1 /** 2 * Copyright (C) 2012-2013 Steven Barth <steven@midlink.org> 3 * Copyright (C) 2018 Hans Dedecker <dedeckeh@gmail.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License v2 as published by 7 * the Free Software Foundation. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 */ 15 16 #include <errno.h> 17 #include <fcntl.h> 18 #include <signal.h> 19 #include <stdio.h> 20 #include <stdlib.h> 21 #include <unistd.h> 22 #include <stdbool.h> 23 #include <arpa/inet.h> 24 #include <net/route.h> 25 26 #include <libubox/utils.h> 27 28 #include "router.h" 29 #include "odhcpd.h" 30 #include "statefiles.h" 31 32 33 static void forward_router_solicitation(const struct interface *iface); 34 static void forward_router_advertisement(const struct interface *iface, uint8_t *data, size_t len); 35 36 static void handle_icmpv6(void *addr, void *data, size_t len, 37 struct interface *iface, void *dest); 38 static void trigger_router_advert(struct uloop_timeout *event); 39 static void router_netevent_cb(unsigned long event, struct netevent_handler_info *info); 40 41 static struct netevent_handler router_netevent_handler = { .cb = router_netevent_cb, }; 42 43 static FILE *fp_route = NULL; 44 45 46 #define TIME_LEFT(t1, now) ((t1) != UINT32_MAX ? (t1) - (now) : UINT32_MAX) 47 48 int router_init(void) 49 { 50 int ret = 0; 51 52 if (!(fp_route = fopen("/proc/net/ipv6_route", "r"))) { 53 error("fopen(/proc/net/ipv6_route): %m"); 54 ret = -1; 55 goto out; 56 } 57 58 if (netlink_add_netevent_handler(&router_netevent_handler) < 0) { 59 error("Failed to add netevent handler"); 60 ret = -1; 61 } 62 63 out: 64 if (ret < 0 && fp_route) { 65 fclose(fp_route); 66 fp_route = NULL; 67 } 68 69 return ret; 70 } 71 72 73 int router_setup_interface(struct interface *iface, bool enable) 74 { 75 int ret = 0; 76 77 enable = enable && (iface->ra != MODE_DISABLED); 78 79 if (!fp_route) { 80 ret = -1; 81 goto out; 82 } 83 84 85 if (!enable && iface->router_event.uloop.fd >= 0) { 86 if (!iface->master) { 87 uloop_timeout_cancel(&iface->timer_rs); 88 iface->timer_rs.cb = NULL; 89 90 trigger_router_advert(&iface->timer_rs); 91 } 92 93 uloop_fd_delete(&iface->router_event.uloop); 94 close(iface->router_event.uloop.fd); 95 iface->router_event.uloop.fd = -1; 96 } else if (enable) { 97 struct icmp6_filter filt; 98 struct ipv6_mreq mreq; 99 int val = 2; 100 101 if (iface->router_event.uloop.fd < 0) { 102 /* Open ICMPv6 socket */ 103 iface->router_event.uloop.fd = socket(AF_INET6, SOCK_RAW | SOCK_CLOEXEC, 104 IPPROTO_ICMPV6); 105 if (iface->router_event.uloop.fd < 0) { 106 error("socket(AF_INET6): %m"); 107 ret = -1; 108 goto out; 109 } 110 111 if (setsockopt(iface->router_event.uloop.fd, SOL_SOCKET, SO_BINDTODEVICE, 112 iface->ifname, strlen(iface->ifname)) < 0) { 113 error("setsockopt(SO_BINDTODEVICE): %m"); 114 ret = -1; 115 goto out; 116 } 117 118 /* Let the kernel compute our checksums */ 119 if (setsockopt(iface->router_event.uloop.fd, IPPROTO_RAW, IPV6_CHECKSUM, 120 &val, sizeof(val)) < 0) { 121 error("setsockopt(IPV6_CHECKSUM): %m"); 122 ret = -1; 123 goto out; 124 } 125 126 /* This is required by RFC 4861 */ 127 val = 255; 128 if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, 129 &val, sizeof(val)) < 0) { 130 error("setsockopt(IPV6_MULTICAST_HOPS): %m"); 131 ret = -1; 132 goto out; 133 } 134 135 if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, 136 &val, sizeof(val)) < 0) { 137 error("setsockopt(IPV6_UNICAST_HOPS): %m"); 138 ret = -1; 139 goto out; 140 } 141 142 /* We need to know the source interface */ 143 val = 1; 144 if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, 145 &val, sizeof(val)) < 0) { 146 error("setsockopt(IPV6_RECVPKTINFO): %m"); 147 ret = -1; 148 goto out; 149 } 150 151 if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, 152 &val, sizeof(val)) < 0) { 153 error("setsockopt(IPV6_RECVHOPLIMIT): %m"); 154 ret = -1; 155 goto out; 156 } 157 158 /* Don't loop back */ 159 val = 0; 160 if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, 161 &val, sizeof(val)) < 0) { 162 error("setsockopt(IPV6_MULTICAST_LOOP): %m"); 163 ret = -1; 164 goto out; 165 } 166 167 /* Filter ICMPv6 package types */ 168 ICMP6_FILTER_SETBLOCKALL(&filt); 169 ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt); 170 ICMP6_FILTER_SETPASS(ND_ROUTER_SOLICIT, &filt); 171 if (setsockopt(iface->router_event.uloop.fd, IPPROTO_ICMPV6, ICMP6_FILTER, 172 &filt, sizeof(filt)) < 0) { 173 error("setsockopt(ICMP6_FILTER): %m"); 174 ret = -1; 175 goto out; 176 } 177 178 iface->router_event.handle_dgram = handle_icmpv6; 179 iface->ra_sent = 0; 180 odhcpd_register(&iface->router_event); 181 } else { 182 uloop_timeout_cancel(&iface->timer_rs); 183 iface->timer_rs.cb = NULL; 184 185 memset(&mreq, 0, sizeof(mreq)); 186 mreq.ipv6mr_interface = iface->ifindex; 187 inet_pton(AF_INET6, ALL_IPV6_NODES, &mreq.ipv6mr_multiaddr); 188 setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP, 189 &mreq, sizeof(mreq)); 190 191 inet_pton(AF_INET6, ALL_IPV6_ROUTERS, &mreq.ipv6mr_multiaddr); 192 setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP, 