1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * BSD interface driver for dhcpcd
4 * Copyright (c) 2006-2021 Roy Marples <roy@marples.name>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/ioctl.h>
30 #include <sys/param.h>
31 #include <sys/socket.h>
33 #include <sys/sysctl.h>
35 #include <sys/types.h>
37 #include <sys/utsname.h>
41 #include <arpa/inet.h>
44 #include <net/if_dl.h>
45 #include <net/if_media.h>
46 #include <net/route.h>
47 #include <netinet/if_ether.h>
48 #include <netinet/in.h>
49 #include <netinet/in_var.h>
50 #include <netinet6/in6_var.h>
51 #include <netinet6/nd6.h>
53 #include <net/if_vlanvar.h> /* Needs netinet/if_ether.h */
54 #elif defined(__DragonFly__)
55 #include <net/vlan/if_vlan_var.h>
57 #include <net/if_vlan_var.h>
60 # include <netproto/802_11/ieee80211_ioctl.h>
62 # include <net80211/ieee80211.h>
63 # include <net80211/ieee80211_ioctl.h>
77 #if defined(OpenBSD) && OpenBSD >= 201411
78 /* OpenBSD dropped the global setting from sysctl but left the #define
79 * which causes a EPERM error when trying to use it.
80 * I think both the error and keeping the define are wrong, so we #undef it. */
81 #undef IPV6CTL_ACCEPT_RTADV
87 #include "if-options.h"
98 #define RT_ROUNDUP(a) \
99 ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
100 #define RT_ADVANCE(x, n) (x += RT_ROUNDUP((n)->sa_len))
103 /* Ignore these interface names which look like ethernet but are virtual or
104 * just won't work without explicit configuration. */
105 static const char * const ifnames_ignore[] = {
107 "fwe", /* Firewire */
108 "fwip", /* Firewire */
111 "xvif", /* XEN DOM0 -> guest interface */
121 struct rt_msghdr hdr;
122 char buffer[sizeof(struct sockaddr_storage) * RTAX_MAX];
132 if_init(__unused struct interface *iface)
134 /* BSD promotes secondary address by default */
139 if_conf(__unused struct interface *iface)
141 /* No extra checks needed on BSD */
146 if_opensockets_os(struct dhcpcd_ctx *ctx)
150 #if defined(RO_MSGFILTER) || defined(ROUTE_MSGFILTER)
151 unsigned char msgfilter[] = {
153 #ifdef RTM_IFANNOUNCE
156 RTM_ADD, RTM_CHANGE, RTM_DELETE, RTM_MISS,
160 RTM_NEWADDR, RTM_DELADDR
162 #ifdef ROUTE_MSGFILTER
163 unsigned int i, msgfilter_mask;
167 if ((priv = malloc(sizeof(*priv))) == NULL)
172 priv->pf_inet6_fd = xsocket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
173 #ifdef PRIVSEP_RIGHTS
175 ps_rights_limit_ioctl(priv->pf_inet6_fd);
177 /* Don't return an error so we at least work on kernels witout INET6
178 * even though we expect INET6 support.
179 * We will fail noisily elsewhere anyway. */
181 priv->pf_inet6_fd = -1;
184 ctx->link_fd = xsocket(PF_ROUTE, SOCK_RAW | SOCK_CXNB, AF_UNSPEC);
185 if (ctx->link_fd == -1)
190 if (setsockopt(ctx->link_fd, SOL_SOCKET, SO_RERROR, &n,sizeof(n)) == -1)
191 logerr("%s: SO_RERROR", __func__);
194 /* Ignore our own route(4) messages.
195 * Sadly there is no way of doing this for route(4) messages
196 * generated from addresses we add/delete. */
198 if (setsockopt(ctx->link_fd, SOL_SOCKET, SO_USELOOPBACK,
199 &n, sizeof(n)) == -1)
200 logerr("%s: SO_USELOOPBACK", __func__);
202 #if defined(RO_MSGFILTER)
203 if (setsockopt(ctx->link_fd, PF_ROUTE, RO_MSGFILTER,
204 &msgfilter, sizeof(msgfilter)) == -1)
206 #elif defined(ROUTE_MSGFILTER)
207 /* Convert the array into a bitmask. */
209 for (i = 0; i < __arraycount(msgfilter); i++)
210 msgfilter_mask |= ROUTE_FILTER(msgfilter[i]);
211 if (setsockopt(ctx->link_fd, PF_ROUTE, ROUTE_MSGFILTER,
212 &msgfilter_mask, sizeof(msgfilter_mask)) == -1)
215 #warning kernel does not support route message filtering
218 #ifdef PRIVSEP_RIGHTS
219 /* We need to getsockopt for SO_RCVBUF and
220 * setsockopt for RO_MISSFILTER. */
222 ps_rights_limit_fd_sockopt(ctx->link_fd);
229 if_closesockets_os(struct dhcpcd_ctx *ctx)
233 priv = (struct priv *)ctx->priv;
234 if (priv->pf_inet6_fd != -1)
235 close(priv->pf_inet6_fd);
238 free(ctx->rt_missfilter);
241 #if defined(SIOCALIFADDR) && defined(IFLR_ACTIVE) /*NetBSD */
243 if_ioctllink(struct dhcpcd_ctx *ctx, unsigned long req, void *data, size_t len)
249 if (ctx->options & DHCPCD_PRIVSEP)
250 return (int)ps_root_ioctllink(ctx, req, data, len);
255 s = socket(PF_LINK, SOCK_DGRAM, 0);
258 retval = ioctl(s, req, data, len);
265 if_setmac(struct interface *ifp, void *mac, uint8_t maclen)
268 if (ifp->hwlen != maclen) {
273 #if defined(SIOCALIFADDR) && defined(IFLR_ACTIVE) /*NetBSD */
274 struct if_laddrreq iflr = { .flags = IFLR_ACTIVE };
275 struct sockaddr_dl *sdl = satosdl(&iflr.addr);
278 strlcpy(iflr.iflr_name, ifp->name, sizeof(iflr.iflr_name));
279 sdl->sdl_family = AF_LINK;
280 sdl->sdl_len = sizeof(*sdl);
281 sdl->sdl_alen = maclen;
282 memcpy(LLADDR(sdl), mac, maclen);
283 retval = if_ioctllink(ifp->ctx, SIOCALIFADDR, &iflr, sizeof(iflr));
285 /* Try and remove the old address */
286 memcpy(LLADDR(sdl), ifp->hwaddr, ifp->hwlen);
287 if_ioctllink(ifp->ctx, SIOCDLIFADDR, &iflr, sizeof(iflr));
292 .ifr_addr.sa_family = AF_LINK,
293 .ifr_addr.sa_len = maclen,
296 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
297 memcpy(ifr.ifr_addr.sa_data, mac, maclen);
298 return if_ioctl(ifp->ctx, SIOCSIFLLADDR, &ifr, sizeof(ifr));
303 if_ignore1(const char *drvname)
305 const char * const *p;
307 for (p = ifnames_ignore; *p; p++) {
308 if (strcmp(*p, drvname) == 0)
316 if_ignoregroup(int s, const char *ifname)
318 struct ifgroupreq ifgr = { .ifgr_len = 0 };
322 /* Sadly it is possible to remove the device name
323 * from the interface groups, but hopefully this
324 * will be very unlikely.... */
326 strlcpy(ifgr.ifgr_name, ifname, sizeof(ifgr.ifgr_name));
327 if (ioctl(s, SIOCGIFGROUP, &ifgr) == -1 ||
328 (ifgr.ifgr_groups = malloc(ifgr.ifgr_len)) == NULL ||
329 ioctl(s, SIOCGIFGROUP, &ifgr) == -1)
335 for (ifg = ifgr.ifgr_groups, ifg_len = ifgr.ifgr_len;
336 ifg && ifg_len >= sizeof(*ifg);
337 ifg++, ifg_len -= sizeof(*ifg))
339 if (if_ignore1(ifg->ifgrq_group))
347 if_ignore(struct dhcpcd_ctx *ctx, const char *ifname)
351 if (if_nametospec(ifname, &spec) != 0)
354 if (if_ignore1(spec.drvname))
358 #if defined(PRIVSEP) && defined(HAVE_PLEDGE)
360 return ps_root_ifignoregroup(ctx, ifname) == 1 ? true : false;
363 return if_ignoregroup(ctx->pf_inet_fd, ifname) == 1 ?
