1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * dhcpcd - DHCP client daemon 4 * Copyright (c) 2006-2025 Roy Marples <roy (at) marples.name> 5 * All rights reserved 6 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/param.h> 30 #include <sys/types.h> 31 #include <sys/socket.h> 32 #include <sys/stat.h> 33 34 #include <arpa/inet.h> 35 #include <net/if.h> 36 #include <net/route.h> 37 #include <netinet/in.h> 38 #include <netinet/if_ether.h> 39 40 #include "config.h" 41 42 #ifdef HAVE_SYS_BITOPS_H 43 #include <sys/bitops.h> 44 #else 45 #include "compat/bitops.h" 46 #endif 47 48 #ifdef BSD 49 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used 50 * to generate our CAN_ADD_LLADDR #define. */ 51 # include <netinet6/in6_var.h> 52 # include <netinet6/nd6.h> 53 #endif 54 55 #include <errno.h> 56 #include <ifaddrs.h> 57 #include <inttypes.h> 58 #include <stdlib.h> 59 #include <string.h> 60 #include <syslog.h> 61 #include <unistd.h> 62 63 #define ELOOP_QUEUE ELOOP_IPV6 64 #include "common.h" 65 #include "if.h" 66 #include "dhcpcd.h" 67 #include "dhcp6.h" 68 #include "eloop.h" 69 #include "ipv6.h" 70 #include "ipv6nd.h" 71 #include "logerr.h" 72 #include "privsep.h" 73 #include "sa.h" 74 #include "script.h" 75 76 #ifdef HAVE_MD5_H 77 # ifndef DEPGEN 78 # include <md5.h> 79 # endif 80 #endif 81 82 #ifdef SHA2_H 83 # include SHA2_H 84 #endif 85 86 #ifndef SHA256_DIGEST_LENGTH 87 # define SHA256_DIGEST_LENGTH 32 88 #endif 89 90 #ifdef IPV6_POLLADDRFLAG 91 # warning kernel does not report IPv6 address flag changes 92 #endif 93 94 /* Hackery at it's finest. */ 95 #ifndef s6_addr32 96 # ifdef __sun 97 # define s6_addr32 _S6_un._S6_u32 98 # else 99 # define s6_addr32 __u6_addr.__u6_addr32 100 # endif 101 #endif 102 103 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \ 104 defined(IFF_NOLINKLOCAL) 105 /* Only add the LL address if we have a carrier, so DaD works. */ 106 #define CAN_ADD_LLADDR(ifp) \ 107 (!((ifp)->options->options & DHCPCD_LINK) || if_is_link_up((ifp))) 108 #ifdef __sun 109 /* Although we can add our own LL address, we cannot drop it 110 * without unplumbing the if which is a lot of code. 111 * So just keep it for the time being. */ 112 #define CAN_DROP_LLADDR(ifp) (0) 113 #else 114 #define CAN_DROP_LLADDR(ifp) (1) 115 #endif 116 #else 117 /* We have no control over the OS adding the LLADDR, so just let it do it 118 * as we cannot force our own view on it. */ 119 #define CAN_ADD_LLADDR(ifp) (0) 120 #define CAN_DROP_LLADDR(ifp) (0) 121 #endif 122 123 #ifdef IPV6_MANAGETEMPADDR 124 static void ipv6_regentempaddr(void *); 125 #endif 126 127 int 128 ipv6_init(struct dhcpcd_ctx *ctx) 129 { 130 131 if (ctx->ra_routers != NULL) 132 return 0; 133 134 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers)); 135 if (ctx->ra_routers == NULL) 136 return -1; 137 TAILQ_INIT(ctx->ra_routers); 138 139 #ifndef __sun 140 ctx->nd_fd = -1; 141 #endif 142 #ifdef DHCP6 143 ctx->dhcp6_rfd = -1; 144 ctx->dhcp6_wfd = -1; 145 #endif 146 return 0; 147 } 148 149 static ssize_t 150 ipv6_readsecret(struct dhcpcd_ctx *ctx) 151 { 152 char line[1024]; 153 unsigned char *p; 154 size_t len; 155 uint32_t r; 156 157 ctx->secret_len = dhcp_read_hwaddr_aton(ctx, &ctx->secret, SECRET); 158 if (ctx->secret_len != 0) 159 return (ssize_t)ctx->secret_len; 160 161 if (errno != ENOENT) 162 logerr("%s: cannot read secret", __func__); 163 164 /* Chaining arc4random should be good enough. 165 * RFC7217 section 5.1 states the key SHOULD be at least 128 bits. 166 * To attempt and future proof ourselves, we'll generate a key of 167 * 512 bits (64 bytes). */ 168 if (ctx->secret_len < 64) { 169 if ((ctx->secret = malloc(64)) == NULL) { 170 logerr(__func__); 171 return -1; 172 } 173 ctx->secret_len = 64; 174 } 175 p = ctx->secret; 176 for (len = 0; len < 512 / NBBY; len += sizeof(r)) { 177 r = arc4random(); 178 memcpy(p, &r, sizeof(r)); 179 p += sizeof(r); 180 } 181 182 hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)); 183 len = strlen(line); 184 if (len < sizeof(line) - 2) { 185 line[len++] = '\n'; 186 line[len] = '\0'; 187 } 188 if (dhcp_writefile(ctx, SECRET, S_IRUSR, line, len) == -1) { 189 logerr("%s: cannot write secret", __func__); 190 ctx->secret_len = 0; 191 return -1; 192 } 193 return (ssize_t)ctx->secret_len; 194 } 195 196 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml 197 * RFC5453 */ 198 static const struct reslowhigh { 199 const uint8_t high[8]; 200 const uint8_t low[8]; 201 } reslowhigh[] = { 202 /* RFC4291 + RFC6543 */ 203 { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 }, 204 { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } }, 205 /* RFC2526 */ 206 { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 }, 207 { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } } 208 }; 209 210 static bool 211 ipv6_reserved(const struct in6_addr *addr) 212 { 213 uint64_t id, low, high; 214 size_t i; 215 const struct reslowhigh *r; 216 217 id = be64dec(addr->s6_addr + sizeof(id)); 218 if (id == 0) /* RFC4291 */ 219 return 1; 220 for (i = 0; i < __arraycount(reslowhigh); i++) { 221 r = &reslowhigh[i]; 222 low = be64dec(r->low); 223 high = be64dec(r->high); 224 if (id >= low && id <= high) 225 return true; 226 } 227 return false; 228 } 229 230 static int 231 ipv6_makehwaddr(struct in6_addr *addr, 232 const struct in6_addr *prefix, int prefix_len, const struct interface *ifp) 233 { 234 235 if (prefix_len > 64) { 236 errno = EINVAL; 237 return -1; 238 } 239 240 memcpy(addr->s6_addr, prefix->s6_addr, 8); 241 switch (ifp->hwtype) { 242 case ARPHRD_ETHER: 243 if (ifp->hwlen == 6) { 244 addr->s6_addr[ 8] = ifp->hwaddr[0]; 245 addr->s6_addr[ 9] = ifp->hwaddr[1]; 246 addr->s6_addr[10] = ifp->hwaddr[2]; 247 addr->s6_addr[11] = 0xff; 248 addr->s6_addr[12] = 0xfe; 249 addr->s6_addr[13] = ifp->hwaddr[3]; 250 addr->s6_addr[14] = ifp->hwaddr[4]; 251 addr->s6_addr[15] = ifp->hwaddr[5]; 252 } else if (ifp->hwlen == 8) 253 memcpy(&addr->s6_addr[8], ifp->hwaddr, 8); 254 else { 255 errno = ENOTSUP; 256 return -1; 257 } 258 break; 259 default: 260 errno = ENOTSUP; 261 return -1; 262 } 263 264 /* Sanity check: g bit must not indciate "group" */ 265 if (EUI64_GROUP(addr)) { 266 errno = EINVAL; 267 return -1; 268 } 269 EUI64_TO_IFID(addr); 270 return 0; 271 } 272 273 /* RFC7217 */ 274 static int 275 ipv6_makestableprivate1(struct dhcpcd_ctx *ctx, 276 struct in6_addr *addr, const struct in6_addr *prefix, int prefix_len, 277 const unsigned char *netiface, size_t netiface_len, 278 const unsigned char *netid, size_t netid_len, 279 unsigned short vlanid, 280 uint32_t *dad_counter) 281 { 282 unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH]; 283 size_t len, l; 284 SHA256_CTX sha_ctx; 285 286 if (prefix_len < 0 || prefix_len > 120) { 287 errno = EINVAL; 288 return -1; 289 } 290 291 if (ctx->secret_len == 0) { 292 if (ipv6_readsecret(ctx) == -1) 293 return -1; 294 } 295 296 l = (size_t)(ROUNDUP8(prefix_len) / NBBY); 297 len = l + netiface_len + netid_len + sizeof(*dad_counter) + 298 ctx->secret_len; 299 if (vlanid != 0) 300 len += sizeof(vlanid); 301 if (len > sizeof(buf)) { 302 errno = ENOBUFS; 303 return -1; 304 } 305 306 for (;; (*dad_counter)++) { 307 /* Combine all parameters into one buffer */ 308 p = buf; 309 memcpy(p, prefix, l); 310 p += l; 311 memcpy(p, netiface, netiface_len); 312 p += netiface_len; 313 memcpy(p, netid, netid_len); 314 p += netid_len; 315 /* Don't use a vlanid if not set. 316 * This ensures prior versions have the same unique address. */ 317 if (vlanid != 0) { 318 memcpy(p, &vlanid, sizeof(vlanid)); 319 p += sizeof(vlanid); 320 } 321 memcpy(p, dad_counter, sizeof(*dad_counter)); 322 p += sizeof(*dad_counter); 323 memcpy(p, ctx->secret, ctx->secret_len); 324 325 /* Make an address using the digest of the above. 326 * RFC7217 Section 5.1 states that we shouldn't use MD5. 327 * Pity as we use that for HMAC-MD5 which is still deemed OK. 328 * SHA-256 is recommended */ 329 SHA256_Init(&sha_ctx); 330 SHA256_Update(&sha_ctx, buf, len); 331 SHA256_Final(digest, &sha_ctx); 332 333 p = addr->s6_addr; 334 memcpy(p, prefix, l); 335 /* RFC7217 section 5.2 says we need to start taking the id from 336 * the least significant bit */ 337 len = sizeof(addr->s6_addr) - l; 338 memcpy(p + l, digest + (sizeof(digest) - len), len); 339 340 /* Ensure that the Interface ID does not match a reserved one, 341 * if it does then treat it as a DAD failure. 