]> git.ipfire.org Git - thirdparty/dhcpcd.git/blame - src/ipv6nd.c
projects / thirdparty / dhcpcd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
privsep: Limit rights generically rather than Capsicum specifc
[thirdparty/dhcpcd.git] / src / ipv6nd.c
CommitLineData
114167a2 1/* SPDX-License-Identifier: BSD-2-Clause */
8cc47ba2 2/*
1a140c64 3 * dhcpcd - IPv6 ND handling
a2566f54 4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name>
91cd7324
RM		 5 * All rights reserved
6
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
eebe9a18 29#include <sys/ioctl.h>
91cd7324
RM		 30#include <sys/param.h>
31#include <sys/socket.h>
32#include <net/if.h>
23b899e4 33#include <net/route.h>
91cd7324
RM		 34#include <netinet/in.h>
35#include <netinet/ip6.h>
36#include <netinet/icmp6.h>
37
cd09e583 38#include <assert.h>
91cd7324 39#include <errno.h>
e8c8e9b9 40#include <fcntl.h>
91cd7324
RM		 41#include <stddef.h>
42#include <stdlib.h>
43#include <string.h>
b586bfbf 44#include <syslog.h>
baece76a 45#include <unistd.h>
91cd7324 46
3c9cea4b 47#define ELOOP_QUEUE ELOOP_IPV6ND
91cd7324 48#include "common.h"
91cd7324 49#include "dhcpcd.h"
a1b1f0a8 50#include "dhcp-common.h"
d7555c12 51#include "dhcp6.h"
91cd7324 52#include "eloop.h"
a3ee6b23 53#include "if.h"
eebe9a18 54#include "ipv6.h"
e82129a4 55#include "ipv6nd.h"
94d1ded9 56#include "logerr.h"
65025848 57#include "privsep.h"
9aa11487 58#include "route.h"
294eff4d 59#include "script.h"
91cd7324 60
d7555c12
RM		 61/* Debugging Router Solicitations is a lot of spam, so disable it */
62//#define DEBUG_RS
63
91cd7324
RM		 64#ifndef ND_OPT_RDNSS
65#define ND_OPT_RDNSS 25
66struct nd_opt_rdnss { /* RDNSS option RFC 6106 */
67 uint8_t nd_opt_rdnss_type;
68 uint8_t nd_opt_rdnss_len;
69 uint16_t nd_opt_rdnss_reserved;
70 uint32_t nd_opt_rdnss_lifetime;
71 /* followed by list of IP prefixes */
18fa35e1
RM		 72};
73__CTASSERT(sizeof(struct nd_opt_rdnss) == 8);
91cd7324
RM		 74#endif
75
76#ifndef ND_OPT_DNSSL
77#define ND_OPT_DNSSL 31
78struct nd_opt_dnssl { /* DNSSL option RFC 6106 */
79 uint8_t nd_opt_dnssl_type;
80 uint8_t nd_opt_dnssl_len;
81 uint16_t nd_opt_dnssl_reserved;
82 uint32_t nd_opt_dnssl_lifetime;
83 /* followed by list of DNS servers */
18fa35e1
RM		 84};
85__CTASSERT(sizeof(struct nd_opt_rdnss) == 8);
91cd7324
RM		 86#endif
87
fd3e7f65
RM		 88/* Impossible options, so we can easily add extras */
89#define _ND_OPT_PREFIX_ADDR 255 + 1
90
eebe9a18
RM		 91/* Minimal IPv6 MTU */
92#ifndef IPV6_MMTU
93#define IPV6_MMTU 1280
94#endif
95
96#ifndef ND_RA_FLAG_RTPREF_HIGH
97#define ND_RA_FLAG_RTPREF_MASK 0x18
98#define ND_RA_FLAG_RTPREF_HIGH 0x08
99#define ND_RA_FLAG_RTPREF_MEDIUM 0x00
100#define ND_RA_FLAG_RTPREF_LOW 0x18
101#define ND_RA_FLAG_RTPREF_RSV 0x10
102#endif
103
19005560
RM		 104#define EXPIRED_MAX 5 /* Remember 5 expired routers to avoid
105 logspam. */
106
e82129a4
RM		 107#define MIN_RANDOM_FACTOR 500 /* millisecs */
108#define MAX_RANDOM_FACTOR 1500 /* millisecs */
109#define MIN_RANDOM_FACTOR_U MIN_RANDOM_FACTOR * 1000 /* usecs */
110#define MAX_RANDOM_FACTOR_U MAX_RANDOM_FACTOR * 1000 /* usecs */
111
112#if BYTE_ORDER == BIG_ENDIAN
113#define IPV6_ADDR_INT32_ONE 1
114#define IPV6_ADDR_INT16_MLL 0xff02
115#elif BYTE_ORDER == LITTLE_ENDIAN
116#define IPV6_ADDR_INT32_ONE 0x01000000
117#define IPV6_ADDR_INT16_MLL 0x02ff
118#endif
119
120/* Debugging Neighbor Solicitations is a lot of spam, so disable it */
121//#define DEBUG_NS
122//
123
8d5de853 124static void ipv6nd_handledata(void *);
7cece083 125
65e5b9f9
RM		 126/*
127 * Android ships buggy ICMP6 filter headers.
128 * Supply our own until they fix their shit.
129 * References:
130 * https://android-review.googlesource.com/#/c/58438/
131 * http://code.google.com/p/android/issues/original?id=32621&seq=24
132 */
133#ifdef __ANDROID__
134#undef ICMP6_FILTER_WILLPASS
135#undef ICMP6_FILTER_WILLBLOCK
136#undef ICMP6_FILTER_SETPASS
137#undef ICMP6_FILTER_SETBLOCK
138#undef ICMP6_FILTER_SETPASSALL
139#undef ICMP6_FILTER_SETBLOCKALL
140#define ICMP6_FILTER_WILLPASS(type, filterp) \
141 ((((filterp)->icmp6_filt[(type) >> 5]) & (1 << ((type) & 31))) == 0)
142#define ICMP6_FILTER_WILLBLOCK(type, filterp) \
143 ((((filterp)->icmp6_filt[(type) >> 5]) & (1 << ((type) & 31))) != 0)
144#define ICMP6_FILTER_SETPASS(type, filterp) \
145 ((((filterp)->icmp6_filt[(type) >> 5]) &= ~(1 << ((type) & 31))))
146#define ICMP6_FILTER_SETBLOCK(type, filterp) \
147 ((((filterp)->icmp6_filt[(type) >> 5]) |= (1 << ((type) & 31))))
148#define ICMP6_FILTER_SETPASSALL(filterp) \
149 memset(filterp, 0, sizeof(struct icmp6_filter));
150#define ICMP6_FILTER_SETBLOCKALL(filterp) \
151 memset(filterp, 0xff, sizeof(struct icmp6_filter));
152#endif
153
62247de8
RM		 154/* Support older systems with different defines */
155#if !defined(IPV6_RECVHOPLIMIT) && defined(IPV6_HOPLIMIT)
156#define IPV6_RECVHOPLIMIT IPV6_HOPLIMIT
157#endif
158#if !defined(IPV6_RECVPKTINFO) && defined(IPV6_PKTINFO)
159#define IPV6_RECVPKTINFO IPV6_PKTINFO
160#endif
161
f1df29d2
RM		 162/* Handy defines */
163#define ipv6nd_free_ra(ra) ipv6nd_freedrop_ra((ra), 0)
164#define ipv6nd_drop_ra(ra) ipv6nd_freedrop_ra((ra), 1)
165
2be15e88
RM		 166void
167ipv6nd_printoptions(const struct dhcpcd_ctx *ctx,
168 const struct dhcp_opt *opts, size_t opts_len)
169{
170 size_t i, j;
171 const struct dhcp_opt *opt, *opt2;
172 int cols;
173
174 for (i = 0, opt = ctx->nd_opts;
175 i < ctx->nd_opts_len; i++, opt++)
176 {
177 for (j = 0, opt2 = opts; j < opts_len; j++, opt2++)
178 if (opt2->option == opt->option)
179 break;
180 if (j == opts_len) {
181 cols = printf("%03d %s", opt->option, opt->var);
182 dhcp_print_option_encoding(opt, cols);
183 }
184 }
185 for (i = 0, opt = opts; i < opts_len; i++, opt++) {
186 cols = printf("%03d %s", opt->option, opt->var);
187 dhcp_print_option_encoding(opt, cols);
188 }
189}
190
c5445ce8
RM		 191int
192ipv6nd_open(bool recv)
91cd7324 193{
49d6a036 194 int fd, on;
4eb7b489 195 struct icmp6_filter filt;
91cd7324 196
c5445ce8 197 fd = xsocket(PF_INET6, SOCK_RAW | SOCK_CXNB, IPPROTO_ICMPV6);
49d6a036 198 if (fd == -1)
fbbb0875
RM		 199 return -1;
200
c5445ce8
RM		 201 ICMP6_FILTER_SETBLOCKALL(&filt);
202
cc431339
RM		 203 /* RFC4861 4.1 */
204 on = 255;
49d6a036 205 if (setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS,
4eb7b489 206 &on, sizeof(on)) == -1)
fbbb0875 207 goto eexit;
91cd7324 208
c5445ce8
RM		 209 if (recv) {
210 on = 1;
211 if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
212 &on, sizeof(on)) == -1)
213 goto eexit;
49d6a036 214
c5445ce8
RM		 215 on = 1;
216 if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT,
217 &on, sizeof(on)) == -1)
218 goto eexit;
219
220 ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt);
221
222#ifdef SO_RERROR
223 on = 1;
224 if (setsockopt(fd, SOL_SOCKET, SO_RERROR,
225 &on, sizeof(on)) == -1)
226 goto eexit;
227#endif
228 }
91cd7324 229
49d6a036 230 if (setsockopt(fd, IPPROTO_ICMPV6, ICMP6_FILTER,
4eb7b489 231 &filt, sizeof(filt)) == -1)
fbbb0875 232 goto eexit;
fbbb0875 233
49d6a036 234 return fd;
e82129a4
RM		 235
236eexit:
49d6a036 237 close(fd);
e82129a4
RM		 238 return -1;
239}
240
b2edc303 241#ifdef __sun
835f5ebf 242int
c5445ce8 243ipv6nd_openif(struct interface *ifp)
b2edc303 244{
49d6a036 245 int fd;
b2edc303 246 struct ipv6_mreq mreq = {
e275f240 247 .ipv6mr_multiaddr = IN6ADDR_LINKLOCAL_ALLNODES_INIT,
b2edc303
RM		 248 .ipv6mr_interface = ifp->index
249 };
250 struct rs_state *state = RS_STATE(ifp);
6fcd7ff4 251 uint_t ifindex = ifp->index;
b2edc303
RM		 252
253 if (state->nd_fd != -1)
254 return state->nd_fd;
255
11101f7b 256 fd = ipv6nd_open(true);
49d6a036 257 if (fd == -1)
b2edc303
RM		 258 return -1;
259
49d6a036 260 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BOUND_IF,
6fcd7ff4
RM		 261 &ifindex, sizeof(ifindex)) == -1)
262 {
49d6a036 263 close(fd);
6fcd7ff4
RM		 264 return -1;
265 }
266
49d6a036 267 if (setsockopt(fd, IPPROTO_IPV6, IPV6_JOIN_GROUP,
b2edc303
RM		 268 &mreq, sizeof(mreq)) == -1)
269 {
49d6a036 270 close(fd);
b2edc303
RM		 271 return -1;
272 }
273
49d6a036
RM		 274 state->nd_fd = fd;
275 eloop_event_add(ifp->ctx->eloop, fd, ipv6nd_handledata, ifp);
276 return fd;
b2edc303 277}
b2edc303
RM		 278#endif
279
e82129a4
RM		 280static int
281ipv6nd_makersprobe(struct interface *ifp)
91cd7324 282{
ca15a0aa 283 struct rs_state *state;
91cd7324 284 struct nd_router_solicit *rs;
91cd7324 285
ca15a0aa
RM		 286 state = RS_STATE(ifp);
287 free(state->rs);
ba71fb8b
RM		 288 state->rslen = sizeof(*rs);
289 if (ifp->hwlen != 0)
290 state->rslen += (size_t)ROUNDUP8(ifp->hwlen + 2);
10e17e3f 291 state->rs = calloc(1, state->rslen);
ca15a0aa 292 if (state->rs == NULL)
91cd7324 293 return -1;
2e704972 294 rs = state->rs;
91cd7324 295 rs->nd_rs_type = ND_ROUTER_SOLICIT;
