1 /* $KAME: rrenum.c,v 1.12 2002/06/10 19:59:47 itojun Exp $ */ 2 3 /*- 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 #include <sys/types.h> 34 #include <sys/param.h> 35 #include <sys/ioctl.h> 36 #include <sys/queue.h> 37 #include <sys/socket.h> 38 #include <sys/sysctl.h> 39 40 #include <net/if.h> 41 #include <net/if_dl.h> 42 #include <net/route.h> 43 #include <netinet/in.h> 44 #include <netinet/in_var.h> 45 #include <netinet/icmp6.h> 46 47 #include <arpa/inet.h> 48 49 #include <errno.h> 50 #include <netdb.h> 51 #include <string.h> 52 #include <stdlib.h> 53 #include <time.h> 54 #include <syslog.h> 55 #include "rtadvd.h" 56 #include "rrenum.h" 57 #include "if.h" 58 59 #define RR_ISSET_SEGNUM(segnum_bits, segnum) \ 60 ((((segnum_bits)[(segnum) >> 5]) & (1 << ((segnum) & 31))) != 0) 61 #define RR_SET_SEGNUM(segnum_bits, segnum) \ 62 (((segnum_bits)[(segnum) >> 5]) |= (1 << ((segnum) & 31))) 63 64 struct rr_operation { 65 u_long rro_seqnum; 66 u_long rro_segnum_bits[8]; 67 }; 68 69 static struct rr_operation rro; 70 static int rr_rcvifindex; 71 static int rrcmd2pco[RPM_PCO_MAX] = { 72 0, 73 SIOCAIFPREFIX_IN6, 74 SIOCCIFPREFIX_IN6, 75 SIOCSGIFPREFIX_IN6 76 }; 77 static int s = -1; 78 79 /* 80 * Check validity of a Prefix Control Operation(PCO). 81 * return 0 on success, 1 on failure. 82 */ 83 static int 84 rr_pco_check(int len, struct rr_pco_match *rpm) 85 { 86 struct rr_pco_use *rpu, *rpulim; 87 int checklen; 88 89 /* rpm->rpm_len must be (4N * 3) as router-renum-05.txt */ 90 if ((rpm->rpm_len - 3) < 0 || /* must be at least 3 */ 91 (rpm->rpm_len - 3) & 0x3) { /* must be multiple of 4 */ 92 syslog(LOG_WARNING, "<%s> rpm_len %d is not 4N * 3", 93 __func__, rpm->rpm_len); 94 return (1); 95 } 96 /* rpm->rpm_code must be valid value */ 97 switch (rpm->rpm_code) { 98 case RPM_PCO_ADD: 99 case RPM_PCO_CHANGE: 100 case RPM_PCO_SETGLOBAL: 101 break; 102 default: 103 syslog(LOG_WARNING, "<%s> unknown rpm_code %d", __func__, 104 rpm->rpm_code); 105 return (1); 106 } 107 /* rpm->rpm_matchlen must be 0 to 128 inclusive */ 108 if (rpm->rpm_matchlen > 128) { 109 syslog(LOG_WARNING, "<%s> rpm_matchlen %d is over 128", 110 __func__, rpm->rpm_matchlen); 111 return (1); 112 } 113 114 /* 115 * rpu->rpu_uselen, rpu->rpu_keeplen, and sum of them must be 116 * between 0 and 128 inclusive 117 */ 118 for (rpu = (struct rr_pco_use *)(rpm + 1), 119 rpulim = (struct rr_pco_use *)((char *)rpm + len); 120 rpu < rpulim; 121 rpu += 1) { 122 checklen = rpu->rpu_uselen; 123 checklen += rpu->rpu_keeplen; 124 /* 125 * omit these check, because either of rpu_uselen 126 * and rpu_keeplen is unsigned char 127 * (128 > rpu_uselen > 0) 128 * (128 > rpu_keeplen > 0) 129 * (rpu_uselen + rpu_keeplen > 0) 130 */ 131 if (checklen > 128) { 