1 /* $FreeBSD$ */ 2 /* $KAME: rrenum.c,v 1.12 2002/06/10 19:59:47 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 #include <sys/types.h> 33 #include <sys/param.h> 34 #include <sys/ioctl.h> 35 #include <sys/socket.h> 36 #include <sys/sysctl.h> 37 38 #include <net/if.h> 39 #include <net/if_dl.h> 40 #include <net/route.h> 41 #include <netinet/in.h> 42 #include <netinet/in_var.h> 43 #include <netinet/icmp6.h> 44 45 #include <arpa/inet.h> 46 47 #include <errno.h> 48 #include <netdb.h> 49 #include <string.h> 50 #include <stdlib.h> 51 #include <time.h> 52 #include <syslog.h> 53 #include "rtadvd.h" 54 #include "rrenum.h" 55 #include "if.h" 56 57 #define RR_ISSET_SEGNUM(segnum_bits, segnum) \ 58 ((((segnum_bits)[(segnum) >> 5]) & (1 << ((segnum) & 31))) != 0) 59 #define RR_SET_SEGNUM(segnum_bits, segnum) \ 60 (((segnum_bits)[(segnum) >> 5]) |= (1 << ((segnum) & 31))) 61 62 struct rr_operation { 63 u_long rro_seqnum; 64 u_long rro_segnum_bits[8]; 65 }; 66 67 static struct rr_operation rro; 68 static int rr_rcvifindex; 69 static int rrcmd2pco[RPM_PCO_MAX] = { 70 0, 71 SIOCAIFPREFIX_IN6, 72 SIOCCIFPREFIX_IN6, 73 SIOCSGIFPREFIX_IN6 74 }; 75 static int s = -1; 76 77 /* 78 * Check validity of a Prefix Control Operation(PCO). 79 * return 0 on success, 1 on failure. 80 */ 81 static int 82 rr_pco_check(int len, struct rr_pco_match *rpm) 83 { 84 struct rr_pco_use *rpu, *rpulim; 85 int checklen; 86 87 /* rpm->rpm_len must be (4N * 3) as router-renum-05.txt */ 88 if ((rpm->rpm_len - 3) < 0 || /* must be at least 3 */ 89 (rpm->rpm_len - 3) & 0x3) { /* must be multiple of 4 */ 90 syslog(LOG_WARNING, "<%s> rpm_len %d is not 4N * 3", 91 __func__, rpm->rpm_len); 92 return (1); 93 } 94 /* rpm->rpm_code must be valid value */ 95 switch (rpm->rpm_code) { 96 case RPM_PCO_ADD: 97 case RPM_PCO_CHANGE: 98 case RPM_PCO_SETGLOBAL: 99 break; 100 default: 101 syslog(LOG_WARNING, "<%s> unknown rpm_code %d", __func__, 102 rpm->rpm_code); 103 return (1); 104 } 105 /* rpm->rpm_matchlen must be 0 to 128 inclusive */ 106 if (rpm->rpm_matchlen > 128) { 107 syslog(LOG_WARNING, "<%s> rpm_matchlen %d is over 128", 108 __func__, rpm->rpm_matchlen); 109 return (1); 110 } 111 112 /* 113 * rpu->rpu_uselen, rpu->rpu_keeplen, and sum of them must be 114 * between 0 and 128 inclusive 115 */ 116 for (rpu = (struct rr_pco_use *)(rpm + 1), 117 rpulim = (struct rr_pco_use *)((char *)rpm + len); 118 rpu < rpulim; 119 rpu += 1) { 120 checklen = rpu->rpu_uselen; 121 checklen += rpu->rpu_keeplen; 122 /* 123 * omit these check, because either of rpu_uselen 124 * and rpu_keeplen is unsigned char 125 * (128 > rpu_uselen > 0) 126 * (128 > rpu_keeplen > 0) 127 * (rpu_uselen + rpu_keeplen > 0) 128 */ 129 if (checklen > 128) { 130 syslog(LOG_WARNING, "<%s> sum