2e704972
RM		 296 //rs->nd_rs_code = 0;
297 //rs->nd_rs_cksum = 0;
298 //rs->nd_rs_reserved = 0;
ba71fb8b
RM		 299
300 if (ifp->hwlen != 0) {
301 struct nd_opt_hdr *nd;
302
2e704972 303 nd = (struct nd_opt_hdr *)(state->rs + 1);
ba71fb8b
RM		 304 nd->nd_opt_type = ND_OPT_SOURCE_LINKADDR;
305 nd->nd_opt_len = (uint8_t)((ROUNDUP8(ifp->hwlen + 2)) >> 3);
306 memcpy(nd + 1, ifp->hwaddr, ifp->hwlen);
307 }
91cd7324
RM		 308 return 0;
309}
673e81e5 310
91cd7324 311static void
e82129a4 312ipv6nd_sendrsprobe(void *arg)
91cd7324
RM		 313{
314 struct interface *ifp = arg;
5fed9d43 315 struct rs_state *state = RS_STATE(ifp);
4d53b9d9
RM		 316 struct sockaddr_in6 dst = {
317 .sin6_family = AF_INET6,
318 .sin6_addr = IN6ADDR_LINKLOCAL_ALLROUTERS_INIT,
319 .sin6_scope_id = ifp->index,
320 };
5fed9d43 321 struct iovec iov = { .iov_base = state->rs, .iov_len = state->rslen };
29024d0b
RM		 322 union {
323 struct cmsghdr hdr;
324 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
325 } cmsgbuf = { .buf = { 0 } };
5fed9d43
RM		 326 struct msghdr msg = {
327 .msg_name = &dst, .msg_namelen = sizeof(dst),
328 .msg_iov = &iov, .msg_iovlen = 1,
29024d0b 329 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf),
5fed9d43 330 };
91cd7324 331 struct cmsghdr *cm;
5fed9d43 332 struct in6_pktinfo pi = { .ipi6_ifindex = ifp->index };
b2edc303 333 int s;
11101f7b 334#ifndef __sun
c5445ce8 335 struct dhcpcd_ctx *ctx = ifp->ctx;
11101f7b 336#endif
91cd7324 337
0e906716 338 if (ipv6_linklocal(ifp) == NULL) {
0e56d022 339 logdebugx("%s: delaying Router Solicitation for LL address",
5331b839 340 ifp->name);
e82129a4 341 ipv6_addlinklocalcallback(ifp, ipv6nd_sendrsprobe, ifp);
5331b839
RM		 342 return;
343 }
344
4356c648 345#ifdef HAVE_SA_LEN
4eb7b489
RM		 346 dst.sin6_len = sizeof(dst);
347#endif
91cd7324
RM		 348
349 /* Set the outbound interface */
5fed9d43 350 cm = CMSG_FIRSTHDR(&msg);
8fc52ced
RM		 351 if (cm == NULL) /* unlikely */
352 return;
91cd7324
RM		 353 cm->cmsg_level = IPPROTO_IPV6;
354 cm->cmsg_type = IPV6_PKTINFO;
355 cm->cmsg_len = CMSG_LEN(sizeof(pi));
91cd7324
RM		 356 memcpy(CMSG_DATA(cm), &pi, sizeof(pi));
357
0e56d022 358 logdebugx("%s: sending Router Solicitation", ifp->name);
65025848 359#ifdef PRIVSEP
e66b2912 360 if (IN_PRIVSEP(ifp->ctx)) {
471df5f6 361 if (ps_inet_sendnd(ifp, &msg) == -1)
65025848
RM		 362 logerr(__func__);
363 goto sent;
364 }
365#endif
b2edc303 366#ifdef __sun
20c1eb5d
RM		 367 if (state->nd_fd == -1) {
368 if (ipv6nd_openif(ifp) == -1) {
369 logerr(__func__);
370 return;
371 }
372 }
b2edc303
RM		 373 s = state->nd_fd;
374#else
c5445ce8
RM		 375 if (ctx->nd_fd == -1) {
376 ctx->nd_fd = ipv6nd_open(true);
377 if (ctx->nd_fd == -1) {
378 logerr(__func__);
379 return;
380 }
381 eloop_event_add(ctx->eloop, ctx->nd_fd, ipv6nd_handledata, ctx);
382 }
b2edc303
RM		 383 s = ifp->ctx->nd_fd;
384#endif
385 if (sendmsg(s, &msg, 0) == -1) {
94d1ded9 386 logerr(__func__);
9299f1c6
RM		 387 /* Allow IPv6ND to continue .... at most a few errors
388 * would be logged.
389 * Generally the error is ENOBUFS when struggling to
390 * associate with an access point. */
83e82504 391 }
91cd7324 392
65025848
RM		 393#ifdef PRIVSEP
394sent:
395#endif
ca15a0aa 396 if (state->rsprobes++ < MAX_RTR_SOLICITATIONS)
4eb7b489
RM		 397 eloop_timeout_add_sec(ifp->ctx->eloop,
398 RTR_SOLICITATION_INTERVAL, ipv6nd_sendrsprobe, ifp);
3e0c93a4 399 else
94d1ded9 400 logwarnx("%s: no IPv6 Routers available", ifp->name);
2f53bfd4
RM		 401}
402
7b3d0126 403#ifdef ND6_ADVERTISE
cd09e583
RM		 404static void
405ipv6nd_sendadvertisement(void *arg)
406{
407 struct ipv6_addr *ia = arg;
408 struct interface *ifp = ia->iface;
409 struct dhcpcd_ctx *ctx = ifp->ctx;
5fed9d43
RM		 410 struct sockaddr_in6 dst = {
411 .sin6_family = AF_INET6,
4d53b9d9 412 .sin6_addr = IN6ADDR_LINKLOCAL_ALLNODES_INIT,
5fed9d43
RM		 413 .sin6_scope_id = ifp->index,
414 };
415 struct iovec iov = { .iov_base = ia->na, .iov_len = ia->na_len };
29024d0b
RM		 416 union {
417 struct cmsghdr hdr;
418 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
419 } cmsgbuf = { .buf = { 0 } };
5fed9d43
RM		 420 struct msghdr msg = {
421 .msg_name = &dst, .msg_namelen = sizeof(dst),
422 .msg_iov = &iov, .msg_iovlen = 1,
29024d0b 423 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf),
5fed9d43 424 };
cd09e583 425 struct cmsghdr *cm;
5fed9d43 426 struct in6_pktinfo pi = { .ipi6_ifindex = ifp->index };
cd09e583 427 const struct rs_state *state = RS_CSTATE(ifp);
b2edc303 428 int s;
cd09e583 429
3458df61 430 if (state == NULL || ifp->carrier <= LINK_DOWN)
cd09e583
RM		 431 goto freeit;
432
cd09e583
RM		 433#ifdef SIN6_LEN
434 dst.sin6_len = sizeof(dst);
435#endif
cd09e583 436
cd09e583 437 /* Set the outbound interface. */
5fed9d43 438 cm = CMSG_FIRSTHDR(&msg);
cd09e583
RM		 439 assert(cm != NULL);
440 cm->cmsg_level = IPPROTO_IPV6;
441 cm->cmsg_type = IPV6_PKTINFO;
442 cm->cmsg_len = CMSG_LEN(sizeof(pi));
cd09e583 443 memcpy(CMSG_DATA(cm), &pi, sizeof(pi));
cd09e583 444 logdebugx("%s: sending NA for %s", ifp->name, ia->saddr);
65025848
RM		 445
446#ifdef PRIVSEP
e66b2912 447 if (IN_PRIVSEP(ifp->ctx)) {
471df5f6 448 if (ps_inet_sendnd(ifp, &msg) == -1)
65025848
RM		 449 logerr(__func__);
450 goto sent;
451 }
452#endif
b2edc303
RM		 453#ifdef __sun
454 s = state->nd_fd;
455#else
456 s = ctx->nd_fd;
457#endif
458 if (sendmsg(s, &msg, 0) == -1)
cd09e583
RM		 459 logerr(__func__);
460
65025848
RM		 461#ifdef PRIVSEP
462sent:
463#endif
cd09e583
RM		 464 if (++ia->na_count < MAX_NEIGHBOR_ADVERTISEMENT) {
465 eloop_timeout_add_sec(ctx->eloop,
466 state->retrans / 1000, ipv6nd_sendadvertisement, ia);
467 return;
468 }
469
470freeit:
471 free(ia->na);
472 ia->na = NULL;
473 ia->na_count = 0;
474}
475
476void
477ipv6nd_advertise(struct ipv6_addr *ia)
478{
479 struct dhcpcd_ctx *ctx;
480 struct interface *ifp;
481 struct ipv6_state *state;
482 struct ipv6_addr *iap, *iaf;
483 struct nd_neighbor_advert *na;
484
485 if (IN6_IS_ADDR_MULTICAST(&ia->addr))
486 return;
487
f95d685e
RM		 488#ifdef __sun
489 if (!(ia->flags & IPV6_AF_AUTOCONF) && ia->flags & IPV6_AF_RAPFX)
490 return;
491#endif
492
cd09e583 493 ctx = ia->iface->ctx;
cd09e583
RM		 494 /* Find the most preferred address to advertise. */
495 iaf = NULL;
496 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
497 state = IPV6_STATE(ifp);
3458df61 498 if (state == NULL || ifp->carrier <= LINK_DOWN)
cd09e583
RM		 499 continue;
500
501 TAILQ_FOREACH(iap, &state->addrs, next) {
502 if (!IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
503 continue;
504
505 /* Cancel any current advertisement. */
506 eloop_timeout_delete(ctx->eloop,
507 ipv6nd_sendadvertisement, iap);
508
509 /* Don't advertise what we can't use. */
510 if (iap->prefix_vltime == 0 ||
511 iap->addr_flags & IN6_IFF_NOTUSEABLE)
512 continue;
513
7d58ddf0
RM		 514 if (iaf == NULL ||
515 iaf->iface->metric > iap->iface->metric)
cd09e583
RM		 516 iaf = iap;
517 }
518 }
519 if (iaf == NULL)
520 return;
521
522 /* Make the packet. */
523 ifp = iaf->iface;
524 iaf->na_len = sizeof(*na);
525 if (ifp->hwlen != 0)
526 iaf->na_len += (size_t)ROUNDUP8(ifp->hwlen + 2);
527 na = calloc(1, iaf->na_len);
528 if (na == NULL) {
529 logerr(__func__);
530 return;
531 }
532
533 na->nd_na_type = ND_NEIGHBOR_ADVERT;
534 na->nd_na_flags_reserved = ND_NA_FLAG_OVERRIDE;
12b0db43
RM		 535#if defined(PRIVSEP) && (defined(__linux__) || defined(HAVE_PLEDGE))
536 if (IN_PRIVSEP(ctx)) {
537 if (ps_root_ip6forwarding(ctx, ifp->name) == 1)
538 na->nd_na_flags_reserved |= ND_NA_FLAG_ROUTER;
539 } else
8ec63e6a 540#endif
12b0db43 541 if (ip6_forwarding(ifp->name) == 1)
cd09e583
RM		 542 na->nd_na_flags_reserved |= ND_NA_FLAG_ROUTER;
543 na->nd_na_target = ia->addr;
544
545 if (ifp->hwlen != 0) {
546 struct nd_opt_hdr *opt;
547
548 opt = (struct nd_opt_hdr *)(na + 1);
549 opt->nd_opt_type = ND_OPT_TARGET_LINKADDR;
550 opt->nd_opt_len = (uint8_t)((ROUNDUP8(ifp->hwlen + 2)) >> 3);
551 memcpy(opt + 1, ifp->hwaddr, ifp->hwlen);
552 }
553
554 iaf->na_count = 0;
555 free(iaf->na);
556 iaf->na = na;
557 eloop_timeout_delete(ctx->eloop, ipv6nd_sendadvertisement, iaf);
558 ipv6nd_sendadvertisement(iaf);
559}
bfef3fd3
RM		 560#elif !defined(SMALL)
561#warning kernel does not support userland sending ND6 advertisements
7b3d0126 562#endif /* ND6_ADVERTISE */
cd09e583 563
cf94e2dd
RM		 564static void
565ipv6nd_expire(void *arg)
2f53bfd4 566{
cf94e2dd 567 struct interface *ifp = arg;
2f53bfd4 568 struct ra *rap;
2f53bfd4 569
cc9d9bf8 570 if (ifp->ctx->ra_routers == NULL)
aa9fc372
RM		 571 return;
572
cc9d9bf8 573 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
3e0c93a4
RM		 574 if (rap->iface == ifp && rap->willexpire)
575 rap->doexpire = true;
2f53bfd4 576 }
cf94e2dd
RM		 577 ipv6nd_expirera(ifp);
578}
579
580void
