/*
* Copyright (C) 2000 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/uio.h>
#include <sys/time.h>
#include <sys/queue.h>
#include <net/if.h>
#include <net/route.h>
#include <net/if_dl.h>
#include <netinet/in.h>
#include <netinet/ip6.h>
#include <netinet/icmp6.h>
#include <time.h>
#include <unistd.h>
#include <stdio.h>
#include <stddef.h>
#include <err.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <syslog.h>
#include "rtsold.h"
#define ROUNDUP(a, size) \
(((a) & ((size)-1)) ? (1 + ((a) | ((size)-1))) : (a))
#define NEXT_SA(ap) (ap) = (struct sockaddr *) \
((caddr_t)(ap) + \
((ap)->sa_len ? ROUNDUP((ap)->sa_len, sizeof(u_long)) \
: sizeof(u_long)))
#ifdef RTM_IFANNOUNCE /*NetBSD 1.5 or later*/
static int rtsock_input_ifannounce(int, struct rt_msghdr *, char *);
#endif
static struct {
u_char type;
size_t minlen;
int (*func)(int, struct rt_msghdr *, char *);
} rtsock_dispatch[] = {
#ifdef RTM_IFANNOUNCE /*NetBSD 1.5 or later*/
{ RTM_IFANNOUNCE, sizeof(struct if_announcemsghdr),
rtsock_input_ifannounce },
#endif
{ 0, 0, NULL },
};
int
rtsock_open(void)
{
return (socket(PF_ROUTE, SOCK_RAW, 0));
}
int
rtsock_input(int s)
{
ssize_t n;
char msg[2048];
char *lim, *next;
struct rt_msghdr *rtm;
int idx;
ssize_t len;
int ret = 0;
const ssize_t lenlim =
offsetof(struct rt_msghdr, rtm_msglen) + sizeof(rtm->rtm_msglen);
n = read(s, msg, sizeof(msg));
lim = msg + n;
for (next = msg; next < lim; next += len) {
rtm = (struct rt_msghdr *)(void *)next;
if (lim - next < lenlim)
break;
len = rtm->rtm_msglen;
if (len < lenlim)
break;
if (dflag > 1) {
warnmsg(LOG_INFO, __func__,
"rtmsg type %d, len=%lu", rtm->rtm_type,
(u_long)len);
}
for (idx = 0; rtsock_dispatch[idx].func; idx++) {
if (rtm->rtm_type != rtsock_dispatch[idx].type)
continue;
if (rtm->rtm_msglen < rtsock_dispatch[idx].minlen) {
warnmsg(LOG_INFO, __func__,
"rtmsg type %d too short!", rtm->rtm_type);
continue;
}
ret = (*rtsock_dispatch[idx].func)(s, rtm, lim);
break;
}
}
return (ret);
}
#ifdef RTM_IFANNOUNCE /*NetBSD 1.5 or later*/
static int
rtsock_input_ifannounce(int s __unused, struct rt_msghdr *rtm, char *lim)
{
struct if_announcemsghdr *ifan;
struct ifinfo *ifi;
ifan = (struct if_announcemsghdr *)rtm;
if ((char *)(ifan + 1) > lim)
return (-1);
switch (ifan->ifan_what) {
case IFAN_ARRIVAL:
/*
* XXX for NetBSD 1.5, interface index will monotonically be
* increased as new pcmcia card gets inserted.
* we may be able to do a name-based interface match,
* and call ifreconfig() to enable the interface again.
*/
warnmsg(LOG_INFO, __func__,
"interface %s inserted", ifan->ifan_name);
break;
case IFAN_DEPARTURE:
warnmsg(LOG_WARNING, __func__,
"interface %s removed", ifan->ifan_name);
ifi = find_ifinfo(ifan->ifan_index);
if (ifi) {
if (dflag > 1) {
warnmsg(LOG_INFO, __func__,
"bring interface %s to DOWN state",
ifan->ifan_name);
}
ifi->state = IFS_DOWN;
}
break;
}
return (0);
}
static int
ifconfig(char *ifname)
{
struct ifinfo *ifinfo;
struct sockaddr_dl *sdl;
int flags;
if ((sdl = if_nametosdl(ifname)) == NULL) {
warnmsg(LOG_ERR, __func__,
"failed to get link layer information for %s", ifname);
return(-1);
}
if (find_ifinfo(sdl->sdl_index)) {
warnmsg(LOG_ERR, __func__,
"interface %s was already configured", ifname);
free(sdl);
return(-1);
}
if ((ifinfo = malloc(sizeof(*ifinfo))) == NULL) {
warnmsg(LOG_ERR, __func__, "memory allocation failed");
free(sdl);
return(-1);
}
memset(ifinfo, 0, sizeof(*ifinfo));
ifinfo->sdl = sdl;
strncpy(ifinfo->ifname, ifname, sizeof(ifinfo->ifname));
/* construct a router solicitation message */
if (make_packet(ifinfo))
goto bad;
/*
* check if the interface is available.
