1 /* $FreeBSD$ */ 2 /* $KAME: rtadvd.c,v 1.82 2003/08/05 12:34:23 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/param.h> 34 #include <sys/ioctl.h> 35 #include <sys/socket.h> 36 #include <sys/uio.h> 37 #include <sys/time.h> 38 #include <sys/queue.h> 39 #include <sys/sysctl.h> 40 41 #include <net/if.h> 42 #include <net/if_media.h> 43 #include <net/route.h> 44 #include <net/if_dl.h> 45 #include <netinet/in.h> 46 #include <netinet/ip6.h> 47 #include <netinet6/ip6_var.h> 48 #include <netinet/icmp6.h> 49 50 #include <arpa/inet.h> 51 52 #include <net/if_var.h> 53 #include <netinet/in_var.h> 54 #include <netinet6/nd6.h> 55 56 #include <time.h> 57 #include <unistd.h> 58 #include <stdio.h> 59 #include <err.h> 60 #include <errno.h> 61 #include <libutil.h> 62 #include <netdb.h> 63 #include <string.h> 64 #include <stdlib.h> 65 #include <syslog.h> 66 #ifdef HAVE_POLL_H 67 #include <poll.h> 68 #endif 69 70 #include "rtadvd.h" 71 #include "rrenum.h" 72 #include "advcap.h" 73 #include "timer.h" 74 #include "if.h" 75 #include "config.h" 76 #include "dump.h" 77 #include "pathnames.h" 78 79 struct msghdr rcvmhdr; 80 static u_char *rcvcmsgbuf; 81 static size_t rcvcmsgbuflen; 82 static u_char *sndcmsgbuf = NULL; 83 static size_t sndcmsgbuflen; 84 volatile sig_atomic_t do_dump; 85 volatile sig_atomic_t do_die; 86 volatile sig_atomic_t do_reload; 87 struct msghdr sndmhdr; 88 struct iovec rcviov[2]; 89 struct iovec sndiov[2]; 90 struct sockaddr_in6 rcvfrom; 91 static const char *dumpfilename = _PATH_RTADVDDUMP; 92 static const char *pidfilename = _PATH_RTADVDPID; 93 const char *conffile = _PATH_RTADVDCONF; 94 static struct pidfh *pfh; 95 static char *mcastif; 96 int sock; 97 int rtsock = -1; 98 int accept_rr = 0; 99 int dflag = 0, sflag = 0; 100 static int ifl_len; 101 static char **ifl_names; 102 103 struct railist_head_t railist = 104 TAILQ_HEAD_INITIALIZER(railist); 105 106 struct nd_optlist { 107 TAILQ_ENTRY(nd_optlist) nol_next; 108 struct nd_opt_hdr *nol_opt; 109 }; 110 union nd_opt { 111 struct nd_opt_hdr *opt_array[9]; 112 struct { 113 struct nd_opt_hdr *zero; 114 struct nd_opt_hdr *src_lladdr; 115 struct nd_opt_hdr *tgt_lladdr; 116 struct nd_opt_prefix_info *pi; 117 struct nd_opt_rd_hdr *rh; 118 struct nd_opt_mtu *mtu; 119 TAILQ_HEAD(, nd_optlist) opt_list; 120 } nd_opt_each; 121 }; 122 #define opt_src_lladdr nd_opt_each.src_lladdr 123 #define opt_tgt_lladdr nd_opt_each.tgt_lladdr 124 #define opt_pi nd_opt_each.pi 125 #define opt_rh nd_opt_each.rh 126 #define opt_mtu nd_opt_each.mtu 127 #define opt_list nd_opt_each.opt_list 128 129 #define NDOPT_FLAG_SRCLINKADDR (1 << 0) 130 #define NDOPT_FLAG_TGTLINKADDR (1 << 1) 131 #define NDOPT_FLAG_PREFIXINFO (1 << 2) 132 #define NDOPT_FLAG_RDHDR (1 << 3) 133 #define NDOPT_FLAG_MTU (1 << 4) 134 #define NDOPT_FLAG_RDNSS (1 << 5) 135 #define NDOPT_FLAG_DNSSL (1 << 6) 136 137 u_int32_t ndopt_flags[] = { 138 [ND_OPT_SOURCE_LINKADDR] = NDOPT_FLAG_SRCLINKADDR, 139 [ND_OPT_TARGET_LINKADDR] = NDOPT_FLAG_TGTLINKADDR, 140 [ND_OPT_PREFIX_INFORMATION] = NDOPT_FLAG_PREFIXINFO, 141 [ND_OPT_REDIRECTED_HEADER] = NDOPT_FLAG_RDHDR, 142 [ND_OPT_MTU] = NDOPT_FLAG_MTU, 143 [ND_OPT_RDNSS] = NDOPT_FLAG_RDNSS, 144 [ND_OPT_DNSSL] = NDOPT_FLAG_DNSSL, 145 }; 146 147 struct sockaddr_in6 sin6_linklocal_allnodes = { 148 .sin6_len = sizeof(sin6_linklocal_allnodes), 149 .sin6_family = AF_INET6, 150 .sin6_addr = IN6ADDR_LINKLOCAL_ALLNODES_INIT, 151 }; 152 153 struct sockaddr_in6 sin6_linklocal_allrouters = { 154 .sin6_len = sizeof(sin6_linklocal_allrouters), 155 .sin6_family = AF_INET6, 156 .sin6_addr = IN6ADDR_LINKLOCAL_ALLROUTERS_INIT, 157 }; 158 159 struct sockaddr_in6 sin6_sitelocal_allrouters = { 160 .sin6_len = sizeof(sin6_sitelocal_allrouters), 161 .sin6_family = AF_INET6, 162 .sin6_addr = IN6ADDR_SITELOCAL_ALLROUTERS_INIT, 163 }; 164 165 static void set_reload(int); 166 static void set_die(int); 167 static void die(void); 168 static void sock_open(void); 169 static void rtsock_open(void); 170 static void rtadvd_input(void); 171 static void rs_input(int, struct nd_router_solicit *, 172 struct in6_pktinfo *, struct sockaddr_in6 *); 173 static void ra_input(int, struct nd_router_advert *, 174 struct in6_pktinfo *, struct sockaddr_in6 *); 175 static int prefix_check(struct nd_opt_prefix_info *, struct rainfo *, 176 struct sockaddr_in6 *); 177 static int nd6_options(struct nd_opt_hdr *, int, 178 union nd_opt *, u_int32_t); 179 static void free_ndopts(union nd_opt *); 180 static void rtmsg_input(void); 181 static void rtadvd_set_dump_file(int); 182 static void set_short_delay(struct rainfo *); 183 static int ifl_lookup(char *, char **, int); 184 static int check_accept_rtadv(int); 185 static int getinet6sysctl(int); 186 187 int 188 main(int argc, char *argv[]) 189 { 190 #ifdef HAVE_POLL_H 191 struct pollfd set[2]; 192 #else 193 fd_set *fdsetp, *selectfdp; 194 int fdmasks; 195 int maxfd = 0; 196 #endif 197 struct timeval *timeout; 198 int i, ch; 199 int fflag = 0, logopt; 200 pid_t pid, otherpid; 201 202 /* get command line options and arguments */ 203 while ((ch = getopt(argc, argv, "c:dDfF:M:p:Rs")) != -1) { 204 switch (ch) { 205 case 'c': 206 conffile = optarg; 207 break; 208 case 'd': 209 dflag++; 210 break; 211 case 'D': 212 dflag += 2; 213 break; 214 case 'f': 215 fflag = 1; 216 break; 217 case 'M': 218 mcastif = optarg; 219 break; 220 case 'R': 221 fprintf(stderr, "rtadvd: " 222 "the -R option is currently ignored.\n"); 223 /* accept_rr = 1; */ 224 /* run anyway... */ 225 break; 226 case 's': 227 sflag = 1; 228 break; 229 case 'p': 230 pidfilename = optarg; 231 break; 232 case 'F': 233 dumpfilename = optarg; 234 break; 235 } 236 } 237 argc -= optind; 238 argv += optind; 239 if (argc == 0) { 240 fprintf(stderr, 241 "usage: rtadvd [-dDfRs] [-c conffile] " 242 "[-F dumpfile] [-M ifname] " 243 "[-p pidfile] interfaces...