1 /*
2  * dhcpcd - DHCP client daemon
3  * Copyright (c) 2006-2015 Roy Marples <roy@marples.name>
4  * All rights reserved
5 
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27 
28 #include <sys/param.h>
29 #include <sys/types.h>
30 #include <sys/socket.h>
31 #include <sys/stat.h>
32 
33 #include <net/if.h>
34 #include <net/route.h>
35 #include <netinet/in.h>
36 #include <netinet/if_ether.h>
37 
38 #ifndef __linux__
39 #  ifndef __QNX__
40 #    include <sys/endian.h>
41 #  endif
42 #  include <net/if.h>
43 #  ifdef __FreeBSD__ /* Needed so that including netinet6/in6_var.h works */
44 #    include <net/if_var.h>
45 #  endif
46 #  ifndef __sun
47 #    include <netinet6/in6_var.h>
48 #  endif
49 #endif
50 
51 #include <errno.h>
52 #include <ifaddrs.h>
53 #include <inttypes.h>
54 #include <stdlib.h>
55 #include <string.h>
56 #include <unistd.h>
57 
58 #define ELOOP_QUEUE 7
59 #include "common.h"
60 #include "if.h"
61 #include "dhcpcd.h"
62 #include "dhcp6.h"
63 #include "eloop.h"
64 #include "ipv6.h"
65 #include "ipv6nd.h"
66 
67 #ifdef HAVE_MD5_H
68 #  ifndef DEPGEN
69 #    include <md5.h>
70 #  endif
71 #else
72 #  include "md5.h"
73 #endif
74 
75 #ifdef SHA2_H
76 #  include SHA2_H
77 #else
78 #  include "sha256.h"
79 #endif
80 
81 #ifndef SHA256_DIGEST_LENGTH
82 #  define SHA256_DIGEST_LENGTH		32
83 #endif
84 
85 #ifdef IPV6_POLLADDRFLAG
86 #  warning kernel does not report IPv6 address flag changes
87 #  warning polling tentative address flags periodically
88 #endif
89 
90 #ifdef __linux__
91    /* Match Linux defines to BSD */
92 #  define IN6_IFF_TEMPORARY IFA_F_TEMPORARY
93 #  ifdef IFA_F_OPTIMISTIC
94 #    define IN6_IFF_TENTATIVE	(IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)
95 #  else
96 #    define IN6_IFF_TENTATIVE   (IFA_F_TENTATIVE | 0x04)
97 #  endif
98 #  ifdef IF_F_DADFAILED
99 #    define IN6_IFF_DUPLICATED	IFA_F_DADFAILED
100 #  else
101 #    define IN6_IFF_DUPLICATED	0x08
102 #  endif
103 #  define IN6_IFF_DETACHED	0
104 #endif
105 
106 #define IN6_IFF_NOTUSEABLE \
107 	(IN6_IFF_TENTATIVE | IN6_IFF_DUPLICATED | IN6_IFF_DETACHED)
108 
109 /* Hackery at it's finest. */
110 #ifndef s6_addr32
111 #  ifdef __sun
112 #    define s6_addr32	_S6_un._S6_u32
113 #  else
114 #    define s6_addr32	__u6_addr.__u6_addr32
115 #  endif
116 #endif
117 
118 
119 #ifdef IPV6_MANAGETEMPADDR
120 static void ipv6_regentempifid(void *);
121 static void ipv6_regentempaddr(void *);
122 #else
123 #define ipv6_regentempifid(a) {}
124 #endif
125 
126 struct ipv6_ctx *
ipv6_init(struct dhcpcd_ctx * dhcpcd_ctx)127 ipv6_init(struct dhcpcd_ctx *dhcpcd_ctx)
128 {
129 	struct ipv6_ctx *ctx;
130 
131 	if (dhcpcd_ctx->ipv6)
132 		return dhcpcd_ctx->ipv6;
133 
134 	ctx = calloc(1, sizeof(*ctx));
135 	if (ctx == NULL)
136 		return NULL;
137 
138 	ctx->routes = malloc(sizeof(*ctx->routes));
139 	if (ctx->routes == NULL) {
140 		free(ctx);
141 		return NULL;
142 	}
143 	TAILQ_INIT(ctx->routes);
144 
145 	ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
146 	if (ctx->ra_routers == NULL) {
147 		free(ctx->routes);
148 		free(ctx);
149 		return NULL;
150 	}
151 	TAILQ_INIT(ctx->ra_routers);
152 
153 	TAILQ_INIT(&ctx->kroutes);
154 
155 	ctx->sndhdr.msg_namelen = sizeof(struct sockaddr_in6);
156 	ctx->sndhdr.msg_iov = ctx->sndiov;
157 	ctx->sndhdr.msg_iovlen = 1;
158 	ctx->sndhdr.msg_control = ctx->sndbuf;
159 	ctx->sndhdr.msg_controllen = sizeof(ctx->sndbuf);
160 	ctx->rcvhdr.msg_name = &ctx->from;
161 	ctx->rcvhdr.msg_namelen = sizeof(ctx->from);
162 	ctx->rcvhdr.msg_iov = ctx->rcviov;
163 	ctx->rcvhdr.msg_iovlen = 1;
164 	ctx->rcvhdr.msg_control = ctx->rcvbuf;
165 	// controllen is set at recieve
166 	//ctx->rcvhdr.msg_controllen = sizeof(ctx->rcvbuf);
167 	ctx->rcviov[0].iov_base = ctx->ansbuf;
168 	ctx->rcviov[0].iov_len = sizeof(ctx->ansbuf);
169 
170 	ctx->nd_fd = -1;
171 	ctx->dhcp_fd = -1;
172 
173 	dhcpcd_ctx->ipv6 = ctx;
174 
175 	return ctx;
176 }
177 
178 ssize_t
ipv6_printaddr(char * s,size_t sl,const uint8_t * d,const char * ifname)179 ipv6_printaddr(char *s, size_t sl, const uint8_t *d, const char *ifname)
180 {
181 	char buf[INET6_ADDRSTRLEN];
182 	const char *p;
183 	size_t l;
184 
185 	p = inet_ntop(AF_INET6, d, buf, sizeof(buf));
186 	if (p == NULL)
187 		return -1;
188 
189 	l = strlen(p);
190 	if (d[0] == 0xfe && (d[1] & 0xc0) == 0x80)
191 		l += 1 + strlen(ifname);
192 
193 	if (s == NULL)
194 		return (ssize_t)l;
195 
196 	if (sl < l) {
197 		errno = ENOMEM;
198 		return -1;
199 	}
200 
201 	s += strlcpy(s, p, sl);
202 	if (d[0] == 0xfe && (d[1] & 0xc0) == 0x80) {
203 		*s++ = '%';
204 		s += strlcpy(s, ifname, sl);
205 	}
206 	*s = '\0';
207 	return (ssize_t)l;
208 }
209 
210 static ssize_t
ipv6_readsecret(struct dhcpcd_ctx * ctx)211 ipv6_readsecret(struct dhcpcd_ctx *ctx)
212 {
213 	FILE *fp;
214 	char line[1024];
215 	unsigned char *p;
216 	size_t len;
217 	uint32_t r;
218 	int x;
219 
220 	if ((fp = fopen(SECRET, "r"))) {
221 		len = 0;
222 		while (fgets(line, sizeof(line), fp)) {
223 			len = strlen(line);
224 			if (len) {
225 				if (line[len - 1] == '\n')
226 					line[len - 1] = '\0';
227 			}
228 			len = hwaddr_aton(NULL, line);
229 			if (len) {
230 				ctx->secret_len = hwaddr_aton(ctx->secret,
231 				    line);
232 				break;
233 			}
234 			len = 0;
235 		}
236 		fclose(fp);
237 		if (len)
238 			return (ssize_t)len;
239 	} else {
240 		if (errno != ENOENT)
241 			logger(ctx, LOG_ERR,
242 			    "error reading secret: %s: %m", SECRET);
243 	}
244 
245 	/* Chaining arc4random should be good enough.
246 	 * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
247 	 * To attempt and future proof ourselves, we'll generate a key of
248 	 * 512 bits (64 bytes). */
249 	p = ctx->secret;
250 	ctx->secret_len = 0;
251 	for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
252 		r = arc4random();
253 		memcpy(p, &r, sizeof(r));
254 		p += sizeof(r);
255 		ctx->secret_len += sizeof(r);
256 
257 	}
258 
259 	/* Ensure that only the dhcpcd user can read the secret.
260 	 * Write permission is also denied as chaning it would remove
261 	 * it's stability. */
262 	if ((fp = fopen(SECRET, "w")) == NULL ||
263 	    chmod(SECRET, S_IRUSR) == -1)
264 		goto eexit;
265 	x = fprintf(fp, "%s\n",
266 	    hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)));
267 	fclose(fp);
268 	if (x > 0)
269 		return (ssize_t)ctx->secret_len;
270 
271 eexit:
272 	logger(ctx, LOG_ERR, "error writing secret: %s: %m", SECRET);
273 	unlink(SECRET);
274 	ctx->secret_len = 0;
275 	return -1;
276 }
277 
278 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
279  * RFC5453 */
280 static const struct reslowhigh {
281 	const uint8_t high[8];
282 	const uint8_t low[8];
283 } reslowhigh[] = {
284 	/* RFC4291 + RFC6543 */
285 	{ { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
286 	  { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
287 	/* RFC2526 */
288 	{ { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
289 	  { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
290 };
291 
292 static int
ipv6_reserved(const struct in6_addr * addr)293 ipv6_reserved(const struct in6_addr *addr)
294 {
295 	uint64_t id, low, high;
296 	size_t i;
297 	const struct reslowhigh *r;
298 
299 	id = be64dec(addr->s6_addr + sizeof(id));
300 	if (id == 0) /* RFC4291 */
301 		return 1;
302 	for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) {
303 		r = &reslowhigh[i];
304 		low = be64dec(r->low);
305 		high = be64dec(r->high);
306 		if (id >= low && id <= high)
307 			return 1;
308 	}
309 	return 0;
310 }
311 
312 /* RFC7217 */
313 static int
ipv6_makestableprivate1(struct in6_addr * addr,const struct in6_addr * prefix,int prefix_len,const unsigned char * netiface,size_t netiface_len,const unsigned char * netid,size_t netid_len,uint32_t * dad_counter,const unsigned char * secret,size_t secret_len)314 ipv6_makestableprivate1(struct in6_addr *addr,
315     const struct in6_addr *prefix, int prefix_len,
316     const unsigned char *netiface, size_t netiface_len,
317     const unsigned char *netid, size_t netid_len,
318     uint32_t *dad_counter,
319     const unsigned char *secret, size_t secret_len)
320 {
321 	unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
322 	size_t len, l;
323 	SHA256_CTX ctx;
324 
325 	if (prefix_len < 0 || prefix_len > 120) {
326 		errno = EINVAL;
327 		return -1;
328 	}
329 
330 	l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
331 	len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len;
332 	if (len > sizeof(buf)) {
333 		errno = ENOBUFS;
334 		return -1;
335 	}
336 
337 	for (;; (*dad_counter)++) {
338 		/* Combine all parameters into one buffer */
339 		p = buf;
340 		memcpy(p, prefix, l);
341 		p += l;
342 		memcpy(p, netiface, netiface_len);
343 		p += netiface_len;
344 		memcpy(p, netid, netid_len);
345 		p += netid_len;
346 		memcpy(p, dad_counter, sizeof(*dad_counter));
347 		p += sizeof(*dad_counter);
348 		memcpy(p, secret, secret_len);
349 
350 		/* Make an address using the digest of the above.
