/*
* Sends an advertisement for all specified clients of this interface
* (or via broadcast, if there are no restrictions configured).
*
* If a destination address is given, the RA will be sent to the destination
* address only, but only if it was configured.
*
*/
int send_ra_forall(struct Interface *iface, struct in6_addr *dest)
{
struct Clients *current;
/* If no list of clients was specified for this interface, we broadcast */
if (iface->ClientList == NULL) {
if (dest == NULL && iface->UnicastOnly) {
return 0;
}
return send_ra(iface, dest);
}
/* If clients are configured, send the advertisement to all of them via unicast */
for (current = iface->ClientList; current; current = current->next) {
char address_text[INET6_ADDRSTRLEN];
memset(address_text, 0, sizeof(address_text));
if (get_debuglevel() >= 5)
inet_ntop(AF_INET6, ¤t->Address, address_text, INET6_ADDRSTRLEN);
/* If a non-authorized client sent a solicitation, ignore it (logging later) */
if (dest != NULL && memcmp(dest, ¤t->Address, sizeof(struct in6_addr)) != 0)
continue;
dlog(LOG_DEBUG, 5, "Sending RA to %s", address_text);
send_ra(iface, &(current->Address));
/* If we should only send the RA to a specific address, we are done */
if (dest != NULL)
return 0;
}
if (dest == NULL)
return 0;
/* If we refused a client's solicitation, log it if debugging is high enough */
char address_text[INET6_ADDRSTRLEN];
memset(address_text, 0, sizeof(address_text));
if (get_debuglevel() >= 5)
inet_ntop(AF_INET6, dest, address_text, INET6_ADDRSTRLEN);
dlog(LOG_DEBUG, 5, "Not answering request from %s, not configured", address_text);
return 0;
}
/* Fork to create privileged process connected by a pipe */
int
privsep_init(void)
{
int pipefds[2];
pid_t pid;
if (privsep_enabled())
return 0;
if (pipe(pipefds) != 0) {
flog(LOG_ERR, "Couldn't create privsep pipe.");
return (-1);
}
pid = fork();
if (pid == -1) {
flog(LOG_ERR, "Couldn't fork for privsep.");
return (-1);
}
if (pid == 0) {
int nullfd;
/* This will be the privileged child */
close(pipefds[1]);
pfd = pipefds[0];
/* Detach from stdio */
nullfd = open("/dev/null", O_RDONLY);
if (nullfd < 0) {
perror("/dev/null");
close(pfd);
_exit(1);
}
dup2(nullfd, 0);
dup2(nullfd, 1);
/* XXX: we'll keep stderr open in debug mode for better logging */
if (get_debuglevel() == 0)
dup2(nullfd, 2);
privsep_read_loop();
close(pfd);
_exit(0);
}
/* Continue execution (will drop privileges soon) */
close(pipefds[0]);
pfd = pipefds[1];
return 0;
}
/*
* Sends an advertisement for all specified clients of this interface
* (or via broadcast, if there are no restrictions configured).
*
* If a destination address is given, the RA will be sent to the destination
* address only, but only if it was configured.
*
*/
int send_ra_forall(int sock, struct Interface *iface, struct in6_addr *dest)
{
/* when netlink is not available (disabled or BSD), ensure_iface_setup is necessary. */
if (ensure_iface_setup(sock, iface) < 0) {
dlog(LOG_DEBUG, 3, "not sending RA for %s, interface is not ready", iface->props.name);
return -1;
}
if (iface->state_info.racount < MAX_INITIAL_RTR_ADVERTISEMENTS)
iface->state_info.racount++;
/* If no list of clients was specified for this interface, we broadcast */
if (iface->ClientList == NULL) {
if (dest == NULL && iface->UnicastOnly) {
dlog(LOG_DEBUG, 5, "no client list, no destination, unicast only...doing nothing");
return 0;
}
return send_ra(sock, iface, dest);
}
/* If clients are configured, send the advertisement to all of them via unicast */
for (struct Clients * current = iface->ClientList; current; current = current->next) {
/* If a non-authorized client sent a solicitation, ignore it (logging later) */
if (dest != NULL && memcmp(dest, ¤t->Address, sizeof(struct in6_addr)) != 0)
continue;
send_ra(sock, iface, &(current->Address));
/* If we should only send the RA to a specific address, we are done */
if (dest != NULL)
return 0;
}
if (dest == NULL)
return 0;
/* If we refused a client's solicitation, log it if debugging is high enough */
if (get_debuglevel() >= 5) {
char address_text[INET6_ADDRSTRLEN] = { "" };
inet_ntop(AF_INET6, dest, address_text, INET6_ADDRSTRLEN);
dlog(LOG_DEBUG, 5, "Not answering request from %s, not configured", address_text);
}
return 0;
}
int
main(int argc, char *argv[])
{
unsigned char msg[MSG_SIZE];
char pidstr[16];
ssize_t ret;
int c, log_method;
char *logfile, *pidfile;
sigset_t oset, nset;
int facility, fd;
char *username = NULL;
char *chrootdir = NULL;