132 syslog(LOG_WARNING, "<%s> sum of rpu_uselen %d and" 133 " rpu_keeplen %d is %d(over 128)", 134 __func__, rpu->rpu_uselen, rpu->rpu_keeplen, 135 rpu->rpu_uselen + rpu->rpu_keeplen); 136 return (1); 137 } 138 } 139 return (0); 140 } 141 142 static void 143 do_use_prefix(int len, struct rr_pco_match *rpm, 144 struct in6_rrenumreq *irr, int ifindex) 145 { 146 struct rr_pco_use *rpu, *rpulim; 147 struct rainfo *rai; 148 struct ifinfo *ifi; 149 struct prefix *pfx; 150 151 rpu = (struct rr_pco_use *)(rpm + 1); 152 rpulim = (struct rr_pco_use *)((char *)rpm + len); 153 154 if (rpu == rpulim) { /* no use prefix */ 155 if (rpm->rpm_code == RPM_PCO_ADD) 156 return; 157 158 irr->irr_u_uselen = 0; 159 irr->irr_u_keeplen = 0; 160 irr->irr_raf_mask_onlink = 0; 161 irr->irr_raf_mask_auto = 0; 162 irr->irr_vltime = 0; 163 irr->irr_pltime = 0; 164 memset(&irr->irr_flags, 0, sizeof(irr->irr_flags)); 165 irr->irr_useprefix.sin6_len = 0; /* let it mean, no addition */ 166 irr->irr_useprefix.sin6_family = 0; 167 irr->irr_useprefix.sin6_addr = in6addr_any; 168 if (ioctl(s, rrcmd2pco[rpm->rpm_code], (caddr_t)irr) < 0 && 169 errno != EADDRNOTAVAIL) 170 syslog(LOG_ERR, "<%s> ioctl: %s", __func__, 171 strerror(errno)); 172 return; 173 } 174 175 for (rpu = (struct rr_pco_use *)(rpm + 1), 176 rpulim = (struct rr_pco_use *)((char *)rpm + len); 177 rpu < rpulim; 178 rpu += 1) { 179 /* init in6_rrenumreq fields */ 180 irr->irr_u_uselen = rpu->rpu_uselen; 181 irr->irr_u_keeplen = rpu->rpu_keeplen; 182 irr->irr_raf_mask_onlink = 183 !!(rpu->rpu_ramask & ICMP6_RR_PCOUSE_RAFLAGS_ONLINK); 184 irr->irr_raf_mask_auto = 185 !!(rpu->rpu_ramask & ICMP6_RR_PCOUSE_RAFLAGS_AUTO); 186 irr->irr_vltime = ntohl(rpu->rpu_vltime); 187 irr->irr_pltime = ntohl(rpu->rpu_pltime); 188 irr->irr_raf_onlink = 189 (rpu->rpu_raflags & ICMP6_RR_PCOUSE_RAFLAGS_ONLINK) == 0 ? 190 0 : 1; 191 irr->irr_raf_auto = 192 (rpu->rpu_raflags & ICMP6_RR_PCOUSE_RAFLAGS_AUTO) == 0 ? 193 0 : 1; 194 irr->irr_rrf_decrvalid = 195 (rpu->rpu_flags & ICMP6_RR_PCOUSE_FLAGS_DECRVLTIME) == 0 ? 196 0 : 1; 197 irr->irr_rrf_decrprefd = 198 (rpu->rpu_flags & ICMP6_RR_PCOUSE_FLAGS_DECRPLTIME) == 0 ? 199 0 : 1; 200 irr->irr_useprefix.sin6_len = sizeof(irr->irr_useprefix); 201 irr->irr_useprefix.sin6_family = AF_INET6; 202 irr->irr_useprefix.sin6_addr = rpu->rpu_prefix; 203 204 if (ioctl(s, rrcmd2pco[rpm->rpm_code], (caddr_t)irr) < 0 && 205 errno != EADDRNOTAVAIL) 206 syslog(LOG_ERR, "<%s> ioctl: %s", __func__, 207 strerror(errno)); 208 209 /* very adhoc: should be rewritten */ 210 if (rpm->rpm_code == RPM_PCO_CHANGE && 211 IN6_ARE_ADDR_EQUAL(&rpm->rpm_prefix, &rpu->rpu_prefix) && 212 rpm->rpm_matchlen == rpu->rpu_uselen && 213 rpu->rpu_uselen == rpu->rpu_keeplen) { 214 ifi = if_indextoifinfo(ifindex); 215 if (ifi == NULL || ifi->ifi_rainfo == NULL) 216 continue; /* non-advertising IF */ 217 rai = ifi->ifi_rainfo; 218 219 TAILQ_FOREACH(pfx, &rai->rai_prefix, pfx_next) { 220 struct timespec now; 221 222 if (prefix_match(&pfx->pfx_prefix, 223 pfx->pfx_prefixlen, &rpm->rpm_prefix, 224 rpm->rpm_matchlen)) { 225 /* change parameters */ 226 pfx->pfx_validlifetime = 227 ntohl(rpu->rpu_vltime); 228 pfx->pfx_preflifetime = 229 ntohl(rpu->rpu_pltime); 230 if (irr->irr_rrf_decrvalid) { 231 clock_gettime(CLOCK_MONOTONIC_FAST, 232 &now); 233 pfx->pfx_vltimeexpire = 234 now.tv_sec + 235 pfx->pfx_validlifetime; 236 } else 237 pfx->pfx_vltimeexpire = 0; 238 if (irr->irr_rrf_decrprefd) { 239 clock_gettime(CLOCK_MONOTONIC_FAST, 240 &now); 241 pfx->pfx_pltimeexpire = 242 now.tv_sec + 243 pfx->pfx_preflifetime; 244 } else 245 pfx->pfx_pltimeexpire = 0; 246 } 247 } 248 } 249 } 250 } 251 252 /* 253 * process a Prefix Control Operation(PCO). 254 * return 0 on success, 1 on failure 255 */ 256 static int 257 do_pco(struct icmp6_router_renum *rr, int len, struct rr_pco_match *rpm) 258 { 259 int ifindex = 0; 260 struct in6_rrenumreq irr; 261 struct ifinfo *ifi; 262 263 if ((rr_pco_check(len, rpm) != 0)) 264 return (1); 265 266 if (s == -1 && (s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) { 267 syslog(LOG_ERR, "<%s> socket: %s", __func__, 268 strerror(errno)); 269 exit(1); 270 } 271 272 memset(&irr, 0, sizeof(irr)); 273 irr.irr_origin = PR_ORIG_RR; 274 irr.irr_m_len = rpm->rpm_matchlen; 275 irr.irr_m_minlen = rpm->rpm_minlen; 276 irr.irr_m_maxlen = rpm->rpm_maxlen; 277 irr.irr_matchprefix.sin6_len = sizeof(irr.irr_matchprefix); 278 irr.irr_matchprefix.sin6_family = AF_INET6; 279 irr.irr_matchprefix.sin6_addr = rpm->rpm_prefix; 280 281 while (if_indextoname(++ifindex, irr.irr_name)) { 282 ifi = if_indextoifinfo(ifindex); 283 if (ifi == NULL) { 284 syslog(LOG_ERR, "<%s> ifindex not found.", 285 __func__); 286 return (1); 287 } 288 /* 289 * if ICMP6_RR_FLAGS_FORCEAPPLY(A flag) is 0 and 290 * IFF_UP is off, the interface is not applied 291 */ 292 if ((rr->rr_flags & ICMP6_RR_FLAGS_FORCEAPPLY) == 0 && 293 (ifi->ifi_flags & IFF_UP) == 0) 294 continue; 295 /* TODO: interface scope check */ 296 do_use_prefix(len, rpm, &irr, ifindex); 297 } 298 if (errno == ENXIO) 299 return (0); 300 else if (errno) { 301 syslog(LOG_ERR, "<%s> if_indextoname: %s", __func__, 302 strerror(errno)); 303 return (1); 304 } 305 return (0); 306 } 307 308 /* 309 * call do_pco() for each Prefix Control Operations(PCOs) in a received 310 * Router Renumbering Command packet. 