351 		 * RFC7217 Section 5.1 states that we shouldn't use MD5.
352 		 * Pity as we use that for HMAC-MD5 which is still deemed OK.
353 		 * SHA-256 is recommended */
354 		SHA256_Init(&ctx);
355 		SHA256_Update(&ctx, buf, len);
356 		SHA256_Final(digest, &ctx);
357 
358 		p = addr->s6_addr;
359 		memcpy(p, prefix, l);
360 		/* RFC7217 section 5.2 says we need to start taking the id from
361 		 * the least significant bit */
362 		len = sizeof(addr->s6_addr) - l;
363 		memcpy(p + l, digest + (sizeof(digest) - len), len);
364 
365 		/* Ensure that the Interface ID does not match a reserved one,
366 		 * if it does then treat it as a DAD failure.
367 		 * RFC7217 section 5.2 */
368 		if (prefix_len != 64)
369 			break;
370 		if (!ipv6_reserved(addr))
371 			break;
372 	}
373 
374 	return 0;
375 }
376 
377 int
ipv6_makestableprivate(struct in6_addr * addr,const struct in6_addr * prefix,int prefix_len,const struct interface * ifp,int * dad_counter)378 ipv6_makestableprivate(struct in6_addr *addr,
379     const struct in6_addr *prefix, int prefix_len,
380     const struct interface *ifp,
381     int *dad_counter)
382 {
383 	uint32_t dad;
384 	int r;
385 
386 	dad = (uint32_t)*dad_counter;
387 
388 	/* For our implementation, we shall set the hardware address
389 	 * as the interface identifier */
390 	r = ipv6_makestableprivate1(addr, prefix, prefix_len,
391 	    ifp->hwaddr, ifp->hwlen,
392 	    ifp->ssid, ifp->ssid_len,
393 	    &dad,
394 	    ifp->ctx->secret, ifp->ctx->secret_len);
395 
396 	if (r == 0)
397 		*dad_counter = (int)dad;
398 	return r;
399 }
400 
401 int
ipv6_makeaddr(struct in6_addr * addr,const struct interface * ifp,const struct in6_addr * prefix,int prefix_len)402 ipv6_makeaddr(struct in6_addr *addr, const struct interface *ifp,
403     const struct in6_addr *prefix, int prefix_len)
404 {
405 	const struct ipv6_addr *ap;
406 	int dad;
407 
408 	if (prefix_len < 0 || prefix_len > 120) {
409 		errno = EINVAL;
410 		return -1;
411 	}
412 
413 	if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
414 		if (ifp->ctx->secret_len == 0) {
415 			if (ipv6_readsecret(ifp->ctx) == -1)
416 				return -1;
417 		}
418 		dad = 0;
419 		if (ipv6_makestableprivate(addr,
420 		    prefix, prefix_len, ifp, &dad) == -1)
421 			return -1;
422 		return dad;
423 	}
424 
425 	if (prefix_len > 64) {
426 		errno = EINVAL;
427 		return -1;
428 	}
429 	if ((ap = ipv6_linklocal(ifp)) == NULL) {
430 		/* We delay a few functions until we get a local-link address
431 		 * so this should never be hit. */
432 		errno = ENOENT;
433 		return -1;
434 	}
435 
436 	/* Make the address from the first local-link address */
437 	memcpy(addr, prefix, sizeof(*prefix));
438 	addr->s6_addr32[2] = ap->addr.s6_addr32[2];
439 	addr->s6_addr32[3] = ap->addr.s6_addr32[3];
440 	return 0;
441 }
442 
443 int
ipv6_makeprefix(struct in6_addr * prefix,const struct in6_addr * addr,int len)444 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
445 {
446 	int bytelen, bitlen;
447 
448 	if (len < 0 || len > 128) {
449 		errno = EINVAL;
450 		return -1;
451 	}
452 
453 	bytelen = len / NBBY;
454 	bitlen = len % NBBY;
455 	memcpy(&prefix->s6_addr, &addr->s6_addr, (size_t)bytelen);
456 	if (bitlen != 0)
457 		prefix->s6_addr[bytelen] =
458 		    (uint8_t)(prefix->s6_addr[bytelen] >> (NBBY - bitlen));
459 	memset((char *)prefix->s6_addr + bytelen, 0,
460 	    sizeof(prefix->s6_addr) - (size_t)bytelen);
461 	return 0;
462 }
463 
464 int
ipv6_mask(struct in6_addr * mask,int len)465 ipv6_mask(struct in6_addr *mask, int len)
466 {
467 	static const unsigned char masks[NBBY] =
468 	    { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
469 	int bytes, bits, i;
470 
471 	if (len < 0 || len > 128) {
472 		errno = EINVAL;
473 		return -1;
474 	}
475 
476 	memset(mask, 0, sizeof(*mask));
477 	bytes = len / NBBY;
478 	bits = len % NBBY;
479 	for (i = 0; i < bytes; i++)
480 		mask->s6_addr[i] = 0xff;
481 	if (bits)
482 		mask->s6_addr[bytes] = masks[bits - 1];
483 	return 0;
484 }
485 
486 uint8_t
ipv6_prefixlen(const struct in6_addr * mask)487 ipv6_prefixlen(const struct in6_addr *mask)
488 {
489 	int x = 0, y;
490 	const unsigned char *lim, *p;
491 
492 	lim = (const unsigned char *)mask + sizeof(*mask);
493 	for (p = (const unsigned char *)mask; p < lim; x++, p++) {
494 		if (*p != 0xff)
495 			break;
496 	}
497 	y = 0;
498 	if (p < lim) {
499 		for (y = 0; y < NBBY; y++) {
500 			if ((*p & (0x80 >> y)) == 0)
501 				break;
502 		}
503 	}
504 
505 	/*
506 	 * when the limit pointer is given, do a stricter check on the
507 	 * remaining bits.
508 	 */
509 	if (p < lim) {
510 		if (y != 0 && (*p & (0x00ff >> y)) != 0)
511 			return 0;
512 		for (p = p + 1; p < lim; p++)
513 			if (*p != 0)
514 				return 0;
515 	}
516 
517 	return (uint8_t)(x * NBBY + y);
518 }
519 
520 static void
in6_to_h64(uint64_t * vhigh,uint64_t * vlow,const struct in6_addr * addr)521 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
522 {
523 
524 	*vhigh = be64dec(addr->s6_addr);
525 	*vlow = be64dec(addr->s6_addr + 8);
526 }
527 
528 static void
h64_to_in6(struct in6_addr * addr,uint64_t vhigh,uint64_t vlow)529 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
530 {
531 
532 	be64enc(addr->s6_addr, vhigh);
533 	be64enc(addr->s6_addr + 8, vlow);
534 }
535 
536 int
ipv6_userprefix(const struct in6_addr * prefix,short prefix_len,uint64_t user_number,struct in6_addr * result,short result_len)537 ipv6_userprefix(
538 	const struct in6_addr *prefix,	// prefix from router
539 	short prefix_len,		// length of prefix received
540 	uint64_t user_number,		// "random" number from user
541 	struct in6_addr *result,	// resultant prefix
542 	short result_len)		// desired prefix length
543 {
544 	uint64_t vh, vl, user_low, user_high;
545 
546 	if (prefix_len < 0 || prefix_len > 120 ||
547 	    result_len < 0 || result_len > 120)
548 	{
549 		errno = EINVAL;
550 		return -1;
551 	}
552 
553 	/* Check that the user_number fits inside result_len less prefix_len */
554 	if (result_len < prefix_len || user_number > INT_MAX ||
555 	    ffs((int)user_number) > result_len - prefix_len)
556 	{
557 	       errno = ERANGE;
558 	       return -1;
559 	}
560 
561 	/* virtually shift user number by dest_len, then split at 64 */
562 	if (result_len >= 64) {
563 		user_high = user_number << (result_len - 64);
564 		user_low = 0;
565 	} else {
566 		user_high = user_number >> (64 - result_len);
567 		user_low = user_number << result_len;
568 	}
569 
570 	/* convert to two 64bit host order values */
571 	in6_to_h64(&vh, &vl, prefix);
572 
573 	vh |= user_high;
574 	vl |= user_low;
575 
576 	/* copy back result */
577 	h64_to_in6(result, vh, vl);
578 
579 	return 0;
580 }
581 
582 #ifdef IPV6_POLLADDRFLAG
583 void
ipv6_checkaddrflags(void * arg)584 ipv6_checkaddrflags(void *arg)
585 {
586 	struct ipv6_addr *ap;
587 	int ifa_flags;
588 
589 	ap = arg;
590 	ifa_flags = if_addrflags6(&ap->addr, ap->iface);
