1 /*
2 * Copyright (C) 2004, 2005, 2007, 2008, 2012 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2003 Internet Software Consortium.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 /* $Id$ */
19
20 #include <config.h>
21
22 #include <sys/types.h>
23
24 #if defined(HAVE_SYS_SYSCTL_H)
25 #if defined(HAVE_SYS_PARAM_H)
26 #include <sys/param.h>
27 #endif
28 #include <sys/sysctl.h>
29 #endif
30
31 #include <errno.h>
32 #include <unistd.h>
33
34 #include <isc/log.h>
35 #include <isc/msgs.h>
36 #include <isc/net.h>
37 #include <isc/once.h>
38 #include <isc/strerror.h>
39 #include <isc/string.h>
40 #include <isc/util.h>
41
42 /*%
43 * Definitions about UDP port range specification. This is a total mess of
44 * portability variants: some use sysctl (but the sysctl names vary), some use
45 * system-specific interfaces, some have the same interface for IPv4 and IPv6,
46 * some separate them, etc...
47 */
48
49 /*%
50 * The last resort defaults: use all non well known port space
51 */
52 #ifndef ISC_NET_PORTRANGELOW
53 #define ISC_NET_PORTRANGELOW 1024
54 #endif /* ISC_NET_PORTRANGELOW */
55 #ifndef ISC_NET_PORTRANGEHIGH
56 #define ISC_NET_PORTRANGEHIGH 65535
57 #endif /* ISC_NET_PORTRANGEHIGH */
58
59 #ifdef HAVE_SYSCTLBYNAME
60
61 /*%
62 * sysctl variants
63 */
64 #if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__)
65 #define USE_SYSCTL_PORTRANGE
66 #define SYSCTL_V4PORTRANGE_LOW "net.inet.ip.portrange.hifirst"
67 #define SYSCTL_V4PORTRANGE_HIGH "net.inet.ip.portrange.hilast"
68 #define SYSCTL_V6PORTRANGE_LOW "net.inet.ip.portrange.hifirst"
69 #define SYSCTL_V6PORTRANGE_HIGH "net.inet.ip.portrange.hilast"
70 #endif
71
72 #ifdef __NetBSD__
73 #define USE_SYSCTL_PORTRANGE
74 #define SYSCTL_V4PORTRANGE_LOW "net.inet.ip.anonportmin"
75 #define SYSCTL_V4PORTRANGE_HIGH "net.inet.ip.anonportmax"
76 #define SYSCTL_V6PORTRANGE_LOW "net.inet6.ip6.anonportmin"
77 #define SYSCTL_V6PORTRANGE_HIGH "net.inet6.ip6.anonportmax"
78 #endif
79
80 #else /* !HAVE_SYSCTLBYNAME */
81
82 #ifdef __OpenBSD__
83 #define USE_SYSCTL_PORTRANGE
84 #define SYSCTL_V4PORTRANGE_LOW { CTL_NET, PF_INET, IPPROTO_IP, \
85 IPCTL_IPPORT_HIFIRSTAUTO }
86 #define SYSCTL_V4PORTRANGE_HIGH { CTL_NET, PF_INET, IPPROTO_IP, \
87 IPCTL_IPPORT_HILASTAUTO }
88 /* Same for IPv6 */
89 #define SYSCTL_V6PORTRANGE_LOW SYSCTL_V4PORTRANGE_LOW
90 #define SYSCTL_V6PORTRANGE_HIGH SYSCTL_V4PORTRANGE_HIGH
91 #endif
92
93 #endif /* HAVE_SYSCTLBYNAME */
94
95 #if defined(ISC_PLATFORM_NEEDIN6ADDRANY)
96 const struct in6_addr isc_net_in6addrany = IN6ADDR_ANY_INIT;
97 #endif
98
99 #if defined(ISC_PLATFORM_HAVEIPV6)
100
101 # if defined(ISC_PLATFORM_NEEDIN6ADDRLOOPBACK)
102 const struct in6_addr isc_net_in6addrloop = IN6ADDR_LOOPBACK_INIT;