int singleprocess = 0;
#ifdef HAVE_GETOPT_LONG
int opt_idx;
#endif
/* BEGIN: Added by z67728, 2009/10/19 */
FILE * pidfp = NULL;
int pid = 0;
/* END: Added by z67728, 2009/10/19 */
/*start: 用于查询组件版本号(dns atpv),请不要修改或删除*/
/*if ((argc == 2) && (NULL != argv[1]) && (0 == strcmp(argv[1],ATP_VERSION_CMD_KEY)))
{
printf("\r\n%s.\n", RADVD_MODULE_VERSION);
exit(0);
}*/
/*end */
pname = ((pname=strrchr(argv[0],'/')) != NULL)?pname+1:argv[0];
srand((unsigned int)time(NULL));
log_method = L_STDERR_SYSLOG;
/*BEGIN PN:2071008409 l00170266 for var problem modify 20120725 */
#define RADVD_LOG (ROUTER_VARPATH_PREFIX "/radvd/radvd.log")
#define RADVD_CONF (ROUTER_VARPATH_PREFIX "/radvd/radvd.conf")
#define RADVD_PID (ROUTER_VARPATH_PREFIX "/radvd/radvd.pid")
logfile = RADVD_LOG;
conf_file = RADVD_CONF;
facility = LOG_FACILITY;
pidfile = RADVD_PID;
/*END PN:2071008409 l00170266 for var problem modify 20120725 */
/* parse args */
#ifdef HAVE_GETOPT_LONG
while ((c = getopt_long(argc, argv, "d:C:l:m:p:t:u:vhs", prog_opt, &opt_idx)) > 0)
#else
while ((c = getopt(argc, argv, "d:C:l:m:p:t:u:vhs")) > 0)
#endif
{
switch (c) {
case 'C':
conf_file = optarg;
break;
case 'd':
set_debuglevel(atoi(optarg));
break;
case 'f':
facility = atoi(optarg);
break;
case 'l':
logfile = optarg;
break;
case 'p':
pidfile = optarg;
break;
case 'm':
if (!strcmp(optarg, "syslog"))
{
log_method = L_SYSLOG;
}
else if (!strcmp(optarg, "stderr_syslog"))
{
log_method = L_STDERR_SYSLOG;
}
else if (!strcmp(optarg, "stderr"))
{
log_method = L_STDERR;
}
else if (!strcmp(optarg, "logfile"))
{
log_method = L_LOGFILE;
}
else if (!strcmp(optarg, "none"))
{
log_method = L_NONE;
}
else
{
fprintf(stderr, "%s: unknown log method: %s\n", pname, optarg);
exit(1);
}
break;
case 't':
chrootdir = strdup(optarg);
break;
case 'u':
username = strdup(optarg);
break;
case 'v':
/* BEGIN 3061302357 y00188255 2013-6-28 Modified */
//version();
printf("%s\n", RADVD_MODULE_VERSION);
printf("BUILTTIME is: %s %s\n",__DATE__,__TIME__);
exit(1);
/* END 3061302357 y00188255 2013-6-28 Modified */
break;
case 's':
singleprocess = 1;
break;
case 'h':
usage();
#ifdef HAVE_GETOPT_LONG
case ':':
fprintf(stderr, "%s: option %s: parameter expected\n", pname,
prog_opt[opt_idx].name);
exit(1);
#endif
case '?':
exit(1);
}
}
if (chrootdir) {
if (!username) {
fprintf(stderr, "Chroot as root is not safe, exiting\n");
exit(1);
}
if (chroot(chrootdir) == -1) {
perror("chroot");
exit (1);
}
if (chdir("/") == -1) {
perror("chdir");
exit (1);
}
/* username will be switched later */
}
if (log_open(log_method, pname, logfile, facility) < 0)
exit(1);
flog(LOG_INFO, "version %s started", VERSION);
/* get a raw socket for sending and receiving ICMPv6 messages */
sock = open_icmpv6_socket();
if (sock < 0)
exit(1);
#if 0
/* check that 'other' cannot write the file
* for non-root, also that self/own group can't either
*/
if (check_conffile_perm(username, conf_file) < 0) {
if (get_debuglevel() == 0)
exit(1);
else
flog(LOG_WARNING, "Insecure file permissions, but continuing anyway");
}
/* if we know how to do it, check whether forwarding is enabled */
if (check_ip6_forwarding()) {
if (get_debuglevel() == 0) {
flog(LOG_ERR, "IPv6 forwarding seems to be disabled, exiting");
exit(1);
}
else
flog(LOG_WARNING, "IPv6 forwarding seems to be disabled, but continuing anyway.");
}
#endif
/* parse config file */
if (readin_config(conf_file) < 0){
if ( 0 != unlink(pidfile) ){
printf("\r\n Delete %s meet error. error : %s .",pidfile,strerror(errno));
}
exit(1);
}
/* drop root privileges if requested. */
if (username) {
if (!singleprocess) {
dlog(LOG_DEBUG, 3, "Initializing privsep");
if (privsep_init() < 0)
flog(LOG_WARNING, "Failed to initialize privsep.");
}
if (drop_root_privileges(username) < 0)
exit(1);
}
#if 0
if ((fd = open(pidfile, O_RDONLY, 0)) > 0)
{
ret = read(fd, pidstr, sizeof(pidstr) - 1);
if (ret < 0)
{
flog(LOG_ERR, "cannot read radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
pidstr[ret] = '\0';
if (!kill((pid_t)atol(pidstr), 0))
{
flog(LOG_ERR, "radvd already running, terminating.");
exit(1);
}
close(fd);
fd = open(pidfile, O_CREAT|O_TRUNC|O_WRONLY, 0644);
}
else /* FIXME: not atomic if pidfile is on an NFS mounted volume */
fd = open(pidfile, O_CREAT|O_EXCL|O_WRONLY, 0644);
if (fd < 0)
{
flog(LOG_ERR, "cannot create radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
#endif
/*
* okay, config file is read in, socket and stuff is setup, so
* lets fork now...