371 static int if_indirect_ioctl(struct dhcpcd_ctx *ctx,
372 const char *ifname, unsigned long cmd, void *data, size_t len)
374 struct ifreq ifr = { .ifr_flags = 0 };
376 #if defined(PRIVSEP) && (defined(HAVE_CAPSICUM) || defined(HAVE_PLEDGE))
378 return (int)ps_root_indirectioctl(ctx, cmd, ifname, data, len);
383 strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
385 return ioctl(ctx->pf_inet_fd, cmd, &ifr);
389 if_carrier(struct interface *ifp, const void *ifadata)
391 const struct if_data *ifi = ifadata;
394 * Every BSD returns this and it is the sole source of truth.
395 * Not all BSD's support SIOCGIFDATA and not all interfaces
396 * support SIOCGIFMEDIA.
398 assert(ifadata != NULL);
400 if (ifi->ifi_link_state >= LINK_STATE_UP)
402 if (ifi->ifi_link_state == LINK_STATE_UNKNOWN) {
404 * Work around net80211 issues in some BSDs.
405 * Wireless MUST support link state change.
415 if_roaming(struct interface *ifp)
418 /* Check for NetBSD as a safety measure.
419 * If other BSD's gain IN_IFF_TENTATIVE check they re-do DAD
420 * when the carrier comes up again. */
421 #if defined(IN_IFF_TENTATIVE) && defined(__NetBSD__)
422 return ifp->flags & IFF_UP && ifp->carrier == LINK_DOWN;
430 if_linkaddr(struct sockaddr_dl *sdl, const struct interface *ifp)
433 memset(sdl, 0, sizeof(*sdl));
434 sdl->sdl_family = AF_LINK;
435 sdl->sdl_len = sizeof(*sdl);
436 sdl->sdl_nlen = sdl->sdl_alen = sdl->sdl_slen = 0;
437 sdl->sdl_index = (unsigned short)ifp->index;
441 if_getssid1(struct dhcpcd_ctx *ctx, const char *ifname, void *ssid)
444 #if defined(SIOCG80211NWID)
445 struct ieee80211_nwid nwid;
446 #elif defined(IEEE80211_IOC_SSID)
447 struct ieee80211req ireq;
448 char nwid[IEEE80211_NWID_LEN];
451 #if defined(SIOCG80211NWID) /* NetBSD */
452 memset(&nwid, 0, sizeof(nwid));
453 if (if_indirect_ioctl(ctx, ifname, SIOCG80211NWID,
454 &nwid, sizeof(nwid)) == 0)
458 else if (nwid.i_len > IF_SSIDLEN)
462 memcpy(ssid, nwid.i_nwid, nwid.i_len);
465 #elif defined(IEEE80211_IOC_SSID) /* FreeBSD */
466 memset(&ireq, 0, sizeof(ireq));
467 strlcpy(ireq.i_name, ifname, sizeof(ireq.i_name));
468 ireq.i_type = IEEE80211_IOC_SSID;
470 memset(nwid, 0, sizeof(nwid));
472 if (ioctl(ctx->pf_inet_fd, SIOCG80211, &ireq) == 0) {
475 else if (ireq.i_len > IF_SSIDLEN)
479 memcpy(ssid, nwid, ireq.i_len);
490 if_getssid(struct interface *ifp)
494 r = if_getssid1(ifp->ctx, ifp->name, ifp->ssid);
496 ifp->ssid_len = (unsigned int)r;
499 ifp->ssid[ifp->ssid_len] = '\0';
504 * FreeBSD allows for Virtual Access Points
505 * We need to check if the interface is a Virtual Interface Master
506 * and if so, don't use it.
507 * This check is made by virtue of being a IEEE80211 device but
508 * returning the SSID gives an error.