103 # endif
104
105 # if defined(WANT_IPV6)
106 static isc_once_t once_ipv6only = ISC_ONCE_INIT;
107 # endif
108
109 # if defined(ISC_PLATFORM_HAVEIPV6) && \
110 defined(WANT_IPV6) && defined(ISC_PLATFORM_HAVEIN6PKTINFO)
111 static isc_once_t once_ipv6pktinfo = ISC_ONCE_INIT;
112 # endif
113 #endif /* ISC_PLATFORM_HAVEIPV6 */
114
115 static isc_once_t once = ISC_ONCE_INIT;
116
117 static isc_result_t ipv4_result = ISC_R_NOTFOUND;
118 static isc_result_t ipv6_result = ISC_R_NOTFOUND;
119 static isc_result_t unix_result = ISC_R_NOTFOUND;
120 static isc_result_t ipv6only_result = ISC_R_NOTFOUND;
121 static isc_result_t ipv6pktinfo_result = ISC_R_NOTFOUND;
122
123 static isc_result_t
try_proto(int domain)124 try_proto(int domain) {
125 int s;
126 isc_result_t result = ISC_R_SUCCESS;
127 char strbuf[ISC_STRERRORSIZE];
128
129 s = socket(domain, SOCK_STREAM, 0);
130 if (s == -1) {
131 switch (errno) {
132 #ifdef EAFNOSUPPORT
133 case EAFNOSUPPORT:
134 #endif
135 #ifdef EPROTONOSUPPORT
136 case EPROTONOSUPPORT:
137 #endif
138 #ifdef EINVAL
139 case EINVAL:
140 #endif
141 return (ISC_R_NOTFOUND);
142 default:
143 isc__strerror(errno, strbuf, sizeof(strbuf));
144 UNEXPECTED_ERROR(__FILE__, __LINE__,
145 "socket() %s: %s",
146 isc_msgcat_get(isc_msgcat,
147 ISC_MSGSET_GENERAL,
148 ISC_MSG_FAILED,
149 "failed"),
150 strbuf);
151 return (ISC_R_UNEXPECTED);
152 }
153 }
154
155 #ifdef ISC_PLATFORM_HAVEIPV6
156 #ifdef WANT_IPV6
157 #ifdef ISC_PLATFORM_HAVEIN6PKTINFO
158 if (domain == PF_INET6) {
159 struct sockaddr_in6 sin6;
160 GETSOCKNAME_SOCKLEN_TYPE len; /* NTP local change */
161
162 /*
163 * Check to see if IPv6 is broken, as is common on Linux.
164 */
165 len = sizeof(sin6);
166 if (getsockname(s, (struct sockaddr *)&sin6, &len) < 0)
167 {
168 isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL,
169 ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
170 "retrieving the address of an IPv6 "
171 "socket from the kernel failed.");
172 isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL,
173 ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
174 "IPv6 is not supported.");
175 result = ISC_R_NOTFOUND;
176 } else {
177 if (len == sizeof(struct sockaddr_in6))
178 result = ISC_R_SUCCESS;
179 else {
180 isc_log_write(isc_lctx,
181 ISC_LOGCATEGORY_GENERAL,
182 ISC_LOGMODULE_SOCKET,
183 ISC_LOG_ERROR,
184 "IPv6 structures in kernel and "
185 "user space do not match.");
186 isc_log_write(isc_lctx,
187 ISC_LOGCATEGORY_GENERAL,
188 ISC_LOGMODULE_SOCKET,
189 ISC_LOG_ERROR,
190 "IPv6 is not supported.");
191 result = ISC_R_NOTFOUND;
192 }
193 }
194 }
195 #endif
196 #endif
197 #endif
198
199 (void)close(s);
200
201 return (result);
202 }
203
204 static void