*/
#if 0
if (get_debuglevel() == 0) {
/* Detach from controlling terminal */
if (daemon(0, 0) < 0)
perror("daemon");
/* close old logfiles, including stderr */
log_close();
/* reopen logfiles, but don't log to stderr unless explicitly requested */
if (log_method == L_STDERR_SYSLOG)
log_method = L_SYSLOG;
if (log_open(log_method, pname, logfile, facility) < 0)
exit(1);
}
#endif
/*
* config signal handlers, also make sure ALRM isn't blocked and raise a warning if so
* (some stupid scripts/pppd appears to do this...)
*/
sigemptyset(&nset);
sigaddset(&nset, SIGALRM);
sigprocmask(SIG_UNBLOCK, &nset, &oset);
if (sigismember(&oset, SIGALRM))
flog(LOG_WARNING, "SIGALRM has been unblocked. Your startup environment might be wrong.");
signal(SIGHUP, sighup_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGINT, sigint_handler);
/* BEGIN: Added by z67728, 2009/11/3 */
signal(SIGUSR1, sigdebug_handler);
signal(SIGUSR2, sigprefixchg_handler);
/* END: Added by z67728, 2009/11/3 */
#if 0
snprintf(pidstr, sizeof(pidstr), "%ld\n", (long)getpid());
write(fd, pidstr, strlen(pidstr));
close(fd);
#endif
/*BEGIN PN:2071008409 l00170266 for var problem modify 20120725 */
#define RADVD_READTEST (ROUTER_VARPATH_PREFIX "/radvd/readtest")
if ( 0 == access(RADVD_READTEST,F_OK) )
/*END PN:2071008409 l00170266 for var problem modify 20120725 */
{
/* Ready test */
g_iReadTestFlag = 1;
}
pid = getpid();
if ((pidfp = fopen(pidfile, "w")) != NULL) {
fwrite(&pid,1,4,pidfp);
fclose(pidfp);
}
config_interface();
kickoff_adverts();
/* enter loop */
for (;;)
{
int len = 0, hoplimit = 0;
struct sockaddr_in6 rcv_addr;
struct in6_pktinfo *pkt_info = NULL;
len = recv_rs_ra(sock, msg, &rcv_addr, &pkt_info, &hoplimit);
if (len > 0) {
process(sock, IfaceList, msg, len,
&rcv_addr, pkt_info, hoplimit);
}
if (sigterm_received || sigint_received) {
stop_adverts();
break;
}
if (sighup_received)
{
if ( 1 == g_iPrefixChgeFlag )
{
disable_oldprefix();
}
reload_config();
sighup_received = 0;
g_iPrefixChgeFlag = 0;
}
}
unlink(pidfile);
exit(0);
}
int
main(int argc, char *argv[])
{
unsigned char msg[MSG_SIZE];
char pidstr[16];
ssize_t ret;
int c, log_method;
char *logfile, *pidfile;
sigset_t oset, nset;
int facility, fd;
char *username = NULL;
char *chrootdir = NULL;
int singleprocess = 0;
#ifdef HAVE_GETOPT_LONG
int opt_idx;
#endif
pname = ((pname=strrchr(argv[0],'/')) != NULL)?pname+1:argv[0];
srand((unsigned int)time(NULL));
log_method = L_STDERR_SYSLOG;
logfile = PATH_RADVD_LOG;
conf_file = PATH_RADVD_CONF;
facility = LOG_FACILITY;
pidfile = PATH_RADVD_PID;
/* parse args */
#ifdef HAVE_GETOPT_LONG
/* Add option to show advertise real lifetime */
/* while ((c = getopt_long(argc, argv, "d:C:l:m:p:t:u:vhs", prog_opt, &opt_idx)) > 0) */
while ((c = getopt_long(argc, argv, "d:C:l:m:p:t:u:vhsD", prog_opt, &opt_idx)) > 0)
#else
/* Add option to show advertise real lifetime */
/* while ((c = getopt(argc, argv, "d:C:l:m:p:t:u:vhs")) > 0) */
while ((c = getopt(argc, argv, "d:C:l:m:p:t:u:vhsD")) > 0)
#endif
{
switch (c) {
case 'C':
conf_file = optarg;
break;
case 'd':
set_debuglevel(atoi(optarg));
break;
case 'f':
facility = atoi(optarg);
break;
case 'l':
logfile = optarg;
break;
case 'p':
pidfile = optarg;
break;
case 'm':
if (!strcmp(optarg, "syslog"))
{
log_method = L_SYSLOG;
}
else if (!strcmp(optarg, "stderr_syslog"))