511 if_vimaster(struct dhcpcd_ctx *ctx, const char *ifname)
514 struct ifmediareq ifmr = { .ifm_active = 0 };
516 strlcpy(ifmr.ifm_name, ifname, sizeof(ifmr.ifm_name));
517 r = ioctl(ctx->pf_inet_fd, SIOCGIFMEDIA, &ifmr);
520 if (ifmr.ifm_status & IFM_AVALID &&
521 IFM_TYPE(ifmr.ifm_active) == IFM_IEEE80211)
523 if (if_getssid1(ctx, ifname, NULL) == -1)
530 if_vlanid(const struct interface *ifp)
533 struct vlanreq vlr = { .vlr_tag = 0 };
535 if (if_indirect_ioctl(ifp->ctx, ifp->name, SIOCGETVLAN,
536 &vlr, sizeof(vlr)) != 0)
537 return 0; /* 0 means no VLANID */
539 #elif defined(SIOCGVNETID)
540 struct ifreq ifr = { .ifr_vnetid = 0 };
542 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
543 if (ioctl(ifp->ctx->pf_inet_fd, SIOCGVNETID, &ifr) != 0)
544 return 0; /* 0 means no VLANID */
545 return ifr.ifr_vnetid;
548 return 0; /* 0 means no VLANID */
553 get_addrs(int type, const void *data, size_t data_len,
554 const struct sockaddr **sa)
561 for (i = 0; i < RTAX_MAX; i++) {
562 if (type & (1 << i)) {
567 sa[i] = (const struct sockaddr *)cp;
568 RT_ADVANCE(cp, sa[i]);
576 static struct interface *
577 if_findsdl(struct dhcpcd_ctx *ctx, const struct sockaddr_dl *sdl)
581 return if_findindex(ctx->ifaces, sdl->sdl_index);
584 char ifname[IF_NAMESIZE];
586 memcpy(ifname, sdl->sdl_data, sdl->sdl_nlen);
587 ifname[sdl->sdl_nlen] = '\0';
588 return if_find(ctx->ifaces, ifname);
591 struct interface *ifp;
593 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
594 if (ifp->hwlen == sdl->sdl_alen &&
596 sdl->sdl_data, sdl->sdl_alen) == 0)
605 static struct interface *
606 if_findsa(struct dhcpcd_ctx *ctx, const struct sockaddr *sa)
613 switch (sa->sa_family) {
616 const struct sockaddr_dl *sdl;
618 sdl = (const void *)sa;
619 return if_findsdl(ctx, sdl);
624 const struct sockaddr_in *sin;
625 struct ipv4_addr *ia;
627 sin = (const void *)sa;
628 if ((ia = ipv4_findmaskaddr(ctx, &sin->sin_addr)))
630 if ((ia = ipv4_findmaskbrd(ctx, &sin->sin_addr)))
638 const struct sockaddr_in6 *sin;
640 struct ipv6_addr *ia;
642 sin = (const void *)sa;
643 scope = ipv6_getscope(sin);
645 return if_findindex(ctx->ifaces, scope);
646 if ((ia = ipv6_findmaskaddr(ctx, &sin->sin6_addr)))
652 errno = EAFNOSUPPORT;
661 if_copysa(struct sockaddr *dst, const struct sockaddr *src)
667 memcpy(dst, src, src->sa_len);
668 #if defined(INET6) && defined(__KAME__)
669 if (dst->sa_family == AF_INET6) {
670 struct in6_addr *in6;
672 in6 = &satosin6(dst)->sin6_addr;
673 if (IN6_IS_ADDR_LINKLOCAL(in6))
674 in6->s6_addr[2] = in6->s6_addr[3] = '\0';
680 if_route(unsigned char cmd, const struct rt *rt)
682 struct dhcpcd_ctx *ctx;
684 struct rt_msghdr *rtm = &rtmsg.hdr;
685 char *bp = rtmsg.buffer;
686 struct sockaddr_dl sdl;
690 assert(rt->rt_ifp != NULL);
691 assert(rt->rt_ifp->ctx != NULL);
692 ctx = rt->rt_ifp->ctx;
694 #define ADDSA(sa) do { \
695 memcpy(bp, (sa), (sa)->sa_len); \
696 bp += RT_ROUNDUP((sa)->sa_len); \
697 } while (0 /* CONSTCOND */)
699 memset(&rtmsg, 0, sizeof(rtmsg));
700 rtm->rtm_version = RTM_VERSION;
703 rtm->rtm_pid = getpid();
705 rtm->rtm_seq = ++ctx->seq;
706 rtm->rtm_flags = (int)rt->rt_flags;
707 rtm->rtm_addrs = RTA_DST;
710 rtm->rtm_flags |= RTF_PINNED;
713 gateway_unspec = sa_is_unspecified(&rt->rt_gateway);
715 if (cmd == RTM_ADD || cmd == RTM_CHANGE) {
716 bool netmask_bcast = sa_is_allones(&rt->rt_netmask);
718 rtm->rtm_flags |= RTF_UP;
719 rtm->rtm_addrs |= RTA_GATEWAY;
720 if (!(rtm->rtm_flags & RTF_REJECT) &&
721 !sa_is_loopback(&rt->rt_gateway))
723 rtm->rtm_index = (unsigned short)rt->rt_ifp->index;
725 * OpenBSD rejects the message for on-link routes.
726 * FreeBSD-12 kernel apparently panics.
727 * I can't replicate the panic, but better safe than sorry!
728 * https://roy.marples.name/archives/dhcpcd-discuss/0002286.html
730 * Neither OS currently allows IPv6 address sharing anyway, so let's
731 * try to encourage someone to fix that by logging a waring during compile.
733 #if defined(__FreeBSD__) || defined(__OpenBSD__)
734 #warning kernel does not allow IPv6 address sharing
735 if (!gateway_unspec || rt->rt_dest.sa_family!=AF_INET6)
737 rtm->rtm_addrs |= RTA_IFP;
738 if (!sa_is_unspecified(&rt->rt_ifa))
739 rtm->rtm_addrs |= RTA_IFA;
742 rtm->rtm_flags |= RTF_HOST;
743 /* Network routes are cloning or connected if supported.
744 * All other routes are static. */
745 if (gateway_unspec) {
747 rtm->rtm_flags |= RTF_CLONING;
750 rtm->rtm_flags |= RTF_CONNECTED;
753 rtm->rtm_priority = RTP_CONNECTED;
758 * We add a cloning network route for a single
759 * host. Traffic to the host will generate a
760 * cloned route and the hardware address will
762 * It might be more correct to use RTF_HOST
763 * instead of RTF_CLONING, and that does work,
764 * but some OS generate an arp warning
765 * diagnostic which we don't want to do.
767 rtm->rtm_flags &= ~RTF_HOST;
771 rtm->rtm_flags |= RTF_GATEWAY;
773 if (rt->rt_dflags & RTDF_STATIC)
774 rtm->rtm_flags |= RTF_STATIC;
776 if (rt->rt_mtu != 0) {
777 rtm->rtm_inits |= RTV_MTU;
778 rtm->rtm_rmx.rmx_mtu = rt->rt_mtu;
782 if (!(rtm->rtm_flags & RTF_HOST))
783 rtm->rtm_addrs |= RTA_NETMASK;
785 if_linkaddr(&sdl, rt->rt_ifp);
789 if (rtm->rtm_addrs & RTA_GATEWAY) {
791 ADDSA((struct sockaddr *)&sdl);
795 if_copysa(&gateway.sa, &rt->rt_gateway);
797 if (gateway.sa.sa_family == AF_INET6)
798 ipv6_setscope(&gateway.sin6, rt->rt_ifp->index);
804 if (rtm->rtm_addrs & RTA_NETMASK)
805 ADDSA(&rt->rt_netmask);
807 if (rtm->rtm_addrs & RTA_IFP)
808 ADDSA((struct sockaddr *)&sdl);
810 if (rtm->rtm_addrs & RTA_IFA)
815 rtm->rtm_msglen = (unsigned short)(bp - (char *)rtm);
818 if (ctx->options & DHCPCD_PRIVSEP) {
819 if (ps_root_route(ctx, rtm, rtm->rtm_msglen) == -1)
824 if (write(ctx->link_fd, rtm, rtm->rtm_msglen) == -1)
830 if_realroute(const struct rt_msghdr *rtm)
834 if (rtm->rtm_flags & RTF_CLONED)
838 if (rtm->rtm_flags & RTF_WASCLONED)
842 if (rtm->rtm_flags & RTF_LOCAL)
846 if (rtm->rtm_flags & RTF_BROADCAST)
853 if_copyrt(struct dhcpcd_ctx *ctx, struct rt *rt, const struct rt_msghdr *rtm)
855 const struct sockaddr *rti_info[RTAX_MAX];
857 if (!(rtm->rtm_addrs & RTA_DST)) {
861 if (rtm->rtm_type != RTM_MISS && !(rtm->rtm_addrs & RTA_GATEWAY)) {
866 if (get_addrs(rtm->rtm_addrs, (const char *)rtm + sizeof(*rtm),
867 rtm->rtm_msglen - sizeof(*rtm), rti_info) == -1)
869 memset(rt, 0, sizeof(*rt));
871 rt->rt_flags = (unsigned int)rtm->rtm_flags;
872 if_copysa(&rt->rt_dest, rti_info[RTAX_DST]);
873 if (rtm->rtm_addrs & RTA_NETMASK) {
874 if_copysa(&rt->rt_netmask, rti_info[RTAX_NETMASK]);
875 if (rt->rt_netmask.sa_family == 255) /* Why? */
876 rt->rt_netmask.sa_family = rt->rt_dest.sa_family;
879 /* dhcpcd likes an unspecified gateway to indicate via the link.
