now %lld.%.9ld, diff %lld.%.9ld",
692
ap->iface->name,
693
(long long)ap->acquired.tv_sec, ap->acquired.tv_nsec,
694
(long long)now->tv_sec, now->tv_nsec,
695
(long long)n.tv_sec, n.tv_nsec);
696
logger(ap->iface->ctx, LOG_DEBUG,
697
"%s: adj pltime %"PRIu32" seconds, "
698
"vltime %"PRIu32" seconds",
699
ap->iface->name, ap->prefix_pltime, ap->prefix_vltime);
700
#endif
701
}
702
703
if (if_addaddress6(ap) == -1) {
704
logger(ap->iface->ctx, LOG_ERR, "if_addaddress6: %m");
705
/* Restore real pltime and vltime */
706
ap->prefix_pltime = pltime;
707
ap->prefix_vltime = vltime;
708
return -1;
709
}
710
711
#ifdef IPV6_MANAGETEMPADDR
712
/* RFC4941 Section 3.4 */
713
if (ap->flags & IPV6_AF_TEMPORARY &&
714
ap->prefix_pltime &&
715
ap->prefix_vltime &&
716
ap->iface->options->options & DHCPCD_IPV6RA_OWN &&
717
ip6_use_tempaddr(ap->iface->name))
718
eloop_timeout_add_sec(ap->iface->ctx->eloop,
719
(time_t)ap->prefix_pltime - REGEN_ADVANCE,
720
ipv6_regentempaddr, ap);
721
#endif
722
723
/* Restore real pltime and vltime */
724
ap->prefix_pltime = pltime;
725
ap->prefix_vltime = vltime;
726
727
ap->flags &= ~IPV6_AF_NEW;
728
ap->flags |= IPV6_AF_ADDED;
729
if (ap->delegating_iface)
730
ap->flags |= IPV6_AF_DELEGATED;
731
732
#ifdef IPV6_POLLADDRFLAG
733
eloop_timeout_delete(ap->iface->ctx->eloop,
734
ipv6_checkaddrflags, ap);
735
if (!(ap->flags & IPV6_AF_DADCOMPLETED)) {
736
struct timespec tv;
737
738
ms_to_ts(&tv, RETRANS_TIMER / 2);
739
eloop_timeout_add_tv(ap->iface->ctx->eloop,
740
&tv, ipv6_checkaddrflags, ap);
741
}
742
#endif
743
441
744
return 0;
442
745
}
443
746
747
int
748
ipv6_publicaddr(const struct ipv6_addr *ia)
749
{
750
return (ia->prefix_pltime &&
751
(ia->addr.s6_addr[0] & 0xfe) != 0xc &&
752
!(ia->addr_flags & IN6_IFF_NOTUSEABLE));
753
}
754
755
struct ipv6_addr *
756
ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, short flags)
757
{
758
struct ipv6_addr *dap, *nap;
759
760
dap = dhcp6_findaddr(ctx, addr, flags);
761
nap = ipv6nd_findaddr(ctx, addr, flags);
762
if (!dap && !nap)
763
return NULL;
764
if (dap && !nap)
765
return dap;
766
if (nap && !dap)
767
return nap;
768
if (nap->iface->metric < dap->iface->metric)
769
return nap;
770
return dap;
771
}
772
773
ssize_t
774
ipv6_addaddrs(struct ipv6_addrhead *addrs)
775
{
776
struct ipv6_addr *ap, *apn, *apf;
777
ssize_t i;
778
struct timespec now;
779
780
i = 0;
781
timespecclear(&now);
782
TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
783
if (ap->prefix_vltime == 0) {
784
if (ap->flags & IPV6_AF_ADDED) {
785
ipv6_deleteaddr(ap);
786
i++;
787
}
788
eloop_q_timeout_delete(ap->iface->ctx->eloop,
789
0, NULL, ap);
790
if (ap->flags & IPV6_AF_REQUEST) {
791
ap->flags &= ~IPV6_AF_ADDED;
792
} else {
793
TAILQ_REMOVE(addrs, ap, next);
794
ipv6_freeaddr(ap);
795
}
796
} else if (!(ap->flags & IPV6_AF_STALE) &&
797
!IN6_IS_ADDR_UNSPECIFIED(&ap->addr))
798
{
799
apf = ipv6_findaddr(ap->iface->ctx,
800
&ap->addr, IPV6_AF_ADDED);
801
if (apf && apf->iface != ap->iface &&
802
strcmp(apf->iface->name, ap->iface->name))
803
{
804
if (apf->iface->metric <= ap->iface->metric) {
805
logger(apf->iface->ctx, LOG_INFO,
806
"%s: preferring %s on %s",
807
ap->iface->name,
808
ap->saddr,
809
apf->iface->name);
810
continue;
811
}
812
logger(apf->iface->ctx, LOG_INFO,
813
"%s: preferring %s on %s",
814
apf->iface->name,
815
ap->saddr,
816
ap->iface->name);
817
if (if_deladdress6(apf) == -1 &&
818
errno != EADDRNOTAVAIL && errno != ENXIO)
819
logger(apf->iface->ctx, LOG_ERR,
820
"if_deladdress6: %m");
821
apf->flags &=
822
~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED);
823
} else if (apf)
824
apf->flags &= ~IPV6_AF_ADDED;
825
if (ap->flags & IPV6_AF_NEW)
826
i++;
827
if (!timespecisset(&now))
828
clock_gettime(CLOCK_MONOTONIC, &now);
829
ipv6_addaddr(ap, &now);
830
}
831
}
832
833
return i;
834
}
835
836
void
837
ipv6_freeaddr(struct ipv6_addr *ap)
838
{
839
840
eloop_q_timeout_delete(ap->iface->ctx->eloop, 0, NULL, ap);
841
free(ap);
842
}
843
444
844
void
445
845
ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
446
846
const struct interface *ifd)
447
847
{
448
struct ipv6_addr *ap, *apn;
848
struct ipv6_addr *ap, *apn, *apf;
849
struct timespec now;
449
850
851
timespecclear(&now);
450
852
TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
451
853
if (ifd && ap->delegating_iface != ifd)
452
854
continue;
453
TAILQ_REMOVE(addrs, ap, next);
454
if (ap->dadcallback)
455
eloop_q_timeout_delete(0, NULL, ap->dadcallback);
456
/* Only drop the address if no other RAs have assigned it.