{
log_method = L_STDERR_SYSLOG;
}
else if (!strcmp(optarg, "stderr"))
{
log_method = L_STDERR;
}
else if (!strcmp(optarg, "logfile"))
{
log_method = L_LOGFILE;
}
else if (!strcmp(optarg, "none"))
{
log_method = L_NONE;
}
else
{
fprintf(stderr, "%s: unknown log method: %s\n", pname, optarg);
exit(1);
}
break;
case 't':
chrootdir = strdup(optarg);
break;
case 'u':
username = strdup(optarg);
break;
case 'v':
version();
break;
case 's':
singleprocess = 1;
break;
/* Add option to show advertise dynamic lifetime */
case 'D':
use_dynamic_lifetime = 1;
break;
case 'h':
usage();
#ifdef HAVE_GETOPT_LONG
case ':':
fprintf(stderr, "%s: option %s: parameter expected\n", pname,
prog_opt[opt_idx].name);
exit(1);
#endif
case '?':
exit(1);
}
}
if (chrootdir) {
if (!username) {
fprintf(stderr, "Chroot as root is not safe, exiting\n");
exit(1);
}
if (chroot(chrootdir) == -1) {
perror("chroot");
exit (1);
}
if (chdir("/") == -1) {
perror("chdir");
exit (1);
}
/* username will be switched later */
}
if (log_open(log_method, pname, logfile, facility) < 0)
exit(1);
flog(LOG_INFO, "version %s started", VERSION);
/* get a raw socket for sending and receiving ICMPv6 messages */
sock = open_icmpv6_socket();
if (sock < 0)
exit(1);
/* check that 'other' cannot write the file
* for non-root, also that self/own group can't either
*/
if (check_conffile_perm(username, conf_file) < 0) {
if (get_debuglevel() == 0)
exit(1);
else
flog(LOG_WARNING, "Insecure file permissions, but continuing anyway");
}
/* if we know how to do it, check whether forwarding is enabled */
if (check_ip6_forwarding()) {
if (get_debuglevel() == 0) {
flog(LOG_ERR, "IPv6 forwarding seems to be disabled, exiting");
exit(1);
}
else
flog(LOG_WARNING, "IPv6 forwarding seems to be disabled, but continuing anyway.");
}
/* parse config file */
if (readin_config(conf_file) < 0)
exit(1);
/* drop root privileges if requested. */
if (username) {
if (!singleprocess) {
dlog(LOG_DEBUG, 3, "Initializing privsep");
if (privsep_init() < 0)
flog(LOG_WARNING, "Failed to initialize privsep.");
}
if (drop_root_privileges(username) < 0)
exit(1);
}
if ((fd = open(pidfile, O_RDONLY, 0)) > 0)
{
ret = read(fd, pidstr, sizeof(pidstr) - 1);
if (ret < 0)
{
flog(LOG_ERR, "cannot read radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
pidstr[ret] = '\0';
if (!kill((pid_t)atol(pidstr), 0))
{
flog(LOG_ERR, "radvd already running, terminating.");
exit(1);
}
close(fd);
fd = open(pidfile, O_CREAT|O_TRUNC|O_WRONLY, 0644);
}
else /* FIXME: not atomic if pidfile is on an NFS mounted volume */
fd = open(pidfile, O_CREAT|O_EXCL|O_WRONLY, 0644);
if (fd < 0)
{
flog(LOG_ERR, "cannot create radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
/*
* okay, config file is read in, socket and stuff is setup, so
* lets fork now...
*/
if (get_debuglevel() == 0) {
/* Detach from controlling terminal */
if (daemon(0, 0) < 0)
perror("daemon");
/* close old logfiles, including stderr */
log_close();
/* reopen logfiles, but don't log to stderr unless explicitly requested */
if (log_method == L_STDERR_SYSLOG)
log_method = L_SYSLOG;
if (log_open(log_method, pname, logfile, facility) < 0)
exit(1);
}
/*
* config signal handlers, also make sure ALRM isn't blocked and raise a warning if so
* (some stupid scripts/pppd appears to do this...)