880 * However we need to know if gateway was a link with an address. */
881 if (rtm->rtm_addrs & RTA_GATEWAY) {
882 if (rti_info[RTAX_GATEWAY]->sa_family == AF_LINK) {
883 const struct sockaddr_dl *sdl;
885 sdl = (const struct sockaddr_dl*)
886 (const void *)rti_info[RTAX_GATEWAY];
887 if (sdl->sdl_alen != 0)
888 rt->rt_dflags |= RTDF_GATELINK;
889 } else if (rtm->rtm_flags & RTF_GATEWAY)
890 if_copysa(&rt->rt_gateway, rti_info[RTAX_GATEWAY]);
893 if (rtm->rtm_addrs & RTA_IFA)
894 if_copysa(&rt->rt_ifa, rti_info[RTAX_IFA]);
896 rt->rt_mtu = (unsigned int)rtm->rtm_rmx.rmx_mtu;
899 rt->rt_ifp = if_findindex(ctx->ifaces, rtm->rtm_index);
900 else if (rtm->rtm_addrs & RTA_IFP)
901 rt->rt_ifp = if_findsa(ctx, rti_info[RTAX_IFP]);
902 else if (rtm->rtm_addrs & RTA_GATEWAY)
903 rt->rt_ifp = if_findsa(ctx, rti_info[RTAX_GATEWAY]);
905 rt->rt_ifp = if_findsa(ctx, rti_info[RTAX_DST]);
907 if (rt->rt_ifp == NULL && rtm->rtm_type == RTM_MISS)
908 rt->rt_ifp = if_find(ctx->ifaces, "lo0");
910 if (rt->rt_ifp == NULL) {
918 if_initrt(struct dhcpcd_ctx *ctx, rb_tree_t *kroutes, int af)
920 struct rt_msghdr *rtm;
930 mib[4] = NET_RT_DUMP;
933 if (sysctl(mib, 6, NULL, &needed, NULL, 0) == -1)
937 if ((buf = malloc(needed)) == NULL)
939 if (sysctl(mib, 6, buf, &needed, NULL, 0) == -1) {
945 for (p = buf; p < end; p += rtm->rtm_msglen) {
947 if (p + rtm->rtm_msglen >= end) {
951 if (!if_realroute(rtm))
953 if (if_copyrt(ctx, &rt, rtm) != 0)
955 if ((rtn = rt_new(rt.rt_ifp)) == NULL) {
959 memcpy(rtn, &rt, sizeof(*rtn));
960 if (rb_tree_insert_node(kroutes, rtn) != rtn)
964 return p == end ? 0 : -1;
969 if_address(unsigned char cmd, const struct ipv4_addr *ia)
972 struct in_aliasreq ifra;
973 struct dhcpcd_ctx *ctx = ia->iface->ctx;
975 memset(&ifra, 0, sizeof(ifra));
976 strlcpy(ifra.ifra_name, ia->iface->name, sizeof(ifra.ifra_name));
978 #define ADDADDR(var, addr) do { \
979 (var)->sin_family = AF_INET; \
980 (var)->sin_len = sizeof(*(var)); \
981 (var)->sin_addr = *(addr); \
982 } while (/*CONSTCOND*/0)
983 ADDADDR(&ifra.ifra_addr, &ia->addr);
984 ADDADDR(&ifra.ifra_mask, &ia->mask);
985 if (cmd == RTM_NEWADDR && ia->brd.s_addr != INADDR_ANY)
986 ADDADDR(&ifra.ifra_broadaddr, &ia->brd);
990 cmd == RTM_DELADDR ? SIOCDIFADDR : SIOCAIFADDR, &ifra,sizeof(ifra));
994 #if !(defined(HAVE_IFADDRS_ADDRFLAGS) && defined(HAVE_IFAM_ADDRFLAGS))
996 if_addrflags(const struct interface *ifp, const struct in_addr *addr,
997 __unused const char *alias)
999 #ifdef SIOCGIFAFLAG_IN
1001 struct sockaddr_in *sin;
1003 memset(&ifr, 0, sizeof(ifr));
1004 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
1005 sin = (void *)&ifr.ifr_addr;
1006 sin->sin_family = AF_INET;
1007 sin->sin_addr = *addr;
1008 if (ioctl(ifp->ctx->pf_inet_fd, SIOCGIFAFLAG_IN, &ifr) == -1)
1010 return ifr.ifr_addrflags;
1022 if_ioctl6(struct dhcpcd_ctx *ctx, unsigned long req, void *data, size_t len)
1027 if (ctx->options & DHCPCD_PRIVSEP)
1028 return (int)ps_root_ioctl6(ctx, req, data, len);
1032 return ioctl(priv->pf_inet6_fd, req, data, len);
1036 if_address6(unsigned char cmd, const struct ipv6_addr *ia)
1038 struct in6_aliasreq ifa = { .ifra_flags = 0 };
1039 struct in6_addr mask;
1040 struct dhcpcd_ctx *ctx = ia->iface->ctx;
1042 strlcpy(ifa.ifra_name, ia->iface->name, sizeof(ifa.ifra_name));
1043 #if defined(__FreeBSD__) || defined(__DragonFly__)
1044 /* This is a bug - the kernel should work this out. */
1045 if (ia->addr_flags & IN6_IFF_TENTATIVE)
1046 ifa.ifra_flags |= IN6_IFF_TENTATIVE;
1048 #if (defined(__NetBSD__) || defined(__OpenBSD__)) && \
1049 (defined(IPV6CTL_ACCEPT_RTADV) || defined(ND6_IFF_ACCEPT_RTADV))
1050 /* These kernels don't accept userland setting IN6_IFF_AUTOCONF */
1052 if (ia->flags & IPV6_AF_AUTOCONF)
1053 ifa.ifra_flags |= IN6_IFF_AUTOCONF;
1055 #ifdef IPV6_MANAGETEMPADDR
1056 if (ia->flags & IPV6_AF_TEMPORARY)
1057 ifa.ifra_flags |= IN6_IFF_TEMPORARY;
1060 #define ADDADDR(v, addr) { \
1061 (v)->sin6_family = AF_INET6; \
1062 (v)->sin6_len = sizeof(*v); \
1063 (v)->sin6_addr = *(addr); \
1066 ADDADDR(&ifa.ifra_addr, &ia->addr);
1067 ipv6_setscope(&ifa.ifra_addr, ia->iface->index);
1068 ipv6_mask(&mask, ia->prefix_len);
1069 ADDADDR(&ifa.ifra_prefixmask, &mask);
1074 * Every BSD kernel wants to add the prefix of the address to it's
1075 * list of RA received prefixes.
