1 /*
2 * Copyright 2011 Daniel Drown
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * config.c - configuration settings
17 */
18
19 #include <arpa/inet.h>
20 #include <errno.h>
21 #include <limits.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <unistd.h>
26
27 #include <cutils/config_utils.h>
28 #include <netutils/checksum.h>
29 #include <netutils/ifc.h>
30
31 #include "clatd.h"
32 #include "config.h"
33 #include "dns64.h"
34 #include "getaddr.h"
35 #include "logging.h"
36
37 struct clat_config Global_Clatd_Config;
38
39 /* function: config_item_str
40 * locates the config item and returns the pointer to a string, or NULL on failure. Caller frees
41 * pointer
42 * root - parsed configuration
43 * item_name - name of config item to locate
44 * defaultvar - value to use if config item isn't present
45 */
config_item_str(cnode * root,const char * item_name,const char * defaultvar)46 char *config_item_str(cnode *root, const char *item_name, const char *defaultvar) {
47 const char *tmp;
48
49 if (!(tmp = config_str(root, item_name, defaultvar))) {
50 logmsg(ANDROID_LOG_FATAL, "%s config item needed", item_name);
51 return NULL;
52 }
53 return strdup(tmp);
54 }
55
56 /* function: config_item_int16_t
57 * locates the config item, parses the integer, and returns the pointer ret_val_ptr, or NULL on
58 * failure
59 * root - parsed configuration
60 * item_name - name of config item to locate
61 * defaultvar - value to use if config item isn't present
62 * ret_val_ptr - pointer for return value storage
63 */
config_item_int16_t(cnode * root,const char * item_name,const char * defaultvar,int16_t * ret_val_ptr)64 int16_t *config_item_int16_t(cnode *root, const char *item_name, const char *defaultvar,
65 int16_t *ret_val_ptr) {
66 const char *tmp;
67 char *endptr;
68 long int conf_int;
69
70 if (!(tmp = config_str(root, item_name, defaultvar))) {
71 logmsg(ANDROID_LOG_FATAL, "%s config item needed", item_name);
72 return NULL;
73 }
74
75 errno = 0;
76 conf_int = strtol(tmp, &endptr, 10);
77 if (errno > 0) {
78 logmsg(ANDROID_LOG_FATAL, "%s config item is not numeric: %s (error=%s)", item_name, tmp,
79 strerror(errno));
80 return NULL;
81 }
82 if (endptr == tmp || *tmp == '\0') {
83 logmsg(ANDROID_LOG_FATAL, "%s config item is not numeric: %s", item_name, tmp);
84 return NULL;
85 }
86 if (*endptr != '\0') {
87 logmsg(ANDROID_LOG_FATAL, "%s config item contains non-numeric characters: %s", item_name,
88 endptr);
89 return NULL;
90 }
91 if (conf_int > INT16_MAX || conf_int < INT16_MIN) {
92 logmsg(ANDROID_LOG_FATAL, "%s config item is too big/small: %d", item_name, conf_int);
93 return NULL;
94 }
95 *ret_val_ptr = conf_int;
96 return ret_val_ptr;
97 }
98
99 /* function: config_item_ip
100 * locates the config item, parses the ipv4 address, and returns the pointer ret_val_ptr, or NULL on
101 * failure
102 * root - parsed configuration
103 * item_name - name of config item to locate
104 * defaultvar - value to use if config item isn't present
105 * ret_val_ptr - pointer for return value storage
106 */
config_item_ip(cnode * root,const char * item_name,const char * defaultvar,struct in_addr * ret_val_ptr)107 struct in_addr *config_item_ip(cnode *root, const char *item_name, const char *defaultvar,
108 struct in_addr *ret_val_ptr) {
109 const char *tmp;
110 int status;
111
112 if (!(tmp = config_str(root, item_name, defaultvar))) {
113 logmsg(ANDROID_LOG_FATAL, "%s config item needed", item_name);
114 return NULL;
115 }
116
117 status = inet_pton(AF_INET, tmp, ret_val_ptr);
118 if (status <= 0) {
119 logmsg(ANDROID_LOG_FATAL, "invalid IPv4 address specified for %s: %s", item_name, tmp);
120 return NULL;
121 }
122
123 return ret_val_ptr;
124 }
125
126 /* function: config_item_ip6
127 * locates the config item, parses the ipv6 address, and returns the pointer ret_val_ptr, or NULL on
128 * failure
129 * root - parsed configuration
130 * item_name - name of config item to locate
131 * defaultvar - value to use if config item isn't present
132 * ret_val_ptr - pointer for return value storage
133 */
config_item_ip6(cnode * root,const char * item_name,const char * defaultvar,struct in6_addr * ret_val_ptr)134 struct in6_addr *config_item_ip6(cnode *root, const char *item_name, const char *defaultvar,
135 struct in6_addr *ret_val_ptr) {
136 const char *tmp;
137 int status;
138
139 if (!(tmp = config_str(root, item_name, defaultvar))) {
140 logmsg(ANDROID_LOG_FATAL, "%s config item needed", item_name);
141 return NULL;
142 }
143
144 status = inet_pton(AF_INET6, tmp, ret_val_ptr);
145 if (status <= 0) {
146 logmsg(ANDROID_LOG_FATAL, "invalid IPv6 address specified for %s: %s", item_name, tmp);
147 return NULL;
148 }
149
150 return ret_val_ptr;
151 }
152
153 /* function: free_config
154 * frees the memory used by the global config variable
155 */
free_config()156 void free_config() {
157 if (Global_Clatd_Config.plat_from_dns64_hostname) {
158 free(Global_Clatd_Config.plat_from_dns64_hostname);
159 Global_Clatd_Config.plat_from_dns64_hostname = NULL;
160 }
161 }
162
163 /* function: ipv6_prefix_equal
164 * compares the prefixes two ipv6 addresses. assumes the prefix lengths are both /64.