\n"); 244 exit(1); 245 } 246 247 logopt = LOG_NDELAY | LOG_PID; 248 if (fflag) 249 logopt |= LOG_PERROR; 250 openlog("rtadvd", logopt, LOG_DAEMON); 251 252 /* set log level */ 253 if (dflag > 1) 254 (void)setlogmask(LOG_UPTO(LOG_DEBUG)); 255 else if (dflag > 0) 256 (void)setlogmask(LOG_UPTO(LOG_INFO)); 257 else 258 (void)setlogmask(LOG_UPTO(LOG_ERR)); 259 260 /* timer initialization */ 261 rtadvd_timer_init(); 262 263 #ifndef HAVE_ARC4RANDOM 264 /* random value initialization */ 265 #ifdef __FreeBSD__ 266 srandomdev(); 267 #else 268 srandom((u_long)time(NULL)); 269 #endif 270 #endif 271 /* get iflist block from kernel */ 272 init_iflist(); 273 ifl_names = argv; 274 ifl_len = argc; 275 276 loadconfig(argv, argc); 277 278 pfh = pidfile_open(pidfilename, 0600, &otherpid); 279 if (pfh == NULL) { 280 if (errno == EEXIST) 281 errx(1, "%s already running, pid: %d", 282 getprogname(), otherpid); 283 syslog(LOG_ERR, 284 "<%s> failed to open the pid log file, run anyway.", 285 __func__); 286 } 287 288 if (!fflag) 289 daemon(1, 0); 290 291 sock_open(); 292 293 /* record the current PID */ 294 pid = getpid(); 295 pidfile_write(pfh); 296 297 #ifdef HAVE_POLL_H 298 set[0].fd = sock; 299 set[0].events = POLLIN; 300 if (sflag == 0) { 301 rtsock_open(); 302 set[1].fd = rtsock; 303 set[1].events = POLLIN; 304 } else 305 set[1].fd = -1; 306 #else 307 maxfd = sock; 308 if (sflag == 0) { 309 rtsock_open(); 310 if (rtsock > sock) 311 maxfd = rtsock; 312 } else 313 rtsock = -1; 314 315 fdmasks = howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask); 316 if ((fdsetp = malloc(fdmasks)) == NULL) { 317 err(1, "malloc"); 318 /*NOTREACHED*/ 319 } 320 if ((selectfdp = malloc(fdmasks)) == NULL) { 321 err(1, "malloc"); 322 /*NOTREACHED*/ 323 } 324 memset(fdsetp, 0, fdmasks); 325 FD_SET(sock, fdsetp); 326 if (rtsock >= 0) 327 FD_SET(rtsock, fdsetp); 328 #endif 329 signal(SIGTERM, set_die); 330 signal(SIGUSR1, rtadvd_set_dump_file); 331 signal(SIGHUP, set_reload); 332 333 while (1) { 334 #ifndef HAVE_POLL_H 335 memcpy(selectfdp, fdsetp, fdmasks); /* reinitialize */ 336 #endif 337 if (do_dump) { /* SIGUSR1 */ 338 do_dump = 0; 339 rtadvd_dump_file(dumpfilename); 340 } 341 342 if (do_die) { 343 die(); 344 /*NOTREACHED*/ 345 } 346 347 if (do_reload) { 348 loadconfig(argv, argc); 349 do_reload = 0; 350 } 351 352 /* timer expiration check and reset the timer */ 353 timeout = rtadvd_check_timer(); 354 355 if (timeout != NULL) { 356 syslog(LOG_DEBUG, 357 "<%s> set timer to %ld:%ld. waiting for " 358 "inputs or timeout", __func__, 359 (long int)timeout->tv_sec, 360 (long int)timeout->tv_usec); 361 } else { 362 syslog(LOG_DEBUG, 363 "<%s> there's no timer. waiting for inputs", 364 __func__); 365 } 366 #ifdef HAVE_POLL_H 367 if ((i = poll(set, 2, timeout ? (timeout->tv_sec * 1000 + 368 timeout->tv_usec / 1000) : INFTIM)) < 0) 369 #else 370 if ((i = select(maxfd + 1, selectfdp, NULL, NULL, 371 timeout)) < 0) 372 #endif 373 { 374 /* EINTR would occur upon SIGUSR1 for status dump */ 375 if (errno != EINTR) 376 syslog(LOG_ERR, "<%s> select: %s", 377 __func__, strerror(errno)); 378 continue; 379 } 380 if (i == 0) /* timeout */ 381 continue; 382 #ifdef HAVE_POLL_H 383 if (rtsock != -1 && set[1].revents & POLLIN) 384 #else 385 if (rtsock != -1 && FD_ISSET(rtsock, selectfdp)) 386 #endif 387 rtmsg_input(); 388 #ifdef HAVE_POLL_H 389 if (set[0].revents & POLLIN) 390 #else 391 if (FD_ISSET(sock, selectfdp)) 392 #endif 393 rtadvd_input(); 394 } 395 exit(0); /* NOTREACHED */ 396 } 397 398 static int 399 ifl_lookup(char *ifn, char **names, int len) 400 { 401 while (len--) 402 if (strncmp(names[len], ifn, IFNAMSIZ) == 0) 403 return (0); 404 return (-1); 405 } 406 407 static void 408 rtadvd_set_dump_file(int sig __unused) 409 { 410 411 do_dump = 1; 412 } 413 414 static void 415 set_reload(int sig __unused) 416 { 417 418 do_reload = 1; 419 } 420 421 static void 422 set_die(int sig __unused) 423 { 424 425 do_die = 1; 426 } 427 428 static void 429 die(void) 430 { 431 struct rainfo *rai; 432 struct rdnss *rdn; 433 struct dnssl *dns; 434 int i; 435 const int retrans = MAX_FINAL_RTR_ADVERTISEMENTS; 436 437 syslog(LOG_DEBUG, "<%s> cease to be an advertising router\n", 438 __func__); 439 440 TAILQ_FOREACH(rai, &railist, rai_next) { 441 rai->rai_lifetime = 0; 442 TAILQ_FOREACH(rdn, &rai->rai_rdnss, rd_next) 443 rdn->rd_ltime = 0; 444 TAILQ_FOREACH(dns, &rai->rai_dnssl, dn_next) 445 dns->dn_ltime = 0; 446 make_packet(rai); 447 } 448 for (i = 0; i < retrans; i++) { 449 TAILQ_FOREACH(rai, &railist, rai_next) 450 ra_output(rai); 451 sleep(MIN_DELAY_BETWEEN_RAS); 452 } 453 pidfile_remove(pfh); 454 455 exit(0); 456 } 457 458 static void 459 rtmsg_input(void) 460 { 461 int n, type, ifindex = 0, plen; 462 size_t len; 463 char msg[2048], *next, *lim; 464 u_char ifname[IFNAMSIZ]; 465 struct if_announcemsghdr *ifan; 466 struct prefix *pfx; 467 struct rainfo *rai; 468 struct in6_addr *addr; 469 char addrbuf[INET6_ADDRSTRLEN]; 470 int prefixchange = 0; 471 int error; 472 473 n = read(rtsock, msg, sizeof(msg)); 474 syslog(LOG_DEBUG, "<%s> received a routing message " 475 "(type = %d, len = %d)", __func__, rtmsg_type(msg), n); 476 477 if (n > rtmsg_len(msg)) { 478 /* 479 * This usually won't happen for messages received on 480 * a routing socket. 481 */ 482 syslog(LOG_DEBUG, 483 "<%s> received data length is larger than " 484 "1st routing message len. multiple messages? " 485 "read %d bytes, but 1st msg len = %d", 486 __func__, n, rtmsg_len(msg)); 487 #if 0 488 /* adjust length */ 489 n = rtmsg_len(msg); 490 #endif 491 } 492 493 lim = msg + n; 494 for (next = msg; next < lim; next += len) { 495 int oldifflags; 496 497 next = get_next_msg(next, lim, 0, &len, 498 RTADV_TYPE2BITMASK(RTM_ADD) | 499 RTADV_TYPE2BITMASK(RTM_DELETE) | 500 RTADV_TYPE2BITMASK(RTM_NEWADDR) | 501 RTADV_TYPE2BITMASK(RTM_DELADDR) | 502 RTADV_TYPE2BITMASK(RTM_IFINFO) | 503 RTADV_TYPE2BITMASK(RTM_IFANNOUNCE)); 504 if (len == 0) 505 break; 506 type = rtmsg_type(next); 507 switch (type) { 508 case RTM_ADD: 509 case RTM_DELETE: 510 ifindex = get_rtm_ifindex(next); 511 break; 512 case RTM_NEWADDR: 513 case RTM_DELADDR: 514 ifindex = get_ifam_ifindex(next); 515 break; 516 case RTM_IFINFO: 517 ifindex = get_ifm_ifindex(next); 518 break; 519 case RTM_IFANNOUNCE: 520 ifan = (struct if_announcemsghdr *)next; 521 switch (ifan->ifan_what) { 522 case IFAN_ARRIVAL: 523 case IFAN_DEPARTURE: 524 break; 525 default: 526 syslog(LOG_DEBUG, 527 "<%s:%d> unknown ifan msg (ifan_what=%d)", 528 __func__, __LINE__, ifan->ifan_what); 529 continue; 530 } 531 532 syslog(LOG_INFO, "<%s>: if_announcemsg (idx=%d:%d)", 533 __func__, ifan->ifan_index, ifan->ifan_what); 534 init_iflist(); 535 error = ifl_lookup(ifan->ifan_name, 536 ifl_names, ifl_len); 537 if (error) { 538 syslog(LOG_INFO, "<%s>: not a target " 539 "interface (idx=%d)", __func__, 540 ifan->ifan_index); 541 continue; 542 } 543 544 switch (ifan->ifan_what) { 545 case IFAN_ARRIVAL: 546 error = getconfig(ifan->ifan_index); 547 if (error) 548 syslog(LOG_ERR, 549 "<%s>: getconfig failed (idx=%d)" 550 " Ignored.", __func__, 551 ifan->ifan_index); 