311 * return 0 on success, 1 on failure 312 */ 313 static int 314 do_rr(int len, struct icmp6_router_renum *rr) 315 { 316 struct rr_pco_match *rpm; 317 char *cp, *lim; 318 319 lim = (char *)rr + len; 320 cp = (char *)(rr + 1); 321 len -= sizeof(struct icmp6_router_renum); 322 323 update_ifinfo(&ifilist, UPDATE_IFINFO_ALL); 324 325 while (cp < lim) { 326 int rpmlen; 327 328 rpm = (struct rr_pco_match *)cp; 329 if ((size_t)len < sizeof(struct rr_pco_match)) { 330 tooshort: 331 syslog(LOG_ERR, "<%s> pkt too short. left len = %d. " 332 "garbage at end of pkt?", __func__, len); 333 return (1); 334 } 335 rpmlen = rpm->rpm_len << 3; 336 if (len < rpmlen) 337 goto tooshort; 338 339 if (do_pco(rr, rpmlen, rpm)) { 340 syslog(LOG_WARNING, "<%s> invalid PCO", __func__); 341 goto next; 342 } 343 344 next: 345 cp += rpmlen; 346 len -= rpmlen; 347 } 348 349 return (0); 350 } 351 352 /* 353 * check validity of a router renumbering command packet 354 * return 0 on success, 1 on failure 355 */ 356 static int 357 rr_command_check(int len, struct icmp6_router_renum *rr, struct in6_addr *from, 358 struct in6_addr *dst) 359 { 360 u_char ntopbuf[INET6_ADDRSTRLEN]; 361 362 /* omit rr minimal length check. hope kernel have done it. */ 363 /* rr_command length check */ 364 if ((size_t)len < (sizeof(struct icmp6_router_renum) + 365 sizeof(struct rr_pco_match))) { 366 syslog(LOG_ERR, "<%s> rr_command len %d is too short", 367 __func__, len); 368 return (1); 369 } 370 371 /* destination check. only for multicast. omit unicast check. */ 372 if (IN6_IS_ADDR_MULTICAST(dst) && !IN6_IS_ADDR_MC_LINKLOCAL(dst) && 373 !IN6_IS_ADDR_MC_SITELOCAL(dst)) { 374 syslog(LOG_ERR, "<%s> dst mcast addr %s is illegal", 375 __func__, 376 inet_ntop(AF_INET6, dst, ntopbuf, sizeof(ntopbuf))); 377 return (1); 378 } 379 380 /* seqnum and segnum check */ 381 if (rro.rro_seqnum > rr->rr_seqnum) { 382 syslog(LOG_WARNING, 383 "<%s> rcvd old seqnum %d from %s", 384 __func__, (u_int32_t)ntohl(rr->rr_seqnum), 385 inet_ntop(AF_INET6, from, ntopbuf, sizeof(ntopbuf))); 386 return (1); 387 } 388 if (rro.rro_seqnum == rr->rr_seqnum && 389 (rr->rr_flags & ICMP6_RR_FLAGS_TEST) == 0 && 390 RR_ISSET_SEGNUM(rro.rro_segnum_bits, rr->rr_segnum)) { 391 if ((rr->rr_flags & ICMP6_RR_FLAGS_REQRESULT) != 0) 392 syslog(LOG_WARNING, 393 "<%s> rcvd duped segnum %d from %s", 394 __func__, rr->rr_segnum, inet_ntop(AF_INET6, from, 395 ntopbuf, sizeof(ntopbuf))); 396 return (0); 397 } 398 399 /* update seqnum */ 400 if (rro.rro_seqnum != rr->rr_seqnum) { 401 /* then must be "<" */ 402 403 /* init rro_segnum_bits */ 404 memset(rro.rro_segnum_bits, 0, 405 sizeof(rro.rro_segnum_bits)); 406 } 407 rro.rro_seqnum = rr->rr_seqnum; 408 409 return (0); 410 } 411 412 static void 413 rr_command_input(int len, struct icmp6_router_renum *rr, 414 struct in6_addr *from, struct in6_addr *dst) 415 { 416 /* rr_command validity check */ 417 if (rr_command_check(len, rr, from, dst)) 