342 * RFC7217 section 5.2 */ 343 if (prefix_len != 64) 344 break; 345 if (!ipv6_reserved(addr)) 346 break; 347 } 348 349 return 0; 350 } 351 352 int 353 ipv6_makestableprivate(struct in6_addr *addr, 354 const struct in6_addr *prefix, int prefix_len, 355 const struct interface *ifp, 356 int *dad_counter) 357 { 358 uint32_t dad; 359 int r; 360 361 dad = (uint32_t)*dad_counter; 362 363 /* For our implementation, we shall set the hardware address 364 * as the interface identifier */ 365 r = ipv6_makestableprivate1(ifp->ctx, addr, prefix, prefix_len, 366 ifp->hwaddr, ifp->hwlen, 367 ifp->ssid, ifp->ssid_len, 368 ifp->vlanid, &dad); 369 370 if (r == 0) 371 *dad_counter = (int)dad; 372 return r; 373 } 374 375 #ifdef IPV6_AF_TEMPORARY 376 static int 377 ipv6_maketemporaryaddress(struct in6_addr *addr, 378 const struct in6_addr *prefix, int prefix_len, 379 const struct interface *ifp) 380 { 381 struct in6_addr mask; 382 struct interface *ifpn; 383 384 if (ipv6_mask(&mask, prefix_len) == -1) 385 return -1; 386 *addr = *prefix; 387 388 again: 389 addr->s6_addr32[2] |= (arc4random() & ~mask.s6_addr32[2]); 390 addr->s6_addr32[3] |= (arc4random() & ~mask.s6_addr32[3]); 391 392 TAILQ_FOREACH(ifpn, ifp->ctx->ifaces, next) { 393 if (ipv6_iffindaddr(ifpn, addr, 0) != NULL) 394 break; 395 } 396 if (ifpn != NULL) 397 goto again; 398 if (ipv6_reserved(addr)) 399 goto again; 400 return 0; 401 } 402 #endif 403 404 static int 405 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len) 406 { 407 struct in6_addr mask; 408 size_t i; 409 410 if (ipv6_mask(&mask, len) == -1) 411 return -1; 412 *prefix = *addr; 413 for (i = 0; i < sizeof(prefix->s6_addr); i++) 414 prefix->s6_addr[i] &= mask.s6_addr[i]; 415 return 0; 416 } 417 418 int 419 ipv6_mask(struct in6_addr *mask, int len) 420 { 421 static const unsigned char masks[NBBY] = 422 { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff }; 423 int bytes, bits, i; 424 425 if (len < 0 || len > 128) { 426 errno = EINVAL; 427 return -1; 428 } 429 430 memset(mask, 0, sizeof(*mask)); 431 bytes = len / NBBY; 432 bits = len % NBBY; 433 for (i = 0; i < bytes; i++) 434 mask->s6_addr[i] = 0xff; 435 if (bits != 0) { 436 /* Coverify false positive. 437 * bytelen cannot be 16 if bitlen is non zero */ 438 /* coverity[overrun-local] */ 439 mask->s6_addr[bytes] = masks[bits - 1]; 440 } 441 return 0; 442 } 443 444 uint8_t 445 ipv6_prefixlen(const struct in6_addr *mask) 446 { 447 int x = 0, y; 448 const unsigned char *lim, *p; 449 450 lim = (const unsigned char *)mask + sizeof(*mask); 451 for (p = (const unsigned char *)mask; p < lim; x++, p++) { 452 if (*p != 0xff) 453 break; 454 } 455 y = 0; 456 if (p < lim) { 457 for (y = 0; y < NBBY; y++) { 458 if ((*p & (0x80 >> y)) == 0) 459 break; 460 } 461 } 462 463 /* 464 * when the limit pointer is given, do a stricter check on the 465 * remaining bits. 466 */ 467 if (p < lim) { 468 if (y != 0 && (*p & (0x00ff >> y)) != 0) 469 return 0; 470 for (p = p + 1; p < lim; p++) 471 if (*p != 0) 472 return 0; 473 } 474 475 return (uint8_t)(x * NBBY + y); 476 } 477 478 int 479 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp, 480 const struct in6_addr *prefix, int prefix_len, unsigned int flags) 481 { 482 const struct ipv6_addr *ap; 483 const struct if_options *ifo = ifp->options; 484 int dad; 485 486 if (prefix_len < 0 || prefix_len > 120) { 487 errno = EINVAL; 488 return -1; 489 } 490 491 #ifdef IPV6_AF_TEMPORARY 492 if (flags & IPV6_AF_TEMPORARY) 493 return ipv6_maketemporaryaddress(addr, prefix, prefix_len, ifp); 494 #else 495 UNUSED(flags); 496 #endif 497 498 if (ifo->options & DHCPCD_SLAACPRIVATE) { 499 dad = 0; 500 if (ipv6_makestableprivate(addr, 501 prefix, prefix_len, ifp, &dad) == -1) 502 return -1; 503 return dad; 504 } else if (!IN6_IS_ADDR_UNSPECIFIED(&ifo->token)) { 505 int bytes = prefix_len / NBBY; 506 int bits = prefix_len % NBBY; 507 508 // Copy the token into the address. 509 *addr = ifo->token; 510 511 // If we have any dangling bits, just copy that in also. 512 // XXX Can we preserve part of the token still? 513 if (bits != 0) 514 bytes++; 515 516 // Copy the prefix in. 517 if (bytes > 0) 518 memcpy(addr->s6_addr, prefix->s6_addr, (size_t)bytes); 519 return 0; 520 } 521 522 if (prefix_len > 64) { 523 errno = EINVAL; 524 return -1; 525 } 526 527 /* If we don't have a hardware address, then use the first link-local 528 * address to base it on. */ 529 if (ifp->hwlen == 0) { 530 if ((ap = ipv6_linklocal(ifp)) == NULL) { 531 /* We delay a few functions until we get a local-link address 532 * so this should never be hit. */ 533 errno = ENOENT; 534 return -1; 535 } 536 537 /* Make the address from the first local-link address */ 538 memcpy(addr, prefix, sizeof(*prefix)); 539 addr->s6_addr32[2] = ap->addr.s6_addr32[2]; 540 addr->s6_addr32[3] = ap->addr.s6_addr32[3]; 541 return 0; 542 } 543 544 return ipv6_makehwaddr(addr, prefix, prefix_len, ifp); 545 } 546 547 static void 548 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr) 549 { 550 551 *vhigh = be64dec(addr->s6_addr); 552 *vlow = be64dec(addr->s6_addr + 8); 553 } 554 555 static void 556 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow) 557 { 558 559 be64enc(addr->s6_addr, vhigh); 560 be64enc(addr->s6_addr + 8, vlow); 561 } 562 563 int 564 ipv6_userprefix( 565 const struct in6_addr *prefix, // prefix from router 566 short prefix_len, // length of prefix received 567 uint64_t user_number, // "random" number from user 568 struct in6_addr *result, // resultant prefix 569 short result_len) // desired prefix length 570 { 571 uint64_t vh, vl, user_low, user_high; 572 573 if (prefix_len < 1 || prefix_len > 128 || 574 result_len < 1 || result_len > 128) 575 { 576 errno = EINVAL; 577 return -1; 578 } 579 580 /* Check that the user_number fits inside result_len less prefix_len */ 581 if (result_len < prefix_len || 582 fls64(user_number) > result_len - prefix_len) 583 { 584 errno = ERANGE; 585 return -1; 586 } 587 588 /* If user_number is zero, just copy the prefix into the result. */ 589 if (user_number == 0) { 590 *result = *prefix; 591 return 0; 592 } 593 594 /* Shift user_number so it fit's just inside result_len. 595 * Shifting by 0 or sizeof(user_number) is undefined, 596 * so we cater for that. */ 597 if (result_len == 128) { 598 user_high = 0; 599 user_low = user_number; 600 } else if (result_len > 64) { 601 if (prefix_len >= 64) 602 user_high = 0; 603 else 604 user_high = user_number >> (result_len - prefix_len); 605 user_low = user_number << (128 - result_len); 606 } else if (result_len == 64) { 607 user_high = user_number; 608 user_low = 0; 609 } else { 610 user_high = user_number << (64 - result_len); 611 user_low = 0; 612 } 613 614 /* convert to two 64bit host order values */ 615 in6_to_h64(&vh, &vl, prefix); 616 617 vh |= user_high; 618 vl |= user_low; 619 620 /* copy back result */ 621 h64_to_in6(result, vh, vl); 622 623 return 0; 624 } 625 626 #ifdef IPV6_POLLADDRFLAG 627 void 628 ipv6_checkaddrflags(void *arg) 629 { 630 struct ipv6_addr *ia; 631 int flags; 632 const char *alias; 633 634 ia = arg; 635 #ifdef ALIAS_ADDR 636 alias = ia->alias; 637 #else 638 alias = NULL; 639 #endif 640 if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) { 641 if (errno != EEXIST && errno != EADDRNOTAVAIL) 642 logerr("%s: if_addrflags6", __func__); 643 return; 644 } 645 646 if (!(flags & IN6_IFF_TENTATIVE)) { 647 /* Simulate the kernel announcing the new address. */ 648 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR, 649 ia->iface->ctx->ifaces, ia->iface->name, 650 &ia->addr, ia->prefix_len, &ia->dstaddr, flags, 0); 651 } else { 652 /* Still tentative? Check again in a bit. */ 653 eloop_timeout_add_msec(ia->iface->ctx->eloop, 654 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia); 655 } 656 } 657 #endif 658 659 static void 660 ipv6_deletedaddr(struct ipv6_addr *ia) 661 { 662 663 #ifdef DHCP6 664 #ifdef PRIVSEP 665 if (!(ia->iface->ctx->options & DHCPCD_MANAGER)) 666 ps_inet_closedhcp6(ia); 667 #endif 668 #ifndef SMALL 669 /* NOREJECT is set if we delegated exactly the prefix to another 670 * address. 