552 break; 553 case IFAN_DEPARTURE: 554 error = rmconfig(ifan->ifan_index); 555 if (error) 556 syslog(LOG_ERR, 557 "<%s>: rmconfig failed (idx=%d)" 558 " Ignored.", __func__, 559 ifan->ifan_index); 560 break; 561 } 562 continue; 563 default: 564 /* should not reach here */ 565 syslog(LOG_DEBUG, 566 "<%s:%d> unknown rtmsg %d on %s", 567 __func__, __LINE__, type, 568 if_indextoname(ifindex, ifname)); 569 continue; 570 } 571 572 if ((rai = if_indextorainfo(ifindex)) == NULL) { 573 syslog(LOG_DEBUG, 574 "<%s> route changed on " 575 "non advertising interface(%s)", 576 __func__, 577 if_indextoname(ifindex, ifname)); 578 continue; 579 } 580 oldifflags = iflist[ifindex]->ifm_flags; 581 582 switch (type) { 583 case RTM_ADD: 584 /* init ifflags because it may have changed */ 585 iflist[ifindex]->ifm_flags = 586 if_getflags(ifindex, iflist[ifindex]->ifm_flags); 587 588 if (sflag) 589 break; /* we aren't interested in prefixes */ 590 591 addr = get_addr(msg); 592 plen = get_prefixlen(msg); 593 /* sanity check for plen */ 594 /* as RFC2373, prefixlen is at least 4 */ 595 if (plen < 4 || plen > 127) { 596 syslog(LOG_INFO, "<%s> new interface route's" 597 "plen %d is invalid for a prefix", 598 __func__, plen); 599 break; 600 } 601 pfx = find_prefix(rai, addr, plen); 602 if (pfx) { 603 if (pfx->pfx_timer) { 604 /* 605 * If the prefix has been invalidated, 606 * make it available again. 607 */ 608 update_prefix(pfx); 609 prefixchange = 1; 610 } else 611 syslog(LOG_DEBUG, 612 "<%s> new prefix(%s/%d) " 613 "added on %s, " 614 "but it was already in list", 615 __func__, 616 inet_ntop(AF_INET6, addr, 617 (char *)addrbuf, 618 sizeof(addrbuf)), 619 plen, rai->rai_ifname); 620 break; 621 } 622 make_prefix(rai, ifindex, addr, plen); 623 prefixchange = 1; 624 break; 625 case RTM_DELETE: 626 /* init ifflags because it may have changed */ 627 iflist[ifindex]->ifm_flags = 628 if_getflags(ifindex, iflist[ifindex]->ifm_flags); 629 630 if (sflag) 631 break; 632 633 addr = get_addr(msg); 634 plen = get_prefixlen(msg); 635 /* sanity check for plen */ 636 /* as RFC2373, prefixlen is at least 4 */ 637 if (plen < 4 || plen > 127) { 638 syslog(LOG_INFO, 639 "<%s> deleted interface route's " 640 "plen %d is invalid for a prefix", 641 __func__, plen); 642 break; 643 } 644 pfx = find_prefix(rai, addr, plen); 645 if (pfx == NULL) { 646 syslog(LOG_DEBUG, 647 "<%s> prefix(%s/%d) was deleted on %s, " 648 "but it was not in list", 649 __func__, inet_ntop(AF_INET6, addr, 650 (char *)addrbuf, sizeof(addrbuf)), 651 plen, rai->rai_ifname); 652 break; 653 } 654 invalidate_prefix(pfx); 655 prefixchange = 1; 656 break; 657 case RTM_NEWADDR: 658 case RTM_DELADDR: 659 /* init ifflags because it may have changed */ 660 iflist[ifindex]->ifm_flags = 661 if_getflags(ifindex, iflist[ifindex]->ifm_flags); 662 break; 663 case RTM_IFINFO: 664 iflist[ifindex]->ifm_flags = get_ifm_flags(next); 665 break; 666 default: 667 /* should not reach here */ 668 syslog(LOG_DEBUG, 669 "<%s:%d> unknown rtmsg %d on %s", 670 __func__, __LINE__, type, 671 if_indextoname(ifindex, ifname)); 672 return; 673 } 674 675 /* check if an interface flag is changed */ 676 if ((oldifflags & IFF_UP) && /* UP to DOWN */ 677 !(iflist[ifindex]->ifm_flags & IFF_UP)) { 678 syslog(LOG_INFO, 679 "<%s> interface %s becomes down. stop timer.", 680 __func__, rai->rai_ifname); 681 rtadvd_remove_timer(rai->rai_timer); 682 rai->rai_timer = NULL; 683 } else if (!(oldifflags & IFF_UP) && /* DOWN to UP */ 684 (iflist[ifindex]->ifm_flags & IFF_UP)) { 685 syslog(LOG_INFO, 686 "<%s> interface %s becomes up. restart timer.", 687 __func__, rai->rai_ifname); 688 689 rai->rai_initcounter = 0; /* reset the counter */ 690 rai->rai_waiting = 0; /* XXX */ 691 rai->rai_timer = rtadvd_add_timer(ra_timeout, 692 ra_timer_update, rai, rai); 693 ra_timer_update(rai, &rai->rai_timer->rat_tm); 694 rtadvd_set_timer(&rai->rai_timer->rat_tm, 695 rai->rai_timer); 696 } else if (prefixchange && 697 (iflist[ifindex]->ifm_flags & IFF_UP)) { 698 /* 699 * An advertised prefix has been added or invalidated. 700 * Will notice the change in a short delay. 701 */ 702 rai->rai_initcounter = 0; 703 set_short_delay(rai); 704 } 705 } 706 707 return; 708 } 709 710 void 711 rtadvd_input(void) 712 { 713 ssize_t i; 714 int *hlimp = NULL; 715 #ifdef OLDRAWSOCKET 716 struct ip6_hdr *ip; 717 #endif 718 struct icmp6_hdr *icp; 719 int ifindex = 0; 720 struct cmsghdr *cm; 721 struct in6_pktinfo *pi = NULL; 722 u_char ntopbuf[INET6_ADDRSTRLEN], ifnamebuf[IFNAMSIZ]; 723 struct in6_addr dst = in6addr_any; 724 725 /* 726 * Get message. We reset msg_controllen since the field could 727 * be modified if we had received a message before setting 728 * receive options. 729 */ 730 rcvmhdr.msg_controllen = rcvcmsgbuflen; 731 if ((i = recvmsg(sock, &rcvmhdr, 0)) < 0) 732 return; 733 734 /* extract optional information via Advanced API */ 735 for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(&rcvmhdr); 736 cm; 737 cm = (struct cmsghdr *)CMSG_NXTHDR(&rcvmhdr, cm)) { 738 if (cm->cmsg_level == IPPROTO_IPV6 && 739 cm->cmsg_type == IPV6_PKTINFO && 740 cm->cmsg_len == CMSG_LEN(sizeof(struct in6_pktinfo))) { 741 pi = (struct in6_pktinfo *)(CMSG_DATA(cm)); 742 ifindex = pi->ipi6_ifindex; 743 dst = pi->ipi6_addr; 744 } 745 if (cm->cmsg_level == IPPROTO_IPV6 && 746 cm->cmsg_type == IPV6_HOPLIMIT && 747 cm->cmsg_len == CMSG_LEN(sizeof(int))) 748 hlimp = (int *)CMSG_DATA(cm); 749 } 750 if (ifindex == 0) { 751 syslog(LOG_ERR, 752 "<%s> failed to get receiving interface", 753 __func__); 754 return; 755 } 756 if (hlimp == NULL) { 757 syslog(LOG_ERR, 758 "<%s> failed to get receiving hop limit", 759 __func__); 760 return; 761 } 762 763 /* 764 * If we happen to receive data on an interface which is now gone 765 * or down, just discard the data. 766 */ 767 if (iflist[pi->ipi6_ifindex] == NULL || 768 (iflist[pi->ipi6_ifindex]->ifm_flags & IFF_UP) == 0) { 769 syslog(LOG_INFO, 770 "<%s> received data on a disabled interface (%s)", 771 __func__, 772 (iflist[pi->ipi6_ifindex] == NULL) ? "[gone]" : 773 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 774 return; 775 } 776 777 #ifdef OLDRAWSOCKET 778 if ((size_t)i < sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)) { 779 syslog(LOG_ERR, 780 "<%s> packet size(%d) is too short", 781 __func__, i); 782 return; 783 } 784 785 ip = (struct ip6_hdr *)rcvmhdr.msg_iov[0].iov_base; 786 icp = (struct icmp6_hdr *)(ip + 1); /* XXX: ext. hdr? */ 787 #else 788 if ((size_t)i < sizeof(struct icmp6_hdr)) { 789 syslog(LOG_ERR, 790 "<%s> packet size(%zd) is too short", 791 __func__, i); 792 return; 793 } 794 795 icp = (struct icmp6_hdr *)rcvmhdr.msg_iov[0].iov_base; 796 #endif 797 798 switch (icp->icmp6_type) { 799 case ND_ROUTER_SOLICIT: 800 /* 801 * Message verification - RFC 4861 6.1.1 802 * XXX: these checks must be done in the kernel as well, 803 * but we can't completely rely on them. 804 */ 805 if (*hlimp != 255) { 806 syslog(LOG_NOTICE, 807 "<%s> RS with invalid hop limit(%d) " 808 "received from %s on %s", 809 __func__, *hlimp, 810 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf, 811 sizeof(ntopbuf)), 812 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 813 return; 814 } 815 if (icp->icmp6_code) { 816 syslog(LOG_NOTICE, 817 "<%s> RS with invalid ICMP6 code(%d) " 818 "received from %s on %s", 819 __func__, icp->icmp6_code, 820 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf, 821 sizeof(ntopbuf)), 822 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 823 return; 824 } 825 if ((size_t)i < sizeof(struct nd_router_solicit)) { 826 syslog(LOG_NOTICE, 827 "<%s> RS from %s on %s does not have enough " 828 "length (len = %zd)", 829 __func__, 830 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf, 831 sizeof(ntopbuf)), 832 if_indextoname(pi->ipi6_ifindex, ifnamebuf), i); 833 return; 834 } 835 rs_input(i, (struct nd_router_solicit *)icp, pi, &rcvfrom); 836 break; 837 case ND_ROUTER_ADVERT: 838 /* 839 * Message verification - RFC 4861 6.1.2 840 * XXX: there's the same dilemma as above... 841 */ 842 if (!IN6_IS_ADDR_LINKLOCAL(&rcvfrom.sin6_addr)) { 843 syslog(LOG_NOTICE, 844 "<%s> RA witn non-linklocal source address " 845 "received from %s on %s", 846 __func__, inet_ntop(AF_INET6, &rcvfrom.sin6_addr, 847 ntopbuf, sizeof(ntopbuf)), 848 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 849 return; 850 } 851 if (*hlimp != 255) { 852 syslog(LOG_NOTICE, 853 "<%s> RA with invalid hop limit(%d) " 854 "received from %s on %s", 855 __func__, *hlimp, 856 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf, 857 sizeof(ntopbuf)), 858 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 859 return; 860 } 861 if (icp->icmp6_code) { 862 syslog(LOG_NOTICE, 863 "<%s> RA with invalid ICMP6 code(%d) " 864 "received from %s on %s", 865 __func__, icp->icmp6_code, 866 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf, 867 sizeof(ntopbuf)), 868 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 869 return; 870 } 871 if ((size_t)i < sizeof(struct nd_router_advert)) { 872 syslog(LOG_NOTICE, 873 "<%s> RA from %s on %s does not have enough " 874 "length (len = %zd)", 875 __func__, 876 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf, 877 sizeof(ntopbuf)), 878 if_indextoname(pi->ipi6_ifindex, ifnamebuf), i); 879 return; 880 } 881 ra_input(i, (struct nd_router_advert *)icp, pi, &rcvfrom); 882 break; 883 case ICMP6_ROUTER_RENUMBERING: 884 if (accept_rr == 0) { 885 syslog(LOG_ERR, "<%s> received a router renumbering " 886 "message, but not allowed to be accepted", 887 __func__); 888 break; 889 } 890 rr_input(i, (struct icmp6_router_renum *)icp, pi, &rcvfrom, 891 &dst); 892 break; 893 default: 894 /* 895 * Note that this case is POSSIBLE, especially just 896 * after invocation of the daemon. This is because we 897 * could receive message after opening the socket and 898 * before setting ICMP6 type filter(see sock_open()). 899 */ 900 syslog(LOG_ERR, "<%s> invalid icmp type(%d)", 901 __func__, icp->icmp6_type); 902 return; 903 } 904 905 return; 906 } 907 908 static void 909 rs_input(int len, struct nd_router_solicit *rs, 910 struct in6_pktinfo *pi, struct sockaddr_in6 *from) 911 { 912 u_char ntopbuf[INET6_ADDRSTRLEN]; 913 u_char ifnamebuf[IFNAMSIZ]; 914 union nd_opt ndopts; 915 struct rainfo *rai; 916 struct soliciter *sol; 917 918 syslog(LOG_DEBUG, 919 "<%s> RS received from %s on %s", 920 __func__, 921 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, sizeof(ntopbuf)), 922 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 923 924 /* ND option check */ 925 memset(&ndopts, 0, sizeof(ndopts)); 926 if (nd6_options((struct nd_opt_hdr *)(rs + 1), 927 len - sizeof(struct nd_router_solicit), 928 &ndopts, NDOPT_FLAG_SRCLINKADDR)) { 929 syslog(LOG_INFO, 930 "<%s> ND option check failed for an RS from %s on %s", 931 __func__, 932 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 933 sizeof(ntopbuf)), 934 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 935 return; 936 } 937 938 /* 939 * If the IP source address is the unspecified address, there 940 * must be no source link-layer address option in the message. 941 * (RFC 4861 6.1.1) 942 */ 943 if (IN6_IS_ADDR_UNSPECIFIED(&from->sin6_addr) && 944 ndopts.opt_src_lladdr) { 945 syslog(LOG_INFO, 946 "<%s> RS from unspecified src on %s has a link-layer" 947 " address option", 948 __func__, if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 949 goto done; 950 } 951 952 TAILQ_FOREACH(rai, &railist, rai_next) 953 if (pi->ipi6_ifindex == (unsigned int)rai->rai_ifindex) 954 break; 955 956 if (rai == NULL) { 957 syslog(LOG_INFO, 958 "<%s> RS received on non advertising interface(%s)", 959 __func__, 960 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 961 goto done; 962 } 963 964 rai->rai_rsinput++; /* increment statistics */ 965 966 /* 967 * Decide whether to send RA according to the rate-limit 968 * consideration. 969 */ 970 971 /* record sockaddr waiting for RA, if possible */ 972 sol = (struct soliciter *)malloc(sizeof(*sol)); 973 if (sol) { 974 sol->sol_addr = *from; 975 /* XXX RFC 2553 need clarification on flowinfo */ 976 sol->sol_addr.sin6_flowinfo = 0; 977 TAILQ_INSERT_TAIL(&rai->rai_soliciter, sol, sol_next); 978 } 979 980 /* 981 * If there is already a waiting RS packet, don't 982 * update the timer. 