static void add_ra_header(struct safe_buffer * sb, struct ra_header_info const * ra_header_info, int cease_adv)
{
struct nd_router_advert radvert;
memset(&radvert, 0, sizeof(radvert));
radvert.nd_ra_type = ND_ROUTER_ADVERT;
radvert.nd_ra_code = 0;
radvert.nd_ra_cksum = 0;
radvert.nd_ra_curhoplimit = ra_header_info->AdvCurHopLimit;
radvert.nd_ra_flags_reserved = (ra_header_info->AdvManagedFlag) ? ND_RA_FLAG_MANAGED : 0;
radvert.nd_ra_flags_reserved |= (ra_header_info->AdvOtherConfigFlag) ? ND_RA_FLAG_OTHER : 0;
/* Mobile IPv6 ext */
radvert.nd_ra_flags_reserved |= (ra_header_info->AdvHomeAgentFlag) ? ND_RA_FLAG_HOME_AGENT : 0;
if (cease_adv) {
radvert.nd_ra_router_lifetime = 0;
} else {
/* if forwarding is disabled, send zero router lifetime */
radvert.nd_ra_router_lifetime = !check_ip6_forwarding()? htons(ra_header_info->AdvDefaultLifetime) : 0;
}
radvert.nd_ra_flags_reserved |= (ra_header_info->AdvDefaultPreference << ND_OPT_RI_PRF_SHIFT) & ND_OPT_RI_PRF_MASK;
radvert.nd_ra_reachable = htonl(ra_header_info->AdvReachableTime);
radvert.nd_ra_retransmit = htonl(ra_header_info->AdvRetransTimer);
safe_buffer_append(sb, &radvert, sizeof(radvert));
}
int
main(int argc, char *argv[])
{
unsigned char msg[MSG_SIZE];
char pidstr[16];
ssize_t ret;
int c, log_method;
char *logfile, *pidfile;
sigset_t oset, nset;
int facility, fd;
char *username = NULL;
char *chrootdir = NULL;
int singleprocess = 0;
#ifdef HAVE_GETOPT_LONG
int opt_idx;
#endif
/* BEGIN: Added by z67728, 2009/10/19 */
FILE * pidfp = NULL;
int pid = 0;
/* END: Added by z67728, 2009/10/19 */
/*start: 用于查询组件版本号(dns atpv),请不要修改或删除*/
/*if ((argc == 2) && (NULL != argv[1]) && (0 == strcmp(argv[1],ATP_VERSION_CMD_KEY)))
{
printf("\r\n%s.\n", RADVD_MODULE_VERSION);
exit(0);
}*/
/*end */
pname = ((pname=strrchr(argv[0],'/')) != NULL)?pname+1:argv[0];
srand((unsigned int)time(NULL));
log_method = L_STDERR_SYSLOG;
/*BEGIN PN:2071008409 l00170266 for var problem modify 20120725 */
#define RADVD_LOG (ROUTER_VARPATH_PREFIX "/radvd/radvd.log")
#define RADVD_CONF (ROUTER_VARPATH_PREFIX "/radvd/radvd.conf")
#define RADVD_PID (ROUTER_VARPATH_PREFIX "/radvd/radvd.pid")
logfile = RADVD_LOG;
conf_file = RADVD_CONF;
facility = LOG_FACILITY;
pidfile = RADVD_PID;
/*END PN:2071008409 l00170266 for var problem modify 20120725 */
/* parse args */
#ifdef HAVE_GETOPT_LONG
while ((c = getopt_long(argc, argv, "d:C:l:m:p:t:u:vhs", prog_opt, &opt_idx)) > 0)
#else
while ((c = getopt(argc, argv, "d:C:l:m:p:t:u:vhs")) > 0)
#endif
{
switch (c) {
case 'C':
conf_file = optarg;
break;
case 'd':
set_debuglevel(atoi(optarg));
break;
case 'f':
facility = atoi(optarg);
break;
case 'l':
logfile = optarg;
break;
case 'p':
pidfile = optarg;
break;
case 'm':
if (!strcmp(optarg, "syslog"))
{
log_method = L_SYSLOG;
}
else if (!strcmp(optarg, "stderr_syslog"))
{
log_method = L_STDERR_SYSLOG;
}
else if (!strcmp(optarg, "stderr"))
{
log_method = L_STDERR;
}
else if (!strcmp(optarg, "logfile"))
{
log_method = L_LOGFILE;
}
else if (!strcmp(optarg, "none"))
{
log_method = L_NONE;
}
else
{
fprintf(stderr, "%s: unknown log method: %s\n", pname, optarg);
exit(1);
}
break;
case 't':
chrootdir = strdup(optarg);
break;
case 'u':
username = strdup(optarg);
break;
case 'v':
/* BEGIN 3061302357 y00188255 2013-6-28 Modified */
//version();
printf("%s\n", RADVD_MODULE_VERSION);
printf("BUILTTIME is: %s %s\n",__DATE__,__TIME__);
exit(1);
/* END 3061302357 y00188255 2013-6-28 Modified */
break;
case 's':
singleprocess = 1;
break;
case 'h':
usage();
#ifdef HAVE_GETOPT_LONG
case ':':
fprintf(stderr, "%s: option %s: parameter expected\n", pname,
prog_opt[opt_idx].name);
exit(1);
#endif
case '?':
exit(1);
}
}
if (chrootdir) {
if (!username) {
fprintf(stderr, "Chroot as root is not safe, exiting\n");
exit(1);
}
if (chroot(chrootdir) == -1) {
perror("chroot");
exit (1);
}
if (chdir("/") == -1) {
perror("chdir");
exit (1);
}
/* username will be switched later */
}
if (log_open(log_method, pname, logfile, facility) < 0)
exit(1);
flog(LOG_INFO, "version %s started", VERSION);
/* get a raw socket for sending and receiving ICMPv6 messages */
sock = open_icmpv6_socket();
if (sock < 0)
exit(1);
#if 0
/* check that 'other' cannot write the file
* for non-root, also that self/own group can't either
*/
if (check_conffile_perm(username, conf_file) < 0) {
if (get_debuglevel() == 0)
exit(1);
else
flog(LOG_WARNING, "Insecure file permissions, but continuing anyway");
}
/* if we know how to do it, check whether forwarding is enabled */