591 	if (ifa_flags == -1)
592 		logger(ap->iface->ctx, LOG_ERR,
593 		    "%s: if_addrflags6: %m", ap->iface->name);
594 	else if (!(ifa_flags & IN6_IFF_TENTATIVE)) {
595 		ipv6_handleifa(ap->iface->ctx, RTM_NEWADDR,
596 		    ap->iface->ctx->ifaces, ap->iface->name,
597 		    &ap->addr, ap->prefix_len, ifa_flags);
598 	} else {
599 		struct timespec tv;
600 
601 		ms_to_ts(&tv, RETRANS_TIMER / 2);
602 		eloop_timeout_add_tv(ap->iface->ctx->eloop, &tv,
603 		    ipv6_checkaddrflags, ap);
604 	}
605 }
606 #endif
607 
608 
609 static void
ipv6_deleteaddr(struct ipv6_addr * ia)610 ipv6_deleteaddr(struct ipv6_addr *ia)
611 {
612 #ifndef PASSIVE_MODE
613 	struct ipv6_state *state;
614 	struct ipv6_addr *ap;
615 
616 	logger(ia->iface->ctx, LOG_INFO, "%s: deleting address %s",
617 	    ia->iface->name, ia->saddr);
618 	if (if_deladdress6(ia) == -1 &&
619 	    errno != EADDRNOTAVAIL && errno != ENXIO && errno != ENODEV)
620 		logger(ia->iface->ctx, LOG_ERR, "if_deladdress6: :%m");
621 
622 	state = IPV6_STATE(ia->iface);
623 	TAILQ_FOREACH(ap, &state->addrs, next) {
624 		if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
625 			TAILQ_REMOVE(&state->addrs, ap, next);
626 			ipv6_freeaddr(ap);
627 			break;
628 		}
629 	}
630 #endif
631 }
632 
633 int
ipv6_addaddr(struct ipv6_addr * ap,const struct timespec * now)634 ipv6_addaddr(struct ipv6_addr *ap, const struct timespec *now)
635 {
636 #ifndef PASSIVE_MODE
637 	struct interface *ifp;
638 	struct ipv6_state *state;
639 	struct ipv6_addr *nap;
640 	uint32_t pltime, vltime;
641 
642 	/* Ensure no other interface has this address */
643 	TAILQ_FOREACH(ifp, ap->iface->ctx->ifaces, next) {
644 		if (ifp == ap->iface || strcmp(ifp->name, ap->iface->name) == 0)
645 			continue;
646 		state = IPV6_STATE(ifp);
647 		if (state == NULL)
648 			continue;
649 		TAILQ_FOREACH(nap, &state->addrs, next) {
650 			if (IN6_ARE_ADDR_EQUAL(&nap->addr, &ap->addr)) {
651 				ipv6_deleteaddr(nap);
652 				break;
653 			}
654 		}
655 	}
656 
657 	if (!(ap->flags & IPV6_AF_DADCOMPLETED) &&
658 	    ipv6_iffindaddr(ap->iface, &ap->addr))
659 		ap->flags |= IPV6_AF_DADCOMPLETED;
660 
661 	logger(ap->iface->ctx, ap->flags & IPV6_AF_NEW ? LOG_INFO : LOG_DEBUG,
662 	    "%s: adding address %s", ap->iface->name, ap->saddr);
663 	if (ap->prefix_pltime == ND6_INFINITE_LIFETIME &&
664 	    ap->prefix_vltime == ND6_INFINITE_LIFETIME)
665 		logger(ap->iface->ctx, LOG_DEBUG,
666 		    "%s: pltime infinity, vltime infinity",
667 		    ap->iface->name);
668 	else if (ap->prefix_pltime == ND6_INFINITE_LIFETIME)
669 		logger(ap->iface->ctx, LOG_DEBUG,
670 		    "%s: pltime infinity, vltime %"PRIu32" seconds",
671 		    ap->iface->name, ap->prefix_vltime);
672 	else if (ap->prefix_vltime == ND6_INFINITE_LIFETIME)
673 		logger(ap->iface->ctx, LOG_DEBUG,
674 		    "%s: pltime %"PRIu32"seconds, vltime infinity",
675 		    ap->iface->name, ap->prefix_pltime);
676 	else
677 		logger(ap->iface->ctx, LOG_DEBUG,
678 		    "%s: pltime %"PRIu32" seconds, vltime %"PRIu32" seconds",
679 		    ap->iface->name, ap->prefix_pltime, ap->prefix_vltime);
680 
681 	/* Adjust plftime and vltime based on acquired time */
682 	pltime = ap->prefix_pltime;
683 	vltime = ap->prefix_vltime;
684 	if (timespecisset(&ap->acquired) &&
685 	    (ap->prefix_pltime != ND6_INFINITE_LIFETIME ||
686 	    ap->prefix_vltime != ND6_INFINITE_LIFETIME))
687 	{
688 		struct timespec n;
689 
690 		if (now == NULL) {
691 			get_monotonic(&n);
692 			now = &n;
693 		}
694 		timespecsub(now, &ap->acquired, &n);
695 		if (ap->prefix_pltime != ND6_INFINITE_LIFETIME)
696 			ap->prefix_pltime -= (uint32_t)n.tv_sec;
697 		if (ap->prefix_vltime != ND6_INFINITE_LIFETIME)
698 			ap->prefix_vltime -= (uint32_t)n.tv_sec;
699 	}
700 
701 	if (if_addaddress6(ap) == -1) {
702 		logger(ap->iface->ctx, LOG_ERR, "if_addaddress6: %m");
703 #if 0
704 		logger(ap->iface->ctx, LOG_DEBUG,
705 		    "%s: adj pltime %"PRIu32" seconds, "
706 		    "vltime %"PRIu32" seconds",
707 		    ap->iface->name, ap->prefix_pltime, ap->prefix_vltime);
708 #endif
709 		/* Restore real pltime and vltime */
710 		ap->prefix_pltime = pltime;
711 		ap->prefix_vltime = vltime;
712 		return -1;
713 	}
714 
715 #ifdef IPV6_MANAGETEMPADDR
716 	/* RFC4941 Section 3.4 */
717 	if (ap->flags & IPV6_AF_TEMPORARY &&
718 	    ap->prefix_pltime &&
719 	    ap->prefix_vltime &&
720 	    ap->iface->options->options & DHCPCD_IPV6RA_OWN &&
721 	    ip6_use_tempaddr(ap->iface->name))
722 		eloop_timeout_add_sec(ap->iface->ctx->eloop,
723 		    (time_t)ap->prefix_pltime - REGEN_ADVANCE,
724 		    ipv6_regentempaddr, ap);
725 #endif
726 
727 	/* Restore real pltime and vltime */
728 	ap->prefix_pltime = pltime;
729 	ap->prefix_vltime = vltime;
730 
731 	ap->flags &= ~IPV6_AF_NEW;
732 	ap->flags |= IPV6_AF_ADDED;
733 	if (ap->delegating_iface)
734 		ap->flags |= IPV6_AF_DELEGATED;
735 
736 #ifdef IPV6_POLLADDRFLAG
737 	eloop_timeout_delete(ap->iface->ctx->eloop,
738 		ipv6_checkaddrflags, ap);
739 	if (!(ap->flags & IPV6_AF_DADCOMPLETED)) {
740 		struct timespec tv;
741 
742 		ms_to_ts(&tv, RETRANS_TIMER / 2);
743 		eloop_timeout_add_tv(ap->iface->ctx->eloop,
744 		    &tv, ipv6_checkaddrflags, ap);
745 	}
746 #endif
747 #endif
748 
749 	return 0;
750 }
751 
752 int
ipv6_publicaddr(const struct ipv6_addr * ia)753 ipv6_publicaddr(const struct ipv6_addr *ia)
754 {
755 	return (ia->prefix_pltime &&
756 	    (ia->addr.s6_addr[0] & 0xfe) != 0xc &&
757 	    !(ia->addr_flags & IN6_IFF_NOTUSEABLE));
758 }
759 
760 struct ipv6_addr *
ipv6_findaddr(struct dhcpcd_ctx * ctx,const struct in6_addr * addr,short flags)761 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, short flags)
762 {
763 	struct ipv6_addr *dap, *nap;
764 
765 	dap = dhcp6_findaddr(ctx, addr, flags);
766 	nap = ipv6nd_findaddr(ctx, addr, flags);
767 	if (!dap && !nap)
768 		return NULL;
769 	if (dap && !nap)
770 		return dap;
771 	if (nap && !dap)
772 		return nap;
773 	if (nap->iface->metric < dap->iface->metric)
774 		return nap;
775 	return dap;
776 }
777 
778 ssize_t
ipv6_addaddrs(struct ipv6_addrhead * addrs)779 ipv6_addaddrs(struct ipv6_addrhead *addrs)
780 {
781 	struct ipv6_addr *ap, *apn, *apf;
782 	ssize_t i;
783 	struct timespec now;
784 
785 	i = 0;
786 	timespecclear(&now);
787 	TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
788 		if (ap->prefix_vltime == 0) {
789 			if (ap->flags & IPV6_AF_ADDED) {
790 				ipv6_deleteaddr(ap);
791 				i++;
792 			}
793 			eloop_q_timeout_delete(ap->iface->ctx->eloop,
794 			    0, NULL, ap);
795 			if (ap->flags & IPV6_AF_REQUEST) {
796 				ap->flags &= ~IPV6_AF_ADDED;
797 			} else {
798 				TAILQ_REMOVE(addrs, ap, next);
799 				ipv6_freeaddr(ap);
800 			}
801 		} else if (!(ap->flags & IPV6_AF_STALE) &&
802 		    !IN6_IS_ADDR_UNSPECIFIED(&ap->addr))
803 		{
804 			apf = ipv6_findaddr(ap->iface->ctx,
805 			    &ap->addr, IPV6_AF_ADDED);