*/
sigemptyset(&nset);
sigaddset(&nset, SIGALRM);
sigprocmask(SIG_UNBLOCK, &nset, &oset);
if (sigismember(&oset, SIGALRM))
flog(LOG_WARNING, "SIGALRM has been unblocked. Your startup environment might be wrong.");
signal(SIGHUP, sighup_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGINT, sigint_handler);
signal(SIGUSR1, sigusr1_handler);
snprintf(pidstr, sizeof(pidstr), "%ld\n", (long)getpid());
write(fd, pidstr, strlen(pidstr));
close(fd);
config_interface();
/* Record the time for first advertisement */
set_initial_advert_time();
kickoff_adverts();
/* enter loop */
for (;;)
{
int len, hoplimit;
struct sockaddr_in6 rcv_addr;
struct in6_pktinfo *pkt_info = NULL;
len = recv_rs_ra(sock, msg, &rcv_addr, &pkt_info, &hoplimit);
if (len > 0)
process(sock, IfaceList, msg, len,
&rcv_addr, pkt_info, hoplimit);
if (sigterm_received || sigint_received) {
stop_adverts();
/* WNR3500L TD192, Per Netgear spec,
* need to send RA for 3 times before termination.
*/
usleep(200000);
stop_adverts();
usleep(200000);
stop_adverts();
break;
}
if (sighup_received)
{
reload_config();
sighup_received = 0;
}
/* Reset the initial advertisement time to now */
/* This should happen after a successful IADP renew */
if (sigusr1_received)
{
set_initial_advert_time();
sigusr1_received = 0;
}
}
unlink(pidfile);
exit(0);
}
int
main(int argc, char *argv[])
{
char pidstr[16];
ssize_t ret;
int c, log_method;
char *logfile, *pidfile;
int facility, fd;
char *username = NULL;
char *chrootdir = NULL;
int configtest = 0;
int singleprocess = 0;
#ifdef HAVE_GETOPT_LONG
int opt_idx;
#endif
pname = ((pname=strrchr(argv[0],'/')) != NULL)?pname+1:argv[0];
srand((unsigned int)time(NULL));
log_method = L_STDERR_SYSLOG;
logfile = PATH_RADVD_LOG;
conf_file = PATH_RADVD_CONF;
facility = LOG_FACILITY;
pidfile = PATH_RADVD_PID;
/* parse args */
#define OPTIONS_STR "d:C:l:m:p:t:u:vhcs"
#ifdef HAVE_GETOPT_LONG
while ((c = getopt_long(argc, argv, OPTIONS_STR, prog_opt, &opt_idx)) > 0)
#else
while ((c = getopt(argc, argv, OPTIONS_STR)) > 0)
#endif
{
switch (c) {
case 'C':
conf_file = optarg;
break;
case 'd':
set_debuglevel(atoi(optarg));
break;
case 'f':
facility = atoi(optarg);
break;
case 'l':
logfile = optarg;
break;
case 'p':
pidfile = optarg;
break;
case 'm':
if (!strcmp(optarg, "syslog"))
{
log_method = L_SYSLOG;
}
else if (!strcmp(optarg, "stderr_syslog"))
{
log_method = L_STDERR_SYSLOG;
}
else if (!strcmp(optarg, "stderr"))
{
log_method = L_STDERR;
}
else if (!strcmp(optarg, "logfile"))
{
log_method = L_LOGFILE;
}
else if (!strcmp(optarg, "none"))
{
log_method = L_NONE;
}
else
{
fprintf(stderr, "%s: unknown log method: %s\n", pname, optarg);
exit(1);
}
break;
case 't':
chrootdir = strdup(optarg);
break;
case 'u':
username = strdup(optarg);
break;
case 'v':
version();
break;
case 'c':
configtest = 1;
break;
case 's':
singleprocess = 1;
break;
case 'h':
usage();
#ifdef HAVE_GETOPT_LONG
case ':':
fprintf(stderr, "%s: option %s: parameter expected\n", pname,
prog_opt[opt_idx].name);
exit(1);
#endif
case '?':
exit(1);
}
}
if (chrootdir) {
if (!username) {
fprintf(stderr, "Chroot as root is not safe, exiting\n");
exit(1);
}
if (chroot(chrootdir) == -1) {
perror("chroot");
exit (1);
}
if (chdir("/") == -1) {
perror("chdir");
exit (1);
}
/* username will be switched later */
}
if (configtest) {
log_method = L_STDERR;
}
if (log_open(log_method, pname, logfile, facility) < 0) {
perror("log_open");
exit(1);
}
if (!configtest) {
flog(LOG_INFO, "version %s started", VERSION);
}
/* get a raw socket for sending and receiving ICMPv6 messages */
sock = open_icmpv6_socket();
if (sock < 0) {
perror("open_icmpv6_socket");
exit(1);
}
/* check that 'other' cannot write the file
* for non-root, also that self/own group can't either
*/
if (check_conffile_perm(username, conf_file) < 0) {
if (get_debuglevel() == 0) {
flog(LOG_ERR, "Exiting, permissions on conf_file invalid.\n");
exit(1);
}
else
flog(LOG_WARNING, "Insecure file permissions, but continuing anyway");
}
/* if we know how to do it, check whether forwarding is enabled */
if (check_ip6_forwarding()) {
flog(LOG_WARNING, "IPv6 forwarding seems to be disabled, but continuing anyway.");
}
/* parse config file */
if (readin_config(conf_file) < 0) {
flog(LOG_ERR, "Exiting, failed to read config file.\n");
exit(1);
}
if (configtest) {
fprintf(stderr, "Syntax OK\n");
exit(0);
}
/* drop root privileges if requested. */
if (username) {
if (!singleprocess) {
dlog(LOG_DEBUG, 3, "Initializing privsep");
if (privsep_init() < 0)
flog(LOG_WARNING, "Failed to initialize privsep.");
}
if (drop_root_privileges(username) < 0) {
perror("drop_root_privileges");
exit(1);
}
}
if ((fd = open(pidfile, O_RDONLY, 0)) > 0)
{
ret = read(fd, pidstr, sizeof(pidstr) - 1);
if (ret < 0)
{
flog(LOG_ERR, "cannot read radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
pidstr[ret] = '\0';
if (!kill((pid_t)atol(pidstr), 0))
{
flog(LOG_ERR, "radvd already running, terminating.");
exit(1);
}
close(fd);
fd = open(pidfile, O_CREAT|O_TRUNC|O_WRONLY, 0644);
}
else /* FIXME: not atomic if pidfile is on an NFS mounted volume */
fd = open(pidfile, O_CREAT|O_EXCL|O_WRONLY, 0644);
if (fd < 0)
{
flog(LOG_ERR, "cannot create radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
/*
* okay, config file is read in, socket and stuff is setup, so
* lets fork now...