if (check_ip6_forwarding()) {
if (get_debuglevel() == 0) {
flog(LOG_ERR, "IPv6 forwarding seems to be disabled, exiting");
exit(1);
}
else
flog(LOG_WARNING, "IPv6 forwarding seems to be disabled, but continuing anyway.");
}
#endif
/* parse config file */
if (readin_config(conf_file) < 0){
if ( 0 != unlink(pidfile) ){
printf("\r\n Delete %s meet error. error : %s .",pidfile,strerror(errno));
}
exit(1);
}
/* drop root privileges if requested. */
if (username) {
if (!singleprocess) {
dlog(LOG_DEBUG, 3, "Initializing privsep");
if (privsep_init() < 0)
flog(LOG_WARNING, "Failed to initialize privsep.");
}
if (drop_root_privileges(username) < 0)
exit(1);
}
#if 0
if ((fd = open(pidfile, O_RDONLY, 0)) > 0)
{
ret = read(fd, pidstr, sizeof(pidstr) - 1);
if (ret < 0)
{
flog(LOG_ERR, "cannot read radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
pidstr[ret] = '\0';
if (!kill((pid_t)atol(pidstr), 0))
{
flog(LOG_ERR, "radvd already running, terminating.");
exit(1);
}
close(fd);
fd = open(pidfile, O_CREAT|O_TRUNC|O_WRONLY, 0644);
}
else /* FIXME: not atomic if pidfile is on an NFS mounted volume */
fd = open(pidfile, O_CREAT|O_EXCL|O_WRONLY, 0644);
if (fd < 0)
{
flog(LOG_ERR, "cannot create radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
#endif
/*
* okay, config file is read in, socket and stuff is setup, so
* lets fork now...
*/
#if 0
if (get_debuglevel() == 0) {
/* Detach from controlling terminal */
if (daemon(0, 0) < 0)
perror("daemon");
/* close old logfiles, including stderr */
log_close();
/* reopen logfiles, but don't log to stderr unless explicitly requested */
if (log_method == L_STDERR_SYSLOG)
log_method = L_SYSLOG;
if (log_open(log_method, pname, logfile, facility) < 0)
exit(1);
}
#endif
/*
* config signal handlers, also make sure ALRM isn't blocked and raise a warning if so
* (some stupid scripts/pppd appears to do this...)
*/
sigemptyset(&nset);
sigaddset(&nset, SIGALRM);
sigprocmask(SIG_UNBLOCK, &nset, &oset);
if (sigismember(&oset, SIGALRM))
flog(LOG_WARNING, "SIGALRM has been unblocked. Your startup environment might be wrong.");
signal(SIGHUP, sighup_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGINT, sigint_handler);
/* BEGIN: Added by z67728, 2009/11/3 */
signal(SIGUSR1, sigdebug_handler);
signal(SIGUSR2, sigprefixchg_handler);
/* END: Added by z67728, 2009/11/3 */
#if 0
snprintf(pidstr, sizeof(pidstr), "%ld\n", (long)getpid());
write(fd, pidstr, strlen(pidstr));
close(fd);
#endif
/*BEGIN PN:2071008409 l00170266 for var problem modify 20120725 */
#define RADVD_READTEST (ROUTER_VARPATH_PREFIX "/radvd/readtest")
if ( 0 == access(RADVD_READTEST,F_OK) )
/*END PN:2071008409 l00170266 for var problem modify 20120725 */
{
/* Ready test */
g_iReadTestFlag = 1;
}
pid = getpid();
if ((pidfp = fopen(pidfile, "w")) != NULL) {
fwrite(&pid,1,4,pidfp);
fclose(pidfp);
}
config_interface();
kickoff_adverts();
/* enter loop */
for (;;)
{
int len = 0, hoplimit = 0;
struct sockaddr_in6 rcv_addr;
struct in6_pktinfo *pkt_info = NULL;
len = recv_rs_ra(sock, msg, &rcv_addr, &pkt_info, &hoplimit);
if (len > 0) {
process(sock, IfaceList, msg, len,
&rcv_addr, pkt_info, hoplimit);
}
if (sigterm_received || sigint_received) {
stop_adverts();
break;
}
if (sighup_received)
{
if ( 1 == g_iPrefixChgeFlag )
{
disable_oldprefix();
}
reload_config();
sighup_received = 0;
g_iPrefixChgeFlag = 0;
}
}
unlink(pidfile);
exit(0);
}
int
main(int argc, char *argv[])
{
unsigned char msg[MSG_SIZE];
char pidstr[16];
ssize_t ret;
int c, log_method;
char *logfile, *pidfile;
sigset_t oset, nset;
int facility, fd;
char *username = NULL;
char *chrootdir = NULL;
int singleprocess = 0;
#ifdef HAVE_GETOPT_LONG
int opt_idx;
#endif
pname = ((pname=strrchr(argv[0],'/')) != NULL)?pname+1:argv[0];
srand((unsigned int)time(NULL));
log_method = L_STDERR_SYSLOG;
logfile = PATH_RADVD_LOG;
conf_file = PATH_RADVD_CONF;
facility = LOG_FACILITY;
pidfile = PATH_RADVD_PID;
/* parse args */
#ifdef HAVE_GETOPT_LONG
/* Add option to show advertise real lifetime */
/* while ((c = getopt_long(argc, argv, "d:C:l:m:p:t:u:vhs", prog_opt, &opt_idx)) > 0) */
while ((c = getopt_long(argc, argv, "d:C:l:m:p:t:u:vhsD", prog_opt, &opt_idx)) > 0)
#else
/* Add option to show advertise real lifetime */
/* while ((c = getopt(argc, argv, "d:C:l:m:p:t:u:vhs")) > 0) */
while ((c = getopt(argc, argv, "d:C:l:m:p:t:u:vhsD")) > 0)
#endif
{
switch (c) {
case 'C':
conf_file = optarg;
break;
case 'd':
set_debuglevel(atoi(optarg));
break;