of rpu_uselen %d and" 131 " rpu_keeplen %d is %d(over 128)", 132 __func__, rpu->rpu_uselen, rpu->rpu_keeplen, 133 rpu->rpu_uselen + rpu->rpu_keeplen); 134 return (1); 135 } 136 } 137 return (0); 138 } 139 140 static void 141 do_use_prefix(int len, struct rr_pco_match *rpm, 142 struct in6_rrenumreq *irr, int ifindex) 143 { 144 struct rr_pco_use *rpu, *rpulim; 145 struct rainfo *rai; 146 struct ifinfo *ifi; 147 struct prefix *pfx; 148 149 rpu = (struct rr_pco_use *)(rpm + 1); 150 rpulim = (struct rr_pco_use *)((char *)rpm + len); 151 152 if (rpu == rpulim) { /* no use prefix */ 153 if (rpm->rpm_code == RPM_PCO_ADD) 154 return; 155 156 irr->irr_u_uselen = 0; 157 irr->irr_u_keeplen = 0; 158 irr->irr_raf_mask_onlink = 0; 159 irr->irr_raf_mask_auto = 0; 160 irr->irr_vltime = 0; 161 irr->irr_pltime = 0; 162 memset(&irr->irr_flags, 0, sizeof(irr->irr_flags)); 163 irr->irr_useprefix.sin6_len = 0; /* let it mean, no addition */ 164 irr->irr_useprefix.sin6_family = 0; 165 irr->irr_useprefix.sin6_addr = in6addr_any; 166 if (ioctl(s, rrcmd2pco[rpm->rpm_code], (caddr_t)irr) < 0 && 167 errno != EADDRNOTAVAIL) 168 syslog(LOG_ERR, "<%s> ioctl: %s", __func__, 169 strerror(errno)); 170 return; 171 } 172 173 for (rpu = (struct rr_pco_use *)(rpm + 1), 174 rpulim = (struct rr_pco_use *)((char *)rpm + len); 175 rpu < rpulim; 176 rpu += 1) { 177 /* init in6_rrenumreq fields */ 178 irr->irr_u_uselen = rpu->rpu_uselen; 179 irr->irr_u_keeplen = rpu->rpu_keeplen; 180 irr->irr_raf_mask_onlink = 181 !!(rpu->rpu_ramask & ICMP6_RR_PCOUSE_RAFLAGS_ONLINK); 182 irr->irr_raf_mask_auto = 183 !!(rpu->rpu_ramask & ICMP6_RR_PCOUSE_RAFLAGS_AUTO); 184 irr->irr_vltime = ntohl(rpu->rpu_vltime); 185 irr->irr_pltime = ntohl(rpu->rpu_pltime); 186 irr->irr_raf_onlink = 187 (rpu->rpu_raflags & ICMP6_RR_PCOUSE_RAFLAGS_ONLINK) == 0 ? 188 0 : 1; 189 irr->irr_raf_auto = 190 (rpu->rpu_raflags & ICMP6_RR_PCOUSE_RAFLAGS_AUTO) == 0 ? 191 0 : 1; 192 irr->irr_rrf_decrvalid = 193 (rpu->rpu_flags & ICMP6_RR_PCOUSE_FLAGS_DECRVLTIME) == 0 ? 194 0 : 1; 195 irr->irr_rrf_decrprefd = 196 (rpu->rpu_flags & ICMP6_RR_PCOUSE_FLAGS_DECRPLTIME) == 0 ? 197 0 : 1; 198 irr->irr_useprefix.sin6_len = sizeof(irr->irr_useprefix); 199 irr->irr_useprefix.sin6_family = AF_INET6; 200 irr->irr_useprefix.sin6_addr = rpu->rpu_prefix; 201 202 if (ioctl(s, rrcmd2pco[rpm->rpm_code], (caddr_t)irr) < 0 && 203 errno != EADDRNOTAVAIL) 204 syslog(LOG_ERR, "<%s> ioctl: %s", __func__, 205 strerror(errno)); 206 207 /* very adhoc: should be rewritten */ 208 if (rpm->rpm_code == RPM_PCO_CHANGE && 209 IN6_ARE_ADDR_EQUAL(&rpm->rpm_prefix, &rpu->rpu_prefix) && 210 rpm->rpm_matchlen == rpu->rpu_uselen && 211 rpu->rpu_uselen == rpu->rpu_keeplen) { 212 ifi = if_indextoifinfo(ifindex); 213 if (ifi == NULL || ifi->ifi_rainfo == NULL) 214 continue; /* non-advertising IF */ 215 rai = ifi->ifi_rainfo; 216 217 TAILQ_FOREACH(pfx, &rai->rai_prefix, pfx_next) { 218 struct timespec now; 219 220 if (prefix_match(&pfx->pfx_prefix, 221 pfx->pfx_prefixlen, &rpm->rpm_prefix, 222 rpm->rpm_matchlen)) { 223 /* change parameters */ 224 pfx->pfx_validlifetime = 225 ntohl(rpu->rpu_vltime); 226 pfx->pfx_preflifetime = 227 ntohl(rpu->rpu_pltime); 228 if (irr->irr_rrf_decrvalid) { 229 clock_gettime(CLOCK_MONOTONIC_FAST, 230 &now); 231 pfx->pfx_vltimeexpire = 232 now.tv_sec + 233 pfx->pfx_validlifetime; 234 } else 235 pfx->pfx_vltimeexpire = 0; 236 if (irr->irr_rrf_decrprefd) { 237 clock_gettime(CLOCK_MONOTONIC_FAST, 238 &now); 239 pfx->pfx_pltimeexpire = 240 now.tv_sec + 241 pfx->pfx_preflifetime; 242 } else 243 pfx->pfx_pltimeexpire = 0; 244 } 245 } 246 } 247 } 248 } 249 250 /* 251 * process a Prefix Control Operation(PCO). 252 * return 0 on success, 1 on failure 253 */ 254 static int 255 do_pco(struct icmp6_router_renum *rr, int len, struct rr_pco_match *rpm) 256 { 257 int ifindex = 0; 258 struct in6_rrenumreq irr; 259 struct ifinfo *ifi; 260 261 if ((rr_pco_check(len, rpm) != 0)) 262 return (1); 263 264 if (s == -1 && (s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) { 265 syslog(LOG_ERR, "<%s> socket: %s", __func__, 266 strerror(errno)); 267 exit(1); 268 } 269 270 memset(&irr, 0, sizeof(irr)); 271 irr.irr_origin = PR_ORIG_RR; 272 irr.irr_m_len = rpm->rpm_matchlen; 273 irr.irr_m_minlen = rpm->rpm_minlen; 274 irr.irr_m_maxlen = rpm->rpm_maxlen; 275 irr.irr_matchprefix.sin6_len = sizeof(irr.irr_matchprefix); 276 irr.irr_matchprefix.sin6_family = AF_INET6; 277 irr.irr_matchprefix.sin6_addr = rpm->rpm_prefix; 278 279 while (if_indextoname(++ifindex, irr.irr_name)) { 280 ifi = if_indextoifinfo(ifindex); 281 if (ifi == NULL) { 282 syslog(LOG_ERR, "<%s> ifindex not found.", 283 __func__); 284 return (1); 285 } 286 /* 287 * if ICMP6_RR_FLAGS_FORCEAPPLY(A flag) is 0 and 288 * IFF_UP is off, the interface is not applied 289 */ 290 if ((rr->rr_flags & ICMP6_RR_FLAGS_FORCEAPPLY) == 0 && 291 (ifi->ifi_flags & IFF_UP) == 0) 292 continue; 293 /* TODO: interface scope check */ 294 do_use_prefix(len, rpm, &irr, ifindex); 295 } 296 if (errno == ENXIO) 297 return (0); 298 else if (errno) { 299 syslog(LOG_ERR, "<%s> if_indextoname: %s", __func__, 300 strerror(errno)); 301 return (1); 302 } 303 return (0); 304 } 305 306 /* 307 * call do_pco() for each Prefix Control Operations(PCOs) in a received 308 * Router Renumbering Command packet. 