search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import dhcpcd-8.0.4 to vendor branch.
[dragonfly.git] / contrib / dhcpcd / src / ipv6.c
blobca54dab91a1240b71a0004fec5e2426b4f41148c
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3 * dhcpcd - DHCP client daemon
4 * Copyright (c) 2006-2019 Roy Marples <roy@marples.name>
5 * All rights reserved
6
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <sys/param.h>
30 #include <sys/types.h>
31 #include <sys/socket.h>
32 #include <sys/stat.h>
33
34 #include <arpa/inet.h>
35 #include <net/if.h>
36 #include <net/route.h>
37 #include <netinet/in.h>
38 #include <netinet/if_ether.h>
39
40 #include "config.h"
41
42 #ifdef HAVE_SYS_BITOPS_H
43 #include <sys/bitops.h>
44 #else
45 #include "compat/bitops.h"
46 #endif
47
48 #ifdef BSD
49 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used
50 * to generate our CAN_ADD_LLADDR #define. */
51 # include <netinet6/in6_var.h>
52 # include <netinet6/nd6.h>
53 #endif
54
55 #include <errno.h>
56 #include <ifaddrs.h>
57 #include <inttypes.h>
58 #include <stdlib.h>
59 #include <string.h>
60 #include <unistd.h>
61
62 #define ELOOP_QUEUE 7
63 #include "common.h"
64 #include "if.h"
65 #include "dhcpcd.h"
66 #include "dhcp6.h"
67 #include "eloop.h"
68 #include "ipv6.h"
69 #include "ipv6nd.h"
70 #include "logerr.h"
71 #include "sa.h"
72 #include "script.h"
73
74 #ifdef HAVE_MD5_H
75 # ifndef DEPGEN
76 # include <md5.h>
77 # endif
78 #endif
79
80 #ifdef SHA2_H
81 # include SHA2_H
82 #endif
83
84 #ifndef SHA256_DIGEST_LENGTH
85 # define SHA256_DIGEST_LENGTH 32
86 #endif
87
88 #ifdef IPV6_POLLADDRFLAG
89 # warning kernel does not report IPv6 address flag changes
90 # warning polling tentative address flags periodically
91 #endif
92
93 /* Hackery at it's finest. */
94 #ifndef s6_addr32
95 # ifdef __sun
96 # define s6_addr32 _S6_un._S6_u32
97 # else
98 # define s6_addr32 __u6_addr.__u6_addr32
99 # endif
100 #endif
101
102 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \
103 defined(IFF_NOLINKLOCAL)
104 /* Only add the LL address if we have a carrier, so DaD works. */
105 #define CAN_ADD_LLADDR(ifp) \
106 (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN)
107 #ifdef __sun
108 /* Although we can add our own LL address, we cannot drop it
109 * without unplumbing the if which is a lot of code.
110 * So just keep it for the time being. */
111 #define CAN_DROP_LLADDR(ifp) (0)
112 #else
113 #define CAN_DROP_LLADDR(ifp) (1)
114 #endif
115 #else
116 /* We have no control over the OS adding the LLADDR, so just let it do it
117 * as we cannot force our own view on it. */
118 #define CAN_ADD_LLADDR(ifp) (0)
119 #define CAN_DROP_LLADDR(ifp) (0)
120 #endif
121
122 #ifdef IPV6_MANAGETEMPADDR
123 static void ipv6_regentempifid(void *);
124 static void ipv6_regentempaddr(void *);
125 #else
126 #define ipv6_regentempifid(a) {}
127 #endif
128
129 int
130 ipv6_init(struct dhcpcd_ctx *ctx)
131 {
132
133 if (ctx->ra_routers != NULL)
134 return 0;
135
136 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
137 if (ctx->ra_routers == NULL)
138 return -1;
139 TAILQ_INIT(ctx->ra_routers);
140
141 #ifndef __sun
142 ctx->nd_fd = -1;
143 #endif
144 ctx->dhcp6_fd = -1;
145 return 0;
146 }
147
148 static ssize_t
149 ipv6_readsecret(struct dhcpcd_ctx *ctx)
150 {
151 FILE *fp;
152 char line[1024];
153 unsigned char *p;
154 size_t len;
155 uint32_t r;
156 int x;
157
158 if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0)
159 return (ssize_t)ctx->secret_len;
160
161 if (errno != ENOENT)
162 logerr("%s: %s", __func__, SECRET);
163
164 /* Chaining arc4random should be good enough.
165 * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
166 * To attempt and future proof ourselves, we'll generate a key of
167 * 512 bits (64 bytes). */
168 if (ctx->secret_len < 64) {
169 if ((ctx->secret = malloc(64)) == NULL) {
170 logerr(__func__);
171 return -1;
172 }
173 ctx->secret_len = 64;
174 }
175 p = ctx->secret;
176 for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
177 r = arc4random();
178 memcpy(p, &r, sizeof(r));
179 p += sizeof(r);
180 }
181
182 /* Ensure that only the dhcpcd user can read the secret.
183 * Write permission is also denied as chaning it would remove
184 * it's stability. */
185 if ((fp = fopen(SECRET, "w")) == NULL ||
186 chmod(SECRET, S_IRUSR) == -1)
187 goto eexit;
188 x = fprintf(fp, "%s\n",
189 hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)));
190 if (fclose(fp) == EOF)
191 x = -1;
192 fp = NULL;
193 if (x > 0)
194 return (ssize_t)ctx->secret_len;
195
196 eexit:
197 logerr("%s: %s", __func__, SECRET);
198 if (fp != NULL)
199 fclose(fp);
200 unlink(SECRET);
201 ctx->secret_len = 0;
202 return -1;
203 }
204
205 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
206 * RFC5453 */
207 static const struct reslowhigh {
208 const uint8_t high[8];
209 const uint8_t low[8];
210 } reslowhigh[] = {
211 /* RFC4291 + RFC6543 */
212 { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
213 { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
214 /* RFC2526 */
215 { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
216 { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
217 };
218
219 static int
220 ipv6_reserved(const struct in6_addr *addr)
221 {
222 uint64_t id, low, high;
223 size_t i;
224 const struct reslowhigh *r;
225
226 id = be64dec(addr->s6_addr + sizeof(id));
227 if (id == 0) /* RFC4291 */
228 return 1;
229 for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) {
230 r = &reslowhigh[i];
231 low = be64dec(r->low);
232 high = be64dec(r->high);
233 if (id >= low && id <= high)
234 return 1;
235 }
236 return 0;
237 }
238
239 /* RFC7217 */
240 static int
241 ipv6_makestableprivate1(struct in6_addr *addr,
242 const struct in6_addr *prefix, int prefix_len,
243 const unsigned char *netiface, size_t netiface_len,
244 const unsigned char *netid, size_t netid_len,
245 unsigned short vlanid,
246 uint32_t *dad_counter,
247 const unsigned char *secret, size_t secret_len)
248 {
249 unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
250 size_t len, l;
251 SHA256_CTX ctx;
252
253 if (prefix_len < 0 || prefix_len > 120) {
254 errno = EINVAL;
255 return -1;
256 }
257
258 l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
259 len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len;
260 if (vlanid != 0)
261 len += sizeof(vlanid);
262 if (len > sizeof(buf)) {
263 errno = ENOBUFS;
264 return -1;
265 }
266
267 for (;; (*dad_counter)++) {
268 /* Combine all parameters into one buffer */
269 p = buf;
270 memcpy(p, prefix, l);
271 p += l;
272 memcpy(p, netiface, netiface_len);
273 p += netiface_len;
274 memcpy(p, netid, netid_len);
275 p += netid_len;
276 /* Don't use a vlanid if not set.
277 * This ensures prior versions have the same unique address. */
278 if (vlanid != 0) {
279 memcpy(p, &vlanid, sizeof(vlanid));
280 p += sizeof(vlanid);
281 }
282 memcpy(p, dad_counter, sizeof(*dad_counter));
283 p += sizeof(*dad_counter);
284 memcpy(p, secret, secret_len);
285
286 /* Make an address using the digest of the above.
287 * RFC7217 Section 5.1 states that we shouldn't use MD5.
288 * Pity as we use that for HMAC-MD5 which is still deemed OK.
289 * SHA-256 is recommended */
290 SHA256_Init(&ctx);
291 SHA256_Update(&ctx, buf, len);
292 SHA256_Final(digest, &ctx);
293
294 p = addr->s6_addr;
295 memcpy(p, prefix, l);
296 /* RFC7217 section 5.2 says we need to start taking the id from
297 * the least significant bit */
298 len = sizeof(addr->s6_addr) - l;
299 memcpy(p + l, digest + (sizeof(digest) - len), len);
300
301 /* Ensure that the Interface ID does not match a reserved one,
302 * if it does then treat it as a DAD failure.