case 'f':
facility = atoi(optarg);
break;
case 'l':
logfile = optarg;
break;
case 'p':
pidfile = optarg;
break;
case 'm':
if (!strcmp(optarg, "syslog"))
{
log_method = L_SYSLOG;
}
else if (!strcmp(optarg, "stderr_syslog"))
{
log_method = L_STDERR_SYSLOG;
}
else if (!strcmp(optarg, "stderr"))
{
log_method = L_STDERR;
}
else if (!strcmp(optarg, "logfile"))
{
log_method = L_LOGFILE;
}
else if (!strcmp(optarg, "none"))
{
log_method = L_NONE;
}
else
{
fprintf(stderr, "%s: unknown log method: %s\n", pname, optarg);
exit(1);
}
break;
case 't':
chrootdir = strdup(optarg);
break;
case 'u':
username = strdup(optarg);
break;
case 'v':
version();
break;
case 's':
singleprocess = 1;
break;
/* Add option to show advertise dynamic lifetime */
case 'D':
use_dynamic_lifetime = 1;
break;
case 'h':
usage();
#ifdef HAVE_GETOPT_LONG
case ':':
fprintf(stderr, "%s: option %s: parameter expected\n", pname,
prog_opt[opt_idx].name);
exit(1);
#endif
case '?':
exit(1);
}
}
if (chrootdir) {
if (!username) {
fprintf(stderr, "Chroot as root is not safe, exiting\n");
exit(1);
}
if (chroot(chrootdir) == -1) {
perror("chroot");
exit (1);
}
if (chdir("/") == -1) {
perror("chdir");
exit (1);
}
/* username will be switched later */
}
if (log_open(log_method, pname, logfile, facility) < 0)
exit(1);
flog(LOG_INFO, "version %s started", VERSION);
/* get a raw socket for sending and receiving ICMPv6 messages */
sock = open_icmpv6_socket();
if (sock < 0)
exit(1);
/* check that 'other' cannot write the file
* for non-root, also that self/own group can't either
*/
if (check_conffile_perm(username, conf_file) < 0) {
if (get_debuglevel() == 0)
exit(1);
else
flog(LOG_WARNING, "Insecure file permissions, but continuing anyway");
}
/* if we know how to do it, check whether forwarding is enabled */
if (check_ip6_forwarding()) {
if (get_debuglevel() == 0) {
flog(LOG_ERR, "IPv6 forwarding seems to be disabled, exiting");
exit(1);
}
else
flog(LOG_WARNING, "IPv6 forwarding seems to be disabled, but continuing anyway.");
}
/* parse config file */
if (readin_config(conf_file) < 0)
exit(1);
/* drop root privileges if requested. */
if (username) {
if (!singleprocess) {
dlog(LOG_DEBUG, 3, "Initializing privsep");
if (privsep_init() < 0)
flog(LOG_WARNING, "Failed to initialize privsep.");
}
if (drop_root_privileges(username) < 0)
exit(1);
}
if ((fd = open(pidfile, O_RDONLY, 0)) > 0)
{
ret = read(fd, pidstr, sizeof(pidstr) - 1);
if (ret < 0)
{
flog(LOG_ERR, "cannot read radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
pidstr[ret] = '\0';
if (!kill((pid_t)atol(pidstr), 0))
{
flog(LOG_ERR, "radvd already running, terminating.");
exit(1);
}
close(fd);
fd = open(pidfile, O_CREAT|O_TRUNC|O_WRONLY, 0644);
}
else /* FIXME: not atomic if pidfile is on an NFS mounted volume */
fd = open(pidfile, O_CREAT|O_EXCL|O_WRONLY, 0644);
if (fd < 0)
{
flog(LOG_ERR, "cannot create radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
/*
* okay, config file is read in, socket and stuff is setup, so
* lets fork now...
*/
if (get_debuglevel() == 0) {
/* Detach from controlling terminal */
if (daemon(0, 0) < 0)
perror("daemon");
/* close old logfiles, including stderr */
log_close();
/* reopen logfiles, but don't log to stderr unless explicitly requested */
if (log_method == L_STDERR_SYSLOG)
log_method = L_SYSLOG;
if (log_open(log_method, pname, logfile, facility) < 0)
exit(1);
}
/*
* config signal handlers, also make sure ALRM isn't blocked and raise a warning if so
* (some stupid scripts/pppd appears to do this...)
*/
sigemptyset(&nset);
sigaddset(&nset, SIGALRM);
sigprocmask(SIG_UNBLOCK, &nset, &oset);
if (sigismember(&oset, SIGALRM))
flog(LOG_WARNING, "SIGALRM has been unblocked. Your startup environment might be wrong.");
signal(SIGHUP, sighup_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGINT, sigint_handler);
signal(SIGUSR1, sigusr1_handler);
snprintf(pidstr, sizeof(pidstr), "%ld\n", (long)getpid());
write(fd, pidstr, strlen(pidstr));
close(fd);
config_interface();
/* Record the time for first advertisement */
set_initial_advert_time();
kickoff_adverts();
/* enter loop */
for (;;)
{
int len, hoplimit;
struct sockaddr_in6 rcv_addr;
struct in6_pktinfo *pkt_info = NULL;
len = recv_rs_ra(sock, msg, &rcv_addr, &pkt_info, &hoplimit);
if (len > 0)
process(sock, IfaceList, msg, len,
&rcv_addr, pkt_info, hoplimit);
if (sigterm_received || sigint_received) {
stop_adverts();
/* WNR3500L TD192, Per Netgear spec,
* need to send RA for 3 times before termination.