193 &mreq, sizeof(mreq)); 194 } 195 196 memset(&mreq, 0, sizeof(mreq)); 197 mreq.ipv6mr_interface = iface->ifindex; 198 inet_pton(AF_INET6, ALL_IPV6_ROUTERS, &mreq.ipv6mr_multiaddr); 199 200 if (iface->ra == MODE_RELAY && iface->master) { 201 inet_pton(AF_INET6, ALL_IPV6_NODES, &mreq.ipv6mr_multiaddr); 202 forward_router_solicitation(iface); 203 } else if (iface->ra == MODE_SERVER) { 204 iface->timer_rs.cb = trigger_router_advert; 205 uloop_timeout_set(&iface->timer_rs, 1000); 206 } 207 208 if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, 209 IPV6_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0) { 210 ret = -1; 211 error("setsockopt(IPV6_ADD_MEMBERSHIP): %m"); 212 goto out; 213 } 214 } 215 out: 216 if (ret < 0 && iface->router_event.uloop.fd >= 0) { 217 if (iface->router_event.uloop.registered) 218 uloop_fd_delete(&iface->router_event.uloop); 219 220 close(iface->router_event.uloop.fd); 221 iface->router_event.uloop.fd = -1; 222 } 223 224 return ret; 225 } 226 227 228 static void router_netevent_cb(unsigned long event, struct netevent_handler_info *info) 229 { 230 struct interface *iface; 231 232 switch (event) { 233 case NETEV_IFINDEX_CHANGE: 234 iface = info->iface; 235 if (iface && iface->router_event.uloop.fd >= 0) { 236 if (iface->router_event.uloop.registered) 237 uloop_fd_delete(&iface->router_event.uloop); 238 239 close(iface->router_event.uloop.fd); 240 iface->router_event.uloop.fd = -1; 241 } 242 break; 243 case NETEV_ROUTE6_ADD: 244 case NETEV_ROUTE6_DEL: 245 if (info->rt.dst_len) 246 break; 247 248 avl_for_each_element(&interfaces, iface, avl) { 249 if (iface->ra == MODE_SERVER && !iface->master) 250 uloop_timeout_set(&iface->timer_rs, 1000); 251 } 252 break; 253 case NETEV_ADDR6LIST_CHANGE: 254 iface = info->iface; 255 if (iface && iface->ra == MODE_SERVER && !iface->master) 256 uloop_timeout_set(&iface->timer_rs, 1000); 257 break; 258 default: 259 break; 260 } 261 } 262 263 264 static bool router_icmpv6_valid(struct sockaddr_in6 *source, uint8_t *data, size_t len) 265 { 266 struct icmp6_hdr *hdr = (struct icmp6_hdr *)data; 267 struct icmpv6_opt *opt, *end = (struct icmpv6_opt*)&data[len]; 268 269 /* Hoplimit is already checked in odhcpd_receive_packets */ 270 if (len < sizeof(*hdr) || hdr->icmp6_code) 271 return false; 272 273 switch (hdr->icmp6_type) { 274 case ND_ROUTER_ADVERT: 275 if (!IN6_IS_ADDR_LINKLOCAL(&source->sin6_addr)) 276 return false; 277 278 opt = (struct icmpv6_opt *)((struct nd_router_advert *)data + 1); 279 break; 280 281 case ND_ROUTER_SOLICIT: 282 opt = (struct icmpv6_opt *)((struct nd_router_solicit *)data + 1); 283 break; 284 285 default: 286 return false; 287 } 288 289 icmpv6_for_each_option(opt, opt, end) 290 if (opt->type == ND_OPT_SOURCE_LINKADDR && 291 IN6_IS_ADDR_UNSPECIFIED(&source->sin6_addr) && 292 hdr->icmp6_type == ND_ROUTER_SOLICIT) 293 return false; 294 295 /* Check all options parsed successfully */ 296 return opt == end; 297 } 298 299 300 /* Detect whether a default route exists, also find the source prefixes */ 301 static bool parse_routes(struct odhcpd_ipaddr *n, ssize_t len) 302 { 303 struct odhcpd_ipaddr p = { 304 .addr.in6 = IN6ADDR_ANY_INIT, 305 .prefix_len = 0, 306 .dprefix_len = 0, 307 .preferred_lt = 0, 308 .valid_lt = 0 309 }; 310 bool found_default = false; 311 char line[512], ifname[16]; 312 313 rewind(fp_route); 314 315 while (fgets(line, sizeof(line), fp_route)) { 316 uint32_t rflags; 317 if (sscanf(line, "00000000000000000000000000000000 00 " 318 "%*s %*s %*s %*s %*s %*s %*s %15s", ifname) && 319 strcmp(ifname, "lo")) { 320 found_default = true; 321 } else if (sscanf(line, "%8" SCNx32 "%8" SCNx32 "%*8" SCNx32 "%*8" SCNx32 " %hhx %*s " 322 "%*s 00000000000000000000000000000000 %*s %*s %*s %" SCNx32 " lo", 323 &p.addr.in6.s6_addr32[0], &p.addr.in6.s6_addr32[1], &p.prefix_len, &rflags) && 324 p.prefix_len > 0 && (rflags & RTF_NONEXTHOP) && (rflags & RTF_REJECT)) { 325 // Find source prefixes by scanning through unreachable-routes 326 p.addr.in6.s6_addr32[0] = htonl(p.addr.in6.s6_addr32[0]); 327 p.addr.in6.s6_addr32[1] = htonl(p.addr.in6.s6_addr32[1]); 328 329 for (ssize_t i = 0; i < len; ++i) { 330 if (n[i].prefix_len <= 64 && n[i].prefix_len >= p.prefix_len && 331 !odhcpd_bmemcmp(&p.addr.in6, &n[i].addr.in6, p.prefix_len)) { 332 n[i].dprefix_len = p.prefix_len; 333 break; 334 } 335 } 336 } 337 } 338 339 return found_default; 340 } 341 342 static int calc_adv_interval(struct interface *iface, uint32_t lowest_found_lifetime, 343 uint32_t *maxival) 344 { 345 uint32_t minival = iface->ra_mininterval; 346 int msecs; 347 348 *maxival = iface->ra_maxinterval; 349 350 if (*maxival > lowest_found_lifetime) 351 *maxival = lowest_found_lifetime; 352 353 odhcpd_urandom(&msecs, sizeof(msecs)); 354 msecs = (labs(msecs) % ((*maxival != minival) ? (*maxival - minival)*1000 : 500)) + 355 minival*1000; 356 357 /* RFC 2461 6.2.4 For the first MAX_INITIAL_RTR_ADVERTISEMENTS advertisements 358 * if the timer is bigger than MAX_INITIAL_RTR_ADVERT_INTERVAL it should be 359 * set to MAX_INITIAL_RTR_ADVERT_INTERVAL 360 * Off by one as an