457
* This is safe because the RA is removed from the list
458
* before we are called. */
855
if (drop != 2)
856
TAILQ_REMOVE(addrs, ap, next);
459
857
if (drop && ap->flags & IPV6_AF_ADDED &&
460
!ipv6rs_addrexists(ap) && !dhcp6_addrexists(ap))
858
(ap->iface->options->options &
859
(DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
860
(DHCPCD_EXITING | DHCPCD_PERSISTENT))
461
861
{
462
syslog(LOG_INFO, "%s: deleting address %s",
463
ap->iface->name, ap->saddr);
464
if (del_address6(ap) == -1 &&
465
errno != EADDRNOTAVAIL && errno != ENXIO)
466
syslog(LOG_ERR, "del_address6 %m");
862
if (drop == 2)
863
TAILQ_REMOVE(addrs, ap, next);
864
/* Find the same address somewhere else */
865
apf = ipv6_findaddr(ap->iface->ctx, &ap->addr, 0);
866
if (apf == NULL ||
867
(apf->iface != ap->iface &&
868
strcmp(apf->iface->name, ap->iface->name)))
869
ipv6_deleteaddr(ap);
870
if (!(ap->iface->options->options &
871
DHCPCD_EXITING) && apf)
872
{
873
if (!timespecisset(&now))
874
clock_gettime(CLOCK_MONOTONIC, &now);
875
ipv6_addaddr(apf, &now);
876
}
877
if (drop == 2)
878
ipv6_freeaddr(ap);
467
879
}
468
free(ap);
880
if (drop != 2)
881
ipv6_freeaddr(ap);
469
882
}
470
883
}
471
884
476
889
477
890
state = IPV6_STATE(ifp);
478
891
if (state == NULL) {
479
ifp->if_data[IF_DATA_IPV6] = malloc(sizeof(*state));
892
ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
480
893
state = IPV6_STATE(ifp);
481
894
if (state == NULL) {
482
syslog(LOG_ERR, "%s: %m", __func__);
895
logger(ifp->ctx, LOG_ERR, "%s: %m", __func__);
483
896
return NULL;
484
897
}
485
898
TAILQ_INIT(&state->addrs);
486
899
TAILQ_INIT(&state->ll_callbacks);
900
901
/* Regenerate new ids */
902
if (ifp->options &&
903
ifp->options->options & DHCPCD_IPV6RA_OWN &&
904
ip6_use_tempaddr(ifp->name))
905
ipv6_regentempifid(ifp);
487
906
}
488
907
return state;
489
908
}
490
909
491
910
void
492
ipv6_handleifa(int cmd, struct if_head *ifs, const char *ifname,
493
const struct in6_addr *addr, int flags)
911
ipv6_handleifa(struct dhcpcd_ctx *ctx,
912
int cmd, struct if_head *ifs, const char *ifname,
913
const struct in6_addr *addr, uint8_t prefix_len, int flags)
494
914
{
495
915
struct interface *ifp;
496
916
struct ipv6_state *state;
497
struct ipv6_addr_l *ap;
917
struct ipv6_addr *ap;
498
918
struct ll_callback *cb;
499
919
500
920
#if 0
501
921
char buf[INET6_ADDRSTRLEN];
502
922
inet_ntop(AF_INET6, &addr->s6_addr,
503
923
buf, INET6_ADDRSTRLEN);
504
syslog(LOG_DEBUG, "%s: cmd %d addr %s flags %d",
924
logger(ctx, LOG_DEBUG, "%s: cmd %d addr %s flags %d",
505
925
ifname, cmd, buf, flags);
506
926
#endif
507
927
508
/* Safety, remove tentative addresses */
509
if (cmd == RTM_NEWADDR) {
510
if (flags & IN6_IFF_TENTATIVE)
511
cmd = RTM_DELADDR;
512
#ifdef IN6_IFF_DETACHED
513
if (flags & IN6_IFF_DETACHED)
514
cmd = RTM_DELADDR;
515
#endif
516
}
517
518
928
if (ifs == NULL)
519
ifs = ifaces;
929
ifs = ctx->ifaces;
520
930
if (ifs == NULL) {
521
931
errno = ESRCH;
522
932
return;
523
933
}
524
934
TAILQ_FOREACH(ifp, ifs, next) {
525
if (strcmp(ifp->name, ifname) == 0)
526
break;
527
}
528
if (ifp == NULL) {
529
errno = ESRCH;
530
return;
531
}
532
533
state = ipv6_getstate(ifp);
534
if (state == NULL)
535
return;
536
537
if (!IN6_IS_ADDR_LINKLOCAL(addr)) {
538
ipv6rs_handleifa(cmd, ifname, addr, flags);
539
dhcp6_handleifa(cmd, ifname, addr, flags);
540
}
541
542
/* We don't care about duplicated addresses, so remove them */
543
if (flags & IN6_IFF_DUPLICATED)
544
cmd = RTM_DELADDR;
545
546
TAILQ_FOREACH(ap, &state->addrs, next) {
547
if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr))
548
break;
549
}
550
551
switch (cmd) {
552
case RTM_DELADDR:
553
if (ap) {
554
TAILQ_REMOVE(&state->addrs, ap, next);
555
free(ap);
556
}
557
break;
558
case RTM_NEWADDR:
559
if (ap == NULL) {
560
ap = calloc(1, sizeof(*ap));
561
memcpy(ap->addr.s6_addr, addr->s6_addr,
562
sizeof(ap->addr.s6_addr));
563
TAILQ_INSERT_TAIL(&state->addrs,
564
ap, next);
565
935
/* Each psuedo interface also stores addresses */
936
if (strcmp(ifp->name, ifname))
937
continue;
938
state = ipv6_getstate(ifp);
939
if (state == NULL)
940
continue;
941
942
if (!IN6_IS_ADDR_LINKLOCAL(addr)) {
943
ipv6nd_handleifa(ctx, cmd, ifname, addr, flags);
944
dhcp6_handleifa(ctx, cmd, ifname, addr, flags);
945
}
946
947
TAILQ_FOREACH(ap, &state->addrs, next) {
948
if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr))
949
break;
950
}
951
952
switch (cmd) {
953
case RTM_DELADDR:
954
if (ap) {
955
TAILQ_REMOVE(&state->addrs, ap, next);
956
ipv6_freeaddr(ap);
957
}
958
break;
959
case RTM_NEWADDR:
960
if (ap == NULL) {
961
char buf[INET6_ADDRSTRLEN];
962
const char *cbp;
963
964
ap = calloc(1, sizeof(*ap));
965
ap->iface = ifp;
966
ap->addr = *addr;
967
ap->prefix_len = prefix_len;
968
ipv6_makeprefix(&ap->prefix, &ap->addr,
969
ap->prefix_len);
970
cbp = inet_ntop(AF_INET6, &addr->s6_addr,
971
buf, sizeof(buf));
972
if (cbp)
973
snprintf(ap->saddr, sizeof(ap->saddr),
974
"%s/%d", cbp, prefix_len);
975
if (if_getlifetime6(ap) == -1) {
976
/* No support or address vanished.
977
* Either way, just set a deprecated
978
* infinite time lifetime and continue.
979
* This is fine because we only want
980
* to know this when trying to extend
981
* temporary addresses.
982
* As we can't extend infinite, we'll
983
* create a new temporary address. */
984
ap->prefix_pltime = 0;
985
ap->prefix_vltime =
986
ND6_INFINITE_LIFETIME;
987
}
988
/* This is a minor regression against RFC 4941
989
* because the kernel only knows when the
990
* lifetimes were last updated, not when the
991
* address was initially created.
992
* Provided dhcpcd is not restarted, this
993
* won't be a problem.
994
* If we don't like it, we can always
995
* pretend lifetimes are infinite and always
996
* generate a new temporary address on
997
* restart. */
998
ap->acquired = ap->created;
999
TAILQ_INSERT_TAIL(&state->addrs,
1000
ap, next);
1001
}
1002
ap->addr_flags = flags;
1003
#ifdef IPV6_MANAGETEMPADDR
1004
if (ap->addr_flags & IN6_IFF_TEMPORARY)
1005
ap->flags |= IPV6_AF_TEMPORARY;
1006
#endif
566
1007
if (IN6_IS_ADDR_LINKLOCAL(&ap->addr)) {
567
/* Now run any callbacks.
