projects / dragonfly.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'origin/vendor/LDNS'
[dragonfly.git] / contrib / dhcpcd / src / ipv6.c
1 /*
2  * dhcpcd - DHCP client daemon
3  * Copyright (c) 2006-2018 Roy Marples <roy@marples.name>
4  * All rights reserved
5
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27
28 #include <sys/param.h>
29 #include <sys/types.h>
30 #include <sys/socket.h>
31 #include <sys/stat.h>
32
33 #include <net/if.h>
34 #include <net/route.h>
35 #include <netinet/in.h>
36 #include <netinet/if_ether.h>
37
38 #include "config.h"
39
40 #ifdef HAVE_SYS_BITOPS_H
41 #include <sys/bitops.h>
42 #else
43 #include "compat/bitops.h"
44 #endif
45
46 #ifdef BSD
47 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used
48  * to generate our CAN_ADD_LLADDR #define. */
49 #  include <netinet6/in6_var.h>
50 #  include <netinet6/nd6.h>
51 #endif
52
53 #include <errno.h>
54 #include <ifaddrs.h>
55 #include <inttypes.h>
56 #include <stdlib.h>
57 #include <string.h>
58 #include <unistd.h>
59
60 #define ELOOP_QUEUE 7
61 #include "common.h"
62 #include "if.h"
63 #include "dhcpcd.h"
64 #include "dhcp6.h"
65 #include "eloop.h"
66 #include "ipv6.h"
67 #include "ipv6nd.h"
68 #include "logerr.h"
69 #include "sa.h"
70 #include "script.h"
71
72 #ifdef HAVE_MD5_H
73 #  ifndef DEPGEN
74 #    include <md5.h>
75 #  endif
76 #endif
77
78 #ifdef SHA2_H
79 #  include SHA2_H
80 #endif
81
82 #ifndef SHA256_DIGEST_LENGTH
83 #  define SHA256_DIGEST_LENGTH          32
84 #endif
85
86 #if 0  /* XXX: suppress the warning as dfly currently doesn't support it */
87 #ifdef IPV6_POLLADDRFLAG
88 #  warning kernel does not report IPv6 address flag changes
89 #  warning polling tentative address flags periodically
90 #endif
91 #endif
92
93 /* Hackery at it's finest. */
94 #ifndef s6_addr32
95 #  ifdef __sun
96 #    define s6_addr32   _S6_un._S6_u32
97 #  else
98 #    define s6_addr32   __u6_addr.__u6_addr32
99 #  endif
100 #endif
101
102 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \
103     defined(IFF_NOLINKLOCAL)
104 /* Only add the LL address if we have a carrier, so DaD works. */
105 #define CAN_ADD_LLADDR(ifp) \
106     (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN)
107 #ifdef __sun
108 /* Although we can add our own LL address, we cannot drop it
109  * without unplumbing the if which is a lot of code.
110  * So just keep it for the time being. */
111 #define CAN_DROP_LLADDR(ifp)    (0)
112 #else
113 #define CAN_DROP_LLADDR(ifp)    (1)
114 #endif
115 #else
116 /* We have no control over the OS adding the LLADDR, so just let it do it
117  * as we cannot force our own view on it. */
118 #define CAN_ADD_LLADDR(ifp)     (0)
119 #define CAN_DROP_LLADDR(ifp)    (0)
120 #endif
121
122 #ifdef IPV6_MANAGETEMPADDR
123 static void ipv6_regentempifid(void *);
124 static void ipv6_regentempaddr(void *);
125 #else
126 #define ipv6_regentempifid(a) {}
127 #endif
128
129 int
130 ipv6_init(struct dhcpcd_ctx *ctx)
131 {
132
133         if (ctx->sndhdr.msg_iovlen == 1)
134                 return 0;
135
136         if (ctx->ra_routers == NULL) {
137                 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
138                 if (ctx->ra_routers == NULL)
139                         return -1;
140         }
141         TAILQ_INIT(ctx->ra_routers);
142
143         ctx->sndhdr.msg_namelen = sizeof(struct sockaddr_in6);
144         ctx->sndhdr.msg_iov = ctx->sndiov;
145         ctx->sndhdr.msg_iovlen = 1;
146         ctx->sndhdr.msg_control = ctx->sndbuf;
147         ctx->sndhdr.msg_controllen = sizeof(ctx->sndbuf);
148         ctx->rcvhdr.msg_name = &ctx->from;
149         ctx->rcvhdr.msg_namelen = sizeof(ctx->from);
150         ctx->rcvhdr.msg_iov = ctx->iov;
151         ctx->rcvhdr.msg_iovlen = 1;
152         ctx->rcvhdr.msg_control = ctx->ctlbuf;
153         // controllen is set at recieve
154         //ctx->rcvhdr.msg_controllen = sizeof(ctx->rcvbuf);
155
156         ctx->nd_fd = -1;
157         ctx->dhcp6_fd = -1;
158         return 0;
159 }
160
161 static ssize_t
162 ipv6_readsecret(struct dhcpcd_ctx *ctx)
163 {
164         FILE *fp;
165         char line[1024];
166         unsigned char *p;
167         size_t len;
168         uint32_t r;
169         int x;
170
171         if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0)
172                 return (ssize_t)ctx->secret_len;
173
174         if (errno != ENOENT)
175                 logerr("%s: %s", __func__, SECRET);
176
177         /* Chaining arc4random should be good enough.
178          * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
179          * To attempt and future proof ourselves, we'll generate a key of
180          * 512 bits (64 bytes). */
181         if (ctx->secret_len < 64) {
182                 if ((ctx->secret = malloc(64)) == NULL) {
183                         logerr(__func__);
184                         return -1;
185                 }
186                 ctx->secret_len = 64;
187         }
188         p = ctx->secret;
189         for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
190                 r = arc4random();
191                 memcpy(p, &r, sizeof(r));
192                 p += sizeof(r);
193         }
194
195         /* Ensure that only the dhcpcd user can read the secret.
196          * Write permission is also denied as chaning it would remove
197          * it's stability. */
198         if ((fp = fopen(SECRET, "w")) == NULL ||
199             chmod(SECRET, S_IRUSR) == -1)
200                 goto eexit;
201         x = fprintf(fp, "%s\n",
202             hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)));
203         if (fclose(fp) == EOF)
204                 x = -1;
205         fp = NULL;
206         if (x > 0)
207                 return (ssize_t)ctx->secret_len;
208
209 eexit:
210         logerr("%s: %s", __func__, SECRET);
211         if (fp != NULL)
212                 fclose(fp);
213         unlink(SECRET);
214         ctx->secret_len = 0;
215         return -1;
216 }
217
218 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
219  * RFC5453 */
220 static const struct reslowhigh {
221         const uint8_t high[8];
222         const uint8_t low[8];
223 } reslowhigh[] = {
224         /* RFC4291 + RFC6543 */
225         { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
226           { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
227         /* RFC2526 */
228         { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
229           { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
230 };
231
232 static int
233 ipv6_reserved(const struct in6_addr *addr)
234 {
235         uint64_t id, low, high;
236         size_t i;
237         const struct reslowhigh *r;
238
239         id = be64dec(addr->s6_addr + sizeof(id));
240         if (id == 0) /* RFC4291 */
241                 return 1;
242         for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) {
243                 r = &reslowhigh[i];
244                 low = be64dec(r->low);
245                 high = be64dec(r->high);
246                 if (id >= low && id <= high)
247                         return 1;
248         }
249         return 0;
250 }
251
252 /* RFC7217 */
253 static int
254 ipv6_makestableprivate1(struct in6_addr *addr,
255     const struct in6_addr *prefix, int prefix_len,
256     const unsigned char *netiface, size_t netiface_len,
257     const unsigned char *netid, size_t netid_len,
258     unsigned short vlanid,
259     uint32_t *dad_counter,
260     const unsigned char *secret, size_t secret_len)
261 {
262         unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
263         size_t len, l;
264         SHA256_CTX ctx;
265
266         if (prefix_len < 0 || prefix_len > 120) {
267                 errno = EINVAL;
268                 return -1;
269         }
270
271         l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
272         len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len;
273         if (vlanid != 0)
274                 len += sizeof(vlanid);
275         if (len > sizeof(buf)) {
276                 errno = ENOBUFS;
277                 return -1;
278         }
279
280         for (;; (*dad_counter)++) {
281                 /* Combine all parameters into one buffer */
282                 p = buf;
283                 memcpy(p, prefix, l);
284                 p += l;
285                 memcpy(p, netiface, netiface_len);
286                 p += netiface_len;
287                 memcpy(p, netid, netid_len);
288                 p += netid_len;
289                 /* Don't use a vlanid if not set.