1076 * THIS IS WRONG because there (as the comments in the kernel state)
1077 * is no API for managing prefix lifetime and the kernel should not
1078 * pretend it's from a RA either.
1080 * The issue is that the very first assigned prefix will inherit the
1081 * lifetime of the address, but any subsequent alteration of the
1082 * address OR it's lifetime will not affect the prefix lifetime.
1083 * As such, we cannot stop the prefix from timing out and then
1084 * constantly removing the prefix route dhcpcd is capable of adding
1087 * What we can do to mitigate the issue is to add the address with
1088 * infinite lifetimes, so the prefix route will never time out.
1089 * Once done, we can then set lifetimes on the address and all is good.
1090 * The downside of this approach is that we need to manually remove
1091 * the kernel route because it has no lifetime, but this is OK as
1092 * dhcpcd will handle this too.
1094 * This issue is discussed on the NetBSD mailing lists here:
1095 * http://mail-index.netbsd.org/tech-net/2016/08/05/msg006044.html
1097 * Fixed in NetBSD-7.99.36
1098 * NOT fixed in FreeBSD - bug 195197
1099 * Fixed in OpenBSD-5.9
1102 #if !((defined(__NetBSD_Version__) && __NetBSD_Version__ >= 799003600) || \
1103 (defined(__OpenBSD__) && OpenBSD >= 201605))
1104 if (cmd == RTM_NEWADDR && !(ia->flags & IPV6_AF_ADDED)) {
1105 ifa.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
1106 ifa.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
1107 (void)if_ioctl6(ctx, SIOCAIFADDR_IN6, &ifa, sizeof(ifa));
1111 #if defined(__OpenBSD__) && OpenBSD <= 201705
1112 /* BUT OpenBSD older than 6.2 does not reset the address lifetime
1113 * for subsequent calls...
1114 * Luckily dhcpcd will remove the lease when it expires so
1115 * just set an infinite lifetime, unless a temporary address. */
1116 if (ifa.ifra_flags & IN6_IFF_PRIVACY) {
1117 ifa.ifra_lifetime.ia6t_vltime = ia->prefix_vltime;
1118 ifa.ifra_lifetime.ia6t_pltime = ia->prefix_pltime;
1120 ifa.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
1121 ifa.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
1124 ifa.ifra_lifetime.ia6t_vltime = ia->prefix_vltime;
1125 ifa.ifra_lifetime.ia6t_pltime = ia->prefix_pltime;
1128 return if_ioctl6(ctx,
1129 cmd == RTM_DELADDR ? SIOCDIFADDR_IN6 : SIOCAIFADDR_IN6,
1134 if_addrflags6(const struct interface *ifp, const struct in6_addr *addr,
1135 __unused const char *alias)
1138 struct in6_ifreq ifr6;
1141 memset(&ifr6, 0, sizeof(ifr6));
1142 strlcpy(ifr6.ifr_name, ifp->name, sizeof(ifr6.ifr_name));
1143 ifr6.ifr_addr.sin6_family = AF_INET6;
1144 ifr6.ifr_addr.sin6_addr = *addr;
1145 ipv6_setscope(&ifr6.ifr_addr, ifp->index);
1146 priv = (struct priv *)ifp->ctx->priv;
1147 if (ioctl(priv->pf_inet6_fd, SIOCGIFAFLAG_IN6, &ifr6) != -1)
1148 flags = ifr6.ifr_ifru.ifru_flags6;
1155 if_getlifetime6(struct ipv6_addr *ia)
1157 struct in6_ifreq ifr6;
1159 struct in6_addrlifetime *lifetime;
1162 memset(&ifr6, 0, sizeof(ifr6));
1163 strlcpy(ifr6.ifr_name, ia->iface->name, sizeof(ifr6.ifr_name));
1164 ifr6.ifr_addr.sin6_family = AF_INET6;
1165 ifr6.ifr_addr.sin6_addr = ia->addr;
1166 ipv6_setscope(&ifr6.ifr_addr, ia->iface->index);
1167 priv = (struct priv *)ia->iface->ctx->priv;
1168 if (ioctl(priv->pf_inet6_fd, SIOCGIFALIFETIME_IN6, &ifr6) == -1)
1170 clock_gettime(CLOCK_MONOTONIC, &ia->created);
1172 #if defined(__FreeBSD__) || defined(__DragonFly__)
1173 t = ia->created.tv_sec;
1178 lifetime = &ifr6.ifr_ifru.ifru_lifetime;
1179 if (lifetime->ia6t_preferred)
1180 ia->prefix_pltime = (uint32_t)(lifetime->ia6t_preferred -
1181 MIN(t, lifetime->ia6t_preferred));
1183 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1184 if (lifetime->ia6t_expire) {
1185 ia->prefix_vltime = (uint32_t)(lifetime->ia6t_expire -
1186 MIN(t, lifetime->ia6t_expire));
1187 /* Calculate the created time */
1188 ia->created.tv_sec -= lifetime->ia6t_vltime - ia->prefix_vltime;
1190 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1196 if_announce(struct dhcpcd_ctx *ctx, const struct if_announcemsghdr *ifan)
1199 if (ifan->ifan_msglen < sizeof(*ifan)) {
1204 switch(ifan->ifan_what) {
1206 return dhcpcd_handleinterface(ctx, 1, ifan->ifan_name);
1207 case IFAN_DEPARTURE:
1208 return dhcpcd_handleinterface(ctx, -1, ifan->ifan_name);
1215 if_ifinfo(struct dhcpcd_ctx *ctx, const struct if_msghdr *ifm)
1217 struct interface *ifp;
1220 if (ifm->ifm_msglen < sizeof(*ifm)) {
1225 if ((ifp = if_findindex(ctx->ifaces, ifm->ifm_index)) == NULL)
1228 link_state = if_carrier(ifp, &ifm->ifm_data);
1229 dhcpcd_handlecarrier(ifp, link_state, (unsigned int)ifm->ifm_flags);
1234 if_rtm(struct dhcpcd_ctx *ctx, const struct rt_msghdr *rtm)
1238 if (rtm->rtm_msglen < sizeof(*rtm)) {
1243 /* Ignore errors. */
1244 if (rtm->rtm_errno != 0)
1247 /* Ignore messages from ourself. */
1249 if (ctx->ps_root_pid != 0) {
1250 if (rtm->rtm_pid == ctx->ps_root_pid)
1255 if (if_copyrt(ctx, &rt, rtm) == -1)
1256 return errno == ENOTSUP ? 0 : -1;
1260 * BSD announces host routes.
1261 * As such, we should be notified of reachability by its
1262 * existance with a hardware address.
1263 * Ensure we don't call this for a newly incomplete state.