303 * RFC7217 section 5.2 */
304 if (prefix_len != 64)
305 break;
306 if (!ipv6_reserved(addr))
307 break;
308 }
309
310 return 0;
311 }
312
313 int
314 ipv6_makestableprivate(struct in6_addr *addr,
315 const struct in6_addr *prefix, int prefix_len,
316 const struct interface *ifp,
317 int *dad_counter)
318 {
319 uint32_t dad;
320 int r;
321
322 if (ifp->ctx->secret_len == 0) {
323 if (ipv6_readsecret(ifp->ctx) == -1)
324 return -1;
325 }
326
327 dad = (uint32_t)*dad_counter;
328
329 /* For our implementation, we shall set the hardware address
330 * as the interface identifier */
331 r = ipv6_makestableprivate1(addr, prefix, prefix_len,
332 ifp->hwaddr, ifp->hwlen,
333 ifp->ssid, ifp->ssid_len,
334 ifp->vlanid, &dad,
335 ifp->ctx->secret, ifp->ctx->secret_len);
336
337 if (r == 0)
338 *dad_counter = (int)dad;
339 return r;
340 }
341
342 int
343 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp,
344 const struct in6_addr *prefix, int prefix_len)
345 {
346 const struct ipv6_addr *ap;
347 int dad;
348
349 if (prefix_len < 0 || prefix_len > 120) {
350 errno = EINVAL;
351 return -1;
352 }
353
354 if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
355 dad = 0;
356 if (ipv6_makestableprivate(addr,
357 prefix, prefix_len, ifp, &dad) == -1)
358 return -1;
359 return dad;
360 }
361
362 if (prefix_len > 64) {
363 errno = EINVAL;
364 return -1;
365 }
366 if ((ap = ipv6_linklocal(ifp)) == NULL) {
367 /* We delay a few functions until we get a local-link address
368 * so this should never be hit. */
369 errno = ENOENT;
370 return -1;
371 }
372
373 /* Make the address from the first local-link address */
374 memcpy(addr, prefix, sizeof(*prefix));
375 addr->s6_addr32[2] = ap->addr.s6_addr32[2];
376 addr->s6_addr32[3] = ap->addr.s6_addr32[3];
377 return 0;
378 }
379
380 static int
381 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
382 {
383 int bytes, bits;
384
385 if (len < 0 || len > 128) {
386 errno = EINVAL;
387 return -1;
388 }
389
390 bytes = len / NBBY;
391 bits = len % NBBY;
392 memcpy(&prefix->s6_addr, &addr->s6_addr, (size_t)bytes);
393 if (bits != 0) {
394 /* Coverify false positive.
395 * bytelen cannot be 16 if bitlen is non zero */
396 /* coverity[overrun-local] */
397 prefix->s6_addr[bytes] =
398 (uint8_t)(prefix->s6_addr[bytes] >> (NBBY - bits));
399 }
400 memset((char *)prefix->s6_addr + bytes, 0,
401 sizeof(prefix->s6_addr) - (size_t)bytes);
402 return 0;
403 }
404
405 int
406 ipv6_mask(struct in6_addr *mask, int len)
407 {
408 static const unsigned char masks[NBBY] =
409 { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
410 int bytes, bits, i;
411
412 if (len < 0 || len > 128) {
413 errno = EINVAL;
414 return -1;
415 }
416
417 memset(mask, 0, sizeof(*mask));
418 bytes = len / NBBY;
419 bits = len % NBBY;
420 for (i = 0; i < bytes; i++)
421 mask->s6_addr[i] = 0xff;
422 if (bits != 0) {
423 /* Coverify false positive.
424 * bytelen cannot be 16 if bitlen is non zero */
425 /* coverity[overrun-local] */
426 mask->s6_addr[bytes] = masks[bits - 1];
427 }
428 return 0;
429 }
430
431 uint8_t
432 ipv6_prefixlen(const struct in6_addr *mask)
433 {
434 int x = 0, y;
435 const unsigned char *lim, *p;
436
437 lim = (const unsigned char *)mask + sizeof(*mask);
438 for (p = (const unsigned char *)mask; p < lim; x++, p++) {
439 if (*p != 0xff)
440 break;
441 }
442 y = 0;
443 if (p < lim) {
444 for (y = 0; y < NBBY; y++) {
445 if ((*p & (0x80 >> y)) == 0)
446 break;
447 }
448 }
449
450 /*
451 * when the limit pointer is given, do a stricter check on the
452 * remaining bits.
453 */
454 if (p < lim) {
455 if (y != 0 && (*p & (0x00ff >> y)) != 0)
456 return 0;
457 for (p = p + 1; p < lim; p++)
458 if (*p != 0)
459 return 0;
460 }
461
462 return (uint8_t)(x * NBBY + y);
463 }
464
465 static void
466 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
467 {
468
469 *vhigh = be64dec(addr->s6_addr);
470 *vlow = be64dec(addr->s6_addr + 8);
471 }
472
473 static void
474 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
475 {
476
477 be64enc(addr->s6_addr, vhigh);
478 be64enc(addr->s6_addr + 8, vlow);
479 }
480
481 int
482 ipv6_userprefix(
483 const struct in6_addr *prefix, // prefix from router
484 short prefix_len, // length of prefix received
485 uint64_t user_number, // "random" number from user
486 struct in6_addr *result, // resultant prefix
487 short result_len) // desired prefix length
488 {
489 uint64_t vh, vl, user_low, user_high;
490
491 if (prefix_len < 1 || prefix_len > 128 ||
492 result_len < 1 || result_len > 128)
493 {
494 errno = EINVAL;
495 return -1;
496 }
497
498 /* Check that the user_number fits inside result_len less prefix_len */
499 if (result_len < prefix_len ||
500 fls64(user_number) > result_len - prefix_len)
501 {
502 errno = ERANGE;
503 return -1;
504 }
505
506 /* If user_number is zero, just copy the prefix into the result. */
507 if (user_number == 0) {
508 *result = *prefix;
509 return 0;
510 }
511
512 /* Shift user_number so it fit's just inside result_len.
513 * Shifting by 0 or sizeof(user_number) is undefined,
514 * so we cater for that. */
515 if (result_len == 128) {
516 user_high = 0;
517 user_low = user_number;
518 } else if (result_len > 64) {
519 if (prefix_len >= 64)
520 user_high = 0;
521 else
522 user_high = user_number >> (result_len - prefix_len);
523 user_low = user_number << (128 - result_len);
524 } else if (result_len == 64) {
525 user_high = user_number;
526 user_low = 0;
527 } else {
528 user_high = user_number << (64 - result_len);
529 user_low = 0;
530 }
531
532 /* convert to two 64bit host order values */
533 in6_to_h64(&vh, &vl, prefix);
534
535 vh |= user_high;
536 vl |= user_low;
537
538 /* copy back result */
539 h64_to_in6(result, vh, vl);
540
541 return 0;
542 }
543
544 #ifdef IPV6_POLLADDRFLAG
545 void
546 ipv6_checkaddrflags(void *arg)
547 {
548 struct ipv6_addr *ia;
549 int flags;
550 const char *alias;
551
552 ia = arg;
553 #ifdef ALIAS_ADDR
554 alias = ia->alias;
555 #else
556 alias = NULL;
557 #endif
558 if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) {
559 if (errno != EEXIST && errno != EADDRNOTAVAIL)
560 logerr("%s: if_addrflags6", __func__);
561 return;
562 }
563
564 if (!(flags & IN6_IFF_TENTATIVE)) {
565 /* Simulate the kernel announcing the new address. */
566 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR,
567 ia->iface->ctx->ifaces, ia->iface->name,
568 &ia->addr, ia->prefix_len, flags, 0);
569 } else {
570 /* Still tentative? Check again in a bit. */
571 struct timespec tv;
572
573 ms_to_ts(&tv, RETRANS_TIMER / 2);
574 eloop_timeout_add_tv(ia->iface->ctx->eloop, &tv,
575 ipv6_checkaddrflags, ia);
576 }
577 }
578 #endif
579
580 static void
581 ipv6_deletedaddr(struct ipv6_addr *ia)
582 {
583
584 #ifdef SMALL
585 UNUSED(ia);
586 #else
587 /* NOREJECT is set if we delegated exactly the prefix to another
588 * address.
589 * This can only be one address, so just clear the flag.