290                  * This ensures prior versions have the same unique address. */
291                 if (vlanid != 0) {
292                         memcpy(p, &vlanid, sizeof(vlanid));
293                         p += sizeof(vlanid);
294                 }
295                 memcpy(p, dad_counter, sizeof(*dad_counter));
296                 p += sizeof(*dad_counter);
297                 memcpy(p, secret, secret_len);
298
299                 /* Make an address using the digest of the above.
300                  * RFC7217 Section 5.1 states that we shouldn't use MD5.
301                  * Pity as we use that for HMAC-MD5 which is still deemed OK.
302                  * SHA-256 is recommended */
303                 SHA256_Init(&ctx);
304                 SHA256_Update(&ctx, buf, len);
305                 SHA256_Final(digest, &ctx);
306
307                 p = addr->s6_addr;
308                 memcpy(p, prefix, l);
309                 /* RFC7217 section 5.2 says we need to start taking the id from
310                  * the least significant bit */
311                 len = sizeof(addr->s6_addr) - l;
312                 memcpy(p + l, digest + (sizeof(digest) - len), len);
313
314                 /* Ensure that the Interface ID does not match a reserved one,
315                  * if it does then treat it as a DAD failure.
316                  * RFC7217 section 5.2 */
317                 if (prefix_len != 64)
318                         break;
319                 if (!ipv6_reserved(addr))
320                         break;
321         }
322
323         return 0;
324 }
325
326 int
327 ipv6_makestableprivate(struct in6_addr *addr,
328     const struct in6_addr *prefix, int prefix_len,
329     const struct interface *ifp,
330     int *dad_counter)
331 {
332         uint32_t dad;
333         int r;
334
335         if (ifp->ctx->secret_len == 0) {
336                 if (ipv6_readsecret(ifp->ctx) == -1)
337                         return -1;
338         }
339
340         dad = (uint32_t)*dad_counter;
341
342         /* For our implementation, we shall set the hardware address
343          * as the interface identifier */
344         r = ipv6_makestableprivate1(addr, prefix, prefix_len,
345             ifp->hwaddr, ifp->hwlen,
346             ifp->ssid, ifp->ssid_len,
347             ifp->vlanid, &dad,
348             ifp->ctx->secret, ifp->ctx->secret_len);
349
350         if (r == 0)
351                 *dad_counter = (int)dad;
352         return r;
353 }
354
355 int
356 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp,
357     const struct in6_addr *prefix, int prefix_len)
358 {
359         const struct ipv6_addr *ap;
360         int dad;
361
362         if (prefix_len < 0 || prefix_len > 120) {
363                 errno = EINVAL;
364                 return -1;
365         }
366
367         if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
368                 dad = 0;
369                 if (ipv6_makestableprivate(addr,
370                     prefix, prefix_len, ifp, &dad) == -1)
371                         return -1;
372                 return dad;
373         }
374
375         if (prefix_len > 64) {
376                 errno = EINVAL;
377                 return -1;
378         }
379         if ((ap = ipv6_linklocal(ifp)) == NULL) {
380                 /* We delay a few functions until we get a local-link address
381                  * so this should never be hit. */
382                 errno = ENOENT;
383                 return -1;
384         }
385
386         /* Make the address from the first local-link address */
387         memcpy(addr, prefix, sizeof(*prefix));
388         addr->s6_addr32[2] = ap->addr.s6_addr32[2];
389         addr->s6_addr32[3] = ap->addr.s6_addr32[3];
390         return 0;
391 }
392
393 static int
394 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
395 {
396         int bytes, bits;
397
398         if (len < 0 || len > 128) {
399                 errno = EINVAL;
400                 return -1;
401         }
402
403         bytes = len / NBBY;
404         bits = len % NBBY;
405         memcpy(&prefix->s6_addr, &addr->s6_addr, (size_t)bytes);
406         if (bits != 0) {
407                 /* Coverify false positive.
408                  * bytelen cannot be 16 if bitlen is non zero */
409                 /* coverity[overrun-local] */
410                 prefix->s6_addr[bytes] =
411                     (uint8_t)(prefix->s6_addr[bytes] >> (NBBY - bits));
412         }
413         memset((char *)prefix->s6_addr + bytes, 0,
414             sizeof(prefix->s6_addr) - (size_t)bytes);
415         return 0;
416 }
417
418 int
419 ipv6_mask(struct in6_addr *mask, int len)
420 {
421         static const unsigned char masks[NBBY] =
422             { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
423         int bytes, bits, i;
424
425         if (len < 0 || len > 128) {
426                 errno = EINVAL;
427                 return -1;
428         }
429
430         memset(mask, 0, sizeof(*mask));
431         bytes = len / NBBY;
432         bits = len % NBBY;
433         for (i = 0; i < bytes; i++)
434                 mask->s6_addr[i] = 0xff;
435         if (bits != 0) {
436                 /* Coverify false positive.
437                  * bytelen cannot be 16 if bitlen is non zero */
438                 /* coverity[overrun-local] */
439                 mask->s6_addr[bytes] = masks[bits - 1];
440         }
441         return 0;
442 }
443
444 uint8_t
445 ipv6_prefixlen(const struct in6_addr *mask)
446 {
447         int x = 0, y;
448         const unsigned char *lim, *p;
449
450         lim = (const unsigned char *)mask + sizeof(*mask);
451         for (p = (const unsigned char *)mask; p < lim; x++, p++) {
452                 if (*p != 0xff)
453                         break;
454         }
455         y = 0;
456         if (p < lim) {
457                 for (y = 0; y < NBBY; y++) {
458                         if ((*p & (0x80 >> y)) == 0)
459                                 break;
460                 }
461         }
462
463         /*
464          * when the limit pointer is given, do a stricter check on the
465          * remaining bits.
466          */
467         if (p < lim) {
468                 if (y != 0 && (*p & (0x00ff >> y)) != 0)
469                         return 0;
470                 for (p = p + 1; p < lim; p++)
471                         if (*p != 0)
472                                 return 0;
473         }
474
475         return (uint8_t)(x * NBBY + y);
476 }
477
478 static void
479 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
480 {
481
482         *vhigh = be64dec(addr->s6_addr);
483         *vlow = be64dec(addr->s6_addr + 8);
484 }
485
486 static void
487 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
488 {
489
490         be64enc(addr->s6_addr, vhigh);
491         be64enc(addr->s6_addr + 8, vlow);
492 }
493
494 int
495 ipv6_userprefix(
496         const struct in6_addr *prefix,  // prefix from router
497         short prefix_len,               // length of prefix received
498         uint64_t user_number,           // "random" number from user
499         struct in6_addr *result,        // resultant prefix
500         short result_len)               // desired prefix length
501 {
502         uint64_t vh, vl, user_low, user_high;
503
504         if (prefix_len < 1 || prefix_len > 128 ||
505             result_len < 1 || result_len > 128)
506         {
507                 errno = EINVAL;
508                 return -1;
509         }
510
511         /* Check that the user_number fits inside result_len less prefix_len */
512         if (result_len < prefix_len ||
513             fls64(user_number) > result_len - prefix_len)
514         {
515                errno = ERANGE;
516                return -1;
517         }
518
519         /* If user_number is zero, just copy the prefix into the result. */
520         if (user_number == 0) {
521                 *result = *prefix;
522                 return 0;
523         }
524
525         /* Shift user_number so it fit's just inside result_len.
526          * Shifting by 0 or sizeof(user_number) is undefined,
527          * so we cater for that. */
528         if (result_len == 128) {
529                 user_high = 0;
530                 user_low = user_number;
531         } else if (result_len > 64) {
532                 if (prefix_len >= 64)
533                         user_high = 0;
534                 else
535                         user_high = user_number >> (result_len - prefix_len);
536                 user_low = user_number << (128 - result_len);
537         } else if (result_len == 64) {
538                 user_high = user_number;
539                 user_low = 0;
540         } else {
541                 user_high = user_number << (64 - result_len);
542                 user_low = 0;
543         }
544
545         /* convert to two 64bit host order values */
546         in6_to_h64(&vh, &vl, prefix);
547
548         vh |= user_high;
549         vl |= user_low;
550
551         /* copy back result */
552         h64_to_in6(result, vh, vl);
553
554         return 0;
555 }
556
557 #ifdef IPV6_POLLADDRFLAG
558 void
559 ipv6_checkaddrflags(void *arg)
560 {
561         struct ipv6_addr *ia;
562         int flags;
563         const char *alias;
564
565         ia = arg;
566 #ifdef ALIAS_ADDR
567         alias = ia->alias;
568 #else
569         alias = NULL;
570 #endif
571         if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) {
572                 if (errno != EEXIST && errno != EADDRNOTAVAIL)
573                         logerr("%s: if_addrflags6", __func__);
574                 return;
575         }
576
577         if (!(flags & IN6_IFF_TENTATIVE)) {
578                 /* Simulate the kernel announcing the new address. */
579                 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR,
580                     ia->iface->ctx->ifaces, ia->iface->name,
581                     &ia->addr, ia->prefix_len, flags, 0);
582         } else {
583                 /* Still tentative? Check again in a bit. */
584                 struct timespec tv;
585
586                 ms_to_ts(&tv, RETRANS_TIMER / 2);
587                 eloop_timeout_add_tv(ia->iface->ctx->eloop, &tv,
588                     ipv6_checkaddrflags, ia);
589         }
590 }
591 #endif
592
593 static void
594 ipv6_deletedaddr(struct ipv6_addr *ia)
595 {
596
597 #ifdef SMALL
598         UNUSED(ia);
599 #else
600         /* NOREJECT is set if we delegated exactly the prefix to another
601          * address.
