• source navigation  • diff markup  • identifier search  • freetext search  • 

Sources/odhcpd/src/router.c

  1 /**
  2  * Copyright (C) 2012-2013 Steven Barth <steven@midlink.org>
  3  * Copyright (C) 2018 Hans Dedecker <dedeckeh@gmail.com>
  4  *
  5  * This program is free software; you can redistribute it and/or modify
  6  * it under the terms of the GNU General Public License v2 as published by
  7  * the Free Software Foundation.
  8  *
  9  * This program is distributed in the hope that it will be useful,
 10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12  * GNU General Public License for more details.
 13  *
 14  */
 15 
 16 #include <errno.h>
 17 #include <fcntl.h>
 18 #include <signal.h>
 19 #include <resolv.h>
 20 #include <stdio.h>
 21 #include <stdlib.h>
 22 #include <unistd.h>
 23 #include <stdbool.h>
 24 #include <arpa/inet.h>
 25 #include <net/route.h>
 26 
 27 #include <libubox/utils.h>
 28 
 29 #include "router.h"
 30 #include "odhcpd.h"
 31 
 32 
 33 static void forward_router_solicitation(const struct interface *iface);
 34 static void forward_router_advertisement(const struct interface *iface, uint8_t *data, size_t len);
 35 
 36 static void handle_icmpv6(void *addr, void *data, size_t len,
 37                 struct interface *iface, void *dest);
 38 static void trigger_router_advert(struct uloop_timeout *event);
 39 static void router_netevent_cb(unsigned long event, struct netevent_handler_info *info);
 40 
 41 static struct netevent_handler router_netevent_handler = { .cb = router_netevent_cb, };
 42 
 43 static FILE *fp_route = NULL;
 44 
 45 
 46 #define TIME_LEFT(t1, now) ((t1) != UINT32_MAX ? (t1) - (now) : UINT32_MAX)
 47 
 48 int router_init(void)
 49 {
 50         int ret = 0;
 51 
 52         if (!(fp_route = fopen("/proc/net/ipv6_route", "r"))) {
 53                 syslog(LOG_ERR, "fopen(/proc/net/ipv6_route): %m");
 54                 ret = -1;
 55                 goto out;
 56         }
 57 
 58         if (netlink_add_netevent_handler(&router_netevent_handler) < 0) {
 59                 syslog(LOG_ERR, "Failed to add netevent handler");
 60                 ret = -1;
 61         }
 62 
 63 out:
 64         if (ret < 0 && fp_route) {
 65                 fclose(fp_route);
 66                 fp_route = NULL;
 67         }
 68 
 69         return ret;
 70 }
 71 
 72 
 73 int router_setup_interface(struct interface *iface, bool enable)
 74 {
 75         int ret = 0;
 76 
 77         enable = enable && (iface->ra != MODE_DISABLED);
 78 
 79         if (!fp_route) {
 80                 ret = -1;
 81                 goto out;
 82         }
 83 
 84 
 85         if (!enable && iface->router_event.uloop.fd >= 0) {
 86                 if (!iface->master) {
 87                         uloop_timeout_cancel(&iface->timer_rs);
 88                         iface->timer_rs.cb = NULL;
 89 
 90                         trigger_router_advert(&iface->timer_rs);
 91                 }
 92 
 93                 uloop_fd_delete(&iface->router_event.uloop);
 94                 close(iface->router_event.uloop.fd);
 95                 iface->router_event.uloop.fd = -1;
 96         } else if (enable) {
 97                 struct icmp6_filter filt;
 98                 struct ipv6_mreq mreq;
 99                 int val = 2;
100 
101                 if (iface->router_event.uloop.fd < 0) {
102                         /* Open ICMPv6 socket */
103                         iface->router_event.uloop.fd = socket(AF_INET6, SOCK_RAW | SOCK_CLOEXEC,
104                                                               IPPROTO_ICMPV6);
105                         if (iface->router_event.uloop.fd < 0) {
106                                 syslog(LOG_ERR, "socket(AF_INET6): %m");
107                                 ret = -1;
108                                 goto out;
109                         }
110 
111                         if (setsockopt(iface->router_event.uloop.fd, SOL_SOCKET, SO_BINDTODEVICE,
112                                        iface->ifname, strlen(iface->ifname)) < 0) {
113                                 syslog(LOG_ERR, "setsockopt(SO_BINDTODEVICE): %m");
114                                 ret = -1;
115                                 goto out;
116                         }
117 
118                         /* Let the kernel compute our checksums */
119                         if (setsockopt(iface->router_event.uloop.fd, IPPROTO_RAW, IPV6_CHECKSUM,
120                                        &val, sizeof(val)) < 0) {
121                                 syslog(LOG_ERR, "setsockopt(IPV6_CHECKSUM): %m");
122                                 ret = -1;
123                                 goto out;
124                         }
125 
126                         /* This is required by RFC 4861 */
127                         val = 255;