581ipv6nd_startexpire(struct interface *ifp)
582{
3e0c93a4
RM		 583 struct ra *rap;
584
585 if (ifp->ctx->ra_routers == NULL)
586 return;
cf94e2dd 587
3e0c93a4
RM		 588 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
589 if (rap->iface == ifp)
590 rap->willexpire = true;
591 }
592 eloop_q_timeout_add_sec(ifp->ctx->eloop, ELOOP_IPV6RA_EXPIRE,
593 RTR_CARRIER_EXPIRE, ipv6nd_expire, ifp);
91cd7324
RM		 594}
595
db58572f 596int
437bf2a8
RM		 597ipv6nd_rtpref(struct ra *rap)
598{
599
600 switch (rap->flags & ND_RA_FLAG_RTPREF_MASK) {
601 case ND_RA_FLAG_RTPREF_HIGH:
602 return RTPREF_HIGH;
603 case ND_RA_FLAG_RTPREF_MEDIUM:
604 case ND_RA_FLAG_RTPREF_RSV:
605 return RTPREF_MEDIUM;
606 case ND_RA_FLAG_RTPREF_LOW:
607 return RTPREF_LOW;
608 default:
609 logerrx("%s: impossible RA flag %x", __func__, rap->flags);
610 return RTPREF_INVALID;
611 }
612 /* NOTREACHED */
613}
614
615static void
616ipv6nd_sortrouters(struct dhcpcd_ctx *ctx)
617{
618 struct ra_head sorted_routers = TAILQ_HEAD_INITIALIZER(sorted_routers);
619 struct ra *ra1, *ra2;
620
437bf2a8
RM		 621 while ((ra1 = TAILQ_FIRST(ctx->ra_routers)) != NULL) {
622 TAILQ_REMOVE(ctx->ra_routers, ra1, next);
623 TAILQ_FOREACH(ra2, &sorted_routers, next) {
3e0c93a4 624 if (ra1->iface->metric > ra2->iface->metric)
437bf2a8
RM		 625 continue;
626 if (ra1->expired && !ra2->expired)
627 continue;
3e0c93a4
RM		 628 if (ra1->willexpire && !ra2->willexpire)
629 continue;
437bf2a8
RM		 630 if (ra1->lifetime == 0 && ra2->lifetime != 0)
631 continue;
632 if (!ra1->isreachable && ra2->reachable)
633 continue;
8de9d644 634 if (ipv6nd_rtpref(ra1) <= ipv6nd_rtpref(ra2))
437bf2a8
RM		 635 continue;
636 /* All things being equal, prefer older routers. */
f706d872
RM		 637 /* We don't need to check time, becase newer
638 * routers are always added to the tail and then
639 * sorted. */
437bf2a8
RM		 640 TAILQ_INSERT_BEFORE(ra2, ra1, next);
641 break;
642 }
643 if (ra2 == NULL)
644 TAILQ_INSERT_TAIL(&sorted_routers, ra1, next);
645 }
646
647 TAILQ_CONCAT(ctx->ra_routers, &sorted_routers, next);
648}
649
12f62371 650static void
8d885c0f 651ipv6nd_applyra(struct interface *ifp)
12f62371
RM		 652{
653 struct ra *rap;
654 struct rs_state *state = RS_STATE(ifp);
8d885c0f
RM		 655 struct ra defra = {
656 .iface = ifp,
657 .hoplimit = IPV6_DEFHLIM ,
658 .reachable = REACHABLE_TIME,
659 .retrans = RETRANS_TIMER,
660 };
661
662 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
4b0d4d30 663 if (rap->iface == ifp)
12f62371
RM		 664 break;
665 }
666
8d885c0f 667 /* If we have no Router Advertisement, then set default values. */
4b0d4d30 668 if (rap == NULL || rap->expired || rap->willexpire)
8d885c0f 669 rap = &defra;
12f62371
RM		 670
671 state->retrans = rap->retrans;
5b704581 672 if (if_applyra(rap) == -1 && errno != ENOENT)
12f62371
RM		 673 logerr(__func__);
674}
675
cdd3c5b0
RM		 676/*
677 * Neighbour reachability.
678 *
679 * RFC 4681 6.2.5 says when a node is no longer a router it MUST
680 * send a RA with a zero lifetime.
681 * All OS's I know of set the NA router flag if they are a router
682 * or not and disregard that they are actively advertising or
683 * shutting down. If the interface is disabled, it cant't send a NA at all.
684 *
685 * As such we CANNOT rely on the NA Router flag and MUST use
686 * unreachability or receive a RA with a lifetime of zero to remove
687 * the node as a default router.
688 */
4385f630 689void
cdd3c5b0 690ipv6nd_neighbour(struct dhcpcd_ctx *ctx, struct in6_addr *addr, bool reachable)
72c37f5f 691{
4385f630
RM		 692 struct ra *rap, *rapr;
693
694 if (ctx->ra_routers == NULL)
695 return;
696
697 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
698 if (IN6_ARE_ADDR_EQUAL(&rap->from, addr))
699 break;
700 }
72c37f5f 701
0228659a 702 if (rap == NULL || rap->expired || rap->isreachable == reachable)
07b28b41
RM		 703 return;
704
437bf2a8
RM		 705 rap->isreachable = reachable;
706 loginfox("%s: %s is %s", rap->iface->name, rap->sfrom,
707 reachable ? "reachable again" : "unreachable");
708
709 /* See if we can install a reachable default router. */
710 ipv6nd_sortrouters(ctx);
8d885c0f 711 ipv6nd_applyra(rap->iface);
437bf2a8 712 rt_build(ctx, AF_INET6);
964b60fe 713
158e298d
RM		 714 if (reachable)
715 return;
716
964b60fe
RM		 717 /* If we have no reachable default routers, try and solicit one. */
718 TAILQ_FOREACH(rapr, ctx->ra_routers, next) {
719 if (rap == rapr || rap->iface != rapr->iface)
720 continue;
721 if (rapr->isreachable && !rapr->expired && rapr->lifetime)
722 break;
723 }
724
725 if (rapr == NULL)
b316c5bf 726 ipv6nd_startrs(rap->iface);
72c37f5f 727}
a3ee6b23 728
edb0ed37
RM		 729const struct ipv6_addr *
730ipv6nd_iffindaddr(const struct interface *ifp, const struct in6_addr *addr,
c4d7d69a 731 unsigned int flags)
edb0ed37
RM		 732{
733 struct ra *rap;
734 struct ipv6_addr *ap;
735
cc9d9bf8 736 if (ifp->ctx->ra_routers == NULL)
edb0ed37
RM		 737 return NULL;
738
cc9d9bf8 739 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
edb0ed37
RM		 740 if (rap->iface != ifp)
741 continue;
742 TAILQ_FOREACH(ap, &rap->addrs, next) {
5b1f21d1 743 if (ipv6_findaddrmatch(ap, addr, flags))
edb0ed37
RM		 744 return ap;
745 }
746 }
747 return NULL;
748}
5b1f21d1 749
f3047040
RM		 750struct ipv6_addr *
751ipv6nd_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr,
c4d7d69a 752 unsigned int flags)
376e8b80
RM		 753{
754 struct ra *rap;
755 struct ipv6_addr *ap;
756
cc9d9bf8 757 if (ctx->ra_routers == NULL)
f3047040 758 return NULL;
fe6c1b9d 759
cc9d9bf8 760 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
376e8b80 761 TAILQ_FOREACH(ap, &rap->addrs, next) {
5b1f21d1 762 if (ipv6_findaddrmatch(ap, addr, flags))
f3047040 763 return ap;
376e8b80
RM		 764 }
765 }
f3047040 766 return NULL;
376e8b80
RM		 767}
768
c099165a
RM		 769static struct ipv6_addr *
770ipv6nd_rapfindprefix(struct ra *rap,
771 const struct in6_addr *pfx, uint8_t pfxlen)
772{
773 struct ipv6_addr *ia;
774
775 TAILQ_FOREACH(ia, &rap->addrs, next) {
776 if (ia->prefix_vltime == 0)
777 continue;
778 if (ia->prefix_len == pfxlen &&
779 IN6_ARE_ADDR_EQUAL(&ia->prefix, pfx))
780 break;
781 }
782 return ia;
783}
784
785struct ipv6_addr *
786ipv6nd_iffindprefix(struct interface *ifp,
787 const struct in6_addr *pfx, uint8_t pfxlen)
788{
789 struct ra *rap;
790 struct ipv6_addr *ia;
791
792 ia = NULL;
793 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
794 if (rap->iface != ifp)
795 continue;
796 ia = ipv6nd_rapfindprefix(rap, pfx, pfxlen);
797 if (ia != NULL)
798 break;
799 }
800 return ia;
801}
802
2be15e88 803static void
81af2589 804ipv6nd_removefreedrop_ra(struct ra *rap, int remove_ra, int drop_ra)
eebe9a18
RM		 805{
806
4eb7b489
RM		 807 eloop_timeout_delete(rap->iface->ctx->eloop, NULL, rap->iface);
808 eloop_timeout_delete(rap->iface->ctx->eloop, NULL, rap);
9a593d97 809 if (remove_ra)
cc9d9bf8 810 TAILQ_REMOVE(rap->iface->ctx->ra_routers, rap, next);
81af2589 811 ipv6_freedrop_addrs(&rap->addrs, drop_ra, NULL);
eebe9a18 812 free(rap->data);
eebe9a18
RM		 813 free(rap);
814}
815
f1df29d2 816static void
2be15e88
RM		 817ipv6nd_freedrop_ra(struct ra *rap, int drop)
818{
819
820 ipv6nd_removefreedrop_ra(rap, 1, drop);
821}
822
eebe9a18 823ssize_t
e82129a4 824ipv6nd_free(struct interface *ifp)
eebe9a18 825{
ca15a0aa 826 struct rs_state *state;
eebe9a18 827 struct ra *rap, *ran;
4eb7b489 828 struct dhcpcd_ctx *ctx;
eebe9a18
RM		 829 ssize_t n;
830
ca15a0aa 831 state = RS_STATE(ifp);
a9d78def
RM		 832 if (state == NULL)
833 return 0;
834
b2edc303
RM		 835 ctx = ifp->ctx;
836#ifdef __sun
837 eloop_event_delete(ctx->eloop, state->nd_fd);
838 close(state->nd_fd);
839#endif
a9d78def
RM		 840 free(state->rs);
841 free(state);
842 ifp->if_data[IF_DATA_IPV6ND] = NULL;
eebe9a18 843 n = 0;
cc9d9bf8 844 TAILQ_FOREACH_SAFE(rap, ifp->ctx->ra_routers, next, ran) {
eebe9a18 845 if (rap->iface == ifp) {
e82129a4 846 ipv6nd_free_ra(rap);
eebe9a18 847 n++;
91cd7324 848 }
eebe9a18 849 }
a9d78def 850
b2edc303 851#ifndef __sun
a9d78def
RM		 852 /* If we don't have any more IPv6 enabled interfaces,
853 * close the global socket and release resources */
4eb7b489 854 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
a9d78def
RM		 855 if (RS_STATE(ifp))
856 break;
857 }
858 if (ifp == NULL) {
cc9d9bf8
RM		 859 if (ctx->nd_fd != -1) {
860 eloop_event_delete(ctx->eloop, ctx->nd_fd);
861 close(ctx->nd_fd);
862 ctx->nd_fd = -1;
a9d78def 863 }
a9d78def 864 }
b2edc303 865#endif
a9d78def 866
eebe9a18
RM		 867 return n;
868}
869
9b4d745e 870static void
e82129a4 871ipv6nd_scriptrun(struct ra *rap)
a8df1b28 872{
9b4d745e 873 int hasdns, hasaddress;
d5690e93 874 struct ipv6_addr *ap;
a8df1b28 875
e2c4a256 876 hasaddress = 0;
a8df1b28 877 /* If all addresses have completed DAD run the script */