806 			if (apf && apf->iface != ap->iface &&
807 			    strcmp(apf->iface->name, ap->iface->name))
808 			{
809 				if (apf->iface->metric <= ap->iface->metric) {
810 					logger(apf->iface->ctx, LOG_INFO,
811 					    "%s: preferring %s on %s",
812 					    ap->iface->name,
813 					    ap->saddr,
814 					    apf->iface->name);
815 					continue;
816 				}
817 				logger(apf->iface->ctx, LOG_INFO,
818 				    "%s: preferring %s on %s",
819 				    apf->iface->name,
820 				    ap->saddr,
821 				    ap->iface->name);
822 				if (if_deladdress6(apf) == -1 &&
823 				    errno != EADDRNOTAVAIL && errno != ENXIO)
824 					logger(apf->iface->ctx, LOG_ERR,
825 					    "if_deladdress6: %m");
826 				apf->flags &=
827 				    ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED);
828 			} else if (apf)
829 				apf->flags &= ~IPV6_AF_ADDED;
830 			if (ap->flags & IPV6_AF_NEW)
831 				i++;
832 			if (!timespecisset(&now))
833 				get_monotonic(&now);
834 			ipv6_addaddr(ap, &now);
835 		}
836 	}
837 
838 	return i;
839 }
840 
841 void
ipv6_freeaddr(struct ipv6_addr * ap)842 ipv6_freeaddr(struct ipv6_addr *ap)
843 {
844 
845 	eloop_q_timeout_delete(ap->iface->ctx->eloop, 0, NULL, ap);
846 	free(ap);
847 }
848 
849 void
ipv6_freedrop_addrs(struct ipv6_addrhead * addrs,int drop,const struct interface * ifd)850 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
851     const struct interface *ifd)
852 {
853 	struct ipv6_addr *ap, *apn, *apf;
854 	struct timespec now;
855 
856 	timespecclear(&now);
857 	TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
858 		if (ifd && ap->delegating_iface != ifd)
859 			continue;
860 		if (drop != 2)
861 			TAILQ_REMOVE(addrs, ap, next);
862 		if (drop && ap->flags & IPV6_AF_ADDED &&
863 		    (ap->iface->options->options &
864 		    (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
865 		    (DHCPCD_EXITING | DHCPCD_PERSISTENT))
866 		{
867 			if (drop == 2)
868 				TAILQ_REMOVE(addrs, ap, next);
869 			/* Find the same address somewhere else */
870 			apf = ipv6_findaddr(ap->iface->ctx, &ap->addr, 0);
871 			if (apf == NULL ||
872 			    (apf->iface != ap->iface &&
873 			    strcmp(apf->iface->name, ap->iface->name)))
874 				ipv6_deleteaddr(ap);
875 			if (!(ap->iface->options->options &
876 			    DHCPCD_EXITING) && apf)
877 			{
878 				if (!timespecisset(&now))
879 					get_monotonic(&now);
880 				ipv6_addaddr(apf, &now);
881 			}
882 			if (drop == 2)
883 				ipv6_freeaddr(ap);
884 		}
885 		if (drop != 2)
886 			ipv6_freeaddr(ap);
887 	}
888 }
889 
890 static struct ipv6_state *
ipv6_getstate(struct interface * ifp)891 ipv6_getstate(struct interface *ifp)
892 {
893 	struct ipv6_state *state;
894 
895 	state = IPV6_STATE(ifp);
896 	if (state == NULL) {
897 	        ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
898 		state = IPV6_STATE(ifp);
899 		if (state == NULL) {
900 			logger(ifp->ctx, LOG_ERR, "%s: %m", __func__);
901 			return NULL;
902 		}
903 		TAILQ_INIT(&state->addrs);
904 		TAILQ_INIT(&state->ll_callbacks);
905 
906 		/* Regenerate new ids */
907 		if (ifp->options &&
908 		    ifp->options->options & DHCPCD_IPV6RA_OWN &&
909 		    ip6_use_tempaddr(ifp->name))
910 			ipv6_regentempifid(ifp);
911 	}
912 	return state;
913 }
914 
915 void
ipv6_handleifa(struct dhcpcd_ctx * ctx,int cmd,struct if_head * ifs,const char * ifname,const struct in6_addr * addr,uint8_t prefix_len,int flags)916 ipv6_handleifa(struct dhcpcd_ctx *ctx,
917     int cmd, struct if_head *ifs, const char *ifname,
918     const struct in6_addr *addr, uint8_t prefix_len, int flags)
919 {
920 	struct interface *ifp;
921 	struct ipv6_state *state;
922 	struct ipv6_addr *ap;
923 	struct ll_callback *cb;
924 
925 #if 0
926 	char buf[INET6_ADDRSTRLEN];
927 	inet_ntop(AF_INET6, &addr->s6_addr,
928 	    buf, INET6_ADDRSTRLEN);
929 	logger(ctx, LOG_DEBUG, "%s: cmd %d addr %s flags %d",
930 	    ifname, cmd, buf, flags);
931 #endif
932 
933 	if (ifs == NULL)
934 		ifs = ctx->ifaces;
935 	if (ifs == NULL) {
936 		errno = ESRCH;
937 		return;
938 	}
939 	TAILQ_FOREACH(ifp, ifs, next) {
940 		/* Each psuedo interface also stores addresses */
941 		if (strcmp(ifp->name, ifname))
942 			continue;
943 		state = ipv6_getstate(ifp);
944 		if (state == NULL)
945 			continue;
946 
947 		if (!IN6_IS_ADDR_LINKLOCAL(addr)) {
948 			ipv6nd_handleifa(ctx, cmd, ifname, addr, flags);
949 			dhcp6_handleifa(ctx, cmd, ifname, addr, flags);
950 		}
951 
952 		TAILQ_FOREACH(ap, &state->addrs, next) {
953 			if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr))
954 				break;
955 		}
956 
957 		switch (cmd) {
958 		case RTM_DELADDR:
959 			if (ap) {
960 				TAILQ_REMOVE(&state->addrs, ap, next);
961 				ipv6_freeaddr(ap);
962 			}
963 			break;
964 		case RTM_NEWADDR:
965 			if (ap == NULL) {
966 				char buf[INET6_ADDRSTRLEN];
967 				const char *cbp;
968 
969 				ap = calloc(1, sizeof(*ap));
970 				ap->iface = ifp;
971 				ap->addr = *addr;
972 				ap->prefix_len = prefix_len;
973 				ipv6_makeprefix(&ap->prefix, &ap->addr,
974 				    ap->prefix_len);
975 				cbp = inet_ntop(AF_INET6, &addr->s6_addr,
976 				    buf, sizeof(buf));
977 				if (cbp)
978 					snprintf(ap->saddr, sizeof(ap->saddr),
979 					    "%s/%d", cbp, prefix_len);
980 				if (if_getlifetime6(ap) == -1) {
981 					/* No support or address vanished.
982 					 * Either way, just set a deprecated
983 					 * infinite time lifetime and continue.
984 					 * This is fine because we only want
985 					 * to know this when trying to extend
986 					 * temporary addresses.
987 					 * As we can't extend infinite, we'll
988 					 * create a new temporary address. */
989 					ap->prefix_pltime = 0;
990 					ap->prefix_vltime =
991 					    ND6_INFINITE_LIFETIME;
992 				}
993 				/* This is a minor regression against RFC 4941
994 				 * because the kernel only knows when the
995 				 * lifetimes were last updated, not when the
996 				 * address was initially created.
997 				 * Provided dhcpcd is not restarted, this
998 				 * won't be a problem.
999 				 * If we don't like it, we can always
1000 				 * pretend lifetimes are infinite and always
1001 				 * generate a new temporary address on
1002 				 * restart. */
1003 				ap->acquired = ap->created;
1004 				TAILQ_INSERT_TAIL(&state->addrs,
1005 				    ap, next);
1006 			}
1007 			ap->addr_flags = flags;
1008 #ifdef IPV6_MANAGETEMPADDR
1009 			if (ap->addr_flags & IN6_IFF_TEMPORARY)
1010 				ap->flags |= IPV6_AF_TEMPORARY;
1011 #endif
1012 			if (IN6_IS_ADDR_LINKLOCAL(&ap->addr)) {
1013 #ifdef IPV6_POLLADDRFLAG
1014 				if (ap->addr_flags & IN6_IFF_TENTATIVE) {
1015 					struct timespec tv;
1016 
1017 					ms_to_ts(&tv, RETRANS_TIMER / 2);
1018 					eloop_timeout_add_tv(
1019 					    ap->iface->ctx->eloop,
1020 					    &tv, ipv6_checkaddrflags, ap);
1021 					break;
1022 				}
1023 #endif
1024 
1025 				if (!(ap->addr_flags & IN6_IFF_NOTUSEABLE)) {
1026 					/* Now run any callbacks.