128                         if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS,
129                                        &val, sizeof(val)) < 0) {
130                                 syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_HOPS): %m");
131                                 ret = -1;
132                                 goto out;
133                         }
134 
135                         if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS,
136                                        &val, sizeof(val)) < 0) {
137                                 syslog(LOG_ERR, "setsockopt(IPV6_UNICAST_HOPS): %m");
138                                 ret = -1;
139                                 goto out;
140                         }
141 
142                         /* We need to know the source interface */
143                         val = 1;
144                         if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
145                                        &val, sizeof(val)) < 0) {
146                                 syslog(LOG_ERR, "setsockopt(IPV6_RECVPKTINFO): %m");
147                                 ret = -1;
148                                 goto out;
149                         }
150 
151                         if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT,
152                                        &val, sizeof(val)) < 0) {
153                                 syslog(LOG_ERR, "setsockopt(IPV6_RECVHOPLIMIT): %m");
154                                 ret = -1;
155                                 goto out;
156                         }
157 
158                         /* Don't loop back */
159                         val = 0;
160                         if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP,
161                                        &val, sizeof(val)) < 0) {
162                                 syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_LOOP): %m");
163                                 ret = -1;
164                                 goto out;
165                         }
166 
167                         /* Filter ICMPv6 package types */
168                         ICMP6_FILTER_SETBLOCKALL(&filt);
169                         ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt);
170                         ICMP6_FILTER_SETPASS(ND_ROUTER_SOLICIT, &filt);
171                         if (setsockopt(iface->router_event.uloop.fd, IPPROTO_ICMPV6, ICMP6_FILTER,
172                                        &filt, sizeof(filt)) < 0) {
173                                 syslog(LOG_ERR, "setsockopt(ICMP6_FILTER): %m");
174                                 ret = -1;
175                                 goto out;
176                         }
177 
178                         iface->router_event.handle_dgram = handle_icmpv6;
179                         iface->ra_sent = 0;
180                         odhcpd_register(&iface->router_event);
181                 } else {
182                         uloop_timeout_cancel(&iface->timer_rs);
183                         iface->timer_rs.cb = NULL;
184 
185                         memset(&mreq, 0, sizeof(mreq));
186                         mreq.ipv6mr_interface = iface->ifindex;
187                         inet_pton(AF_INET6, ALL_IPV6_NODES, &mreq.ipv6mr_multiaddr);
188                         setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP,
189                                    &mreq, sizeof(mreq));
190 
191                         inet_pton(AF_INET6, ALL_IPV6_ROUTERS, &mreq.ipv6mr_multiaddr);
192                         setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP,
193                                    &mreq, sizeof(mreq));
194                 }
195 
196                 memset(&mreq, 0, sizeof(mreq));
197                 mreq.ipv6mr_interface = iface->ifindex;
198                 inet_pton(AF_INET6, ALL_IPV6_ROUTERS, &mreq.ipv6mr_multiaddr);
199 
200                 if (iface->ra == MODE_RELAY && iface->master) {
201                         inet_pton(AF_INET6, ALL_IPV6_NODES, &mreq.ipv6mr_multiaddr);
202                         forward_router_solicitation(iface);
203                 } else if (iface->ra == MODE_SERVER) {
204                         iface->timer_rs.cb = trigger_router_advert;
205                         uloop_timeout_set(&iface->timer_rs, 1000);
206                 }
207 
208                 if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6,
209                                IPV6_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0) {
210                         ret = -1;
211                         syslog(LOG_ERR, "setsockopt(IPV6_ADD_MEMBERSHIP): %m");
212                         goto out;
213                 }
214         }
215 out:
216         if (ret < 0 && iface->router_event.uloop.fd >= 0) {