602          * This can only be one address, so just clear the flag.
603          * This should ensure the reject route will be restored. */
604         if (ia->delegating_prefix != NULL)
605                 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT;
606 #endif
607 }
608
609 void
610 ipv6_deleteaddr(struct ipv6_addr *ia)
611 {
612         struct ipv6_state *state;
613         struct ipv6_addr *ap;
614
615         loginfox("%s: deleting address %s", ia->iface->name, ia->saddr);
616         if (if_address6(RTM_DELADDR, ia) == -1 &&
617             errno != EADDRNOTAVAIL && errno != ESRCH &&
618             errno != ENXIO && errno != ENODEV)
619                 logerr(__func__);
620
621         ipv6_deletedaddr(ia);
622
623         state = IPV6_STATE(ia->iface);
624         TAILQ_FOREACH(ap, &state->addrs, next) {
625                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
626                         TAILQ_REMOVE(&state->addrs, ap, next);
627                         ipv6_freeaddr(ap);
628                         break;
629                 }
630         }
631 }
632
633 static int
634 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now)
635 {
636         struct interface *ifp;
637         struct ipv6_state *state;
638         struct ipv6_addr *ia2;
639         uint32_t pltime, vltime;
640         __printflike(1, 2) void (*logfunc)(const char *, ...);
641
642         /* Ensure no other interface has this address */
643         TAILQ_FOREACH(ifp, ia->iface->ctx->ifaces, next) {
644                 if (ifp == ia->iface)
645                         continue;
646                 state = IPV6_STATE(ifp);
647                 if (state == NULL)
648                         continue;
649                 TAILQ_FOREACH(ia2, &state->addrs, next) {
650                         if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr)) {
651                                 ipv6_deleteaddr(ia2);
652                                 break;
653                         }
654                 }
655         }
656
657         /* Remember the interface of the address. */
658         ifp = ia->iface;
659
660         if (!(ia->flags & IPV6_AF_DADCOMPLETED) &&
661             ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE))
662                 ia->flags |= IPV6_AF_DADCOMPLETED;
663
664         /* Adjust plftime and vltime based on acquired time */
665         pltime = ia->prefix_pltime;
666         vltime = ia->prefix_vltime;
667         if (timespecisset(&ia->acquired) &&
668             (ia->prefix_pltime != ND6_INFINITE_LIFETIME ||
669             ia->prefix_vltime != ND6_INFINITE_LIFETIME))
670         {
671                 struct timespec n;
672
673                 if (now == NULL) {
674                         clock_gettime(CLOCK_MONOTONIC, &n);
675                         now = &n;
676                 }
677                 timespecsub(now, &ia->acquired, &n);
678                 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) {
679                         ia->prefix_pltime -= (uint32_t)n.tv_sec;
680                         /* This can happen when confirming a
681                          * deprecated but still valid lease. */
682                         if (ia->prefix_pltime > pltime)
683                                 ia->prefix_pltime = 0;
684                 }
685                 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) {
686                         ia->prefix_vltime -= (uint32_t)n.tv_sec;
687                         /* This should never happen. */
688                         if (ia->prefix_vltime > vltime) {
689                                 logerrx("%s: %s: lifetime overflow",
690                                     ifp->name, ia->saddr);
691                                 ia->prefix_vltime = ia->prefix_pltime = 0;
692                         }
693                 }
694         }
695
696         logfunc = ia->flags & IPV6_AF_NEW ? loginfox : logdebugx;
697         logfunc("%s: adding %saddress %s", ifp->name,
698 #ifdef IPV6_AF_TEMPORARY
699             ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "",
700 #else
701             "",
702 #endif
703             ia->saddr);
704         if (ia->prefix_pltime == ND6_INFINITE_LIFETIME &&
705             ia->prefix_vltime == ND6_INFINITE_LIFETIME)
706                 logdebugx("%s: pltime infinity, vltime infinity",
707                     ifp->name);
708         else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME)
709                 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds",
710                     ifp->name, ia->prefix_vltime);
711         else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME)
712                 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity",
713                     ifp->name, ia->prefix_pltime);
714         else
715                 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32
716                     " seconds",
717                     ifp->name, ia->prefix_pltime, ia->prefix_vltime);
718
719
720         if (if_address6(RTM_NEWADDR, ia) == -1) {
721                 logerr(__func__);
722                 /* Restore real pltime and vltime */
723                 ia->prefix_pltime = pltime;
724                 ia->prefix_vltime = vltime;
725                 return -1;
726         }
727
728 #ifdef IPV6_MANAGETEMPADDR
729         /* RFC4941 Section 3.4 */
730         if (ia->flags & IPV6_AF_TEMPORARY &&
731             ia->prefix_pltime &&
732             ia->prefix_vltime &&
733             ip6_use_tempaddr(ifp->name))
734                 eloop_timeout_add_sec(ifp->ctx->eloop,
735                     (time_t)ia->prefix_pltime - REGEN_ADVANCE,
736                     ipv6_regentempaddr, ia);
737 #endif
738
739         /* Restore real pltime and vltime */
740         ia->prefix_pltime = pltime;
741         ia->prefix_vltime = vltime;
742
743         ia->flags &= ~IPV6_AF_NEW;
744         ia->flags |= IPV6_AF_ADDED;
745 #ifndef SMALL
746         if (ia->delegating_prefix != NULL)
747                 ia->flags |= IPV6_AF_DELEGATED;
748 #endif
749
750 #ifdef IPV6_POLLADDRFLAG
751         eloop_timeout_delete(ifp->ctx->eloop,
752                 ipv6_checkaddrflags, ia);
753         if (!(ia->flags & IPV6_AF_DADCOMPLETED)) {
754                 struct timespec tv;
755
756                 ms_to_ts(&tv, RETRANS_TIMER / 2);
757                 eloop_timeout_add_tv(ifp->ctx->eloop,
758                     &tv, ipv6_checkaddrflags, ia);
759         }
760 #endif
761
762 #ifdef __sun
763         /* Solaris does not announce new addresses which need DaD
764          * so we need to take a copy and add it to our list.
765          * Otherwise aliasing gets confused if we add another
766          * address during DaD. */
767
768         state = IPV6_STATE(ifp);
769         TAILQ_FOREACH(ia2, &state->addrs, next) {
770                 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr))
771                         break;
772         }
773         if (ia2 == NULL) {
774                 if ((ia2 = malloc(sizeof(*ia2))) == NULL) {
775                         logerr(__func__);
776                         return 0; /* Well, we did add the address */
777                 }
778                 memcpy(ia2, ia, sizeof(*ia2));
779                 TAILQ_INSERT_TAIL(&state->addrs, ia2, next);
780         }
781 #endif
782
783         return 0;
784 }
785
786 #ifdef ALIAS_ADDR
787 /* Find the next logical aliase address we can use. */
788 static int
789 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl)
790 {
791         struct ipv6_state *state;
792         struct ipv6_addr *iap;
793         unsigned int unit;
794         char alias[IF_NAMESIZE];
795
796         if (ia->alias[0] != '\0')
797                 return 0;
798         state = IPV6_STATE(ia->iface);
799
800         /* First find an existng address.