568
* Typically IPv6RS or DHCPv6 */
569
while ((cb =
570
TAILQ_FIRST(&state->ll_callbacks)))
571
{
572
TAILQ_REMOVE(&state->ll_callbacks,
573
cb, next);
574
cb->callback(cb->arg);
575
free(cb);
576
}
577
}
578
}
579
break;
580
}
581
}
582
583
const struct ipv6_addr_l *
584
ipv6_linklocal(const struct interface *ifp)
585
{
586
const struct ipv6_state *state;
587
const struct ipv6_addr_l *ap;
588
589
state = IPV6_CSTATE(ifp);
590
if (state) {
591
TAILQ_FOREACH(ap, &state->addrs, next) {
592
if (IN6_IS_ADDR_LINKLOCAL(&ap->addr))
593
return ap;
594
}
595
}
596
return NULL;
597
}
598
599
const struct ipv6_addr_l *
600
ipv6_findaddr(const struct interface *ifp, const struct in6_addr *addr)
601
{
602
const struct ipv6_state *state;
603
const struct ipv6_addr_l *ap;
604
605
state = IPV6_CSTATE(ifp);
606
if (state) {
607
TAILQ_FOREACH(ap, &state->addrs, next) {
608
if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr))
609
return ap;
610
}
611
}
612
return NULL;
613
}
614
615
int ipv6_addlinklocalcallback(struct interface *ifp,
1008
#ifdef IPV6_POLLADDRFLAG
1009
if (ap->addr_flags & IN6_IFF_TENTATIVE) {
1010
struct timespec tv;
1011
1012
ms_to_ts(&tv, RETRANS_TIMER / 2);
1013
eloop_timeout_add_tv(
1014
ap->iface->ctx->eloop,
1015
&tv, ipv6_checkaddrflags, ap);
1016
break;
1017
}
1018
#endif
1019
1020
if (!(ap->addr_flags & IN6_IFF_NOTUSEABLE)) {
1021
/* Now run any callbacks.
1022
* Typically IPv6RS or DHCPv6 */
1023
while ((cb =
1024
TAILQ_FIRST(&state->ll_callbacks)))
1025
{
1026
TAILQ_REMOVE(
1027
&state->ll_callbacks,
1028
cb, next);
1029
cb->callback(cb->arg);
1030
free(cb);
1031
}
1032
}
1033
}
1034
break;
1035
}
1036
}
1037
}
1038
1039
const struct ipv6_addr *
1040
ipv6_iffindaddr(const struct interface *ifp, const struct in6_addr *addr)
1041
{
1042
const struct ipv6_state *state;
1043
const struct ipv6_addr *ap;
1044
1045
state = IPV6_CSTATE(ifp);
1046
if (state) {
1047
TAILQ_FOREACH(ap, &state->addrs, next) {
1048
if (addr == NULL) {
1049
if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1050
!(ap->addr_flags & IN6_IFF_NOTUSEABLE))
1051
return ap;
1052
} else {
1053
if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1054
!(ap->addr_flags & IN6_IFF_TENTATIVE))
1055
return ap;
1056
}
1057
}
1058
}
1059
return NULL;
1060
}
1061
1062
int
1063
ipv6_addlinklocalcallback(struct interface *ifp,
616
1064
void (*callback)(void *), void *arg)
617
1065
{
618
1066
struct ipv6_state *state;
626
1074
if (cb == NULL) {
627
1075
cb = malloc(sizeof(*cb));
628
1076
if (cb == NULL) {
629
syslog(LOG_ERR, "%s: %m", __func__);
1077
logger(ifp->ctx, LOG_ERR, "%s: %m", __func__);
630
1078
return -1;
631
1079
}
632
1080
cb->callback = callback;
636
1084
return 0;
637
1085
}
638
1086
1087
static struct ipv6_addr *
1088
ipv6_newlinklocal(struct interface *ifp)
1089
{
1090
struct ipv6_addr *ap;
1091
1092
ap = calloc(1, sizeof(*ap));
1093
if (ap != NULL) {
1094
ap->iface = ifp;
1095
ap->prefix.s6_addr32[0] = htonl(0xfe800000);
1096
ap->prefix.s6_addr32[1] = 0;
1097
ap->prefix_len = 64;
1098
ap->dadcounter = 0;
1099
ap->prefix_pltime = ND6_INFINITE_LIFETIME;
1100
ap->prefix_vltime = ND6_INFINITE_LIFETIME;
1101
ap->flags = IPV6_AF_NEW;
1102
ap->addr_flags = IN6_IFF_TENTATIVE;
1103
}
1104
return ap;
1105
}
1106
1107
static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1108
static const uint8_t allone[8] =
1109
{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1110
1111
static int
1112
ipv6_addlinklocal(struct interface *ifp)
1113
{
1114
struct ipv6_state *state;
1115
struct ipv6_addr *ap, *ap2;
1116
int dadcounter;
1117
1118
/* Check sanity before malloc */
1119
if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1120
switch (ifp->family) {
1121
case ARPHRD_ETHER:
1122
/* Check for a valid hardware address */
1123
if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1124
errno = ENOTSUP;
1125
return -1;
1126
}
1127
if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1128
memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1129
{
1130
errno = EINVAL;
1131
return -1;
1132
}
1133
break;
1134
default:
1135
errno = ENOTSUP;
1136
return -1;
1137
}
1138
}
1139
1140
state = ipv6_getstate(ifp);
1141
if (state == NULL)
1142
return -1;
1143
1144
ap = ipv6_newlinklocal(ifp);
1145
if (ap == NULL)
1146
return -1;
1147
1148
if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1149
dadcounter = 0;
1150
nextslaacprivate:
1151
if (ipv6_makestableprivate(&ap->addr,
1152
&ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1153
{
1154
free(ap);
1155
return -1;
1156
}
1157
ap->dadcounter = dadcounter;
1158
} else {
1159
memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1160
switch (ifp->family) {
1161
case ARPHRD_ETHER:
1162
if (ifp->hwlen == 6) {
1163
ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1164
ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1165
ap->addr.s6_addr[10] = ifp->hwaddr[2];
1166
ap->addr.s6_addr[11] = 0xff;
1167
ap->addr.s6_addr[12] = 0xfe;
1168
ap->addr.s6_addr[13] = ifp->hwaddr[3];
1169
ap->addr.s6_addr[14] = ifp->hwaddr[4];
1170
ap->addr.s6_addr[15] = ifp->hwaddr[5];
1171
} else if (ifp->hwlen == 8)
1172
memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1173
else {
1174
free(ap);
1175
errno = ENOTSUP;
1176
return -1;
1177
}
1178
break;
1179
}
1180
1181
/* Sanity check: g bit must not indciate "group" */
1182
if (EUI64_GROUP(&ap->addr)) {
1183
free(ap);
1184
errno = EINVAL;
1185
return -1;
1186
}
1187
EUI64_TO_IFID(&ap->addr);
1188
}
1189
1190
/* Do we already have this address? */
1191
TAILQ_FOREACH(ap2, &state->addrs, next) {
1192
if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1193
if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1194
if (ifp->options->options &
1195
DHCPCD_SLAACPRIVATE)
1196
{
1197
dadcounter++;
1198
goto nextslaacprivate;
1199
}
1200
free(ap);
1201
errno = EADDRNOTAVAIL;
1202
return -1;
1203
}
1204
1205
logger(ap2->iface->ctx, LOG_WARNING,
1206
"%s: waiting for %s to complete",
1207
ap2->iface->name, ap2->saddr);
1208
free(ap);
1209
errno = EEXIST;
1210
return 0;
1211
}
1212
}
1213
1214
inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1215
TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1216
ipv6_addaddr(ap, NULL);
1217
return 1;
1218
}
1219
1220
/* Ensure the interface has a link-local address */
1221
int
1222
ipv6_start(struct interface *ifp)
1223
{
1224
const struct ipv6_state *state;
1225
const struct ipv6_addr *ap;