1027 					 * Typically IPv6RS or DHCPv6 */
1028 					while ((cb =
1029 					    TAILQ_FIRST(&state->ll_callbacks)))
1030 					{
1031 						TAILQ_REMOVE(
1032 						    &state->ll_callbacks,
1033 						    cb, next);
1034 						cb->callback(cb->arg);
1035 						free(cb);
1036 					}
1037 				}
1038 			}
1039 			break;
1040 		}
1041 	}
1042 }
1043 
1044 const struct ipv6_addr *
ipv6_iffindaddr(const struct interface * ifp,const struct in6_addr * addr)1045 ipv6_iffindaddr(const struct interface *ifp, const struct in6_addr *addr)
1046 {
1047 	const struct ipv6_state *state;
1048 	const struct ipv6_addr *ap;
1049 
1050 	state = IPV6_CSTATE(ifp);
1051 	if (state) {
1052 		TAILQ_FOREACH(ap, &state->addrs, next) {
1053 			if (addr == NULL) {
1054 				if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1055 				    !(ap->addr_flags & IN6_IFF_NOTUSEABLE))
1056 					return ap;
1057 			} else {
1058 				if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1059 				    !(ap->addr_flags & IN6_IFF_TENTATIVE))
1060 					return ap;
1061 			}
1062 		}
1063 	}
1064 	return NULL;
1065 }
1066 
1067 int
ipv6_addlinklocalcallback(struct interface * ifp,void (* callback)(void *),void * arg)1068 ipv6_addlinklocalcallback(struct interface *ifp,
1069     void (*callback)(void *), void *arg)
1070 {
1071 	struct ipv6_state *state;
1072 	struct ll_callback *cb;
1073 
1074 	state = ipv6_getstate(ifp);
1075 	TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1076 		if (cb->callback == callback && cb->arg == arg)
1077 			break;
1078 	}
1079 	if (cb == NULL) {
1080 		cb = malloc(sizeof(*cb));
1081 		if (cb == NULL) {
1082 			logger(ifp->ctx, LOG_ERR, "%s: %m", __func__);
1083 			return -1;
1084 		}
1085 		cb->callback = callback;
1086 		cb->arg = arg;
1087 		TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1088 	}
1089 	return 0;
1090 }
1091 
1092 static struct ipv6_addr *
ipv6_newlinklocal(struct interface * ifp)1093 ipv6_newlinklocal(struct interface *ifp)
1094 {
1095 	struct ipv6_addr *ap;
1096 
1097 	ap = calloc(1, sizeof(*ap));
1098 	if (ap != NULL) {
1099 		ap->iface = ifp;
1100 		ap->prefix.s6_addr32[0] = htonl(0xfe800000);
1101 		ap->prefix.s6_addr32[1] = 0;
1102 		ap->prefix_len = 64;
1103 		ap->dadcounter = 0;
1104 		ap->prefix_pltime = ND6_INFINITE_LIFETIME;
1105 		ap->prefix_vltime = ND6_INFINITE_LIFETIME;
1106 		ap->flags = IPV6_AF_NEW;
1107 		ap->addr_flags = IN6_IFF_TENTATIVE;
1108 	}
1109 	return ap;
1110 }
1111 
1112 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1113 static const uint8_t allone[8] =
1114     { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1115 
1116 static int
ipv6_addlinklocal(struct interface * ifp)1117 ipv6_addlinklocal(struct interface *ifp)
1118 {
1119 	struct ipv6_state *state;
1120 	struct ipv6_addr *ap, *ap2;
1121 	int dadcounter;
1122 
1123 	/* Check sanity before malloc */
1124 	if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1125 		switch (ifp->family) {
1126 		case ARPHRD_ETHER:
1127 			/* Check for a valid hardware address */
1128 			if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1129 				errno = ENOTSUP;
1130 				return -1;
1131 			}
1132 			if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1133 			    memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1134 			{
1135 				errno = EINVAL;
1136 				return -1;
1137 			}
1138 			break;
1139 		default:
1140 			errno = ENOTSUP;
1141 			return -1;
1142 		}
1143 	}
1144 
1145 	state = ipv6_getstate(ifp);
1146 	if (state == NULL)
1147 		return -1;
1148 
1149 	ap = ipv6_newlinklocal(ifp);
1150 	if (ap == NULL)
1151 		return -1;
1152 
1153 	if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1154 		dadcounter = 0;
1155 nextslaacprivate:
1156 		if (ipv6_makestableprivate(&ap->addr,
1157 			&ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1158 		{
1159 			free(ap);
1160 			return -1;
1161 		}
1162 		ap->dadcounter = dadcounter;
1163 	} else {
1164 		memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1165 		switch (ifp->family) {
1166 		case ARPHRD_ETHER:
1167 			if (ifp->hwlen == 6) {
1168 				ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1169 				ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1170 				ap->addr.s6_addr[10] = ifp->hwaddr[2];
1171 				ap->addr.s6_addr[11] = 0xff;
1172 				ap->addr.s6_addr[12] = 0xfe;
1173 				ap->addr.s6_addr[13] = ifp->hwaddr[3];
1174 				ap->addr.s6_addr[14] = ifp->hwaddr[4];
1175 				ap->addr.s6_addr[15] = ifp->hwaddr[5];
1176 			} else if (ifp->hwlen == 8)
1177 				memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1178 			else {
1179 				free(ap);
1180 				errno = ENOTSUP;
1181 				return -1;
1182 			}
1183 			break;
1184 		}
1185 
1186 		/* Sanity check: g bit must not indciate "group" */
1187 		if (EUI64_GROUP(&ap->addr)) {
1188 			free(ap);
1189 			errno = EINVAL;
1190 			return -1;
1191 		}
1192 		EUI64_TO_IFID(&ap->addr);
1193 	}
1194 
1195 	/* Do we already have this address? */
1196 	TAILQ_FOREACH(ap2, &state->addrs, next) {
1197 		if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1198 			if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1199 				if (ifp->options->options &
1200 				    DHCPCD_SLAACPRIVATE)
1201 				{
1202 					dadcounter++;
1203 					goto nextslaacprivate;
1204 				}
1205 				free(ap);
1206 				errno = EADDRNOTAVAIL;
1207 				return -1;
1208 			}
1209 
1210 			logger(ap2->iface->ctx, LOG_WARNING,
1211 			    "%s: waiting for %s to complete",
1212 			    ap2->iface->name, ap2->saddr);
1213 			free(ap);
1214 			errno =	EEXIST;
1215 			return 0;
1216 		}
1217 	}
1218 
1219 	inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1220 	TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1221 	ipv6_addaddr(ap, NULL);
1222 	return 1;
1223 }
1224 
1225 /* Ensure the interface has a link-local address */
1226 int
ipv6_start(struct interface * ifp)1227 ipv6_start(struct interface *ifp)
1228 {
1229 	const struct ipv6_state *state;
1230 	const struct ipv6_addr *ap;
1231 
1232 	/* We can't assign a link-locak address to this,
1233 	 * the ppp process has to. */
1234 	if (ifp->flags & IFF_POINTOPOINT)
1235 		return 0;
1236 
1237 	state = IPV6_CSTATE(ifp);
1238 	if (state) {
1239 		TAILQ_FOREACH(ap, &state->addrs, next) {
1240 			if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1241 			    !(ap->addr_flags & IN6_IFF_DUPLICATED))
1242 				break;
1243 		}
1244 		/* Regenerate new ids */
1245 		if (ifp->options->options & DHCPCD_IPV6RA_OWN &&
1246 		    ip6_use_tempaddr(ifp->name))
1247 			ipv6_regentempifid(ifp);
1248 	} else
1249 		ap = NULL;
1250 
1251 	if (ap == NULL && ipv6_addlinklocal(ifp) == -1)
1252 		return -1;
1253 
1254 	/* Load existing routes */
1255 	if_initrt6(ifp);
1256 	return 0;
1257 }
1258 
1259 void
ipv6_freedrop(struct interface * ifp,int drop)1260 ipv6_freedrop(struct interface *ifp, int drop)
1261 {
1262 	struct ipv6_state *state;
1263 	struct ll_callback *cb;
1264 
1265 	if (ifp == NULL)
1266 		return;
1267 
1268 	if ((state = IPV6_STATE(ifp)) == NULL)
1269 		return;
1270 
1271 	ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1272 
1273 	/* Becuase we need to cache the addresses we don't control,
1274 	 * we only free the state on when NOT dropping addresses. */
1275 	if (drop == 0) {
1276 		while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1277 			TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1278 			free(cb);
1279 		}
1280 		free(state);
1281 		ifp->if_data[IF_DATA_IPV6] = NULL;
1282 		eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1283 	}
1284 }
1285 
1286 void
ipv6_ctxfree(struct dhcpcd_ctx * ctx)1287 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1288 {
1289 
1290 	if (ctx->ipv6 == NULL)
1291 		return;
1292 
1293 	ipv6_freerts(ctx->ipv6->routes);
1294 	free(ctx->ipv6->routes);
1295 	free(ctx->ipv6->ra_routers);
1296 	ipv6_freerts(&ctx->ipv6->kroutes);
1297 	free(ctx->ipv6);
1298 }
1299 
1300 int
ipv6_handleifa_addrs(int cmd,struct ipv6_addrhead * addrs,const struct in6_addr * addr,int flags)1301 ipv6_handleifa_addrs(int cmd,
1302     struct ipv6_addrhead *addrs, const struct in6_addr *addr, int flags)
1303 {
1304 	struct ipv6_addr *ap, *apn;
1305 	uint8_t found, alldadcompleted;
1306 
1307 	alldadcompleted = 1;
1308 	found = 0;
1309 	TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
1310 		if (!IN6_ARE_ADDR_EQUAL(addr, &ap->addr)) {
1311 			if (ap->flags & IPV6_AF_ADDED &&
1312 			    !(ap->flags & IPV6_AF_DADCOMPLETED))
1313 				alldadcompleted = 0;
1314 			continue;
1315 		}
1316 		switch (cmd) {
1317 		case RTM_DELADDR:
1318 			if (ap->flags & IPV6_AF_ADDED) {
1319 				logger(ap->iface->ctx, LOG_INFO,
1320 				    "%s: deleted address %s",
1321 				    ap->iface->name, ap->saddr);
1322 				ap->flags &= ~IPV6_AF_ADDED;
1323 			}
1324 			break;
1325 		case RTM_NEWADDR:
1326 			/* Safety - ignore tentative announcements */
1327 			if (flags & (IN6_IFF_DETACHED |IN6_IFF_TENTATIVE))
1328 				break;
1329 			if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0) {
1330 				found++;
1331 				if (flags & IN6_IFF_DUPLICATED)
1332 					ap->flags |= IPV6_AF_DUPLICATED;
1333 				else
1334 					ap->flags &= ~IPV6_AF_DUPLICATED;
1335 				if (ap->dadcallback)
1336 					ap->dadcallback(ap);
1337 				/* We need to set this here in-case the
1338 				 * dadcallback function checks it */
1339 				ap->flags |= IPV6_AF_DADCOMPLETED;
1340 			}
1341 			break;
1342 		}
1343 	}
1344 
1345 	return alldadcompleted ? found : 0;
1346 }
1347 
1348 #ifdef IPV6_MANAGETEMPADDR
1349 static const struct ipv6_addr *
ipv6_findaddrid(struct dhcpcd_ctx * ctx,uint8_t * addr)1350 ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr)
1351 {
1352 	const struct interface *ifp;
1353 	const struct ipv6_state *state;
1354 	const struct ipv6_addr *ia;
1355 
1356 	TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1357 		if ((state = IPV6_CSTATE(ifp))) {
1358 			TAILQ_FOREACH(ia, &state->addrs, next) {