a8df1b28 878 TAILQ_FOREACH(ap, &rap->addrs, next) {
de67b951
RM		 879 if ((ap->flags & (IPV6_AF_AUTOCONF | IPV6_AF_ADDED)) ==
880 (IPV6_AF_AUTOCONF | IPV6_AF_ADDED))
a824f281 881 {
e2c4a256 882 hasaddress = 1;
d5690e93 883 if (!(ap->flags & IPV6_AF_DADCOMPLETED) &&
03274c9c
RM		 884 ipv6_iffindaddr(ap->iface, &ap->addr,
885 IN6_IFF_TENTATIVE))
d5690e93
RM		 886 ap->flags |= IPV6_AF_DADCOMPLETED;
887 if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0) {
0e56d022 888 logdebugx("%s: waiting for Router Advertisement"
d5690e93
RM		 889 " DAD to complete",
890 rap->iface->name);
9b4d745e 891 return;
d5690e93 892 }
d8194bcd 893 }
a8df1b28
RM		 894 }
895
896 /* If we don't require RDNSS then set hasdns = 1 so we fork */
897 if (!(rap->iface->options->options & DHCPCD_IPV6RA_REQRDNSS))
898 hasdns = 1;
899 else {
2be15e88 900 hasdns = rap->hasdns;
a8df1b28
RM		 901 }
902
903 script_runreason(rap->iface, "ROUTERADVERT");
e2c4a256
RM		 904 if (hasdns && (hasaddress ||
905 !(rap->flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER))))
9b4d745e 906 dhcpcd_daemonise(rap->iface->ctx);
a8df1b28
RM		 907#if 0
908 else if (options & DHCPCD_DAEMONISE &&
909 !(options & DHCPCD_DAEMONISED) && new_data)
94d1ded9 910 logwarnx("%s: did not fork due to an absent"
a8df1b28
RM		 911 " RDNSS option in the RA",
912 ifp->name);
a8df1b28
RM		 913#endif
914}
915
3ed12ab8
RM		 916static void
917ipv6nd_addaddr(void *arg)
918{
919 struct ipv6_addr *ap = arg;
920
0b3255ac 921 ipv6_addaddr(ap, NULL);
3ed12ab8
RM		 922}
923
a0011b99
RM		 924int
925ipv6nd_dadcompleted(const struct interface *ifp)
926{
927 const struct ra *rap;
928 const struct ipv6_addr *ap;
929
cc9d9bf8 930 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
a0011b99
RM		 931 if (rap->iface != ifp)
932 continue;
933 TAILQ_FOREACH(ap, &rap->addrs, next) {
934 if (ap->flags & IPV6_AF_AUTOCONF &&
de67b951 935 ap->flags & IPV6_AF_ADDED &&
a0011b99 936 !(ap->flags & IPV6_AF_DADCOMPLETED))
de67b951 937 return 0;
a0011b99
RM		 938 }
939 }
940 return 1;
941}
942
d8194bcd 943static void
e82129a4 944ipv6nd_dadcallback(void *arg)
d8194bcd 945{
65ae27ee 946 struct ipv6_addr *ia = arg, *rapap;
d8194bcd
RM		 947 struct interface *ifp;
948 struct ra *rap;
949 int wascompleted, found;
3ed12ab8
RM		 950 char buf[INET6_ADDRSTRLEN];
951 const char *p;
4f5b9dd2 952 int dadcounter;
d8194bcd 953
65ae27ee
RM		 954 ifp = ia->iface;
955 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
956 ia->flags |= IPV6_AF_DADCOMPLETED;
62094f1b 957 if (ia->addr_flags & IN6_IFF_DUPLICATED) {
65ae27ee
RM		 958 ia->dadcounter++;
959 logwarnx("%s: DAD detected %s", ifp->name, ia->saddr);
d8194bcd 960
3ed12ab8
RM		 961 /* Try and make another stable private address.
962 * Because ap->dadcounter is always increamented,
963 * a different address is generated. */
964 /* XXX Cache DAD counter per prefix/id/ssid? */
524217db
RM		 965 if (ifp->options->options & DHCPCD_SLAACPRIVATE &&
966 IA6_CANAUTOCONF(ia))
967 {
858d217d
RM		 968 unsigned int delay;
969
65ae27ee 970 if (ia->dadcounter >= IDGEN_RETRIES) {
94d1ded9 971 logerrx("%s: unable to obtain a"
fd89860f
RM		 972 " stable private address",
973 ifp->name);
974 goto try_script;
975 }
9efdc92f 976 loginfox("%s: deleting address %s",
65ae27ee
RM		 977 ifp->name, ia->saddr);
978 if (if_address6(RTM_DELADDR, ia) == -1 &&
3ed12ab8 979 errno != EADDRNOTAVAIL && errno != ENXIO)
94d1ded9 980 logerr(__func__);
65ae27ee
RM		 981 dadcounter = ia->dadcounter;
982 if (ipv6_makestableprivate(&ia->addr,
983 &ia->prefix, ia->prefix_len,
4f5b9dd2 984 ifp, &dadcounter) == -1)
3ed12ab8 985 {
94d1ded9 986 logerr("ipv6_makestableprivate");
3ed12ab8
RM		 987 return;
988 }
65ae27ee
RM		 989 ia->dadcounter = dadcounter;
990 ia->flags &= ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED);
991 ia->flags |= IPV6_AF_NEW;
992 p = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
3ed12ab8 993 if (p)
65ae27ee
RM		 994 snprintf(ia->saddr,
995 sizeof(ia->saddr),
3ed12ab8 996 "%s/%d",
65ae27ee 997 p, ia->prefix_len);
3ed12ab8 998 else
65ae27ee 999 ia->saddr[0] = '\0';
858d217d
RM		 1000 delay = arc4random_uniform(IDGEN_DELAY * MSEC_PER_SEC);
1001 eloop_timeout_add_msec(ifp->ctx->eloop, delay,
65ae27ee 1002 ipv6nd_addaddr, ia);
3ed12ab8
RM		 1003 return;
1004 }
1005 }
d8194bcd 1006
fd89860f 1007try_script:
3ed12ab8 1008 if (!wascompleted) {
cc9d9bf8 1009 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
d8194bcd
RM		 1010 if (rap->iface != ifp)
1011 continue;
1012 wascompleted = 1;
e92ca600 1013 found = 0;
d8194bcd 1014 TAILQ_FOREACH(rapap, &rap->addrs, next) {
a824f281 1015 if (rapap->flags & IPV6_AF_AUTOCONF &&
de67b951 1016 rapap->flags & IPV6_AF_ADDED &&
a824f281
RM		 1017 (rapap->flags & IPV6_AF_DADCOMPLETED) == 0)
1018 {
d8194bcd
RM		 1019 wascompleted = 0;
1020 break;
1021 }
65ae27ee 1022 if (rapap == ia)
d8194bcd
RM		 1023 found = 1;
1024 }
1025
4f422dd3 1026 if (wascompleted && found) {
0e56d022 1027 logdebugx("%s: Router Advertisement DAD "
94d1ded9 1028 "completed",
d8194bcd 1029 rap->iface->name);
9b4d745e 1030 ipv6nd_scriptrun(rap);
d8194bcd
RM		 1031 }
1032 }
7b3d0126 1033#ifdef ND6_ADVERTISE
cd09e583 1034 ipv6nd_advertise(ia);
7b3d0126 1035#endif
d8194bcd
RM		 1036 }
1037}
1038
56658009
RM		 1039static struct ipv6_addr *
1040ipv6nd_findmarkstale(struct ra *rap, struct ipv6_addr *ia, bool mark)
1041{
1042 struct dhcpcd_ctx *ctx = ia->iface->ctx;
1043 struct ra *rap2;
1044 struct ipv6_addr *ia2;
1045
1046 TAILQ_FOREACH(rap2, ctx->ra_routers, next) {
1047 if (rap2 == rap ||
1048 rap2->iface != rap->iface ||
1049 rap2->expired)
1050 continue;
1051 TAILQ_FOREACH(ia2, &rap2->addrs, next) {
1052 if (!IN6_ARE_ADDR_EQUAL(&ia->prefix, &ia2->prefix))
1053 continue;
1054 if (!(ia2->flags & IPV6_AF_STALE))
1055 return ia2;
1056 if (mark)
1057 ia2->prefix_pltime = 0;
1058 }
1059 }
1060 return NULL;
1061}
1062
6a765a4f
RM		 1063#ifndef DHCP6
1064/* If DHCPv6 is compiled out, supply a shim to provide an error message
1065 * if IPv6RA requests DHCPv6. */
a1b1f0a8
RM		 1066enum DH6S {
1067 DH6S_REQUEST,
1068 DH6S_INFORM,
1069};
6a765a4f
RM		 1070static int
1071dhcp6_start(__unused struct interface *ifp, __unused enum DH6S init_state)
1072{
1073
1074 errno = ENOTSUP;
1075 return -1;
1076}
1077#endif
1078
aae24feb 1079static void
5fed9d43
RM		 1080ipv6nd_handlera(struct dhcpcd_ctx *ctx,
1081 const struct sockaddr_in6 *from, const char *sfrom,
1082 struct interface *ifp, struct icmp6_hdr *icp, size_t len, int hoplimit)
91cd7324 1083{
2be15e88 1084 size_t i, olen;
7be4b9b3 1085 struct nd_router_advert *nd_ra;
55a59017
RM		 1086 struct nd_opt_hdr ndo;
1087 struct nd_opt_prefix_info pi;
1088 struct nd_opt_mtu mtu;
1089 struct nd_opt_rdnss rdnss;
2be15e88 1090 uint8_t *p;
56658009 1091 struct ra *rap;
7878d124 1092 struct in6_addr pi_prefix;
56658009 1093 struct ipv6_addr *ia;
2be15e88 1094 struct dhcp_opt *dho;
e1d81235 1095 bool new_rap, new_data, has_address;
c15437c1 1096 uint32_t old_lifetime;
91f281ab 1097 int ifmtu;
b586bfbf 1098 int loglevel;
727cd92a 1099#ifdef IPV6_MANAGETEMPADDR
3f3a2bb8 1100 bool new_ia;
727cd92a 1101#endif
91cd7324 1102
a708c891
RM		 1103 if (ifp == NULL) {
1104#ifdef DEBUG_RS
5fed9d43 1105 logdebugx("RA for unexpected interface from %s", sfrom);
a708c891
RM		 1106#endif
1107 return;
1108 }
1109
34457fe6 1110 if (len < sizeof(struct nd_router_advert)) {
5fed9d43 1111 logerrx("IPv6 RA packet too short from %s", sfrom);
91cd7324
RM		 1112 return;
1113 }
1114
a708c891
RM		 1115 /* RFC 4861 7.1.2 */
1116 if (hoplimit != 255) {
5fed9d43 1117 logerrx("invalid hoplimit(%d) in RA from %s", hoplimit, sfrom);
91cd7324
RM		 1118 return;
1119 }
5fed9d43
RM		 1120 if (!IN6_IS_ADDR_LINKLOCAL(&from->sin6_addr)) {
1121 logerrx("RA from non local address %s", sfrom);
4c6a8bec
RM		 1122 return;
1123 }
a708c891 1124
4c6a8bec
RM		 1125 if (!(ifp->options->options & DHCPCD_IPV6RS)) {
1126#ifdef DEBUG_RS
5fed9d43 1127 logerrx("%s: unexpected RA from %s", ifp->name, sfrom);
d7555c12 1128#endif
91cd7324
RM		 1129 return;
1130 }
0e906716 1131
e7a30a46 1132 /* We could receive a RA before we sent a RS*/
0e906716
RM		 1133 if (ipv6_linklocal(ifp) == NULL) {
1134#ifdef DEBUG_RS
0e56d022 1135 logdebugx("%s: received RA from %s (no link-local)",
5fed9d43 1136 ifp->name, sfrom);
0e906716
RM		 1137#endif
1138 return;
1139 }
1140
5fed9d43 1141 if (ipv6_iffindaddr(ifp, &from->sin6_addr, IN6_IFF_TENTATIVE)) {
0e56d022 1142 logdebugx("%s: ignoring RA from ourself %s",
5fed9d43 1143 ifp->name, sfrom);
29211f25
RM		 1144 return;
1145 }
1146
4b0d4d30
RM		 1147#ifdef NOCARRIER_PRESERVE_IP
1148 /*
1149 * Because we preserve RA's and expire them quickly after
1150 * carrier up, it's important to reset the kernels notion of
1151 * reachable timers back to default values before applying
1152 * new RA values.