671 * This can only be one address, so just clear the flag. 672 * This should ensure the reject route will be restored. */ 673 if (ia->delegating_prefix != NULL) 674 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT; 675 #endif 676 #endif 677 678 #if !defined(DHCP6) || (!defined(PRIVSEP) && defined(SMALL)) 679 UNUSED(ia); 680 #endif 681 } 682 683 void 684 ipv6_deleteaddr(struct ipv6_addr *ia) 685 { 686 struct ipv6_state *state; 687 struct ipv6_addr *ap; 688 689 loginfox("%s: deleting address %s", ia->iface->name, ia->saddr); 690 if (if_address6(RTM_DELADDR, ia) == -1 && 691 errno != EADDRNOTAVAIL && errno != ESRCH && 692 errno != ENXIO && errno != ENODEV) 693 logerr(__func__); 694 695 ipv6_deletedaddr(ia); 696 697 state = IPV6_STATE(ia->iface); 698 TAILQ_FOREACH(ap, &state->addrs, next) { 699 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) { 700 TAILQ_REMOVE(&state->addrs, ap, next); 701 ipv6_freeaddr(ap); 702 break; 703 } 704 } 705 } 706 707 static struct ipv6_state * 708 ipv6_getstate(struct interface *ifp) 709 { 710 struct ipv6_state *state; 711 712 state = IPV6_STATE(ifp); 713 if (state == NULL) { 714 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state)); 715 state = IPV6_STATE(ifp); 716 if (state == NULL) { 717 logerr(__func__); 718 return NULL; 719 } 720 TAILQ_INIT(&state->addrs); 721 TAILQ_INIT(&state->ll_callbacks); 722 } 723 return state; 724 } 725 726 static int 727 ipv6_addaddr1(struct ipv6_addr *ia, struct timespec *now) 728 { 729 struct interface *ifp; 730 uint32_t pltime, vltime; 731 int loglevel; 732 struct ipv6_addr *iaf; 733 734 #ifdef __sun 735 /* If we re-add then address on Solaris then the prefix 736 * route will be scrubbed and re-added. Something might 737 * be using it, so let's avoid it. */ 738 if (ia->flags & IPV6_AF_DADCOMPLETED) { 739 logdebugx("%s: IP address %s already exists", 740 ia->iface->name, ia->saddr); 741 return 0; 742 } 743 #endif 744 745 /* Remember the interface of the address. */ 746 ifp = ia->iface; 747 748 /* Find any existing address. */ 749 iaf = ipv6_iffindaddr(ifp, &ia->addr, 0); 750 if (iaf != NULL && !(iaf->addr_flags & IN6_IFF_NOTUSEABLE)) 751 ia->flags |= IPV6_AF_DADCOMPLETED; 752 753 /* Adjust plftime and vltime based on acquired time */ 754 pltime = ia->prefix_pltime; 755 vltime = ia->prefix_vltime; 756 757 if (ifp->options->options & DHCPCD_LASTLEASE_EXTEND) { 758 /* We don't want the kernel to expire the address. 759 * The saved times will be re-applied to the ia 760 * before exiting this function. */ 761 ia->prefix_vltime = ia->prefix_pltime = ND6_INFINITE_LIFETIME; 762 } else if (timespecisset(&ia->acquired)) { 763 ia->prefix_pltime = lifetime_left(ia->prefix_pltime, 764 &ia->acquired, now); 765 ia->prefix_vltime = lifetime_left(ia->prefix_vltime, 766 &ia->acquired, now); 767 } 768 769 loglevel = ia->flags & IPV6_AF_NEW ? LOG_INFO : LOG_DEBUG; 770 logmessage(loglevel, "%s: adding %saddress %s", ifp->name, 771 #ifdef IPV6_AF_TEMPORARY 772 ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "", 773 #else 774 "", 775 #endif 776 ia->saddr); 777 if (ia->prefix_pltime == ND6_INFINITE_LIFETIME && 778 ia->prefix_vltime == ND6_INFINITE_LIFETIME) 779 logdebugx("%s: pltime infinity, vltime infinity", 780 ifp->name); 781 else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME) 782 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds", 783 ifp->name, ia->prefix_vltime); 784 else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME) 785 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity", 786 ifp->name, ia->prefix_pltime); 787 else 788 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32 789 " seconds", 790 ifp->name, ia->prefix_pltime, ia->prefix_vltime); 791 792 if (if_address6(RTM_NEWADDR, ia) == -1) { 793 logerr(__func__); 794 /* Restore real pltime and vltime */ 795 ia->prefix_pltime = pltime; 796 ia->prefix_vltime = vltime; 797 return -1; 798 } 799 800 #ifdef IPV6_MANAGETEMPADDR 801 /* RFC4941 Section 3.4 */ 802 if (ia->flags & IPV6_AF_TEMPORARY && 803 ia->prefix_pltime && 804 ia->prefix_vltime && 805 ifp->options->options & DHCPCD_SLAACTEMP) 806 eloop_timeout_add_sec(ifp->ctx->eloop, 807 ia->prefix_pltime - REGEN_ADVANCE, 808 ipv6_regentempaddr, ia); 809 #endif 810 811 /* Restore real pltime and vltime */ 812 ia->prefix_pltime = pltime; 813 ia->prefix_vltime = vltime; 814 815 ia->flags &= ~IPV6_AF_NEW; 816 ia->flags |= IPV6_AF_ADDED; 817 #ifndef SMALL 818 if (ia->delegating_prefix != NULL) 819 ia->flags |= IPV6_AF_DELEGATED; 820 #endif 821 822 #ifdef IPV6_POLLADDRFLAG 823 eloop_timeout_delete(ifp->ctx->eloop, 824 ipv6_checkaddrflags, ia); 825 if (!(ia->flags & IPV6_AF_DADCOMPLETED)) { 826 eloop_timeout_add_msec(ifp->ctx->eloop, 827 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia); 828 } 829 #endif 830 831 /* Take a copy of the address and add it to our state if 832 * it does not exist. 833 * This is important if route overflow loses the message. */ 834 if (iaf == NULL) { 835 struct ipv6_state *state = ipv6_getstate(ifp); 836 837 if ((iaf = malloc(sizeof(*iaf))) == NULL) { 838 logerr(__func__); 839 return 0; /* Well, we did add the address */ 840 } 841 memcpy(iaf, ia, sizeof(*iaf)); 842 TAILQ_INSERT_TAIL(&state->addrs, iaf, next); 843 } 844 845 return 0; 846 } 847 848 #ifdef ALIAS_ADDR 849 /* Find the next logical alias address we can use. */ 850 static int 851 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl) 852 { 853 struct ipv6_state *state; 854 struct ipv6_addr *iap; 855 unsigned int lun; 856 char alias[IF_NAMESIZE]; 857 858 if (ia->alias[0] != '\0') 859 return 0; 860 state = IPV6_STATE(ia->iface); 861 862 /* First find an existng address. 863 * This can happen when dhcpcd restarts as ND and DHCPv6 864 * maintain their own lists of addresses. */ 865 TAILQ_FOREACH(iap, &state->addrs, next) { 866 if (iap->alias[0] != '\0' && 867 IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr)) 868 { 869 strlcpy(ia->alias, iap->alias, sizeof(ia->alias)); 870 return 0; 871 } 872 } 873 874 lun = 0; 875 find_unit: 876 if (if_makealias(alias, IF_NAMESIZE, ia->iface->name, lun) >= 877 IF_NAMESIZE) 878 { 879 errno = ENOMEM; 880 return -1; 881 } 882 TAILQ_FOREACH(iap, &state->addrs, next) { 883 if (iap->alias[0] == '\0') 884 continue; 885 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) { 886 /* No address assigned? Lets use it. */ 887 strlcpy(ia->alias, iap->alias, sizeof(ia->alias)); 888 if (repl) 889 *repl = iap; 890 return 1; 891 } 892 if (strcmp(iap->alias, alias) == 0) 893 break; 894 } 895 896 if (iap != NULL) { 897 if (lun == UINT_MAX) { 898 errno = ERANGE; 899 return -1; 900 } 901 lun++; 902 goto find_unit; 903 } 904 905 strlcpy(ia->alias, alias, sizeof(ia->alias)); 906 return 0; 907 } 908 #endif 909 910 int 911 ipv6_addaddr(struct ipv6_addr *ia, struct timespec *now) 912 { 913 int r; 914 #ifdef ALIAS_ADDR 915 int replaced, blank; 916 struct ipv6_addr *replaced_ia; 917 918 blank = (ia->alias[0] == '\0'); 919 if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1) 920 return -1; 921 if (blank) 922 logdebugx("%s: aliased %s", ia->alias, ia->saddr); 923 #endif 924 925 if ((r = ipv6_addaddr1(ia, now)) == 0) { 926 #ifdef ALIAS_ADDR 927 if (replaced) { 928 struct ipv6_state *state; 929 930 state = IPV6_STATE(ia->iface); 931 TAILQ_REMOVE(&state->addrs, replaced_ia, next); 932 ipv6_freeaddr(replaced_ia); 933 } 934 #endif 935 } 936 return r; 937 } 938 939 int 940 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match, 941 unsigned int flags) 942 { 943 944 if (match == NULL) { 945 if ((addr->flags & 946 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) == 947 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) 948 return 1; 949 } else if (addr->prefix_vltime && 950 IN6_ARE_ADDR_EQUAL(&addr->addr, match) && 951 (!flags || addr->flags & flags)) 952 return 1; 953 954 return 0; 955 } 956 957 struct ipv6_addr * 958 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags) 959 { 960 struct ipv6_addr *nap; 961 #ifdef DHCP6 962 struct ipv6_addr *dap; 963 #endif 964 965 nap = ipv6nd_findaddr(ctx, addr, flags); 966 #ifdef DHCP6 967 dap = dhcp6_findaddr(ctx, addr, flags); 968 if (!dap && !nap) 969 return NULL; 970 if (dap && !nap) 971 return dap; 972 if (nap && !dap) 973 return nap; 974 if (nap->iface->metric < dap->iface->metric) 975 return nap; 976 return dap; 977 #else 978 return nap; 979 #endif 980 } 981 982 int 983 ipv6_doaddr(struct ipv6_addr *ia, struct timespec *now) 984 { 985 986 /* A delegated prefix is not an address. */ 987 if (ia->flags & IPV6_AF_PFXDELEGATION) 988 return 0; 989 990 if (ia->prefix_vltime == 0) { 991 if (ia->flags & IPV6_AF_ADDED) 992 ipv6_deleteaddr(ia); 993 eloop_q_timeout_delete(ia->iface->ctx->eloop, 994 ELOOP_QUEUE_ALL, NULL, ia); 995 if (ia->flags & IPV6_AF_REQUEST) { 996 ia->flags &= ~IPV6_AF_ADDED; 997 return 0; 998 } 999 return -1; 1000 } 1001 1002 if (ia->flags & IPV6_AF_STALE || 1003 IN6_IS_ADDR_UNSPECIFIED(&ia->addr)) 1004 return 0; 1005 1006 ipv6_addaddr(ia, now); 1007 return ia->flags & IPV6_AF_NEW ? 