217                 if (iface->router_event.uloop.registered)
218                         uloop_fd_delete(&iface->router_event.uloop);
219 
220                 close(iface->router_event.uloop.fd);
221                 iface->router_event.uloop.fd = -1;
222         }
223 
224         return ret;
225 }
226 
227 
228 static void router_netevent_cb(unsigned long event, struct netevent_handler_info *info)
229 {
230         struct interface *iface;
231 
232         switch (event) {
233         case NETEV_IFINDEX_CHANGE:
234                 iface = info->iface;
235                 if (iface && iface->router_event.uloop.fd >= 0) {
236                         if (iface->router_event.uloop.registered)
237                                 uloop_fd_delete(&iface->router_event.uloop);
238 
239                         close(iface->router_event.uloop.fd);
240                         iface->router_event.uloop.fd = -1;
241                 }
242                 break;
243         case NETEV_ROUTE6_ADD:
244         case NETEV_ROUTE6_DEL:
245                 if (info->rt.dst_len)
246                         break;
247 
248                 avl_for_each_element(&interfaces, iface, avl) {
249                         if (iface->ra == MODE_SERVER && !iface->master)
250                                 uloop_timeout_set(&iface->timer_rs, 1000);
251                 }
252                 break;
253         case NETEV_ADDR6LIST_CHANGE:
254                 iface = info->iface;
255                 if (iface && iface->ra == MODE_SERVER && !iface->master)
256                         uloop_timeout_set(&iface->timer_rs, 1000);
257                 break;
258         default:
259                 break;
260         }
261 }
262 
263 
264 static bool router_icmpv6_valid(struct sockaddr_in6 *source, uint8_t *data, size_t len)
265 {
266         struct icmp6_hdr *hdr = (struct icmp6_hdr *)data;
267         struct icmpv6_opt *opt, *end = (struct icmpv6_opt*)&data[len];
268 
269         /* Hoplimit is already checked in odhcpd_receive_packets */
270         if (len < sizeof(*hdr) || hdr->icmp6_code)
271                 return false;
272 
273         switch (hdr->icmp6_type) {
274         case ND_ROUTER_ADVERT:
275                 if (!IN6_IS_ADDR_LINKLOCAL(&source->sin6_addr))
276                         return false;
277 
278                 opt = (struct icmpv6_opt *)((struct nd_router_advert *)data + 1);
279                 break;
280 
281         case ND_ROUTER_SOLICIT:
282                 opt = (struct icmpv6_opt *)((struct nd_router_solicit *)data + 1);
283                 break;
284 
285         default:
286                 return false;
287         }
288 
289         icmpv6_for_each_option(opt, opt, end)
290                 if (opt->type == ND_OPT_SOURCE_LINKADDR &&
291                                 IN6_IS_ADDR_UNSPECIFIED(&source->sin6_addr) &&
292                                 hdr->icmp6_type == ND_ROUTER_SOLICIT)
293                         return false;
294 
295         /* Check all options parsed successfully */
296         return opt == end;
297 }
298 
299 
300 /* Detect whether a default route exists, also find the source prefixes */
301 static bool parse_routes(struct odhcpd_ipaddr *n, ssize_t len)
302 {
303         struct odhcpd_ipaddr p = { .addr.in6 = IN6ADDR_ANY_INIT, .prefix = 0,
304                                         .dprefix = 0, .preferred = 0, .valid = 0};
305         bool found_default = false;
306         char line[512], ifname[16];
307 
308         rewind(fp_route);
309 
310         while (fgets(line, sizeof(line), fp_route)) {
311                 uint32_t rflags;
312                 if (sscanf(line, "00000000000000000000000000000000 00 "
313                                 "%*s %*s %*s %*s %*s %*s %*s %15s", ifname) &&
314                                 strcmp(ifname, "lo")) {
315                         found_default = true;
316                 } else if (sscanf(line, "%8" SCNx32 "%8" SCNx32 "%*8" SCNx32 "%*8" SCNx32 " %hhx %*s "
317                                 "%*s 00000000000000000000000000000000 %*s %*s %*s %" SCNx32 " lo",
318                                 &p.addr.in6.s6_addr32[0], &p.addr.in6.s6_addr32[1], &p.prefix, &rflags) &&
319                                 p.prefix > 0 && (rflags & RTF_NONEXTHOP) && (rflags & RTF_REJECT)) {
320                         // Find source prefixes by scanning through unreachable-routes
321                         p.addr.in6.s6_addr32[0] = htonl(p.addr.in6.s6_addr32[0]);
322                         p.addr.in6.s6_addr32[1] = htonl(p.addr.in6.s6_addr32[1]);
323 
324                         for (ssize_t i = 0; i < len; ++i) {
325                                 if (n[i].prefix <= 64 && n[i].prefix >= p.prefix &&
326                                                 !odhcpd_bmemcmp(&p.addr.in6, &n[i].addr.in6, p.prefix)) {