1153 */
1154 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
1155 if (ifp == rap->iface)
1156 break;
1157 }
cc2d2571
RM		 1158 if (rap != NULL && rap->willexpire) {
1159 logerrx("settng def RA");
4b0d4d30 1160 ipv6nd_applyra(ifp);
cc2d2571 1161 }
4b0d4d30
RM		 1162#endif
1163
4eb7b489 1164 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
fe292175 1165 if (ifp == rap->iface &&
5fed9d43 1166 IN6_ARE_ADDR_EQUAL(&rap->from, &from->sin6_addr))
91cd7324
RM		 1167 break;
1168 }
46caaa5e 1169
e42bbc9b 1170 nd_ra = (struct nd_router_advert *)icp;
e42bbc9b 1171
46caaa5e
RM		 1172 /* We don't want to spam the log with the fact we got an RA every
1173 * 30 seconds or so, so only spam the log if it's different. */
ee70f4ab 1174 if (rap == NULL || (rap->data_len != len ||
46caaa5e
RM		 1175 memcmp(rap->data, (unsigned char *)icp, rap->data_len) != 0))
1176 {
1177 if (rap) {
1178 free(rap->data);
1179 rap->data_len = 0;
1180 }
2aca3a18 1181 new_data = true;
d7555c12 1182 } else
2aca3a18 1183 new_data = false;
91cd7324 1184 if (rap == NULL) {
10e17e3f
RM		 1185 rap = calloc(1, sizeof(*rap));
1186 if (rap == NULL) {
94d1ded9 1187 logerr(__func__);
10e17e3f
RM		 1188 return;
1189 }
eebe9a18 1190 rap->iface = ifp;
5fed9d43
RM		 1191 rap->from = from->sin6_addr;
1192 strlcpy(rap->sfrom, sfrom, sizeof(rap->sfrom));
eebe9a18 1193 TAILQ_INIT(&rap->addrs);
2aca3a18 1194 new_rap = true;
964b60fe 1195 rap->isreachable = true;
eebe9a18 1196 } else
2aca3a18 1197 new_rap = false;
46caaa5e 1198 if (rap->data_len == 0) {
28382337
RM		 1199 rap->data = malloc(len);
1200 if (rap->data == NULL) {
94d1ded9 1201 logerr(__func__);
28382337
RM		 1202 if (new_rap)
1203 free(rap);
1204 return;
1205 }
46caaa5e
RM		 1206 memcpy(rap->data, icp, len);
1207 rap->data_len = len;
91cd7324
RM		 1208 }
1209
19e75b95
RM		 1210 /* We could change the debug level based on new_data, but some
1211 * routers like to decrease the advertised valid and preferred times
1212 * in accordance with the own prefix times which would result in too
1213 * much needless log spam. */
21b9ce9f
RM		 1214 if (rap->willexpire)
1215 new_data = true;
32638886
RM		 1216 loglevel = new_rap || rap->willexpire || !rap->isreachable ?
1217 LOG_INFO : LOG_DEBUG,
b586bfbf
SN		 1218 logmessage(loglevel, "%s: Router Advertisement from %s",
1219 ifp->name, rap->sfrom);
19e75b95 1220
f5c3ca19 1221 clock_gettime(CLOCK_MONOTONIC, &rap->acquired);
eebe9a18 1222 rap->flags = nd_ra->nd_ra_flags_reserved;
c15437c1 1223 old_lifetime = rap->lifetime;
7be4b9b3 1224 rap->lifetime = ntohs(nd_ra->nd_ra_router_lifetime);
c15437c1
RM		 1225 if (!new_rap && rap->lifetime == 0 && old_lifetime != 0)
1226 logwarnx("%s: %s: no longer a default router",
1227 ifp->name, rap->sfrom);
12f62371
RM		 1228 if (nd_ra->nd_ra_curhoplimit != 0)
1229 rap->hoplimit = nd_ra->nd_ra_curhoplimit;
1230 else
1231 rap->hoplimit = IPV6_DEFHLIM;
1232 if (nd_ra->nd_ra_reachable != 0) {
ea112ab2
RM		 1233 rap->reachable = ntohl(nd_ra->nd_ra_reachable);
1234 if (rap->reachable > MAX_REACHABLE_TIME)
1235 rap->reachable = 0;
12f62371
RM		 1236 } else
1237 rap->reachable = REACHABLE_TIME;
1238 if (nd_ra->nd_ra_retransmit != 0)
1239 rap->retrans = ntohl(nd_ra->nd_ra_retransmit);
1240 else
1241 rap->retrans = RETRANS_TIMER;
3e0c93a4 1242 rap->expired = rap->willexpire = rap->doexpire = false;
964b60fe
RM		 1243 rap->hasdns = false;
1244 rap->isreachable = true;
e1d81235 1245 has_address = false;
0b0aed18 1246 rap->mtu = 0;
91cd7324 1247
b4c49a9f 1248#ifdef IPV6_AF_TEMPORARY
a15bffa6 1249 ipv6_markaddrsstale(ifp, IPV6_AF_TEMPORARY);
b4c49a9f 1250#endif
3f3a2bb8
RM		 1251 TAILQ_FOREACH(ia, &rap->addrs, next) {
1252 ia->flags |= IPV6_AF_STALE;
9adc479c
RM		 1253 }
1254
91cd7324
RM		 1255 len -= sizeof(struct nd_router_advert);
1256 p = ((uint8_t *)icp) + sizeof(struct nd_router_advert);
8fc52ced 1257 for (; len > 0; p += olen, len -= olen) {
55a59017 1258 if (len < sizeof(ndo)) {
94d1ded9 1259 logerrx("%s: short option", ifp->name);
91cd7324
RM		 1260 break;
1261 }
55a59017
RM		 1262 memcpy(&ndo, p, sizeof(ndo));
1263 olen = (size_t)ndo.nd_opt_len * 8;
91cd7324 1264 if (olen == 0) {
94d1ded9 1265 logerrx("%s: zero length option", ifp->name);
91cd7324
RM		 1266 break;
1267 }
1268 if (olen > len) {
94d1ded9 1269 logerrx("%s: option length exceeds message",
03274c9c 1270 ifp->name);
91cd7324
RM		 1271 break;
1272 }
1273
2be15e88 1274 if (has_option_mask(ifp->options->rejectmasknd,
55a59017 1275 ndo.nd_opt_type))
2be15e88 1276 {
cc9d9bf8
RM		 1277 for (i = 0, dho = ctx->nd_opts;
1278 i < ctx->nd_opts_len;
2be15e88
RM		 1279 i++, dho++)
1280 {
55a59017 1281 if (dho->option == ndo.nd_opt_type)
2be15e88
RM		 1282 break;
1283 }
a708c891 1284 if (dho != NULL)
94d1ded9 1285 logwarnx("%s: reject RA (option %s) from %s",
5fed9d43 1286 ifp->name, dho->var, rap->sfrom);
2be15e88 1287 else
94d1ded9 1288 logwarnx("%s: reject RA (option %d) from %s",
5fed9d43 1289 ifp->name, ndo.nd_opt_type, rap->sfrom);
2be15e88
RM		 1290 if (new_rap)
1291 ipv6nd_removefreedrop_ra(rap, 0, 0);
1292 else
1293 ipv6nd_free_ra(rap);
1294 return;
1295 }
1296
55a59017 1297 if (has_option_mask(ifp->options->nomasknd, ndo.nd_opt_type))
2be15e88
RM		 1298 continue;
1299
55a59017 1300 switch (ndo.nd_opt_type) {
91cd7324 1301 case ND_OPT_PREFIX_INFORMATION:
b586bfbf 1302 loglevel = new_data ? LOG_ERR : LOG_DEBUG;
55a59017 1303 if (ndo.nd_opt_len != 4) {
b586bfbf 1304 logmessage(loglevel, "%s: invalid option len for prefix",
91cd7324 1305 ifp->name);
c448a53a 1306 continue;
91cd7324 1307 }
55a59017
RM		 1308 memcpy(&pi, p, sizeof(pi));
1309 if (pi.nd_opt_pi_prefix_len > 128) {
b586bfbf 1310 logmessage(loglevel, "%s: invalid prefix len", ifp->name);
c448a53a 1311 continue;
91cd7324 1312 }
7878d124 1313 /* nd_opt_pi_prefix is not aligned. */
03274c9c
RM		 1314 memcpy(&pi_prefix, &pi.nd_opt_pi_prefix,
1315 sizeof(pi_prefix));
7878d124
RM		 1316 if (IN6_IS_ADDR_MULTICAST(&pi_prefix) ||
1317 IN6_IS_ADDR_LINKLOCAL(&pi_prefix))
91cd7324 1318 {
b586bfbf 1319 logmessage(loglevel, "%s: invalid prefix in RA", ifp->name);
c448a53a 1320 continue;
91cd7324 1321 }
55a59017
RM		 1322 if (ntohl(pi.nd_opt_pi_preferred_time) >
1323 ntohl(pi.nd_opt_pi_valid_time))
e54dee19 1324 {
b586bfbf 1325 logmessage(loglevel, "%s: pltime > vltime", ifp->name);
c448a53a 1326 continue;
e54dee19 1327 }
c099165a
RM		 1328 ia = ipv6nd_rapfindprefix(rap,
1329 &pi_prefix, pi.nd_opt_pi_prefix_len);
3f3a2bb8 1330 if (ia == NULL) {
c4d7d69a 1331 unsigned int flags;
61564d34 1332
61564d34 1333 flags = IPV6_AF_RAPFX;
55a59017 1334 if (pi.nd_opt_pi_flags_reserved &
62f12387 1335 ND_OPT_PI_FLAG_AUTO &&
61564d34 1336 rap->iface->options->options &
62f12387 1337 DHCPCD_IPV6RA_AUTOCONF)
61564d34
RM		 1338 flags |= IPV6_AF_AUTOCONF;
1339
3f3a2bb8 1340 ia = ipv6_newaddr(rap->iface,
61564d34 1341 &pi_prefix, pi.nd_opt_pi_prefix_len, flags);
3f3a2bb8 1342 if (ia == NULL)
61564d34 1343 break;
3f3a2bb8 1344 ia->prefix = pi_prefix;
d292d54e 1345 if (flags & IPV6_AF_AUTOCONF)
3f3a2bb8
RM		 1346 ia->dadcallback = ipv6nd_dadcallback;
1347 ia->created = ia->acquired = rap->acquired;
1348 TAILQ_INSERT_TAIL(&rap->addrs, ia, next);
a1f7b32c 1349
727cd92a 1350#ifdef IPV6_MANAGETEMPADDR
a1f7b32c
RM		 1351 /* New address to dhcpcd RA handling.