983 */ 984 if (rai->rai_waiting++) 985 goto done; 986 987 set_short_delay(rai); 988 989 done: 990 free_ndopts(&ndopts); 991 return; 992 } 993 994 static void 995 set_short_delay(struct rainfo *rai) 996 { 997 long delay; /* must not be greater than 1000000 */ 998 struct timeval interval, now, min_delay, tm_tmp, *rest; 999 1000 /* 1001 * Compute a random delay. If the computed value 1002 * corresponds to a time later than the time the next 1003 * multicast RA is scheduled to be sent, ignore the random 1004 * delay and send the advertisement at the 1005 * already-scheduled time. RFC 4861 6.2.6 1006 */ 1007 #ifdef HAVE_ARC4RANDOM 1008 delay = arc4random_uniform(MAX_RA_DELAY_TIME); 1009 #else 1010 delay = random() % MAX_RA_DELAY_TIME; 1011 #endif 1012 interval.tv_sec = 0; 1013 interval.tv_usec = delay; 1014 rest = rtadvd_timer_rest(rai->rai_timer); 1015 if (TIMEVAL_LT(rest, &interval)) { 1016 syslog(LOG_DEBUG, "<%s> random delay is larger than " 1017 "the rest of the current timer", __func__); 1018 interval = *rest; 1019 } 1020 1021 /* 1022 * If we sent a multicast Router Advertisement within 1023 * the last MIN_DELAY_BETWEEN_RAS seconds, schedule 1024 * the advertisement to be sent at a time corresponding to 1025 * MIN_DELAY_BETWEEN_RAS plus the random value after the 1026 * previous advertisement was sent. 1027 */ 1028 gettimeofday(&now, NULL); 1029 TIMEVAL_SUB(&now, &rai->rai_lastsent, &tm_tmp); 1030 min_delay.tv_sec = MIN_DELAY_BETWEEN_RAS; 1031 min_delay.tv_usec = 0; 1032 if (TIMEVAL_LT(&tm_tmp, &min_delay)) { 1033 TIMEVAL_SUB(&min_delay, &tm_tmp, &min_delay); 1034 TIMEVAL_ADD(&min_delay, &interval, &interval); 1035 } 1036 rtadvd_set_timer(&interval, rai->rai_timer); 1037 } 1038 1039 static int 1040 check_accept_rtadv(int idx) 1041 { 1042 struct in6_ndireq nd; 1043 u_char ifname[IFNAMSIZ]; 1044 int s6; 1045 int error; 1046 1047 if ((s6 = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) { 1048 syslog(LOG_ERR, 1049 "<%s> open socket failed for idx=%d.", 1050 __func__, idx); 1051 return (0); 1052 } 1053 if ((if_indextoname(idx, ifname)) == NULL) { 1054 syslog(LOG_ERR, 1055 "<%s> ifindex->ifname failed (idx=%d).", 1056 __func__, idx); 1057 close(s6); 1058 return (0); 1059 } 1060 memset(&nd, 0, sizeof(nd)); 1061 strncpy(nd.ifname, ifname, sizeof(nd.ifname)); 1062 error = ioctl(s6, SIOCGIFINFO_IN6, &nd); 1063 if (error) { 1064 syslog(LOG_ERR, 1065 "<%s> ioctl(SIOCGIFINFO_IN6) failed for idx=%d.", 1066 __func__, idx); 1067 nd.ndi.flags = 0; 1068 } 1069 close(s6); 1070 1071 return (nd.ndi.flags & ND6_IFF_ACCEPT_RTADV); 1072 } 1073 1074 static int 1075 getinet6sysctl(int code) 1076 { 1077 int mib[] = { CTL_NET, PF_INET6, IPPROTO_IPV6, 0 }; 1078 int value; 1079 size_t size; 1080 1081 mib[3] = code; 1082 size = sizeof(value); 1083 if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size, NULL, 0) 1084 < 0) { 1085 syslog(LOG_ERR, "<%s>: failed to get ip6 sysctl(%d): %s", 1086 __func__, code, 1087 strerror(errno)); 1088 return (-1); 1089 } 1090 else 1091 return (value); 1092 } 1093 1094 static void 1095 ra_input(int len, struct nd_router_advert *nra, 1096 struct in6_pktinfo *pi, struct sockaddr_in6 *from) 1097 { 1098 struct rainfo *rai; 1099 u_char ntopbuf[INET6_ADDRSTRLEN]; 1100 u_char ifnamebuf[IFNAMSIZ]; 1101 union nd_opt ndopts; 1102 const char *on_off[] = {"OFF", "ON"}; 1103 u_int32_t reachabletime, retranstimer, mtu; 1104 int inconsistent = 0; 1105 int error; 1106 1107 syslog(LOG_DEBUG, "<%s> RA received from %s on %s", __func__, 1108 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, sizeof(ntopbuf)), 1109 if_indextoname(pi->ipi6_ifindex, ifnamebuf)); 1110 1111 if (!check_accept_rtadv(pi->ipi6_ifindex)) { 1112 syslog(LOG_INFO, 1113 "<%s> An RA from %s on %s ignored (no ACCEPT_RTADV flag).", 1114 __func__, 1115 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1116 sizeof(ntopbuf)), if_indextoname(pi->ipi6_ifindex, 1117 ifnamebuf)); 1118 return; 1119 } 1120 1121 /* ND option check */ 1122 memset(&ndopts, 0, sizeof(ndopts)); 1123 error = nd6_options((struct nd_opt_hdr *)(nra + 1), 1124 len - sizeof(struct nd_router_advert), &ndopts, 1125 NDOPT_FLAG_SRCLINKADDR | NDOPT_FLAG_PREFIXINFO | NDOPT_FLAG_MTU | 1126 NDOPT_FLAG_RDNSS | NDOPT_FLAG_DNSSL); 1127 if (error) { 1128 syslog(LOG_INFO, 1129 "<%s> ND option check failed for an RA from %s on %s", 1130 __func__, 1131 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1132 sizeof(ntopbuf)), if_indextoname(pi->ipi6_ifindex, 1133 ifnamebuf)); 1134 return; 1135 } 1136 1137 /* 1138 * RA consistency check according to RFC 4861 6.2.7 1139 */ 1140 rai = if_indextorainfo(pi->ipi6_ifindex); 1141 if (rai == NULL) { 1142 syslog(LOG_INFO, 1143 "<%s> received RA from %s on non-advertising" 1144 " interface(%s)", 1145 __func__, 1146 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1147 sizeof(ntopbuf)), if_indextoname(pi->ipi6_ifindex, 1148 ifnamebuf)); 1149 goto done; 1150 } 1151 rai->rai_rainput++; /* increment statistics */ 1152 1153 /* Cur Hop Limit value */ 1154 if (nra->nd_ra_curhoplimit && rai->rai_hoplimit && 1155 nra->nd_ra_curhoplimit != rai->rai_hoplimit) { 1156 syslog(LOG_INFO, 1157 "<%s> CurHopLimit inconsistent on %s:" 1158 " %d from %s, %d from us", 1159 __func__, rai->rai_ifname, nra->nd_ra_curhoplimit, 1160 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1161 sizeof(ntopbuf)), rai->rai_hoplimit); 1162 inconsistent++; 1163 } 1164 /* M flag */ 1165 if ((nra->nd_ra_flags_reserved & ND_RA_FLAG_MANAGED) != 1166 rai->rai_managedflg) { 1167 syslog(LOG_INFO, 1168 "<%s> M flag inconsistent on %s:" 1169 " %s from %s, %s from us", 1170 __func__, rai->rai_ifname, on_off[!rai->rai_managedflg], 1171 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1172 sizeof(ntopbuf)), on_off[rai->rai_managedflg]); 1173 inconsistent++; 1174 } 1175 /* O flag */ 1176 if ((nra->nd_ra_flags_reserved & ND_RA_FLAG_OTHER) != 1177 rai->rai_otherflg) { 1178 syslog(LOG_INFO, 1179 "<%s> O flag inconsistent on %s:" 1180 " %s from %s, %s from us", 1181 __func__, rai->rai_ifname, on_off[!rai->rai_otherflg], 1182 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1183 sizeof(ntopbuf)), on_off[rai->rai_otherflg]); 1184 inconsistent++; 1185 } 1186 /* Reachable Time */ 1187 reachabletime = ntohl(nra->nd_ra_reachable); 1188 if (reachabletime && rai->rai_reachabletime && 1189 reachabletime != rai->rai_reachabletime) { 1190 syslog(LOG_INFO, 1191 "<%s> ReachableTime inconsistent on %s:" 1192 " %d from %s, %d from us", 1193 __func__, rai->rai_ifname, reachabletime, 1194 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1195 sizeof(ntopbuf)), rai->rai_reachabletime); 1196 inconsistent++; 1197 } 1198 /* Retrans Timer */ 1199 retranstimer = ntohl(nra->nd_ra_retransmit); 1200 if (retranstimer && rai->rai_retranstimer && 1201 retranstimer != rai->rai_retranstimer) { 1202 syslog(LOG_INFO, 1203 "<%s> RetranceTimer inconsistent on %s:" 1204 " %d from %s, %d from us", 1205 __func__, rai->rai_ifname, retranstimer, 1206 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1207 sizeof(ntopbuf)), rai->rai_retranstimer); 1208 inconsistent++; 1209 } 1210 /* Values