* also check if SIOCGIFMEDIA ioctl is OK on the interface.
*/
ifinfo->mediareqok = 1;
ifinfo->active = interface_status(ifinfo);
if (!ifinfo->mediareqok) {
/*
* probe routers periodically even if the link status
* does not change.
*/
ifinfo->probeinterval = PROBE_INTERVAL;
}
/* activate interface: interface_up returns 0 on success */
flags = interface_up(ifinfo->ifname);
if (flags == 0)
ifinfo->state = IFS_DELAY;
else if (flags == IFS_TENTATIVE)
ifinfo->state = IFS_TENTATIVE;
else
ifinfo->state = IFS_DOWN;
rtsol_timer_update(ifinfo);
/* link into chain */
if (iflist)
ifinfo->next = iflist;
iflist = ifinfo;
return(0);
bad:
free(ifinfo->sdl);
free(ifinfo);
return(-1);
}
void
rtsol_input(int s)
{
u_char ntopbuf[INET6_ADDRSTRLEN], ifnamebuf[IFNAMSIZ];
int l, ifindex = 0, *hlimp = NULL;
ssize_t msglen;
struct in6_pktinfo *pi = NULL;
struct ifinfo *ifi = NULL;
struct ra_opt *rao = NULL;
struct icmp6_hdr *icp;
struct nd_router_advert *nd_ra;
struct cmsghdr *cm;
struct rainfo *rai;
char *raoptp;
char *p;
struct in6_addr *addr;
struct nd_opt_hdr *ndo;
struct nd_opt_rdnss *rdnss;
struct nd_opt_dnssl *dnssl;
size_t len;
char nsbuf[INET6_ADDRSTRLEN + 1 + IFNAMSIZ + 1];
char dname[NI_MAXHOST];
struct timeval now;
struct timeval lifetime;
int newent_rai;
int newent_rao;
/* get message. namelen and controllen must always be initialized. */
rcvmhdr.msg_namelen = sizeof(from);
rcvmhdr.msg_controllen = rcvcmsglen;
if ((msglen = recvmsg(s, &rcvmhdr, 0)) < 0) {
warnmsg(LOG_ERR, __func__, "recvmsg: %s", strerror(errno));
return;
}
/* extract optional information via Advanced API */
for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(&rcvmhdr); cm;
cm = (struct cmsghdr *)CMSG_NXTHDR(&rcvmhdr, cm)) {
if (cm->cmsg_level == IPPROTO_IPV6 &&
cm->cmsg_type == IPV6_PKTINFO &&
cm->cmsg_len == CMSG_LEN(sizeof(struct in6_pktinfo))) {
pi = (struct in6_pktinfo *)(CMSG_DATA(cm));
ifindex = pi->ipi6_ifindex;
}
if (cm->cmsg_level == IPPROTO_IPV6 &&
cm->cmsg_type == IPV6_HOPLIMIT &&
cm->cmsg_len == CMSG_LEN(sizeof(int)))
hlimp = (int *)CMSG_DATA(cm);
}
if (ifindex == 0) {
warnmsg(LOG_ERR, __func__,
"failed to get receiving interface");
return;
}
if (hlimp == NULL) {
warnmsg(LOG_ERR, __func__,
"failed to get receiving hop limit");
return;
}
if ((size_t)msglen < sizeof(struct nd_router_advert)) {
warnmsg(LOG_INFO, __func__,
"packet size(%zd) is too short", msglen);
return;
}
icp = (struct icmp6_hdr *)rcvmhdr.msg_iov[0].iov_base;
if (icp->icmp6_type != ND_ROUTER_ADVERT) {
/*
* this should not happen because we configured a filter
* that only passes RAs on the receiving socket.