initial interval timer has already expired 361 */ 362 if ((iface->ra_sent + 1) < MaxInitialRtAdvs && msecs > MaxInitialRtrAdvInterval*1000) 363 msecs = MaxInitialRtrAdvInterval*1000; 364 365 return msecs; 366 } 367 368 static uint32_t calc_ra_lifetime(struct interface *iface, uint32_t maxival) 369 { 370 uint32_t lifetime = iface->max_preferred_lifetime; 371 372 if (iface->ra_lifetime > 0) { 373 lifetime = iface->ra_lifetime; 374 } 375 376 if (lifetime > 0 && lifetime < maxival) 377 lifetime = maxival; 378 else if (lifetime > RouterLifetime) 379 lifetime = RouterLifetime; 380 381 return lifetime; 382 } 383 384 enum { 385 IOV_RA_ADV=0, 386 IOV_RA_PFXS, 387 IOV_RA_ROUTES, 388 IOV_RA_DNS, 389 IOV_RA_SEARCH, 390 IOV_RA_PREF64, 391 IOV_RA_DNR, 392 IOV_RA_ADV_INTERVAL, 393 IOV_RA_CAPT_PORTAL, 394 IOV_RA_TOTAL, 395 }; 396 397 struct adv_msg { 398 struct nd_router_advert h; 399 struct icmpv6_opt lladdr; 400 struct nd_opt_mtu mtu; 401 }; 402 403 struct nd_opt_dns_server { 404 uint8_t type; 405 uint8_t len; 406 uint8_t pad; 407 uint8_t pad2; 408 uint32_t lifetime; 409 struct in6_addr addr[]; 410 }; 411 412 struct nd_opt_search_list { 413 uint8_t type; 414 uint8_t len; 415 uint16_t reserved; 416 uint32_t lifetime; 417 uint8_t name[]; 418 } _o_packed; 419 420 struct nd_opt_route_info { 421 uint8_t type; 422 uint8_t len; 423 uint8_t prefix_len; 424 uint8_t flags; 425 uint32_t lifetime; 426 uint32_t addr[4]; 427 }; 428 429 struct nd_opt_pref64_info { 430 uint8_t type; 431 uint8_t len; 432 uint16_t lifetime_plc; 433 uint32_t prefix[3]; 434 }; 435 436 struct nd_opt_dnr_info { 437 uint8_t type; 438 uint8_t len; 439 uint16_t priority; 440 uint32_t lifetime; 441 uint16_t adn_len; 442 uint8_t body[]; 443 }; 444 445 struct nd_opt_capt_portal { 446 uint8_t type; 447 uint8_t len; 448 uint8_t data[]; 449 }; 450 451 /* IPv6 RA PIOs */ 452 inline static int router_compare_pio_addr(const struct ra_pio *pio, const struct odhcpd_ipaddr *addr) 453 { 454 uint8_t cmp_len = max(64, max(pio->length, addr->prefix_len)); 455 456 return odhcpd_bmemcmp(&pio->prefix, &addr->addr.in6, cmp_len); 457 } 458 459 static struct ra_pio *router_find_ra_pio(struct interface *iface, 460 struct odhcpd_ipaddr *addr) 461 { 462 for (size_t i = 0; i < iface->pio_cnt; i++) { 463 struct ra_pio *cur_pio = &iface->pios[i]; 464 465 if (!router_compare_pio_addr(cur_pio, addr)) 466 return cur_pio; 467 } 468 469 return NULL; 470 } 471 472 static void router_add_ra_pio(struct interface *iface, 473 struct odhcpd_ipaddr *addr) 474 { 475 char ipv6_str[INET6_ADDRSTRLEN]; 476 struct ra_pio *new_pios, *pio; 477 478 pio = router_find_ra_pio(iface, addr); 479 if (pio) { 480 if (memcmp(&pio->prefix, &addr->addr.in6, sizeof(struct in6_addr)) != 0 || 481 pio->length != addr->prefix_len) 482 { 483 char new_ipv6_str[INET6_ADDRSTRLEN]; 484 485 iface->pio_update = true; 486 warn("rfc9096: %s: changed %s/%u -> %s/%u", 487 iface->ifname, 488 inet_ntop(AF_INET6, &pio->prefix, ipv6_str, sizeof(ipv6_str)), 489 pio->length, 490 inet_ntop(AF_INET6, &addr->addr.in6, new_ipv6_str, sizeof(new_ipv6_str)), 491 addr->prefix_len); 492 493 memcpy(&pio->prefix, &addr->addr.in6, sizeof(struct in6_addr)); 494 pio->length = addr->prefix_len; 495 } 496 497 if (pio->lifetime) { 498 pio->lifetime = 0; 499 500 iface->pio_update = true; 501 warn("rfc9096: %s: renew %s/%u", 502 iface->ifname, 503 inet_ntop(AF_INET6, &pio->prefix, ipv6_str, sizeof(ipv6_str)), 504 pio->length); 505 } 506 507 return; 508 } 509 510 new_pios = realloc(iface->pios, sizeof(struct ra_pio) * (iface->pio_cnt + 1)); 511 if (!new_pios) 512 return; 513 514 iface->pios = new_pios; 515 pio = &iface->pios[iface->pio_cnt]; 516 iface->pio_cnt++; 517 518 memcpy(&pio->prefix, &addr->addr.in6, sizeof(struct in6_addr)); 519 pio->length = addr->prefix_len; 520 pio->lifetime = 0; 521 522 iface->pio_update = true; 523 info("rfc9096: %s: add %s/%u", 524 iface->ifname, 525 inet_ntop(AF_INET6, &pio->prefix, ipv6_str, sizeof(ipv6_str)), 526 pio->length); 527 } 528 529 static void router_clear_duplicated_ra_pio(struct interface *iface) 530 { 531 size_t pio_cnt = iface->pio_cnt; 532 char ipv6_str[INET6_ADDRSTRLEN]; 533 534 for (size_t i = 0; i < iface->pio_cnt; i++) { 535 struct ra_pio *pio_a = &iface->pios[i]; 536 size_t j = i + 1; 537 538 while (j < iface->pio_cnt) { 539 struct ra_pio *pio_b = &iface->pios[j]; 540 541 if (pio_a->length == pio_b->length && 542 !memcmp(&pio_a->prefix, &pio_b->prefix, sizeof(struct in6_addr))) { 543 warn("rfc9096: %s: clear duplicated %s/%u", 544 iface->ifname, 545 inet_ntop(AF_INET6, &pio_a->prefix, ipv6_str, sizeof(ipv6_str)), 546 pio_a->length); 547 548 iface->pios[j] = iface->pios[iface->pio_cnt - 1]; 549 iface->pio_cnt--; 550 } else { 551 j++; 552 } 553 } 554 } 555 556 if (iface->pio_cnt != pio_cnt) { 557 struct ra_pio *new_pios = realloc(iface->pios, sizeof(struct ra_pio) * iface->pio_cnt); 558 559 if (new_pios) 560 iface->pios = new_pios; 561 } 562 } 563 564 static void router_clear_expired_ra_pio(time_t now, 565 struct interface *iface) 566 { 567 size_t i = 0, pio_cnt = iface->pio_cnt; 568 char