327                                         n[i].dprefix = p.prefix;
328                                         break;
329                                 }
330                         }
331                 }
332         }
333 
334         return found_default;
335 }
336 
337 static int calc_adv_interval(struct interface *iface, uint32_t minvalid,
338                              uint32_t *maxival)
339 {
340         uint32_t minival = iface->ra_mininterval;
341         int msecs;
342 
343         *maxival = iface->ra_maxinterval;
344 
345         if (*maxival > minvalid/3)
346                 *maxival = minvalid/3;
347 
348         if (*maxival > MaxRtrAdvInterval)
349                 *maxival = MaxRtrAdvInterval;
350         else if (*maxival < 4)
351                 *maxival = 4;
352 
353         if (minival < MinRtrAdvInterval)
354                 minival = MinRtrAdvInterval;
355         else if (minival > (*maxival * 3)/4)
356                 minival = (*maxival >= 9 ? *maxival/3 : *maxival);
357 
358         odhcpd_urandom(&msecs, sizeof(msecs));
359         msecs = (labs(msecs) % ((*maxival != minival) ? (*maxival - minival)*1000 : 500)) +
360                         minival*1000;
361 
362         /* RFC 2461 6.2.4 For the first MAX_INITIAL_RTR_ADVERTISEMENTS advertisements */
363         /* if the timer is bigger than MAX_INITIAL_RTR_ADVERT_INTERVAL it should be   */
364         /* set to MAX_INITIAL_RTR_ADVERT_INTERVAL                                     */
365         /* Off by one as an initial interval timer has already expired                */
366         if ((iface->ra_sent + 1) < MaxInitialRtAdvs && msecs > MaxInitialRtrAdvInterval*1000)
367                 msecs = MaxInitialRtrAdvInterval*1000;
368 
369         return msecs;
370 }
371 
372 static uint32_t calc_ra_lifetime(struct interface *iface, uint32_t maxival)
373 {
374         uint32_t lifetime = 3*maxival;
375 
376         if (iface->ra_lifetime >= 0) {
377                 lifetime = iface->ra_lifetime;
378                 if (lifetime > 0 && lifetime < maxival)
379                         lifetime = maxival;
380                 else if (lifetime > 9000)
381                         lifetime = 9000;
382         }
383 
384         return lifetime;
385 }
386 
387 enum {
388         IOV_RA_ADV=0,
389         IOV_RA_PFXS,
390         IOV_RA_ROUTES,
391         IOV_RA_DNS,
392         IOV_RA_SEARCH,
393         IOV_RA_ADV_INTERVAL,
394         IOV_RA_TOTAL,
395 };
396 
397 struct adv_msg {
398         struct nd_router_advert h;
399         struct icmpv6_opt lladdr;
400         struct nd_opt_mtu mtu;
401 };
402 
403 struct nd_opt_dns_server {
404         uint8_t type;
405         uint8_t len;
406         uint8_t pad;
407         uint8_t pad2;
408         uint32_t lifetime;
409         struct in6_addr addr[];
410 };
411 
412 struct nd_opt_search_list {
413         uint8_t type;
414         uint8_t len;
415         uint8_t pad;
416         uint8_t pad2;
417         uint32_t lifetime;
418         uint8_t name[];
419 };
420 
421 struct nd_opt_route_info {
422         uint8_t type;
423         uint8_t len;
424         uint8_t prefix;
425         uint8_t flags;
426         uint32_t lifetime;
427         uint32_t addr[4];
428 };
429 
430 /* Router Advert server mode */
431 static int send_router_advert(struct interface *iface, const struct in6_addr *from)
432 {
433         time_t now = odhcpd_time();
434         struct odhcpd_ipaddr *addrs = NULL;
435         struct adv_msg adv;
436         struct nd_opt_prefix_info *pfxs = NULL;
437         struct nd_opt_dns_server *dns = NULL;
438         struct nd_opt_search_list *search = NULL;
439         struct nd_opt_route_info *routes = NULL;
440         struct nd_opt_adv_interval adv_interval;
441         struct iovec iov[IOV_RA_TOTAL];
442         struct sockaddr_in6 dest;
443         size_t dns_sz = 0, search_sz = 0, pfxs_cnt = 0, routes_cnt = 0;
444         ssize_t addr_cnt = 0;
445         uint32_t minvalid = UINT32_MAX, maxival, lifetime;
446         int msecs, mtu = iface->ra_mtu, hlim = iface->ra_hoplimit;
447         bool default_route = false;
448         bool valid_prefix = false;
449         char buf[INET6_ADDRSTRLEN];
450 
451         memset(&adv, 0, sizeof(adv));
452         adv.h.nd_ra_type = ND_ROUTER_ADVERT;
453 
454         if (hlim == 0)
455                 hlim = odhcpd_get_interface_config(iface->ifname, "hop_limit");
456 
457         if (hlim > 0)
458                 adv.h.nd_ra_curhoplimit = hlim;
459 
460         adv.h.nd_ra_flags_reserved = iface->ra_flags;
461 
462         if (iface->route_preference < 0)
463                 adv.h.nd_ra_flags_reserved |= ND_RA_PREF_LOW;
464         else if (iface->route_preference > 0)
465                 adv.h.nd_ra_flags_reserved |= ND_RA_PREF_HIGH;