801          * This can happen when dhcpcd restarts as ND and DHCPv6
802          * maintain their own lists of addresses. */
803         TAILQ_FOREACH(iap, &state->addrs, next) {
804                 if (iap->alias[0] != '\0' &&
805                     IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
806                 {
807                         strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
808                         return 0;
809                 }
810         }
811
812         unit = 0;
813 find_unit:
814         if (unit == 0)
815                 strlcpy(alias, ia->iface->name, sizeof(alias));
816         else
817                 snprintf(alias, sizeof(alias), "%s:%u", ia->iface->name, unit);
818         TAILQ_FOREACH(iap, &state->addrs, next) {
819                 if (iap->alias[0] == '\0')
820                         continue;
821                 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) {
822                         /* No address assigned? Lets use it. */
823                         strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
824                         if (repl)
825                                 *repl = iap;
826                         return 1;
827                 }
828                 if (strcmp(iap->alias, alias) == 0)
829                         break;
830         }
831
832         if (iap != NULL) {
833                 if (unit == UINT_MAX) {
834                         errno = ERANGE;
835                         return -1;
836                 }
837                 unit++;
838                 goto find_unit;
839         }
840
841         strlcpy(ia->alias, alias, sizeof(ia->alias));
842         return 0;
843 }
844 #endif
845
846 int
847 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now)
848 {
849         int r;
850 #ifdef ALIAS_ADDR
851         int replaced, blank;
852         struct ipv6_addr *replaced_ia;
853
854         blank = (ia->alias[0] == '\0');
855         if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1)
856                 return -1;
857         if (blank)
858                 logdebugx("%s: aliased %s", ia->alias, ia->saddr);
859 #endif
860
861         if ((r = ipv6_addaddr1(ia, now)) == 0) {
862 #ifdef ALIAS_ADDR
863                 if (replaced) {
864                         struct ipv6_state *state;
865
866                         state = IPV6_STATE(ia->iface);
867                         TAILQ_REMOVE(&state->addrs, replaced_ia, next);
868                         ipv6_freeaddr(replaced_ia);
869                 }
870 #endif
871         }
872         return r;
873 }
874
875 int
876 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match,
877     unsigned int flags)
878 {
879
880         if (match == NULL) {
881                 if ((addr->flags &
882                     (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) ==
883                     (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED))
884                         return 1;
885         } else if (addr->prefix_vltime &&
886             IN6_ARE_ADDR_EQUAL(&addr->addr, match) &&
887             (!flags || addr->flags & flags))
888                 return 1;
889
890         return 0;
891 }
892
893 struct ipv6_addr *
894 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags)
895 {
896         struct ipv6_addr *dap, *nap;
897
898         dap = dhcp6_findaddr(ctx, addr, flags);
899         nap = ipv6nd_findaddr(ctx, addr, flags);
900         if (!dap && !nap)
901                 return NULL;
902         if (dap && !nap)
903                 return dap;
904         if (nap && !dap)
905                 return nap;
906         if (nap->iface->metric < dap->iface->metric)
907                 return nap;
908         return dap;
909 }
910
911 ssize_t
912 ipv6_addaddrs(struct ipv6_addrhead *addrs)
913 {
914         struct ipv6_addr *ap, *apn, *apf;
915         ssize_t i;
916         struct timespec now;
917
918         i = 0;
919         timespecclear(&now);
920         TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
921                 /* A delegated prefix is not an address. */
922                 if (ap->flags & IPV6_AF_DELEGATEDPFX)
923                         continue;
924                 if (ap->prefix_vltime == 0) {
925                         if (ap->flags & IPV6_AF_ADDED) {
926                                 ipv6_deleteaddr(ap);
927                                 i++;
928                         }
929                         eloop_q_timeout_delete(ap->iface->ctx->eloop,
930                             0, NULL, ap);
931                         if (ap->flags & IPV6_AF_REQUEST) {
932                                 ap->flags &= ~IPV6_AF_ADDED;
933                         } else {
934                                 TAILQ_REMOVE(addrs, ap, next);
935                                 ipv6_freeaddr(ap);
936                         }
937                 } else if (!(ap->flags & IPV6_AF_STALE) &&
938                     !IN6_IS_ADDR_UNSPECIFIED(&ap->addr))
939                 {
940                         apf = ipv6_findaddr(ap->iface->ctx,
941                             &ap->addr, IPV6_AF_ADDED);
942                         if (apf && apf->iface != ap->iface) {
943                                 if (apf->iface->metric <= ap->iface->metric) {
944                                         loginfox("%s: preferring %s on %s",
945                                             ap->iface->name,
946                                             ap->saddr,
947                                             apf->iface->name);
948                                         continue;
949                                 }
950                                 loginfox("%s: preferring %s on %s",
951                                     apf->iface->name,
952                                     ap->saddr,
953                                     ap->iface->name);
954                                 if (if_address6(RTM_DELADDR, apf) == -1 &&
955                                     errno != EADDRNOTAVAIL && errno != ENXIO)
956                                         logerr(__func__);
957                                 apf->flags &=
958                                     ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED);
959                         } else if (apf)
960                                 apf->flags &= ~IPV6_AF_ADDED;
961                         if (ap->flags & IPV6_AF_NEW)
962                                 i++;
963                         if (!timespecisset(&now))
964                                 clock_gettime(CLOCK_MONOTONIC, &now);
965                         ipv6_addaddr(ap, &now);
966                 }
967         }
968
969         return i;
970 }
971
972 void
973 ipv6_freeaddr(struct ipv6_addr *ia)
974 {
975 #ifndef SMALL
976         struct ipv6_addr *iad;
977
978         /* Forget the reference */
979         if (ia->flags & IPV6_AF_DELEGATEDPFX) {
980                 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) {
981                         iad->delegating_prefix = NULL;
982                 }
983         } else if (ia->delegating_prefix != NULL) {
984                 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next);
985         }
986 #endif
987
988         if (ia->dhcp6_fd != -1) {
989                 close(ia->dhcp6_fd);
990                 eloop_event_delete(ia->iface->ctx->eloop, ia->dhcp6_fd);
991         }
992
993         eloop_q_timeout_delete(ia->iface->ctx->eloop, 0, NULL, ia);
994         free(ia);
995 }
996
997 void
998 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
999     const struct interface *ifd)
1000 {
1001         struct ipv6_addr *ap, *apn, *apf;
1002         struct timespec now;
1003
1004 #ifdef SMALL
1005         UNUSED(ifd);
1006 #endif
1007         timespecclear(&now);
1008         TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
1009 #ifndef SMALL
1010                 if (ifd != NULL &&
1011                     (ap->delegating_prefix == NULL ||
1012                     ap->delegating_prefix->iface != ifd))
1013                         continue;
1014 #endif
1015                 if (drop != 2)
1016                         TAILQ_REMOVE(addrs, ap, next);
1017                 if (drop && ap->flags & IPV6_AF_ADDED &&
1018                     (ap->iface->options->options &
1019                     (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
1020                     (DHCPCD_EXITING | DHCPCD_PERSISTENT))
1021                 {
1022                         /* Don't drop link-local addresses. */
1023                         if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) ||
1024                             CAN_DROP_LLADDR(ap->iface))
1025                         {
1026                                 if (drop == 2)
1027                                         TAILQ_REMOVE(addrs, ap, next);
1028                                 /* Find the same address somewhere else */
1029                                 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr,
1030                                     0);
1031                                 if ((apf == NULL ||
1032                                     (apf->iface != ap->iface)))
1033                                         ipv6_deleteaddr(ap);
1034                                 if (!(ap->iface->options->options &
1035                                     DHCPCD_EXITING) && apf)
1036                                 {
1037                                         if (!timespecisset(&now))
1038                                                 clock_gettime(CLOCK_MONOTONIC,
1039                                                     &now);
1040                                         ipv6_addaddr(apf, &now);
1041                                 }
1042                                 if (drop == 2)
1043                                         ipv6_freeaddr(ap);
1044                         }
1045                 }
1046                 if (drop != 2)
1047                         ipv6_freeaddr(ap);
1048         }
1049 }
1050
1051 static struct ipv6_state *
1052 ipv6_getstate(struct interface *ifp)
1053 {
1054         struct ipv6_state *state;
1055
1056         state = IPV6_STATE(ifp);
1057         if (state == NULL) {
1058                 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
1059                 state = IPV6_STATE(ifp);
1060                 if (state == NULL) {
1061                         logerr(__func__);
1062                         return NULL;
1063                 }
1064                 TAILQ_INIT(&state->addrs);
1065                 TAILQ_INIT(&state->ll_callbacks);
1066
1067                 /* Regenerate new ids */
1068                 if (ifp->options &&
1069                     ip6_use_tempaddr(ifp->name))
1070                         ipv6_regentempifid(ifp);
1071         }
1072         return state;
1073 }
1074
1075 void
1076 ipv6_handleifa(struct dhcpcd_ctx *ctx,
1077     int cmd, struct if_head *ifs, const char *ifname,
1078     const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid)
1079 {
1080         struct interface *ifp;
1081         struct ipv6_state *state;
1082         struct ipv6_addr *ia;
1083         struct ll_callback *cb;
1084
1085 #if 0
1086         char dbuf[INET6_ADDRSTRLEN];
1087         const char *dbp;
1088
1089         dbp = inet_ntop(AF_INET6, &addr->s6_addr,
1090             dbuf, INET6_ADDRSTRLEN);
1091         loginfox("%s: cmd %d addr %s",
1092             ifname, cmd, dbp);
1093 #endif
1094
1095         if (ifs == NULL)
1096                 ifs = ctx->ifaces;
1097         if (ifs == NULL)
1098                 return;
1099         if ((ifp = if_find(ifs, ifname)) == NULL)
1100                 return;
1101         if ((state = ipv6_getstate(ifp)) == NULL)
1102                 return;
1103
1104         TAILQ_FOREACH(ia, &state->addrs, next) {
1105                 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr))
1106                         break;
1107         }
1108
1109         switch (cmd) {
1110         case RTM_DELADDR:
1111                 if (ia != NULL) {
1112                         TAILQ_REMOVE(&state->addrs, ia, next);
1113                         /* We'll free it at the end of the function. */
1114                 }
1115                 break;
1116         case RTM_NEWADDR:
1117                 if (ia == NULL) {
1118                         ia = ipv6_newaddr(ifp, addr, prefix_len, 0);
1119 #ifdef ALIAS_ADDR
1120                         strlcpy(ia->alias, ifname, sizeof(ia->alias));
1121 #endif
1122                         if (if_getlifetime6(ia) == -1) {
1123                                 /* No support or address vanished.