1 : 0; 1008 } 1009 1010 ssize_t 1011 ipv6_addaddrs(struct ipv6_addrhead *iaddrs) 1012 { 1013 struct timespec now; 1014 struct ipv6_addr *ia, *ian; 1015 ssize_t i, r; 1016 1017 i = 0; 1018 timespecclear(&now); 1019 TAILQ_FOREACH_SAFE(ia, iaddrs, next, ian) { 1020 r = ipv6_doaddr(ia, &now); 1021 if (r != 0) 1022 i++; 1023 if (r == -1) { 1024 TAILQ_REMOVE(iaddrs, ia, next); 1025 ipv6_freeaddr(ia); 1026 } 1027 } 1028 return i; 1029 } 1030 1031 void 1032 ipv6_freeaddr(struct ipv6_addr *ia) 1033 { 1034 struct eloop *eloop = ia->iface->ctx->eloop; 1035 #ifndef SMALL 1036 struct ipv6_addr *iad; 1037 1038 /* Forget the reference */ 1039 if (ia->flags & IPV6_AF_PFXDELEGATION) { 1040 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) { 1041 iad->delegating_prefix = NULL; 1042 } 1043 } else if (ia->delegating_prefix != NULL) { 1044 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next); 1045 } 1046 #endif 1047 1048 if (ia->dhcp6_fd != -1) { 1049 close(ia->dhcp6_fd); 1050 eloop_event_delete(eloop, ia->dhcp6_fd); 1051 } 1052 1053 eloop_q_timeout_delete(eloop, ELOOP_QUEUE_ALL, NULL, ia); 1054 free(ia->na); 1055 free(ia); 1056 } 1057 1058 void 1059 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop, 1060 unsigned int notflags, const struct interface *ifd) 1061 { 1062 struct ipv6_addr *ap, *apn, *apf; 1063 struct timespec now; 1064 1065 #ifdef SMALL 1066 UNUSED(ifd); 1067 #endif 1068 timespecclear(&now); 1069 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) { 1070 if (ap->flags & notflags) 1071 continue; 1072 #ifndef SMALL 1073 if (ifd != NULL && 1074 (ap->delegating_prefix == NULL || 1075 ap->delegating_prefix->iface != ifd)) 1076 continue; 1077 #endif 1078 if (drop != 2) 1079 TAILQ_REMOVE(addrs, ap, next); 1080 if (drop && ap->flags & IPV6_AF_ADDED && 1081 (ap->iface->options->options & 1082 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) != 1083 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) 1084 { 1085 /* Don't drop link-local addresses. */ 1086 if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) || 1087 CAN_DROP_LLADDR(ap->iface)) 1088 { 1089 if (drop == 2) 1090 TAILQ_REMOVE(addrs, ap, next); 1091 /* Find the same address somewhere else */ 1092 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr, 1093 0); 1094 if ((apf == NULL || 1095 (apf->iface != ap->iface))) 1096 ipv6_deleteaddr(ap); 1097 if (!(ap->iface->options->options & 1098 DHCPCD_EXITING) && apf) 1099 ipv6_addaddr(apf, &now); 1100 if (drop == 2) 1101 ipv6_freeaddr(ap); 1102 } 1103 } 1104 if (drop != 2) 1105 ipv6_freeaddr(ap); 1106 } 1107 } 1108 1109 static struct ipv6_addr * 1110 ipv6_ifanyglobal(struct interface *ifp) 1111 { 1112 struct ipv6_state *state; 1113 struct ipv6_addr *ia; 1114 1115 state = IPV6_STATE(ifp); 1116 if (state == NULL) 1117 return NULL; 1118 1119 TAILQ_FOREACH(ia, &state->addrs, next) { 1120 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || 1121 IN6_IS_ADDR_LOOPBACK(&ia->addr)) 1122 continue; 1123 /* Let's be optimistic. 1124 * Any decent OS won't forward or accept traffic 1125 * from/to tentative or detached addresses. */ 1126 if (!(ia->addr_flags & IN6_IFF_DUPLICATED)) 1127 return ia; 1128 } 1129 1130 return NULL; 1131 } 1132 1133 struct ipv6_addr * 1134 ipv6_anyglobal(struct interface *sifp) 1135 { 1136 struct ipv6_addr *ia; 1137 struct interface *ifp; 1138 1139 /* 1140 * IPv6 source address selection will prefer the outgoing interface, 1141 * but will also use any other interface if it things the address is 1142 * a better fit for the destination. 1143 * This logic is pretty much baked into all kernels and you 1144 * don't need to be a router either. 1145 * We only have this logic to work around badly configured IPv6 1146 * setups where there is a default router, but you're not handed 1147 * a reachable address. This results in network timeouts which we 1148 * want to actively avoid. 1149 */ 1150 TAILQ_FOREACH(ifp, sifp->ctx->ifaces, next) { 1151 ia = ipv6_ifanyglobal(ifp); 1152 if (ia != NULL) 1153 return ia; 1154 } 1155 return NULL; 1156 } 1157 1158 void 1159 ipv6_handleifa(struct dhcpcd_ctx *ctx, 1160 int cmd, struct if_head *ifs, const char *ifname, 1161 const struct in6_addr *addr, uint8_t prefix_len, 1162 const struct in6_addr *dstaddr, int addrflags, pid_t pid) 1163 { 1164 struct interface *ifp; 1165 struct ipv6_state *state; 1166 struct ipv6_addr *ia; 1167 struct ll_callback *cb; 1168 bool anyglobal; 1169 1170 #ifdef __sun 1171 struct sockaddr_in6 subnet; 1172 1173 /* Solaris on-link route is an unspecified address! */ 1174 if (IN6_IS_ADDR_UNSPECIFIED(addr)) { 1175 if (if_getsubnet(ctx, ifname, AF_INET6, 1176 &subnet, sizeof(subnet)) == -1) 1177 { 1178 logerr(__func__); 1179 return; 1180 } 1181 addr = &subnet.sin6_addr; 1182 } 1183 #endif 1184 1185 #if 0 1186 char abuf[INET6_ADDRSTRLEN], dbuf[INET6_ADDRSTRLEN]; 1187 const char *abp, *dbp; 1188 1189 abp = inet_ntop(AF_INET6, &addr->s6_addr, abuf, sizeof(abuf)); 1190 dbp = dstaddr ? 1191 inet_ntop(AF_INET6, &dstaddr->s6_addr, dbuf, sizeof(dbuf)) 1192 : "::"; 1193 loginfox("%s: cmd %d addr %s dstaddr %s addrflags %d", 1194 ifname, cmd, abp, dbp, addrflags); 1195 #endif 1196 1197 if (ifs == NULL) 1198 ifs = ctx->ifaces; 1199 if (ifs == NULL) 1200 return; 1201 if ((ifp = if_find(ifs, ifname)) == NULL) 1202 return; 1203 if ((state = ipv6_getstate(ifp)) == NULL) 1204 return; 1205 anyglobal = ipv6_anyglobal(ifp) != NULL; 1206 1207 TAILQ_FOREACH(ia, &state->addrs, next) { 1208 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr)) { 1209 ia->addr_flags = addrflags; 1210 break; 1211 } 1212 } 1213 1214 switch (cmd) { 1215 case RTM_DELADDR: 1216 if (ia != NULL) { 1217 TAILQ_REMOVE(&state->addrs, ia, next); 1218 /* We'll free it at the end of the function. */ 1219 } 1220 break; 1221 1222 case RTM_NEWADDR: 1223 if (ia == NULL) { 1224 ia = ipv6_newaddr(ifp, addr, prefix_len, 0); 1225 #ifdef ALIAS_ADDR 1226 strlcpy(ia->alias, ifname, sizeof(ia->alias)); 1227 #endif 1228 if (if_getlifetime6(ia) == -1) { 1229 /* No support or address vanished. 1230 * Either way, just set a deprecated 1231 * infinite time lifetime and continue. 1232 * This is fine because we only want 1233 * to know this when trying to extend 1234 * temporary addresses. 1235 * As we can't extend infinite, we'll 1236 * create a new temporary address. */ 1237 ia->prefix_pltime = 0; 1238 ia->prefix_vltime = 1239 ND6_INFINITE_LIFETIME; 1240 } 1241 /* This is a minor regression against RFC 4941 1242 * because the kernel only knows when the 1243 * lifetimes were last updated, not when the 1244 * address was initially created. 1245 * Provided dhcpcd is not restarted, this 1246 * won't be a problem. 1247 * If we don't like it, we can always 1248 * pretend lifetimes are infinite and always 1249 * generate a new temporary address on 1250 * restart. */ 1251 ia->acquired = ia->created; 1252 ia->addr_flags = addrflags; 1253 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 1254 } 1255 ia->dstaddr = dstaddr ? *dstaddr : in6addr_any; 1256 ia->flags &= ~IPV6_AF_STALE; 1257 #ifdef IPV6_MANAGETEMPADDR 1258 if (ia->addr_flags & IN6_IFF_TEMPORARY) 1259 ia->flags |= IPV6_AF_TEMPORARY; 1260 #endif 1261 1262 #ifdef IPV6_POLLADDRFLAG 1263 if ((IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) && 1264 ia->addr_flags & IN6_IFF_TENTATIVE) 1265 { 1266 eloop_timeout_add_msec( 1267 ia->iface->ctx->eloop, 1268 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia); 1269 } 1270 #endif 1271 1272 break; 1273 1274 default: 1275 return; 1276 } 1277 1278 if (ia == NULL) 1279 return; 1280 1281 if (ia->dadcallback && ((ia->addr_flags & 1282 (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE)) == 0 || 1283 ia->addr_flags & IN6_IFF_DUPLICATED)) 1284 ia->dadcallback(ia); 1285 1286 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) && 1287 !