1359 				if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0)
1360 					return ia;
1361 			}
1362 		}
1363 	}
1364 	return NULL;
1365 }
1366 
1367 static const uint8_t nullid[8];
1368 static const uint8_t anycastid[8] = {
1369     0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 };
1370 static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe };
1371 
1372 static void
ipv6_regen_desync(struct interface * ifp,int force)1373 ipv6_regen_desync(struct interface *ifp, int force)
1374 {
1375 	struct ipv6_state *state;
1376 	time_t max;
1377 
1378 	state = IPV6_STATE(ifp);
1379 
1380 	/* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1381 	 * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1382 	 * I believe this is an error and it should be never be greateter than
1383 	 * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1384 	max = ip6_temp_preferred_lifetime(ifp->name) - REGEN_ADVANCE;
1385 	if (state->desync_factor && !force && state->desync_factor < max)
1386 		return;
1387 	if (state->desync_factor == 0)
1388 		state->desync_factor =
1389 		    (time_t)arc4random_uniform(MIN(MAX_DESYNC_FACTOR,
1390 		    (uint32_t)max));
1391 	max = ip6_temp_preferred_lifetime(ifp->name) -
1392 	    state->desync_factor - REGEN_ADVANCE;
1393 	eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp);
1394 }
1395 
1396 void
ipv6_gentempifid(struct interface * ifp)1397 ipv6_gentempifid(struct interface *ifp)
1398 {
1399 	struct ipv6_state *state;
1400 	MD5_CTX md5;
1401 	uint8_t seed[16], digest[16];
1402 	int retry;
1403 
1404 	if ((state = IPV6_STATE(ifp)) == NULL)
1405 		return;
1406 
1407 	retry = 0;
1408 	if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) {
1409 		uint32_t r;
1410 
1411 		r = arc4random();
1412 		memcpy(seed, &r, sizeof(r));
1413 		r = arc4random();
1414 		memcpy(seed + sizeof(r), &r, sizeof(r));
1415 	} else
1416 		memcpy(seed, state->randomseed0, sizeof(state->randomseed0));
1417 
1418 	memcpy(seed + sizeof(state->randomseed0),
1419 	    state->randomseed1, sizeof(state->randomseed1));
1420 
1421 again:
1422 	/* RFC4941 Section 3.2.1.1
1423 	 * Take the left-most 64bits and set bit 6 to zero */
1424 	MD5Init(&md5);
1425 	MD5Update(&md5, seed, sizeof(seed));
1426 	MD5Final(digest, &md5);
1427 
1428 	/* RFC4941 Section 3.2.1.1
1429 	 * Take the left-most 64bits and set bit 6 to zero */
1430 	memcpy(state->randomid, digest, sizeof(state->randomid));
1431 	state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT);
1432 
1433 	/* RFC4941 Section 3.2.1.4
1434 	 * Reject reserved or existing id's */
1435 	if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 ||
1436 	    (memcmp(anycastid, state->randomid, 7) == 0 &&
1437 	    (anycastid[7] & state->randomid[7]) == anycastid[7]) ||
1438 	    memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 ||
1439 	    ipv6_findaddrid(ifp->ctx, state->randomid))
1440 	{
1441 		if (++retry < GEN_TEMPID_RETRY_MAX) {
1442 			memcpy(seed, digest + 8, 8);
1443 			goto again;
1444 		}
1445 		memset(state->randomid, 0, sizeof(state->randomid));
1446 	}
1447 
1448 	/* RFC4941 Section 3.2.1.6
1449 	 * Save the right-most 64bits of the digest */
1450 	memcpy(state->randomseed0, digest + 8,
1451 	    sizeof(state->randomseed0));
1452 }
1453 
1454 /* RFC4941 Section 3.3.7 */
1455 static void
ipv6_tempdadcallback(void * arg)1456 ipv6_tempdadcallback(void *arg)
1457 {
1458 	struct ipv6_addr *ia = arg;
1459 
1460 	if (ia->flags & IPV6_AF_DUPLICATED) {
1461 		struct ipv6_addr *ia1;
1462 		struct timespec tv;
1463 
1464 		if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1465 			logger(ia->iface->ctx, LOG_ERR,
1466 			    "%s: too many duplicate temporary addresses",
1467 			    ia->iface->name);
1468 			return;
1469 		}
1470 		get_monotonic(&tv);
1471 		if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1472 			logger(ia->iface->ctx, LOG_ERR,
1473 			    "ipv6_createtempaddr: %m");
1474 		else
1475 			ia1->dadcounter = ia->dadcounter;
1476 		ipv6_deleteaddr(ia);
1477 		if (ia1)
1478 			ipv6_addaddr(ia1, &ia1->acquired);
1479 	}
1480 }
1481 
1482 struct ipv6_addr *
ipv6_createtempaddr(struct ipv6_addr * ia0,const struct timespec * now)1483 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1484 {
1485 	struct ipv6_state *state;
1486 	const struct ipv6_state *cstate;
1487 	int genid;
1488 	struct in6_addr addr, mask;
1489 	uint32_t randid[2];
1490 	const struct interface *ifp;
1491 	const struct ipv6_addr *ap;
1492 	struct ipv6_addr *ia;
1493 	uint32_t i, trylimit;
1494 	char buf[INET6_ADDRSTRLEN];
1495 	const char *cbp;
1496 
1497 	trylimit = TEMP_IDGEN_RETRIES;
1498 	state = IPV6_STATE(ia0->iface);
1499 	genid = 0;
1500 
1501 	addr = ia0->addr;
1502 	ipv6_mask(&mask, ia0->prefix_len);
1503 	/* clear the old ifid */
1504 	for (i = 0; i < 4; i++)
1505 		addr.s6_addr32[i] &= mask.s6_addr32[i];
1506 
1507 again:
1508 	if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0)
1509 		genid = 1;
1510 	if (genid) {
1511 		memcpy(state->randomseed1, &ia0->addr.s6_addr[8],
1512 		    sizeof(state->randomseed1));
1513 		ipv6_gentempifid(ia0->iface);
1514 		if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) {
1515 			errno = EFAULT;
1516 			return NULL;
1517 		}
1518 	}
1519 	memcpy(&randid[0], state->randomid, sizeof(randid[0]));
1520 	memcpy(&randid[1], state->randomid + sizeof(randid[1]),
1521 	    sizeof(randid[2]));
1522 	addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2];
1523 	addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3];
1524 
1525 	/* Ensure we don't already have it */
1526 	TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) {
1527 		cstate = IPV6_CSTATE(ifp);
1528 		if (cstate) {
1529 			TAILQ_FOREACH(ap, &cstate->addrs, next) {
1530 				if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) {
1531 					if (--trylimit == 0) {
1532 						errno = EEXIST;
1533 						return NULL;
1534 					}
1535 					genid = 1;
1536 					goto again;
1537 				}
1538 			}
1539 		}
1540 	}
1541 
1542 	if ((ia = calloc(1, sizeof(*ia))) == NULL)
1543 		return NULL;
1544 
1545 	ia->iface = ia0->iface;
1546 	ia->addr = addr;
1547 	/* Must be made tentative, for our DaD to work */
1548 	ia->addr_flags = IN6_IFF_TENTATIVE;
1549 	ia->dadcallback = ipv6_tempdadcallback;
1550 	ia->flags = IPV6_AF_NEW | IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY;
1551 	ia->prefix = ia0->prefix;
1552 	ia->prefix_len = ia0->prefix_len;
1553 	ia->created = ia->acquired = now ? *now : ia0->acquired;
1554 
1555 	/* Ensure desync is still valid */
1556 	ipv6_regen_desync(ia->iface, 0);
1557 
1558 	/* RFC4941 Section 3.3.4 */
1559 	i = (uint32_t)(ip6_temp_preferred_lifetime(ia0->iface->name) -
1560 	    state->desync_factor);
1561 	ia->prefix_pltime = MIN(ia0->prefix_pltime, i);
1562 	i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name);
1563 	ia->prefix_vltime = MIN(ia0->prefix_vltime, i);
1564 	if (ia->prefix_pltime <= REGEN_ADVANCE ||
1565 	    ia->prefix_pltime > ia0->prefix_vltime)
1566 	{
1567 		errno =	EINVAL;
1568 		free(ia);
1569 		return NULL;
1570 	}
1571 
1572 	cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1573 	if (cbp)
1574 		snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d",
1575 		    cbp, ia->prefix_len);
1576 	else
1577 		ia->saddr[0] = '\0';
1578 
1579 	TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1580 	return ia;
1581 }
1582 
1583 void
ipv6_settempstale(struct interface * ifp)1584 ipv6_settempstale(struct interface *ifp)
1585 {
1586 	struct ipv6_state *state;
1587 	struct ipv6_addr *ia;
1588 
1589 	state = IPV6_STATE(ifp);
1590 	TAILQ_FOREACH(ia, &state->addrs, next) {
1591 		if (ia->flags & IPV6_AF_TEMPORARY)
1592 			ia->flags |= IPV6_AF_STALE;
1593 	}
1594 }
1595 
1596 struct ipv6_addr *
ipv6_settemptime(struct ipv6_addr * ia,int flags)1597 ipv6_settemptime(struct ipv6_addr *ia, int flags)
1598 {
1599 	struct ipv6_state *state;
1600 	struct ipv6_addr *ap, *first;
1601 
1602 	state = IPV6_STATE(ia->iface);
1603 	first = NULL;
1604 	TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
1605 		if (ap->flags & IPV6_AF_TEMPORARY &&
1606 		    ap->prefix_pltime &&
1607 		    IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
1608 		{
1609 			time_t max, ext;
1610 
1611 			if (flags == 0) {
1612 				if (ap->prefix_pltime -
1613 				    (uint32_t)(ia->acquired.tv_sec -
1614 				    ap->acquired.tv_sec)
1615 				    < REGEN_ADVANCE)
1616 					continue;
1617 
1618 				return ap;
1619 			}
1620 
1621 			if (!(ap->flags & IPV6_AF_ADDED))
1622 				ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
1623 			ap->flags &= ~IPV6_AF_STALE;
1624 
1625 			/* RFC4941 Section 3.4
1626 			 * Deprecated prefix, deprecate the temporary address */
1627 			if (ia->prefix_pltime == 0) {
1628 				ap->prefix_pltime = 0;
1629 				goto valid;
1630 			}
1631 
1632 			/* Ensure desync is still valid */
1633 			ipv6_regen_desync(ap->iface, 0);
1634 
1635 			/* RFC4941 Section 3.3.2
1636 			 * Extend temporary times, but ensure that they
1637 			 * never last beyond the system limit. */
1638 			ext = ia->acquired.tv_sec + (time_t)ia->prefix_pltime;
1639 			max = ap->created.tv_sec +
1640 			    ip6_temp_preferred_lifetime(ap->iface->name) -
1641 			    state->desync_factor;
1642 			if (ext < max)
1643 				ap->prefix_pltime = ia->prefix_pltime;
1644 			else
1645 				ap->prefix_pltime =
1646 				    (uint32_t)(max - ia->acquired.tv_sec);
1647 
1648 valid:
1649 			ext = ia->acquired.tv_sec + (time_t)ia->prefix_vltime;
1650 			max = ap->created.tv_sec +
1651 			    ip6_temp_valid_lifetime(ap->iface->name);
1652 			if (ext < max)
1653 				ap->prefix_vltime = ia->prefix_vltime;
1654 			else
1655 				ap->prefix_vltime =
1656 				    (uint32_t)(max - ia->acquired.tv_sec);
1657 
1658 			/* Just extend the latest matching prefix */
1659 			ap->acquired = ia->acquired;
1660 
1661 			/* If extending return the last match as
1662 			 * it's the most current.