1124                                  * Either way, just set a deprecated
1125                                  * infinite time lifetime and continue.
1126                                  * This is fine because we only want
1127                                  * to know this when trying to extend
1128                                  * temporary addresses.
1129                                  * As we can't extend infinite, we'll
1130                                  * create a new temporary address. */
1131                                 ia->prefix_pltime = 0;
1132                                 ia->prefix_vltime =
1133                                     ND6_INFINITE_LIFETIME;
1134                         }
1135                         /* This is a minor regression against RFC 4941
1136                          * because the kernel only knows when the
1137                          * lifetimes were last updated, not when the
1138                          * address was initially created.
1139                          * Provided dhcpcd is not restarted, this
1140                          * won't be a problem.
1141                          * If we don't like it, we can always
1142                          * pretend lifetimes are infinite and always
1143                          * generate a new temporary address on
1144                          * restart. */
1145                         ia->acquired = ia->created;
1146                         TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1147                 }
1148                 ia->addr_flags = addrflags;
1149                 ia->flags &= ~IPV6_AF_STALE;
1150 #ifdef IPV6_MANAGETEMPADDR
1151                 if (ia->addr_flags & IN6_IFF_TEMPORARY)
1152                         ia->flags |= IPV6_AF_TEMPORARY;
1153 #endif
1154                 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) {
1155 #ifdef IPV6_POLLADDRFLAG
1156                         if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1157                                 struct timespec tv;
1158
1159                                 ms_to_ts(&tv, RETRANS_TIMER / 2);
1160                                 eloop_timeout_add_tv(
1161                                     ia->iface->ctx->eloop,
1162                                     &tv, ipv6_checkaddrflags, ia);
1163                                 break;
1164                         }
1165 #endif
1166
1167                         if (ia->dadcallback) {
1168                                 ia->dadcallback(ia);
1169                                 if (ctx->options & DHCPCD_FORKED)
1170                                         goto out;
1171                         }
1172
1173                         if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) &&
1174                             !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1175                         {
1176                                 /* Now run any callbacks.
1177                                  * Typically IPv6RS or DHCPv6 */
1178                                 while ((cb =
1179                                     TAILQ_FIRST(&state->ll_callbacks)))
1180                                 {
1181                                         TAILQ_REMOVE(
1182                                             &state->ll_callbacks,
1183                                             cb, next);
1184                                         cb->callback(cb->arg);
1185                                         free(cb);
1186                                         if (ctx->options & DHCPCD_FORKED)
1187                                                 goto out;
1188                                 }
1189                         }
1190                 }
1191                 break;
1192         }
1193
1194         if (ia == NULL)
1195                 return;
1196
1197         ipv6nd_handleifa(cmd, ia, pid);
1198 #ifdef DHCP6
1199         dhcp6_handleifa(cmd, ia, pid);
1200 #endif
1201
1202 out:
1203         /* Done with the ia now, so free it. */
1204         if (cmd == RTM_DELADDR)
1205                 ipv6_freeaddr(ia);
1206 }
1207
1208 int
1209 ipv6_hasaddr(const struct interface *ifp)
1210 {
1211
1212         if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL)
1213                 return 1;
1214         if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL)
1215                 return 1;
1216         return 0;
1217 }
1218
1219 struct ipv6_addr *
1220 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr,
1221     int revflags)
1222 {
1223         struct ipv6_state *state;
1224         struct ipv6_addr *ap;
1225
1226         state = IPV6_STATE(ifp);
1227         if (state) {
1228                 TAILQ_FOREACH(ap, &state->addrs, next) {
1229                         if (addr == NULL) {
1230                                 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1231                                     (!revflags || !(ap->addr_flags & revflags)))
1232                                         return ap;
1233                         } else {
1234                                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1235                                     (!revflags || !(ap->addr_flags & revflags)))
1236                                         return ap;
1237                         }
1238                 }
1239         }
1240         return NULL;
1241 }
1242
1243 static struct ipv6_addr *
1244 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr)
1245 {
1246         struct ipv6_state *state;
1247         struct ipv6_addr *ap;
1248         struct in6_addr mask;
1249
1250         state = IPV6_STATE(ifp);
1251         if (state) {
1252                 TAILQ_FOREACH(ap, &state->addrs, next) {
1253                         if (ipv6_mask(&mask, ap->prefix_len) == -1)
1254                                 continue;
1255                         if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask))
1256                                 return ap;
1257                 }
1258         }
1259         return NULL;
1260 }
1261
1262 struct ipv6_addr *
1263 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr)
1264 {
1265         struct interface *ifp;
1266         struct ipv6_addr *ap;
1267
1268         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1269                 ap = ipv6_iffindmaskaddr(ifp, addr);
1270                 if (ap != NULL)
1271                         return ap;
1272         }
1273         return NULL;
1274 }
1275
1276 int
1277 ipv6_addlinklocalcallback(struct interface *ifp,
1278     void (*callback)(void *), void *arg)
1279 {
1280         struct ipv6_state *state;
1281         struct ll_callback *cb;
1282
1283         state = ipv6_getstate(ifp);
1284         TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1285                 if (cb->callback == callback && cb->arg == arg)
1286                         break;
1287         }
1288         if (cb == NULL) {
1289                 cb = malloc(sizeof(*cb));
1290                 if (cb == NULL) {
1291                         logerr(__func__);
1292                         return -1;
1293                 }
1294                 cb->callback = callback;
1295                 cb->arg = arg;
1296                 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1297         }
1298         return 0;
1299 }
1300
1301 static struct ipv6_addr *
1302 ipv6_newlinklocal(struct interface *ifp)
1303 {
1304         struct ipv6_addr *ia;
1305         struct in6_addr in6;
1306
1307         memset(&in6, 0, sizeof(in6));
1308         in6.s6_addr32[0] = htonl(0xfe800000);
1309         ia = ipv6_newaddr(ifp, &in6, 64, 0);
1310         if (ia != NULL) {
1311                 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1312                 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1313         }
1314         return ia;
1315 }
1316
1317 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1318 static const uint8_t allone[8] =
1319     { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1320
1321 static int
1322 ipv6_addlinklocal(struct interface *ifp)
1323 {
1324         struct ipv6_state *state;
1325         struct ipv6_addr *ap, *ap2;
1326         int dadcounter;
1327
1328         /* Check sanity before malloc */
1329         if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1330                 switch (ifp->family) {
1331                 case ARPHRD_ETHER:
1332                         /* Check for a valid hardware address */
1333                         if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1334                                 errno = ENOTSUP;
1335                                 return -1;
1336                         }
1337                         if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1338                             memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1339                         {
1340                                 errno = EINVAL;
1341                                 return -1;
1342                         }
1343                         break;
1344                 default:
1345                         errno = ENOTSUP;
1346                         return -1;
1347                 }
1348         }
1349
1350         state = ipv6_getstate(ifp);
1351         if (state == NULL)
1352                 return -1;
1353
1354         ap = ipv6_newlinklocal(ifp);
1355         if (ap == NULL)
1356                 return -1;
1357
1358         dadcounter = 0;
1359         if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1360 nextslaacprivate:
1361                 if (ipv6_makestableprivate(&ap->addr,
1362                         &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1363                 {
1364                         free(ap);
1365                         return -1;
1366                 }
1367                 ap->dadcounter = dadcounter;
1368         } else {
1369                 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1370                 switch (ifp->family) {
1371                 case ARPHRD_ETHER:
1372                         if (ifp->hwlen == 6) {
1373                                 ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1374                                 ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1375                                 ap->addr.s6_addr[10] = ifp->hwaddr[2];