(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1288 { 1289 /* Now run any callbacks. 1290 * Typically IPv6RS or DHCPv6 */ 1291 while ((cb = TAILQ_FIRST(&state->ll_callbacks))) 1292 { 1293 TAILQ_REMOVE(&state->ll_callbacks, cb, next); 1294 cb->callback(cb->arg); 1295 free(cb); 1296 } 1297 } 1298 1299 ctx->options &= ~DHCPCD_RTBUILD; 1300 ipv6nd_handleifa(cmd, ia, pid); 1301 #ifdef DHCP6 1302 dhcp6_handleifa(cmd, ia, pid); 1303 #endif 1304 1305 /* Done with the ia now, so free it. */ 1306 if (cmd == RTM_DELADDR) 1307 ipv6_freeaddr(ia); 1308 else if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1309 ia->flags |= IPV6_AF_DADCOMPLETED; 1310 1311 /* If we've not already called rt_build via the IPv6ND 1312 * or DHCP6 handlers and the existance of any useable 1313 * global address on the interface has changed, 1314 * call rt_build to add/remove the default route. */ 1315 if (ifp->active && 1316 ((ifp->options != NULL && ifp->options->options & DHCPCD_IPV6) || 1317 (ifp->options == NULL && ctx->options & DHCPCD_IPV6)) && 1318 !(ctx->options & DHCPCD_RTBUILD) && 1319 (ipv6_anyglobal(ifp) != NULL) != anyglobal) 1320 rt_build(ctx, AF_INET6); 1321 } 1322 1323 int 1324 ipv6_hasaddr(const struct interface *ifp) 1325 { 1326 1327 if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL) 1328 return 1; 1329 #ifdef DHCP6 1330 if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL) 1331 return 1; 1332 #endif 1333 return 0; 1334 } 1335 1336 struct ipv6_addr * 1337 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr, 1338 int revflags) 1339 { 1340 struct ipv6_state *state; 1341 struct ipv6_addr *ap; 1342 1343 state = IPV6_STATE(ifp); 1344 if (state == NULL) 1345 return NULL; 1346 1347 TAILQ_FOREACH(ap, &state->addrs, next) { 1348 if (addr == NULL) { 1349 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) && 1350 (!revflags || !(ap->addr_flags & revflags))) 1351 return ap; 1352 } else if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr)) { 1353 /* This is our address so we will return now */ 1354 if (!revflags || !(ap->addr_flags & revflags)) 1355 return ap; 1356 return NULL; 1357 } 1358 } 1359 return NULL; 1360 } 1361 1362 static struct ipv6_addr * 1363 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr) 1364 { 1365 struct ipv6_state *state; 1366 struct ipv6_addr *ap; 1367 struct in6_addr mask; 1368 1369 state = IPV6_STATE(ifp); 1370 if (state) { 1371 TAILQ_FOREACH(ap, &state->addrs, next) { 1372 if (ipv6_mask(&mask, ap->prefix_len) == -1) 1373 continue; 1374 if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask)) 1375 return ap; 1376 } 1377 } 1378 return NULL; 1379 } 1380 1381 struct ipv6_addr * 1382 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr) 1383 { 1384 struct interface *ifp; 1385 struct ipv6_addr *ap; 1386 1387 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 1388 ap = ipv6_iffindmaskaddr(ifp, addr); 1389 if (ap != NULL) 1390 return ap; 1391 } 1392 return NULL; 1393 } 1394 1395 1396 static struct ipv6_addr * 1397 ipv6_iffinddstaddr(const struct interface *ifp, const struct in6_addr *addr) 1398 { 1399 struct ipv6_state *state; 1400 struct ipv6_addr *ap; 1401 1402 state = IPV6_STATE(ifp); 1403 if (state) { 1404 TAILQ_FOREACH(ap, &state->addrs, next) { 1405 if (IN6_ARE_ADDR_EQUAL(&ap->dstaddr, addr)) 1406 return ap; 1407 } 1408 } 1409 return NULL; 1410 } 1411 1412 struct ipv6_addr * 1413 ipv6_finddstaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr) 1414 { 1415 struct interface *ifp; 1416 struct ipv6_addr *ap; 1417 1418 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 1419 ap = ipv6_iffinddstaddr(ifp, addr); 1420 if (ap != NULL) 1421 return ap; 1422 } 1423 return NULL; 1424 } 1425 1426 int 1427 ipv6_addlinklocalcallback(struct interface *ifp, 1428 void (*callback)(void *), void *arg) 1429 { 1430 struct ipv6_state *state; 1431 struct ll_callback *cb; 1432 1433 state = ipv6_getstate(ifp); 1434 TAILQ_FOREACH(cb, &state->ll_callbacks, next) { 1435 if (cb->callback == callback && cb->arg == arg) 1436 return 0; 1437 } 1438 1439 cb = malloc(sizeof(*cb)); 1440 if (cb == NULL) { 1441 logerr(__func__); 1442 return -1; 1443 } 1444 cb->callback = callback; 1445 cb->arg = arg; 1446 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next); 1447 return 0; 1448 } 1449 1450 static struct ipv6_addr * 1451 ipv6_newlinklocal(struct interface *ifp) 1452 { 1453 struct ipv6_addr *ia; 1454 struct in6_addr in6; 1455 1456 memset(&in6, 0, sizeof(in6)); 1457 in6.s6_addr32[0] = htonl(0xfe800000); 1458 ia = ipv6_newaddr(ifp, &in6, 64, 0); 1459 if (ia != NULL) { 1460 ia->prefix_pltime = ND6_INFINITE_LIFETIME; 1461 ia->prefix_vltime = ND6_INFINITE_LIFETIME; 1462 } 1463 return ia; 1464 } 1465 1466 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 1467 static const uint8_t allone[8] = 1468 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1469 1470 static int 1471 ipv6_addlinklocal(struct interface *ifp) 1472 { 1473 struct ipv6_state *state; 1474 struct ipv6_addr *ap, *ap2; 1475 int dadcounter; 1476 1477 if (!(ifp->options->options & DHCPCD_CONFIGURE)) 1478 return 0; 1479 1480 /* Check sanity before malloc */ 1481 if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) { 1482 switch (ifp->hwtype) { 1483 case ARPHRD_ETHER: 1484 /* Check for a valid hardware address */ 1485 if (ifp->hwlen != 6 && ifp->hwlen != 8) { 1486 errno = ENOTSUP; 1487 return -1; 1488 } 1489 if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 || 1490 memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0) 1491 { 1492 errno = EINVAL; 1493 return -1; 1494 } 1495 break; 1496 default: 1497 errno = ENOTSUP; 1498 return -1; 1499 } 1500 } 1501 1502 state = ipv6_getstate(ifp); 1503 if (state == NULL) 1504 return -1; 1505 1506 ap = ipv6_newlinklocal(ifp); 1507 if (ap == NULL) 1508 return -1; 1509 1510 dadcounter = 0; 1511 if (ifp->options->options & DHCPCD_SLAACPRIVATE) { 1512 nextslaacprivate: 1513 if (ipv6_makestableprivate(&ap->addr, 1514 &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1) 1515 { 1516 free(ap); 1517 return -1; 1518 } 1519 ap->dadcounter = dadcounter; 1520 } else if (ipv6_makehwaddr(&ap->addr, 1521 &ap->prefix, ap->prefix_len, ifp) == -1) { 1522 free(ap); 1523 return -1; 1524 } 1525 1526 /* Do we already have this address? */ 1527 TAILQ_FOREACH(ap2, &state->addrs, next) { 1528 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) { 1529 if (ap2->addr_flags & IN6_IFF_DUPLICATED) { 1530 if (ifp->options->options & 1531 DHCPCD_SLAACPRIVATE) 1532 { 1533 dadcounter++; 1534 goto nextslaacprivate; 1535 } 1536 free(ap); 1537 errno = EADDRNOTAVAIL; 1538 return -1; 1539 } 1540 1541 logwarnx("%s: waiting for %s to complete", 1542 ap2->iface->name, ap2->saddr); 1543 free(ap); 1544 errno = EEXIST; 1545 return 0; 1546 } 1547 } 1548 1549 inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr)); 1550 TAILQ_INSERT_TAIL(&state->addrs, ap, next); 1551 ipv6_addaddr(ap, NULL); 1552 return 1; 1553 } 1554 1555 static int 1556 ipv6_tryaddlinklocal(struct interface *ifp) 1557 { 1558 struct ipv6_addr *ia; 1559 1560 /* We can't assign a link-locak address to this, 1561 * the ppp process has to. */ 1562 if (ifp->flags & IFF_POINTOPOINT) 1563 return 0; 1564 1565 ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED); 1566 if (ia != NULL) { 1567 #ifdef IPV6_POLLADDRFLAG 1568 if (ia->addr_flags & IN6_IFF_TENTATIVE) { 1569 eloop_timeout_add_msec( 1570 ia->iface->ctx->eloop, 1571 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia); 1572 } 1573 #endif 1574 return 0; 1575 } 1576 if (!CAN_ADD_LLADDR(ifp)) 1577 return 0; 1578 1579 return ipv6_addlinklocal(ifp); 1580 } 1581 1582 void 1583 ipv6_setscope(struct sockaddr_in6 *sin, unsigned int