1226
1227
/* We can't assign a link-locak address to this,
1228
* the ppp process has to. */
1229
if (ifp->flags & IFF_POINTOPOINT)
1230
return 0;
1231
1232
state = IPV6_CSTATE(ifp);
1233
if (state) {
1234
TAILQ_FOREACH(ap, &state->addrs, next) {
1235
if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1236
!(ap->addr_flags & IN6_IFF_DUPLICATED))
1237
break;
1238
}
1239
/* Regenerate new ids */
1240
if (ifp->options->options & DHCPCD_IPV6RA_OWN &&
1241
ip6_use_tempaddr(ifp->name))
1242
ipv6_regentempifid(ifp);
1243
} else
1244
ap = NULL;
1245
1246
if (ap == NULL && ipv6_addlinklocal(ifp) == -1)
1247
return -1;
1248
1249
/* Load existing routes */
1250
if_initrt6(ifp);
1251
return 0;
1252
}
1253
639
1254
void
640
ipv6_free_ll_callbacks(struct interface *ifp)
1255
ipv6_freedrop(struct interface *ifp, int drop)
641
1256
{
642
1257
struct ipv6_state *state;
643
1258
struct ll_callback *cb;
644
1259
645
state = IPV6_STATE(ifp);
646
if (state) {
1260
if (ifp == NULL)
1261
return;
1262
1263
if ((state = IPV6_STATE(ifp)) == NULL)
1264
return;
1265
1266
ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1267
1268
/* Becuase we need to cache the addresses we don't control,
1269
* we only free the state on when NOT dropping addresses. */
1270
if (drop == 0) {
647
1271
while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
648
1272
TAILQ_REMOVE(&state->ll_callbacks, cb, next);
649
1273
free(cb);
650
1274
}
651
}
652
}
653
654
void
655
ipv6_free(struct interface *ifp)
656
{
657
struct ipv6_state *state;
658
struct ipv6_addr_l *ap;
659
660
ipv6_free_ll_callbacks(ifp);
661
state = IPV6_STATE(ifp);
662
if (state) {
663
while ((ap = TAILQ_FIRST(&state->addrs))) {
664
TAILQ_REMOVE(&state->addrs, ap, next);
665
free(ap);
666
}
667
1275
free(state);
668
1276
ifp->if_data[IF_DATA_IPV6] = NULL;
1277
eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
669
1278
}
670
1279
}
671
1280
1281
void
1282
ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1283
{
1284
1285
if (ctx->ipv6 == NULL)
1286
return;
1287
1288
ipv6_freerts(ctx->ipv6->routes);
1289
free(ctx->ipv6->routes);
1290
free(ctx->ipv6->ra_routers);
1291
ipv6_freerts(&ctx->ipv6->kroutes);
1292
free(ctx->ipv6);
1293
}
1294
672
1295
int
673
1296
ipv6_handleifa_addrs(int cmd,
674
1297
struct ipv6_addrhead *addrs, const struct in6_addr *addr, int flags)
680
1303
found = 0;
681
1304
TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
682
1305
if (!IN6_ARE_ADDR_EQUAL(addr, &ap->addr)) {
683
if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0)
1306
if (ap->flags & IPV6_AF_ADDED &&
1307
!(ap->flags & IPV6_AF_DADCOMPLETED))
684
1308
alldadcompleted = 0;
685
1309
continue;
686
1310
}
687
1311
switch (cmd) {
688
1312
case RTM_DELADDR:
689
syslog(LOG_INFO, "%s: deleted address %s",
690
ap->iface->name, ap->saddr);
691
TAILQ_REMOVE(addrs, ap, next);
692
free(ap);
1313
if (ap->flags & IPV6_AF_ADDED) {
1314
logger(ap->iface->ctx, LOG_INFO,
1315
"%s: deleted address %s",
1316
ap->iface->name, ap->saddr);
1317
ap->flags &= ~IPV6_AF_ADDED;
1318
}
693
1319
break;
694
1320
case RTM_NEWADDR:
695
1321
/* Safety - ignore tentative announcements */
696
if (flags & IN6_IFF_TENTATIVE)
1322
if (flags & (IN6_IFF_DETACHED |IN6_IFF_TENTATIVE))
697
1323
break;
698
1324
if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0) {
699
1325
found++;
714
1340
return alldadcompleted ? found : 0;
715
1341
}
716
1342
1343
#ifdef IPV6_MANAGETEMPADDR
1344
static const struct ipv6_addr *
1345
ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr)
1346
{
1347
const struct interface *ifp;
1348
const struct ipv6_state *state;
1349
const struct ipv6_addr *ia;
1350
1351
TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1352
if ((state = IPV6_CSTATE(ifp))) {
1353
TAILQ_FOREACH(ia, &state->addrs, next) {
1354
if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0)
1355
return ia;
1356
}
1357
}
1358
}
1359
return NULL;
1360
}
1361
1362
static const uint8_t nullid[8];
1363
static const uint8_t anycastid[8] = {
1364
0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 };
1365
static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe };
1366
1367
static void
1368
ipv6_regen_desync(struct interface *ifp, int force)
1369
{
1370
struct ipv6_state *state;
1371
time_t max;
1372
1373
state = IPV6_STATE(ifp);
1374
1375
/* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1376
* greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1377
* I believe this is an error and it should be never be greateter than
1378
* TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1379
max = ip6_temp_preferred_lifetime(ifp->name) - REGEN_ADVANCE;
1380
if (state->desync_factor && !force && state->desync_factor < max)
1381
return;
1382
if (state->desync_factor == 0)
1383
state->desync_factor =
1384
(time_t)arc4random_uniform(MIN(MAX_DESYNC_FACTOR,
1385
(uint32_t)max));
1386
max = ip6_temp_preferred_lifetime(ifp->name) -
1387
state->desync_factor - REGEN_ADVANCE;
1388
eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp);
1389
}
1390
1391
void
1392
ipv6_gentempifid(struct interface *ifp)
1393
{
1394
struct ipv6_state *state;
1395
MD5_CTX md5;
1396
uint8_t seed[16], digest[16];
1397
int retry;
1398
1399
if ((state = IPV6_STATE(ifp)) == NULL)
1400
return;
1401
1402
retry = 0;
1403
if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) {
1404
uint32_t r;
1405
1406
r = arc4random();
1407
memcpy(seed, &r, sizeof(r));
1408
r = arc4random();
1409
memcpy(seed + sizeof(r), &r, sizeof(r));
1410
} else
1411
memcpy(seed, state->randomseed0, sizeof(state->randomseed0));
1412
1413
memcpy(seed + sizeof(state->randomseed0),
1414
state->randomseed1, sizeof(state->randomseed1));
1415
1416
again:
1417
/* RFC4941 Section 3.2.1.1
1418
* Take the left-most 64bits and set bit 6 to zero */
1419
MD5Init(&md5);
1420
MD5Update(&md5, seed, sizeof(seed));
1421
MD5Final(digest, &md5);
1422
1423
/* RFC4941 Section 3.2.1.1
1424
* Take the left-most 64bits and set bit 6 to zero */
1425
memcpy(state->randomid, digest, sizeof(state->randomid));
1426
state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT);
1427
1428
/* RFC4941 Section 3.2.1.4
1429
* Reject reserved or existing id's */
1430
if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 ||
1431
(memcmp(anycastid, state->randomid, 7) == 0 &&
1432
(anycastid[7] & state->randomid[7]) == anycastid[7]) ||
1433
memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 ||