1376                                 ap->addr.s6_addr[11] = 0xff;
1377                                 ap->addr.s6_addr[12] = 0xfe;
1378                                 ap->addr.s6_addr[13] = ifp->hwaddr[3];
1379                                 ap->addr.s6_addr[14] = ifp->hwaddr[4];
1380                                 ap->addr.s6_addr[15] = ifp->hwaddr[5];
1381                         } else if (ifp->hwlen == 8)
1382                                 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1383                         else {
1384                                 free(ap);
1385                                 errno = ENOTSUP;
1386                                 return -1;
1387                         }
1388                         break;
1389                 }
1390
1391                 /* Sanity check: g bit must not indciate "group" */
1392                 if (EUI64_GROUP(&ap->addr)) {
1393                         free(ap);
1394                         errno = EINVAL;
1395                         return -1;
1396                 }
1397                 EUI64_TO_IFID(&ap->addr);
1398         }
1399
1400         /* Do we already have this address? */
1401         TAILQ_FOREACH(ap2, &state->addrs, next) {
1402                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1403                         if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1404                                 if (ifp->options->options &
1405                                     DHCPCD_SLAACPRIVATE)
1406                                 {
1407                                         dadcounter++;
1408                                         goto nextslaacprivate;
1409                                 }
1410                                 free(ap);
1411                                 errno = EADDRNOTAVAIL;
1412                                 return -1;
1413                         }
1414
1415                         logwarnx("%s: waiting for %s to complete",
1416                             ap2->iface->name, ap2->saddr);
1417                         free(ap);
1418                         errno = EEXIST;
1419                         return 0;
1420                 }
1421         }
1422
1423         inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1424         TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1425         ipv6_addaddr(ap, NULL);
1426         return 1;
1427 }
1428
1429 static int
1430 ipv6_tryaddlinklocal(struct interface *ifp)
1431 {
1432         struct ipv6_addr *ia;
1433
1434         /* We can't assign a link-locak address to this,
1435          * the ppp process has to. */
1436         if (ifp->flags & IFF_POINTOPOINT)
1437                 return 0;
1438
1439         ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED);
1440         if (ia != NULL) {
1441 #ifdef IPV6_POLLADDRFLAG
1442                 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1443                         struct timespec tv;
1444
1445                         ms_to_ts(&tv, RETRANS_TIMER / 2);
1446                         eloop_timeout_add_tv(
1447                             ia->iface->ctx->eloop,
1448                             &tv, ipv6_checkaddrflags, ia);
1449                 }
1450 #endif
1451                 return 0;
1452         }
1453         if (!CAN_ADD_LLADDR(ifp))
1454                 return 0;
1455
1456         return ipv6_addlinklocal(ifp);
1457 }
1458
1459 struct ipv6_addr *
1460 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr,
1461     uint8_t prefix_len, unsigned int flags)
1462 {
1463         struct ipv6_addr *ia;
1464         char buf[INET6_ADDRSTRLEN];
1465         const char *cbp;
1466         bool tempaddr;
1467         int addr_flags;
1468
1469         /* If adding a new DHCP / RA derived address, check current flags
1470          * from an existing address. */
1471         ia = ipv6_iffindaddr(ifp, addr, 0);
1472         if (ia != NULL)
1473                 addr_flags = ia->addr_flags;
1474         else
1475                 addr_flags = IN6_IFF_TENTATIVE;
1476
1477         ia = calloc(1, sizeof(*ia));
1478         if (ia == NULL)
1479                 goto err;
1480
1481         ia->iface = ifp;
1482         ia->flags = IPV6_AF_NEW | flags;
1483         ia->addr_flags = addr_flags;
1484         ia->prefix_len = prefix_len;
1485         ia->dhcp6_fd = -1;
1486
1487 #ifdef IPV6_AF_TEMPORARY
1488         tempaddr = ia->flags & IPV6_AF_TEMPORARY;
1489 #else
1490         tempaddr = false;
1491 #endif
1492
1493         if (ia->flags & IPV6_AF_AUTOCONF && !tempaddr) {
1494                 ia->prefix = *addr;
1495                 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp,
1496                                                &ia->prefix,
1497                                                ia->prefix_len);
1498                 if (ia->dadcounter == -1)
1499                         goto err;
1500         } else if (ia->flags & IPV6_AF_RAPFX) {
1501                 ia->prefix = *addr;
1502                 return ia;
1503         } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX) &&
1504                    prefix_len != 128)
1505         {
1506                 ia->prefix = *addr;
1507                 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf));
1508                 goto paddr;
1509         } else {
1510                 ia->addr = *addr;
1511                 if (ipv6_makeprefix(&ia->prefix,
1512                                     &ia->addr, ia->prefix_len) == -1)
1513                         goto err;
1514         }
1515
1516         cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1517 paddr:
1518         if (cbp == NULL)
1519                 goto err;
1520         snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len);
1521
1522         return ia;
1523
1524 err:
1525         logerr(__func__);
1526         free(ia);
1527         return NULL;
1528 }
1529
1530 static void
1531 ipv6_staticdadcallback(void *arg)
1532 {
1533         struct ipv6_addr *ia = arg;
1534         int wascompleted;
1535
1536         wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
1537         ia->flags |= IPV6_AF_DADCOMPLETED;
1538         if (ia->flags & IPV6_AF_DUPLICATED)
1539                 logwarnx("%s: DAD detected %s", ia->iface->name,
1540                     ia->saddr);
1541         else if (!wascompleted) {
1542                 logdebugx("%s: IPv6 static DAD completed",
1543                     ia->iface->name);
1544         }
1545
1546 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1547         if (!wascompleted) {
1548                 struct interface *ifp;
1549                 struct ipv6_state *state;
1550
1551                 ifp = ia->iface;
1552                 state = IPV6_STATE(ifp);
1553                 TAILQ_FOREACH(ia, &state->addrs, next) {
1554                         if (ia->flags & IPV6_AF_STATIC &&
1555                             (ia->flags & FINISHED) != FINISHED)
1556                         {
1557                                 wascompleted = 1;
1558                                 break;
1559                         }
1560                 }
1561                 if (!wascompleted)
1562                         script_runreason(ifp, "STATIC6");
1563         }
1564 #undef FINISHED
1565 }
1566
1567 ssize_t
1568 ipv6_env(char **env, const char *prefix, const struct interface *ifp)
1569 {
1570         char **ep;
1571         ssize_t n;
1572         struct ipv6_addr *ia;
1573
1574         ep = env;
1575         n = 0;
1576         ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6,
1577             IN6_IFF_NOTUSEABLE);
1578         if (ia) {
1579                 if (env)
1580                         addvar(&ep, prefix, "ip6_address", ia->saddr);
1581                 n++;
1582         }
1583
1584         return n;
1585 }
1586
1587 int
1588 ipv6_staticdadcompleted(const struct interface *ifp)
1589 {
1590         const struct ipv6_state *state;
1591         const struct ipv6_addr *ia;
1592         int n;
1593
1594         if ((state = IPV6_CSTATE(ifp)) == NULL)
1595                 return 0;
1596         n = 0;
1597 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1598         TAILQ_FOREACH(ia, &state->addrs, next) {
1599                 if ((ia->flags & COMPLETED) == COMPLETED &&
1600                     !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1601                         n++;
1602         }
1603         return n;
1604 }
1605
1606 int
1607 ipv6_startstatic(struct interface *ifp)
1608 {
1609         struct ipv6_addr *ia;
1610         int run_script;
1611
1612         if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6))
1613                 return 0;
1614
1615         ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0);
1616         if (ia != NULL &&
1617             (ia->prefix_len != ifp->options->req_prefix_len ||
1618             ia->addr_flags & IN6_IFF_NOTUSEABLE))
1619         {
1620                 ipv6_deleteaddr(ia);
1621                 ia = NULL;
1622         }
1623         if (ia == NULL) {
1624                 struct ipv6_state *state;
1625
1626                 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6,
1627                     ifp->options->req_prefix_len, 0);
1628                 if (ia == NULL)
1629                         return -1;
1630                 state = IPV6_STATE(ifp);
1631                 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1632                 run_script = 0;
1633         } else
1634                 run_script = 1;
1635         ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK;
1636         ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1637         ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1638         ia->dadcallback = ipv6_staticdadcallback;
1639         ipv6_addaddr(ia, NULL);
1640         if_initrt(ifp->ctx, AF_INET6);
1641         rt_build(ifp->ctx, AF_INET6);
1642         if (run_script)
1643                 script_runreason(ifp, "STATIC6");
1644         return 1;
1645 }
1646
1647 /* Ensure the interface has a link-local address */
1648 int
1649 ipv6_start(struct interface *ifp)
1650 {
1651 #ifdef IPV6_POLLADDRFLAG
1652         struct ipv6_state *state;
1653
1654         /* We need to update the address flags. */
1655         if ((state = IPV6_STATE(ifp)) != NULL) {
1656                 struct ipv6_addr *ia;
1657                 const char *alias;
1658                 int flags;
1659