ifindex) 1584 { 1585 1586 #ifdef __KAME__ 1587 /* KAME based systems want to store the scope inside the sin6_addr 1588 * for link local addresses */ 1589 if (IN6_IS_ADDR_LINKLOCAL(&sin->sin6_addr)) { 1590 uint16_t scope = htons((uint16_t)ifindex); 1591 memcpy(&sin->sin6_addr.s6_addr[2], &scope, 1592 sizeof(scope)); 1593 } 1594 sin->sin6_scope_id = 0; 1595 #else 1596 if (IN6_IS_ADDR_LINKLOCAL(&sin->sin6_addr)) 1597 sin->sin6_scope_id = ifindex; 1598 else 1599 sin->sin6_scope_id = 0; 1600 #endif 1601 } 1602 1603 unsigned int 1604 ipv6_getscope(const struct sockaddr_in6 *sin) 1605 { 1606 #ifdef __KAME__ 1607 uint16_t scope; 1608 #endif 1609 1610 if (!IN6_IS_ADDR_LINKLOCAL(&sin->sin6_addr)) 1611 return 0; 1612 #ifdef __KAME__ 1613 memcpy(&scope, &sin->sin6_addr.s6_addr[2], sizeof(scope)); 1614 return (unsigned int)ntohs(scope); 1615 #else 1616 return (unsigned int)sin->sin6_scope_id; 1617 #endif 1618 } 1619 1620 struct ipv6_addr * 1621 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr, 1622 uint8_t prefix_len, unsigned int flags) 1623 { 1624 struct ipv6_addr *ia, *iaf; 1625 char buf[INET6_ADDRSTRLEN]; 1626 const char *cbp; 1627 1628 ia = calloc(1, sizeof(*ia)); 1629 if (ia == NULL) 1630 goto err; 1631 1632 ia->iface = ifp; 1633 ia->flags = IPV6_AF_NEW | flags; 1634 ia->prefix_len = prefix_len; 1635 ia->dhcp6_fd = -1; 1636 1637 #ifndef SMALL 1638 TAILQ_INIT(&ia->pd_pfxs); 1639 #endif 1640 1641 if (prefix_len == 128) 1642 goto makepfx; 1643 else if (ia->flags & IPV6_AF_AUTOCONF) { 1644 ia->prefix = *addr; 1645 iaf = ipv6nd_iffindprefix(ifp, addr, prefix_len); 1646 if (iaf != NULL) 1647 memcpy(&ia->addr, &iaf->addr, sizeof(ia->addr)); 1648 else { 1649 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp, 1650 &ia->prefix, 1651 ia->prefix_len, 1652 ia->flags); 1653 if (ia->dadcounter == -1) 1654 goto err; 1655 } 1656 } else if (ia->flags & IPV6_AF_RAPFX) { 1657 ia->prefix = *addr; 1658 #ifdef __sun 1659 ia->addr = *addr; 1660 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf)); 1661 goto paddr; 1662 #else 1663 goto flags; 1664 #endif 1665 } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_PFXDELEGATION)) { 1666 ia->prefix = *addr; 1667 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf)); 1668 goto paddr; 1669 } else { 1670 makepfx: 1671 ia->addr = *addr; 1672 if (ipv6_makeprefix(&ia->prefix, 1673 &ia->addr, ia->prefix_len) == -1) 1674 goto err; 1675 } 1676 1677 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf)); 1678 paddr: 1679 if (cbp == NULL) 1680 goto err; 1681 snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len); 1682 1683 #ifndef __sun 1684 flags: 1685 #endif 1686 /* If adding a new DHCP / RA derived address, check current flags 1687 * from an existing address. */ 1688 iaf = ipv6_iffindaddr(ifp, &ia->addr, 0); 1689 if (iaf != NULL) { 1690 ia->addr_flags = iaf->addr_flags; 1691 ia->flags |= IPV6_AF_ADDED; 1692 } else 1693 ia->addr_flags |= IN6_IFF_TENTATIVE; 1694 1695 if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1696 ia->flags |= IPV6_AF_DADCOMPLETED; 1697 1698 return ia; 1699 1700 err: 1701 logerr(__func__); 1702 free(ia); 1703 return NULL; 1704 } 1705 1706 static void 1707 ipv6_staticdadcallback(void *arg) 1708 { 1709 struct ipv6_addr *ia = arg; 1710 int wascompleted; 1711 1712 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED); 1713 ia->flags |= IPV6_AF_DADCOMPLETED; 1714 if (ia->addr_flags & IN6_IFF_DUPLICATED) 1715 logwarnx("%s: DAD detected %s", ia->iface->name, 1716 ia->saddr); 1717 else if (!wascompleted) { 1718 logdebugx("%s: IPv6 static DAD completed", 1719 ia->iface->name); 1720 } 1721 1722 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED) 1723 if (!wascompleted) { 1724 struct interface *ifp; 1725 struct ipv6_state *state; 1726 1727 ifp = ia->iface; 1728 state = IPV6_STATE(ifp); 1729 TAILQ_FOREACH(ia, &state->addrs, next) { 1730 if (ia->flags & IPV6_AF_STATIC && 1731 (ia->flags & FINISHED) != FINISHED) 1732 { 1733 wascompleted = 1; 1734 break; 1735 } 1736 } 1737 if (!wascompleted) 1738 script_runreason(ifp, "STATIC6"); 1739 } 1740 #undef FINISHED 1741 } 1742 1743 ssize_t 1744 ipv6_env(FILE *fp, const char *prefix, const struct interface *ifp) 1745 { 1746 struct ipv6_addr *ia; 1747 1748 ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6, 1749 IN6_IFF_NOTUSEABLE); 1750 if (ia == NULL) 1751 return 0; 1752 if (efprintf(fp, "%s_ip6_address=%s", prefix, ia->saddr) == -1) 1753 return -1; 1754 return 1; 1755 } 1756 1757 int 1758 ipv6_staticdadcompleted(const struct interface *ifp) 1759 { 1760 const struct ipv6_state *state; 1761 const struct ipv6_addr *ia; 1762 int n; 1763 1764 if ((state = IPV6_CSTATE(ifp)) == NULL) 1765 return 0; 1766 n = 0; 1767 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED) 1768 TAILQ_FOREACH(ia, &state->addrs, next) { 1769 if ((ia->flags & COMPLETED) == COMPLETED && 1770 !(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1771 n++; 1772 } 1773 return n; 1774 } 1775 1776 int 1777 ipv6_startstatic(struct interface *ifp) 1778 { 1779 struct ipv6_addr *ia; 1780 int run_script; 1781 1782 if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6)) 1783 return 0; 1784 1785 ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0); 1786 if (ia != NULL && 1787 (ia->prefix_len != ifp->options->req_prefix_len || 1788 ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1789 { 1790 ipv6_deleteaddr(ia); 1791 ia = NULL; 1792 } 1793 if (ia == NULL) { 1794 struct ipv6_state *state; 1795 1796 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6, 1797 ifp->options->req_prefix_len, 0); 1798 if (ia == NULL) 1799 return -1; 1800 state = IPV6_STATE(ifp); 1801 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 1802 run_script = 0; 1803 } else 1804 run_script = 1; 1805 ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK; 1806 ia->prefix_vltime = ND6_INFINITE_LIFETIME; 1807 ia->prefix_pltime = ND6_INFINITE_LIFETIME; 1808 ia->dadcallback = ipv6_staticdadcallback; 1809 ipv6_addaddr(ia, NULL); 1810 rt_build(ifp->ctx, AF_INET6); 1811 if (run_script) 1812 script_runreason(ifp, "STATIC6"); 1813 return 1; 1814 } 1815 1816 /* Ensure the interface has a link-local address */ 1817 int 1818 ipv6_start(struct interface *ifp) 1819 { 1820 #ifdef IPV6_POLLADDRFLAG 1821 struct ipv6_state *state; 1822 1823 /* We need to update the address flags. */ 1824 if ((state = IPV6_STATE(ifp)) != NULL) { 1825 struct ipv6_addr *ia; 1826 const char *alias; 1827 int flags; 1828 1829 TAILQ_FOREACH(ia, &state->addrs, next) { 1830 #ifdef ALIAS_ADDR 1831 alias = ia->alias; 1832 #else 1833 alias = NULL; 1834 #endif 1835 flags = if_addrflags6(ia->iface, &ia->addr, alias); 1836 if (flags != -1) 1837 ia->addr_flags = flags; 1838 } 1839 } 1840 #endif 1841 1842 if (ipv6_tryaddlinklocal(ifp) == -1) 1843 return -1; 1844 1845 return 0; 1846 } 1847 1848 void 1849 ipv6_freedrop(struct interface *ifp, int drop) 1850 { 1851 struct ipv6_state *state; 1852 struct ll_callback *cb; 1853 1854 if (ifp == NULL) 1855 return; 1856 1857 if ((state = IPV6_STATE(ifp)) == NULL) 1858 return; 1859 1860 /* If we got here, we can get rid of any LL callbacks. */ 1861 while ((cb = TAILQ_FIRST(&state->ll_callbacks))) { 1862 TAILQ_REMOVE(&state->ll_callbacks, cb, next); 1863 free(cb); 1864 } 1865 1866 ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, 0, NULL); 1867 if (drop) { 1868 if (ifp->ctx->ra_routers != NULL) 1869 rt_build(ifp->ctx, AF_INET6); 1870 } else { 1871 /* Because we need to cache the addresses we don't control, 1872 * we only free the state on when NOT dropping addresses. */ 1873 free(state); 1874 ifp->if_data[IF_DATA_IPV6] = NULL; 1875 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 1876 } 1877 } 1878 1879 void 1880 ipv6_ctxfree(struct dhcpcd_ctx *ctx) 1881 { 1882 1883 free(ctx->ra_routers); 1884 free(ctx->secret); 1885 } 1886 1887 int 1888 ipv6_handleifa_addrs(int cmd, 1889 struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid) 1890 { 1891 struct ipv6_addr *ia, *ian; 1892 int found = 0, alldadcompleted = 1; 1893 1894 if (cmd != RTM_NEWADDR && cmd != RTM_DELADDR) { 1895 errno = EINVAL; 1896 return -1; 1897 } 1898 1899 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) { 1900 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) { 1901 if (ia->flags & IPV6_AF_ADDED && 1902 !