466 
467         adv.h.nd_ra_reachable = htonl(iface->ra_reachabletime);
468         adv.h.nd_ra_retransmit = htonl(iface->ra_retranstime);
469 
470         adv.lladdr.type = ND_OPT_SOURCE_LINKADDR;
471         adv.lladdr.len = 1;
472         odhcpd_get_mac(iface, adv.lladdr.data);
473 
474         adv.mtu.nd_opt_mtu_type = ND_OPT_MTU;
475         adv.mtu.nd_opt_mtu_len = 1;
476 
477         if (mtu == 0)
478                 mtu = odhcpd_get_interface_config(iface->ifname, "mtu");
479 
480         if (mtu < 1280)
481                 mtu = 1280;
482 
483         adv.mtu.nd_opt_mtu_mtu = htonl(mtu);
484 
485         iov[IOV_RA_ADV].iov_base = (char *)&adv;
486         iov[IOV_RA_ADV].iov_len = sizeof(adv);
487 
488         /* If not shutdown */
489         if (iface->timer_rs.cb) {
490                 size_t size = sizeof(*addrs) * iface->addr6_len;
491 
492                 addrs = alloca(size);
493                 memcpy(addrs, iface->addr6, size);
494 
495                 addr_cnt = iface->addr6_len;
496 
497                 /* Check default route */
498                 if (iface->default_router) {
499                         default_route = true;
500 
501                         if (iface->default_router > 1)
502                                 valid_prefix = true;
503                 } else if (parse_routes(addrs, addr_cnt))
504                         default_route = true;
505         }
506 
507         /* Construct Prefix Information options */
508         for (ssize_t i = 0; i < addr_cnt; ++i) {
509                 struct odhcpd_ipaddr *addr = &addrs[i];
510                 struct nd_opt_prefix_info *p = NULL;
511                 uint32_t preferred = 0;
512                 uint32_t valid = 0;
513 
514                 if (addr->prefix > 96 || addr->valid <= (uint32_t)now) {
515                         syslog(LOG_INFO, "Address %s (prefix %d, valid %u) not suitable as RA prefix on %s",
516                                 inet_ntop(AF_INET6, &addr->addr.in6, buf, sizeof(buf)), addr->prefix,
517                                 addr->valid, iface->name);
518                         continue;
519                 }
520 
521                 if (odhcpd_bmemcmp(&addr->addr, &iface->pio_filter_addr,
522                                    iface->pio_filter_length) != 0 ||
523                     addr->prefix < iface->pio_filter_length) {
524                         syslog(LOG_INFO, "Address %s filtered out as RA prefix on %s",
525                                inet_ntop(AF_INET6, &addr->addr.in6, buf, sizeof(buf)),
526                                iface->name);
527                         continue; /* PIO filtered out of this RA */
528                 }
529 
530                 for (size_t i = 0; i < pfxs_cnt; ++i) {
531                         if (addr->prefix == pfxs[i].nd_opt_pi_prefix_len &&
532                                         !odhcpd_bmemcmp(&pfxs[i].nd_opt_pi_prefix,
533                                         &addr->addr.in6, addr->prefix))
534                                 p = &pfxs[i];
535                 }
536 
537                 if (!p) {
538                         struct nd_opt_prefix_info *tmp;
539 
540                         tmp = realloc(pfxs, sizeof(*pfxs) * (pfxs_cnt + 1));
541                         if (!tmp) {
542                                 syslog(LOG_ERR, "Realloc failed for RA prefix option on %s", iface->name);
543                                 continue;
544                         }
545 
546                         pfxs = tmp;
547                         p = &pfxs[pfxs_cnt++];
548                         memset(p, 0, sizeof(*p));
549                 }
550 
551                 if (addr->preferred > (uint32_t)now) {
552                         preferred = TIME_LEFT(addr->preferred, now);
553 
554                         if (iface->ra_useleasetime &&
555                             preferred > iface->dhcp_leasetime)
556                                 preferred = iface->dhcp_leasetime;
557                 }
558 
559                 valid = TIME_LEFT(addr->valid, now);
560                 if (iface->ra_useleasetime && valid > iface->dhcp_leasetime)
561                         valid = iface->dhcp_leasetime;
562 
563                 if (minvalid > valid)
564                         minvalid = valid;
565 
566                 if (!IN6_IS_ADDR_ULA(&addr->addr.in6) || iface->default_router)
567                         valid_prefix = true;
568 
569                 odhcpd_bmemcpy(&p->nd_opt_pi_prefix, &addr->addr.in6,
570                                 (iface->ra_advrouter) ? 128 : addr->prefix);
571                 p->nd_opt_pi_type = ND_OPT_PREFIX_INFORMATION;
572                 p->nd_opt_pi_len = 4;
573                 p->nd_opt_pi_prefix_len = (addr->prefix < 64) ? 64 : addr->prefix;