initialize_action(void)205 initialize_action(void) {
206 ipv4_result = try_proto(PF_INET);
207 #ifdef ISC_PLATFORM_HAVEIPV6
208 #ifdef WANT_IPV6
209 #ifdef ISC_PLATFORM_HAVEIN6PKTINFO
210 ipv6_result = try_proto(PF_INET6);
211 #endif
212 #endif
213 #endif
214 #ifdef ISC_PLATFORM_HAVESYSUNH
215 unix_result = try_proto(PF_UNIX);
216 #endif
217 }
218
219 static void
initialize(void)220 initialize(void) {
221 RUNTIME_CHECK(isc_once_do(&once, initialize_action) == ISC_R_SUCCESS);
222 }
223
224 isc_result_t
isc_net_probeipv4(void)225 isc_net_probeipv4(void) {
226 initialize();
227 return (ipv4_result);
228 }
229
230 isc_result_t
isc_net_probeipv6(void)231 isc_net_probeipv6(void) {
232 initialize();
233 return (ipv6_result);
234 }
235
236 isc_result_t
isc_net_probeunix(void)237 isc_net_probeunix(void) {
238 initialize();
239 return (unix_result);
240 }
241
242 #ifdef ISC_PLATFORM_HAVEIPV6
243 #ifdef WANT_IPV6
244 static void
try_ipv6only(void)245 try_ipv6only(void) {
246 #ifdef IPV6_V6ONLY
247 int s, on;
248 char strbuf[ISC_STRERRORSIZE];
249 #endif
250 isc_result_t result;
251
252 result = isc_net_probeipv6();
253 if (result != ISC_R_SUCCESS) {
254 ipv6only_result = result;
255 return;
256 }
257
258 #ifndef IPV6_V6ONLY
259 ipv6only_result = ISC_R_NOTFOUND;
260 return;
261 #else
262 /* check for TCP sockets */
263 s = socket(PF_INET6, SOCK_STREAM, 0);
264 if (s == -1) {
265 isc__strerror(errno, strbuf, sizeof(strbuf));
266 UNEXPECTED_ERROR(__FILE__, __LINE__,
267 "socket() %s: %s",
268 isc_msgcat_get(isc_msgcat,
269 ISC_MSGSET_GENERAL,
270 ISC_MSG_FAILED,
271 "failed"),
272 strbuf);
273 ipv6only_result = ISC_R_UNEXPECTED;
274 return;
275 }
276
277 on = 1;
278 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0) {
279 ipv6only_result = ISC_R_NOTFOUND;
280 goto close;
281 }
282
283 close(s);
284
285 /* check for UDP sockets */
286 s = socket(PF_INET6, SOCK_DGRAM, 0);
287 if (s == -1) {
288 isc__strerror(errno, strbuf, sizeof(strbuf));
289 UNEXPECTED_ERROR(__FILE__, __LINE__,
290 "socket() %s: %s",
291 isc_msgcat_get(isc_msgcat,
292 ISC_MSGSET_GENERAL,
293 ISC_MSG_FAILED,
294 "failed"),
295 strbuf);
296 ipv6only_result = ISC_R_UNEXPECTED;
297 return;
298 }
299
300 on = 1;
301 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0) {
302 ipv6only_result = ISC_R_NOTFOUND;
303 goto close;
304 }
305
306 ipv6only_result = ISC_R_SUCCESS;
307
308 close:
309 close(s);
310 return;
311 #endif /* IPV6_V6ONLY */
312 }
313
314 static void
initialize_ipv6only(void)315 initialize_ipv6only(void) {
316 RUNTIME_CHECK(isc_once_do(&once_ipv6only,
317 try_ipv6only) == ISC_R_SUCCESS);
318 }
319
320 #ifdef ISC_PLATFORM_HAVEIN6PKTINFO
321 static void
try_ipv6pktinfo(void)322 try_ipv6pktinfo(void) {