590 * This should ensure the reject route will be restored. */
591 if (ia->delegating_prefix != NULL)
592 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT;
593 #endif
594 }
595
596 void
597 ipv6_deleteaddr(struct ipv6_addr *ia)
598 {
599 struct ipv6_state *state;
600 struct ipv6_addr *ap;
601
602 loginfox("%s: deleting address %s", ia->iface->name, ia->saddr);
603 if (if_address6(RTM_DELADDR, ia) == -1 &&
604 errno != EADDRNOTAVAIL && errno != ESRCH &&
605 errno != ENXIO && errno != ENODEV)
606 logerr(__func__);
607
608 ipv6_deletedaddr(ia);
609
610 state = IPV6_STATE(ia->iface);
611 TAILQ_FOREACH(ap, &state->addrs, next) {
612 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
613 TAILQ_REMOVE(&state->addrs, ap, next);
614 ipv6_freeaddr(ap);
615 break;
616 }
617 }
618
619 #ifdef ND6_ADVERTISE
620 /* Advertise the address if it exists on another interface. */
621 ipv6nd_advertise(ia);
622 #endif
623 }
624
625 static int
626 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now)
627 {
628 struct interface *ifp;
629 uint32_t pltime, vltime;
630 __printflike(1, 2) void (*logfunc)(const char *, ...);
631 #ifdef ND6_ADVERTISE
632 bool vltime_was_zero = ia->prefix_vltime == 0;
633 #endif
634 #ifdef __sun
635 struct ipv6_state *state;
636 struct ipv6_addr *ia2;
637
638 /* If we re-add then address on Solaris then the prefix
639 * route will be scrubbed and re-added. Something might
640 * be using it, so let's avoid it. */
641 if (ia->flags & IPV6_AF_DADCOMPLETED) {
642 logdebugx("%s: IP address %s already exists",
643 ia->iface->name, ia->saddr);
644 #ifdef ND6_ADVERTISE
645 goto advertise;
646 #else
647 return 0;
648 #endif
649 }
650 #endif
651
652 /* Remember the interface of the address. */
653 ifp = ia->iface;
654
655 if (!(ia->flags & IPV6_AF_DADCOMPLETED) &&
656 ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE))
657 ia->flags |= IPV6_AF_DADCOMPLETED;
658
659 /* Adjust plftime and vltime based on acquired time */
660 pltime = ia->prefix_pltime;
661 vltime = ia->prefix_vltime;
662 if (timespecisset(&ia->acquired) &&
663 (ia->prefix_pltime != ND6_INFINITE_LIFETIME ||
664 ia->prefix_vltime != ND6_INFINITE_LIFETIME))
665 {
666 struct timespec n;
667
668 if (now == NULL) {
669 clock_gettime(CLOCK_MONOTONIC, &n);
670 now = &n;
671 }
672 timespecsub(now, &ia->acquired, &n);
673 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) {
674 ia->prefix_pltime -= (uint32_t)n.tv_sec;
675 /* This can happen when confirming a
676 * deprecated but still valid lease. */
677 if (ia->prefix_pltime > pltime)
678 ia->prefix_pltime = 0;
679 }
680 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) {
681 ia->prefix_vltime -= (uint32_t)n.tv_sec;
682 /* This should never happen. */
683 if (ia->prefix_vltime > vltime) {
684 logerrx("%s: %s: lifetime overflow",
685 ifp->name, ia->saddr);
686 ia->prefix_vltime = ia->prefix_pltime = 0;
687 }
688 }
689 }
690
691 logfunc = ia->flags & IPV6_AF_NEW ? loginfox : logdebugx;
692 logfunc("%s: adding %saddress %s", ifp->name,
693 #ifdef IPV6_AF_TEMPORARY
694 ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "",
695 #else
696 "",
697 #endif
698 ia->saddr);
699 if (ia->prefix_pltime == ND6_INFINITE_LIFETIME &&
700 ia->prefix_vltime == ND6_INFINITE_LIFETIME)
701 logdebugx("%s: pltime infinity, vltime infinity",
702 ifp->name);
703 else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME)
704 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds",
705 ifp->name, ia->prefix_vltime);
706 else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME)
707 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity",
708 ifp->name, ia->prefix_pltime);
709 else
710 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32
711 " seconds",
712 ifp->name, ia->prefix_pltime, ia->prefix_vltime);
713
714 if (if_address6(RTM_NEWADDR, ia) == -1) {
715 logerr(__func__);
716 /* Restore real pltime and vltime */
717 ia->prefix_pltime = pltime;
718 ia->prefix_vltime = vltime;
719 return -1;
720 }
721
722 #ifdef IPV6_MANAGETEMPADDR
723 /* RFC4941 Section 3.4 */
724 if (ia->flags & IPV6_AF_TEMPORARY &&
725 ia->prefix_pltime &&
726 ia->prefix_vltime &&
727 ip6_use_tempaddr(ifp->name))
728 eloop_timeout_add_sec(ifp->ctx->eloop,
729 (time_t)ia->prefix_pltime - REGEN_ADVANCE,
730 ipv6_regentempaddr, ia);
731 #endif
732
733 /* Restore real pltime and vltime */
734 ia->prefix_pltime = pltime;
735 ia->prefix_vltime = vltime;
736
737 ia->flags &= ~IPV6_AF_NEW;
738 ia->flags |= IPV6_AF_ADDED;
739 #ifndef SMALL
740 if (ia->delegating_prefix != NULL)
741 ia->flags |= IPV6_AF_DELEGATED;
742 #endif
743
744 #ifdef IPV6_POLLADDRFLAG
745 eloop_timeout_delete(ifp->ctx->eloop,
746 ipv6_checkaddrflags, ia);
747 if (!(ia->flags & IPV6_AF_DADCOMPLETED)) {
748 struct timespec tv;
749
750 ms_to_ts(&tv, RETRANS_TIMER / 2);
751 eloop_timeout_add_tv(ifp->ctx->eloop,
752 &tv, ipv6_checkaddrflags, ia);
753 }
754 #endif
755
756 #ifdef __sun
757 /* Solaris does not announce new addresses which need DaD
758 * so we need to take a copy and add it to our list.
759 * Otherwise aliasing gets confused if we add another
760 * address during DaD. */
761
762 state = IPV6_STATE(ifp);
763 TAILQ_FOREACH(ia2, &state->addrs, next) {
764 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr))
765 break;
766 }
767 if (ia2 == NULL) {
768 if ((ia2 = malloc(sizeof(*ia2))) == NULL) {
769 logerr(__func__);
770 return 0; /* Well, we did add the address */
771 }
772 memcpy(ia2, ia, sizeof(*ia2));
773 TAILQ_INSERT_TAIL(&state->addrs, ia2, next);
774 }
775 #endif
776
777 #ifdef ND6_ADVERTISE
778 #ifdef __sun
779 advertise:
780 #endif
781 /* Re-advertise the preferred address to be safe. */
782 if (!vltime_was_zero)
783 ipv6nd_advertise(ia);
784 #endif
785
786 return 0;
787 }
788
789 #ifdef ALIAS_ADDR
790 /* Find the next logical alias address we can use. */
791 static int
792 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl)
793 {
794 struct ipv6_state *state;
795 struct ipv6_addr *iap;
796 unsigned int lun;
797 char alias[IF_NAMESIZE];
798
799 if (ia->alias[0] != '\0')
800 return 0;
801 state = IPV6_STATE(ia->iface);
802
803 /* First find an existng address.
804 * This can happen when dhcpcd restarts as ND and DHCPv6
805 * maintain their own lists of addresses. */
806 TAILQ_FOREACH(iap, &state->addrs, next) {
807 if (iap->alias[0] != '\0' &&
808 IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
809 {
810 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
811 return 0;
812 }
813 }
814
815 lun = 0;
816 find_unit:
817 if (if_makealias(alias, IF_NAMESIZE, ia->iface->name, lun) >=
818 IF_NAMESIZE)
819 {
820 errno = ENOMEM;
821 return -1;
822 }
823 TAILQ_FOREACH(iap, &state->addrs, next) {
824 if (iap->alias[0] == '\0')
825 continue;
826 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) {
827 /* No address assigned? Lets use it. */
828 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
829 if (repl)
830 *repl = iap;
831 return 1;
832 }
833 if (strcmp(iap->alias, alias) == 0)
834 break;
835 }
836
837 if (iap != NULL) {
838 if (lun == UINT_MAX) {
839 errno = ERANGE;
840 return -1;
841 }
842 lun++;
843 goto find_unit;
844 }
845
846 strlcpy(ia->alias, alias, sizeof(ia->alias));
847 return 0;
848 }
849 #endif
850
851 int
852 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now)
853 {
854 int r;
855 #ifdef ALIAS_ADDR
856 int replaced, blank;
857 struct ipv6_addr *replaced_ia;
858
859 blank = (ia->alias[0] == '\0');
860 if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1)
861 return -1;
862 if (blank)
863 logdebugx("%s: aliased %s", ia->alias, ia->saddr);
864 #endif
865
866 if ((r = ipv6_addaddr1(ia, now)) == 0) {
867 #ifdef ALIAS_ADDR
868 if (replaced) {
869 struct ipv6_state *state;
870
871 state = IPV6_STATE(ia->iface);
872 TAILQ_REMOVE(&state->addrs, replaced_ia, next);
873 ipv6_freeaddr(replaced_ia);
874 }
875 #endif
876 }
877 return r;
878 }
879
880 int
881 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match,
882 unsigned int flags)
883 {
884
885 if (match == NULL) {
886 if ((addr->flags &
887 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) ==
888 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED))
889 return 1;
890 } else if (addr->prefix_vltime &&
891 IN6_ARE_ADDR_EQUAL(&addr->addr, match) &&
892 (!flags || addr->flags & flags))
893 return 1;
894
895 return 0;