*/
if (get_debuglevel() == 0) {
/* Detach from controlling terminal */
if (daemon(0, 0) < 0)
perror("daemon");
/* close old logfiles, including stderr */
log_close();
/* reopen logfiles, but don't log to stderr unless explicitly requested */
if (log_method == L_STDERR_SYSLOG)
log_method = L_SYSLOG;
if (log_open(log_method, pname, logfile, facility) < 0) {
perror("log_open");
exit(1);
}
}
/*
* config signal handlers
*/
signal(SIGHUP, sighup_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGINT, sigint_handler);
signal(SIGUSR1, sigusr1_handler);
snprintf(pidstr, sizeof(pidstr), "%ld\n", (long)getpid());
ret = write(fd, pidstr, strlen(pidstr));
if (ret != strlen(pidstr))
{
flog(LOG_ERR, "cannot write radvd pid file, terminating: %s", strerror(errno));
exit(1);
}
close(fd);
config_interface();
kickoff_adverts();
main_loop();
stop_adverts();
unlink(pidfile);
return 0;
}
void
print_ra(unsigned char *msg, int len, struct sockaddr_in6 *addr, int hoplimit, int if_index)
{
struct nd_router_advert *radvert;
char addr_str[INET6_ADDRSTRLEN];
uint8_t *opt_str;
int i;
char if_name[IFNAMSIZ];
if (get_debuglevel() > 2)
{
int j;
char hd[64];
dlog(LOG_DEBUG, 3, "Hexdump of packet (length %d):", len);
for (j = 0; j < len; j++)
{
sprintf(hd+3*(j%16), "%02X ", (unsigned int) msg[j]);
if (!((j+1)%16) || (j+1) == len)
{
dlog(LOG_DEBUG, 3, hd);
}
}
dlog(LOG_DEBUG, 4, "Hexdump printed");
}
print_addr(&addr->sin6_addr, addr_str);
printf("Router advertisement from %s (hoplimit %d)\n", addr_str, hoplimit);
if_indextoname(if_index, if_name);
printf("Received by interface %s\n", if_name);
radvert = (struct nd_router_advert *) msg;
printf("\t# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump\n");
printf("\tAdvCurHopLimit: %d\n", (int) radvert->nd_ra_curhoplimit);
printf("\tAdvManagedFlag: %s\n",
(radvert->nd_ra_flags_reserved & ND_RA_FLAG_MANAGED)?"on":"off");
printf("\tAdvOtherConfigFlag: %s\n",
(radvert->nd_ra_flags_reserved & ND_RA_FLAG_OTHER)?"on":"off");
/* Mobile IPv6 ext */
printf("\tAdvHomeAgentFlag: %s\n",
(radvert->nd_ra_flags_reserved & ND_RA_FLAG_HOME_AGENT)?"on":"off");
printf("\tAdvReachableTime: %lu\n", (unsigned long)ntohl(radvert->nd_ra_reachable));
printf("\tAdvRetransTimer: %lu\n", (unsigned long)ntohl(radvert->nd_ra_retransmit));
len -= sizeof(struct nd_router_advert);
if (len == 0)
return;
opt_str = (uint8_t *)(msg + sizeof(struct nd_router_advert));
while (len > 0)
{
int optlen;
struct nd_opt_prefix_info *pinfo;
struct nd_opt_mtu *mtu;
struct AdvInterval *a_ival;
struct HomeAgentInfo *ha_info;
char prefix_str[INET6_ADDRSTRLEN];
if (len < 2)
{
log(LOG_ERR, "trailing garbage in RA from %s",
addr_str);
break;
}
optlen = (opt_str[1] << 3);
dlog(LOG_DEBUG,4, "option type %d, length %d", (int)*opt_str,
optlen);
if (optlen == 0)
{
log(LOG_ERR, "zero length option in RA");
break;
}
else if (optlen > len)
{
log(LOG_ERR, "option length greater than total"
" length in RA (type %d, optlen %d, len %d)",
(int)*opt_str, optlen, len);
break;
}
switch (*opt_str)
{
case ND_OPT_MTU:
mtu = (struct nd_opt_mtu *)opt_str;
printf("\tAdvLinkMTU: %lu\n", (unsigned long)ntohl(mtu->nd_opt_mtu_mtu));
break;
case ND_OPT_PREFIX_INFORMATION:
pinfo = (struct nd_opt_prefix_info *) opt_str;
print_addr(&pinfo->nd_opt_pi_prefix, prefix_str);
printf("\tPrefix %s/%d\n", prefix_str, pinfo->nd_opt_pi_prefix_len);
if (ntohl(pinfo->nd_opt_pi_valid_time) == 0xffffffff)
{