1434
ipv6_findaddrid(ifp->ctx, state->randomid))
1435
{
1436
if (++retry < GEN_TEMPID_RETRY_MAX) {
1437
memcpy(seed, digest + 8, 8);
1438
goto again;
1439
}
1440
memset(state->randomid, 0, sizeof(state->randomid));
1441
}
1442
1443
/* RFC4941 Section 3.2.1.6
1444
* Save the right-most 64bits of the digest */
1445
memcpy(state->randomseed0, digest + 8,
1446
sizeof(state->randomseed0));
1447
}
1448
1449
/* RFC4941 Section 3.3.7 */
1450
static void
1451
ipv6_tempdadcallback(void *arg)
1452
{
1453
struct ipv6_addr *ia = arg;
1454
1455
if (ia->flags & IPV6_AF_DUPLICATED) {
1456
struct ipv6_addr *ia1;
1457
struct timespec tv;
1458
1459
if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1460
logger(ia->iface->ctx, LOG_ERR,
1461
"%s: too many duplicate temporary addresses",
1462
ia->iface->name);
1463
return;
1464
}
1465
clock_gettime(CLOCK_MONOTONIC, &tv);
1466
if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1467
logger(ia->iface->ctx, LOG_ERR,
1468
"ipv6_createtempaddr: %m");
1469
else
1470
ia1->dadcounter = ia->dadcounter;
1471
ipv6_deleteaddr(ia);
1472
if (ia1)
1473
ipv6_addaddr(ia1, &ia1->acquired);
1474
}
1475
}
1476
1477
struct ipv6_addr *
1478
ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1479
{
1480
struct ipv6_state *state;
1481
const struct ipv6_state *cstate;
1482
int genid;
1483
struct in6_addr addr, mask;
1484
uint32_t randid[2];
1485
const struct interface *ifp;
1486
const struct ipv6_addr *ap;
1487
struct ipv6_addr *ia;
1488
uint32_t i, trylimit;
1489
char buf[INET6_ADDRSTRLEN];
1490
const char *cbp;
1491
1492
trylimit = TEMP_IDGEN_RETRIES;
1493
state = IPV6_STATE(ia0->iface);
1494
genid = 0;
1495
1496
addr = ia0->addr;
1497
ipv6_mask(&mask, ia0->prefix_len);
1498
/* clear the old ifid */
1499
for (i = 0; i < 4; i++)
1500
addr.s6_addr32[i] &= mask.s6_addr32[i];
1501
1502
again:
1503
if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0)
1504
genid = 1;
1505
if (genid) {
1506
memcpy(state->randomseed1, &ia0->addr.s6_addr[8],
1507
sizeof(state->randomseed1));
1508
ipv6_gentempifid(ia0->iface);
1509
if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) {
1510
errno = EFAULT;
1511
return NULL;
1512
}
1513
}
1514
memcpy(&randid[0], state->randomid, sizeof(randid[0]));
1515
memcpy(&randid[1], state->randomid + sizeof(randid[1]),
1516
sizeof(randid[2]));
1517
addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2];
1518
addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3];
1519
1520
/* Ensure we don't already have it */
1521
TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) {
1522
cstate = IPV6_CSTATE(ifp);
1523
if (cstate) {
1524
TAILQ_FOREACH(ap, &cstate->addrs, next) {
1525
if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) {
1526
if (--trylimit == 0) {
1527
errno = EEXIST;
1528
return NULL;
1529
}
1530
genid = 1;
1531
goto again;
1532
}
1533
}
1534
}
1535
}
1536
1537
if ((ia = calloc(1, sizeof(*ia))) == NULL)
1538
return NULL;
1539
1540
ia->iface = ia0->iface;
1541
ia->addr = addr;
1542
/* Must be made tentative, for our DaD to work */
1543
ia->addr_flags = IN6_IFF_TENTATIVE;
1544
ia->dadcallback = ipv6_tempdadcallback;
1545
ia->flags = IPV6_AF_NEW | IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY;
1546
ia->prefix = ia0->prefix;
1547
ia->prefix_len = ia0->prefix_len;
1548
ia->created = ia->acquired = now ? *now : ia0->acquired;
1549
1550
/* Ensure desync is still valid */
1551
ipv6_regen_desync(ia->iface, 0);
1552
1553
/* RFC4941 Section 3.3.4 */
1554
i = (uint32_t)(ip6_temp_preferred_lifetime(ia0->iface->name) -
1555
state->desync_factor);
1556
ia->prefix_pltime = MIN(ia0->prefix_pltime, i);
1557
i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name);
1558
ia->prefix_vltime = MIN(ia0->prefix_vltime, i);
1559
if (ia->prefix_pltime <= REGEN_ADVANCE ||
1560
ia->prefix_pltime > ia0->prefix_vltime)
1561
{
1562
errno = EINVAL;
1563
free(ia);
1564
return NULL;
1565
}
1566
1567
cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1568
if (cbp)
1569
snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d",
1570
cbp, ia->prefix_len); else ia->saddr[0] = '\0';
1571
1572
TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1573
return ia;
1574
}
1575
1576
void
1577
ipv6_settempstale(struct interface *ifp)
1578
{
1579
struct ipv6_state *state;
1580
struct ipv6_addr *ia;
1581
1582
state = IPV6_STATE(ifp);
1583
TAILQ_FOREACH(ia, &state->addrs, next) {
1584
if (ia->flags & IPV6_AF_TEMPORARY)
1585
ia->flags |= IPV6_AF_STALE;
1586
}
1587
}
1588
1589
struct ipv6_addr *
1590
ipv6_settemptime(struct ipv6_addr *ia, int flags)
1591
{
1592
struct ipv6_state *state;
1593
struct ipv6_addr *ap, *first;
1594
1595
state = IPV6_STATE(ia->iface);
1596
first = NULL;
1597
TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
1598
if (ap->flags & IPV6_AF_TEMPORARY &&
1599
ap->prefix_pltime &&
1600
IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
1601
{
1602
time_t max, ext;
1603
1604
if (flags == 0) {
1605
if (ap->prefix_pltime -
1606
(uint32_t)(ia->acquired.tv_sec -
1607
ap->acquired.tv_sec)
1608
< REGEN_ADVANCE)
1609
continue;
1610
1611
return ap;
1612
}
1613
1614
if (!(ap->flags & IPV6_AF_ADDED))
1615
ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
1616
ap->flags &= ~IPV6_AF_STALE;
1617
1618
/* RFC4941 Section 3.4
1619
* Deprecated prefix, deprecate the temporary address */
1620
if (ia->prefix_pltime == 0) {
1621
ap->prefix_pltime = 0;
1622
goto valid;
1623
}
1624
1625
/* Ensure desync is still valid */
1626
ipv6_regen_desync(ap->iface, 0);
1627
1628
/* RFC4941 Section 3.3.2
1629
* Extend temporary times, but ensure that they
1630
* never last beyond the system limit. */
1631
ext = ia->acquired.tv_sec + (time_t)ia->prefix_pltime;
1632
max = ap->created.tv_sec +
1633
ip6_temp_preferred_lifetime(ap->iface->name) -
1634
state->desync_factor;
1635
if (ext < max)
1636
ap->prefix_pltime = ia->prefix_pltime;
1637
else
1638
ap->prefix_pltime =
1639
(uint32_t)(max - ia->acquired.tv_sec);
1640
1641
valid:
1642
ext = ia->acquired.tv_sec + (time_t)ia->prefix_vltime;
1643
max = ap->created.tv_sec +
1644
ip6_temp_valid_lifetime(ap->iface->name);
1645
if (ext < max)
1646
ap->prefix_vltime = ia->prefix_vltime;
1647
else
1648
ap->prefix_vltime =
1649
(uint32_t)(max - ia->acquired.tv_sec);
1650
1651
/* Just extend the latest matching prefix */
1652
ap->acquired = ia->acquired;
1653
1654
/* If extending return the last match as
1655
* it's the most current.