896 }
897
898 struct ipv6_addr *
899 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags)
900 {
901 struct ipv6_addr *nap;
902 #ifdef DHCP6
903 struct ipv6_addr *dap;
904 #endif
905
906 nap = ipv6nd_findaddr(ctx, addr, flags);
907 #ifdef DHCP6
908 dap = dhcp6_findaddr(ctx, addr, flags);
909 if (!dap && !nap)
910 return NULL;
911 if (dap && !nap)
912 return dap;
913 if (nap && !dap)
914 return nap;
915 if (nap->iface->metric < dap->iface->metric)
916 return nap;
917 return dap;
918 #else
919 return nap;
920 #endif
921 }
922
923 ssize_t
924 ipv6_addaddrs(struct ipv6_addrhead *addrs)
925 {
926 struct ipv6_addr *ap, *apn;
927 ssize_t i;
928 struct timespec now;
929
930 i = 0;
931 timespecclear(&now);
932 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
933 /* A delegated prefix is not an address. */
934 if (ap->flags & IPV6_AF_DELEGATEDPFX)
935 continue;
936 if (ap->prefix_vltime == 0) {
937 if (ap->flags & IPV6_AF_ADDED) {
938 ipv6_deleteaddr(ap);
939 i++;
940 }
941 eloop_q_timeout_delete(ap->iface->ctx->eloop,
942 0, NULL, ap);
943 if (ap->flags & IPV6_AF_REQUEST) {
944 ap->flags &= ~IPV6_AF_ADDED;
945 } else {
946 TAILQ_REMOVE(addrs, ap, next);
947 ipv6_freeaddr(ap);
948 }
949 } else if (!(ap->flags & IPV6_AF_STALE) &&
950 !IN6_IS_ADDR_UNSPECIFIED(&ap->addr))
951 {
952 if (ap->flags & IPV6_AF_NEW)
953 i++;
954 if (!timespecisset(&now))
955 clock_gettime(CLOCK_MONOTONIC, &now);
956 ipv6_addaddr(ap, &now);
957 }
958 }
959
960 return i;
961 }
962
963 void
964 ipv6_freeaddr(struct ipv6_addr *ia)
965 {
966 #ifndef SMALL
967 struct ipv6_addr *iad;
968
969 /* Forget the reference */
970 if (ia->flags & IPV6_AF_DELEGATEDPFX) {
971 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) {
972 iad->delegating_prefix = NULL;
973 }
974 } else if (ia->delegating_prefix != NULL) {
975 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next);
976 }
977 #endif
978
979 if (ia->dhcp6_fd != -1) {
980 close(ia->dhcp6_fd);
981 eloop_event_delete(ia->iface->ctx->eloop, ia->dhcp6_fd);
982 }
983
984 eloop_q_timeout_delete(ia->iface->ctx->eloop, 0, NULL, ia);
985 free(ia->na);
986 free(ia);
987 }
988
989 void
990 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
991 const struct interface *ifd)
992 {
993 struct ipv6_addr *ap, *apn, *apf;
994 struct timespec now;
995
996 #ifdef SMALL
997 UNUSED(ifd);
998 #endif
999 timespecclear(&now);
1000 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
1001 #ifndef SMALL
1002 if (ifd != NULL &&
1003 (ap->delegating_prefix == NULL ||
1004 ap->delegating_prefix->iface != ifd))
1005 continue;
1006 #endif
1007 if (drop != 2)
1008 TAILQ_REMOVE(addrs, ap, next);
1009 if (drop && ap->flags & IPV6_AF_ADDED &&
1010 (ap->iface->options->options &
1011 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
1012 (DHCPCD_EXITING | DHCPCD_PERSISTENT))
1013 {
1014 /* Don't drop link-local addresses. */
1015 if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) ||
1016 CAN_DROP_LLADDR(ap->iface))
1017 {
1018 if (drop == 2)
1019 TAILQ_REMOVE(addrs, ap, next);
1020 /* Find the same address somewhere else */
1021 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr,
1022 0);
1023 if ((apf == NULL ||
1024 (apf->iface != ap->iface)))
1025 ipv6_deleteaddr(ap);
1026 if (!(ap->iface->options->options &
1027 DHCPCD_EXITING) && apf)
1028 {
1029 if (!timespecisset(&now))
1030 clock_gettime(CLOCK_MONOTONIC,
1031 &now);
1032 ipv6_addaddr(apf, &now);
1033 }
1034 if (drop == 2)
1035 ipv6_freeaddr(ap);
1036 }
1037 }
1038 if (drop != 2)
1039 ipv6_freeaddr(ap);
1040 }
1041 }
1042
1043 static struct ipv6_state *
1044 ipv6_getstate(struct interface *ifp)
1045 {
1046 struct ipv6_state *state;
1047
1048 state = IPV6_STATE(ifp);
1049 if (state == NULL) {
1050 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
1051 state = IPV6_STATE(ifp);
1052 if (state == NULL) {
1053 logerr(__func__);
1054 return NULL;
1055 }
1056 TAILQ_INIT(&state->addrs);
1057 TAILQ_INIT(&state->ll_callbacks);
1058
1059 /* Regenerate new ids */
1060 if (ifp->options &&
1061 ip6_use_tempaddr(ifp->name))
1062 ipv6_regentempifid(ifp);
1063 }
1064 return state;
1065 }
1066
1067 struct ipv6_addr *
1068 ipv6_ifanyglobal(struct interface *ifp)
1069 {
1070 struct ipv6_state *state;
1071 struct ipv6_addr *ia;
1072
1073 if (ifp->carrier == LINK_DOWN)
1074 return NULL;
1075
1076 state = IPV6_STATE(ifp);
1077 if (state == NULL)
1078 return NULL;
1079
1080 TAILQ_FOREACH(ia, &state->addrs, next) {
1081 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr))
1082 continue;
1083 /* Let's be optimistic.
1084 * Any decent OS won't forward or accept traffic
1085 * from/to tentative or detached addresses. */
1086 if (!(ia->addr_flags & IN6_IFF_DUPLICATED))
1087 break;
1088 }
1089 return ia;
1090 }
1091
1092 void
1093 ipv6_handleifa(struct dhcpcd_ctx *ctx,
1094 int cmd, struct if_head *ifs, const char *ifname,
1095 const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid)
1096 {
1097 struct interface *ifp;
1098 struct ipv6_state *state;
1099 struct ipv6_addr *ia;
1100 struct ll_callback *cb;
1101 bool anyglobal;
1102
1103 #ifdef __sun
1104 struct sockaddr_in6 subnet;
1105
1106 /* Solaris on-link route is an unspecified address! */
1107 if (IN6_IS_ADDR_UNSPECIFIED(addr)) {
1108 if (if_getsubnet(ctx, ifname, AF_INET6,
1109 &subnet, sizeof(subnet)) == -1)
1110 {
1111 logerr(__func__);
1112 return;
1113 }
1114 addr = &subnet.sin6_addr;
1115 }
1116 #endif
1117
1118 #if 0
1119 char dbuf[INET6_ADDRSTRLEN];
1120 const char *dbp;
1121
1122 dbp = inet_ntop(AF_INET6, &addr->s6_addr,
1123 dbuf, INET6_ADDRSTRLEN);
1124 loginfox("%s: cmd %d addr %s addrflags %d",
1125 ifname, cmd, dbp, addrflags);
1126 #endif
1127
1128 if (ifs == NULL)
1129 ifs = ctx->ifaces;
1130 if (ifs == NULL)
1131 return;
1132 if ((ifp = if_find(ifs, ifname)) == NULL)
1133 return;
1134 if ((state = ipv6_getstate(ifp)) == NULL)
1135 return;
1136 anyglobal = ipv6_ifanyglobal(ifp) != NULL;
1137
1138 TAILQ_FOREACH(ia, &state->addrs, next) {
1139 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr))
1140 break;
1141 }
1142
1143 switch (cmd) {
1144 case RTM_DELADDR:
1145 if (ia != NULL) {
1146 TAILQ_REMOVE(&state->addrs, ia, next);
1147 #ifdef ND6_ADVERTISE
1148 /* Advertise the address if it exists on
1149 * another interface. */
1150 ipv6nd_advertise(ia);
1151 #endif
1152 /* We'll free it at the end of the function. */
1153 }
1154 break;
1155 case RTM_NEWADDR:
1156 if (ia == NULL) {
1157 ia = ipv6_newaddr(ifp, addr, prefix_len, 0);
1158 #ifdef ALIAS_ADDR
1159 strlcpy(ia->alias, ifname, sizeof(ia->alias));
1160 #endif
1161 if (if_getlifetime6(ia) == -1) {
1162 /* No support or address vanished.
1163 * Either way, just set a deprecated
1164 * infinite time lifetime and continue.
1165 * This is fine because we only want
1166 * to know this when trying to extend
1167 * temporary addresses.
1168 * As we can't extend infinite, we'll
1169 * create a new temporary address. */
1170 ia->prefix_pltime = 0;
1171 ia->prefix_vltime =
1172 ND6_INFINITE_LIFETIME;
1173 }
1174 /* This is a minor regression against RFC 4941
1175 * because the kernel only knows when the
1176 * lifetimes were last updated, not when the
1177 * address was initially created.
1178 * Provided dhcpcd is not restarted, this
1179 * won't be a problem.
1180 * If we don't like it, we can always
1181 * pretend lifetimes are infinite and always
1182 * generate a new temporary address on
1183 * restart. */
1184 ia->acquired = ia->created;
1185 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1186 }
1187 ia->addr_flags = addrflags;
1188 ia->flags &= ~IPV6_AF_STALE;
1189 #ifdef IPV6_MANAGETEMPADDR
1190 if (ia->addr_flags & IN6_IFF_TEMPORARY)
1191 ia->flags |= IPV6_AF_TEMPORARY;
1192 #endif
1193 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) {
1194 #ifdef IPV6_POLLADDRFLAG
1195 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1196 struct timespec tv;
1197
1198 ms_to_ts(&tv, RETRANS_TIMER / 2);
1199 eloop_timeout_add_tv(
1200 ia->iface->ctx->eloop,
1201 &tv, ipv6_checkaddrflags, ia);
1202 break;
1203 }
1204 #endif
1205
1206 if (ia->dadcallback) {
1207 ia->dadcallback(ia);
1208 if (ctx->options & DHCPCD_FORKED)
1209 goto out;
1210 }
1211
1212 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) &&
1213 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1214 {
1215 /* Now run any callbacks.