1265 if (rt.rt_dest.sa_family == AF_INET6 &&
1266 (rt.rt_flags & RTF_HOST || rtm->rtm_type == RTM_MISS) &&
1267 !(rtm->rtm_type == RTM_ADD && !(rt.rt_dflags & RTDF_GATELINK)))
1271 reachable = (rtm->rtm_type == RTM_ADD ||
1272 rtm->rtm_type == RTM_CHANGE) &&
1273 rt.rt_dflags & RTDF_GATELINK;
1274 ipv6nd_neighbour(ctx, &rt.rt_ss_dest.sin6.sin6_addr, reachable);
1278 if (rtm->rtm_type != RTM_MISS && if_realroute(rtm))
1279 rt_recvrt(rtm->rtm_type, &rt, rtm->rtm_pid);
1284 if_ifa(struct dhcpcd_ctx *ctx, const struct ifa_msghdr *ifam)
1286 struct interface *ifp;
1287 const struct sockaddr *rti_info[RTAX_MAX];
1291 if (ifam->ifam_msglen < sizeof(*ifam)) {
1296 #ifdef HAVE_IFAM_PID
1297 /* Ignore address deletions from ourself.
1298 * We need to process address flag changes though. */
1299 if (ifam->ifam_type == RTM_DELADDR) {
1301 if (ctx->ps_root_pid != 0) {
1302 if (ifam->ifam_pid == ctx->ps_root_pid)
1306 /* address management is done via ioctl,
1307 * so SO_USELOOPBACK has no effect,
1308 * so we do need to check the pid. */
1309 if (ifam->ifam_pid == getpid())
1312 pid = ifam->ifam_pid;
1317 if (~ifam->ifam_addrs & RTA_IFA)
1319 if ((ifp = if_findindex(ctx->ifaces, ifam->ifam_index)) == NULL)
1322 if (get_addrs(ifam->ifam_addrs, (const char *)ifam + sizeof(*ifam),
1323 ifam->ifam_msglen - sizeof(*ifam), rti_info) == -1)
1326 switch (rti_info[RTAX_IFA]->sa_family) {
1329 struct sockaddr_dl sdl;
1332 if (ifam->ifam_type != RTM_CHGADDR)
1335 if (ifam->ifam_type != RTM_NEWADDR)
1338 memcpy(&sdl, rti_info[RTAX_IFA], rti_info[RTAX_IFA]->sa_len);
1339 dhcpcd_handlehwaddr(ifp, ifp->hwtype,
1340 CLLADDR(&sdl), sdl.sdl_alen);
1345 case 255: /* FIXME: Why 255? */
1347 const struct sockaddr_in *sin;
1348 struct in_addr addr, mask, bcast;
1350 sin = (const void *)rti_info[RTAX_IFA];
1351 addr.s_addr = sin != NULL && sin->sin_family == AF_INET ?
1352 sin->sin_addr.s_addr : INADDR_ANY;
1353 sin = (const void *)rti_info[RTAX_NETMASK];
1354 mask.s_addr = sin != NULL && sin->sin_family == AF_INET ?
1355 sin->sin_addr.s_addr : INADDR_ANY;
1356 sin = (const void *)rti_info[RTAX_BRD];
1357 bcast.s_addr = sin != NULL && sin->sin_family == AF_INET ?
1358 sin->sin_addr.s_addr : INADDR_ANY;
1361 * NetBSD-7 and older send an invalid broadcast address.
1362 * So we need to query the actual address to get
1364 * We can also use this to test if the address
1365 * has really been added or deleted.
1368 struct in_aliasreq ifra;
1370 memset(&ifra, 0, sizeof(ifra));
1371 strlcpy(ifra.ifra_name, ifp->name, sizeof(ifra.ifra_name));
1372 ifra.ifra_addr.sin_family = AF_INET;
1373 ifra.ifra_addr.sin_len = sizeof(ifra.ifra_addr);
1374 ifra.ifra_addr.sin_addr = addr;
1375 if (ioctl(ctx->pf_inet_fd, SIOCGIFALIAS, &ifra) == -1) {
1376 if (errno != ENXIO && errno != EADDRNOTAVAIL)
1377 logerr("%s: SIOCGIFALIAS", __func__);
1378 if (ifam->ifam_type != RTM_DELADDR)
1381 if (ifam->ifam_type == RTM_DELADDR)
1383 #if defined(__NetBSD_Version__) && __NetBSD_Version__ < 800000000
1384 bcast = ifra.ifra_broadaddr.sin_addr;
1388 #warning No SIOCGIFALIAS support
1390 * No SIOCGIFALIAS? That sucks!
1391 * This makes this call very heavy weight, but we
1392 * really need to know if the message is late or not.
1394 const struct sockaddr *sa;
1395 struct ifaddrs *ifaddrs = NULL, *ifa;
1397 sa = rti_info[RTAX_IFA];
1398 #ifdef PRIVSEP_GETIFADDRS
1399 if (IN_PRIVSEP(ctx)) {
1400 if (ps_root_getifaddrs(ctx, &ifaddrs) == -1) {
1401 logerr("ps_root_getifaddrs");
1406 if (getifaddrs(&ifaddrs) == -1) {
1407 logerr("getifaddrs");
1410 for (ifa = ifaddrs; ifa; ifa = ifa->ifa_next) {
1411 if (ifa->ifa_addr == NULL)
1413 if (sa_cmp(ifa->ifa_addr, sa) == 0 &&
1414 strcmp(ifa->ifa_name, ifp->name) == 0)
1417 #ifdef PRIVSEP_GETIFADDRS
1418 if (IN_PRIVSEP(ctx))
1422 freeifaddrs(ifaddrs);
1423 if (ifam->ifam_type == RTM_DELADDR) {
1432 #ifdef HAVE_IFAM_ADDRFLAGS
1433 flags = ifam->ifam_addrflags;
1438 ipv4_handleifa(ctx, ifam->ifam_type, NULL, ifp->name,
1439 &addr, &mask, &bcast, flags, pid);
1446 struct in6_addr addr6, mask6;
1447 const struct sockaddr_in6 *sin6;
1449 sin6 = (const void *)rti_info[RTAX_IFA];
1450 addr6 = sin6->sin6_addr;
1451 sin6 = (const void *)rti_info[RTAX_NETMASK];
1452 mask6 = sin6->sin6_addr;
1455 * If the address was deleted, lets check if it's
1456 * a late message and it still exists (maybe modified).
1457 * If so, ignore it as deleting an address causes
1458 * dhcpcd to drop any lease to which it belongs.
1459 * Also check an added address was really added.