*/
usleep(200000);
stop_adverts();
usleep(200000);
stop_adverts();
break;
}
if (sighup_received)
{
reload_config();
sighup_received = 0;
}
/* Reset the initial advertisement time to now */
/* This should happen after a successful IADP renew */
if (sigusr1_received)
{
set_initial_advert_time();
sigusr1_received = 0;
}
}
unlink(pidfile);
exit(0);
}
int send_ra(struct Interface *iface, struct in6_addr *dest)
{
struct in6_addr all_hosts_addr = {{{0xff,0x02,0,0,0,0,0,0,0,0,0,0,0,0,0,1}}};
struct nd_router_advert *radvert;
struct AdvPrefix *prefix;
struct AdvRoute *route;
struct AdvRDNSS *rdnss;
struct AdvDNSSL *dnssl;
struct AdvLowpanCo *lowpanco;
struct AdvAbro *abroo;
struct timespec time_now;
int64_t secs_since_last_ra;
char addr_str[INET6_ADDRSTRLEN];
unsigned char buff[MSG_SIZE_SEND];
size_t buff_dest = 0;
size_t len = 0;
ssize_t err;
update_device_info(iface);
/* First we need to check that the interface hasn't been removed or deactivated */
if (check_device(iface) < 0) {
if (iface->IgnoreIfMissing) /* a bit more quiet warning message.. */
dlog(LOG_DEBUG, 4, "interface %s does not exist, ignoring the interface", iface->Name);
else {
flog(LOG_WARNING, "interface %s does not exist, ignoring the interface", iface->Name);
}
iface->HasFailed = 1;
/* not really a 'success', but we need to schedule new timers.. */
return 0;
} else {
/* check_device was successful, act if it has failed previously */
if (iface->HasFailed == 1) {
flog(LOG_WARNING, "interface %s seems to have come back up, trying to reinitialize", iface->Name);
iface->HasFailed = 0;
/*
* return -1 so timer_handler() doesn't schedule new timers,
* reload_config() will kick off new timers anyway. This avoids
* timer list corruption.
*/
reload_config();
return -1;
}
}
/* Make sure that we've joined the all-routers multicast group */
if (!disableigmp6check && check_allrouters_membership(iface) < 0)
flog(LOG_WARNING, "problem checking all-routers membership on %s", iface->Name);
if (!iface->AdvSendAdvert) {
dlog(LOG_DEBUG, 2, "AdvSendAdvert is off for %s", iface->Name);
return 0;
}
dlog(LOG_DEBUG, 3, "sending RA on %s", iface->Name);
if (dest == NULL) {
dest = (struct in6_addr *)&all_hosts_addr;
clock_gettime(CLOCK_MONOTONIC, &iface->last_multicast);
}
clock_gettime(CLOCK_MONOTONIC, &time_now);
secs_since_last_ra = timespecdiff(&time_now, &iface->last_ra_time) / 1000;
if (secs_since_last_ra < 0) {
secs_since_last_ra = 0;
flog(LOG_WARNING, "clock_gettime(CLOCK_MONOTONIC) went backwards!");
}
iface->last_ra_time = time_now;
memset(buff, 0, sizeof(buff));
radvert = (struct nd_router_advert *)buff;
send_ra_inc_len(&len, sizeof(struct nd_router_advert));
radvert->nd_ra_type = ND_ROUTER_ADVERT;
radvert->nd_ra_code = 0;
radvert->nd_ra_cksum = 0;
radvert->nd_ra_curhoplimit = iface->AdvCurHopLimit;
radvert->nd_ra_flags_reserved = (iface->AdvManagedFlag) ? ND_RA_FLAG_MANAGED : 0;
radvert->nd_ra_flags_reserved |= (iface->AdvOtherConfigFlag) ? ND_RA_FLAG_OTHER : 0;
/* Mobile IPv6 ext */
radvert->nd_ra_flags_reserved |= (iface->AdvHomeAgentFlag) ? ND_RA_FLAG_HOME_AGENT : 0;
if (iface->cease_adv) {
radvert->nd_ra_router_lifetime = 0;
} else {
/* if forwarding is disabled, send zero router lifetime */
radvert->nd_ra_router_lifetime = !check_ip6_forwarding()? htons(iface->AdvDefaultLifetime) : 0;
}
radvert->nd_ra_flags_reserved |= (iface->AdvDefaultPreference << ND_OPT_RI_PRF_SHIFT) & ND_OPT_RI_PRF_MASK;
radvert->nd_ra_reachable = htonl(iface->AdvReachableTime);
radvert->nd_ra_retransmit = htonl(iface->AdvRetransTimer);
prefix = iface->AdvPrefixList;
/*
* add prefix options
*/
while (prefix) {
if (prefix->enabled && (!prefix->DecrementLifetimesFlag || prefix->curr_preferredlft > 0)) {
struct nd_opt_prefix_info *pinfo;
pinfo = (struct nd_opt_prefix_info *)(buff + len);
send_ra_inc_len(&len, sizeof(*pinfo));
pinfo->nd_opt_pi_type = ND_OPT_PREFIX_INFORMATION;
pinfo->nd_opt_pi_len = 4;
pinfo->nd_opt_pi_prefix_len = prefix->PrefixLen;
pinfo->nd_opt_pi_flags_reserved = (prefix->AdvOnLinkFlag) ? ND_OPT_PI_FLAG_ONLINK : 0;
pinfo->nd_opt_pi_flags_reserved |= (prefix->AdvAutonomousFlag) ? ND_OPT_PI_FLAG_AUTO : 0;
/* Mobile IPv6 ext */
pinfo->nd_opt_pi_flags_reserved |= (prefix->AdvRouterAddr) ? ND_OPT_PI_FLAG_RADDR : 0;
if (iface->cease_adv && prefix->DeprecatePrefixFlag) {
/* RFC4862, 5.5.3, step e) */
if (prefix->curr_validlft < MIN_AdvValidLifetime) {
if (prefix->DecrementLifetimesFlag) {
decrement_lifetime(secs_since_last_ra,
&prefix->curr_validlft);
}
pinfo->nd_opt_pi_valid_time = htonl(prefix->curr_validlft);
} else {
pinfo->nd_opt_pi_valid_time = htonl(MIN_AdvValidLifetime);
}
pinfo->nd_opt_pi_preferred_time = 0;
} else {