1663 			 * If deprecating, deprecate any other addresses we
1664 			 * may have, although this should not be needed */
1665 			if (ia->prefix_pltime)
1666 				return ap;
1667 			if (first == NULL)
1668 				first = ap;
1669 		}
1670 	}
1671 	return first;
1672 }
1673 
1674 void
ipv6_addtempaddrs(struct interface * ifp,const struct timespec * now)1675 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
1676 {
1677 	struct ipv6_state *state;
1678 	struct ipv6_addr *ia;
1679 
1680 	state = IPV6_STATE(ifp);
1681 	TAILQ_FOREACH(ia, &state->addrs, next) {
1682 		if (ia->flags & IPV6_AF_TEMPORARY &&
1683 		    !(ia->flags & IPV6_AF_STALE))
1684 			ipv6_addaddr(ia, now);
1685 	}
1686 }
1687 
1688 static void
ipv6_regentempaddr(void * arg)1689 ipv6_regentempaddr(void *arg)
1690 {
1691 	struct ipv6_addr *ia = arg, *ia1;
1692 	struct timespec tv;
1693 
1694 	logger(ia->iface->ctx, LOG_DEBUG, "%s: regen temp addr %s",
1695 	    ia->iface->name, ia->saddr);
1696 	get_monotonic(&tv);
1697 	ia1 = ipv6_createtempaddr(ia, &tv);
1698 	if (ia1)
1699 		ipv6_addaddr(ia1, &tv);
1700 	else
1701 		logger(ia->iface->ctx, LOG_ERR, "ipv6_createtempaddr: %m");
1702 }
1703 
1704 static void
ipv6_regentempifid(void * arg)1705 ipv6_regentempifid(void *arg)
1706 {
1707 	struct interface *ifp = arg;
1708 	struct ipv6_state *state;
1709 
1710 	state = IPV6_STATE(ifp);
1711 	if (memcmp(state->randomid, nullid, sizeof(state->randomid)))
1712 		ipv6_gentempifid(ifp);
1713 
1714 	ipv6_regen_desync(ifp, 1);
1715 }
1716 #endif /* IPV6_MANAGETEMPADDR */
1717 
1718 static struct rt6 *
find_route6(struct rt6_head * rts,const struct rt6 * r)1719 find_route6(struct rt6_head *rts, const struct rt6 *r)
1720 {
1721 	struct rt6 *rt;
1722 
1723 	TAILQ_FOREACH(rt, rts, next) {
1724 		if (IN6_ARE_ADDR_EQUAL(&rt->dest, &r->dest) &&
1725 #ifdef HAVE_ROUTE_METRIC
1726 		    (r->iface == NULL || rt->iface == NULL ||
1727 		    rt->iface->metric == r->iface->metric) &&
1728 #endif
1729 		    IN6_ARE_ADDR_EQUAL(&rt->net, &r->net))
1730 			return rt;
1731 	}
1732 	return NULL;
1733 }
1734 
1735 static void
desc_route(const char * cmd,const struct rt6 * rt)1736 desc_route(const char *cmd, const struct rt6 *rt)
1737 {
1738 	char destbuf[INET6_ADDRSTRLEN];
1739 	char gatebuf[INET6_ADDRSTRLEN];
1740 	const char *ifname, *dest, *gate;
1741 	struct dhcpcd_ctx *ctx;
1742 
1743 	ctx = rt->iface ? rt->iface->ctx : NULL;
1744 	ifname = rt->iface ? rt->iface->name : "(no iface)";
1745 	dest = inet_ntop(AF_INET6, &rt->dest, destbuf, INET6_ADDRSTRLEN);
1746 	gate = inet_ntop(AF_INET6, &rt->gate, gatebuf, INET6_ADDRSTRLEN);
1747 	if (IN6_ARE_ADDR_EQUAL(&rt->gate, &in6addr_any))
1748 		logger(ctx, LOG_INFO, "%s: %s route to %s/%d",
1749 		    ifname, cmd, dest, ipv6_prefixlen(&rt->net));
1750 	else if (IN6_ARE_ADDR_EQUAL(&rt->dest, &in6addr_any) &&
1751 	    IN6_ARE_ADDR_EQUAL(&rt->net, &in6addr_any))
1752 		logger(ctx, LOG_INFO, "%s: %s default route via %s",
1753 		    ifname, cmd, gate);
1754 	else
1755 		logger(ctx, LOG_INFO, "%s: %s%s route to %s/%d via %s",
1756 		    ifname, cmd,
1757 		    rt->flags & RTF_REJECT ? " reject" : "",
1758 		    dest, ipv6_prefixlen(&rt->net), gate);
1759 }
1760 
1761 static struct rt6*
ipv6_findrt(struct dhcpcd_ctx * ctx,const struct rt6 * rt,int flags)1762 ipv6_findrt(struct dhcpcd_ctx *ctx, const struct rt6 *rt, int flags)
1763 {
1764 	struct rt6 *r;
1765 
1766 	TAILQ_FOREACH(r, &ctx->ipv6->kroutes, next) {
1767 		if (IN6_ARE_ADDR_EQUAL(&rt->dest, &r->dest) &&
1768 #ifdef HAVE_ROUTE_METRIC
1769 		    (rt->iface == r->iface ||
1770 		    (rt->flags & RTF_REJECT && r->flags & RTF_REJECT)) &&
1771 		    (!flags || rt->metric == r->metric) &&
1772 #else
1773 		    (!flags || rt->iface == r->iface ||
1774 		    (rt->flags & RTF_REJECT && r->flags & RTF_REJECT)) &&
1775 #endif
1776 		    IN6_ARE_ADDR_EQUAL(&rt->net, &r->net))
1777 			return r;
1778 	}
1779 	return NULL;
1780 }
1781 
1782 void
ipv6_freerts(struct rt6_head * routes)1783 ipv6_freerts(struct rt6_head *routes)
1784 {
1785 	struct rt6 *rt;
1786 
1787 	while ((rt = TAILQ_FIRST(routes))) {
1788 		TAILQ_REMOVE(routes, rt, next);
1789 		free(rt);
1790 	}
1791 }
1792 
1793 /* If something other than dhcpcd removes a route,
1794  * we need to remove it from our internal table. */
1795 int
ipv6_handlert(struct dhcpcd_ctx * ctx,int cmd,struct rt6 * rt)1796 ipv6_handlert(struct dhcpcd_ctx *ctx, int cmd, struct rt6 *rt)
1797 {
1798 	struct rt6 *f;
1799 
1800 	if (ctx->ipv6 == NULL)
1801 		return 0;
1802 
1803 	f = ipv6_findrt(ctx, rt, 1);
1804 	switch(cmd) {
1805 	case RTM_ADD:
1806 		if (f == NULL) {
1807 			if ((f = malloc(sizeof(*f))) == NULL)
1808 				return -1;
1809 			*f = *rt;
1810 			TAILQ_INSERT_TAIL(&ctx->ipv6->kroutes, f, next);
1811 		}
1812 		break;
1813 	case RTM_DELETE:
1814 		if (f) {
1815 			TAILQ_REMOVE(&ctx->ipv6->kroutes, f, next);
1816 			free(f);
1817 		}
1818 		/* If we manage the route, remove it */
1819 		if ((f = find_route6(ctx->ipv6->routes, rt))) {
1820 			desc_route("removing", f);
1821 			TAILQ_REMOVE(ctx->ipv6->routes, f, next);
1822 			free(f);
1823 		}
1824 		break;
1825 	}
1826 	return 0;
1827 }
1828 
1829 #define n_route(a)	 nc_route(NULL, a)
1830 #define c_route(a, b)	 nc_route(a, b)
1831 static int
nc_route(struct rt6 * ort,struct rt6 * nrt)1832 nc_route(struct rt6 *ort, struct rt6 *nrt)
1833 {
1834 
1835 	/* Don't set default routes if not asked to */
1836 	if (IN6_IS_ADDR_UNSPECIFIED(&nrt->dest) &&
1837 	    IN6_IS_ADDR_UNSPECIFIED(&nrt->net) &&
1838 	    !(nrt->iface->options->options & DHCPCD_GATEWAY))
1839 		return -1;
1840 
1841 	desc_route(ort == NULL ? "adding" : "changing", nrt);
1842 
1843 	if (ort == NULL) {
1844 		ort = ipv6_findrt(nrt->iface->ctx, nrt, 0);
1845 		if (ort &&
1846 		    ((ort->flags & RTF_REJECT && nrt->flags & RTF_REJECT) ||
1847 		     (ort->iface == nrt->iface &&
1848 #ifdef HAVE_ROUTE_METRIC
1849 		    ort->metric == nrt->metric &&
1850 #endif
1851 		    IN6_ARE_ADDR_EQUAL(&ort->gate, &nrt->gate))))
1852 			return 0;
1853 	}
1854 
1855 #ifdef HAVE_ROUTE_METRIC
1856 	/* With route metrics, we can safely add the new route before
1857 	 * deleting the old route. */
1858 	if (if_route6(RTM_ADD, nrt) == 0) {
1859 		if (ort && if_route6(RTM_DELETE, ort) == -1 &&
1860 		    errno != ESRCH)
1861 			logger(nrt->iface->ctx, LOG_ERR, "if_route6 (DEL): %m");
1862 		return 0;
1863 	}
1864 
1865 	/* If the kernel claims the route exists we need to rip out the
1866 	 * old one first. */
1867 	if (errno != EEXIST || ort == NULL)
1868 		goto logerr;
1869 #endif
1870 
1871 	/* No route metrics, we need to delete the old route before
1872 	 * adding the new one. */
1873 	if (ort && if_route6(RTM_DELETE, ort) == -1 && errno != ESRCH)
1874 		logger(nrt->iface->ctx, LOG_ERR, "if_route6: %m");
1875 	if (if_route6(RTM_ADD, nrt) == 0)
1876 		return 0;
1877 #ifdef HAVE_ROUTE_METRIC
1878 logerr:
1879 #endif
1880 	logger(nrt->iface->ctx, LOG_ERR, "if_route6 (ADD): %m");
1881 	return -1;
1882 }
1883 
1884 static int
d_route(struct rt6 * rt)1885 d_route(struct rt6 *rt)
1886 {
1887 	int retval;
1888 
1889 	desc_route("deleting", rt);
1890 	retval = if_route6(RTM_DELETE, rt);
1891 	if (retval != 0 && errno != ENOENT && errno != ESRCH)
1892 		logger(rt->iface->ctx, LOG_ERR,
1893 		    "%s: if_delroute6: %m", rt->iface->name);
1894 	return retval;
1895 }
1896 
1897 static struct rt6 *