1352 * If the address already exists and a valid
1353 * temporary address also exists then
1354 * extend the existing one rather than
1355 * create a new one */
d292d54e 1356 if (flags & IPV6_AF_AUTOCONF &&
3f3a2bb8 1357 ipv6_iffindaddr(ifp, &ia->addr,
5119f4f3 1358 IN6_IFF_NOTUSEABLE) &&
3f3a2bb8
RM		 1359 ipv6_settemptime(ia, 0))
1360 new_ia = false;
a1f7b32c 1361 else
3f3a2bb8 1362 new_ia = true;
727cd92a 1363#endif
a1f7b32c 1364 } else {
727cd92a 1365#ifdef IPV6_MANAGETEMPADDR
3f3a2bb8 1366 new_ia = false;
727cd92a 1367#endif
3f3a2bb8
RM		 1368 ia->flags &= ~IPV6_AF_STALE;
1369 ia->acquired = rap->acquired;
a1f7b32c 1370 }
55a59017 1371 if (pi.nd_opt_pi_flags_reserved &
cd3612e5 1372 ND_OPT_PI_FLAG_ONLINK)
3f3a2bb8
RM		 1373 ia->flags |= IPV6_AF_ONLINK;
1374 ia->prefix_vltime =
55a59017 1375 ntohl(pi.nd_opt_pi_valid_time);
3f3a2bb8 1376 ia->prefix_pltime =
55a59017 1377 ntohl(pi.nd_opt_pi_preferred_time);
3f3a2bb8
RM		 1378 if (ia->prefix_vltime != 0 &&
1379 ia->flags & IPV6_AF_AUTOCONF)
e1d81235 1380 has_address = true;
a1f7b32c 1381
727cd92a 1382#ifdef IPV6_MANAGETEMPADDR
a1f7b32c 1383 /* RFC4941 Section 3.3.3 */
3f3a2bb8 1384 if (ia->flags & IPV6_AF_AUTOCONF &&
628167b1 1385 ia->iface->options->options & DHCPCD_SLAACTEMP &&
3f3a2bb8 1386 IA6_CANAUTOCONF(ia))
a1f7b32c 1387 {
3f3a2bb8
RM		 1388 if (!new_ia) {
1389 if (ipv6_settemptime(ia, 1) == NULL)
1390 new_ia = true;
a1f7b32c 1391 }
3f3a2bb8
RM		 1392 if (new_ia && ia->prefix_pltime) {
1393 if (ipv6_createtempaddr(ia,
1394 &ia->acquired) == NULL)
94d1ded9 1395 logerr("ipv6_createtempaddr");
a1f7b32c
RM		 1396 }
1397 }
727cd92a 1398#endif
91cd7324
RM		 1399 break;
1400
1401 case ND_OPT_MTU:
19005560 1402 if (len < sizeof(mtu)) {
b586bfbf 1403 logmessage(loglevel, "%s: short MTU option", ifp->name);
19005560
RM		 1404 break;
1405 }
55a59017
RM		 1406 memcpy(&mtu, p, sizeof(mtu));
1407 mtu.nd_opt_mtu_mtu = ntohl(mtu.nd_opt_mtu_mtu);
1408 if (mtu.nd_opt_mtu_mtu < IPV6_MMTU) {
b586bfbf 1409 logmessage(loglevel, "%s: invalid MTU %d",
55a59017 1410 ifp->name, mtu.nd_opt_mtu_mtu);
eebe9a18
RM		 1411 break;
1412 }
91f281ab
RM		 1413 ifmtu = if_getmtu(ifp);
1414 if (ifmtu == -1)
1415 logerr("if_getmtu");
1416 else if (mtu.nd_opt_mtu_mtu > (uint32_t)ifmtu) {
b586bfbf 1417 logmessage(loglevel, "%s: advertised MTU %d"
91f281ab
RM		 1418 " is greater than link MTU %d",
1419 ifp->name, mtu.nd_opt_mtu_mtu, ifmtu);
1420 rap->mtu = (uint32_t)ifmtu;
1421 } else
1422 rap->mtu = mtu.nd_opt_mtu_mtu;
91cd7324 1423 break;
91cd7324 1424 case ND_OPT_RDNSS:
19005560 1425 if (len < sizeof(rdnss)) {
b586bfbf 1426 logmessage(loglevel, "%s: short RDNSS option", ifp->name);
19005560
RM		 1427 break;
1428 }
55a59017
RM		 1429 memcpy(&rdnss, p, sizeof(rdnss));
1430 if (rdnss.nd_opt_rdnss_lifetime &&
1431 rdnss.nd_opt_rdnss_len > 1)
2be15e88 1432 rap->hasdns = 1;
55a59017 1433 break;
17b0dbad
RM		 1434 default:
1435 continue;
91cd7324 1436 }
2be15e88 1437 }
91cd7324 1438
cc9d9bf8
RM		 1439 for (i = 0, dho = ctx->nd_opts;
1440 i < ctx->nd_opts_len;
2be15e88
RM		 1441 i++, dho++)
1442 {
1443 if (has_option_mask(ifp->options->requiremasknd,
1444 dho->option))
1445 {
94d1ded9 1446 logwarnx("%s: reject RA (no option %s) from %s",
5fed9d43 1447 ifp->name, dho->var, rap->sfrom);
2be15e88
RM		 1448 if (new_rap)
1449 ipv6nd_removefreedrop_ra(rap, 0, 0);
1450 else
1451 ipv6nd_free_ra(rap);
1452 return;
fd3e7f65 1453 }
91cd7324
RM		 1454 }
1455
a287b9f1
RM		 1456 TAILQ_FOREACH(ia, &rap->addrs, next) {
1457 if (!(ia->flags & IPV6_AF_STALE) || ia->prefix_pltime == 0)
1458 continue;
56658009 1459 if (ipv6nd_findmarkstale(rap, ia, false) != NULL)
8d9b31b3 1460 continue;
56658009 1461 ipv6nd_findmarkstale(rap, ia, true);
a287b9f1 1462 logdebugx("%s: %s: became stale", ifp->name, ia->saddr);
1fd49243
RM		 1463 /* Technically this violates RFC 4861 6.3.4,
1464 * but we need a mechanism to tell the kernel to
1465 * try and prefer other addresses. */
a287b9f1
RM		 1466 ia->prefix_pltime = 0;
1467 }
1468
2489dc55 1469 if (new_data && !has_address && rap->lifetime && !ipv6_anyglobal(ifp))
e1d81235
RM		 1470 logwarnx("%s: no global addresses for default route",
1471 ifp->name);
1472
eebe9a18 1473 if (new_rap)
437bf2a8
RM		 1474 TAILQ_INSERT_TAIL(ctx->ra_routers, rap, next);
1475 if (new_data)
1476 ipv6nd_sortrouters(ifp->ctx);
2be15e88 1477
4eb7b489 1478 if (ifp->ctx->options & DHCPCD_TEST) {
294eff4d 1479 script_runreason(ifp, "TEST");
d7555c12 1480 goto handle_flag;
b88df421 1481 }
8d885c0f 1482 ipv6nd_applyra(ifp);
7529fdf1 1483 ipv6_addaddrs(&rap->addrs);
727cd92a 1484#ifdef IPV6_MANAGETEMPADDR
f5c3ca19 1485 ipv6_addtempaddrs(ifp, &rap->acquired);
727cd92a 1486#endif
a19fe492 1487
9aa11487 1488 rt_build(ifp->ctx, AF_INET6);
9b4d745e 1489 ipv6nd_scriptrun(rap);
61dd6cf9 1490
4eb7b489
RM		 1491 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1492 eloop_timeout_delete(ifp->ctx->eloop, NULL, rap); /* reachable timer */
eebe9a18 1493
d7555c12 1494handle_flag:
f6794c78
RM		 1495 if (!(ifp->options->options & DHCPCD_DHCP6))
1496 goto nodhcp6;
6a765a4f
RM		 1497/* Only log a DHCPv6 start error if compiled in or debugging is enabled. */
1498#ifdef DHCP6
94d1ded9 1499#define LOG_DHCP6 logerr
6a765a4f 1500#else
94d1ded9 1501#define LOG_DHCP6 logdebug
6a765a4f 1502#endif
d7555c12 1503 if (rap->flags & ND_RA_FLAG_MANAGED) {
385479d2 1504 if (new_data && dhcp6_start(ifp, DH6S_REQUEST) == -1)
94d1ded9 1505 LOG_DHCP6("dhcp6_start: %s", ifp->name);
d7555c12 1506 } else if (rap->flags & ND_RA_FLAG_OTHER) {
4f422dd3 1507 if (new_data && dhcp6_start(ifp, DH6S_INFORM) == -1)
94d1ded9 1508 LOG_DHCP6("dhcp6_start: %s", ifp->name);
d7555c12 1509 } else {
a1b1f0a8 1510#ifdef DHCP6
4f422dd3 1511 if (new_data)
0e56d022 1512 logdebugx("%s: No DHCPv6 instruction in RA", ifp->name);
a1b1f0a8 1513#endif
f6794c78 1514nodhcp6:
4eb7b489
RM		 1515 if (ifp->ctx->options & DHCPCD_TEST) {
1516 eloop_exit(ifp->ctx->eloop, EXIT_SUCCESS);
a9d78def
RM		 1517 return;
1518 }
d7555c12 1519 }
35308011
RM		 1520
1521 /* Expire should be called last as the rap object could be destroyed */
e82129a4 1522 ipv6nd_expirera(ifp);
eebe9a18
RM		 1523}
1524
e1d81235
RM		 1525bool
1526ipv6nd_hasralifetime(const struct interface *ifp, bool lifetime)
eebe9a18
RM		 1527{
1528 const struct ra *rap;
1529
cc9d9bf8
RM		 1530 if (ifp->ctx->ra_routers) {
1531 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next)
3e0c93a4
RM		 1532 if (rap->iface == ifp &&
1533 !rap->expired &&
e1d81235
RM		 1534 (!lifetime ||rap->lifetime))
1535 return true;
2433e54d 1536 }
e1d81235 1537 return false;
91cd7324
RM		 1538}
1539
e1d81235 1540bool
3e0c93a4 1541ipv6nd_hasradhcp(const struct interface *ifp, bool managed)
047235d7
RM		 1542{
1543 const struct ra *rap;
1544
cc9d9bf8
RM		 1545 if (ifp->ctx->ra_routers) {
1546 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
047235d7 1547 if (rap->iface == ifp &&
3e0c93a4
RM		 1548 !rap->expired && !rap->willexpire &&
1549 ((managed && rap->flags & ND_RA_FLAG_MANAGED) ||
1550 (!managed && rap->flags & ND_RA_FLAG_OTHER)))
e1d81235 1551 return true;
047235d7
RM		 1552 }
1553 }
e1d81235 1554 return false;
047235d7
RM		 1555}
1556
2be15e88
RM		 1557static const uint8_t *