*/
warnmsg(LOG_ERR, __func__,
"invalid icmp type(%d) from %s on %s", icp->icmp6_type,
inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
sizeof(ntopbuf)),
if_indextoname(pi->ipi6_ifindex, ifnamebuf));
return;
}
if (icp->icmp6_code != 0) {
warnmsg(LOG_INFO, __func__,
"invalid icmp code(%d) from %s on %s", icp->icmp6_code,
inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
sizeof(ntopbuf)),
if_indextoname(pi->ipi6_ifindex, ifnamebuf));
return;
}
if (*hlimp != 255) {
warnmsg(LOG_INFO, __func__,
"invalid RA with hop limit(%d) from %s on %s",
*hlimp,
inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
sizeof(ntopbuf)),
if_indextoname(pi->ipi6_ifindex, ifnamebuf));
return;
}
if (pi && !IN6_IS_ADDR_LINKLOCAL(&from.sin6_addr)) {
warnmsg(LOG_INFO, __func__,
"invalid RA with non link-local source from %s on %s",
inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
sizeof(ntopbuf)),
if_indextoname(pi->ipi6_ifindex, ifnamebuf));
return;
}
/* xxx: more validation? */
if ((ifi = find_ifinfo(pi->ipi6_ifindex)) == NULL) {
warnmsg(LOG_INFO, __func__,
"received RA from %s on an unexpected IF(%s)",
inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
sizeof(ntopbuf)),
if_indextoname(pi->ipi6_ifindex, ifnamebuf));
return;
}
warnmsg(LOG_DEBUG, __func__,
"received RA from %s on %s, state is %d",
inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf, sizeof(ntopbuf)),
ifi->ifname, ifi->state);
nd_ra = (struct nd_router_advert *)icp;
/*
* Process the "O bit."
* If the value of OtherConfigFlag changes from FALSE to TRUE, the
* host should invoke the stateful autoconfiguration protocol,
* requesting information.
* [RFC 2462 Section 5.5.3]
*/
if (((nd_ra->nd_ra_flags_reserved) & ND_RA_FLAG_OTHER) &&
!ifi->otherconfig) {
warnmsg(LOG_DEBUG, __func__,
"OtherConfigFlag on %s is turned on", ifi->ifname);
ifi->otherconfig = 1;
CALL_SCRIPT(OTHER, NULL);
}
gettimeofday(&now, NULL);
newent_rai = 0;
rai = find_rainfo(ifi, &from);
if (rai == NULL) {
ELM_MALLOC(rai, exit(1));
rai->rai_ifinfo = ifi;
TAILQ_INIT(&rai->rai_ra_opt);
rai->rai_saddr.sin6_family = AF_INET6;
rai->rai_saddr.sin6_len = sizeof(rai->rai_saddr);
memcpy(&rai->rai_saddr.sin6_addr, &from.sin6_addr,
sizeof(rai->rai_saddr.sin6_addr));
newent_rai = 1;
}
#define RA_OPT_NEXT_HDR(x) (struct nd_opt_hdr *)((char *)x + \
(((struct nd_opt_hdr *)x)->nd_opt_len * 8))
/* Process RA options. */
warnmsg(LOG_DEBUG, __func__, "Processing RA");
raoptp = (char *)icp + sizeof(struct nd_router_advert);
while (raoptp < (char *)icp + msglen) {
ndo = (struct nd_opt_hdr *)raoptp;
warnmsg(LOG_DEBUG, __func__, "ndo = %p", raoptp);
warnmsg(LOG_DEBUG, __func__, "ndo->nd_opt_type = %d",
ndo->nd_opt_type);
warnmsg(LOG_DEBUG, __func__, "ndo->nd_opt_len = %d",
ndo->nd_opt_len);
switch (ndo->nd_opt_type) {
case ND_OPT_RDNSS:
rdnss = (struct nd_opt_rdnss *)raoptp;
/* Optlen sanity check (Section 5.3.1 in RFC 6106) */
if (rdnss->nd_opt_rdnss_len < 3) {