1461 flags = if_addrflags6(ifp, &addr6, NULL);
1463 if (errno != ENXIO && errno != EADDRNOTAVAIL)
1464 logerr("%s: if_addrflags6", __func__);
1465 if (ifam->ifam_type != RTM_DELADDR)
1468 } else if (ifam->ifam_type == RTM_DELADDR)
1472 if (IN6_IS_ADDR_LINKLOCAL(&addr6))
1473 /* Remove the scope from the address */
1474 addr6.s6_addr[2] = addr6.s6_addr[3] = '\0';
1477 ipv6_handleifa(ctx, ifam->ifam_type, NULL,
1478 ifp->name, &addr6, ipv6_prefixlen(&mask6), flags, pid);
1488 if_dispatch(struct dhcpcd_ctx *ctx, const struct rt_msghdr *rtm)
1491 if (rtm->rtm_version != RTM_VERSION)
1494 switch(rtm->rtm_type) {
1495 #ifdef RTM_IFANNOUNCE
1496 case RTM_IFANNOUNCE:
1497 return if_announce(ctx, (const void *)rtm);
1500 return if_ifinfo(ctx, (const void *)rtm);
1501 case RTM_ADD: /* FALLTHROUGH */
1502 case RTM_CHANGE: /* FALLTHROUGH */
1503 case RTM_DELETE: /* FALLTHROUGH */
1505 return if_rtm(ctx, (const void *)rtm);
1507 case RTM_CHGADDR: /* FALLTHROUGH */
1509 case RTM_DELADDR: /* FALLTHROUGH */
1511 return if_ifa(ctx, (const void *)rtm);
1514 dhcpcd_linkoverflow(ctx);
1515 #elif !defined(SO_RERROR)
1516 #warning cannot detect route socket overflow within kernel
1524 if_missfilter0(struct dhcpcd_ctx *ctx, struct interface *ifp,
1525 struct sockaddr *sa)
1527 size_t salen = (size_t)RT_ROUNDUP(sa->sa_len);
1528 size_t newlen = ctx->rt_missfilterlen + salen;
1529 size_t diff = salen - (sa->sa_len);
1532 if (ctx->rt_missfiltersize < newlen) {
1533 void *n = realloc(ctx->rt_missfilter, newlen);
1536 ctx->rt_missfilter = n;
1537 ctx->rt_missfiltersize = newlen;
1541 if (sa->sa_family == AF_INET6)
1542 ipv6_setscope(satosin6(sa), ifp->index);
1547 cp = ctx->rt_missfilter + ctx->rt_missfilterlen;
1548 memcpy(cp, sa, sa->sa_len);
1550 memset(cp + sa->sa_len, 0, diff);
1551 ctx->rt_missfilterlen += salen;
1554 if (sa->sa_family == AF_INET6)
1555 ipv6_setscope(satosin6(sa), 0);
1562 if_missfilter(struct interface *ifp, struct sockaddr *sa)
1565 return if_missfilter0(ifp->ctx, ifp, sa);
1569 if_missfilter_apply(struct dhcpcd_ctx *ctx)
1571 #ifdef RO_MISSFILTER
1572 if (ctx->rt_missfilterlen == 0) {
1573 struct sockaddr sa = {
1574 .sa_family = AF_UNSPEC,
1575 .sa_len = sizeof(sa),
1578 if (if_missfilter0(ctx, NULL, &sa) == -1)
1582 return setsockopt(ctx->link_fd, PF_ROUTE, RO_MISSFILTER,
1583 ctx->rt_missfilter, (socklen_t)ctx->rt_missfilterlen);
1585 #warning kernel does not support RTM_MISS DST filtering
1592 __CTASSERT(offsetof(struct rt_msghdr, rtm_msglen) == 0);
1594 if_handlelink(struct dhcpcd_ctx *ctx)
1599 len = read(ctx->link_fd, &rtm, sizeof(rtm));
1604 if ((size_t)len < sizeof(rtm.hdr.rtm_msglen) ||
1605 len != rtm.hdr.rtm_msglen)
1611 * Coverity thinks that the data could be tainted from here.
1612 * I have no idea how because the length of the data we read
1613 * is guarded by len and checked to match rtm_msglen.
1614 * The issue seems to be related to extracting the addresses
1615 * at the end of the header, but seems to have no issues with the
1616 * equivalent call in if_initrt.
1618 /* coverity[tainted_data] */
1619 return if_dispatch(ctx, &rtm.hdr);
1622 #ifndef SYS_NMLN /* OSX */
1623 # define SYS_NMLN __SYS_NAMELEN
1625 #ifndef HW_MACHINE_ARCH
1626 # ifdef HW_MODEL /* OpenBSD */
1627 # define HW_MACHINE_ARCH HW_MODEL
1631 if_machinearch(char *str, size_t len)
1633 int mib[2] = { CTL_HW, HW_MACHINE_ARCH };
1635 return sysctl(mib, sizeof(mib) / sizeof(mib[0]), str, &len, NULL, 0);
1639 #if (defined(IPV6CTL_ACCEPT_RTADV) && !defined(ND6_IFF_ACCEPT_RTADV)) || \
1640 defined(IPV6CTL_FORWARDING)
1641 #define get_inet6_sysctl(code) inet6_sysctl(code, 0, 0)
1642 #define set_inet6_sysctl(code, val) inet6_sysctl(code, val, 1)
1644 inet6_sysctl(int code, int val, int action)
1646 int mib[] = { CTL_NET, PF_INET6, IPPROTO_IPV6, 0 };
1652 if (sysctl(mib, sizeof(mib)/sizeof(mib[0]),
1653 NULL, 0, &val, size) == -1)
1657 if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &val, &size, NULL, 0) == -1)
1664 if_applyra(const struct ra *rap)
1666 #ifdef SIOCSIFINFO_IN6
1667 struct in6_ndireq nd = { .ndi.chlim = 0 };
1668 struct dhcpcd_ctx *ctx = rap->iface->ctx;
1671 strlcpy(nd.ifname, rap->iface->name, sizeof(nd.ifname));
1673 #ifdef IPV6CTL_ACCEPT_RTADV
1674 struct priv *priv = ctx->priv;
1677 * NetBSD changed SIOCSIFINFO_IN6 to NOT set flags when kernel
1678 * RA was removed, however both FreeBSD and DragonFlyBSD still do.
1679 * linkmtu was also removed.
1680 * Hopefully this guard will still work if either remove kernel RA.
1682 if (ioctl(priv->pf_inet6_fd, SIOCGIFINFO_IN6, &nd, sizeof(nd)) == -1)
1685 nd.ndi.linkmtu = rap->mtu;
1688 nd.ndi.chlim = rap->hoplimit;
1689 nd.ndi.retrans = rap->retrans;
1690 nd.ndi.basereachable = rap->reachable;
1691 error = if_ioctl6(ctx, SIOCSIFINFO_IN6, &nd, sizeof(nd));
1692 #ifdef IPV6CTL_ACCEPT_RTADV
1693 if (error == -1 && errno == EINVAL) {
1695 * Very likely that this is caused by a dodgy MTU
1696 * setting specific to the interface.
1697 * Let's set it to "unspecified" and try again.
1698 * Doesn't really matter as we fix the MTU against the
1699 * routes we add as not all OS support SIOCSIFINFO_IN6.