1558ipv6nd_getoption(struct dhcpcd_ctx *ctx,
1559 size_t *os, unsigned int *code, size_t *len,
1560 const uint8_t *od, size_t ol, struct dhcp_opt **oopt)
1561{
55a59017 1562 struct nd_opt_hdr ndo;
2be15e88
RM		 1563 size_t i;
1564 struct dhcp_opt *opt;
1565
1566 if (od) {
55a59017 1567 *os = sizeof(ndo);
2be15e88
RM		 1568 if (ol < *os) {
1569 errno = EINVAL;
1570 return NULL;
1571 }
55a59017 1572 memcpy(&ndo, od, sizeof(ndo));
81e9fc13 1573 i = (size_t)(ndo.nd_opt_len * 8);
55a59017 1574 if (i > ol) {
2be15e88
RM		 1575 errno = EINVAL;
1576 return NULL;
1577 }
55a59017
RM		 1578 *len = i;
1579 *code = ndo.nd_opt_type;
1580 }
2be15e88
RM		 1581
1582 for (i = 0, opt = ctx->nd_opts;
1583 i < ctx->nd_opts_len; i++, opt++)
1584 {
1585 if (opt->option == *code) {
1586 *oopt = opt;
1587 break;
1588 }
1589 }
1590
55a59017
RM		 1591 if (od)
1592 return od + sizeof(ndo);
2be15e88
RM		 1593 return NULL;
1594}
1595
91cd7324 1596ssize_t
c8521994 1597ipv6nd_env(FILE *fp, const struct interface *ifp)
91cd7324 1598{
55a59017 1599 size_t i, j, n, len, olen;
2be15e88 1600 struct ra *rap;
c8521994 1601 char ndprefix[32];
2be15e88 1602 struct dhcp_opt *opt;
55a59017
RM		 1603 uint8_t *p;
1604 struct nd_opt_hdr ndo;
2be15e88 1605 struct ipv6_addr *ia;
f5c3ca19 1606 struct timespec now;
eebe9a18 1607
f5c3ca19 1608 clock_gettime(CLOCK_MONOTONIC, &now);
2be15e88 1609 i = n = 0;
cc9d9bf8 1610 TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
964b60fe 1611 if (rap->iface != ifp || rap->expired)
eebe9a18 1612 continue;
0d593c43 1613 i++;
c8521994
RM		 1614 snprintf(ndprefix, sizeof(ndprefix), "nd%zu", i);
1615 if (efprintf(fp, "%s_from=%s", ndprefix, rap->sfrom) == -1)
1616 return -1;
b295db4d
RM		 1617 if (efprintf(fp, "%s_acquired=%lld", ndprefix,
1618 (long long)rap->acquired.tv_sec) == -1)
c8521994 1619 return -1;
b295db4d
RM		 1620 if (efprintf(fp, "%s_now=%lld", ndprefix,
1621 (long long)now.tv_sec) == -1)
c8521994 1622 return -1;
2be15e88
RM		 1623
1624 /* Zero our indexes */
c8521994
RM		 1625 for (j = 0, opt = rap->iface->ctx->nd_opts;
1626 j < rap->iface->ctx->nd_opts_len;
1627 j++, opt++)
1628 dhcp_zero_index(opt);
1629 for (j = 0, opt = rap->iface->options->nd_override;
1630 j < rap->iface->options->nd_override_len;
1631 j++, opt++)
1632 dhcp_zero_index(opt);
449df9c8 1633
2be15e88
RM		 1634 /* Unlike DHCP, ND6 options *may* occur more than once.
1635 * There is also no provision for option concatenation
1636 * unlike DHCP. */
55a59017
RM		 1637 len = rap->data_len - sizeof(struct nd_router_advert);
1638 for (p = rap->data + sizeof(struct nd_router_advert);
1639 len >= sizeof(ndo);
1640 p += olen, len -= olen)
2be15e88 1641 {
55a59017 1642 memcpy(&ndo, p, sizeof(ndo));
81e9fc13 1643 olen = (size_t)(ndo.nd_opt_len * 8);
55a59017 1644 if (olen > len) {
2be15e88 1645 errno = EINVAL;
91cd7324 1646 break;
91cd7324 1647 }
2be15e88 1648 if (has_option_mask(rap->iface->options->nomasknd,
55a59017 1649 ndo.nd_opt_type))
28382337 1650 continue;
2be15e88
RM		 1651 for (j = 0, opt = rap->iface->options->nd_override;
1652 j < rap->iface->options->nd_override_len;
1653 j++, opt++)
55a59017 1654 if (opt->option == ndo.nd_opt_type)
2be15e88
RM		 1655 break;
1656 if (j == rap->iface->options->nd_override_len) {
1657 for (j = 0, opt = rap->iface->ctx->nd_opts;
1658 j < rap->iface->ctx->nd_opts_len;
1659 j++, opt++)
55a59017 1660 if (opt->option == ndo.nd_opt_type)
2be15e88
RM		 1661 break;
1662 if (j == rap->iface->ctx->nd_opts_len)
1663 opt = NULL;
1664 }
c8521994
RM		 1665 if (opt == NULL)
1666 continue;
1667 dhcp_envoption(rap->iface->ctx, fp,
1668 ndprefix, rap->iface->name,
1669 opt, ipv6nd_getoption,
1670 p + sizeof(ndo), olen - sizeof(ndo));
2be15e88
RM		 1671 }
1672
1673 /* We need to output the addresses we actually made
1674 * from the prefix information options as well. */
1675 j = 0;
1676 TAILQ_FOREACH(ia, &rap->addrs, next) {
19005560 1677 if (!(ia->flags & IPV6_AF_AUTOCONF) ||
f5c3ca19 1678#ifdef IPV6_AF_TEMPORARY
19005560 1679 ia->flags & IPV6_AF_TEMPORARY ||
f5c3ca19 1680#endif
19005560
RM		 1681 !(ia->flags & IPV6_AF_ADDED) ||
1682 ia->prefix_vltime == 0)
2be15e88 1683 continue;
c8521994 1684 if (efprintf(fp, "%s_addr%zu=%s",
3390cf07 1685 ndprefix, ++j, ia->saddr) == -1)
c8521994 1686 return -1;
91cd7324
RM		 1687 }
1688 }
c8521994 1689 return 1;
91cd7324
RM		 1690}
1691
a8df1b28 1692void
90149620 1693ipv6nd_handleifa(int cmd, struct ipv6_addr *addr, pid_t pid)
a8df1b28
RM		 1694{
1695 struct ra *rap;
a8df1b28 1696
d3826f33
RM		 1697 /* IPv6 init may not have happened yet if we are learning
1698 * existing addresses when dhcpcd starts. */
cc9d9bf8 1699 if (addr->iface->ctx->ra_routers == NULL)
d3826f33
RM		 1700 return;
1701
cc9d9bf8 1702 TAILQ_FOREACH(rap, addr->iface->ctx->ra_routers, next) {
e83c4813 1703 if (rap->iface != addr->iface)
a8df1b28 1704 continue;
90149620 1705 ipv6_handleifa_addrs(cmd, &rap->addrs, addr, pid);
a8df1b28
RM		 1706 }
1707}
1708
91cd7324 1709void
e82129a4 1710ipv6nd_expirera(void *arg)
91cd7324
RM		 1711{
1712 struct interface *ifp;
eebe9a18 1713 struct ra *rap, *ran;
8fde4abc
RM		 1714 struct timespec now;
1715 uint32_t elapsed;
964b60fe 1716 bool expired, valid;
6d189cb6 1717 struct ipv6_addr *ia;
19005560
RM		 1718 size_t len, olen;
1719 uint8_t *p;
1720 struct nd_opt_hdr ndo;
1721#if 0
1722 struct nd_opt_prefix_info pi;
a1b1f0a8 1723#endif
19005560
RM		 1724 struct nd_opt_dnssl dnssl;
1725 struct nd_opt_rdnss rdnss;
826d1f25 1726 unsigned int next = 0, ltime;
19005560 1727 size_t nexpired = 0;
91cd7324
RM		 1728
1729 ifp = arg;
b3f1735b 1730 clock_gettime(CLOCK_MONOTONIC, &now);
a1b1f0a8 1731 expired = false;
91cd7324 1732
cc9d9bf8 1733 TAILQ_FOREACH_SAFE(rap, ifp->ctx->ra_routers, next, ran) {
964b60fe 1734 if (rap->iface != ifp || rap->expired)
eebe9a18 1735 continue;
964b60fe 1736 valid = false;
4f422dd3 1737 if (rap->lifetime) {
8fde4abc
RM		 1738 elapsed = (uint32_t)eloop_timespec_diff(&now,
1739 &rap->acquired, NULL);
9efd0777 1740 if (elapsed >= rap->lifetime || rap->doexpire) {
4f422dd3 1741 if (!rap->expired) {
94d1ded9 1742 logwarnx("%s: %s: router expired",
4f422dd3 1743 ifp->name, rap->sfrom);
2f53bfd4 1744 rap->lifetime = 0;
964b60fe 1745 expired = true;
4f422dd3
RM		 1746 }
1747 } else {
a1b1f0a8 1748 valid = true;
8fde4abc 1749 ltime = rap->lifetime - elapsed;
826d1f25
RM		 1750 if (next == 0 || ltime < next)
1751 next = ltime;
35308011 1752 }
35308011
RM		 1753 }
1754
6d189cb6
RM		 1755 /* Not every prefix is tied to an address which
1756 * the kernel can expire, so we need to handle it ourself.
1757 * Also, some OS don't support address lifetimes (Solaris). */
1758 TAILQ_FOREACH(ia, &rap->addrs, next) {
680ed015 1759 if (ia->prefix_vltime == 0)
6d189cb6 1760 continue;
3e0c93a4
RM		 1761 if (ia->prefix_vltime == ND6_INFINITE_LIFETIME &&
1762 !rap->doexpire)
1763 {
964b60fe 1764 valid = true;
680ed015
RM		 1765 continue;
1766 }
8fde4abc
RM		 1767 elapsed = (uint32_t)eloop_timespec_diff(&now,
1768 &ia->acquired, NULL);
9efd0777 1769 if (elapsed >= ia->prefix_vltime || rap->doexpire) {
6d189cb6 1770 if (ia->flags & IPV6_AF_ADDED) {
b895d40d
RM		 1771 logwarnx("%s: expired %s %s",
1772 ia->iface->name,
1773 ia->flags & IPV6_AF_AUTOCONF ?