1216 * Typically IPv6RS or DHCPv6 */
1217 while ((cb =
1218 TAILQ_FIRST(&state->ll_callbacks)))
1219 {
1220 TAILQ_REMOVE(
1221 &state->ll_callbacks,
1222 cb, next);
1223 cb->callback(cb->arg);
1224 free(cb);
1225 if (ctx->options & DHCPCD_FORKED)
1226 goto out;
1227 }
1228 }
1229 }
1230 break;
1231 }
1232
1233 if (ia == NULL)
1234 return;
1235
1236 ctx->options &= ~DHCPCD_RTBUILD;
1237 ipv6nd_handleifa(cmd, ia, pid);
1238 #ifdef DHCP6
1239 dhcp6_handleifa(cmd, ia, pid);
1240 #endif
1241
1242 out:
1243 /* Done with the ia now, so free it. */
1244 if (cmd == RTM_DELADDR)
1245 ipv6_freeaddr(ia);
1246 else if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1247 ia->flags |= IPV6_AF_DADCOMPLETED;
1248
1249 /* If we've not already called rt_build via the IPv6ND
1250 * or DHCP6 handlers and the existance of any useable
1251 * global address on the interface has changed,
1252 * call rt_build to add/remove the default route. */
1253 if (ifp->active && ifp->options->options & DHCPCD_IPV6 &&
1254 !(ctx->options & DHCPCD_RTBUILD) &&
1255 (ipv6_ifanyglobal(ifp) != NULL) != anyglobal)
1256 rt_build(ctx, AF_INET6);
1257 }
1258
1259 int
1260 ipv6_hasaddr(const struct interface *ifp)
1261 {
1262
1263 if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL)
1264 return 1;
1265 #ifdef DHCP6
1266 if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL)
1267 return 1;
1268 #endif
1269 return 0;
1270 }
1271
1272 struct ipv6_addr *
1273 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr,
1274 int revflags)
1275 {
1276 struct ipv6_state *state;
1277 struct ipv6_addr *ap;
1278
1279 state = IPV6_STATE(ifp);
1280 if (state) {
1281 TAILQ_FOREACH(ap, &state->addrs, next) {
1282 if (addr == NULL) {
1283 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1284 (!revflags || !(ap->addr_flags & revflags)))
1285 return ap;
1286 } else {
1287 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1288 (!revflags || !(ap->addr_flags & revflags)))
1289 return ap;
1290 }
1291 }
1292 }
1293 return NULL;
1294 }
1295
1296 static struct ipv6_addr *
1297 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr)
1298 {
1299 struct ipv6_state *state;
1300 struct ipv6_addr *ap;
1301 struct in6_addr mask;
1302
1303 state = IPV6_STATE(ifp);
1304 if (state) {
1305 TAILQ_FOREACH(ap, &state->addrs, next) {
1306 if (ipv6_mask(&mask, ap->prefix_len) == -1)
1307 continue;
1308 if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask))
1309 return ap;
1310 }
1311 }
1312 return NULL;
1313 }
1314
1315 struct ipv6_addr *
1316 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr)
1317 {
1318 struct interface *ifp;
1319 struct ipv6_addr *ap;
1320
1321 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1322 ap = ipv6_iffindmaskaddr(ifp, addr);
1323 if (ap != NULL)
1324 return ap;
1325 }
1326 return NULL;
1327 }
1328
1329 int
1330 ipv6_addlinklocalcallback(struct interface *ifp,
1331 void (*callback)(void *), void *arg)
1332 {
1333 struct ipv6_state *state;
1334 struct ll_callback *cb;
1335
1336 state = ipv6_getstate(ifp);
1337 TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1338 if (cb->callback == callback && cb->arg == arg)
1339 break;
1340 }
1341 if (cb == NULL) {
1342 cb = malloc(sizeof(*cb));
1343 if (cb == NULL) {
1344 logerr(__func__);
1345 return -1;
1346 }
1347 cb->callback = callback;
1348 cb->arg = arg;
1349 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1350 }
1351 return 0;
1352 }
1353
1354 static struct ipv6_addr *
1355 ipv6_newlinklocal(struct interface *ifp)
1356 {
1357 struct ipv6_addr *ia;
1358 struct in6_addr in6;
1359
1360 memset(&in6, 0, sizeof(in6));
1361 in6.s6_addr32[0] = htonl(0xfe800000);
1362 ia = ipv6_newaddr(ifp, &in6, 64, 0);
1363 if (ia != NULL) {
1364 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1365 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1366 }
1367 return ia;
1368 }
1369
1370 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1371 static const uint8_t allone[8] =
1372 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1373
1374 static int
1375 ipv6_addlinklocal(struct interface *ifp)
1376 {
1377 struct ipv6_state *state;
1378 struct ipv6_addr *ap, *ap2;
1379 int dadcounter;
1380
1381 /* Check sanity before malloc */
1382 if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1383 switch (ifp->family) {
1384 case ARPHRD_ETHER:
1385 /* Check for a valid hardware address */
1386 if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1387 errno = ENOTSUP;
1388 return -1;
1389 }
1390 if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1391 memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1392 {
1393 errno = EINVAL;
1394 return -1;
1395 }
1396 break;
1397 default:
1398 errno = ENOTSUP;
1399 return -1;
1400 }
1401 }
1402
1403 state = ipv6_getstate(ifp);
1404 if (state == NULL)
1405 return -1;
1406
1407 ap = ipv6_newlinklocal(ifp);
1408 if (ap == NULL)
1409 return -1;
1410
1411 dadcounter = 0;
1412 if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1413 nextslaacprivate:
1414 if (ipv6_makestableprivate(&ap->addr,
1415 &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1416 {
1417 free(ap);
1418 return -1;
1419 }
1420 ap->dadcounter = dadcounter;
1421 } else {
1422 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1423 switch (ifp->family) {
1424 case ARPHRD_ETHER:
1425 if (ifp->hwlen == 6) {
1426 ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1427 ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1428 ap->addr.s6_addr[10] = ifp->hwaddr[2];
1429 ap->addr.s6_addr[11] = 0xff;
1430 ap->addr.s6_addr[12] = 0xfe;
1431 ap->addr.s6_addr[13] = ifp->hwaddr[3];
1432 ap->addr.s6_addr[14] = ifp->hwaddr[4];
1433 ap->addr.s6_addr[15] = ifp->hwaddr[5];
1434 } else if (ifp->hwlen == 8)
1435 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1436 else {
1437 free(ap);
1438 errno = ENOTSUP;
1439 return -1;
1440 }
1441 break;
1442 }
1443
1444 /* Sanity check: g bit must not indciate "group" */
1445 if (EUI64_GROUP(&ap->addr)) {
1446 free(ap);
1447 errno = EINVAL;
1448 return -1;
1449 }
1450 EUI64_TO_IFID(&ap->addr);
1451 }
1452
1453 /* Do we already have this address? */
1454 TAILQ_FOREACH(ap2, &state->addrs, next) {
1455 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1456 if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1457 if (ifp->options->options &
1458 DHCPCD_SLAACPRIVATE)
1459 {
1460 dadcounter++;
1461 goto nextslaacprivate;
1462 }
1463 free(ap);
1464 errno = EADDRNOTAVAIL;
1465 return -1;
1466 }
1467
1468 logwarnx("%s: waiting for %s to complete",
1469 ap2->iface->name, ap2->saddr);
1470 free(ap);
1471 errno = EEXIST;
1472 return 0;
1473 }
1474 }
1475
1476 inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1477 TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1478 ipv6_addaddr(ap, NULL);
1479 return 1;
1480 }
1481
1482 static int
1483 ipv6_tryaddlinklocal(struct interface *ifp)
1484 {
1485 struct ipv6_addr *ia;
1486
1487 /* We can't assign a link-locak address to this,
1488 * the ppp process has to. */
1489 if (ifp->flags & IFF_POINTOPOINT)
1490 return 0;
1491
1492 ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED);
1493 if (ia != NULL) {
1494 #ifdef IPV6_POLLADDRFLAG
1495 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1496 struct timespec tv;
1497
1498 ms_to_ts(&tv, RETRANS_TIMER / 2);
1499 eloop_timeout_add_tv(
1500 ia->iface->ctx->eloop,
1501 &tv, ipv6_checkaddrflags, ia);
1502 }
1503 #endif
1504 return 0;
1505 }
1506 if (!CAN_ADD_LLADDR(ifp))
1507 return 0;
1508
1509 return ipv6_addlinklocal(ifp);
1510 }
1511
1512 struct ipv6_addr *
1513 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr,
1514 uint8_t prefix_len, unsigned int flags)
1515 {
1516 struct ipv6_addr *ia;
1517 char buf[INET6_ADDRSTRLEN];
1518 const char *cbp;
1519 bool tempaddr;
1520 int addr_flags;
1521
1522 /* If adding a new DHCP / RA derived address, check current flags
1523 * from an existing address. */
1524 ia = ipv6_iffindaddr(ifp, addr, 0);
1525 if (ia != NULL)
1526 addr_flags = ia->addr_flags;
1527 else
1528 addr_flags = IN6_IFF_TENTATIVE;
1529
1530 ia = calloc(1, sizeof(*ia));
1531 if (ia == NULL)
1532 goto err;
1533
1534 ia->iface = ifp;