574                 p->nd_opt_pi_flags_reserved = 0;
575                 if (!iface->ra_not_onlink)
576                         p->nd_opt_pi_flags_reserved |= ND_OPT_PI_FLAG_ONLINK;
577                 if (iface->ra_slaac && addr->prefix <= 64)
578                         p->nd_opt_pi_flags_reserved |= ND_OPT_PI_FLAG_AUTO;
579                 if (iface->ra_advrouter)
580                         p->nd_opt_pi_flags_reserved |= ND_OPT_PI_FLAG_RADDR;
581                 p->nd_opt_pi_preferred_time = htonl(preferred);
582                 p->nd_opt_pi_valid_time = htonl(valid);
583         }
584 
585         iov[IOV_RA_PFXS].iov_base = (char *)pfxs;
586         iov[IOV_RA_PFXS].iov_len = pfxs_cnt * sizeof(*pfxs);
587 
588         /* Calculate periodic transmit */
589         msecs = calc_adv_interval(iface, minvalid, &maxival);
590         lifetime = calc_ra_lifetime(iface, maxival);
591 
592         if (default_route) {
593                 if (!valid_prefix) {
594                         syslog(LOG_WARNING, "A default route is present but there is no public prefix "
595                                         "on %s thus we don't announce a default route!", iface->name);
596                         adv.h.nd_ra_router_lifetime = 0;
597                 } else
598                         adv.h.nd_ra_router_lifetime = htons(lifetime < UINT16_MAX ? lifetime : UINT16_MAX);
599 
600         } else
601                 adv.h.nd_ra_router_lifetime = 0;
602 
603         syslog(LOG_DEBUG, "Using a RA lifetime of %d seconds on %s", ntohs(adv.h.nd_ra_router_lifetime), iface->name);
604 
605         /* DNS options */
606         if (iface->ra_dns) {
607                 struct in6_addr dns_pref, *dns_addr = NULL;
608                 size_t dns_cnt = 0, search_len = iface->search_len;
609                 uint8_t *search_domain = iface->search;
610                 uint8_t search_buf[256];
611 
612                 /* DNS Recursive DNS */
613                 if (iface->dns_cnt > 0) {
614                         dns_addr = iface->dns;
615                         dns_cnt = iface->dns_cnt;
616                 } else if (!odhcpd_get_interface_dns_addr(iface, &dns_pref)) {
617                         dns_addr = &dns_pref;
618                         dns_cnt = 1;
619                 }
620 
621                 if (dns_cnt) {
622                         dns_sz = sizeof(*dns) + sizeof(struct in6_addr)*dns_cnt;
623 
624                         dns = alloca(dns_sz);
625                         memset(dns, 0, dns_sz);
626                         dns->type = ND_OPT_RECURSIVE_DNS;
627                         dns->len = 1 + (2 * dns_cnt);
628                         dns->lifetime = htonl(lifetime);
629                         memcpy(dns->addr, dns_addr, sizeof(struct in6_addr)*dns_cnt);
630                 }
631 
632                 /* DNS Search options */
633                 if (!search_domain && !res_init() && _res.dnsrch[0] && _res.dnsrch[0][0]) {
634                         int len = dn_comp(_res.dnsrch[0], search_buf,
635                                         sizeof(search_buf), NULL, NULL);
636                         if (len > 0) {
637                                 search_domain = search_buf;
638                                 search_len = len;
639                         }
640                 }
641 
642                 if (search_len > 0) {
643                         size_t search_padded = ((search_len + 7) & (~7)) + 8;
644 
645                         search_sz = sizeof(*search) + search_padded;
646 
647                         search = alloca(search_sz);
648                         memset(search, 0, search_sz);
649                         search->type = ND_OPT_DNS_SEARCH;
650                         search->len = search_len ? ((sizeof(*search) + search_padded) / 8) : 0;
651                         search->lifetime = htonl(lifetime);
652                         memcpy(search->name, search_domain, search_len);
653                         memset(&search->name[search_len], 0, search_padded - search_len);
654                 }
655         }
656 
657         iov[IOV_RA_DNS].iov_base = (char *)dns;
658         iov[IOV_RA_DNS].iov_len = dns_sz;
659         iov[IOV_RA_SEARCH].iov_base = (char *)search;
660         iov[IOV_RA_SEARCH].iov_len = search_sz;
661 
662         /*
663          * RFC7084 ยง 4.3 :
664          *    L-3:   An IPv6 CE router MUST advertise itself as a router for the
665          *           delegated prefix(es) (and ULA prefix if configured to provide
666          *           ULA addressing) using the "Route Information Option" specified
667          *           in Section 2.3 of [RFC4191].  This advertisement is
668          *           independent of having or not having IPv6 connectivity on the
669          *           WAN interface.