165 * a1 - first address
166 * a2 - second address
167 * returns: 0 if the subnets are different, 1 if they are the same.
168 */
ipv6_prefix_equal(struct in6_addr * a1,struct in6_addr * a2)169 int ipv6_prefix_equal(struct in6_addr *a1, struct in6_addr *a2) { return !memcmp(a1, a2, 8); }
170
171 /* function: dns64_detection
172 * does dns lookups to set the plat subnet or exits on failure, waits forever for a dns response
173 * with a query backoff timer
174 * net_id - (optional) netId to use, NETID_UNSET indicates use of default network
175 */
dns64_detection(unsigned net_id)176 void dns64_detection(unsigned net_id) {
177 int backoff_sleep, status;
178 struct in6_addr tmp_ptr;
179
180 backoff_sleep = 1;
181
182 while (1) {
183 status = plat_prefix(Global_Clatd_Config.plat_from_dns64_hostname, net_id, &tmp_ptr);
184 if (status > 0) {
185 memcpy(&Global_Clatd_Config.plat_subnet, &tmp_ptr, sizeof(struct in6_addr));
186 return;
187 }
188 logmsg(ANDROID_LOG_WARN, "dns64_detection -- error, sleeping for %d seconds", backoff_sleep);
189 sleep(backoff_sleep);
190 backoff_sleep *= 2;
191 if (backoff_sleep >= 1800) {
192 // Scale down to one DNS query per half hour. Unnecessary DNS queries waste power, and the
193 // benefit is minimal (basically, only limited to the case where a network goes from IPv6-only
194 // to IPv6 with NAT64).
195 backoff_sleep = 1800;
196 }
197 }
198 }
199
200 /* function: gen_random_iid
201 * picks a random interface ID that is checksum neutral with the IPv4 address and the NAT64 prefix
202 * myaddr - IPv6 address to write to
203 * ipv4_local_subnet - clat IPv4 address
204 * plat_subnet - NAT64 prefix
205 */
gen_random_iid(struct in6_addr * myaddr,struct in_addr * ipv4_local_subnet,struct in6_addr * plat_subnet)206 void gen_random_iid(struct in6_addr *myaddr, struct in_addr *ipv4_local_subnet,
207 struct in6_addr *plat_subnet) {
208 // Fill last 8 bytes of IPv6 address with random bits.
209 arc4random_buf(&myaddr->s6_addr[8], 8);
210
211 // Make the IID checksum-neutral. That is, make it so that:
212 // checksum(Local IPv4 | Remote IPv4) = checksum(Local IPv6 | Remote IPv6)
213 // in other words (because remote IPv6 = NAT64 prefix | Remote IPv4):
214 // checksum(Local IPv4) = checksum(Local IPv6 | NAT64 prefix)
215 // Do this by adjusting the two bytes in the middle of the IID.
216
217 uint16_t middlebytes = (myaddr->s6_addr[11] << 8) + myaddr->s6_addr[12];
218
219 uint32_t c1 = ip_checksum_add(0, ipv4_local_subnet, sizeof(*ipv4_local_subnet));
220 uint32_t c2 = ip_checksum_add(0, plat_subnet, sizeof(*plat_subnet)) +
221 ip_checksum_add(0, myaddr, sizeof(*myaddr));
222
223 uint16_t delta = ip_checksum_adjust(middlebytes, c1, c2);
224 myaddr->s6_addr[11] = delta >> 8;
225 myaddr->s6_addr[12] = delta & 0xff;
226 }
227
228 // Factored out to a separate function for testability.
connect_is_ipv4_address_free(in_addr_t addr)229 int connect_is_ipv4_address_free(in_addr_t addr) {
230 int s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
231 if (s == -1) {
232 return 0;
233 }
234
235 // Attempt to connect to the address. If the connection succeeds and getsockname returns the same
236 // the address then the address is already assigned to the system and we can't use it.