ipv6_str[INET6_ADDRSTRLEN]; 569 570 while (i < iface->pio_cnt) { 571 struct ra_pio *cur_pio = &iface->pios[i]; 572 573 if (ra_pio_expired(cur_pio, now)) { 574 info("rfc9096: %s: clear expired %s/%u", 575 iface->ifname, 576 inet_ntop(AF_INET6, &cur_pio->prefix, ipv6_str, sizeof(ipv6_str)), 577 cur_pio->length); 578 579 iface->pios[i] = iface->pios[iface->pio_cnt - 1]; 580 iface->pio_cnt--; 581 } else { 582 i++; 583 } 584 } 585 586 if (!iface->pio_cnt) { 587 free(iface->pios); 588 iface->pios = NULL; 589 } else if (iface->pio_cnt != pio_cnt) { 590 struct ra_pio *new_pios = realloc(iface->pios, sizeof(struct ra_pio) * iface->pio_cnt); 591 592 if (new_pios) 593 iface->pios = new_pios; 594 } 595 } 596 597 static void router_stale_ra_pio(struct interface *iface, 598 struct odhcpd_ipaddr *addr, 599 time_t now) 600 { 601 struct ra_pio *pio = router_find_ra_pio(iface, addr); 602 char ipv6_str[INET6_ADDRSTRLEN]; 603 604 if (!pio || pio->lifetime) 605 return; 606 607 pio->lifetime = now + iface->max_valid_lifetime; 608 609 iface->pio_update = true; 610 warn("rfc9096: %s: stale %s/%u", 611 iface->ifname, 612 inet_ntop(AF_INET6, &pio->prefix, ipv6_str, sizeof(ipv6_str)), 613 pio->length); 614 } 615 616 /* Router Advert server mode */ 617 static int send_router_advert(struct interface *iface, const struct in6_addr *from) 618 { 619 time_t now = odhcpd_time(); 620 struct odhcpd_ipaddr *addrs = NULL; 621 struct adv_msg adv; 622 struct nd_opt_prefix_info *pfxs = NULL; 623 struct nd_opt_dns_server *dns = NULL; 624 struct nd_opt_search_list *search = NULL; 625 struct nd_opt_route_info *routes = NULL; 626 struct nd_opt_pref64_info *pref64 = NULL; 627 struct nd_opt_dnr_info *dnrs = NULL; 628 struct nd_opt_adv_interval adv_interval; 629 struct nd_opt_capt_portal *capt_portal = NULL; 630 struct iovec iov[IOV_RA_TOTAL]; 631 struct sockaddr_in6 dest; 632 size_t dns_sz = 0, search_sz = 0, pref64_sz = 0, dnrs_sz = 0; 633 size_t pfxs_cnt = 0, routes_cnt = 0; 634 size_t total_addr_cnt = 0, valid_addr_cnt = 0; 635 size_t capt_portal_sz = 0; 636 /* 637 * lowest_found_lifetime stores the lowest lifetime of all prefixes; 638 * necessary to find longest adv interval necessary 639 * for shortest lived prefix 640 */ 641 uint32_t lowest_found_lifetime = UINT32_MAX, highest_found_lifetime = 0, maxival, ra_lifetime; 642 int msecs, hlim = iface->ra_hoplimit; 643 bool default_route = false; 644 bool valid_prefix = false; 645 char buf[INET6_ADDRSTRLEN]; 646 647 router_clear_expired_ra_pio(now, iface); 648 649 memset(&adv, 0, sizeof(adv)); 650 adv.h.nd_ra_type = ND_ROUTER_ADVERT; 651 652 if (hlim == 0) 653 hlim = odhcpd_get_interface_config(iface->ifname, "hop_limit"); 654 655 if (hlim > 0) 656 adv.h.nd_ra_curhoplimit = hlim; 657 658 adv.h.nd_ra_flags_reserved = iface->ra_flags; 659 660 if (iface->route_preference < 0) 661 adv.h.nd_ra_flags_reserved |= ND_RA_PREF_LOW; 662 else if (iface->route_preference > 0) 663 adv.h.nd_ra_flags_reserved |= ND_RA_PREF_HIGH; 664 665 if (iface->dhcpv6 != MODE_DISABLED && iface->dhcpv6_pd && iface->dhcpv6_pd_preferred) { 666 /* RFC9762 § 5 667 * If the network desires to delegate prefixes to devices that support 668 * DHCPv6 prefix delegation but do not support the P flag, it SHOULD 669 * also set the M or O bits in the RA to 1 670 */ 671 adv.h.nd_ra_flags_reserved |= ND_RA_FLAG_MANAGED; 672 } 673 674 adv.h.nd_ra_reachable = htonl(iface->ra_reachabletime); 675 adv.h.nd_ra_retransmit = htonl(iface->ra_retranstime); 676 677 adv.lladdr.type = ND_OPT_SOURCE_LINKADDR; 678 adv.lladdr.len = 1; 679 odhcpd_get_mac(iface, adv.lladdr.data); 680 681 adv.mtu.nd_opt_mtu_type = ND_OPT_MTU; 682 adv.mtu.nd_opt_mtu_len = 1; 683 684 adv.mtu.nd_opt_mtu_mtu = htonl(iface->ra_mtu); 685 686 iov[IOV_RA_ADV].iov_base = &adv; 687 iov[IOV_RA_ADV].iov_len = sizeof(adv); 688 689 valid_addr_cnt = (iface->timer_rs.cb /* if not shutdown */ ? iface->addr6_len : 0); 690 691 // check ra_default 692 if (iface->default_router) { 693 default_route = true; 694 695 if (iface->default_router > 1) 696 valid_prefix = true; 697 } 698 699 if (valid_addr_cnt + iface->pio_cnt) { 700 addrs = alloca(sizeof(*addrs) * (valid_addr_cnt + iface->pio_cnt)); 701 702 if (valid_addr_cnt) { 703 memcpy(addrs, iface->addr6, sizeof(*addrs) * valid_addr_cnt); 704 total_addr_cnt = valid_addr_cnt; 705 706 /* Check default route */ 707 if (!default_route && parse_routes(addrs, valid_addr_cnt)) 708 default_route = true; 709 } 710 711 for (size_t i = 0; i < iface->pio_cnt; i++) { 712 struct ra_pio *cur_pio = &iface->pios[i]; 713 bool pio_found = false; 714 715 for (size_t j = 0; j < valid_addr_cnt; j++) { 716 struct odhcpd_ipaddr *cur_addr = &addrs[j]; 717 718 if (!router_compare_pio_addr(cur_pio, cur_addr)) { 719 pio_found = true; 720 break; 721 } 722 } 723 724 if (!pio_found) { 725 struct odhcpd_ipaddr *addr = &addrs[total_addr_cnt]; 726 727 memcpy(&addr->addr.in6, &cur_pio->prefix, sizeof(addr->addr.in6)); 728 addr->prefix_len = cur_pio->length; 729 addr->preferred_lt = 0; 730 addr->valid_lt = (uint32_t) (now + ND_VALID_LIMIT); 731 total_addr_cnt++; 732 } 733 } 734 } 735 736 /* Construct Prefix Information options */ 737 if (total_addr_cnt > 0) { 738 pfxs = alloca(total_addr_cnt * sizeof(*pfxs)); 739 memset(pfxs, 0, total_addr_cnt * sizeof(*pfxs)); 740 } 741 for (size_t i = 0; i < total_addr_cnt; ++i) { 742 struct odhcpd_ipaddr *addr = &addrs[i]; 743 struct nd_opt_prefix_info *p = NULL; 744 uint32_t preferred_lt = 0; 745 uint32_t valid_lt = 0; 746 747 if (addr->prefix_len > 96 || (i < valid_addr_cnt && addr->valid_lt <= (uint32_t)now)) { 748 info("Address %s (prefix %d, valid-lifetime %u) not suitable as RA prefix on %s", 749 inet_ntop(AF_INET6, &addr->addr.in6, buf, sizeof(buf)), addr->prefix_len, 750 addr->valid_lt, iface->name); 751 continue; 752 } 753 754 if (ADDR_MATCH_PIO_FILTER(addr, iface)) { 755 info("Address %s filtered out as RA prefix on %s", 756 inet_ntop(AF_INET6, &addr->addr.in6, buf, sizeof(buf)), 757 iface->name); 758 continue; /* PIO filtered out of this RA */ 759 } 760 761 for (size_t j = 0; j < pfxs_cnt; ++j) { 762 if (addr->prefix_len == pfxs[j].nd_opt_pi_prefix_len && 763 !odhcpd_bmemcmp(&pfxs[j].nd_opt_pi_prefix, 764 &addr->addr.in6, addr->prefix_len)) 765 p = &pfxs[j]; 766 } 767 768 if (!p) 769 p = &pfxs[pfxs_cnt++]; 770 771 if (addr->preferred_lt > (uint32_t)now) { 772 preferred_lt = TIME_LEFT(addr->preferred_lt, now); 773 774 if (iface->max_preferred_lifetime && preferred_lt > iface->max_preferred_lifetime) { 775 preferred_lt = iface->max_preferred_lifetime; 776 } 777 } 778 779 if (addr->valid_lt > (uint32_t)now) { 780 valid_lt = TIME_LEFT(addr->valid_lt, now); 781 782 if (iface->max_valid_lifetime && valid_lt > iface->max_valid_lifetime) 783 valid_lt = iface->max_valid_lifetime; 784 } 785 786 if (preferred_lt > valid_lt) { 787 /* 788 * RFC4861 § 6.2.1 789 * This value [AdvPreferredLifetime] MUST NOT be larger than 790 * AdvValidLifetime. 791 */ 792 preferred_lt = valid_lt; 793 } 794 795 if (lowest_found_lifetime > valid_lt) 796 lowest_found_lifetime = valid_lt; 797 798 if ((!IN6_IS_ADDR_ULA(&addr->addr.in6) || iface->default_router) && valid_lt) 799 valid_prefix = true; 800 801 if (!IN6_IS_ADDR_ULA(&addr->addr.in6) && valid_lt) { 802 if (highest_found_lifetime < valid_lt) 803 highest_found_lifetime = valid_lt; 804 } 805 806 odhcpd_bmemcpy(&p->nd_opt_pi_prefix, &addr->addr.in6, 807 (iface->ra_advrouter) ? 128 : addr->prefix_len); 808 p->nd_opt_pi_type = ND_OPT_PREFIX_INFORMATION; 809 p->nd_opt_pi_len = 4; 810 p->nd_opt_pi_prefix_len = (addr->prefix_len < 64) ? 64 : addr->prefix_len; 811 /* RFC9762 DHCPv6-PD Preferred Flag § 6: 812 * Routers SHOULD set the P flag to zero by default... 813 */ 814 p->nd_opt_pi_flags_reserved = 0; 815 if (!iface->ra_not_onlink) 816 p->nd_opt_pi_flags_reserved |= ND_OPT_PI_FLAG_ONLINK; 817 if (iface->ra_slaac && addr->prefix_len <= 64) 818 p->nd_opt_pi_flags_reserved |= ND_OPT_PI_FLAG_AUTO; 819 if (iface->dhcpv6 != MODE_DISABLED && iface->dhcpv6_pd && iface->dhcpv6_pd_preferred) 820 /* RFC9762 DHCPv6-PD Preferred Flag 821 * We can run both SLAAC and DHCPv6-PD. 822 * §6: 823 * "Routers MUST allow the P flag to be configured separately from the A flag. 824 * ...en/disabling the P flag MUST NOT trigger automatic changes in the A flag 825 * value set by the router." 826 */ 827 p->nd_opt_pi_flags_reserved |= ND_OPT_PI_FLAG_PD_PREFERRED; 828 if (iface->ra_advrouter) 829 // RFC6275, §7.2 830 p->nd_opt_pi_flags_reserved |= ND_OPT_PI_FLAG_RADDR; 831 if (i >= valid_addr_cnt || !preferred_lt) { 832 /* 833 * RFC9096 § 3.5 834 * 835 * - Any prefixes that were previously advertised by the CE router 836 * via PIOs in RA messages, but that have now become stale, MUST 837 * be advertised with PIOs that have the "Valid Lifetime" and the 838 * "Preferred Lifetime" set to 0 and the "A" and "L" bits 839 * unchanged. 840 */ 841 p->nd_opt_pi_preferred_time = 0; 842 p->nd_opt_pi_valid_time = 0; 843 844 router_stale_ra_pio(iface, addr, now); 845 } else { 846 p->nd_opt_pi_preferred_time = htonl(preferred_lt); 847 p->nd_opt_pi_valid_time = htonl(valid_lt); 848 849 router_add_ra_pio(iface, addr); 850 } 851 } 852 853 router_clear_duplicated_ra_pio(iface); 854 855 iov[IOV_RA_PFXS].iov_base = pfxs; 856 iov[IOV_RA_PFXS].iov_len = pfxs_cnt * sizeof(*pfxs); 857 858 /* Calculate periodic transmit */ 859 msecs = calc_adv_interval(iface, lowest_found_lifetime, &maxival); 860 ra_lifetime = calc_ra_lifetime(iface, maxival); 861 if (!highest_found_lifetime) 862 highest_found_lifetime = ra_lifetime; 863 864 if (!iface->have_link_local) { 865 notice("Skip sending a RA on %s as no link local address is available", iface->name); 866 goto out; 867 } 868 869 if (default_route && valid_prefix) { 870 adv.h.nd_ra_router_lifetime = htons(ra_lifetime < UINT16_MAX ? ra_lifetime : UINT16_MAX); 871 } else { 872 adv.h.nd_ra_router_lifetime = 0; 873 874 if (default_route) 875 warn("A default route is present but there is no public prefix " 876 "on %s thus we announce no default route by setting ra_lifetime to 0!", iface->name); 877 else 878 warn("No default route present, setting ra_lifetime to 0!"); 879 } 880 881 debug("Using a RA lifetime of %d seconds on %s", ntohs(adv.h.nd_ra_router_lifetime), iface->name); 882 883 /* Recursive DNS Server aka RDNSS; RFC8106, §5.1 */ 884 if (iface->ra_dns) { 885 struct in6_addr *dns_addrs6 = NULL, dns_addr6; 886 size_t dns_addrs6_cnt = 0; 887 888 if (iface->dns_addrs6_cnt > 0) { 889 dns_addrs6 = iface->dns_addrs6; 890 dns_addrs6_cnt = iface->dns_addrs6_cnt; 891 } else if (!odhcpd_get_interface_dns_addr6(iface, &dns_addr6)) { 892 dns_addrs6 = &dns_addr6; 893 dns_addrs6_cnt = 1; 894 } 895 896 if (dns_addrs6_cnt) { 897 dns_sz = sizeof(*dns) + dns_addrs6_cnt * sizeof(*dns_addrs6); 898 899 dns = alloca(dns_sz); 900 memset(dns, 0, dns_sz); 901 dns->type = ND_OPT_RECURSIVE_DNS; 902 dns->len = 1 + (2 * dns_addrs6_cnt); 903 dns->lifetime = htonl(highest_found_lifetime); 904 memcpy(dns->addr, dns_addrs6, dns_addrs6_cnt * sizeof(*dns_addrs6)); 905 } 906 } 907 iov[IOV_RA_DNS].iov_base = dns; 908 iov[IOV_RA_DNS].iov_len = dns_sz; 909 910 /* DNS Search List aka DNSSL; RFC8106, §5.2 */ 911 if (iface->ra_dns && iface->dns_search_len > 0) { 912 search_sz = sizeof(*search) + ((iface->dns_search_len + 7) & ~7); 913 search = alloca(search_sz); 914 *search = (struct nd_opt_search_list) { 915 .type = ND_OPT_DNS_SEARCH, 916 .len = search_sz / 8, 917 .reserved = 0, 918 .lifetime = htonl(highest_found_lifetime), 919 }; 920 memcpy(search->name, iface->dns_search, iface->dns_search_len); 921 } 922 iov[IOV_RA_SEARCH].iov_base = search; 923 iov[IOV_RA_SEARCH].iov_len = search_sz; 924 925 if (iface->pref64_length) { 926 /* RFC 8781 § 4.1 rounding up lifetime to multiple of 8 */ 927 uint16_t pref64_lifetime = ra_lifetime < (UINT16_MAX - 7) ? ra_lifetime + 7 : (UINT16_MAX - 7); 928 929 pref64_sz = sizeof(*pref64); 930 pref64 = alloca(pref64_sz); 931 pref64->type = ND_OPT_PREF64; 932 pref64->len = 2; 933 pref64->lifetime_plc = htons((0xfff8 & pref64_lifetime) | 934 (0x7 & iface->pref64_plc)); 935 memcpy(pref64->prefix, iface->pref64_prefix, sizeof(pref64->prefix)); 936 } 937 iov[IOV_RA_PREF64].iov_base = pref64; 938 iov[IOV_RA_PREF64].iov_len = pref64_sz; 939 940 if (iface->dnr_cnt) { 941 size_t dnr_sz[iface->dnr_cnt]; 942 943 for (unsigned i = 0; i < iface->dnr_cnt; i++) { 944 dnr_sz[i] = sizeof(struct nd_opt_dnr_info) + iface->dnr[i].adn_len; 945 if (iface->dnr[i].addr6_cnt > 0 || iface->dnr[i].svc_len > 0) { 946 dnr_sz[i] += 2 + iface->dnr[i].addr6_cnt * sizeof(struct in6_addr); 947 dnr_sz[i] += 2 + iface->dnr[i].svc_len; 948 } 949 dnr_sz[i] = (dnr_sz[i] + 7) & ~7; 950 dnrs_sz += dnr_sz[i]; 951 } 952 953 /* dnrs are sized in multiples of 8, so each dnr should be aligned */ 954 dnrs = alloca(dnrs_sz); 955 memset(dnrs, 0, dnrs_sz); 956 957 uint8_t *pos = (uint8_t *)dnrs; 958 for (unsigned i = 0; i < iface->dnr_cnt; pos += dnr_sz[i], i++) { 959 struct nd_opt_dnr_info *dnr = (struct nd_opt_dnr_info *)pos; 960 size_t dnr_addr6_sz = iface->dnr[i].addr6_cnt * sizeof(struct in6_addr); 961 uint8_t *tmp = dnr->body; 962 963 dnr->type = ND_OPT_DNR; 964 dnr->len = dnr_sz[i] / 8; 965 dnr->priority = htons(iface->dnr[i].priority); 966 if (iface->dnr[i].lifetime_set) 967 dnr->lifetime = htonl(iface->dnr[i].lifetime); 968 else 969 dnr->lifetime = htonl(highest_found_lifetime); 970 971 dnr->adn_len = htons(iface->dnr[i].adn_len); 972 memcpy(tmp, iface->dnr[i].adn, iface->dnr[i].adn_len); 973 tmp += iface->dnr[i].adn_len; 974 975 *(tmp++) = dnr_addr6_sz >> 8; 976 *(tmp++) = dnr_addr6_sz & 0xff; 977 memcpy(tmp, iface->dnr[i].addr6, dnr_addr6_sz); 978 tmp += dnr_addr6_sz; 979 980 *(tmp++) = iface->dnr[i].svc_len >> 8; 981 *(tmp++) = iface->dnr[i].svc_len & 0xff; 982 memcpy(tmp, iface->dnr[i].svc, iface->dnr[i].svc_len); 983 } 984 } 985 iov[IOV_RA_DNR].iov_base = dnrs; 986 iov[IOV_RA_DNR].iov_len = dnrs_sz; 987 988 /* 989 * RFC7084 § 4.3 : 990 * L-3: An IPv6 CE router MUST advertise itself as a router for the 991 * delegated prefix(es) (and ULA prefix if configured to provide 992 * ULA addressing) using the "Route Information Option" specified 993 * in Section 2.3 of [RFC4191]. This advertisement is 994 * independent of having or not having IPv6 connectivity on the 995 * WAN interface. 996 */ 997 if (valid_addr_cnt > 0) { 998 routes = alloca(valid_addr_cnt * sizeof(*routes)); 999 memset(routes, 0, valid_addr_cnt * sizeof(*routes)); 1000 } 1001 for (size_t i = 0; i < valid_addr_cnt; ++i) { 1002 struct odhcpd_ipaddr *addr = &addrs[i]; 1003 uint32_t valid_lt; 1004 1005 if (addr->dprefix_len >= 64 || addr->dprefix_len == 0 || addr->valid_lt <= (uint32_t)now) { 1006 debug("Address %s (dprefix %d, valid-lifetime %u) not suitable as RA route on %s", 1007 inet_ntop(AF_INET6, &addr->addr.in6, buf, sizeof(buf)), 1008 addr->dprefix_len, addr->valid_lt, iface->name); 1009 continue; 1010 } 1011 1012 if (ADDR_MATCH_PIO_FILTER(addr, iface)) { 1013 debug("Address %s filtered out as RA route on %s", 1014 inet_ntop(AF_INET6, &addr->addr.in6, buf, sizeof(buf)), 1015 iface->name); 1016 continue; 1017 } 1018 1019 if (addr->dprefix_len > 32) { 1020 addr->addr.in6.s6_addr32[1] &= htonl(~((1U << (64 - addr->dprefix_len)) - 1)); 1021 } else if (addr->dprefix_len <= 32) { 1022 