1660                 TAILQ_FOREACH(ia, &state->addrs, next) {
1661 #ifdef ALIAS_ADDR
1662                         alias = ia->alias;
1663 #else
1664                         alias = NULL;
1665 #endif
1666                         flags = if_addrflags6(ia->iface, &ia->addr, alias);
1667                         if (flags != -1)
1668                                 ia->addr_flags = flags;
1669                 }
1670         }
1671 #endif
1672
1673         if (ipv6_tryaddlinklocal(ifp) == -1)
1674                 return -1;
1675
1676         if (IPV6_CSTATE(ifp)) {
1677                 /* Regenerate new ids */
1678                 if (ip6_use_tempaddr(ifp->name))
1679                         ipv6_regentempifid(ifp);
1680         }
1681
1682         /* Load existing routes */
1683         if_initrt(ifp->ctx, AF_INET6);
1684         return 0;
1685 }
1686
1687 void
1688 ipv6_freedrop(struct interface *ifp, int drop)
1689 {
1690         struct ipv6_state *state;
1691         struct ll_callback *cb;
1692
1693         if (ifp == NULL)
1694                 return;
1695
1696         if ((state = IPV6_STATE(ifp)) == NULL)
1697                 return;
1698
1699         /* If we got here, we can get rid of any LL callbacks. */
1700         while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1701                 TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1702                 free(cb);
1703         }
1704
1705         ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1706         if (drop) {
1707                 if (ifp->ctx->ra_routers != NULL) {
1708                         if_initrt(ifp->ctx, AF_INET6);
1709                         rt_build(ifp->ctx, AF_INET6);
1710                 }
1711         } else {
1712                 /* Because we need to cache the addresses we don't control,
1713                  * we only free the state on when NOT dropping addresses. */
1714                 free(state);
1715                 ifp->if_data[IF_DATA_IPV6] = NULL;
1716                 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1717         }
1718 }
1719
1720 void
1721 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1722 {
1723
1724         free(ctx->ra_routers);
1725         free(ctx->secret);
1726 }
1727
1728 int
1729 ipv6_handleifa_addrs(int cmd,
1730     struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid)
1731 {
1732         struct ipv6_addr *ia, *ian;
1733         uint8_t found, alldadcompleted;
1734
1735         alldadcompleted = 1;
1736         found = 0;
1737         TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
1738                 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) {
1739                         if (ia->flags & IPV6_AF_ADDED &&
1740                             !(ia->flags & IPV6_AF_DADCOMPLETED))
1741                                 alldadcompleted = 0;
1742                         continue;
1743                 }
1744                 switch (cmd) {
1745                 case RTM_DELADDR:
1746                         if (ia->flags & IPV6_AF_ADDED) {
1747                                 logwarnx("%s: pid %d deleted address %s",
1748                                     ia->iface->name, pid, ia->saddr);
1749                                 ia->flags &= ~IPV6_AF_ADDED;
1750                         }
1751                         if (ia->flags & IPV6_AF_DELEGATED) {
1752                                 TAILQ_REMOVE(addrs, ia, next);
1753                                 ipv6_deletedaddr(ia);
1754                                 ipv6_freeaddr(ia);
1755                         }
1756                         break;
1757                 case RTM_NEWADDR:
1758                         /* Safety - ignore tentative announcements */
1759                         if (addr->addr_flags &
1760                             (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE))
1761                                 break;
1762                         if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) {
1763                                 found++;
1764                                 if (addr->addr_flags & IN6_IFF_DUPLICATED)
1765                                         ia->flags |= IPV6_AF_DUPLICATED;
1766                                 else
1767                                         ia->flags &= ~IPV6_AF_DUPLICATED;
1768                                 if (ia->dadcallback)
1769                                         ia->dadcallback(ia);
1770                                 /* We need to set this here in-case the
1771                                  * dadcallback function checks it */
1772                                 ia->flags |= IPV6_AF_DADCOMPLETED;
1773                         }
1774                         break;
1775                 }
1776         }
1777
1778         return alldadcompleted ? found : 0;
1779 }
1780
1781 #ifdef IPV6_MANAGETEMPADDR
1782 static const struct ipv6_addr *
1783 ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr)
1784 {
1785         const struct interface *ifp;
1786         const struct ipv6_state *state;
1787         const struct ipv6_addr *ia;
1788
1789         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1790                 if ((state = IPV6_CSTATE(ifp))) {
1791                         TAILQ_FOREACH(ia, &state->addrs, next) {
1792                                 if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0)
1793                                         return ia;
1794                         }
1795                 }
1796         }
1797         return NULL;
1798 }
1799
1800 static const uint8_t nullid[8];
1801 static const uint8_t anycastid[8] = {
1802     0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 };
1803 static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe };
1804
1805 static void
1806 ipv6_regen_desync(struct interface *ifp, int force)
1807 {
1808         struct ipv6_state *state;
1809         time_t max;
1810
1811         state = IPV6_STATE(ifp);
1812
1813         /* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1814          * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1815          * I believe this is an error and it should be never be greateter than
1816          * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1817         max = ip6_temp_preferred_lifetime(ifp->name) - REGEN_ADVANCE;
1818         if (state->desync_factor && !force && state->desync_factor < max)
1819                 return;
1820         if (state->desync_factor == 0)
1821                 state->desync_factor =
1822                     (time_t)arc4random_uniform(MIN(MAX_DESYNC_FACTOR,
1823                     (uint32_t)max));
1824         max = ip6_temp_preferred_lifetime(ifp->name) -
1825             state->desync_factor - REGEN_ADVANCE;
1826         eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp);
1827 }
1828
1829 void
1830 ipv6_gentempifid(struct interface *ifp)
1831 {
1832         struct ipv6_state *state;
1833         MD5_CTX md5;
1834         uint8_t seed[16], digest[16];
1835         int retry;
1836
1837         if ((state = IPV6_STATE(ifp)) == NULL)
1838                 return;
1839
1840         retry = 0;
1841         if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) {
1842                 uint32_t r;
1843
1844                 r = arc4random();
1845                 memcpy(seed, &r, sizeof(r));
1846                 r = arc4random();
1847                 memcpy(seed + sizeof(r), &r, sizeof(r));
1848         } else
1849                 memcpy(seed, state->randomseed0, sizeof(state->randomseed0));
1850
1851         memcpy(seed + sizeof(state->randomseed0),
1852             state->randomseed1, sizeof(state->randomseed1));
1853
1854 again:
1855         MD5Init(&md5);
1856         MD5Update(&md5, seed, sizeof(seed));
1857         MD5Final(digest, &md5);
1858
1859         /* RFC4941 Section 3.2.1.1
1860          * Take the left-most 64bits and set bit 6 to zero */
1861         memcpy(state->randomid, digest, sizeof(state->randomid));
1862         state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT);
1863
1864         /* RFC4941 Section 3.2.1.4
1865          * Reject reserved or existing id's */
1866         if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 ||
1867             (memcmp(anycastid, state->randomid, 7) == 0 &&
1868             (anycastid[7] & state->randomid[7]) == anycastid[7]) ||
1869             memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 ||
1870             ipv6_findaddrid(ifp->ctx, state->randomid))
1871         {
1872                 if (++retry < GEN_TEMPID_RETRY_MAX) {
1873                         memcpy(seed, digest + 8, 8);
1874                         goto again;
1875                 }
1876                 memset(state->randomid, 0, sizeof(state->randomid));
1877         }
1878
1879         /* RFC4941 Section 3.2.1.6
1880          * Save the right-most 64bits of the digest */
1881         memcpy(state->randomseed0, digest + 8,
1882             sizeof(state->randomseed0));
1883 }
1884
1885 /* RFC4941 Section 3.3.7 */
1886 static void
1887 ipv6_tempdadcallback(void *arg)
1888 {
1889         struct ipv6_addr *ia = arg;
1890
1891         if (ia->flags & IPV6_AF_DUPLICATED) {
1892                 struct ipv6_addr *ia1;
1893                 struct timespec tv;
1894
1895                 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1896                         logerrx("%s: too many duplicate temporary addresses",
1897                             ia->iface->name);
1898                         return;
1899                 }
1900                 clock_gettime(CLOCK_MONOTONIC, &tv);
1901                 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1902                         logerr(__func__);
1903                 else
1904                         ia1->dadcounter = ia->dadcounter;
1905                 ipv6_deleteaddr(ia);
1906                 if (ia1)
1907                         ipv6_addaddr(ia1, &ia1->acquired);
1908         }
1909 }
1910
1911 struct ipv6_addr *
1912 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1913 {
1914         struct ipv6_state *state;
1915         const struct ipv6_state *cstate;
1916         int genid;
1917         struct in6_addr addr, mask;
1918         uint32_t randid[2];
1919         const struct interface *ifp;
1920         const struct ipv6_addr *ap;
1921         struct ipv6_addr *ia;
1922         uint32_t i, trylimit;