1535 ia->addr_flags = addr_flags;
1536 ia->flags = IPV6_AF_NEW | flags;
1537 if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1538 ia->flags |= IPV6_AF_DADCOMPLETED;
1539 ia->prefix_len = prefix_len;
1540 ia->dhcp6_fd = -1;
1541
1542 #ifdef IPV6_AF_TEMPORARY
1543 tempaddr = ia->flags & IPV6_AF_TEMPORARY;
1544 #else
1545 tempaddr = false;
1546 #endif
1547
1548 if (ia->flags & IPV6_AF_AUTOCONF && !tempaddr) {
1549 ia->prefix = *addr;
1550 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp,
1551 &ia->prefix,
1552 ia->prefix_len);
1553 if (ia->dadcounter == -1)
1554 goto err;
1555 } else if (ia->flags & IPV6_AF_RAPFX) {
1556 ia->prefix = *addr;
1557 #ifdef __sun
1558 ia->addr = *addr;
1559 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1560 goto paddr;
1561 #else
1562 return ia;
1563 #endif
1564 } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX) &&
1565 prefix_len != 128)
1566 {
1567 ia->prefix = *addr;
1568 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf));
1569 goto paddr;
1570 } else {
1571 ia->addr = *addr;
1572 if (ipv6_makeprefix(&ia->prefix,
1573 &ia->addr, ia->prefix_len) == -1)
1574 goto err;
1575 }
1576
1577 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1578 paddr:
1579 if (cbp == NULL)
1580 goto err;
1581 snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len);
1582
1583 return ia;
1584
1585 err:
1586 logerr(__func__);
1587 free(ia);
1588 return NULL;
1589 }
1590
1591 static void
1592 ipv6_staticdadcallback(void *arg)
1593 {
1594 struct ipv6_addr *ia = arg;
1595 int wascompleted;
1596
1597 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
1598 ia->flags |= IPV6_AF_DADCOMPLETED;
1599 if (ia->flags & IPV6_AF_DUPLICATED)
1600 logwarnx("%s: DAD detected %s", ia->iface->name,
1601 ia->saddr);
1602 else if (!wascompleted) {
1603 logdebugx("%s: IPv6 static DAD completed",
1604 ia->iface->name);
1605 }
1606
1607 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1608 if (!wascompleted) {
1609 struct interface *ifp;
1610 struct ipv6_state *state;
1611
1612 ifp = ia->iface;
1613 state = IPV6_STATE(ifp);
1614 TAILQ_FOREACH(ia, &state->addrs, next) {
1615 if (ia->flags & IPV6_AF_STATIC &&
1616 (ia->flags & FINISHED) != FINISHED)
1617 {
1618 wascompleted = 1;
1619 break;
1620 }
1621 }
1622 if (!wascompleted)
1623 script_runreason(ifp, "STATIC6");
1624 }
1625 #undef FINISHED
1626 }
1627
1628 ssize_t
1629 ipv6_env(FILE *fp, const char *prefix, const struct interface *ifp)
1630 {
1631 struct ipv6_addr *ia;
1632
1633 ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6,
1634 IN6_IFF_NOTUSEABLE);
1635 if (ia == NULL)
1636 return 0;
1637 if (efprintf(fp, "%s_ip6_address=%s", prefix, ia->saddr) == -1)
1638 return -1;
1639 return 1;
1640 }
1641
1642 int
1643 ipv6_staticdadcompleted(const struct interface *ifp)
1644 {
1645 const struct ipv6_state *state;
1646 const struct ipv6_addr *ia;
1647 int n;
1648
1649 if ((state = IPV6_CSTATE(ifp)) == NULL)
1650 return 0;
1651 n = 0;
1652 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1653 TAILQ_FOREACH(ia, &state->addrs, next) {
1654 if ((ia->flags & COMPLETED) == COMPLETED &&
1655 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1656 n++;
1657 }
1658 return n;
1659 }
1660
1661 int
1662 ipv6_startstatic(struct interface *ifp)
1663 {
1664 struct ipv6_addr *ia;
1665 int run_script;
1666
1667 if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6))
1668 return 0;
1669
1670 ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0);
1671 if (ia != NULL &&
1672 (ia->prefix_len != ifp->options->req_prefix_len ||
1673 ia->addr_flags & IN6_IFF_NOTUSEABLE))
1674 {
1675 ipv6_deleteaddr(ia);
1676 ia = NULL;
1677 }
1678 if (ia == NULL) {
1679 struct ipv6_state *state;
1680
1681 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6,
1682 ifp->options->req_prefix_len, 0);
1683 if (ia == NULL)
1684 return -1;
1685 state = IPV6_STATE(ifp);
1686 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1687 run_script = 0;
1688 } else
1689 run_script = 1;
1690 ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK;
1691 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1692 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1693 ia->dadcallback = ipv6_staticdadcallback;
1694 ipv6_addaddr(ia, NULL);
1695 rt_build(ifp->ctx, AF_INET6);
1696 if (run_script)
1697 script_runreason(ifp, "STATIC6");
1698 return 1;
1699 }
1700
1701 /* Ensure the interface has a link-local address */
1702 int
1703 ipv6_start(struct interface *ifp)
1704 {
1705 #ifdef IPV6_POLLADDRFLAG
1706 struct ipv6_state *state;
1707
1708 /* We need to update the address flags. */
1709 if ((state = IPV6_STATE(ifp)) != NULL) {
1710 struct ipv6_addr *ia;
1711 const char *alias;
1712 int flags;
1713
1714 TAILQ_FOREACH(ia, &state->addrs, next) {
1715 #ifdef ALIAS_ADDR
1716 alias = ia->alias;
1717 #else
1718 alias = NULL;
1719 #endif
1720 flags = if_addrflags6(ia->iface, &ia->addr, alias);
1721 if (flags != -1)
1722 ia->addr_flags = flags;
1723 }
1724 }
1725 #endif
1726
1727 if (ipv6_tryaddlinklocal(ifp) == -1)
1728 return -1;
1729
1730 if (IPV6_CSTATE(ifp)) {
1731 /* Regenerate new ids */
1732 if (ip6_use_tempaddr(ifp->name))
1733 ipv6_regentempifid(ifp);
1734 }
1735
1736 return 0;
1737 }
1738
1739 void
1740 ipv6_freedrop(struct interface *ifp, int drop)
1741 {
1742 struct ipv6_state *state;
1743 struct ll_callback *cb;
1744
1745 if (ifp == NULL)
1746 return;
1747
1748 if ((state = IPV6_STATE(ifp)) == NULL)
1749 return;
1750
1751 /* If we got here, we can get rid of any LL callbacks. */
1752 while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1753 TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1754 free(cb);
1755 }
1756
1757 ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1758 if (drop) {
1759 if (ifp->ctx->ra_routers != NULL)
1760 rt_build(ifp->ctx, AF_INET6);
1761 } else {
1762 /* Because we need to cache the addresses we don't control,
1763 * we only free the state on when NOT dropping addresses. */
1764 free(state);
1765 ifp->if_data[IF_DATA_IPV6] = NULL;
1766 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1767 }
1768 }
1769
1770 void
1771 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1772 {
1773
1774 free(ctx->ra_routers);
1775 free(ctx->secret);
1776 }
1777
1778 int
1779 ipv6_handleifa_addrs(int cmd,
1780 struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid)
1781 {
1782 struct ipv6_addr *ia, *ian;
1783 uint8_t found, alldadcompleted;
1784
1785 alldadcompleted = 1;
1786 found = 0;
1787 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
1788 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) {
1789 if (ia->flags & IPV6_AF_ADDED &&
1790 !(ia->flags & IPV6_AF_DADCOMPLETED))
1791 alldadcompleted = 0;
1792 continue;
1793 }
1794 switch (cmd) {
1795 case RTM_DELADDR:
1796 if (ia->flags & IPV6_AF_ADDED) {
1797 logwarnx("%s: pid %d deleted address %s",
1798 ia->iface->name, pid, ia->saddr);
1799 ia->flags &= ~IPV6_AF_ADDED;
1800 }
1801 if (ia->flags & IPV6_AF_DELEGATED) {
1802 TAILQ_REMOVE(addrs, ia, next);
1803 ipv6_deletedaddr(ia);
1804 ipv6_freeaddr(ia);
1805 }
1806 break;
1807 case RTM_NEWADDR:
1808 /* Safety - ignore tentative announcements */
1809 if (addr->addr_flags &
1810 (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE))
1811 break;
1812 if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) {
1813 found++;
1814 if (addr->addr_flags & IN6_IFF_DUPLICATED)
1815 ia->flags |= IPV6_AF_DUPLICATED;
1816 else
1817 ia->flags &= ~IPV6_AF_DUPLICATED;
1818 if (ia->dadcallback)
1819 ia->dadcallback(ia);
1820 /* We need to set this here in-case the
1821 * dadcallback function checks it */
1822 ia->flags |= IPV6_AF_DADCOMPLETED;
1823 }
1824 break;
1825 }
1826 }
1827
1828 return alldadcompleted ? found : 0;
1829 }
1830
1831 #ifdef IPV6_MANAGETEMPADDR
1832 static const struct ipv6_addr *
1833 ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr)
1834 {
1835 const struct interface *ifp;
1836 const struct ipv6_state *state;
1837 const struct ipv6_addr *ia;
1838
1839 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1840 if ((state = IPV6_CSTATE(ifp))) {
1841 TAILQ_FOREACH(ia, &state->addrs, next) {