237 struct sockaddr_in sin = { .sin_family = AF_INET, .sin_addr = { addr }, .sin_port = 53 };
238 socklen_t len = sizeof(sin);
239 int inuse = connect(s, (struct sockaddr *)&sin, sizeof(sin)) == 0 &&
240 getsockname(s, (struct sockaddr *)&sin, &len) == 0 && (size_t)len >= sizeof(sin) &&
241 sin.sin_addr.s_addr == addr;
242
243 close(s);
244 return !inuse;
245 }
246
247 addr_free_func config_is_ipv4_address_free = connect_is_ipv4_address_free;
248
249 /* function: config_select_ipv4_address
250 * picks a free IPv4 address, starting from ip and trying all addresses in the prefix in order
251 * ip - the IP address from the configuration file
252 * prefixlen - the length of the prefix from which addresses may be selected.
253 * returns: the IPv4 address, or INADDR_NONE if no addresses were available
254 */
config_select_ipv4_address(const struct in_addr * ip,int16_t prefixlen)255 in_addr_t config_select_ipv4_address(const struct in_addr *ip, int16_t prefixlen) {
256 in_addr_t chosen = INADDR_NONE;
257
258 // Don't accept prefixes that are too large because we scan addresses one by one.
259 if (prefixlen < 16 || prefixlen > 32) {
260 return chosen;
261 }
262
263 // All these are in host byte order.
264 in_addr_t mask = 0xffffffff >> (32 - prefixlen) << (32 - prefixlen);
265 in_addr_t ipv4 = ntohl(ip->s_addr);
266 in_addr_t first_ipv4 = ipv4;
267 in_addr_t prefix = ipv4 & mask;
268
269 // Pick the first IPv4 address in the pool, wrapping around if necessary.
270 // So, for example, 192.0.0.4 -> 192.0.0.5 -> 192.0.0.6 -> 192.0.0.7 -> 192.0.0.0.
271 do {
272 if (config_is_ipv4_address_free(htonl(ipv4))) {
273 chosen = htonl(ipv4);
274 break;
275 }
276 ipv4 = prefix | ((ipv4 + 1) & ~mask);
277 } while (ipv4 != first_ipv4);
278
279 return chosen;
280 }
281
282 /* function: config_generate_local_ipv6_subnet
283 * generates the local ipv6 subnet when given the interface ip requires config.ipv6_host_id
284 * interface_ip - in: interface ip, out: local ipv6 host address
285 */
config_generate_local_ipv6_subnet(struct in6_addr * interface_ip)286 void config_generate_local_ipv6_subnet(struct in6_addr *interface_ip) {
287 int i;
288
289 if (Global_Clatd_Config.use_dynamic_iid) {
290 /* Generate a random interface ID. */
291 gen_random_iid(interface_ip, &Global_Clatd_Config.ipv4_local_subnet,
292 &Global_Clatd_Config.plat_subnet);
293 } else {
294 /* Use the specified interface ID. */
295 for (i = 2; i < 4; i++) {
296 interface_ip->s6_addr32[i] = Global_Clatd_Config.ipv6_host_id.s6_addr32[i];
297 }
298 }
299 }
300
301 /* function: read_config
302 * reads the config file and parses it into the global variable Global_Clatd_Config. returns 0 on
303 * failure, 1 on success
304 * file - filename to parse
305 * uplink_interface - interface to use to reach the internet and supplier of address space
306 * plat_prefix - (optional) plat prefix to use, otherwise follow config file
307 * net_id - (optional) netId to use, NETID_UNSET indicates use of default network
308 */
read_config(const char * file,const char * uplink_interface,const char * plat_prefix,unsigned net_id)309 int read_config(const char *file, const char *uplink_interface, const char *plat_prefix,
310 unsigned net_id) {
311 cnode *root = config_node("", "");
312 void *tmp_ptr = NULL;
313 unsigned flags;
314
315 if (!root) {
316 logmsg(ANDROID_LOG_FATAL, "out of memory");
317 return 0;
318 }
319