addr->addr.in6.s6_addr32[0] &= htonl(~((1U << (32 - addr->dprefix_len)) - 1)); 1023 addr->addr.in6.s6_addr32[1] = 0; 1024 } 1025 1026 routes[routes_cnt].type = ND_OPT_ROUTE_INFO; 1027 routes[routes_cnt].len = sizeof(*routes) / 8; 1028 routes[routes_cnt].prefix_len = addr->dprefix_len; 1029 routes[routes_cnt].flags = 0; 1030 if (iface->route_preference < 0) 1031 routes[routes_cnt].flags |= ND_RA_PREF_LOW; 1032 else if (iface->route_preference > 0) 1033 routes[routes_cnt].flags |= ND_RA_PREF_HIGH; 1034 1035 valid_lt = TIME_LEFT(addr->valid_lt, now); 1036 if (iface->max_valid_lifetime && valid_lt > iface->max_valid_lifetime) 1037 valid_lt = iface->max_valid_lifetime; 1038 routes[routes_cnt].lifetime = htonl(valid_lt); 1039 routes[routes_cnt].addr[0] = addr->addr.in6.s6_addr32[0]; 1040 routes[routes_cnt].addr[1] = addr->addr.in6.s6_addr32[1]; 1041 routes[routes_cnt].addr[2] = 0; 1042 routes[routes_cnt].addr[3] = 0; 1043 1044 routes_cnt++; 1045 } 1046 iov[IOV_RA_ROUTES].iov_base = routes; 1047 iov[IOV_RA_ROUTES].iov_len = routes_cnt * sizeof(*routes); 1048 1049 memset(&adv_interval, 0, sizeof(adv_interval)); 1050 adv_interval.nd_opt_adv_interval_type = ND_OPT_RTR_ADV_INTERVAL; 1051 adv_interval.nd_opt_adv_interval_len = 1; 1052 adv_interval.nd_opt_adv_interval_ival = htonl(maxival*1000); 1053 1054 iov[IOV_RA_ADV_INTERVAL].iov_base = &adv_interval; 1055 iov[IOV_RA_ADV_INTERVAL].iov_len = adv_interval.nd_opt_adv_interval_len * 8; 1056 1057 /* RFC 8910 Captive Portal */ 1058 if (iface->captive_portal_uri_len > 0) { 1059 /* compute pad so that (header + data + pad) is a multiple of 8 */ 1060 capt_portal_sz = (sizeof(struct nd_opt_capt_portal) + iface->captive_portal_uri_len + 7) & ~7; 1061 1062 capt_portal = alloca(capt_portal_sz); 1063 memset(capt_portal, 0, capt_portal_sz); 1064 1065 capt_portal->type = ND_OPT_CAPTIVE_PORTAL; 1066 capt_portal->len = capt_portal_sz / 8; 1067 1068 memcpy(capt_portal->data, iface->captive_portal_uri, iface->captive_portal_uri_len); 1069 /* remaining padding bytes already set to 0x00 */ 1070 } 1071 1072 iov[IOV_RA_CAPT_PORTAL].iov_base = capt_portal; 1073 iov[IOV_RA_CAPT_PORTAL].iov_len = capt_portal_sz; 1074 1075 memset(&dest, 0, sizeof(dest)); 1076 dest.sin6_family = AF_INET6; 1077 1078 if (from && !IN6_IS_ADDR_UNSPECIFIED(from)) 1079 dest.sin6_addr = *from; 1080 else 1081 inet_pton(AF_INET6, ALL_IPV6_NODES, &dest.sin6_addr); 1082 1083 debug("Sending a RA on %s", iface->name); 1084 1085 if (odhcpd_try_send_with_src(iface->router_event.uloop.fd, &dest, iov, ARRAY_SIZE(iov), iface) > 0) { 1086 iface->ra_sent++; 1087 1088 statefiles_write_prefix_information(iface); 1089 } 1090 1091 out: 1092 return msecs; 1093 } 1094 1095 1096 static void trigger_router_advert(struct uloop_timeout *event) 1097 { 1098 struct interface *iface = container_of(event, struct interface, timer_rs); 1099 int msecs = send_router_advert(iface, NULL); 1100 1101 /* Rearm timer if not shut down */ 1102 if (event->cb) 1103 uloop_timeout_set(event, msecs); 1104 } 1105 1106 1107 /* Event handler for incoming ICMPv6 packets */ 1108 static void handle_icmpv6(void *addr, void *data, size_t len, 1109 struct interface *iface, _o_unused void *dest) 1110 { 1111 struct icmp6_hdr *hdr = data; 1112 struct sockaddr_in6 *from = addr; 1113 1114 if (!router_icmpv6_valid(addr, data, len)) 1115 return; 1116 1117 if ((iface->ra == MODE_SERVER && !iface->master)) { /* Server mode */ 1118 if (hdr->icmp6_type == ND_ROUTER_SOLICIT) 1119 send_router_advert(iface, &from->sin6_addr); 1120 } else if (iface->ra == MODE_RELAY) { /* Relay mode */ 1121 if (hdr->icmp6_type == ND_ROUTER_SOLICIT && !iface->master) { 1122 struct interface *c; 1123 1124 avl_for_each_element(&interfaces, c, avl) { 1125 if (!c->master || c->ra != MODE_RELAY) 1126 continue; 1127 1128 forward_router_solicitation(c); 1129 } 1130 } else if (hdr->icmp6_type == ND_ROUTER_ADVERT && iface->master) 1131 forward_router_advertisement(iface, data, len); 1132 } 1133 } 1134 1135 1136 /* Forward a router solicitation from slave to master interface */ 1137 static void forward_router_solicitation(const struct interface *iface) 1138 { 1139 struct icmp6_hdr rs = {ND_ROUTER_SOLICIT, 0, 0, {{0}}}; 1140 struct iovec iov = {&rs, sizeof(rs)}; 1141 struct sockaddr_in6 all_routers; 1142 1143 if (!iface) 1144 return; 1145 1146 memset(&all_routers, 0, sizeof(all_routers)); 1147 all_routers.sin6_family = AF_INET6; 1148 inet_pton(AF_INET6, ALL_IPV6_ROUTERS, &all_routers.sin6_addr); 1149 all_routers.sin6_scope_id = iface->ifindex; 1150 1151 notice("Sending RS to %s", iface->name); 1152 odhcpd_send(iface->router_event.uloop.fd, &all_routers, &iov, 1, iface); 1153 } 1154 1155 1156 /* Forward a router advertisement from master to slave interfaces */ 1157 static void forward_router_advertisement(const struct interface *iface, uint8_t *data, size_t len) 1158 { 1159 struct nd_router_advert *adv = (struct nd_router_advert *)data; 1160 struct sockaddr_in6 all_nodes; 1161 struct icmpv6_opt *opt; 1162 struct interface *c; 1163 struct iovec iov = { .iov_base = data, .iov_len = len }; 1164 /* Rewrite options */ 1165 uint8_t *end = data + len; 1166 uint8_t *mac_ptr = NULL; 1167 struct in6_addr *dns_addrs6 = NULL; 1168 size_t dns_addrs6_cnt = 0; 1169 // MTU option 1170 struct nd_opt_mtu *mtu_opt = NULL; 1171 uint32_t ingress_mtu_val = 0; 1172 /* PIO L/A/R/P flag and RA M/O Flags */ 1173 uint8_t ra_flags; 1174 size_t pio_count = 0; 1175 struct fwd_pio_flags { 1176 uint8_t *ptr; 1177 uint8_t flags; 1178 } *pio_flags = NULL; 1179 1180 icmpv6_for_each_option(opt, &adv[1], end) { 1181 /* check our packet content is not truncated */ 1182 if (opt->len == 0 || (uint8_t *)opt + opt->len * 8 > end) { 1183 error("Ingress RA packet option for relaying has incorrect length"); 1184 return; 1185 } 1186 1187 switch(opt->type) { 1188 case ND_OPT_PREFIX_INFORMATION: 1189 pio_count++; 1190 break; 1191 } 1192 } 1193 1194 if (pio_count > 0) { 1195 pio_flags = alloca(sizeof(*pio_flags) * pio_count); 1196 pio_count = 0; 1197 } 1198 1199 /* Parse existing options */ 1200 icmpv6_for_each_option(opt, &adv[1], end) { 1201 switch (opt->type) { 1202 case ND_OPT_SOURCE_LINKADDR: 1203 mac_ptr = opt->data; 1204 break; 1205 1206 case ND_OPT_RECURSIVE_DNS: 1207 if (opt->len > 1) { 1208 dns_addrs6 = (struct in6_addr *)&opt->data[6]; 1209 dns_addrs6_cnt = (opt->len - 1) / 2; 1210 } 1211 break; 1212 1213 case ND_OPT_MTU: 1214 if (opt->len == 1 && (uint8_t *)opt + sizeof(struct nd_opt_mtu) <= end) { 1215 mtu_opt = (struct nd_opt_mtu *)opt; 1216 ingress_mtu_val = ntohl(mtu_opt->nd_opt_mtu_mtu); 1217 } 1218 break; 1219 case ND_OPT_PREFIX_INFORMATION: 1220 /* Store options for each PIO */ 1221 pio_flags[pio_count].ptr = &opt->data[1]; 1222 pio_flags[pio_count].flags = opt->data[1]; 1223 pio_count++; 1224 break; 1225 } 1226 } 1227 1228 info("Got a RA on %s", iface->name); 1229 1230 /* Indicate a proxy, however we don't follow the rest of RFC 4389 yet 1231 * store original upstream RA state 1232 */ 1233 ra_flags = adv->nd_ra_flags_reserved | ND_RA_FLAG_PROXY; 1234 1235 /* Forward advertisement to all slave interfaces */ 1236 memset(&all_nodes, 0, sizeof(all_nodes)); 1237 all_nodes.sin6_family = AF_INET6; 1238 inet_pton(AF_INET6, ALL_IPV6_NODES, &all_nodes.sin6_addr); 1239 1240 avl_for_each_element(&interfaces, c, avl) { 1241 if (c->ra != MODE_RELAY || c->master) 1242 continue; 1243 1244 /* Fixup source hardware address option */ 1245 if (mac_ptr) 1246 odhcpd_get_mac(c, mac_ptr); 1247 1248 if (pio_count > 0) 1249 debug("RA forward: Rewriting RA PIO flags"); 1250 1251 for (size_t i = 0; i < pio_count; i++) { 1252 /* restore the flags byte to its upstream state before applying per-interface policy */ 1253 *pio_flags[i].ptr = pio_flags[i].flags; 1254 /* ensure L flag (on-link) cleared; relayed == not on-link */ 1255 *pio_flags[i].ptr &= ~ND_OPT_PI_FLAG_ONLINK; 1256 /* upstream no SLAAC, downstream no SLAAC: no change 1257 * upstream no SLAAC, downstream SLAAC: no change 1258 * upstream SLAAC, downstream SLAAC: no change 1259 * upstream SLAAC, downstream no SLAAC: clear flag 1260 * Why? We shall not SLAAC downstream if upstream disables it. Sometimes 1261 * we just inform about a prefix for DHCPv6 and routing info. 1262 */ 1263 if (!c->ra_slaac) 1264 *pio_flags[i].ptr &= ~ND_OPT_PI_FLAG_AUTO;/* ensure A flag cleared */ 1265 1266 /* we have no opinion on the R flag - it can be forwarded */ 1267 1268 if (c->dhcpv6 == MODE_DISABLED || !c->dhcpv6_pd || !c->dhcpv6_pd_preferred) 1269 *pio_flags[i].ptr &= ~ND_OPT_PI_FLAG_PD_PREFERRED;/* ensure P flag (DHCPv6-PD) cleared */ 1270 } 1271 1272 /* Apply per-interface modifications of upstream RA state */ 1273 adv->nd_ra_flags_reserved = ra_flags; 1274 /* Rewrite M/O flags unless we relay DHCPv6 */ 1275 if (c->dhcpv6 != MODE_RELAY) { 1276 /* Clear the relayed M/O bits */ 1277 adv->nd_ra_flags_reserved &= ~(ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER); 1278 /* Apply the locally configured ra_flags for M and O */ 1279 adv->nd_ra_flags_reserved |= c->ra_flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER); 1280 } 1281 1282 /* If we have to rewrite DNS entries */ 1283 if (c->always_rewrite_dns && dns_addrs6 && dns_addrs6_cnt > 0) { 1284 const struct in6_addr *rewrite = c->dns_addrs6; 1285 struct in6_addr addr; 1286 size_t rewrite_cnt = c->dns_addrs6_cnt; 1287 1288 if (rewrite_cnt == 0) { 1289 if (odhcpd_get_interface_dns_addr6(c, &addr)) 1290 continue; /* Unable to comply */ 1291 1292 rewrite = &addr; 1293 rewrite_cnt = 1; 1294 } 1295 1296 /* Copy over any other addresses */ 1297 for (size_t i = 0; i < dns_addrs6_cnt; ++i) { 1298 size_t j = (i < rewrite_cnt) ? i : rewrite_cnt - 1; 1299 dns_addrs6[i] = rewrite[j]; 1300 } 1301 } 1302 1303 /* Rewrite MTU option if local RA MTU is configured */ 1304 if (c->ra_mtu && mtu_opt) { 1305 if (ingress_mtu_val != c->ra_mtu) { 1306 debug("Rewriting RA MTU from %u to %u on %s", 1307 ingress_mtu_val, c->ra_mtu, c->name); 1308 mtu_opt->nd_opt_mtu_mtu = htonl(c->ra_mtu); 1309 } 1310 } 1311 1312 info("Forward a RA on %s", c->name); 1313 odhcpd_send(c->router_event.uloop.fd, &all_nodes, &iov, 1, c); 1314 } 1315 } 1316
This page was automatically generated by LXR 0.3.1. • OpenWrt