if (prefix->DecrementLifetimesFlag) {
decrement_lifetime(secs_since_last_ra, &prefix->curr_validlft);
decrement_lifetime(secs_since_last_ra, &prefix->curr_preferredlft);
if (prefix->curr_preferredlft == 0)
cease_adv_pfx_msg(iface->Name, &prefix->Prefix, prefix->PrefixLen);
}
pinfo->nd_opt_pi_valid_time = htonl(prefix->curr_validlft);
pinfo->nd_opt_pi_preferred_time = htonl(prefix->curr_preferredlft);
}
pinfo->nd_opt_pi_reserved2 = 0;
memcpy(&pinfo->nd_opt_pi_prefix, &prefix->Prefix, sizeof(struct in6_addr));
print_addr(&prefix->Prefix, addr_str);
dlog(LOG_DEBUG, 5, "adding prefix %s to advert for %s with %u seconds(s) valid lifetime and %u seconds(s) preferred time",
addr_str, iface->Name, ntohl(pinfo->nd_opt_pi_valid_time), ntohl(pinfo->nd_opt_pi_preferred_time));
}
prefix = prefix->next;
}
route = iface->AdvRouteList;
/*
* add route options
*/
while (route) {
struct nd_opt_route_info_local *rinfo;
rinfo = (struct nd_opt_route_info_local *)(buff + len);
send_ra_inc_len(&len, sizeof(*rinfo));
rinfo->nd_opt_ri_type = ND_OPT_ROUTE_INFORMATION;
/* XXX: the prefixes are allowed to be sent in smaller chunks as well */
rinfo->nd_opt_ri_len = 3;
rinfo->nd_opt_ri_prefix_len = route->PrefixLen;
rinfo->nd_opt_ri_flags_reserved = (route->AdvRoutePreference << ND_OPT_RI_PRF_SHIFT) & ND_OPT_RI_PRF_MASK;
if (iface->cease_adv && route->RemoveRouteFlag) {
rinfo->nd_opt_ri_lifetime = 0;
} else {
rinfo->nd_opt_ri_lifetime = htonl(route->AdvRouteLifetime);
}
memcpy(&rinfo->nd_opt_ri_prefix, &route->Prefix, sizeof(struct in6_addr));
route = route->next;
}
rdnss = iface->AdvRDNSSList;
/*
* add rdnss options
*/
while (rdnss) {
struct nd_opt_rdnss_info_local *rdnssinfo;
rdnssinfo = (struct nd_opt_rdnss_info_local *)(buff + len);
send_ra_inc_len(&len, sizeof(*rdnssinfo) - (3 - rdnss->AdvRDNSSNumber) * sizeof(struct in6_addr));
rdnssinfo->nd_opt_rdnssi_type = ND_OPT_RDNSS_INFORMATION;
rdnssinfo->nd_opt_rdnssi_len = 1 + 2 * rdnss->AdvRDNSSNumber;
rdnssinfo->nd_opt_rdnssi_pref_flag_reserved = 0;
if (iface->cease_adv && rdnss->FlushRDNSSFlag) {
rdnssinfo->nd_opt_rdnssi_lifetime = 0;
} else {
rdnssinfo->nd_opt_rdnssi_lifetime = htonl(rdnss->AdvRDNSSLifetime);
}
memcpy(&rdnssinfo->nd_opt_rdnssi_addr1, &rdnss->AdvRDNSSAddr1, sizeof(struct in6_addr));
memcpy(&rdnssinfo->nd_opt_rdnssi_addr2, &rdnss->AdvRDNSSAddr2, sizeof(struct in6_addr));
memcpy(&rdnssinfo->nd_opt_rdnssi_addr3, &rdnss->AdvRDNSSAddr3, sizeof(struct in6_addr));
rdnss = rdnss->next;
}
dnssl = iface->AdvDNSSLList;
/*
* add dnssl options
*/
while (dnssl) {
struct nd_opt_dnssl_info_local *dnsslinfo;
int const start_len = len;
int i;
dnsslinfo = (struct nd_opt_dnssl_info_local *)(buff + len);
send_ra_inc_len(&len, sizeof(dnsslinfo->nd_opt_dnssli_type) +
sizeof(dnsslinfo->nd_opt_dnssli_len) + sizeof(dnsslinfo->nd_opt_dnssli_reserved) + sizeof(dnsslinfo->nd_opt_dnssli_lifetime)
);
dnsslinfo->nd_opt_dnssli_type = ND_OPT_DNSSL_INFORMATION;
dnsslinfo->nd_opt_dnssli_reserved = 0;
if (iface->cease_adv && dnssl->FlushDNSSLFlag) {
dnsslinfo->nd_opt_dnssli_lifetime = 0;
} else {
dnsslinfo->nd_opt_dnssli_lifetime = htonl(dnssl->AdvDNSSLLifetime);
}
for (i = 0; i < dnssl->AdvDNSSLNumber; i++) {
char *label;
int label_len;
label = dnssl->AdvDNSSLSuffixes[i];
while (label[0] != '\0') {
if (strchr(label, '.') == NULL)
label_len = strlen(label);
else
label_len = strchr(label, '.') - label;
buff_dest = len;
send_ra_inc_len(&len, 1);
buff[buff_dest] = label_len;
buff_dest = len;
send_ra_inc_len(&len, label_len);
memcpy(buff + buff_dest, label, label_len);
label += label_len;
if (label[0] == '.')
label++;
if (label[0] == '\0') {
buff_dest = len;
send_ra_inc_len(&len, 1);
buff[buff_dest] = 0;
}
}
}
dnsslinfo->nd_opt_dnssli_len = (len - start_len) / 8;
if ((len - start_len) % 8 != 0) {
send_ra_inc_len(&len, 8 - (len - start_len) % 8);
++dnsslinfo->nd_opt_dnssli_len;
}
dnssl = dnssl->next;
}
/*
* add MTU option
*/
if (iface->AdvLinkMTU != 0) {
struct nd_opt_mtu *mtu;
mtu = (struct nd_opt_mtu *)(buff + len);
send_ra_inc_len(&len, sizeof(*mtu));
mtu->nd_opt_mtu_type = ND_OPT_MTU;
mtu->nd_opt_mtu_len = 1;
mtu->nd_opt_mtu_reserved = 0;
mtu->nd_opt_mtu_mtu = htonl(iface->AdvLinkMTU);
}
/*
* add Source Link-layer Address option
*/
if (iface->AdvSourceLLAddress && iface->if_hwaddr_len > 0) {
/*
4.6.1. Source/Target Link-layer Address
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Link-Layer Address ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Fields:
Type
1 for Source Link-layer Address
2 for Target Link-layer Address
Length The length of the option (including the type and
length fields) in units of 8 octets. For example,
the length for IEEE 802 addresses is 1 [IPv6-
ETHER].