320 memset(&Global_Clatd_Config, '\0', sizeof(Global_Clatd_Config));
321
322 config_load_file(root, file);
323 if (root->first_child == NULL) {
324 logmsg(ANDROID_LOG_FATAL, "Could not read config file %s", file);
325 goto failed;
326 }
327
328 Global_Clatd_Config.default_pdp_interface = strdup(uplink_interface);
329 if (!Global_Clatd_Config.default_pdp_interface) goto failed;
330
331 if (!config_item_int16_t(root, "mtu", "-1", &Global_Clatd_Config.mtu)) goto failed;
332
333 if (!config_item_int16_t(root, "ipv4mtu", "-1", &Global_Clatd_Config.ipv4mtu)) goto failed;
334
335 if (!config_item_ip(root, "ipv4_local_subnet", DEFAULT_IPV4_LOCAL_SUBNET,
336 &Global_Clatd_Config.ipv4_local_subnet))
337 goto failed;
338
339 if (!config_item_int16_t(root, "ipv4_local_prefixlen", DEFAULT_IPV4_LOCAL_PREFIXLEN,
340 &Global_Clatd_Config.ipv4_local_prefixlen))
341 goto failed;
342
343 if (plat_prefix) { // plat subnet is coming from the command line
344 if (inet_pton(AF_INET6, plat_prefix, &Global_Clatd_Config.plat_subnet) <= 0) {
345 logmsg(ANDROID_LOG_FATAL, "invalid IPv6 address specified for plat prefix: %s", plat_prefix);
346 goto failed;
347 }
348 } else {
349 tmp_ptr = (void *)config_item_str(root, "plat_from_dns64", "yes");
350 if (!tmp_ptr || strcmp(tmp_ptr, "no") == 0) {
351 free(tmp_ptr);
352
353 if (!config_item_ip6(root, "plat_subnet", NULL, &Global_Clatd_Config.plat_subnet)) {
354 logmsg(ANDROID_LOG_FATAL, "plat_from_dns64 disabled, but no plat_subnet specified");
355 goto failed;
356 }
357 } else {
358 free(tmp_ptr);
359
360 if (!(Global_Clatd_Config.plat_from_dns64_hostname =
361 config_item_str(root, "plat_from_dns64_hostname", DEFAULT_DNS64_DETECTION_HOSTNAME)))
362 goto failed;
363 dns64_detection(net_id);
364 }
365 }
366
367 if (!config_item_ip6(root, "ipv6_host_id", "::", &Global_Clatd_Config.ipv6_host_id)) goto failed;
368
369 /* In order to prevent multiple devices attempting to use the same clat address, never use a
370 statically-configured interface ID on a broadcast interface such as wifi. */
371 if (!IN6_IS_ADDR_UNSPECIFIED(&Global_Clatd_Config.ipv6_host_id)) {
372 ifc_init();
373 ifc_get_info(Global_Clatd_Config.default_pdp_interface, NULL, NULL, &flags);
374 ifc_close();
375 Global_Clatd_Config.use_dynamic_iid = (flags & IFF_BROADCAST) != 0;
376 } else {
377 Global_Clatd_Config.use_dynamic_iid = 1;
378 }
379
380 return 1;
381
382 failed:
383 free(root);
384 free_config();
385 return 0;
386 }
387
388 /* function; dump_config
389 * prints the current config
390 */
dump_config()391 void dump_config() {
392 char charbuffer[INET6_ADDRSTRLEN];
393
394 logmsg(ANDROID_LOG_DEBUG, "mtu = %d", Global_Clatd_Config.mtu);
395 logmsg(ANDROID_LOG_DEBUG, "ipv4mtu = %d", Global_Clatd_Config.ipv4mtu);
396 logmsg(
397 ANDROID_LOG_DEBUG, "ipv6_local_subnet = %s",
398 inet_ntop(AF_INET6, &Global_Clatd_Config.ipv6_local_subnet, charbuffer, sizeof(charbuffer)));
399 logmsg(
400 ANDROID_LOG_DEBUG, "ipv4_local_subnet = %s",
401 inet_ntop(AF_INET, &Global_Clatd_Config.ipv4_local_subnet, charbuffer, sizeof(charbuffer)));
402 logmsg(ANDROID_LOG_DEBUG, "ipv4_local_prefixlen = %d", Global_Clatd_Config.ipv4_local_prefixlen);
403 logmsg(ANDROID_LOG_DEBUG, "plat_subnet = %s",
404 inet_ntop(AF_INET6, &Global_Clatd_Config.plat_subnet, charbuffer, sizeof(charbuffer)));
405 logmsg(ANDROID_LOG_DEBUG, "default_pdp_interface = %s",
406 Global_Clatd_Config.default_pdp_interface);
407 }
408