309 * return 0 on success, 1 on failure 310 */ 311 static int 312 do_rr(int len, struct icmp6_router_renum *rr) 313 { 314 struct rr_pco_match *rpm; 315 char *cp, *lim; 316 317 lim = (char *)rr + len; 318 cp = (char *)(rr + 1); 319 len -= sizeof(struct icmp6_router_renum); 320 321 update_ifinfo(&ifilist, UPDATE_IFINFO_ALL); 322 323 while (cp < lim) { 324 int rpmlen; 325 326 rpm = (struct rr_pco_match *)cp; 327 if ((size_t)len < sizeof(struct rr_pco_match)) { 328 tooshort: 329 syslog(LOG_ERR, "<%s> pkt too short. left len = %d. " 330 "garbage at end of pkt?", __func__, len); 331 return (1); 332 } 333 rpmlen = rpm->rpm_len << 3; 334 if (len < rpmlen) 335 goto tooshort; 336 337 if (do_pco(rr, rpmlen, rpm)) { 338 syslog(LOG_WARNING, "<%s> invalid PCO", __func__); 339 goto next; 340 } 341 342 next: 343 cp += rpmlen; 344 len -= rpmlen; 345 } 346 347 return (0); 348 } 349 350 /* 351 * check validity of a router renumbering command packet 352 * return 0 on success, 1 on failure 353 */ 354 static int 355 rr_command_check(int len, struct icmp6_router_renum *rr, struct in6_addr *from, 356 struct in6_addr *dst) 357 { 358 u_char ntopbuf[INET6_ADDRSTRLEN]; 359 360 /* omit rr minimal length check. hope kernel have done it. */ 361 /* rr_command length check */ 362 if ((size_t)len < (sizeof(struct icmp6_router_renum) + 363 sizeof(struct rr_pco_match))) { 364 syslog(LOG_ERR, "<%s> rr_command len %d is too short", 365 __func__, len); 366 return (1); 367 } 368 369 /* destination check. only for multicast. omit unicast check. */ 370 if (IN6_IS_ADDR_MULTICAST(dst) && !IN6_IS_ADDR_MC_LINKLOCAL(dst) && 371 !IN6_IS_ADDR_MC_SITELOCAL(dst)) { 372 syslog(LOG_ERR, "<%s> dst mcast addr %s is illegal", 373 __func__, 374 inet_ntop(AF_INET6, dst, ntopbuf, sizeof(ntopbuf))); 375 return (1); 376 } 377 378 /* seqnum and segnum check */ 379 if (rro.rro_seqnum > rr->rr_seqnum) { 380 syslog(LOG_WARNING, 381 "<%s> rcvd old seqnum %d from %s", 382 __func__, (u_int32_t)ntohl(rr->rr_seqnum), 383 inet_ntop(AF_INET6, from, ntopbuf, sizeof(ntopbuf))); 384 return (1); 385 } 386 if (rro.rro_seqnum == rr->rr_seqnum && 387 (rr->rr_flags & ICMP6_RR_FLAGS_TEST) == 0 && 388 RR_ISSET_SEGNUM(rro.rro_segnum_bits, rr->rr_segnum)) { 389 if ((rr->rr_flags & ICMP6_RR_FLAGS_REQRESULT) != 0) 390 syslog(LOG_WARNING, 391 "<%s> rcvd duped segnum %d from %s", 392 __func__, rr->rr_segnum, inet_ntop(AF_INET6, from, 393 ntopbuf, sizeof(ntopbuf))); 394 return (0); 395 } 396 397 /* update seqnum */ 398 if (rro.rro_seqnum != rr->rr_seqnum) { 399 /* then must be "<" */ 400 401 /* init rro_segnum_bits */ 402 memset(rro.rro_segnum_bits, 0, 403 sizeof(rro.rro_segnum_bits)); 404 } 405 rro.rro_seqnum = rr->rr_seqnum; 406 407 return (0); 408 } 409 410 static void 411 rr_command_input(int len, struct icmp6_router_renum *rr, 412 struct in6_addr *from, struct in6_addr *dst) 413 { 414 /* rr_command validity check */ 415 if (rr_command_check(len, rr, from, dst)) 416 goto