323 int s, on;
324 char strbuf[ISC_STRERRORSIZE];
325 isc_result_t result;
326 int optname;
327
328 result = isc_net_probeipv6();
329 if (result != ISC_R_SUCCESS) {
330 ipv6pktinfo_result = result;
331 return;
332 }
333
334 /* we only use this for UDP sockets */
335 s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP);
336 if (s == -1) {
337 isc__strerror(errno, strbuf, sizeof(strbuf));
338 UNEXPECTED_ERROR(__FILE__, __LINE__,
339 "socket() %s: %s",
340 isc_msgcat_get(isc_msgcat,
341 ISC_MSGSET_GENERAL,
342 ISC_MSG_FAILED,
343 "failed"),
344 strbuf);
345 ipv6pktinfo_result = ISC_R_UNEXPECTED;
346 return;
347 }
348
349 #ifdef IPV6_RECVPKTINFO
350 optname = IPV6_RECVPKTINFO;
351 #else
352 optname = IPV6_PKTINFO;
353 #endif
354 on = 1;
355 if (setsockopt(s, IPPROTO_IPV6, optname, &on, sizeof(on)) < 0) {
356 ipv6pktinfo_result = ISC_R_NOTFOUND;
357 goto close;
358 }
359
360 ipv6pktinfo_result = ISC_R_SUCCESS;
361
362 close:
363 close(s);
364 return;
365 }
366
367 static void
initialize_ipv6pktinfo(void)368 initialize_ipv6pktinfo(void) {
369 RUNTIME_CHECK(isc_once_do(&once_ipv6pktinfo,
370 try_ipv6pktinfo) == ISC_R_SUCCESS);
371 }
372 #endif /* ISC_PLATFORM_HAVEIN6PKTINFO */
373 #endif /* WANT_IPV6 */
374 #endif /* ISC_PLATFORM_HAVEIPV6 */
375
376 isc_result_t
isc_net_probe_ipv6only(void)377 isc_net_probe_ipv6only(void) {
378 #ifdef ISC_PLATFORM_HAVEIPV6
379 #ifdef WANT_IPV6
380 initialize_ipv6only();
381 #else
382 ipv6only_result = ISC_R_NOTFOUND;
383 #endif
384 #endif
385 return (ipv6only_result);
386 }
387
388 isc_result_t
isc_net_probe_ipv6pktinfo(void)389 isc_net_probe_ipv6pktinfo(void) {
390 #ifdef ISC_PLATFORM_HAVEIPV6
391 #ifdef ISC_PLATFORM_HAVEIN6PKTINFO
392 #ifdef WANT_IPV6
393 initialize_ipv6pktinfo();
394 #else
395 ipv6pktinfo_result = ISC_R_NOTFOUND;
396 #endif
397 #endif
398 #endif
399 return (ipv6pktinfo_result);
400 }
401
402 #if defined(USE_SYSCTL_PORTRANGE)
403 #if defined(HAVE_SYSCTLBYNAME)
404 static isc_result_t
getudpportrange_sysctl(int af,in_port_t * low,in_port_t * high)405 getudpportrange_sysctl(int af, in_port_t *low, in_port_t *high) {
406 int port_low, port_high;
407 size_t portlen;
408 const char *sysctlname_lowport, *sysctlname_hiport;
409
410 if (af == AF_INET) {
411 sysctlname_lowport = SYSCTL_V4PORTRANGE_LOW;
412 sysctlname_hiport = SYSCTL_V4PORTRANGE_HIGH;
413 } else {
414 sysctlname_lowport = SYSCTL_V6PORTRANGE_LOW;
415 sysctlname_hiport = SYSCTL_V6PORTRANGE_HIGH;
416 }
417 portlen = sizeof(portlen);
418 if (sysctlbyname(sysctlname_lowport, &port_low, &portlen,
419 NULL, 0) < 0) {
420 return (ISC_R_FAILURE);
421 }
422 portlen = sizeof(portlen);
423 if (sysctlbyname(sysctlname_hiport, &port_high, &portlen,
424 NULL, 0) < 0) {