1842 if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0)
1843 return ia;
1844 }
1845 }
1846 }
1847 return NULL;
1848 }
1849
1850 static const uint8_t nullid[8];
1851 static const uint8_t anycastid[8] = {
1852 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 };
1853 static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe };
1854
1855 static void
1856 ipv6_regen_desync(struct interface *ifp, int force)
1857 {
1858 struct ipv6_state *state;
1859 time_t max;
1860
1861 state = IPV6_STATE(ifp);
1862
1863 /* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1864 * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1865 * I believe this is an error and it should be never be greateter than
1866 * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1867 max = ip6_temp_preferred_lifetime(ifp->name) - REGEN_ADVANCE;
1868 if (state->desync_factor && !force && state->desync_factor < max)
1869 return;
1870 if (state->desync_factor == 0)
1871 state->desync_factor =
1872 (time_t)arc4random_uniform(MIN(MAX_DESYNC_FACTOR,
1873 (uint32_t)max));
1874 max = ip6_temp_preferred_lifetime(ifp->name) -
1875 state->desync_factor - REGEN_ADVANCE;
1876 eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp);
1877 }
1878
1879 void
1880 ipv6_gentempifid(struct interface *ifp)
1881 {
1882 struct ipv6_state *state;
1883 MD5_CTX md5;
1884 uint8_t seed[16], digest[16];
1885 int retry;
1886
1887 if ((state = IPV6_STATE(ifp)) == NULL)
1888 return;
1889
1890 retry = 0;
1891 if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) {
1892 uint32_t r;
1893
1894 r = arc4random();
1895 memcpy(seed, &r, sizeof(r));
1896 r = arc4random();
1897 memcpy(seed + sizeof(r), &r, sizeof(r));
1898 } else
1899 memcpy(seed, state->randomseed0, sizeof(state->randomseed0));
1900
1901 memcpy(seed + sizeof(state->randomseed0),
1902 state->randomseed1, sizeof(state->randomseed1));
1903
1904 again:
1905 MD5Init(&md5);
1906 MD5Update(&md5, seed, sizeof(seed));
1907 MD5Final(digest, &md5);
1908
1909 /* RFC4941 Section 3.2.1.1
1910 * Take the left-most 64bits and set bit 6 to zero */
1911 memcpy(state->randomid, digest, sizeof(state->randomid));
1912 state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT);
1913
1914 /* RFC4941 Section 3.2.1.4
1915 * Reject reserved or existing id's */
1916 if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 ||
1917 (memcmp(anycastid, state->randomid, 7) == 0 &&
1918 (anycastid[7] & state->randomid[7]) == anycastid[7]) ||
1919 memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 ||
1920 ipv6_findaddrid(ifp->ctx, state->randomid))
1921 {
1922 if (++retry < GEN_TEMPID_RETRY_MAX) {
1923 memcpy(seed, digest + 8, 8);
1924 goto again;
1925 }
1926 memset(state->randomid, 0, sizeof(state->randomid));
1927 }
1928
1929 /* RFC4941 Section 3.2.1.6
1930 * Save the right-most 64bits of the digest */
1931 memcpy(state->randomseed0, digest + 8,
1932 sizeof(state->randomseed0));
1933 }
1934
1935 /* RFC4941 Section 3.3.7 */
1936 static void
1937 ipv6_tempdadcallback(void *arg)
1938 {
1939 struct ipv6_addr *ia = arg;
1940
1941 if (ia->flags & IPV6_AF_DUPLICATED) {
1942 struct ipv6_addr *ia1;
1943 struct timespec tv;
1944
1945 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1946 logerrx("%s: too many duplicate temporary addresses",
1947 ia->iface->name);
1948 return;
1949 }
1950 clock_gettime(CLOCK_MONOTONIC, &tv);
1951 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1952 logerr(__func__);
1953 else
1954 ia1->dadcounter = ia->dadcounter;
1955 ipv6_deleteaddr(ia);
1956 if (ia1)
1957 ipv6_addaddr(ia1, &ia1->acquired);
1958 }
1959 }
1960
1961 struct ipv6_addr *
1962 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1963 {
1964 struct ipv6_state *state;
1965 const struct ipv6_state *cstate;
1966 int genid;
1967 struct in6_addr addr, mask;
1968 uint32_t randid[2];
1969 const struct interface *ifp;
1970 const struct ipv6_addr *ap;
1971 struct ipv6_addr *ia;
1972 uint32_t i, trylimit;
1973
1974 trylimit = TEMP_IDGEN_RETRIES;
1975 state = IPV6_STATE(ia0->iface);
1976 genid = 0;
1977
1978 addr = ia0->addr;
1979 ipv6_mask(&mask, ia0->prefix_len);
1980 /* clear the old ifid */
1981 for (i = 0; i < 4; i++)
1982 addr.s6_addr32[i] &= mask.s6_addr32[i];
1983
1984 again:
1985 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0)
1986 genid = 1;
1987 if (genid) {
1988 memcpy(state->randomseed1, &ia0->addr.s6_addr[8],
1989 sizeof(state->randomseed1));
1990 ipv6_gentempifid(ia0->iface);
1991 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) {
1992 errno = EFAULT;
1993 return NULL;
1994 }
1995 }
1996 memcpy(&randid[0], state->randomid, sizeof(randid[0]));
1997 memcpy(&randid[1], state->randomid + sizeof(randid[1]),
1998 sizeof(randid[2]));
1999 addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2];
2000 addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3];
2001
2002 /* Ensure we don't already have it */
2003 TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) {
2004 cstate = IPV6_CSTATE(ifp);
2005 if (cstate) {
2006 TAILQ_FOREACH(ap, &cstate->addrs, next) {
2007 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) {
2008 if (--trylimit == 0) {
2009 errno = EEXIST;
2010 return NULL;
2011 }
2012 genid = 1;
2013 goto again;
2014 }
2015 }
2016 }
2017 }
2018
2019 ia = ipv6_newaddr(ia0->iface, &addr, ia0->prefix_len,
2020 IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY);
2021 /* Must be made tentative, for our DaD to work */
2022 ia->addr_flags = IN6_IFF_TENTATIVE;
2023 ia->dadcallback = ipv6_tempdadcallback;
2024 ia->created = ia->acquired = now ? *now : ia0->acquired;
2025
2026 /* Ensure desync is still valid */
2027 ipv6_regen_desync(ia->iface, 0);
2028
2029 /* RFC4941 Section 3.3.4 */
2030 i = (uint32_t)(ip6_temp_preferred_lifetime(ia0->iface->name) -
2031 state->desync_factor);
2032 ia->prefix_pltime = MIN(ia0->prefix_pltime, i);
2033 i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name);
2034 ia->prefix_vltime = MIN(ia0->prefix_vltime, i);
2035 if (ia->prefix_pltime <= REGEN_ADVANCE ||
2036 ia->prefix_pltime > ia0->prefix_vltime)
2037 {
2038 errno = EINVAL;
2039 free(ia);
2040 return NULL;
2041 }
2042
2043 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
2044 return ia;
2045 }
2046
2047 struct ipv6_addr *
2048 ipv6_settemptime(struct ipv6_addr *ia, int flags)
2049 {
2050 struct ipv6_state *state;
2051 struct ipv6_addr *ap, *first;
2052
2053 state = IPV6_STATE(ia->iface);
2054 first = NULL;
2055 TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
2056 if (ap->flags & IPV6_AF_TEMPORARY &&
2057 ap->prefix_pltime &&
2058 IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
2059 {
2060 time_t max, ext;
2061
2062 if (flags == 0) {
2063 if (ap->prefix_pltime -
2064 (uint32_t)(ia->acquired.tv_sec -
2065 ap->acquired.tv_sec)
2066 < REGEN_ADVANCE)
2067 continue;
2068
2069 return ap;
2070 }
2071
2072 if (!(ap->flags & IPV6_AF_ADDED))
2073 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
2074 ap->flags &= ~IPV6_AF_STALE;
2075
2076 /* RFC4941 Section 3.4
2077 * Deprecated prefix, deprecate the temporary address */
2078 if (ia->prefix_pltime == 0) {
2079 ap->prefix_pltime = 0;
2080 goto valid;
2081 }
2082
2083 /* Ensure desync is still valid */
2084 ipv6_regen_desync(ap->iface, 0);
2085
2086 /* RFC4941 Section 3.3.2
2087 * Extend temporary times, but ensure that they
2088 * never last beyond the system limit. */
2089 ext = ia->acquired.tv_sec + (time_t)ia->prefix_pltime;
2090 max = ap->created.tv_sec +
2091 ip6_temp_preferred_lifetime(ap->iface->name) -
2092 state->desync_factor;
2093 if (ext < max)
2094 ap->prefix_pltime = ia->prefix_pltime;
2095 else
2096 ap->prefix_pltime =
2097 (uint32_t)(max - ia->acquired.tv_sec);
2098
2099 valid:
2100 ext = ia->acquired.tv_sec + (time_t)ia->prefix_vltime;
2101 max = ap->created.tv_sec +
2102 ip6_temp_valid_lifetime(ap->iface->name);
2103 if (ext < max)
2104 ap->prefix_vltime = ia->prefix_vltime;
2105 else
2106 ap->prefix_vltime =
2107 (uint32_t)(max - ia->acquired.tv_sec);
2108
2109 /* Just extend the latest matching prefix */
2110 ap->acquired = ia->acquired;
2111
2112 /* If extending return the last match as
2113 * it's the most current.