make_route(const struct interface * ifp,const struct ra * rap)1898 make_route(const struct interface *ifp, const struct ra *rap)
1899 {
1900 	struct rt6 *r;
1901 
1902 	r = calloc(1, sizeof(*r));
1903 	if (r == NULL) {
1904 		logger(ifp->ctx, LOG_ERR, "%s: %m", __func__);
1905 		return NULL;
1906 	}
1907 	r->iface = ifp;
1908 #ifdef HAVE_ROUTE_METRIC
1909 	r->metric = ifp->metric;
1910 #endif
1911 	if (rap)
1912 		r->mtu = rap->mtu;
1913 	else
1914 		r->mtu = 0;
1915 	return r;
1916 }
1917 
1918 static struct rt6 *
make_prefix(const struct interface * ifp,const struct ra * rap,const struct ipv6_addr * addr)1919 make_prefix(const struct interface *ifp, const struct ra *rap,
1920     const struct ipv6_addr *addr)
1921 {
1922 	struct rt6 *r;
1923 
1924 	if (addr == NULL || addr->prefix_len > 128) {
1925 		errno = EINVAL;
1926 		return NULL;
1927 	}
1928 
1929 	/* There is no point in trying to manage a /128 prefix,
1930 	 * ones without a lifetime or ones not on link or delegated */
1931 	if (addr->prefix_len == 128 ||
1932 	    addr->prefix_vltime == 0 ||
1933 	    !(addr->flags & (IPV6_AF_ONLINK | IPV6_AF_DELEGATEDPFX)))
1934 		return NULL;
1935 
1936 	/* Don't install a blackhole route when not creating bigger prefixes */
1937 	if (addr->flags & IPV6_AF_DELEGATEDZERO)
1938 		return NULL;
1939 
1940 	r = make_route(ifp, rap);
1941 	if (r == NULL)
1942 		return NULL;
1943 	r->dest = addr->prefix;
1944 	ipv6_mask(&r->net, addr->prefix_len);
1945 	if (addr->flags & IPV6_AF_DELEGATEDPFX) {
1946 		r->flags |= RTF_REJECT;
1947 		r->gate = in6addr_loopback;
1948 	} else
1949 		r->gate = in6addr_any;
1950 	return r;
1951 }
1952 
1953 static struct rt6 *
make_router(const struct ra * rap)1954 make_router(const struct ra *rap)
1955 {
1956 	struct rt6 *r;
1957 
1958 	r = make_route(rap->iface, rap);
1959 	if (r == NULL)
1960 		return NULL;
1961 	r->dest = in6addr_any;
1962 	r->net = in6addr_any;
1963 	r->gate = rap->from;
1964 	return r;
1965 }
1966 
1967 #define RT_IS_DEFAULT(rtp) \
1968 	(IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) &&		      \
1969 	    IN6_ARE_ADDR_EQUAL(&((rtp)->net), &in6addr_any))
1970 
1971 static void
ipv6_build_ra_routes(struct ipv6_ctx * ctx,struct rt6_head * dnr,int expired)1972 ipv6_build_ra_routes(struct ipv6_ctx *ctx, struct rt6_head *dnr, int expired)
1973 {
1974 	struct rt6 *rt;
1975 	struct ra *rap;
1976 	const struct ipv6_addr *addr;
1977 
1978 	TAILQ_FOREACH(rap, ctx->ra_routers, next) {
1979 		if (rap->expired != expired)
1980 			continue;
1981 		if (rap->iface->options->options & DHCPCD_IPV6RA_OWN) {
1982 			TAILQ_FOREACH(addr, &rap->addrs, next) {
1983 				rt = make_prefix(rap->iface, rap, addr);
1984 				if (rt)
1985 					TAILQ_INSERT_TAIL(dnr, rt, next);
1986 			}
1987 		}
1988 		if (rap->lifetime && rap->iface->options->options &
1989 		    (DHCPCD_IPV6RA_OWN | DHCPCD_IPV6RA_OWN_DEFAULT) &&
1990 		    !rap->no_public_warned)
1991 		{
1992 			rt = make_router(rap);
1993 			if (rt)
1994 				TAILQ_INSERT_TAIL(dnr, rt, next);
1995 		}
1996 	}
1997 }
1998 
1999 static void
ipv6_build_dhcp_routes(struct dhcpcd_ctx * ctx,struct rt6_head * dnr,enum DH6S dstate)2000 ipv6_build_dhcp_routes(struct dhcpcd_ctx *ctx,
2001     struct rt6_head *dnr, enum DH6S dstate)
2002 {
2003 	const struct interface *ifp;
2004 	const struct dhcp6_state *d6_state;
2005 	const struct ipv6_addr *addr;
2006 	struct rt6 *rt;
2007 
2008 	TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2009 		d6_state = D6_CSTATE(ifp);
2010 		if (d6_state && d6_state->state == dstate) {
2011 			TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2012 				rt = make_prefix(ifp, NULL, addr);
2013 				if (rt)
2014 					TAILQ_INSERT_TAIL(dnr, rt, next);
2015 			}
2016 		}
2017 	}
2018 }
2019 
2020 void
ipv6_buildroutes(struct dhcpcd_ctx * ctx)2021 ipv6_buildroutes(struct dhcpcd_ctx *ctx)
2022 {
2023 #ifndef PASSIVE_MODE
2024 	struct rt6_head dnr, *nrs;
2025 	struct rt6 *rt, *rtn, *or;
2026 	uint8_t have_default;
2027 	unsigned long long o;
2028 
2029 	/* We need to have the interfaces in the correct order to ensure
2030 	 * our routes are managed correctly. */
2031 	if_sortinterfaces(ctx);
2032 
2033 	TAILQ_INIT(&dnr);
2034 
2035 	/* First add reachable routers and their prefixes */
2036 	ipv6_build_ra_routes(ctx->ipv6, &dnr, 0);
2037 #ifdef HAVE_ROUTE_METRIC
2038 	have_default = (TAILQ_FIRST(&dnr) != NULL);
2039 #endif
2040 
2041 	/* We have no way of knowing if prefixes added by DHCP are reachable
2042 	 * or not, so we have to assume they are.
2043 	 * Add bound before delegated so we can prefer interfaces better */
2044 	ipv6_build_dhcp_routes(ctx, &dnr, DH6S_BOUND);
2045 	ipv6_build_dhcp_routes(ctx, &dnr, DH6S_DELEGATED);
2046 
2047 #ifdef HAVE_ROUTE_METRIC
2048 	/* If we have an unreachable router, we really do need to remove the
2049 	 * route to it beause it could be a lower metric than a reachable
2050 	 * router. Of course, we should at least have some routers if all
2051 	 * are unreachable. */
2052 	if (!have_default)
2053 #endif
2054 	/* Add our non-reachable routers and prefixes
2055 	 * Unsure if this is needed, but it's a close match to kernel
2056 	 * behaviour */
2057 	ipv6_build_ra_routes(ctx->ipv6, &dnr, 1);
2058 
2059 	nrs = malloc(sizeof(*nrs));
2060 	if (nrs == NULL) {
2061 		logger(ctx, LOG_ERR, "%s: %m", __func__);
2062 		return;
2063 	}
2064 	TAILQ_INIT(nrs);
2065 	have_default = 0;
2066 
2067 	TAILQ_FOREACH_SAFE(rt, &dnr, next, rtn) {
2068 		/* Is this route already in our table? */
2069 		if (find_route6(nrs, rt) != NULL)
2070 			continue;
2071 		//rt->src.s_addr = ifp->addr.s_addr;
2072 		/* Do we already manage it? */
2073 		if ((or = find_route6(ctx->ipv6->routes, rt))) {
2074 			if (or->iface != rt->iface ||
2075 #ifdef HAVE_ROUTE_METRIC
2076 			    rt->metric != or->metric ||
2077 #endif
2078 		//	    or->src.s_addr != ifp->addr.s_addr ||
2079 			    !IN6_ARE_ADDR_EQUAL(&rt->gate, &or->gate))
2080 			{
2081 				if (c_route(or, rt) != 0)
2082 					continue;
2083 			}
2084 			TAILQ_REMOVE(ctx->ipv6->routes, or, next);
2085 			free(or);
2086 		} else {
2087 			if (n_route(rt) != 0)
2088 				continue;
2089 		}
2090 		if (RT_IS_DEFAULT(rt))
2091 			have_default = 1;
2092 		TAILQ_REMOVE(&dnr, rt, next);
2093 		TAILQ_INSERT_TAIL(nrs, rt, next);
2094 	}
2095 
2096 	/* Free any routes we failed to add/change */
2097 	while ((rt = TAILQ_FIRST(&dnr))) {
2098 		TAILQ_REMOVE(&dnr, rt, next);
2099 		free(rt);
2100 	}
2101 
2102 	/* Remove old routes we used to manage
2103 	 * If we own the default route, but not RA management itself
2104 	 * then we need to preserve the last best default route we had */
2105 	while ((rt = TAILQ_LAST(ctx->ipv6->routes, rt6_head))) {
2106 		TAILQ_REMOVE(ctx->ipv6->routes, rt, next);
2107 		if (find_route6(nrs, rt) == NULL) {
2108 			o = rt->iface->options->options;
2109 			if (!have_default &&
2110 			    (o & DHCPCD_IPV6RA_OWN_DEFAULT) &&
2111 			    !(o & DHCPCD_IPV6RA_OWN) &&
2112 			    RT_IS_DEFAULT(rt))
2113 				have_default = 1;
2114 				/* no need to add it back to our routing table
2115 				 * as we delete an exiting route when we add
2116 				 * a new one */
2117 			else if ((rt->iface->options->options &
2118 				(DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
2119 				(DHCPCD_EXITING | DHCPCD_PERSISTENT))
2120 				d_route(rt);
2121 		}
2122 		free(rt);
2123 	}
2124 
2125 	free(ctx->ipv6->routes);
2126 	ctx->ipv6->routes = nrs;
2127 #endif
2128 }
2129