Link-Layer Address
The variable length link-layer address.
The content and format of this field (including
byte and bit ordering) is expected to be specified
in specific documents that describe how IPv6
operates over different link layers. For instance,
[IPv6-ETHER].
*/
/* +2 for the ND_OPT_SOURCE_LINKADDR and the length (each occupy one byte) */
size_t const sllao_bytes = (iface->if_hwaddr_len / 8) + 2;
size_t const sllao_len = (sllao_bytes + 7) / 8;
uint8_t *sllao = (uint8_t *) (buff + len);
send_ra_inc_len(&len, sllao_len * 8);
*sllao++ = ND_OPT_SOURCE_LINKADDR;
*sllao++ = (uint8_t) sllao_len;
/* if_hwaddr_len is in bits, so divide by 8 to get the byte count. */
memcpy(sllao, iface->if_hwaddr, iface->if_hwaddr_len / 8);
}
/*
* Mobile IPv6 ext: Advertisement Interval Option to support
* movement detection of mobile nodes
*/
if (iface->AdvIntervalOpt) {
struct AdvInterval a_ival;
uint32_t ival;
if (iface->MaxRtrAdvInterval < Cautious_MaxRtrAdvInterval) {
ival = ((iface->MaxRtrAdvInterval + Cautious_MaxRtrAdvInterval_Leeway) * 1000);
} else {
ival = (iface->MaxRtrAdvInterval * 1000);
}
a_ival.type = ND_OPT_RTR_ADV_INTERVAL;
a_ival.length = 1;
a_ival.reserved = 0;
a_ival.adv_ival = htonl(ival);
buff_dest = len;
send_ra_inc_len(&len, sizeof(a_ival));
memcpy(buff + buff_dest, &a_ival, sizeof(a_ival));
}
/*
* Mobile IPv6 ext: Home Agent Information Option to support
* Dynamic Home Agent Address Discovery
*/
if (iface->AdvHomeAgentInfo && (iface->AdvMobRtrSupportFlag || iface->HomeAgentPreference != 0 || iface->HomeAgentLifetime != iface->AdvDefaultLifetime)) {
struct HomeAgentInfo ha_info;
ha_info.type = ND_OPT_HOME_AGENT_INFO;
ha_info.length = 1;
ha_info.flags_reserved = (iface->AdvMobRtrSupportFlag) ? ND_OPT_HAI_FLAG_SUPPORT_MR : 0;
ha_info.preference = htons(iface->HomeAgentPreference);
ha_info.lifetime = htons(iface->HomeAgentLifetime);
buff_dest = len;
send_ra_inc_len(&len, sizeof(ha_info));
memcpy(buff + buff_dest, &ha_info, sizeof(ha_info));
}
lowpanco = iface->AdvLowpanCoList;
/*
* Add 6co option
*/
if (lowpanco) {
struct nd_opt_6co *co;
co = (struct nd_opt_6co *)(buff + len);
send_ra_inc_len(&len, sizeof(*co));
co->nd_opt_6co_type = ND_OPT_6CO;
co->nd_opt_6co_len = 3;
co->nd_opt_6co_context_len = lowpanco->ContextLength;
co->nd_opt_6co_c = lowpanco->ContextCompressionFlag;
co->nd_opt_6co_cid = lowpanco->AdvContextID;
co->nd_opt_6co_valid_lifetime = lowpanco->AdvLifeTime;
co->nd_opt_6co_con_prefix = lowpanco->AdvContextPrefix;
}
abroo = iface->AdvAbroList;
/*
* Add ABRO option
*/
if (abroo) {
struct nd_opt_abro *abro;
abro = (struct nd_opt_abro *)(buff + len);
send_ra_inc_len(&len, sizeof(*abro));
abro->nd_opt_abro_type = ND_OPT_ABRO;
abro->nd_opt_abro_len = 3;
abro->nd_opt_abro_ver_low = abroo->Version[1];
abro->nd_opt_abro_ver_high = abroo->Version[0];
abro->nd_opt_abro_valid_lifetime = abroo->ValidLifeTime;
abro->nd_opt_abro_6lbr_address = abroo->LBRaddress;
}
err = really_send(dest, iface->if_index, iface->if_addr, buff, len);
if (err < 0) {
if (!iface->IgnoreIfMissing || !(errno == EINVAL || errno == ENODEV))
flog(LOG_WARNING, "sendmsg: %s", strerror(errno));
else
dlog(LOG_DEBUG, 3, "sendmsg: %s", strerror(errno));
}
return 0;
}
int
main(int argc, char *argv[])
{
char pidstr[16];
ssize_t ret;
int c, log_method;
char *logfile, *pidfile;
int facility, fd;
char *username = NULL;
char *chrootdir = NULL;
int configtest = 0;
int singleprocess = 0;
#ifdef HAVE_GETOPT_LONG
int opt_idx;
#endif
pname = ((pname=strrchr(argv[0],'/')) != NULL)?pname+1:argv[0];
srand((unsigned int)time(NULL));
log_method = L_STDERR_SYSLOG;