(ia->flags & IPV6_AF_DADCOMPLETED)) 1903 alldadcompleted = 0; 1904 continue; 1905 } 1906 1907 ia->addr_flags = addr->addr_flags; 1908 1909 if (cmd == RTM_DELADDR && ia->flags & IPV6_AF_ADDED) 1910 logwarnx("%s: pid %d deleted address %s", 1911 ia->iface->name, (int)pid, ia->saddr); 1912 1913 /* Check DAD. 1914 * On Linux we can get IN6_IFF_DUPLICATED via RTM_DELADDR. */ 1915 if (((ia->addr_flags & 1916 (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE)) == 0 || 1917 ia->addr_flags & IN6_IFF_DUPLICATED) && 1918 (ia->flags & IPV6_AF_DADCOMPLETED) == 0) 1919 { 1920 found++; 1921 if (ia->dadcallback) 1922 ia->dadcallback(ia); 1923 /* We need to set this here in-case the 1924 * dadcallback function checks it */ 1925 ia->flags |= IPV6_AF_DADCOMPLETED; 1926 } 1927 1928 if (cmd == RTM_DELADDR) { 1929 ia->flags &= ~IPV6_AF_ADDED; 1930 ipv6_deletedaddr(ia); 1931 if (ia->flags & IPV6_AF_DELEGATED) { 1932 TAILQ_REMOVE(addrs, ia, next); 1933 ipv6_freeaddr(ia); 1934 } 1935 } 1936 } 1937 1938 return alldadcompleted ? found : 0; 1939 } 1940 1941 #ifdef IPV6_MANAGETEMPADDR 1942 static void 1943 ipv6_regen_desync(struct interface *ifp, bool force) 1944 { 1945 struct ipv6_state *state; 1946 unsigned int max; 1947 1948 state = IPV6_STATE(ifp); 1949 1950 /* RFC4941 Section 5 states that DESYNC_FACTOR must never be 1951 * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE. 1952 * I believe this is an error and it should be never be greater than 1953 * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */ 1954 max = TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE; 1955 if (state->desync_factor && !force && state->desync_factor < max) 1956 return; 1957 if (state->desync_factor == 0) 1958 state->desync_factor = 1959 arc4random_uniform(MIN(MAX_DESYNC_FACTOR, max)); 1960 max = TEMP_PREFERRED_LIFETIME - state->desync_factor - REGEN_ADVANCE; 1961 eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempaddrs, ifp); 1962 } 1963 1964 /* RFC4941 Section 3.3.7 */ 1965 static void 1966 ipv6_tempdadcallback(void *arg) 1967 { 1968 struct ipv6_addr *ia = arg; 1969 1970 if (ia->addr_flags & IN6_IFF_DUPLICATED) { 1971 struct ipv6_addr *ia1; 1972 struct timespec tv; 1973 1974 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) { 1975 logerrx("%s: too many duplicate temporary addresses", 1976 ia->iface->name); 1977 return; 1978 } 1979 clock_gettime(CLOCK_MONOTONIC, &tv); 1980 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL) 1981 logerr(__func__); 1982 else 1983 ia1->dadcounter = ia->dadcounter; 1984 ipv6_deleteaddr(ia); 1985 if (ia1) 1986 ipv6_addaddr(ia1, &ia1->acquired); 1987 } 1988 } 1989 1990 struct ipv6_addr * 1991 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now) 1992 { 1993 struct ipv6_state *state; 1994 struct interface *ifp = ia0->iface; 1995 struct ipv6_addr *ia; 1996 1997 ia = ipv6_newaddr(ifp, &ia0->prefix, ia0->prefix_len, 1998 IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY); 1999 if (ia == NULL) 2000 return NULL; 2001 2002 ia->dadcallback = ipv6_tempdadcallback; 2003 ia->created = ia->acquired = now ? *now : ia0->acquired; 2004 2005 /* Ensure desync is still valid */ 2006 ipv6_regen_desync(ifp, false); 2007 2008 /* RFC4941 Section 3.3.4 */ 2009 state = IPV6_STATE(ia->iface); 2010 ia->prefix_pltime = MIN(ia0->prefix_pltime, 2011 TEMP_PREFERRED_LIFETIME - state->desync_factor); 2012 ia->prefix_vltime = MIN(ia0->prefix_vltime, TEMP_VALID_LIFETIME); 2013 if (ia->prefix_pltime <= REGEN_ADVANCE || 2014 ia->prefix_pltime > ia0->prefix_vltime) 2015 { 2016 errno = EINVAL; 2017 free(ia); 2018 return NULL; 2019 } 2020 2021 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 2022 return ia; 2023 } 2024 2025 struct ipv6_addr * 2026 ipv6_settemptime(struct ipv6_addr *ia, int flags) 2027 { 2028 struct ipv6_state *state; 2029 struct ipv6_addr *ap, *first; 2030 2031 state = IPV6_STATE(ia->iface); 2032 first = NULL; 2033 TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) { 2034 if (ap->flags & IPV6_AF_TEMPORARY && 2035 ap->prefix_pltime && 2036 IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix)) 2037 { 2038 unsigned int max, ext; 2039 2040 if (flags == 0) { 2041 if (ap->prefix_pltime - 2042 (uint32_t)(ia->acquired.tv_sec - 2043 ap->acquired.tv_sec) 2044 < REGEN_ADVANCE) 2045 continue; 2046 2047 return ap; 2048 } 2049 2050 if (!(ap->flags & IPV6_AF_ADDED)) 2051 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF; 2052 ap->flags &= ~IPV6_AF_STALE; 2053 2054 /* RFC4941 Section 3.4 2055 * Deprecated prefix, deprecate the temporary address */ 2056 if (ia->prefix_pltime == 0) { 2057 ap->prefix_pltime = 0; 2058 goto valid; 2059 } 2060 2061 /* Ensure desync is still valid */ 2062 ipv6_regen_desync(ap->iface, false); 2063 2064 /* RFC4941 Section 3.3.2 2065 * Extend temporary times, but ensure that they 2066 * never last beyond the system limit. */ 2067 ext = (unsigned int)ia->acquired.tv_sec 2068 + ia->prefix_pltime; 2069 max = (unsigned int)(ap->created.tv_sec + 2070 TEMP_PREFERRED_LIFETIME - 2071 state->desync_factor); 2072 if (ext < max) 2073 ap->prefix_pltime = ia->prefix_pltime; 2074 else 2075 ap->prefix_pltime = 2076 (uint32_t)(max - ia->acquired.tv_sec); 2077 2078 valid: 2079 ext = (unsigned int)ia->acquired.tv_sec + 2080 ia->prefix_vltime; 2081 max = (unsigned int)(ap->created.tv_sec + 2082 TEMP_VALID_LIFETIME); 2083 if (ext < max) 2084 ap->prefix_vltime = ia->prefix_vltime; 2085 else 2086 ap->prefix_vltime = 2087 (uint32_t)(max - ia->acquired.tv_sec); 2088 2089 /* Just extend the latest matching prefix */ 2090 ap->acquired = ia->acquired; 2091 2092 /* If extending return the last match as 2093 * it's the most current. 2094 * If deprecating, deprecate any other addresses we 2095 * may have, although this should not be needed */ 2096 if (ia->prefix_pltime) 2097 return ap; 2098 if (first == NULL) 2099 first = ap; 2100 } 2101 } 2102 return first; 2103 } 2104 2105 void 2106 ipv6_addtempaddrs(struct interface *ifp, struct timespec *now) 2107 { 2108 struct ipv6_state *state; 2109 struct ipv6_addr *ia; 2110 2111 state = IPV6_STATE(ifp); 2112 TAILQ_FOREACH(ia, &state->addrs, next) { 2113 if (ia->flags & IPV6_AF_TEMPORARY && 2114 !(ia->flags & IPV6_AF_STALE)) 2115 ipv6_addaddr(ia, now); 2116 } 2117 } 2118 2119 static void 2120 ipv6_regentempaddr0(struct ipv6_addr *ia, struct timespec *tv) 2121 { 2122 struct ipv6_addr *ia1; 2123 2124 logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr); 2125 ia1 = ipv6_createtempaddr(ia, tv); 2126 if (ia1) 2127 ipv6_addaddr(ia1, tv); 2128 else 2129 logerr(__func__); 2130 } 2131 2132 static void 2133 ipv6_regentempaddr(void *arg) 2134 { 2135 struct timespec tv; 2136 2137 clock_gettime(CLOCK_MONOTONIC, &tv); 2138 ipv6_regentempaddr0(arg, &tv); 2139 } 2140 2141 void 2142 ipv6_regentempaddrs(void *arg) 2143 { 2144 struct interface *ifp = arg; 2145 struct timespec tv; 2146 struct ipv6_state *state; 2147 struct ipv6_addr *ia; 2148 2149 state = IPV6_STATE(ifp); 2150 if (state == NULL) 2151 return; 2152 2153 ipv6_regen_desync(ifp, true); 2154 2155 clock_gettime(CLOCK_MONOTONIC, &tv); 2156 2157 /* Mark addresses for regen so we don't infinite loop. */ 2158 TAILQ_FOREACH(ia, &state->addrs, next) { 2159 if (ia->flags & IPV6_AF_TEMPORARY && 2160 ia->flags & IPV6_AF_ADDED && 2161 !