printf("\t\tAdvValidLifetime: infinity (0xffffffff)\n");
}
else
{
printf("\t\tAdvValidLifetime: %lu\n", (unsigned long) ntohl(pinfo->nd_opt_pi_valid_time));
}
if (ntohl(pinfo->nd_opt_pi_preferred_time) == 0xffffffff)
{
printf("\t\tAdvPreferredLifetime: infinity (0xffffffff)\n");
}
else
{
printf("\t\tAdvPreferredLifetime: %lu\n", (unsigned long) ntohl(pinfo->nd_opt_pi_preferred_time));
}
printf("\t\tAdvOnLink: %s\n",
(pinfo->nd_opt_pi_flags_reserved & ND_OPT_PI_FLAG_ONLINK)?"on":"off");
printf("\t\tAdvAutonomous: %s\n",
(pinfo->nd_opt_pi_flags_reserved & ND_OPT_PI_FLAG_AUTO)?"on":"off");
/* Mobile IPv6 ext */
printf("\t\tAdvRouterAddr: %s\n",
(pinfo->nd_opt_pi_flags_reserved & ND_OPT_PI_FLAG_RADDR)?"on":"off");
break;
case ND_OPT_SOURCE_LINKADDR:
printf("\tAdvSourceLLAddress: ");
for (i = 2; i < optlen; i++)
{
printf("%02X ", (unsigned int) opt_str[i]);
}
printf("\n");
break;
/* Mobile IPv6 ext */
case ND_OPT_RTR_ADV_INTERVAL:
a_ival = (struct AdvInterval *)opt_str;
printf("\tAdvIntervalOpt:\n");
printf("\t\tAdvInterval: %lu", (unsigned long)ntohl(a_ival->adv_ival) / 1000);
printf("\n");
break;
/* Mobile IPv6 ext */
case ND_OPT_HOME_AGENT_INFO:
ha_info = (struct HomeAgentInfo *)opt_str;
printf("\tAdvHomeAgentInfo:\n");
printf("\t\tHomeAgentPreference: %hu", (unsigned short)ntohs(ha_info->preference));
printf("\n");
printf("\t\tHomeAgentLifetime: %hu", (unsigned short)ntohs(ha_info->lifetime));
printf("\n");
break;
case ND_OPT_TARGET_LINKADDR:
case ND_OPT_REDIRECTED_HEADER:
log(LOG_ERR, "invalid option %d in RA", (int)*opt_str);
break;
default:
dlog(LOG_DEBUG, 1, "unknown option %d in RA",
(int)*opt_str);
break;
}
len -= optlen;
opt_str += optlen;
}
fflush(stdout);
}
int main(int argc, char *argv[])
{
int c;
int log_method = L_STDERR_SYSLOG;
char *logfile = PATH_RADVD_LOG;
int facility = LOG_FACILITY;
char *username = NULL;
char *chrootdir = NULL;
int configtest = 0;
int daemonize = 1;
char const *pname = ((pname = strrchr(argv[0], '/')) != NULL) ? pname + 1 : argv[0];
srand((unsigned int)time(NULL));
char const *conf_path = PATH_RADVD_CONF;
char const *daemon_pid_file_ident = PATH_RADVD_PID;
/* parse args */
#define OPTIONS_STR "d:C:l:m:p:t:u:vhcn"
#ifdef HAVE_GETOPT_LONG
int opt_idx;
while ((c = getopt_long(argc, argv, OPTIONS_STR, prog_opt, &opt_idx)) > 0)
#else
while ((c = getopt(argc, argv, OPTIONS_STR)) > 0)
#endif
{
switch (c) {
case 'C':
conf_path = optarg;
break;
case 'd':
set_debuglevel(atoi(optarg));
break;
case 'f':
facility = atoi(optarg);
break;
case 'l':
logfile = optarg;
break;
case 'p':
daemon_pid_file_ident = optarg;
break;
case 'm':
if (!strcmp(optarg, "syslog")) {
log_method = L_SYSLOG;
} else if (!strcmp(optarg, "stderr_syslog")) {
log_method = L_STDERR_SYSLOG;
} else if (!strcmp(optarg, "stderr")) {
log_method = L_STDERR;
} else if (!strcmp(optarg, "logfile")) {
log_method = L_LOGFILE;
} else if (!strcmp(optarg, "none")) {
log_method = L_NONE;
} else {
fprintf(stderr, "%s: unknown log method: %s\n", pname, optarg);
exit(1);
}
break;
case 't':
chrootdir = strdup(optarg);
break;
case 'u':
username = strdup(optarg);
break;
case 'v':
version();
break;
case 'c':
configtest = 1;
break;
case 'n':
daemonize = 0;
break;
case 'h':
usage(pname);
#ifdef HAVE_GETOPT_LONG
case ':':
fprintf(stderr, "%s: option %s: parameter expected\n", pname, prog_opt[opt_idx].name);
exit(1);
#endif
case '?':
exit(1);
}
}