logfile = PATH_RADVD_LOG;
conf_file = PATH_RADVD_CONF;
facility = LOG_FACILITY;
pidfile = PATH_RADVD_PID;
/* parse args */
#define OPTIONS_STR "d:C:l:m:p:t:u:vhcs"
#ifdef HAVE_GETOPT_LONG
while ((c = getopt_long(argc, argv, OPTIONS_STR, prog_opt, &opt_idx)) > 0)
#else
while ((c = getopt(argc, argv, OPTIONS_STR)) > 0)
#endif
{
switch (c) {
case 'C':
conf_file = optarg;
break;
case 'd':
set_debuglevel(atoi(optarg));
break;
case 'f':
facility = atoi(optarg);
break;
case 'l':
logfile = optarg;
break;
case 'p':
pidfile = optarg;
break;
case 'm':
if (!strcmp(optarg, "syslog"))
{
log_method = L_SYSLOG;
}
else if (!strcmp(optarg, "stderr_syslog"))
{
log_method = L_STDERR_SYSLOG;
}
else if (!strcmp(optarg, "stderr"))
{
log_method = L_STDERR;
}
else if (!strcmp(optarg, "logfile"))
{
log_method = L_LOGFILE;
}
else if (!strcmp(optarg, "none"))
{
log_method = L_NONE;
}
else
{
fprintf(stderr, "%s: unknown log method: %s\n", pname, optarg);
exit(1);
}
break;
case 't':
chrootdir = strdup(optarg);
break;
case 'u':
username = strdup(optarg);
break;
case 'v':
version();
break;
case 'c':
configtest = 1;
break;
case 's':
singleprocess = 1;
break;
case 'h':
usage();
#ifdef HAVE_GETOPT_LONG
case ':':
fprintf(stderr, "%s: option %s: parameter expected\n", pname,
prog_opt[opt_idx].name);
exit(1);
#endif
case '?':
exit(1);
}
}
if (chrootdir) {
if (!username) {
fprintf(stderr, "Chroot as root is not safe, exiting\n");
exit(1);
}
if (chroot(chrootdir) == -1) {
perror("chroot");
exit (1);
}
if (chdir("/") == -1) {
perror("chdir");
exit (1);
}
/* username will be switched later */
}
if (configtest) {
log_method = L_STDERR;
}
if (log_open(log_method, pname, logfile, facility) < 0) {
perror("log_open");
exit(1);
}
if (!configtest) {
flog(LOG_INFO, "version %s started", VERSION);
}
/* get a raw socket for sending and receiving ICMPv6 messages */
sock = open_icmpv6_socket();
if (sock < 0) {
perror("open_icmpv6_socket");
exit(1);
}
/* check that 'other' cannot write the file
* for non-root, also that self/own group can't either
*/
if (check_conffile_perm(username, conf_file) < 0) {
if (get_debuglevel() == 0) {
flog(LOG_ERR, "Exiting, permissions on conf_file invalid.\n");
exit(1);
}
else
flog(LOG_WARNING, "Insecure file permissions, but continuing anyway");
}
/* if we know how to do it, check whether forwarding is enabled */
if (check_ip6_forwarding()) {
flog(LOG_WARNING, "IPv6 forwarding seems to be disabled, but continuing anyway.");
}
/* parse config file */
if (readin_config(conf_file) < 0) {
flog(LOG_ERR, "Exiting, failed to read config file.\n");
exit(1);
}
if (configtest) {
fprintf(stderr, "Syntax OK\n");
exit(0);
}
/* drop root privileges if requested. */
if (username) {
if (!singleprocess) {
dlog(LOG_DEBUG, 3, "Initializing privsep");
if (privsep_init() < 0)
flog(LOG_WARNING, "Failed to initialize privsep.");
}
if (drop_root_privileges(username) < 0) {
perror("drop_root_privileges");
exit(1);
}
}
if ((fd = open(pidfile, O_RDONLY, 0)) > 0)
{
ret = read(fd, pidstr, sizeof(pidstr) - 1);
if (ret < 0)
{
flog(LOG_ERR, "cannot read radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
pidstr[ret] = '\0';
if (!kill((pid_t)atol(pidstr), 0))
{
flog(LOG_ERR, "radvd already running, terminating.");
exit(1);
}
close(fd);
fd = open(pidfile, O_CREAT|O_TRUNC|O_WRONLY, 0644);
}
else /* FIXME: not atomic if pidfile is on an NFS mounted volume */
fd = open(pidfile, O_CREAT|O_EXCL|O_WRONLY, 0644);
if (fd < 0)
{
flog(LOG_ERR, "cannot create radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
/*
* okay, config file is read in, socket and stuff is setup, so
* lets fork now...