in the MTU options */ 1211 if (ndopts.opt_mtu) { 1212 mtu = ntohl(ndopts.opt_mtu->nd_opt_mtu_mtu); 1213 if (mtu && rai->rai_linkmtu && mtu != rai->rai_linkmtu) { 1214 syslog(LOG_INFO, 1215 "<%s> MTU option value inconsistent on %s:" 1216 " %d from %s, %d from us", 1217 __func__, rai->rai_ifname, mtu, 1218 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1219 sizeof(ntopbuf)), rai->rai_linkmtu); 1220 inconsistent++; 1221 } 1222 } 1223 /* Preferred and Valid Lifetimes for prefixes */ 1224 { 1225 struct nd_optlist *nol; 1226 1227 if (ndopts.opt_pi) 1228 if (prefix_check(ndopts.opt_pi, rai, from)) 1229 inconsistent++; 1230 1231 TAILQ_FOREACH(nol, &ndopts.opt_list, nol_next) 1232 if (prefix_check((struct nd_opt_prefix_info *)nol->nol_opt, 1233 rai, from)) 1234 inconsistent++; 1235 } 1236 1237 if (inconsistent) 1238 rai->rai_rainconsistent++; 1239 1240 done: 1241 free_ndopts(&ndopts); 1242 return; 1243 } 1244 1245 /* return a non-zero value if the received prefix is inconsitent with ours */ 1246 static int 1247 prefix_check(struct nd_opt_prefix_info *pinfo, 1248 struct rainfo *rai, struct sockaddr_in6 *from) 1249 { 1250 u_int32_t preferred_time, valid_time; 1251 struct prefix *pfx; 1252 int inconsistent = 0; 1253 u_char ntopbuf[INET6_ADDRSTRLEN]; 1254 u_char prefixbuf[INET6_ADDRSTRLEN]; 1255 struct timeval now; 1256 1257 #if 0 /* impossible */ 1258 if (pinfo->nd_opt_pi_type != ND_OPT_PREFIX_INFORMATION) 1259 return (0); 1260 #endif 1261 1262 /* 1263 * log if the adveritsed prefix has link-local scope(sanity check?) 1264 */ 1265 if (IN6_IS_ADDR_LINKLOCAL(&pinfo->nd_opt_pi_prefix)) 1266 syslog(LOG_INFO, 1267 "<%s> link-local prefix %s/%d is advertised " 1268 "from %s on %s", 1269 __func__, 1270 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf, 1271 sizeof(prefixbuf)), 1272 pinfo->nd_opt_pi_prefix_len, 1273 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1274 sizeof(ntopbuf)), rai->rai_ifname); 1275 1276 if ((pfx = find_prefix(rai, &pinfo->nd_opt_pi_prefix, 1277 pinfo->nd_opt_pi_prefix_len)) == NULL) { 1278 syslog(LOG_INFO, 1279 "<%s> prefix %s/%d from %s on %s is not in our list", 1280 __func__, 1281 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf, 1282 sizeof(prefixbuf)), 1283 pinfo->nd_opt_pi_prefix_len, 1284 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1285 sizeof(ntopbuf)), rai->rai_ifname); 1286 return (0); 1287 } 1288 1289 preferred_time = ntohl(pinfo->nd_opt_pi_preferred_time); 1290 if (pfx->pfx_pltimeexpire) { 1291 /* 1292 * The lifetime is decremented in real time, so we should 1293 * compare the expiration time. 1294 * (RFC 2461 Section 6.2.7.) 1295 * XXX: can we really expect that all routers on the link 1296 * have synchronized clocks? 1297 */ 1298 gettimeofday(&now, NULL); 1299 preferred_time += now.tv_sec; 1300 1301 if (!pfx->pfx_timer && rai->rai_clockskew && 1302 abs(preferred_time - pfx->pfx_pltimeexpire) > rai->rai_clockskew) { 1303 syslog(LOG_INFO, 1304 "<%s> preferred lifetime for %s/%d" 1305 " (decr. in real time) inconsistent on %s:" 1306 " %d from %s, %ld from us", 1307 __func__, 1308 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf, 1309 sizeof(prefixbuf)), 1310 pinfo->nd_opt_pi_prefix_len, 1311 rai->rai_ifname, preferred_time, 1312 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1313 sizeof(ntopbuf)), pfx->pfx_pltimeexpire); 1314 inconsistent++; 1315 } 1316 } else if (!pfx->pfx_timer && preferred_time != pfx->pfx_preflifetime) 1317 syslog(LOG_INFO, 1318 "<%s> preferred lifetime for %s/%d" 1319 " inconsistent on %s:" 1320 " %d from %s, %d from us", 1321 __func__, 1322 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf, 1323 sizeof(prefixbuf)), 1324 pinfo->nd_opt_pi_prefix_len, 1325 rai->rai_ifname, preferred_time, 1326 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1327 sizeof(ntopbuf)), pfx->pfx_preflifetime); 1328 1329 valid_time = ntohl(pinfo->nd_opt_pi_valid_time); 1330 if (pfx->pfx_vltimeexpire) { 1331 gettimeofday(&now, NULL); 1332 valid_time += now.tv_sec; 1333 1334 if (!pfx->pfx_timer && rai->rai_clockskew && 1335 abs(valid_time - pfx->pfx_vltimeexpire) > rai->rai_clockskew) { 1336 syslog(LOG_INFO, 1337 "<%s> valid lifetime for %s/%d" 1338 " (decr. in real time) inconsistent on %s:" 1339 " %d from %s, %ld from us", 1340 __func__, 1341 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf, 1342 sizeof(prefixbuf)), 1343 pinfo->nd_opt_pi_prefix_len, 1344 rai->rai_ifname, preferred_time, 1345 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1346 sizeof(ntopbuf)), pfx->pfx_vltimeexpire); 1347 inconsistent++; 1348 } 1349 } else if (!pfx->pfx_timer && valid_time != pfx->pfx_validlifetime) { 1350 syslog(LOG_INFO, 1351 "<%s> valid lifetime for %s/%d" 1352 " inconsistent on %s:" 1353 " %d from %s, %d from us", 1354 __func__, 1355 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf, 1356 sizeof(prefixbuf)), 1357 pinfo->nd_opt_pi_prefix_len, 1358 rai->rai_ifname, valid_time, 1359 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, 1360 sizeof(ntopbuf)), pfx->pfx_validlifetime); 1361 inconsistent++; 1362 } 1363 1364 return (inconsistent); 1365 } 1366 1367 struct prefix * 1368 find_prefix(struct rainfo *rai, struct in6_addr *prefix, int plen) 1369 { 1370 struct prefix *pfx; 1371 int bytelen, bitlen; 1372 u_char bitmask; 1373 1374 TAILQ_FOREACH(pfx, &rai->rai_prefix, pfx_next) { 1375 if (plen != pfx->pfx_prefixlen) 1376 continue; 1377 1378 bytelen = plen / 8; 1379 bitlen = plen % 8; 1380 bitmask = 0xff << (8 - bitlen); 1381 1382 if (memcmp((void *)prefix, (void *)&pfx->pfx_prefix, bytelen)) 1383 continue; 1384 1385 if (bitlen == 0 || 1386 ((prefix->s6_addr[bytelen] & bitmask) == 1387 (pfx->pfx_prefix.s6_addr[bytelen] & bitmask))) { 1388 return (pfx); 1389 } 1390 } 1391 1392 return (NULL); 1393 } 1394 1395 /* check if p0/plen0 matches p1/plen1; return 1 if matches, otherwise 0. */ 1396 int 1397 prefix_match(struct in6_addr *p0, int plen0, 1398 struct in6_addr *p1, int plen1) 1399 { 1400 int bytelen, bitlen; 1401 u_char bitmask; 1402 1403 if (plen0 < plen1) 1404 return (0); 1405 1406 bytelen = plen1 / 8; 1407 bitlen = plen1 % 8; 1408 bitmask = 0xff << (8 - bitlen); 1409 1410 if (memcmp((void *)p0, (void *)p1, bytelen)) 1411 return (0); 1412 1413 if (bitlen == 0 || 1414 ((p0->s6_addr[bytelen] & bitmask) == 1415 (p1->s6_addr[bytelen] & bitmask))) { 1416 return (1); 1417 } 1418 1419 return (0); 1420 } 1421 1422 static int 1423 nd6_options(struct nd_opt_hdr *hdr, int limit, 