/* TODO: Seems like this chroot'ing should happen *after* daemonizing for
* the sake of the PID file. */
if (chrootdir) {
if (!username) {
fprintf(stderr, "Chroot as root is not safe, exiting\n");
exit(1);
}
if (chroot(chrootdir) == -1) {
perror("chroot");
exit(1);
}
if (chdir("/") == -1) {
perror("chdir");
exit(1);
}
/* username will be switched later */
}
if (configtest) {
set_debuglevel(1);
log_method = L_STDERR;
}
if (log_open(log_method, pname, logfile, facility) < 0) {
perror("log_open");
exit(1);
}
if (!configtest) {
flog(LOG_INFO, "version %s started", VERSION);
}
/* check that 'other' cannot write the file
* for non-root, also that self/own group can't either
*/
if (check_conffile_perm(username, conf_path) != 0) {
if (get_debuglevel() == 0) {
flog(LOG_ERR, "exiting, permissions on conf_file invalid");
exit(1);
} else
flog(LOG_WARNING, "Insecure file permissions, but continuing anyway");
}
/* parse config file */
struct Interface *ifaces = NULL;
if ((ifaces = readin_config(conf_path)) == 0) {
flog(LOG_ERR, "exiting, failed to read config file");
exit(1);
}
if (configtest) {
free_ifaces(ifaces);
exit(0);
}
/* get a raw socket for sending and receiving ICMPv6 messages */
int sock = open_icmpv6_socket();
if (sock < 0) {
perror("open_icmpv6_socket");
exit(1);
}
/* if we know how to do it, check whether forwarding is enabled */
if (check_ip6_forwarding()) {
flog(LOG_WARNING, "IPv6 forwarding seems to be disabled, but continuing anyway");
}
int const pidfd = open_and_lock_pid_file(daemon_pid_file_ident);
/*
* okay, config file is read in, socket and stuff is setup, so
* lets fork now...
*/
if (daemonize) {
pid_t pid = do_daemonize(log_method, daemon_pid_file_ident);
if (pid != 0 && pid != -1) {
/* We want to see clean output from valgrind, so free username, chrootdir,
* and ifaces in the child process. */
if (ifaces)
free_ifaces(ifaces);
if (username)
free(username);
if (chrootdir)
free(chrootdir);
exit(0);
}
} else {
if (0 != write_pid_file(daemon_pid_file_ident, getpid())) {
flog(LOG_ERR, "failure writing pid file detected");
exit(-1);
}
}
check_pid_file(daemon_pid_file_ident);
#ifdef __linux__
/* for privsep */ {
dlog(LOG_DEBUG, 3, "initializing privsep");
int pipefds[2];
if (pipe(pipefds) != 0) {
flog(LOG_ERR, "Couldn't create privsep pipe.");
return -1;
}
pid_t pid = fork();
if (pid == -1) {
flog(LOG_ERR, "Couldn't fork for privsep.");
return -1;
}
if (pid == 0) {
/* We want to see clean output from valgrind, so free username, chrootdir,
* and ifaces in the child process. */
if (ifaces)
free_ifaces(ifaces);
if (username)
free(username);
if (chrootdir)
free(chrootdir);
close(pipefds[1]);
privsep_init(pipefds[0]);
_exit(0);
}
dlog(LOG_DEBUG, 3, "radvd privsep PID is %d", pid);
/* Continue execution (will drop privileges soon) */
close(pipefds[0]);
privsep_set_write_fd(pipefds[1]);
}
#endif
if (username) {
if (drop_root_privileges(username) < 0) {
perror("drop_root_privileges");
flog(LOG_ERR, "unable to drop root privileges");
exit(1);
}
dlog(LOG_DEBUG, 3, "running as user: %s", username);
}
setup_ifaces(sock, ifaces);
ifaces = main_loop(sock, ifaces, conf_path);
stop_adverts(sock, ifaces);
flog(LOG_INFO, "removing %s", daemon_pid_file_ident);
unlink(daemon_pid_file_ident);
close(pidfd);
if (ifaces)
free_ifaces(ifaces);
if (chrootdir)
free(chrootdir);
if (username)
free(username);
flog(LOG_INFO, "returning from radvd main");
log_close();
return 0;
}