1702 error = if_ioctl6(ctx, SIOCSIFINFO_IN6, &nd, sizeof(nd));
1707 #warning OS does not allow setting of RA bits hoplimit, retrans or reachable
1713 #ifndef IPV6CTL_FORWARDING
1714 #define get_inet6_sysctlbyname(code) inet6_sysctlbyname(code, 0, 0)
1715 #define set_inet6_sysctlbyname(code, val) inet6_sysctlbyname(code, val, 1)
1717 inet6_sysctlbyname(const char *name, int val, int action)
1723 if (sysctlbyname(name, NULL, 0, &val, size) == -1)
1727 if (sysctlbyname(name, &val, &size, NULL, 0) == -1)
1734 ip6_forwarding(__unused const char *ifname)
1738 #ifdef IPV6CTL_FORWARDING
1739 val = get_inet6_sysctl(IPV6CTL_FORWARDING);
1741 val = get_inet6_sysctlbyname("net.inet6.ip6.forwarding");
1743 return val < 0 ? 0 : val;
1746 #ifdef SIOCIFAFATTACH
1748 if_af_attach(const struct interface *ifp, int af)
1750 struct if_afreq ifar;
1752 strlcpy(ifar.ifar_name, ifp->name, sizeof(ifar.ifar_name));
1754 return if_ioctl6(ifp->ctx, SIOCIFAFATTACH, &ifar, sizeof(ifar));
1758 #ifdef SIOCGIFXFLAGS
1760 if_set_ifxflags(const struct interface *ifp)
1764 struct priv *priv = ifp->ctx->priv;
1766 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
1767 if (ioctl(priv->pf_inet6_fd, SIOCGIFXFLAGS, &ifr) == -1)
1769 flags = ifr.ifr_flags;
1771 flags &= ~IFXF_NOINET6;
1774 * If not doing autoconf, don't disable the kernel from doing it.
1775 * If we need to, we should have another option actively disable it.
1777 * OpenBSD moved from kernel based SLAAC to userland via slaacd(8).
1778 * It has a similar featureset to dhcpcd such as stable private
1779 * addresses, but lacks the ability to handle DNS inside the RA
1780 * which is a serious shortfall in this day and age.
1781 * Appease their user base by working alongside slaacd(8) if
1782 * dhcpcd is instructed not to do auto configuration of addresses.
1784 #if defined(ND6_IFF_ACCEPT_RTADV)
1785 #define BSD_AUTOCONF DHCPCD_IPV6RS
1787 #define BSD_AUTOCONF DHCPCD_IPV6RA_AUTOCONF
1789 if (ifp->options->options & BSD_AUTOCONF)
1790 flags &= ~IFXF_AUTOCONF6;
1791 if (ifr.ifr_flags == flags)
1793 ifr.ifr_flags = flags;
1794 return if_ioctl6(ifp->ctx, SIOCSIFXFLAGS, &ifr, sizeof(ifr));
1798 /* OpenBSD removed ND6 flags entirely, so we need to check for their
1800 #if defined(ND6_IFF_AUTO_LINKLOCAL) || \
1801 defined(ND6_IFF_PERFORMNUD) || \
1802 defined(ND6_IFF_ACCEPT_RTADV) || \
1803 defined(ND6_IFF_OVERRIDE_RTADV) || \
1804 defined(ND6_IFF_IFDISABLED)
1805 #define ND6_NDI_FLAGS
1809 if_disable_rtadv(void)
1811 #if defined(IPV6CTL_ACCEPT_RTADV) && !defined(ND6_IFF_ACCEPT_RTADV)
1812 int ra = get_inet6_sysctl(IPV6CTL_ACCEPT_RTADV);
1815 if (errno != ENOENT)
1816 logerr("IPV6CTL_ACCEPT_RTADV");
1818 if (set_inet6_sysctl(IPV6CTL_ACCEPT_RTADV, 0) == -1)
1819 logerr("IPV6CTL_ACCEPT_RTADV");
1825 if_setup_inet6(const struct interface *ifp)
1829 #ifdef ND6_NDI_FLAGS
1830 struct in6_ndireq nd;
1834 priv = (struct priv *)ifp->ctx->priv;
1835 s = priv->pf_inet6_fd;
1837 #ifdef ND6_NDI_FLAGS
1838 memset(&nd, 0, sizeof(nd));
1839 strlcpy(nd.ifname, ifp->name, sizeof(nd.ifname));
1840 if (ioctl(s, SIOCGIFINFO_IN6, &nd) == -1)
1841 logerr("%s: SIOCGIFINFO_FLAGS", ifp->name);
1842 flags = (int)nd.ndi.flags;
1845 #ifdef ND6_IFF_AUTO_LINKLOCAL
1846 /* Unlike the kernel, dhcpcd make make a stable private address. */
1847 flags &= ~ND6_IFF_AUTO_LINKLOCAL;
1850 #ifdef ND6_IFF_PERFORMNUD
1851 /* NUD is kind of essential. */
1852 flags |= ND6_IFF_PERFORMNUD;
1855 #ifdef ND6_IFF_IFDISABLED
1856 /* Ensure the interface is not disabled. */
1857 flags &= ~ND6_IFF_IFDISABLED;
1861 * If not doing autoconf, don't disable the kernel from doing it.
1862 * If we need to, we should have another option actively disable it.
1864 #ifdef ND6_IFF_ACCEPT_RTADV
1865 if (ifp->options->options & DHCPCD_IPV6RS)
1866 flags &= ~ND6_IFF_ACCEPT_RTADV;
1867 #ifdef ND6_IFF_OVERRIDE_RTADV
1868 if (ifp->options->options & DHCPCD_IPV6RS)
1869 flags |= ND6_IFF_OVERRIDE_RTADV;
1873 #ifdef ND6_NDI_FLAGS
1874 if (nd.ndi.flags != (uint32_t)flags) {
1875 nd.ndi.flags = (uint32_t)flags;
1876 if (if_ioctl6(ifp->ctx, SIOCSIFINFO_FLAGS,
1877 &nd, sizeof(nd)) == -1)
1878 logerr("%s: SIOCSIFINFO_FLAGS", ifp->name);
1882 /* Enabling IPv6 by whatever means must be the
1883 * last action undertaken to ensure kernel RS and
1884 * LLADDR auto configuration are disabled where applicable. */
1885 #ifdef SIOCIFAFATTACH
1886 if (if_af_attach(ifp, AF_INET6) == -1)
1887 logerr("%s: if_af_attach", ifp->name);
1890 #ifdef SIOCGIFXFLAGS
1891 if (if_set_ifxflags(ifp) == -1)
1892 logerr("%s: set_ifxflags", ifp->name);
1895 #ifdef SIOCSRTRFLUSH_IN6
1896 /* Flush the kernel knowledge of advertised routers
1897 * and prefixes so the kernel does not expire prefixes
1898 * and default routes we are trying to own. */
1899 if (ifp->options->options & DHCPCD_IPV6RS) {
1900 struct in6_ifreq ifr;
1902 memset(&ifr, 0, sizeof(ifr));
1903 strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
1904 if (if_ioctl6(ifp->ctx, SIOCSRTRFLUSH_IN6,
1905 &ifr, sizeof(ifr)) == -1 &&
1906 errno != ENOTSUP && errno != ENOTTY)
1907 logwarn("SIOCSRTRFLUSH_IN6 %d", errno);
1908 #ifdef SIOCSPFXFLUSH_IN6
1909 if (if_ioctl6(ifp->ctx, SIOCSPFXFLUSH_IN6,
1910 &ifr, sizeof(ifr)) == -1 &&
1911 errno != ENOTSUP && errno != ENOTTY)
1912 logwarn("SIOCSPFXFLUSH_IN6");