1656
* If deprecating, deprecate any other addresses we
1657
* may have, although this should not be needed */
1658
if (ia->prefix_pltime)
1659
return ap;
1660
if (first == NULL)
1661
first = ap;
1662
}
1663
}
1664
return first;
1665
}
1666
1667
void
1668
ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
1669
{
1670
struct ipv6_state *state;
1671
struct ipv6_addr *ia;
1672
1673
state = IPV6_STATE(ifp);
1674
TAILQ_FOREACH(ia, &state->addrs, next) {
1675
if (ia->flags & IPV6_AF_TEMPORARY &&
1676
!(ia->flags & IPV6_AF_STALE))
1677
ipv6_addaddr(ia, now);
1678
}
1679
}
1680
1681
static void
1682
ipv6_regentempaddr(void *arg)
1683
{
1684
struct ipv6_addr *ia = arg, *ia1;
1685
struct timespec tv;
1686
1687
logger(ia->iface->ctx, LOG_DEBUG, "%s: regen temp addr %s",
1688
ia->iface->name, ia->saddr);
1689
clock_gettime(CLOCK_MONOTONIC, &tv);
1690
ia1 = ipv6_createtempaddr(ia, &tv);
1691
if (ia1)
1692
ipv6_addaddr(ia1, &tv);
1693
else
1694
logger(ia->iface->ctx, LOG_ERR, "ipv6_createtempaddr: %m");
1695
}
1696
1697
static void
1698
ipv6_regentempifid(void *arg)
1699
{
1700
struct interface *ifp = arg;
1701
struct ipv6_state *state;
1702
1703
state = IPV6_STATE(ifp);
1704
if (memcmp(state->randomid, nullid, sizeof(state->randomid)))
1705
ipv6_gentempifid(ifp);
1706
1707
ipv6_regen_desync(ifp, 1);
1708
}
1709
#endif /* IPV6_MANAGETEMPADDR */
1710
717
1711
static struct rt6 *
718
find_route6(struct rt6head *rts, const struct rt6 *r)
1712
find_route6(struct rt6_head *rts, const struct rt6 *r)
719
1713
{
720
1714
struct rt6 *rt;
721
1715
722
1716
TAILQ_FOREACH(rt, rts, next) {
723
1717
if (IN6_ARE_ADDR_EQUAL(&rt->dest, &r->dest) &&
724
#if HAVE_ROUTE_METRIC
725
rt->iface->metric == r->iface->metric &&
1718
#ifdef HAVE_ROUTE_METRIC
1719
(r->iface == NULL || rt->iface == NULL ||
1720
rt->iface->metric == r->iface->metric) &&
726
1721
#endif
727
1722
IN6_ARE_ADDR_EQUAL(&rt->net, &r->net))
728
1723
return rt;
735
1730
{
736
1731
char destbuf[INET6_ADDRSTRLEN];
737
1732
char gatebuf[INET6_ADDRSTRLEN];
738
const char *ifname = rt->iface->name, *dest, *gate;
1733
const char *ifname, *dest, *gate;
1734
struct dhcpcd_ctx *ctx;
739
1735
740
dest = inet_ntop(AF_INET6, &rt->dest.s6_addr,
741
destbuf, INET6_ADDRSTRLEN);
742
gate = inet_ntop(AF_INET6, &rt->gate.s6_addr,
743
gatebuf, INET6_ADDRSTRLEN);
1736
ctx = rt->iface ? rt->iface->ctx : NULL;
1737
ifname = rt->iface ? rt->iface->name : "(no iface)";
1738
dest = inet_ntop(AF_INET6, &rt->dest, destbuf, INET6_ADDRSTRLEN);
1739
gate = inet_ntop(AF_INET6, &rt->gate, gatebuf, INET6_ADDRSTRLEN);
744
1740
if (IN6_ARE_ADDR_EQUAL(&rt->gate, &in6addr_any))
745
syslog(LOG_INFO, "%s: %s route to %s/%d", ifname, cmd,
746
dest, ipv6_prefixlen(&rt->net));
1741
logger(ctx, LOG_INFO, "%s: %s route to %s/%d",
1742
ifname, cmd, dest, ipv6_prefixlen(&rt->net));
747
1743
else if (IN6_ARE_ADDR_EQUAL(&rt->dest, &in6addr_any) &&
748
1744
IN6_ARE_ADDR_EQUAL(&rt->net, &in6addr_any))
749
syslog(LOG_INFO, "%s: %s default route via %s", ifname, cmd,
750
gate);
1745
logger(ctx, LOG_INFO, "%s: %s default route via %s",
1746
ifname, cmd, gate);
751
1747
else
752
syslog(LOG_INFO, "%s: %s route to %s/%d via %s", ifname, cmd,
1748
logger(ctx, LOG_INFO, "%s: %s%s route to %s/%d via %s",
1749
ifname, cmd,
1750
rt->flags & RTF_REJECT ? " reject" : "",
753
1751
dest, ipv6_prefixlen(&rt->net), gate);
754
1752
}
755
1753
756
#define n_route(a) nc_route(1, a, a)
757
#define c_route(a, b) nc_route(0, a, b)
1754
static struct rt6*
1755
ipv6_findrt(struct dhcpcd_ctx *ctx, const struct rt6 *rt, int flags)
1756
{
1757
struct rt6 *r;
1758
1759
TAILQ_FOREACH(r, &ctx->ipv6->kroutes, next) {
1760
if (IN6_ARE_ADDR_EQUAL(&rt->dest, &r->dest) &&
1761
#ifdef HAVE_ROUTE_METRIC
1762
(rt->iface == r->iface ||
1763
(rt->flags & RTF_REJECT && r->flags & RTF_REJECT)) &&
1764
(!flags || rt->metric == r->metric) &&
1765
#else
1766
(!flags || rt->iface == r->iface ||
1767
(rt->flags & RTF_REJECT && r->flags & RTF_REJECT)) &&
1768
#endif
1769
IN6_ARE_ADDR_EQUAL(&rt->net, &r->net))
1770
return r;
1771
}
1772
return NULL;
1773
}
1774
1775
void
1776
ipv6_freerts(struct rt6_head *routes)
1777
{
1778
struct rt6 *rt;
1779
1780
while ((rt = TAILQ_FIRST(routes))) {
1781
TAILQ_REMOVE(routes, rt, next);
1782
free(rt);
1783
}
1784
}
1785
1786
/* If something other than dhcpcd removes a route,
1787
* we need to remove it from our internal table. */
1788
int
1789
ipv6_handlert(struct dhcpcd_ctx *ctx, int cmd, struct rt6 *rt)
1790
{
1791
struct rt6 *f;
1792
1793
if (ctx->ipv6 == NULL)
1794
return 0;
1795
1796
f = ipv6_findrt(ctx, rt, 1);
1797
switch(cmd) {
1798
case RTM_ADD:
1799
if (f == NULL) {
1800
if ((f = malloc(sizeof(*f))) == NULL)
1801
return -1;
1802
*f = *rt;
1803
TAILQ_INSERT_TAIL(&ctx->ipv6->kroutes, f, next);
1804
}
1805
break;
1806
case RTM_DELETE:
1807
if (f) {
1808
TAILQ_REMOVE(&ctx->ipv6->kroutes, f, next);
1809
free(f);
1810
}
1811