418 goto failed; 419 if ((rr->rr_flags & (ICMP6_RR_FLAGS_TEST|ICMP6_RR_FLAGS_REQRESULT)) == 420 ICMP6_RR_FLAGS_TEST) 421 return; 422 423 /* do router renumbering */ 424 if (do_rr(len, rr)) 425 goto failed; 426 427 /* update segnum */ 428 RR_SET_SEGNUM(rro.rro_segnum_bits, rr->rr_segnum); 429 430 return; 431 432 failed: 433 syslog(LOG_ERR, "<%s> received RR was invalid", __func__); 434 } 435 436 void 437 rr_input(int len, struct icmp6_router_renum *rr, struct in6_pktinfo *pi, 438 struct sockaddr_in6 *from, struct in6_addr *dst) 439 { 440 u_char ntopbuf[2][INET6_ADDRSTRLEN], ifnamebuf[IFNAMSIZ]; 441 442 syslog(LOG_DEBUG, 443 "<%s> RR received from %s to %s on %s", 444 __func__, 445 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf[0] ,sizeof(ntopbuf[0])), 446 inet_ntop(AF_INET6, &dst, ntopbuf[1], sizeof(ntopbuf[1])), 447 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 448 449 /* packet validation based on Section 4.1 of RFC2894 */ 450 if ((size_t)len < sizeof(struct icmp6_router_renum)) { 451 syslog(LOG_NOTICE, 452 "<%s>: RR short message (size %d) from %s to %s on %s", 453 __func__, len, 454 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf[0], 455 sizeof(ntopbuf[0])), 456 inet_ntop(AF_INET6, &dst, ntopbuf[1], sizeof(ntopbuf[1])), 457 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 458 return; 459 } 460 461 /* 462 * If the IPv6 destination address is neither an All Routers multicast 463 * address [AARCH] nor one of the receiving router's unicast addresses, 464 * the message MUST be discarded and SHOULD be logged to network 465 * management. 466 * We rely on the kernel input routine for unicast addresses, and thus 467 * check multicast destinations only. 468 */ 469 if (IN6_IS_ADDR_MULTICAST(&pi->ipi6_addr) && !IN6_ARE_ADDR_EQUAL( 470 &sin6_sitelocal_allrouters.sin6_addr, &pi->ipi6_addr)) { 471 syslog(LOG_NOTICE, 472 "<%s>: RR message with invalid destination (%s) " 473 "from %s on %s", 474 __func__, 475 inet_ntop(AF_INET6, &dst, ntopbuf[0], sizeof(ntopbuf[0])), 476 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf[1], 477 sizeof(ntopbuf[1])), 478 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 479 return; 480 } 481 482 rr_rcvifindex = pi->ipi6_ifindex; 483 484 switch (rr->rr_code) { 485 case ICMP6_ROUTER_RENUMBERING_COMMAND: 486 rr_command_input(len, rr, &from->sin6_addr, dst); 487 /* TODO: send reply msg */ 488 break; 489 case ICMP6_ROUTER_RENUMBERING_RESULT: 490 /* RESULT will be processed by rrenumd */ 491 break; 492 case ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET: 493 /* TODO: sequence number reset */ 494 break; 495 default: 496 syslog(LOG_ERR, "<%s> received unknown code %d", 497 __func__, rr->rr_code); 498 break; 499 500 } 501 } 502