425 return (ISC_R_FAILURE);
426 }
427 if ((port_low & ~0xffff) != 0 || (port_high & ~0xffff) != 0)
428 return (ISC_R_RANGE);
429
430 *low = (in_port_t)port_low;
431 *high = (in_port_t)port_high;
432
433 return (ISC_R_SUCCESS);
434 }
435 #else /* !HAVE_SYSCTLBYNAME */
436 static isc_result_t
getudpportrange_sysctl(int af,in_port_t * low,in_port_t * high)437 getudpportrange_sysctl(int af, in_port_t *low, in_port_t *high) {
438 int mib_lo4[4] = SYSCTL_V4PORTRANGE_LOW;
439 int mib_hi4[4] = SYSCTL_V4PORTRANGE_HIGH;
440 int mib_lo6[4] = SYSCTL_V6PORTRANGE_LOW;
441 int mib_hi6[4] = SYSCTL_V6PORTRANGE_HIGH;
442 int *mib_lo, *mib_hi, miblen;
443 int port_low, port_high;
444 size_t portlen;
445
446 if (af == AF_INET) {
447 mib_lo = mib_lo4;
448 mib_hi = mib_hi4;
449 miblen = sizeof(mib_lo4) / sizeof(mib_lo4[0]);
450 } else {
451 mib_lo = mib_lo6;
452 mib_hi = mib_hi6;
453 miblen = sizeof(mib_lo6) / sizeof(mib_lo6[0]);
454 }
455
456 portlen = sizeof(portlen);
457 if (sysctl(mib_lo, miblen, &port_low, &portlen, NULL, 0) < 0) {
458 return (ISC_R_FAILURE);
459 }
460
461 portlen = sizeof(portlen);
462 if (sysctl(mib_hi, miblen, &port_high, &portlen, NULL, 0) < 0) {
463 return (ISC_R_FAILURE);
464 }
465
466 if ((port_low & ~0xffff) != 0 || (port_high & ~0xffff) != 0)
467 return (ISC_R_RANGE);
468
469 *low = (in_port_t) port_low;
470 *high = (in_port_t) port_high;
471
472 return (ISC_R_SUCCESS);
473 }
474 #endif /* HAVE_SYSCTLBYNAME */
475 #endif /* USE_SYSCTL_PORTRANGE */
476
477 isc_result_t
isc_net_getudpportrange(int af,in_port_t * low,in_port_t * high)478 isc_net_getudpportrange(int af, in_port_t *low, in_port_t *high) {
479 int result = ISC_R_FAILURE;
480
481 REQUIRE(low != NULL && high != NULL);
482
483 #if defined(USE_SYSCTL_PORTRANGE)
484 result = getudpportrange_sysctl(af, low, high);
485 #else
486 UNUSED(af);
487 #endif
488
489 if (result != ISC_R_SUCCESS) {
490 *low = ISC_NET_PORTRANGELOW;
491 *high = ISC_NET_PORTRANGEHIGH;
492 }
493
494 return (ISC_R_SUCCESS); /* we currently never fail in this function */
495 }
496
497 void
isc_net_disableipv4(void)498 isc_net_disableipv4(void) {
499 initialize();
500 if (ipv4_result == ISC_R_SUCCESS)
501 ipv4_result = ISC_R_DISABLED;
502 }
503
504 void
isc_net_disableipv6(void)505 isc_net_disableipv6(void) {
506 initialize();
507 if (ipv6_result == ISC_R_SUCCESS)
508 ipv6_result = ISC_R_DISABLED;
509 }
510
511 void
isc_net_enableipv4(void)512 isc_net_enableipv4(void) {
513 initialize();
514 if (ipv4_result == ISC_R_DISABLED)
515 ipv4_result = ISC_R_SUCCESS;
516 }
517
518 void
isc_net_enableipv6(void)519 isc_net_enableipv6(void) {
520 initialize();
521 if (ipv6_result == ISC_R_DISABLED)
522 ipv6_result = ISC_R_SUCCESS;
523 }
524