/* If we manage the route, remove it */
1812
if ((f = find_route6(ctx->ipv6->routes, rt))) {
1813
desc_route("removing", f);
1814
TAILQ_REMOVE(ctx->ipv6->routes, f, next);
1815
free(f);
1816
}
1817
break;
1818
}
1819
return 0;
1820
}
1821
1822
#define n_route(a) nc_route(NULL, a)
1823
#define c_route(a, b) nc_route(a, b)
758
1824
static int
759
nc_route(int add, struct rt6 *ort, struct rt6 *nrt)
1825
nc_route(struct rt6 *ort, struct rt6 *nrt)
760
1826
{
761
1827
762
1828
/* Don't set default routes if not asked to */
765
1831
!(nrt->iface->options->options & DHCPCD_GATEWAY))
766
1832
return -1;
767
1833
768
desc_route(add ? "adding" : "changing", nrt);
769
/* We delete and add the route so that we can change metric and
770
* prefer the interface. */
771
del_route6(ort);
772
if (add_route6(nrt) == 0)
773
return 0;
774
syslog(LOG_ERR, "%s: add_route6: %m", nrt->iface->name);
1834
desc_route(ort == NULL ? "adding" : "changing", nrt);
1835
1836
if (ort == NULL) {
1837
ort = ipv6_findrt(nrt->iface->ctx, nrt, 0);
1838
if (ort &&
1839
((ort->flags & RTF_REJECT && nrt->flags & RTF_REJECT) ||
1840
(ort->iface == nrt->iface &&
1841
#ifdef HAVE_ROUTE_METRIC
1842
ort->metric == nrt->metric &&
1843
#endif
1844
IN6_ARE_ADDR_EQUAL(&ort->gate, &nrt->gate))))
1845
return 0;
1846
}
1847
1848
#ifdef HAVE_ROUTE_METRIC
1849
/* With route metrics, we can safely add the new route before
1850
* deleting the old route. */
1851
if (if_route6(RTM_ADD, nrt) == 0) {
1852
if (ort && if_route6(RTM_DELETE, ort) == -1 &&
1853
errno != ESRCH)
1854
logger(nrt->iface->ctx, LOG_ERR, "if_route6 (DEL): %m");
1855
return 0;
1856
}
1857
1858
/* If the kernel claims the route exists we need to rip out the
1859
* old one first. */
1860
if (errno != EEXIST || ort == NULL)
1861
goto logerr;
1862
#endif
1863
1864
/* No route metrics, we need to delete the old route before
1865
* adding the new one. */
1866
if (ort && if_route6(RTM_DELETE, ort) == -1 && errno != ESRCH)
1867
logger(nrt->iface->ctx, LOG_ERR, "if_route6: %m");
1868
if (if_route6(RTM_ADD, nrt) == 0)
1869
return 0;
1870
#ifdef HAVE_ROUTE_METRIC
1871
logerr:
1872
#endif
1873
logger(nrt->iface->ctx, LOG_ERR, "if_route6 (ADD): %m");
775
1874
return -1;
776
1875
}
777
1876
781
1880
int retval;
782
1881
783
1882
desc_route("deleting", rt);
784
retval = del_route6(rt);
1883
retval = if_route6(RTM_DELETE, rt);
785
1884
if (retval != 0 && errno != ENOENT && errno != ESRCH)
786
syslog(LOG_ERR,"%s: del_route6: %m", rt->iface->name);
1885
logger(rt->iface->ctx, LOG_ERR,
1886
"%s: if_delroute6: %m", rt->iface->name);
787
1887
return retval;
788
1888
}
789
1889
794
1894
795
1895
r = calloc(1, sizeof(*r));
796
1896
if (r == NULL) {
797
syslog(LOG_ERR, "%s: %m", __func__);
1897
logger(ifp->ctx, LOG_ERR, "%s: %m", __func__);
798
1898
return NULL;
799
1899
}
800
r->ra = rap;
801
1900
r->iface = ifp;
1901
#ifdef HAVE_ROUTE_METRIC
802
1902
r->metric = ifp->metric;
1903
#endif
803
1904
if (rap)
804
1905
r->mtu = rap->mtu;
805
1906
else
808
1909
}
809
1910
810
1911
static struct rt6 *
811
make_prefix(const struct interface * ifp, const struct ra *rap,
1912
make_prefix(const struct interface *ifp, const struct ra *rap,
812
1913
const struct ipv6_addr *addr)
813
1914
{
814
1915
struct rt6 *r;
815
1916
816
if (addr == NULL || addr->prefix_len > 128)
1917
if (addr == NULL || addr->prefix_len > 128) {
1918
errno = EINVAL;
1919
return NULL;
1920
}
1921
1922
/* There is no point in trying to manage a /128 prefix,
1923
* ones without a lifetime or ones not on link or delegated */
1924
if (addr->prefix_len == 128 ||
1925
addr->prefix_vltime == 0 ||
1926
!(addr->flags & (IPV6_AF_ONLINK | IPV6_AF_DELEGATEDPFX)))
1927
return NULL;
1928
1929
/* Don't install a blackhole route when not creating bigger prefixes */
1930
if (addr->flags & IPV6_AF_DELEGATEDZERO)
817
1931
return NULL;
818
1932
819
1933
r = make_route(ifp, rap);
820
1934
if (r == NULL)
821
return r;
1935
return NULL;
822
1936
r->dest = addr->prefix;
823
1937
ipv6_mask(&r->net, addr->prefix_len);
824
r->gate = in6addr_any;
1938
if (addr->flags & IPV6_AF_DELEGATEDPFX) {
1939
r->flags |= RTF_REJECT;
1940
r->gate = in6addr_loopback;
1941
} else
1942
r->gate = in6addr_any;
825
1943
return r;
826
1944
}
827
1945
828
829
1946
static struct rt6 *
830
1947
make_router(const struct ra *rap)
831
1948
{
840
1957
return r;
841
1958
}
842
1959
843
int
844
ipv6_removesubnet(const struct interface *ifp, struct ipv6_addr *addr)
845
{
846
struct rt6 *rt;
847
#if HAVE_ROUTE_METRIC
848
struct rt6 *ort;
849
#endif
850
int r;
851
852
/* We need to delete the subnet route to have our metric or
853
* prefer the interface. */
854
r = 0;
855
rt = make_prefix(ifp, NULL, addr);
856
if (rt) {
857
rt->iface = ifp;
858
#ifdef __linux__
859
rt->metric = 256;
860
#else
861
rt->metric = 0;
862
#endif
863
#if HAVE_ROUTE_METRIC
864
/* For some reason, Linux likes to re-add the subnet
865
route under the original metric.