*/
if (get_debuglevel() == 0) {
/* Detach from controlling terminal */
if (daemon(0, 0) < 0)
perror("daemon");
/* close old logfiles, including stderr */
log_close();
/* reopen logfiles, but don't log to stderr unless explicitly requested */
if (log_method == L_STDERR_SYSLOG)
log_method = L_SYSLOG;
if (log_open(log_method, pname, logfile, facility) < 0) {
perror("log_open");
exit(1);
}
}
/*
* config signal handlers
*/
signal(SIGHUP, sighup_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGINT, sigint_handler);
signal(SIGUSR1, sigusr1_handler);
snprintf(pidstr, sizeof(pidstr), "%ld\n", (long)getpid());
ret = write(fd, pidstr, strlen(pidstr));
if (ret != strlen(pidstr))
{
flog(LOG_ERR, "cannot write radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
close(fd);
config_interface();
kickoff_adverts();
main_loop();
stop_adverts();
unlink(pidfile);
return 0;
}
int main(int argc, char *argv[])
{
int c;
int log_method = L_STDERR_SYSLOG;
char *logfile = PATH_RADVD_LOG;
int facility = LOG_FACILITY;
char *username = NULL;
char *chrootdir = NULL;
int configtest = 0;
int daemonize = 1;
char const *pname = ((pname = strrchr(argv[0], '/')) != NULL) ? pname + 1 : argv[0];
srand((unsigned int)time(NULL));
char const *conf_path = PATH_RADVD_CONF;
char const *daemon_pid_file_ident = PATH_RADVD_PID;
/* parse args */
#define OPTIONS_STR "d:C:l:m:p:t:u:vhcn"
#ifdef HAVE_GETOPT_LONG
int opt_idx;
while ((c = getopt_long(argc, argv, OPTIONS_STR, prog_opt, &opt_idx)) > 0)
#else
while ((c = getopt(argc, argv, OPTIONS_STR)) > 0)
#endif
{
switch (c) {
case 'C':
conf_path = optarg;
break;
case 'd':
set_debuglevel(atoi(optarg));
break;
case 'f':
facility = atoi(optarg);
break;
case 'l':
logfile = optarg;
break;
case 'p':
daemon_pid_file_ident = optarg;
break;
case 'm':
if (!strcmp(optarg, "syslog")) {
log_method = L_SYSLOG;
} else if (!strcmp(optarg, "stderr_syslog")) {
log_method = L_STDERR_SYSLOG;
} else if (!strcmp(optarg, "stderr")) {
log_method = L_STDERR;
} else if (!strcmp(optarg, "logfile")) {
log_method = L_LOGFILE;
} else if (!strcmp(optarg, "none")) {
log_method = L_NONE;
} else {
fprintf(stderr, "%s: unknown log method: %s\n", pname, optarg);
exit(1);
}
break;
case 't':
chrootdir = strdup(optarg);
break;
case 'u':
username = strdup(optarg);
break;
case 'v':
version();
break;
case 'c':
configtest = 1;
break;
case 'n':
daemonize = 0;
break;
case 'h':
usage(pname);
#ifdef HAVE_GETOPT_LONG
case ':':
fprintf(stderr, "%s: option %s: parameter expected\n", pname, prog_opt[opt_idx].name);
exit(1);
#endif
case '?':
exit(1);
}
}
/* TODO: Seems like this chroot'ing should happen *after* daemonizing for
* the sake of the PID file. */
if (chrootdir) {
if (!username) {
fprintf(stderr, "Chroot as root is not safe, exiting\n");
exit(1);
}
if (chroot(chrootdir) == -1) {
perror("chroot");
exit(1);
}
if (chdir("/") == -1) {
perror("chdir");
exit(1);
}
/* username will be switched later */
}
if (configtest) {
set_debuglevel(1);
log_method = L_STDERR;
}
if (log_open(log_method, pname, logfile, facility) < 0) {
perror("log_open");
exit(1);
}
if (!configtest) {
flog(LOG_INFO, "version %s started", VERSION);
}
/* check that 'other' cannot write the file
* for non-root, also that self/own group can't either
*/
if (check_conffile_perm(username, conf_path) != 0) {
if (get_debuglevel() == 0) {
flog(LOG_ERR, "exiting, permissions on conf_file invalid");
exit(1);
} else
flog(LOG_WARNING, "Insecure file permissions, but continuing anyway");
}
/* parse config file */
struct Interface *ifaces = NULL;
if ((ifaces = readin_config(conf_path)) == 0) {
flog(LOG_ERR, "exiting, failed to read config file");
exit(1);
}
if (configtest) {
free_ifaces(ifaces);
exit(0);
}
/* get a raw socket for sending and receiving ICMPv6 messages */
int sock = open_icmpv6_socket();
if (sock < 0) {
perror("open_icmpv6_socket");
exit(1);
}
/* if we know how to do it, check whether forwarding is enabled */
if (check_ip6_forwarding()) {
flog(LOG_WARNING, "IPv6 forwarding seems to be disabled, but continuing anyway");
}
int const pidfd = open_and_lock_pid_file(daemon_pid_file_ident);
/*
* okay, config file is read in, socket and stuff is setup, so
* lets fork now...
*/
if (daemonize) {
pid_t pid = do_daemonize(log_method, daemon_pid_file_ident);
if (pid != 0 && pid != -1) {
/* We want to see clean output from valgrind, so free username, chrootdir,
* and ifaces in the child process. */
if (ifaces)
free_ifaces(ifaces);
if (username)
free(username);
if (chrootdir)
free(chrootdir);
exit(0);
}
} else {
if (0 != write_pid_file(daemon_pid_file_ident, getpid())) {
flog(LOG_ERR, "failure writing pid file detected");
exit(-1);
}
}
check_pid_file(daemon_pid_file_ident);
#ifdef __linux__
/* for privsep */ {
dlog(LOG_DEBUG, 3, "initializing privsep");
int pipefds[2];
if (pipe(pipefds) != 0) {
flog(LOG_ERR, "Couldn't create privsep pipe.");
return -1;
}
pid_t pid = fork();
if (pid == -1) {
flog(LOG_ERR, "Couldn't fork for privsep.");
return -1;
}
if (pid == 0) {
/* We want to see clean output from valgrind, so free username, chrootdir,
* and ifaces in the child process. */
if (ifaces)
free_ifaces(ifaces);
if (username)
free(username);
if (chrootdir)
free(chrootdir);
close(pipefds[1]);
privsep_init(pipefds[0]);
_exit(0);
}
dlog(LOG_DEBUG, 3, "radvd privsep PID is %d", pid);
/* Continue execution (will drop privileges soon) */
close(pipefds[0]);
privsep_set_write_fd(pipefds[1]);
}
#endif
if (username) {
if (drop_root_privileges(username) < 0) {
perror("drop_root_privileges");
flog(LOG_ERR, "unable to drop root privileges");
exit(1);
}
dlog(LOG_DEBUG, 3, "running as user: %s", username);
}
setup_ifaces(sock, ifaces);
ifaces = main_loop(sock, ifaces, conf_path);
stop_adverts(sock, ifaces);
flog(LOG_INFO, "removing %s", daemon_pid_file_ident);
unlink(daemon_pid_file_ident);
close(pidfd);
if (ifaces)
free_ifaces(ifaces);
if (chrootdir)
free(chrootdir);
if (username)
free(username);
flog(LOG_INFO, "returning from radvd main");
log_close();
return 0;
}