(ia->flags & IPV6_AF_STALE)) 2162 ia->flags |= IPV6_AF_REGEN; 2163 else 2164 ia->flags &= ~IPV6_AF_REGEN; 2165 } 2166 2167 /* Now regen temp addrs */ 2168 TAILQ_FOREACH(ia, &state->addrs, next) { 2169 if (ia->flags & IPV6_AF_REGEN) { 2170 ipv6_regentempaddr0(ia, &tv); 2171 ia->flags &= ~IPV6_AF_REGEN; 2172 } 2173 } 2174 } 2175 #endif /* IPV6_MANAGETEMPADDR */ 2176 2177 void 2178 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags) 2179 { 2180 struct ipv6_state *state; 2181 struct ipv6_addr *ia; 2182 2183 state = IPV6_STATE(ifp); 2184 if (state == NULL) 2185 return; 2186 2187 TAILQ_FOREACH(ia, &state->addrs, next) { 2188 if (flags == 0 || ia->flags & flags) 2189 ia->flags |= IPV6_AF_STALE; 2190 } 2191 } 2192 2193 void 2194 ipv6_deletestaleaddrs(struct interface *ifp) 2195 { 2196 struct ipv6_state *state; 2197 struct ipv6_addr *ia, *ia1; 2198 2199 state = IPV6_STATE(ifp); 2200 if (state == NULL) 2201 return; 2202 2203 TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) { 2204 if (ia->flags & IPV6_AF_STALE) 2205 ipv6_handleifa(ifp->ctx, RTM_DELADDR, 2206 ifp->ctx->ifaces, ifp->name, 2207 &ia->addr, ia->prefix_len, 2208 &ia->dstaddr, 0, getpid()); 2209 } 2210 } 2211 2212 2213 static struct rt * 2214 inet6_makeroute(struct interface *ifp, const struct ra *rap) 2215 { 2216 struct rt *rt; 2217 2218 if ((rt = rt_new(ifp)) == NULL) 2219 return NULL; 2220 2221 #ifdef HAVE_ROUTE_METRIC 2222 rt->rt_metric = ifp->metric; 2223 #endif 2224 if (rap != NULL) 2225 rt->rt_mtu = rap->mtu; 2226 return rt; 2227 } 2228 2229 static struct rt * 2230 inet6_makeprefix(struct interface *ifp, const struct ra *rap, 2231 const struct ipv6_addr *addr) 2232 { 2233 struct rt *rt; 2234 struct in6_addr netmask; 2235 2236 if (addr == NULL || addr->prefix_len > 128) { 2237 errno = EINVAL; 2238 return NULL; 2239 } 2240 2241 /* There is no point in trying to manage a /128 prefix, 2242 * ones without a lifetime. */ 2243 if (addr->prefix_len == 128 || addr->prefix_vltime == 0) 2244 return NULL; 2245 2246 /* Don't install a reject route when not creating bigger prefixes. */ 2247 if (addr->flags & IPV6_AF_NOREJECT) 2248 return NULL; 2249 2250 /* This address is the delegated prefix, so add a reject route for 2251 * it via the loopback interface. */ 2252 if (addr->flags & IPV6_AF_PFXDELEGATION) { 2253 struct interface *lo0; 2254 2255 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) { 2256 if (lo0->flags & IFF_LOOPBACK) 2257 break; 2258 } 2259 if (lo0 == NULL) 2260 logwarnx("cannot find a loopback interface " 2261 "to reject via"); 2262 else 2263 ifp = lo0; 2264 } 2265 2266 if ((rt = inet6_makeroute(ifp, rap)) == NULL) 2267 return NULL; 2268 2269 sa_in6_init(&rt->rt_dest, &addr->prefix); 2270 ipv6_mask(&netmask, addr->prefix_len); 2271 sa_in6_init(&rt->rt_netmask, &netmask); 2272 if (addr->flags & IPV6_AF_PFXDELEGATION) { 2273 rt->rt_flags |= RTF_REJECT; 2274 /* Linux does not like a gateway for a reject route. */ 2275 #ifndef __linux__ 2276 sa_in6_init(&rt->rt_gateway, &in6addr_loopback); 2277 #endif 2278 } else if (!(addr->flags & IPV6_AF_ONLINK)) 2279 sa_in6_init(&rt->rt_gateway, &rap->from); 2280 else 2281 rt->rt_gateway.sa_family = AF_UNSPEC; 2282 sa_in6_init(&rt->rt_ifa, &addr->addr); 2283 return rt; 2284 } 2285 2286 static struct rt * 2287 inet6_makerouter(struct ra *rap) 2288 { 2289 struct rt *rt; 2290 2291 if ((rt = inet6_makeroute(rap->iface, rap)) == NULL) 2292 return NULL; 2293 sa_in6_init(&rt->rt_dest, &in6addr_any); 2294 sa_in6_init(&rt->rt_netmask, &in6addr_any); 2295 sa_in6_init(&rt->rt_gateway, &rap->from); 2296 return rt; 2297 } 2298 2299 #define RT_IS_DEFAULT(rtp) \ 2300 (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) && \ 2301 IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any)) 2302 2303 static int 2304 inet6_staticroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx) 2305 { 2306 struct interface *ifp; 2307 struct ipv6_state *state; 2308 struct ipv6_addr *ia; 2309 struct rt *rt; 2310 2311 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 2312 if ((state = IPV6_STATE(ifp)) == NULL) 2313 continue; 2314 TAILQ_FOREACH(ia, &state->addrs, next) { 2315 if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) == 2316 (IPV6_AF_ADDED | IPV6_AF_STATIC)) 2317 { 2318 rt = inet6_makeprefix(ifp, NULL, ia); 2319 if (rt) 2320 rt_proto_add(routes, rt); 2321 } 2322 } 2323 } 2324 return 0; 2325 } 2326 2327 static int 2328 inet6_raroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx) 2329 { 2330 struct rt *rt; 2331 struct ra *rap; 2332 const struct routeinfo *rinfo; 2333 const struct ipv6_addr *addr; 2334 struct in6_addr netmask; 2335 2336 if (ctx->ra_routers == NULL) 2337 return 0; 2338 2339 TAILQ_FOREACH(rap, ctx->ra_routers, next) { 2340 if (rap->expired) 2341 continue; 2342 2343 /* add rfc4191 route information routes */ 2344 TAILQ_FOREACH (rinfo, &rap->rinfos, next) { 2345 if(rinfo->lifetime == 0) 2346 continue; 2347 if ((rt = inet6_makeroute(rap->iface, rap)) == NULL) 2348 continue; 2349 2350 in6_addr_fromprefix(&netmask, rinfo->prefix_len); 2351 2352 sa_in6_init(&rt->rt_dest, &rinfo->prefix); 2353 sa_in6_init(&rt->rt_netmask, &netmask); 2354 sa_in6_init(&rt->rt_gateway, &rap->from); 2355 rt->rt_dflags |= RTDF_RA; 2356 #ifdef HAVE_ROUTE_PREF 2357 rt->rt_pref = ipv6nd_rtpref(rinfo->flags); 2358 #endif 2359 #ifdef HAVE_ROUTE_LIFETIME 2360 rt->rt_aquired = rinfo->acquired; 2361 rt->rt_lifetime = rinfo->lifetime, 2362 #endif 2363 rt_proto_add(routes, rt); 2364 } 2365 2366 /* add subnet routes */ 2367 TAILQ_FOREACH(addr, &rap->addrs, next) { 2368 if (addr->prefix_vltime == 0) 2369 continue; 2370 rt = inet6_makeprefix(rap->iface, rap, addr); 2371 if (rt) { 2372 rt->rt_dflags |= RTDF_RA; 2373 #ifdef HAVE_ROUTE_PREF 2374 rt->rt_pref = ipv6nd_rtpref(rap->flags); 2375 #endif 2376 #ifdef HAVE_ROUTE_LIFETIME 2377 rt->rt_aquired = addr->acquired; 2378 rt->rt_lifetime = addr->prefix_vltime; 2379 #endif 2380 2381 rt_proto_add(routes, rt); 2382 } 2383 } 2384 2385 /* add default route */ 2386 if (rap->lifetime == 0) 2387 continue; 2388 /* 2389 * We only want to install a default route if we have 2390 * an address that we can use over it. 2391 * If we don't have any global addresses then the link-local 2392 * address would be used instead and we wouldn't reach 2393 * our destination and even if we could, they wouldn't 2394 * be able to reply back to us. 2395 * This avoids timeouts on badly configured IPv6 setups 2396 * where there is a default router but it or a DHCPv6 server 2397 * doesn't hand out an address. 2398 * If an address appears from anywhere, dhcpcd will spot this 2399 * and then add the default like. 2400 * Likewise, if all global addresses are removed then dhcpcd 2401 * will remove the default route. 2402 */ 2403 if (ipv6_anyglobal(rap->iface) == NULL) 2404 continue; 2405 rt = inet6_makerouter(rap); 2406 if (rt == NULL) 2407 continue; 2408 rt->rt_dflags |= RTDF_RA; 2409 #ifdef HAVE_ROUTE_PREF 2410 rt->rt_pref = ipv6nd_rtpref(rap->flags); 2411 #endif 2412 #ifdef HAVE_ROUTE_LIFETIME 2413 rt->rt_aquired = rap->acquired; 2414 rt->rt_lifetime = rap->lifetime; 2415 #endif 2416 2417 rt_proto_add(routes, rt); 2418 } 2419 return 0; 2420 } 2421 2422 #ifdef DHCP6 2423 static int 2424 inet6_dhcproutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx, 2425 enum DH6S dstate) 2426 { 2427 struct interface *ifp; 2428 const struct dhcp6_state *d6_state; 2429 const struct ipv6_addr *ia; 2430 struct rt *rt; 2431 2432 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 2433 d6_state = D6_CSTATE(ifp); 2434 if (d6_state == NULL) 2435 continue; 2436 2437 // Don't test the actual state as we could 2438 // be between states with still valid routes 2439 2440 TAILQ_FOREACH(ia, &d6_state->addrs, next) { 2441 if (dstate == DH6S_DELEGATED) { 2442 // Reject route won't have IPV6_AF_ADDED 2443 if (!(ia->flags & IPV6_AF_PFXDELEGATION)) 2444 continue; 2445 } else if (!(ia->flags & IPV6_AF_ADDED)) 2446 continue; 2447 2448 rt = inet6_makeprefix(ifp, NULL, ia); 2449 if (rt == NULL) 2450 continue; 2451 rt->rt_dflags |= RTDF_DHCP; 2452 #ifdef HAVE_ROUTE_LIFETIME 2453 rt->rt_aquired = ia->acquired; 2454 rt->rt_lifetime = ia->prefix_vltime; 2455 #endif 2456 rt_proto_add(routes, rt); 2457 } 2458 } 2459 return 0; 2460 } 2461 #endif 2462 2463 bool 2464 inet6_getroutes(struct dhcpcd_ctx *ctx, rb_tree_t *routes) 2465 { 2466 2467 /* Should static take priority? */ 2468 if (inet6_staticroutes(routes, ctx) == -1) 2469 return false; 2470 2471 /* First add reachable routers and their prefixes */ 2472 if (inet6_raroutes(routes, ctx) == -1) 2473 return false; 2474 2475 #ifdef DHCP6 2476 /* We have no way of knowing if prefixes added by DHCP are reachable 2477 * or not, so we have to assume they are. 2478 * Add bound before delegated so we can prefer interfaces better. */ 2479 if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1) 2480 return false; 2481 if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1) 2482 return false; 2483 #endif 2484 2485 return true; 2486 } 2487
Indexes created Thu Jun 11 00:25:07 UTC 2026