1424 union nd_opt *ndopts, u_int32_t optflags) 1425 { 1426 int optlen = 0; 1427 1428 for (; limit > 0; limit -= optlen) { 1429 if ((size_t)limit < sizeof(struct nd_opt_hdr)) { 1430 syslog(LOG_INFO, "<%s> short option header", __func__); 1431 goto bad; 1432 } 1433 1434 hdr = (struct nd_opt_hdr *)((caddr_t)hdr + optlen); 1435 if (hdr->nd_opt_len == 0) { 1436 syslog(LOG_INFO, 1437 "<%s> bad ND option length(0) (type = %d)", 1438 __func__, hdr->nd_opt_type); 1439 goto bad; 1440 } 1441 optlen = hdr->nd_opt_len << 3; 1442 if (optlen > limit) { 1443 syslog(LOG_INFO, "<%s> short option", __func__); 1444 goto bad; 1445 } 1446 1447 if (hdr->nd_opt_type > ND_OPT_MTU && 1448 hdr->nd_opt_type != ND_OPT_RDNSS && 1449 hdr->nd_opt_type != ND_OPT_DNSSL) { 1450 syslog(LOG_INFO, "<%s> unknown ND option(type %d)", 1451 __func__, hdr->nd_opt_type); 1452 continue; 1453 } 1454 1455 if ((ndopt_flags[hdr->nd_opt_type] & optflags) == 0) { 1456 syslog(LOG_INFO, "<%s> unexpected ND option(type %d)", 1457 __func__, hdr->nd_opt_type); 1458 continue; 1459 } 1460 1461 /* 1462 * Option length check. Do it here for all fixed-length 1463 * options. 1464 */ 1465 switch (hdr->nd_opt_type) { 1466 case ND_OPT_MTU: 1467 if (optlen == sizeof(struct nd_opt_mtu)) 1468 break; 1469 goto skip; 1470 case ND_OPT_RDNSS: 1471 if (optlen >= 24 && 1472 (optlen - sizeof(struct nd_opt_rdnss)) % 16 == 0) 1473 break; 1474 goto skip; 1475 case ND_OPT_DNSSL: 1476 if (optlen >= 16 && 1477 (optlen - sizeof(struct nd_opt_dnssl)) % 8 == 0) 1478 break; 1479 goto skip; 1480 case ND_OPT_PREFIX_INFORMATION: 1481 if (optlen == sizeof(struct nd_opt_prefix_info)) 1482 break; 1483 skip: 1484 syslog(LOG_INFO, "<%s> invalid option length", 1485 __func__); 1486 continue; 1487 } 1488 1489 switch (hdr->nd_opt_type) { 1490 case ND_OPT_TARGET_LINKADDR: 1491 case ND_OPT_REDIRECTED_HEADER: 1492 case ND_OPT_RDNSS: 1493 case ND_OPT_DNSSL: 1494 break; /* we don't care about these options */ 1495 case ND_OPT_SOURCE_LINKADDR: 1496 case ND_OPT_MTU: 1497 if (ndopts->opt_array[hdr->nd_opt_type]) { 1498 syslog(LOG_INFO, 1499 "<%s> duplicated ND option (type = %d)", 1500 __func__, hdr->nd_opt_type); 1501 } 1502 ndopts->opt_array[hdr->nd_opt_type] = hdr; 1503 break; 1504 case ND_OPT_PREFIX_INFORMATION: 1505 { 1506 struct nd_optlist *nol; 1507 1508 if (ndopts->opt_pi == 0) { 1509 ndopts->opt_pi = 1510 (struct nd_opt_prefix_info *)hdr; 1511 continue; 1512 } 1513 nol = malloc(sizeof(*nol)); 1514 if (nol == NULL) { 1515 syslog(LOG_ERR, "<%s> can't allocate memory", 1516 __func__); 1517 goto bad; 1518 } 1519 nol->nol_opt = hdr; 1520 TAILQ_INSERT_TAIL(&(ndopts->opt_list), nol, nol_next); 1521 1522 break; 1523 } 1524 default: /* impossible */ 1525 break; 1526 } 1527 } 1528 1529 return (0); 1530 1531 bad: 1532 free_ndopts(ndopts); 1533 1534 return (-1); 1535 } 1536 1537 static void 1538 free_ndopts(union nd_opt *ndopts) 1539 { 1540 struct nd_optlist *nol; 1541 1542 while ((nol = TAILQ_FIRST(&ndopts->opt_list)) != NULL) { 1543 TAILQ_REMOVE(&ndopts->opt_list, nol, nol_next); 1544 free(nol); 1545 } 1546 } 1547 1548 void 1549 sock_open(void) 1550 { 1551 struct icmp6_filter filt; 1552 struct ipv6_mreq mreq; 1553 struct rainfo *rai; 1554 int on; 1555 /* XXX: should be max MTU attached to the node */ 1556 static u_char answer[1500]; 1557 1558 rcvcmsgbuflen = CMSG_SPACE(sizeof(struct in6_pktinfo)) + 1559 CMSG_SPACE(sizeof(int)); 1560 rcvcmsgbuf = (u_char *)malloc(rcvcmsgbuflen); 1561 if (rcvcmsgbuf == NULL) { 1562 syslog(LOG_ERR, "<%s> not enough core", __func__); 1563 exit(1); 1564 } 1565 1566 sndcmsgbuflen = CMSG_SPACE(sizeof(struct in6_pktinfo)) + 1567 CMSG_SPACE(sizeof(int)); 1568 sndcmsgbuf = (u_char *)malloc(sndcmsgbuflen); 1569 if (sndcmsgbuf == NULL) { 1570 syslog(LOG_ERR, "<%s> not enough core", __func__); 1571 exit(1); 1572 } 1573 1574 if ((sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) < 0) { 1575 syslog(LOG_ERR, "<%s> socket: %s", __func__, strerror(errno)); 1576 exit(1); 1577 } 1578 /* specify to tell receiving interface */ 1579 on = 1; 1580 if (setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on, 1581 sizeof(on)) < 0) { 1582 syslog(LOG_ERR, "<%s> IPV6_RECVPKTINFO: %s", __func__, 1583 strerror(errno)); 1584 exit(1); 1585 } 1586 on = 1; 1587 /* specify to tell value of hoplimit field of received IP6 hdr */ 1588 if (setsockopt(sock, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &on, 1589 sizeof(on)) < 0) { 1590 syslog(LOG_ERR, "<%s> IPV6_RECVHOPLIMIT: %s", __func__, 1591 strerror(errno)); 1592 exit(1); 1593 } 1594 ICMP6_FILTER_SETBLOCKALL(&filt); 1595 ICMP6_FILTER_SETPASS(ND_ROUTER_SOLICIT, &filt); 1596 ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt); 1597 if (accept_rr) 1598 ICMP6_FILTER_SETPASS(ICMP6_ROUTER_RENUMBERING, &filt); 1599 1600 if (setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &filt, 1601 sizeof(filt)) < 0) { 1602 syslog(LOG_ERR, "<%s> IICMP6_FILTER: %s", 1603 __func__, strerror(errno)); 1604 exit(1); 1605 } 1606 1607 /* 1608 * join all routers multicast address on each advertising interface. 1609 */ 1610 memcpy(&mreq.ipv6mr_multiaddr.s6_addr, 1611 &sin6_linklocal_allrouters.sin6_addr, 1612 sizeof(mreq.ipv6mr_multiaddr.s6_addr)); 1613 TAILQ_FOREACH(rai, &railist, rai_next) { 1614 mreq.ipv6mr_interface = rai->rai_ifindex; 1615 if (setsockopt(sock, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, 1616 sizeof(mreq)) < 0) { 1617 syslog(LOG_ERR, "<%s> IPV6_JOIN_GROUP(link) on %s: %s", 1618 __func__, rai->rai_ifname, strerror(errno)); 1619 exit(1); 1620 } 1621 } 1622 1623 /* 1624 * When attending router renumbering, join all-routers site-local 1625 * multicast group. 