866
I would love to find a way of stopping this! */
867
if ((ort = find_route6(routes, rt)) == NULL ||
868
ort->metric != rt->metric)
869
#else
870
if (!find_route6(routes, rt))
871
#endif
872
{
873
r = del_route6(rt);
874
if (r == -1 && errno == ESRCH)
875
r = 0;
876
}
877
free(rt);
878
}
879
return r;
880
}
881
882
1960
#define RT_IS_DEFAULT(rtp) \
883
1961
(IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) && \
884
1962
IN6_ARE_ADDR_EQUAL(&((rtp)->net), &in6addr_any))
885
1963
886
1964
static void
887
ipv6_build_ra_routes(struct rt6head *dnr, int expired)
1965
ipv6_build_ra_routes(struct ipv6_ctx *ctx, struct rt6_head *dnr, int expired)
888
1966
{
889
1967
struct rt6 *rt;
890
const struct ra *rap;
1968
struct ra *rap;
891
1969
const struct ipv6_addr *addr;
892
1970
893
TAILQ_FOREACH(rap, &ipv6_routers, next) {
1971
TAILQ_FOREACH(rap, ctx->ra_routers, next) {
894
1972
if (rap->expired != expired)
895
1973
continue;
896
1974
if (rap->iface->options->options & DHCPCD_IPV6RA_OWN) {
897
1975
TAILQ_FOREACH(addr, &rap->addrs, next) {
898
if ((addr->flags & IPV6_AF_ONLINK) == 0)
899
continue;
900
1976
rt = make_prefix(rap->iface, rap, addr);
901
1977
if (rt)
902
1978
TAILQ_INSERT_TAIL(dnr, rt, next);
903
1979
}
904
1980
}
905
if (rap->iface->options->options &
906
(DHCPCD_IPV6RA_OWN | DHCPCD_IPV6RA_OWN_DEFAULT))
1981
if (rap->lifetime && rap->iface->options->options &
1982
(DHCPCD_IPV6RA_OWN | DHCPCD_IPV6RA_OWN_DEFAULT) &&
1983
!rap->no_public_warned)
907
1984
{
908
1985
rt = make_router(rap);
909
1986
if (rt)
913
1990
}
914
1991
915
1992
static void
916
ipv6_build_dhcp_routes(struct rt6head *dnr, enum DH6S dstate)
1993
ipv6_build_dhcp_routes(struct dhcpcd_ctx *ctx,
1994
struct rt6_head *dnr, enum DH6S dstate)
917
1995
{
918
1996
const struct interface *ifp;
919
1997
const struct dhcp6_state *d6_state;
920
1998
const struct ipv6_addr *addr;
921
1999
struct rt6 *rt;
922
2000
923
TAILQ_FOREACH(ifp, ifaces, next) {
924
if (!(ifp->options->options & DHCPCD_IPV6RA_OWN))
925
continue;
2001
TAILQ_FOREACH(ifp, ctx->ifaces, next) {
926
2002
d6_state = D6_CSTATE(ifp);
927
2003
if (d6_state && d6_state->state == dstate) {
928
2004
TAILQ_FOREACH(addr, &d6_state->addrs, next) {
929
if ((addr->flags & IPV6_AF_ONLINK) == 0 ||
930
IN6_IS_ADDR_UNSPECIFIED(&addr->addr))
931
continue;
932
2005
rt = make_prefix(ifp, NULL, addr);
933
2006
if (rt)
934
2007
TAILQ_INSERT_TAIL(dnr, rt, next);
938
2011
}
939
2012
940
2013
void
941
ipv6_buildroutes(void)
2014
ipv6_buildroutes(struct dhcpcd_ctx *ctx)
942
2015
{
943
struct rt6head dnr, *nrs;
2016
struct rt6_head dnr, *nrs;
944
2017
struct rt6 *rt, *rtn, *or;
945
2018
uint8_t have_default;
946
2019
unsigned long long o;
947
2020
2021
/* We need to have the interfaces in the correct order to ensure
2022
* our routes are managed correctly. */
2023
if_sortinterfaces(ctx);
2024
948
2025
TAILQ_INIT(&dnr);
949
2026
950
2027
/* First add reachable routers and their prefixes */
951
ipv6_build_ra_routes(&dnr, 0);
952
#if HAVE_ROUTE_METRIC
2028
ipv6_build_ra_routes(ctx->ipv6, &dnr, 0);
2029
#ifdef HAVE_ROUTE_METRIC
953
2030
have_default = (TAILQ_FIRST(&dnr) != NULL);
954
2031
#endif
955
2032
956
2033
/* We have no way of knowing if prefixes added by DHCP are reachable
957
2034
* or not, so we have to assume they are.
958
2035
* Add bound before delegated so we can prefer interfaces better */
959
ipv6_build_dhcp_routes(&dnr, DH6S_BOUND);
960
ipv6_build_dhcp_routes(&dnr, DH6S_DELEGATED);
2036
ipv6_build_dhcp_routes(ctx, &dnr, DH6S_BOUND);
2037
ipv6_build_dhcp_routes(ctx, &dnr, DH6S_DELEGATED);
961
2038
962
#if HAVE_ROUTE_METRIC
2039
#ifdef HAVE_ROUTE_METRIC
963
2040
/* If we have an unreachable router, we really do need to remove the
964
2041
* route to it beause it could be a lower metric than a reachable
965
2042
* router. Of course, we should at least have some routers if all
969
2046
/* Add our non-reachable routers and prefixes
970
2047
* Unsure if this is needed, but it's a close match to kernel
971
2048
* behaviour */
972
ipv6_build_ra_routes(&dnr, 1);
2049
ipv6_build_ra_routes(ctx->ipv6, &dnr, 1);
973
2050
974
2051
nrs = malloc(sizeof(*nrs));
975
2052
if (nrs == NULL) {
976
syslog(LOG_ERR, "%s: %m", __func__);
2053
logger(ctx, LOG_ERR, "%s: %m", __func__);
977
2054
return;
978
2055
}
979
2056
TAILQ_INIT(nrs);
980
2057
have_default = 0;
2058
981
2059
TAILQ_FOREACH_SAFE(rt, &dnr, next, rtn) {
982
2060
/* Is this route already in our table? */
983
2061
if (find_route6(nrs, rt) != NULL)
984
2062
continue;
985
2063
//rt->src.s_addr = ifp->addr.s_addr;
986
2064
/* Do we already manage it? */
987
if ((or = find_route6(routes, rt))) {
2065
if ((or = find_route6(ctx->ipv6->routes, rt))) {
988
2066
if (or->iface != rt->iface ||
2067
#ifdef HAVE_ROUTE_METRIC
2068
rt->metric != or->metric ||
2069
#endif
989
2070
// or->src.s_addr != ifp->addr.s_addr ||
990
!IN6_ARE_ADDR_EQUAL(&rt->gate, &or->gate) ||
991
rt->metric != or->metric)
2071
!IN6_ARE_ADDR_EQUAL(&rt->gate, &or->gate))
992
2072
{
993
2073
if (c_route(or, rt) != 0)
994
2074
continue;
995
2075
}
996
TAILQ_REMOVE(routes, or, next);
2076
TAILQ_REMOVE(ctx->ipv6->routes, or, next);
997
2077
free(or);
998
2078
} else {
999
2079
if (n_route(rt) != 0)
1014
2094
/* Remove old routes we used to manage
1015
2095
* If we own the default route, but not RA management itself
1016
2096
* then we need to preserve the last best default route we had */
1017
while ((rt = TAILQ_LAST(routes, rt6head))) {
1018
TAILQ_REMOVE(routes, rt, next);
2097
while ((rt = TAILQ_LAST(ctx->ipv6->routes, rt6_head))) {
2098
TAILQ_REMOVE(ctx->ipv6->routes, rt, next);
1019
2099
if (find_route6(nrs, rt) == NULL) {
1020
2100
o = rt->iface->options->options;
1021
2101
if (!have_default &&
1026
2106
/* no need to add it back to our routing table
1027
2107
* as we delete an exiting route when we add
1028
2108
* a new one */
1029
else
2109
else if ((rt->iface->options->options &
2110
(DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
2111
(DHCPCD_EXITING | DHCPCD_PERSISTENT))
1030
2112
d_route(rt);
1031
2113
}
1032
2114
free(rt);
1033
2115
}
1034
2116
1035
free(routes);
1036
routes = nrs;
2117
free(ctx->ipv6->routes);
2118
ctx->ipv6->routes = nrs;
1037
2119
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1