670          */
671 
672         for (ssize_t i = 0; i < addr_cnt; ++i) {
673                 struct odhcpd_ipaddr *addr = &addrs[i];
674                 struct nd_opt_route_info *tmp;
675                 uint32_t valid;
676 
677                 if (addr->dprefix >= 64 || addr->dprefix == 0 || addr->valid <= (uint32_t)now) {
678                         syslog(LOG_INFO, "Address %s (dprefix %d, valid %u) not suitable as RA route on %s",
679                                 inet_ntop(AF_INET6, &addr->addr.in6, buf, sizeof(buf)),
680                                 addr->dprefix, addr->valid, iface->name);
681 
682                         continue; /* Address not suitable */
683                 }
684 
685                 if (odhcpd_bmemcmp(&addr->addr, &iface->pio_filter_addr,
686                                 iface->pio_filter_length) != 0 ||
687                                 addr->prefix < iface->pio_filter_length) {
688                         syslog(LOG_INFO, "Address %s filtered out as RA route on %s",
689                                inet_ntop(AF_INET6, &addr->addr.in6, buf, sizeof(buf)),
690                                iface->name);
691                         continue; /* PIO filtered out of this RA */
692                 }
693 
694                 if (addr->dprefix > 32) {
695                         addr->addr.in6.s6_addr32[1] &= htonl(~((1U << (64 - addr->dprefix)) - 1));
696                 } else if (addr->dprefix <= 32) {
697                         addr->addr.in6.s6_addr32[0] &= htonl(~((1U << (32 - addr->dprefix)) - 1));
698                         addr->addr.in6.s6_addr32[1] = 0;
699                 }
700 
701                 tmp = realloc(routes, sizeof(*routes) * (routes_cnt + 1));
702                 if (!tmp) {
703                         syslog(LOG_ERR, "Realloc failed for RA route option on %s", iface->name);
704                         continue;
705                 }
706 
707                 routes = tmp;
708 
709                 memset(&routes[routes_cnt], 0, sizeof(*routes));
710                 routes[routes_cnt].type = ND_OPT_ROUTE_INFO;
711                 routes[routes_cnt].len = sizeof(*routes) / 8;
712                 routes[routes_cnt].prefix = addr->dprefix;
713                 routes[routes_cnt].flags = 0;
714                 if (iface->route_preference < 0)
715                         routes[routes_cnt].flags |= ND_RA_PREF_LOW;
716                 else if (iface->route_preference > 0)
717                         routes[routes_cnt].flags |= ND_RA_PREF_HIGH;
718 
719                 valid = TIME_LEFT(addr->valid, now);
720                 routes[routes_cnt].lifetime = htonl(valid < lifetime ? valid : lifetime);
721                 routes[routes_cnt].addr[0] = addr->addr.in6.s6_addr32[0];
722                 routes[routes_cnt].addr[1] = addr->addr.in6.s6_addr32[1];
723                 routes[routes_cnt].addr[2] = 0;
724                 routes[routes_cnt].addr[3] = 0;
725 
726                 ++routes_cnt;
727         }
728 
729         iov[IOV_RA_ROUTES].iov_base = (char *)routes;
730         iov[IOV_RA_ROUTES].iov_len = routes_cnt * sizeof(*routes);
731 
732         memset(&adv_interval, 0, sizeof(adv_interval));
733         adv_interval.nd_opt_adv_interval_type = ND_OPT_RTR_ADV_INTERVAL;
734         adv_interval.nd_opt_adv_interval_len = 1;
735         adv_interval.nd_opt_adv_interval_ival = htonl(maxival*1000);
736 
737         iov[IOV_RA_ADV_INTERVAL].iov_base = (char *)&adv_interval;
738         iov[IOV_RA_ADV_INTERVAL].iov_len = adv_interval.nd_opt_adv_interval_len * 8;
739 
740         memset(&dest, 0, sizeof(dest));
741         dest.sin6_family = AF_INET6;
742 
743         if (from && !IN6_IS_ADDR_UNSPECIFIED(from))
744                 dest.sin6_addr = *from;
745         else
746                 inet_pton(AF_INET6, ALL_IPV6_NODES, &dest.sin6_addr);
747 
748         syslog(LOG_NOTICE, "Sending a RA on %s", iface->name);
749 
750         if (odhcpd_send(iface->router_event.uloop.fd, &dest, iov, ARRAY_SIZE(iov), iface) > 0)
751                 iface->ra_sent++;
752 
753         free(pfxs);
754         free(routes);
755 
756         return msecs;
757 }
758 
759 
760 static void trigger_router_advert(struct uloop_timeout *event)
761 {
762         struct interface *iface = container_of(event, struct interface, timer_rs);
763         int msecs = send_router_advert(iface, NULL);
764 
765         /* Rearm timer if not shut down */
766         if (event->cb)
767                 uloop_timeout_set(event, msecs);
768 }
769 
770 
771 /* Event handler for incoming ICMPv6 packets */
772 static void handle_icmpv6(void *addr, void *data, size_t len,
773                 struct interface *iface, _unused void *dest)
774 {
775         struct icmp6_hdr *hdr = data;
776         struct sockaddr_in6 *from = addr;
777 
778         if (!router_icmpv6_valid(addr, data, len))
779                 return;