1774 "address" : "prefix",
1775 ia->saddr);
6d189cb6
RM		 1776 if (if_address6(RTM_DELADDR, ia)== -1 &&
1777 errno != EADDRNOTAVAIL &&
1778 errno != ENXIO)
94d1ded9 1779 logerr(__func__);
6d189cb6
RM		 1780 }
1781 ia->prefix_vltime = ia->prefix_pltime = 0;
1782 ia->flags &=
1783 ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED);
a1b1f0a8 1784 expired = true;
6d189cb6 1785 } else {
964b60fe 1786 valid = true;
8fde4abc 1787 ltime = ia->prefix_vltime - elapsed;
826d1f25
RM		 1788 if (next == 0 || ltime < next)
1789 next = ltime;
6d189cb6
RM		 1790 }
1791 }
1792
19005560 1793 /* Work out expiry for ND options */
8fde4abc
RM		 1794 elapsed = (uint32_t)eloop_timespec_diff(&now,
1795 &rap->acquired, NULL);
19005560
RM		 1796 len = rap->data_len - sizeof(struct nd_router_advert);
1797 for (p = rap->data + sizeof(struct nd_router_advert);
1798 len >= sizeof(ndo);
1799 p += olen, len -= olen)
1800 {
1801 memcpy(&ndo, p, sizeof(ndo));
1802 olen = (size_t)(ndo.nd_opt_len * 8);
1803 if (olen > len) {
1804 errno = EINVAL;
1805 break;
1806 }
d4e41f4b 1807
19005560
RM		 1808 if (has_option_mask(rap->iface->options->nomasknd,
1809 ndo.nd_opt_type))
1810 continue;
1811
1812 switch (ndo.nd_opt_type) {
1813 /* Prefix info is already checked in the above loop. */
1814#if 0
1815 case ND_OPT_PREFIX_INFORMATION:
1816 if (len < sizeof(pi))
1817 break;
1818 memcpy(&pi, p, sizeof(pi));
1819 ltime = pi.nd_opt_pi_valid_time;
1820 break;
a1b1f0a8 1821#endif
19005560
RM		 1822 case ND_OPT_DNSSL:
1823 if (len < sizeof(dnssl))
a3a4b5e3 1824 continue;
19005560
RM		 1825 memcpy(&dnssl, p, sizeof(dnssl));
1826 ltime = dnssl.nd_opt_dnssl_lifetime;
1827 break;
1828 case ND_OPT_RDNSS:
1829 if (len < sizeof(rdnss))
a3a4b5e3 1830 continue;
19005560
RM		 1831 memcpy(&rdnss, p, sizeof(rdnss));
1832 ltime = rdnss.nd_opt_rdnss_lifetime;
1833 break;
1834 default:
1835 continue;
1836 }
1837
1838 if (ltime == 0)
1839 continue;
3e0c93a4
RM		 1840 if (rap->doexpire) {
1841 expired = true;
1842 continue;
1843 }
19005560 1844 if (ltime == ND6_INFINITE_LIFETIME) {
964b60fe 1845 valid = true;
19005560
RM		 1846 continue;
1847 }
1848
826d1f25 1849 ltime = ntohl(ltime);
9efd0777 1850 if (elapsed >= ltime) {
19005560
RM		 1851 expired = true;
1852 continue;
1853 }
1854
826d1f25 1855 valid = true;
8fde4abc 1856 ltime -= elapsed;
826d1f25
RM		 1857 if (next == 0 || ltime < next)
1858 next = ltime;
19005560
RM		 1859 }
1860
964b60fe 1861 if (valid)
19005560 1862 continue;
d4e41f4b 1863
964b60fe
RM		 1864 /* Router has expired. Let's not keep a lot of them. */
1865 rap->expired = true;
19005560 1866 if (++nexpired > EXPIRED_MAX)
e82129a4 1867 ipv6nd_free_ra(rap);
91cd7324
RM		 1868 }
1869
826d1f25
RM		 1870 if (next != 0)
1871 eloop_timeout_add_sec(ifp->ctx->eloop,
1872 next, ipv6nd_expirera, ifp);
e82129a4 1873 if (expired) {
3e0c93a4
RM		 1874 logwarnx("%s: part of a Router Advertisement expired",
1875 ifp->name);
8d885c0f
RM		 1876 ipv6nd_sortrouters(ifp->ctx);
1877 ipv6nd_applyra(ifp);
9aa11487 1878 rt_build(ifp->ctx, AF_INET6);
e82129a4
RM		 1879 script_runreason(ifp, "ROUTERADVERT");
1880 }
1881}
1882
1883void
1884ipv6nd_drop(struct interface *ifp)
1885{
9a593d97 1886 struct ra *rap, *ran;
964b60fe 1887 bool expired = false;
e82129a4 1888
cc9d9bf8 1889 if (ifp->ctx->ra_routers == NULL)
2433e54d
RM		 1890 return;
1891
4eb7b489 1892 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
9a593d97 1893 TAILQ_FOREACH_SAFE(rap, ifp->ctx->ra_routers, next, ran) {
e82129a4 1894 if (rap->iface == ifp) {
964b60fe 1895 rap->expired = expired = true;
9a593d97 1896 ipv6nd_drop_ra(rap);
e82129a4
RM		 1897 }
1898 }
eebe9a18 1899 if (expired) {
8d885c0f 1900 ipv6nd_applyra(ifp);
9aa11487 1901 rt_build(ifp->ctx, AF_INET6);
389a250b 1902 if ((ifp->options->options & DHCPCD_NODROP) != DHCPCD_NODROP)
15fc1181 1903 script_runreason(ifp, "ROUTERADVERT");
e82129a4
RM		 1904 }
1905}
a9d78def 1906
65025848 1907void
c548c5b3
RM		 1908ipv6nd_recvmsg(struct dhcpcd_ctx *ctx, struct msghdr *msg)
1909{
1910 struct sockaddr_in6 *from = (struct sockaddr_in6 *)msg->msg_name;
1911 char sfrom[INET6_ADDRSTRLEN];
1912 int hoplimit = 0;
1913 struct icmp6_hdr *icp;
1914 struct interface *ifp;
1915 size_t len = msg->msg_iov[0].iov_len;
1916
1917 inet_ntop(AF_INET6, &from->sin6_addr, sfrom, sizeof(sfrom));
1918 if ((size_t)len < sizeof(struct icmp6_hdr)) {
1919 logerrx("IPv6 ICMP packet too short from %s", sfrom);
1920 return;
1921 }
1922
c548c5b3
RM		 1923 ifp = if_findifpfromcmsg(ctx, msg, &hoplimit);
1924 if (ifp == NULL) {
1925 logerr(__func__);
1926 return;
1927 }
c548c5b3
RM		 1928
1929 /* Don't do anything if the user hasn't configured it. */
1930 if (ifp->active != IF_ACTIVE_USER ||
1931 !(ifp->options->options & DHCPCD_IPV6))
1932 return;
1933
1934 icp = (struct icmp6_hdr *)msg->msg_iov[0].iov_base;
1935 if (icp->icmp6_code == 0) {
1936 switch(icp->icmp6_type) {
1937 case ND_ROUTER_ADVERT:
1938 ipv6nd_handlera(ctx, from, sfrom,
1939 ifp, icp, (size_t)len, hoplimit);
1940 return;
1941 }
1942 }
1943
1944 logerrx("invalid IPv6 type %d or code %d from %s",
1945 icp->icmp6_type, icp->icmp6_code, sfrom);
1946}
1947
e82129a4 1948static void
4eb7b489 1949ipv6nd_handledata(void *arg)
e82129a4 1950{
cc9d9bf8 1951 struct dhcpcd_ctx *ctx;
49d6a036 1952 int fd;
5fed9d43 1953 struct sockaddr_in6 from;
032bb2e1
RM		 1954 union {
1955 struct icmp6_hdr hdr;
1956 uint8_t buf[64 * 1024]; /* Maximum ICMPv6 size */
1957 } iovbuf;
5fed9d43 1958 struct iovec iov = {
032bb2e1 1959 .iov_base = iovbuf.buf, .iov_len = sizeof(iovbuf.buf),
5fed9d43 1960 };
e14045ca
RM		 1961 union {
1962 struct cmsghdr hdr;
1963 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo)) +
1964 CMSG_SPACE(sizeof(int))];
1965 } cmsgbuf = { .buf = { 0 } };
5fed9d43
RM		 1966 struct msghdr msg = {
1967 .msg_name = &from, .msg_namelen = sizeof(from),
1968 .msg_iov = &iov, .msg_iovlen = 1,
e14045ca 1969 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf),
5fed9d43 1970 };
e82129a4 1971 ssize_t len;
e82129a4 1972
b2edc303 1973#ifdef __sun
49d6a036 1974 struct interface *ifp;
b2edc303
RM		 1975 struct rs_state *state;
1976
1977 ifp = arg;
1978 state = RS_STATE(ifp);
1979 ctx = ifp->ctx;
49d6a036 1980 fd = state->nd_fd;
b2edc303 1981#else
cc9d9bf8 1982 ctx = arg;
49d6a036 1983 fd = ctx->nd_fd;
b2edc303 1984#endif
49d6a036 1985 len = recvmsg(fd, &msg, 0);
fddd88ae 1986 if (len == -1) {
94d1ded9 1987 logerr(__func__);
e82129a4
RM		 1988 return;
1989 }
e82129a4 1990
c548c5b3
RM		 1991 iov.iov_len = (size_t)len;
1992 ipv6nd_recvmsg(ctx, &msg);
e82129a4
RM		 1993}
1994
d936ec19 1995static void
6e6e06af 1996ipv6nd_startrs1(void *arg)
91cd7324 1997{
6e6e06af 1998 struct interface *ifp = arg;
ca15a0aa 1999 struct rs_state *state;
91cd7324 2000
9efdc92f 2001 loginfox("%s: soliciting an IPv6 router", ifp->name);
673e81e5
RM		 2002 state = RS_STATE(ifp);
2003 if (state == NULL) {
e82129a4 2004 ifp->if_data[IF_DATA_IPV6ND] = calloc(1, sizeof(*state));
673e81e5 2005 state = RS_STATE(ifp);
fbbb0875 2006 if (state == NULL) {
94d1ded9 2007 logerr(__func__);
6e6e06af 2008 return;
fbbb0875 2009 }
b0a0f6d4 2010#ifdef __sun
b2edc303 2011 state->nd_fd = -1;
b0a0f6d4 2012#endif
673e81e5
RM		 2013 }
2014
2015 /* Always make a new probe as the underlying hardware
2016 * address could have changed. */
e82129a4 2017 ipv6nd_makersprobe(ifp);
fbbb0875 2018 if (state->rs == NULL) {
94d1ded9 2019 logerr(__func__);
6e6e06af 2020 return;
fbbb0875 2021 }
91cd7324 2022
cd09e583 2023 state->retrans = RETRANS_TIMER;
ca15a0aa 2024 state->rsprobes = 0;
e82129a4 2025 ipv6nd_sendrsprobe(ifp);
6e6e06af
RM		 2026}
2027
2028void
2029ipv6nd_startrs(struct interface *ifp)
2030{
858d217d 2031 unsigned int delay;
6e6e06af 2032
d936ec19 2033 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
f572315d
RM		 2034 if (!(ifp->options->options & DHCPCD_INITIAL_DELAY)) {
2035 ipv6nd_startrs1(ifp);
2036 return;
2037 }
2038
858d217d 2039 delay = arc4random_uniform(MAX_RTR_SOLICITATION_DELAY * MSEC_PER_SEC);
0e56d022 2040 logdebugx("%s: delaying IPv6 router solicitation for %0.1f seconds",
858d217d
RM		 2041 ifp->name, (float)delay / MSEC_PER_SEC);
2042 eloop_timeout_add_msec(ifp->ctx->eloop, delay, ipv6nd_startrs1, ifp);
6e6e06af 2043 return;
91cd7324 2044}
Mirror of https://github.com/NetworkConfiguration/dhcpcd.git