2114 * If deprecating, deprecate any other addresses we
2115 * may have, although this should not be needed */
2116 if (ia->prefix_pltime)
2117 return ap;
2118 if (first == NULL)
2119 first = ap;
2120 }
2121 }
2122 return first;
2123 }
2124
2125 void
2126 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
2127 {
2128 struct ipv6_state *state;
2129 struct ipv6_addr *ia;
2130
2131 state = IPV6_STATE(ifp);
2132 TAILQ_FOREACH(ia, &state->addrs, next) {
2133 if (ia->flags & IPV6_AF_TEMPORARY &&
2134 !(ia->flags & IPV6_AF_STALE))
2135 ipv6_addaddr(ia, now);
2136 }
2137 }
2138
2139 static void
2140 ipv6_regentempaddr(void *arg)
2141 {
2142 struct ipv6_addr *ia = arg, *ia1;
2143 struct timespec tv;
2144
2145 logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr);
2146 clock_gettime(CLOCK_MONOTONIC, &tv);
2147 ia1 = ipv6_createtempaddr(ia, &tv);
2148 if (ia1)
2149 ipv6_addaddr(ia1, &tv);
2150 else
2151 logerr(__func__);
2152 }
2153
2154 static void
2155 ipv6_regentempifid(void *arg)
2156 {
2157 struct interface *ifp = arg;
2158 struct ipv6_state *state;
2159
2160 state = IPV6_STATE(ifp);
2161 if (memcmp(state->randomid, nullid, sizeof(state->randomid)))
2162 ipv6_gentempifid(ifp);
2163
2164 ipv6_regen_desync(ifp, 1);
2165 }
2166 #endif /* IPV6_MANAGETEMPADDR */
2167
2168 void
2169 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags)
2170 {
2171 struct ipv6_state *state;
2172 struct ipv6_addr *ia;
2173
2174 state = IPV6_STATE(ifp);
2175 if (state == NULL)
2176 return;
2177
2178 TAILQ_FOREACH(ia, &state->addrs, next) {
2179 if (flags == 0 || ia->flags & flags)
2180 ia->flags |= IPV6_AF_STALE;
2181 }
2182 }
2183
2184 void
2185 ipv6_deletestaleaddrs(struct interface *ifp)
2186 {
2187 struct ipv6_state *state;
2188 struct ipv6_addr *ia, *ia1;
2189
2190 state = IPV6_STATE(ifp);
2191 if (state == NULL)
2192 return;
2193
2194 TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) {
2195 if (ia->flags & IPV6_AF_STALE)
2196 ipv6_handleifa(ifp->ctx, RTM_DELADDR,
2197 ifp->ctx->ifaces, ifp->name,
2198 &ia->addr, ia->prefix_len, 0, getpid());
2199 }
2200 }
2201
2202
2203 static struct rt *
2204 inet6_makeroute(struct interface *ifp, const struct ra *rap)
2205 {
2206 struct rt *rt;
2207
2208 if ((rt = rt_new(ifp)) == NULL)
2209 return NULL;
2210
2211 #ifdef HAVE_ROUTE_METRIC
2212 rt->rt_metric = ifp->metric;
2213 #endif
2214 if (rap != NULL)
2215 rt->rt_mtu = rap->mtu;
2216 return rt;
2217 }
2218
2219 static struct rt *
2220 inet6_makeprefix(struct interface *ifp, const struct ra *rap,
2221 const struct ipv6_addr *addr)
2222 {
2223 struct rt *rt;
2224 struct in6_addr netmask;
2225
2226 if (addr == NULL || addr->prefix_len > 128) {
2227 errno = EINVAL;
2228 return NULL;
2229 }
2230
2231 /* There is no point in trying to manage a /128 prefix,
2232 * ones without a lifetime. */
2233 if (addr->prefix_len == 128 || addr->prefix_vltime == 0)
2234 return NULL;
2235
2236 /* Don't install a reject route when not creating bigger prefixes. */
2237 if (addr->flags & IPV6_AF_NOREJECT)
2238 return NULL;
2239
2240 /* This address is the delegated prefix, so add a reject route for
2241 * it via the loopback interface. */
2242 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2243 struct interface *lo0;
2244
2245 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) {
2246 if (lo0->flags & IFF_LOOPBACK)
2247 break;
2248 }
2249 if (lo0 == NULL)
2250 logwarnx("cannot find a loopback interface "
2251 "to reject via");
2252 else
2253 ifp = lo0;
2254 }
2255
2256 if ((rt = inet6_makeroute(ifp, rap)) == NULL)
2257 return NULL;
2258
2259 sa_in6_init(&rt->rt_dest, &addr->prefix);
2260 ipv6_mask(&netmask, addr->prefix_len);
2261 sa_in6_init(&rt->rt_netmask, &netmask);
2262 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2263 rt->rt_flags |= RTF_REJECT;
2264 /* Linux does not like a gateway for a reject route. */
2265 #ifndef __linux__
2266 sa_in6_init(&rt->rt_gateway, &in6addr_loopback);
2267 #endif
2268 } else if (!(addr->flags & IPV6_AF_ONLINK))
2269 sa_in6_init(&rt->rt_gateway, &rap->from);
2270 else
2271 rt->rt_gateway.sa_family = AF_UNSPEC;
2272 sa_in6_init(&rt->rt_ifa, &addr->addr);
2273 return rt;
2274 }
2275
2276 static struct rt *
2277 inet6_makerouter(struct ra *rap)
2278 {
2279 struct rt *rt;
2280
2281 if ((rt = inet6_makeroute(rap->iface, rap)) == NULL)
2282 return NULL;
2283 sa_in6_init(&rt->rt_dest, &in6addr_any);
2284 sa_in6_init(&rt->rt_netmask, &in6addr_any);
2285 sa_in6_init(&rt->rt_gateway, &rap->from);
2286 return rt;
2287 }
2288
2289 #define RT_IS_DEFAULT(rtp) \
2290 (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) && \
2291 IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any))
2292
2293 static int
2294 inet6_staticroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2295 {
2296 struct interface *ifp;
2297 struct ipv6_state *state;
2298 struct ipv6_addr *ia;
2299 struct rt *rt;
2300
2301 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2302 if ((state = IPV6_STATE(ifp)) == NULL)
2303 continue;
2304 TAILQ_FOREACH(ia, &state->addrs, next) {
2305 if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) ==
2306 (IPV6_AF_ADDED | IPV6_AF_STATIC))
2307 {
2308 rt = inet6_makeprefix(ifp, NULL, ia);
2309 if (rt)
2310 rt_proto_add(routes, rt);
2311 }
2312 }
2313 }
2314 return 0;
2315 }
2316
2317 static int
2318 inet6_raroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2319 {
2320 struct rt *rt;
2321 struct ra *rap;
2322 const struct ipv6_addr *addr;
2323
2324 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
2325 if (rap->expired)
2326 continue;
2327 TAILQ_FOREACH(addr, &rap->addrs, next) {
2328 if (addr->prefix_vltime == 0)
2329 continue;
2330 rt = inet6_makeprefix(rap->iface, rap, addr);
2331 if (rt) {
2332 rt->rt_dflags |= RTDF_RA;
2333 rt_proto_add(routes, rt);
2334 }
2335 }
2336 if (rap->lifetime == 0)
2337 continue;
2338 if (ipv6_ifanyglobal(rap->iface) == NULL)
2339 continue;
2340 rt = inet6_makerouter(rap);
2341 if (rt == NULL)
2342 continue;
2343 rt->rt_dflags |= RTDF_RA;
2344 rt_proto_add(routes, rt);
2345 }
2346 return 0;
2347 }
2348
2349 #ifdef DHCP6
2350 static int
2351 inet6_dhcproutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx,
2352 enum DH6S dstate)
2353 {
2354 struct interface *ifp;
2355 const struct dhcp6_state *d6_state;
2356 const struct ipv6_addr *addr;
2357 struct rt *rt;
2358
2359 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2360 d6_state = D6_CSTATE(ifp);
2361 if (d6_state && d6_state->state == dstate) {
2362 TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2363 rt = inet6_makeprefix(ifp, NULL, addr);
2364 if (rt == NULL)
2365 continue;
2366 rt->rt_dflags |= RTDF_DHCP;
2367 rt_proto_add(routes, rt);
2368 }
2369 }
2370 }
2371 return 0;
2372 }
2373 #endif
2374
2375 bool
2376 inet6_getroutes(struct dhcpcd_ctx *ctx, rb_tree_t *routes)
2377 {
2378
2379 /* Should static take priority? */
2380 if (inet6_staticroutes(routes, ctx) == -1)
2381 return false;
2382
2383 /* First add reachable routers and their prefixes */
2384 if (inet6_raroutes(routes, ctx) == -1)
2385 return false;
2386
2387 #ifdef DHCP6
2388 /* We have no way of knowing if prefixes added by DHCP are reachable
2389 * or not, so we have to assume they are.
2390 * Add bound before delegated so we can prefer interfaces better. */
2391 if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1)
2392 return false;
2393 if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1)
2394 return false;
2395 #endif
2396
2397 return true;
2398 }
DragonFly BSD