failed; 417 if ((rr->rr_flags & (ICMP6_RR_FLAGS_TEST|ICMP6_RR_FLAGS_REQRESULT)) == 418 ICMP6_RR_FLAGS_TEST) 419 return; 420 421 /* do router renumbering */ 422 if (do_rr(len, rr)) 423 goto failed; 424 425 /* update segnum */ 426 RR_SET_SEGNUM(rro.rro_segnum_bits, rr->rr_segnum); 427 428 return; 429 430 failed: 431 syslog(LOG_ERR, "<%s> received RR was invalid", __func__); 432 return; 433 } 434 435 void 436 rr_input(int len, struct icmp6_router_renum *rr, struct in6_pktinfo *pi, 437 struct sockaddr_in6 *from, struct in6_addr *dst) 438 { 439 u_char ntopbuf[2][INET6_ADDRSTRLEN], ifnamebuf[IFNAMSIZ]; 440 441 syslog(LOG_DEBUG, 442 "<%s> RR received from %s to %s on %s", 443 __func__, 444 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf[0] ,sizeof(ntopbuf[0])), 445 inet_ntop(AF_INET6, &dst, ntopbuf[1], sizeof(ntopbuf[1])), 446 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 447 448 /* packet validation based on Section 4.1 of RFC2894 */ 449 if ((size_t)len < sizeof(struct icmp6_router_renum)) { 450 syslog(LOG_NOTICE, 451 "<%s>: RR short message (size %d) from %s to %s on %s", 452 __func__, len, 453 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf[0], 454 sizeof(ntopbuf[0])), 455 inet_ntop(AF_INET6, &dst, ntopbuf[1], sizeof(ntopbuf[1])), 456 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 457 return; 458 } 459 460 /* 461 * If the IPv6 destination address is neither an All Routers multicast 462 * address [AARCH] nor one of the receiving router's unicast addresses, 463 * the message MUST be discarded and SHOULD be logged to network 464 * management. 465 * We rely on the kernel input routine for unicast addresses, and thus 466 * check multicast destinations only. 467 */ 468 if (IN6_IS_ADDR_MULTICAST(&pi->ipi6_addr) && !IN6_ARE_ADDR_EQUAL( 469 &sin6_sitelocal_allrouters.sin6_addr, &pi->ipi6_addr)) { 470 syslog(LOG_NOTICE, 471 "<%s>: RR message with invalid destination (%s) " 472 "from %s on %s", 473 __func__, 474 inet_ntop(AF_INET6, &dst, ntopbuf[0], sizeof(ntopbuf[0])), 475 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf[1], 476 sizeof(ntopbuf[1])), 477 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 478 return; 479 } 480 481 rr_rcvifindex = pi->ipi6_ifindex; 482 483 switch (rr->rr_code) { 484 case ICMP6_ROUTER_RENUMBERING_COMMAND: 485 rr_command_input(len, rr, &from->sin6_addr, dst); 486 /* TODO: send reply msg */ 487 break; 488 case ICMP6_ROUTER_RENUMBERING_RESULT: 489 /* RESULT will be processed by rrenumd */ 490 break; 491 case ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET: 492 /* TODO: sequence number reset */ 493 break; 494 default: 495 syslog(LOG_ERR, "<%s> received unknown code %d", 496 __func__, rr->rr_code); 497 break; 498 499 } 500 501 return; 502 } 503