780 
781         if ((iface->ra == MODE_SERVER && !iface->master)) { /* Server mode */
782                 if (hdr->icmp6_type == ND_ROUTER_SOLICIT)
783                         send_router_advert(iface, &from->sin6_addr);
784         } else if (iface->ra == MODE_RELAY) { /* Relay mode */
785                 if (hdr->icmp6_type == ND_ROUTER_SOLICIT && !iface->master) {
786                         struct interface *c;
787 
788                         avl_for_each_element(&interfaces, c, avl) {
789                                 if (!c->master || c->ra != MODE_RELAY)
790                                         continue;
791 
792                                 forward_router_solicitation(c);
793                         }
794                 } else if (hdr->icmp6_type == ND_ROUTER_ADVERT && iface->master)
795                         forward_router_advertisement(iface, data, len);
796         }
797 }
798 
799 
800 /* Forward router solicitation */
801 static void forward_router_solicitation(const struct interface *iface)
802 {
803         struct icmp6_hdr rs = {ND_ROUTER_SOLICIT, 0, 0, {{0}}};
804         struct iovec iov = {&rs, sizeof(rs)};
805         struct sockaddr_in6 all_routers;
806 
807         if (!iface)
808                 return;
809 
810         memset(&all_routers, 0, sizeof(all_routers));
811         all_routers.sin6_family = AF_INET6;
812         inet_pton(AF_INET6, ALL_IPV6_ROUTERS, &all_routers.sin6_addr);
813         all_routers.sin6_scope_id = iface->ifindex;
814 
815         syslog(LOG_NOTICE, "Sending RS to %s", iface->name);
816         odhcpd_send(iface->router_event.uloop.fd, &all_routers, &iov, 1, iface);
817 }
818 
819 
820 /* Handler for incoming router solicitations on slave interfaces */
821 static void forward_router_advertisement(const struct interface *iface, uint8_t *data, size_t len)
822 {
823         struct nd_router_advert *adv = (struct nd_router_advert *)data;
824         struct sockaddr_in6 all_nodes;
825         struct icmpv6_opt *opt;
826         struct interface *c;
827         struct iovec iov = { .iov_base = data, .iov_len = len };
828         /* Rewrite options */
829         uint8_t *end = data + len;
830         uint8_t *mac_ptr = NULL;
831         struct in6_addr *dns_ptr = NULL;
832         size_t dns_count = 0;
833 
834         icmpv6_for_each_option(opt, &adv[1], end) {
835                 if (opt->type == ND_OPT_SOURCE_LINKADDR) {
836                         /* Store address of source MAC-address */
837                         mac_ptr = opt->data;
838                 } else if (opt->type == ND_OPT_RECURSIVE_DNS && opt->len > 1) {
839                         /* Check if we have to rewrite DNS */
840                         dns_ptr = (struct in6_addr*)&opt->data[6];
841                         dns_count = (opt->len - 1) / 2;
842                 }
843         }
844 
845         syslog(LOG_NOTICE, "Got a RA on %s", iface->name);
846 
847         /* Indicate a proxy, however we don't follow the rest of RFC 4389 yet */
848         adv->nd_ra_flags_reserved |= ND_RA_FLAG_PROXY;
849 
850         /* Forward advertisement to all slave interfaces */
851         memset(&all_nodes, 0, sizeof(all_nodes));
852         all_nodes.sin6_family = AF_INET6;
853         inet_pton(AF_INET6, ALL_IPV6_NODES, &all_nodes.sin6_addr);
854 
855         avl_for_each_element(&interfaces, c, avl) {
856                 if (c->ra != MODE_RELAY || c->master)
857                         continue;
858 
859                 /* Fixup source hardware address option */
860                 if (mac_ptr)
861                         odhcpd_get_mac(c, mac_ptr);
862 
863                 /* If we have to rewrite DNS entries */
864                 if (c->always_rewrite_dns && dns_ptr && dns_count > 0) {
865                         const struct in6_addr *rewrite = c->dns;
866                         struct in6_addr addr;
867                         size_t rewrite_cnt = c->dns_cnt;
868 
869                         if (rewrite_cnt == 0) {
870                                 if (odhcpd_get_interface_dns_addr(c, &addr))
871                                         continue; /* Unable to comply */
872 
873                                 rewrite = &addr;
874                                 rewrite_cnt = 1;
875                         }
876 
877                         /* Copy over any other addresses */
878                         for (size_t i = 0; i < dns_count; ++i) {
879                                 size_t j = (i < rewrite_cnt) ? i : rewrite_cnt - 1;
880                                 dns_ptr[i] = rewrite[j];
881                         }
882                 }
883 
884                 syslog(LOG_NOTICE, "Forward a RA on %s", c->name);
885 
886                 odhcpd_send(c->router_event.uloop.fd, &all_nodes, &iov, 1, c);
887         }
888 }
889 

This page was automatically generated by LXR 0.3.1.  •  OpenWrt