1626 */ 1627 if (accept_rr) { 1628 memcpy(&mreq.ipv6mr_multiaddr.s6_addr, 1629 &sin6_sitelocal_allrouters.sin6_addr, 1630 sizeof(mreq.ipv6mr_multiaddr.s6_addr)); 1631 if (mcastif) { 1632 if ((mreq.ipv6mr_interface = if_nametoindex(mcastif)) 1633 == 0) { 1634 syslog(LOG_ERR, 1635 "<%s> invalid interface: %s", 1636 __func__, mcastif); 1637 exit(1); 1638 } 1639 } else 1640 mreq.ipv6mr_interface = 1641 TAILQ_FIRST(&railist)->rai_ifindex; 1642 if (setsockopt(sock, IPPROTO_IPV6, IPV6_JOIN_GROUP, 1643 &mreq, sizeof(mreq)) < 0) { 1644 syslog(LOG_ERR, 1645 "<%s> IPV6_JOIN_GROUP(site) on %s: %s", __func__, 1646 mcastif ? mcastif : 1647 TAILQ_FIRST(&railist)->rai_ifname, 1648 strerror(errno)); 1649 exit(1); 1650 } 1651 } 1652 1653 /* initialize msghdr for receiving packets */ 1654 rcviov[0].iov_base = (caddr_t)answer; 1655 rcviov[0].iov_len = sizeof(answer); 1656 rcvmhdr.msg_name = (caddr_t)&rcvfrom; 1657 rcvmhdr.msg_namelen = sizeof(rcvfrom); 1658 rcvmhdr.msg_iov = rcviov; 1659 rcvmhdr.msg_iovlen = 1; 1660 rcvmhdr.msg_control = (caddr_t) rcvcmsgbuf; 1661 rcvmhdr.msg_controllen = rcvcmsgbuflen; 1662 1663 /* initialize msghdr for sending packets */ 1664 sndmhdr.msg_namelen = sizeof(struct sockaddr_in6); 1665 sndmhdr.msg_iov = sndiov; 1666 sndmhdr.msg_iovlen = 1; 1667 sndmhdr.msg_control = (caddr_t)sndcmsgbuf; 1668 sndmhdr.msg_controllen = sndcmsgbuflen; 1669 1670 return; 1671 } 1672 1673 /* open a routing socket to watch the routing table */ 1674 static void 1675 rtsock_open(void) 1676 { 1677 if ((rtsock = socket(PF_ROUTE, SOCK_RAW, 0)) < 0) { 1678 syslog(LOG_ERR, 1679 "<%s> socket: %s", __func__, strerror(errno)); 1680 exit(1); 1681 } 1682 } 1683 1684 struct rainfo * 1685 if_indextorainfo(int idx) 1686 { 1687 struct rainfo *rai; 1688 1689 TAILQ_FOREACH(rai, &railist, rai_next) { 1690 syslog(LOG_DEBUG, "<%s> rai->rai_ifindex %d == idx %d?", 1691 __func__, rai->rai_ifindex, idx); 1692 if (rai->rai_ifindex == idx) 1693 return (rai); 1694 } 1695 1696 return (NULL); /* search failed */ 1697 } 1698 1699 void 1700 ra_output(struct rainfo *rai) 1701 { 1702 int i; 1703 struct cmsghdr *cm; 1704 struct in6_pktinfo *pi; 1705 struct soliciter *sol; 1706 1707 if ((iflist[rai->rai_ifindex]->ifm_flags & IFF_UP) == 0) { 1708 syslog(LOG_DEBUG, "<%s> %s is not up, skip sending RA", 1709 __func__, rai->rai_ifname); 1710 return; 1711 } 1712 1713 /* 1714 * Check lifetime, ACCEPT_RTADV flag, and ip6.forwarding. 1715 * 1716 * (lifetime == 0) = output 1717 * (lifetime != 0 && (ACCEPT_RTADV || !ip6.forwarding) = no output 1718 * 1719 * Basically, hosts MUST NOT send Router Advertisement 1720 * messages at any time (RFC 4861, Section 6.2.3). However, it 1721 * would sometimes be useful to allow hosts to advertise some 1722 * parameters such as prefix information and link MTU. Thus, 1723 * we allow hosts to invoke rtadvd only when router lifetime 1724 * (on every advertising interface) is explicitly set 1725 * zero. (see also the above section) 1726 */ 1727 syslog(LOG_DEBUG, 1728 "<%s> check lifetime=%d, ACCEPT_RTADV=%d, ip6.forwarding=%d on %s", 1729 __func__, rai->rai_lifetime, check_accept_rtadv(rai->rai_ifindex), 1730 getinet6sysctl(IPV6CTL_FORWARDING), rai->rai_ifname); 1731 if (rai->rai_lifetime != 0) { 1732 if (check_accept_rtadv(rai->rai_ifindex)) { 1733 syslog(LOG_INFO, 1734 "<%s> non-zero lifetime RA " 1735 "on RA receiving interface %s." 1736 " Ignored.", __func__, rai->rai_ifname); 1737 return; 1738 } 1739 if (getinet6sysctl(IPV6CTL_FORWARDING) == 0) { 1740 syslog(LOG_INFO, 1741 "<%s> non-zero lifetime RA " 1742 "but net.inet6.ip6.forwarding=0. " 1743 "Ignored.", __func__); 1744 return; 1745 } 1746 } 1747 1748 make_packet(rai); /* XXX: inefficient */ 1749 1750 sndmhdr.msg_name = (caddr_t)&sin6_linklocal_allnodes; 1751 sndmhdr.msg_iov[0].iov_base = (caddr_t)rai->rai_ra_data; 1752 sndmhdr.msg_iov[0].iov_len = rai->rai_ra_datalen; 1753 1754 cm = CMSG_FIRSTHDR(&sndmhdr); 1755 /* specify the outgoing interface */ 1756 cm->cmsg_level = IPPROTO_IPV6; 1757 cm->cmsg_type = IPV6_PKTINFO; 1758 cm->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); 1759 pi = (struct in6_pktinfo *)CMSG_DATA(cm); 1760 memset(&pi->ipi6_addr, 0, sizeof(pi->ipi6_addr)); /*XXX*/ 1761 pi->ipi6_ifindex = rai->rai_ifindex; 1762 1763 /* specify the hop limit of the packet */ 1764 { 1765 int hoplimit = 255; 1766 1767 cm = CMSG_NXTHDR(&sndmhdr, cm); 1768 cm->cmsg_level = IPPROTO_IPV6; 1769 cm->cmsg_type = IPV6_HOPLIMIT; 1770 cm->cmsg_len = CMSG_LEN(sizeof(int)); 1771 memcpy(CMSG_DATA(cm), &hoplimit, sizeof(int)); 1772 } 1773 1774 syslog(LOG_DEBUG, 1775 "<%s> send RA on %s, # of waitings = %d", 1776 __func__, rai->rai_ifname, rai->rai_waiting); 1777 1778 i = sendmsg(sock, &sndmhdr, 0); 1779 1780 if (i < 0 || (size_t)i != rai->rai_ra_datalen) { 1781 if (i < 0) { 1782 syslog(LOG_ERR, "<%s> sendmsg on %s: %s", 1783 __func__, rai->rai_ifname, 1784 strerror(errno)); 1785 } 1786 } 1787 /* update counter */ 1788 if (rai->rai_initcounter < MAX_INITIAL_RTR_ADVERTISEMENTS) 1789 rai->rai_initcounter++; 1790 rai->rai_raoutput++; 1791 1792 /* 1793 * unicast advertisements 1794 * XXX commented out. reason: though spec does not forbit it, unicast 1795 * advert does not really help 1796 */ 1797 while ((sol = TAILQ_FIRST(&rai->rai_soliciter)) != NULL) { 1798 TAILQ_REMOVE(&rai->rai_soliciter, sol, sol_next); 1799 free(sol); 1800 } 1801 1802 /* update timestamp */ 1803 gettimeofday(&rai->rai_lastsent, NULL); 1804 1805 /* reset waiting conter */ 1806 rai->rai_waiting = 0; 1807 } 1808 1809 /* process RA timer */ 1810 struct rtadvd_timer * 1811 ra_timeout(void *arg) 1812 { 1813 struct rainfo *rai; 1814 1815 #ifdef notyet 1816 /* if necessary, reconstruct the packet. */ 1817 #endif 1818 rai = (struct rainfo *)arg; 1819 syslog(LOG_DEBUG, "<%s> RA timer on %s is expired", 1820 __func__, rai->rai_ifname); 1821 1822 ra_output(rai); 1823 1824 return (rai->rai_timer); 1825 } 1826 1827 /* update RA timer */ 1828 void 1829 ra_timer_update(void *arg, struct timeval *tm) 1830 { 1831 long interval; 1832 struct rainfo *rai; 1833 1834 rai = (struct rainfo *)arg; 1835 /* 1836 * Whenever a multicast advertisement is sent from an interface, 1837 * the timer is reset to a uniformly-distributed random value 1838 * between the interface's configured MinRtrAdvInterval and 1839 * MaxRtrAdvInterval (RFC2461 6.2.4). 1840 */ 1841 interval = rai->rai_mininterval; 1842 #ifdef HAVE_ARC4RANDOM 1843 interval += arc4random_uniform(rai->rai_maxinterval - 1844 rai->rai_mininterval); 1845 #else 1846 interval += random() % (rai->rai_maxinterval - 1847 rai->rai_mininterval); 1848 #endif 1849 1850 /* 1851 * For the first few advertisements (up to 1852 * MAX_INITIAL_RTR_ADVERTISEMENTS), if the randomly chosen interval 1853 * is greater than MAX_INITIAL_RTR_ADVERT_INTERVAL, the timer 1854 * SHOULD be set to MAX_INITIAL_RTR_ADVERT_INTERVAL instead. 1855 * (RFC 4861 6.2.4) 1856 */ 1857 if (rai->rai_initcounter < MAX_INITIAL_RTR_ADVERTISEMENTS && 1858 interval > MAX_INITIAL_RTR_ADVERT_INTERVAL) 1859 interval = MAX_INITIAL_RTR_ADVERT_INTERVAL; 1860 1861 tm->tv_sec = interval; 1862 tm->tv_usec = 0; 1863 1864 syslog(LOG_DEBUG, 1865 "<%s> RA timer on %s is set to %ld:%ld", 1866 __func__, rai->rai_ifname, 1867 (long int)tm->tv_sec, (long int)tm->tv_usec); 1868 1869 return; 1870 } 1871