warnmsg(LOG_INFO, __func__,
"too short RDNSS option"
"in RA from %s was ignored.",
inet_ntop(AF_INET6, &from.sin6_addr,
ntopbuf, sizeof(ntopbuf)));
break;
}
addr = (struct in6_addr *)(raoptp + sizeof(*rdnss));
while ((char *)addr < (char *)RA_OPT_NEXT_HDR(raoptp)) {
if (inet_ntop(AF_INET6, addr, ntopbuf,
sizeof(ntopbuf)) == NULL) {
warnmsg(LOG_INFO, __func__,
"an invalid address in RDNSS option"
" in RA from %s was ignored.",
inet_ntop(AF_INET6, &from.sin6_addr,
ntopbuf, sizeof(ntopbuf)));
addr++;
continue;
}
if (IN6_IS_ADDR_LINKLOCAL(addr))
/* XXX: % has to be escaped here */
l = snprintf(nsbuf, sizeof(nsbuf),
"%s%c%s", ntopbuf,
SCOPE_DELIMITER,
ifi->ifname);
else
l = snprintf(nsbuf, sizeof(nsbuf),
"%s", ntopbuf);
if (l < 0 || (size_t)l >= sizeof(nsbuf)) {
warnmsg(LOG_ERR, __func__,
"address copying error in "
"RDNSS option: %d.", l);
addr++;
continue;
}
warnmsg(LOG_DEBUG, __func__, "nsbuf = %s",
nsbuf);
newent_rao = 0;
rao = find_raopt(rai, ndo->nd_opt_type, nsbuf,
strlen(nsbuf));
if (rao == NULL) {
ELM_MALLOC(rao, break);
rao->rao_type = ndo->nd_opt_type;
rao->rao_len = strlen(nsbuf);
rao->rao_msg = strdup(nsbuf);
if (rao->rao_msg == NULL) {
warnmsg(LOG_ERR, __func__,
"strdup failed: %s",
strerror(errno));
free(rao);
addr++;
continue;
}
newent_rao = 1;
}
/* Set expiration timer */
memset(&rao->rao_expire, 0,
sizeof(rao->rao_expire));
memset(&lifetime, 0, sizeof(lifetime));
lifetime.tv_sec =
ntohl(rdnss->nd_opt_rdnss_lifetime);
timeradd(&now, &lifetime, &rao->rao_expire);
if (newent_rao)
TAILQ_INSERT_TAIL(&rai->rai_ra_opt,
rao, rao_next);
addr++;
}
break;
case ND_OPT_DNSSL:
dnssl = (struct nd_opt_dnssl *)raoptp;
/* Optlen sanity check (Section 5.3.1 in RFC 6106) */
if (dnssl->nd_opt_dnssl_len < 2) {
warnmsg(LOG_INFO, __func__,
"too short DNSSL option"
"in RA from %s was ignored.",
inet_ntop(AF_INET6, &from.sin6_addr,
ntopbuf, sizeof(ntopbuf)));
break;
}
/*
* Ensure NUL-termination in DNSSL in case of
* malformed field.
*/
p = (char *)RA_OPT_NEXT_HDR(raoptp);
*(p - 1) = '\0';
p = raoptp + sizeof(*dnssl);
while (1 < (len = dname_labeldec(dname, sizeof(dname),
p))) {
/* length == 1 means empty string */
warnmsg(LOG_DEBUG, __func__, "dname = %s",
dname);
newent_rao = 0;
rao = find_raopt(rai, ndo->nd_opt_type, dname,
strlen(dname));
if (rao == NULL) {
ELM_MALLOC(rao, break);
rao->rao_type = ndo->nd_opt_type;
rao->rao_len = strlen(dname);
rao->rao_msg = strdup(dname);
if (rao->rao_msg == NULL) {
warnmsg(LOG_ERR, __func__,
"strdup failed: %s",
strerror(errno));
free(rao);
addr++;
continue;
}
newent_rao = 1;
}
/* Set expiration timer */
memset(&rao->rao_expire, 0,
sizeof(rao->rao_expire));
memset(&lifetime, 0, sizeof(lifetime));
lifetime.tv_sec =
ntohl(dnssl->nd_opt_dnssl_lifetime);
timeradd(&now, &lifetime, &rao->rao_expire);
if (newent_rao)
TAILQ_INSERT_TAIL(&rai->rai_ra_opt,
rao, rao_next);
p += len;
}
break;
default:
/* nothing to do for other options */
break;
}