1923
1924         trylimit = TEMP_IDGEN_RETRIES;
1925         state = IPV6_STATE(ia0->iface);
1926         genid = 0;
1927
1928         addr = ia0->addr;
1929         ipv6_mask(&mask, ia0->prefix_len);
1930         /* clear the old ifid */
1931         for (i = 0; i < 4; i++)
1932                 addr.s6_addr32[i] &= mask.s6_addr32[i];
1933
1934 again:
1935         if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0)
1936                 genid = 1;
1937         if (genid) {
1938                 memcpy(state->randomseed1, &ia0->addr.s6_addr[8],
1939                     sizeof(state->randomseed1));
1940                 ipv6_gentempifid(ia0->iface);
1941                 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) {
1942                         errno = EFAULT;
1943                         return NULL;
1944                 }
1945         }
1946         memcpy(&randid[0], state->randomid, sizeof(randid[0]));
1947         memcpy(&randid[1], state->randomid + sizeof(randid[1]),
1948             sizeof(randid[2]));
1949         addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2];
1950         addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3];
1951
1952         /* Ensure we don't already have it */
1953         TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) {
1954                 cstate = IPV6_CSTATE(ifp);
1955                 if (cstate) {
1956                         TAILQ_FOREACH(ap, &cstate->addrs, next) {
1957                                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) {
1958                                         if (--trylimit == 0) {
1959                                                 errno = EEXIST;
1960                                                 return NULL;
1961                                         }
1962                                         genid = 1;
1963                                         goto again;
1964                                 }
1965                         }
1966                 }
1967         }
1968
1969         ia = ipv6_newaddr(ia0->iface, &addr, ia0->prefix_len,
1970             IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY);
1971         /* Must be made tentative, for our DaD to work */
1972         ia->addr_flags = IN6_IFF_TENTATIVE;
1973         ia->dadcallback = ipv6_tempdadcallback;
1974         ia->created = ia->acquired = now ? *now : ia0->acquired;
1975
1976         /* Ensure desync is still valid */
1977         ipv6_regen_desync(ia->iface, 0);
1978
1979         /* RFC4941 Section 3.3.4 */
1980         i = (uint32_t)(ip6_temp_preferred_lifetime(ia0->iface->name) -
1981             state->desync_factor);
1982         ia->prefix_pltime = MIN(ia0->prefix_pltime, i);
1983         i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name);
1984         ia->prefix_vltime = MIN(ia0->prefix_vltime, i);
1985         if (ia->prefix_pltime <= REGEN_ADVANCE ||
1986             ia->prefix_pltime > ia0->prefix_vltime)
1987         {
1988                 errno = EINVAL;
1989                 free(ia);
1990                 return NULL;
1991         }
1992
1993         TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1994         return ia;
1995 }
1996
1997 struct ipv6_addr *
1998 ipv6_settemptime(struct ipv6_addr *ia, int flags)
1999 {
2000         struct ipv6_state *state;
2001         struct ipv6_addr *ap, *first;
2002
2003         state = IPV6_STATE(ia->iface);
2004         first = NULL;
2005         TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
2006                 if (ap->flags & IPV6_AF_TEMPORARY &&
2007                     ap->prefix_pltime &&
2008                     IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
2009                 {
2010                         time_t max, ext;
2011
2012                         if (flags == 0) {
2013                                 if (ap->prefix_pltime -
2014                                     (uint32_t)(ia->acquired.tv_sec -
2015                                     ap->acquired.tv_sec)
2016                                     < REGEN_ADVANCE)
2017                                         continue;
2018
2019                                 return ap;
2020                         }
2021
2022                         if (!(ap->flags & IPV6_AF_ADDED))
2023                                 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
2024                         ap->flags &= ~IPV6_AF_STALE;
2025
2026                         /* RFC4941 Section 3.4
2027                          * Deprecated prefix, deprecate the temporary address */
2028                         if (ia->prefix_pltime == 0) {
2029                                 ap->prefix_pltime = 0;
2030                                 goto valid;
2031                         }
2032
2033                         /* Ensure desync is still valid */
2034                         ipv6_regen_desync(ap->iface, 0);
2035
2036                         /* RFC4941 Section 3.3.2
2037                          * Extend temporary times, but ensure that they
2038                          * never last beyond the system limit. */
2039                         ext = ia->acquired.tv_sec + (time_t)ia->prefix_pltime;
2040                         max = ap->created.tv_sec +
2041                             ip6_temp_preferred_lifetime(ap->iface->name) -
2042                             state->desync_factor;
2043                         if (ext < max)
2044                                 ap->prefix_pltime = ia->prefix_pltime;
2045                         else
2046                                 ap->prefix_pltime =
2047                                     (uint32_t)(max - ia->acquired.tv_sec);
2048
2049 valid:
2050                         ext = ia->acquired.tv_sec + (time_t)ia->prefix_vltime;
2051                         max = ap->created.tv_sec +
2052                             ip6_temp_valid_lifetime(ap->iface->name);
2053                         if (ext < max)
2054                                 ap->prefix_vltime = ia->prefix_vltime;
2055                         else
2056                                 ap->prefix_vltime =
2057                                     (uint32_t)(max - ia->acquired.tv_sec);
2058
2059                         /* Just extend the latest matching prefix */
2060                         ap->acquired = ia->acquired;
2061
2062                         /* If extending return the last match as
2063                          * it's the most current.
2064                          * If deprecating, deprecate any other addresses we
2065                          * may have, although this should not be needed */
2066                         if (ia->prefix_pltime)
2067                                 return ap;
2068                         if (first == NULL)
2069                                 first = ap;
2070                 }
2071         }
2072         return first;
2073 }
2074
2075 void
2076 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
2077 {
2078         struct ipv6_state *state;
2079         struct ipv6_addr *ia;
2080
2081         state = IPV6_STATE(ifp);
2082         TAILQ_FOREACH(ia, &state->addrs, next) {
2083                 if (ia->flags & IPV6_AF_TEMPORARY &&
2084                     !(ia->flags & IPV6_AF_STALE))
2085                         ipv6_addaddr(ia, now);
2086         }
2087 }
2088
2089 static void
2090 ipv6_regentempaddr(void *arg)
2091 {
2092         struct ipv6_addr *ia = arg, *ia1;
2093         struct timespec tv;
2094
2095         logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr);
2096         clock_gettime(CLOCK_MONOTONIC, &tv);
2097         ia1 = ipv6_createtempaddr(ia, &tv);
2098         if (ia1)
2099                 ipv6_addaddr(ia1, &tv);
2100         else
2101                 logerr(__func__);
2102 }
2103
2104 static void
2105 ipv6_regentempifid(void *arg)
2106 {
2107         struct interface *ifp = arg;
2108         struct ipv6_state *state;
2109
2110         state = IPV6_STATE(ifp);
2111         if (memcmp(state->randomid, nullid, sizeof(state->randomid)))
2112                 ipv6_gentempifid(ifp);
2113
2114         ipv6_regen_desync(ifp, 1);
2115 }
2116 #endif /* IPV6_MANAGETEMPADDR */
2117
2118 void
2119 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags)
2120 {
2121         struct ipv6_state *state;
2122         struct ipv6_addr *ia;
2123
2124         state = IPV6_STATE(ifp);
2125         if (state == NULL)
2126                 return;
2127
2128         TAILQ_FOREACH(ia, &state->addrs, next) {
2129                 if (flags == 0 || ia->flags & flags)
2130                         ia->flags |= IPV6_AF_STALE;
2131         }
2132 }
2133
2134 void
2135 ipv6_deletestaleaddrs(struct interface *ifp)
2136 {
2137         struct ipv6_state *state;
2138         struct ipv6_addr *ia, *ia1;
2139
2140         state = IPV6_STATE(ifp);
2141         if (state == NULL)
2142                 return;
2143
2144         TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) {
2145                 if (ia->flags & IPV6_AF_STALE)
2146                         ipv6_handleifa(ifp->ctx, RTM_DELADDR,
2147                             ifp->ctx->ifaces, ifp->name,
2148                             &ia->addr, ia->prefix_len, 0, getpid());
2149         }
2150 }
2151
2152
2153 static struct rt *
2154 inet6_makeroute(struct interface *ifp, const struct ra *rap)
2155 {
2156         struct rt *rt;
2157
2158         if ((rt = rt_new(ifp)) == NULL)
2159                 return NULL;
2160
2161 #ifdef HAVE_ROUTE_METRIC
2162         rt->rt_metric = ifp->metric;
2163 #endif
2164         if (rap != NULL)
2165                 rt->rt_mtu = rap->mtu;
2166         return rt;
2167 }
2168
2169 static struct rt *
2170 inet6_makeprefix(struct interface *ifp, const struct ra *rap,
2171     const struct ipv6_addr *addr)
2172 {
2173         struct rt *rt;
2174         struct in6_addr netmask;
2175
2176         if (addr == NULL || addr->prefix_len > 128) {
2177                 errno = EINVAL;
2178                 return NULL;
2179         }
2180
2181         /* There is no point in trying to manage a /128 prefix,
2182          * ones without a lifetime or ones not on link or delegated */
2183         if (addr->prefix_len == 128 ||
2184             addr->prefix_vltime == 0 ||
2185             !(addr->flags & (IPV6_AF_ONLINK | IPV6_AF_DELEGATEDPFX)))
2186                 return NULL;
2187
2188         /* Don't install a reject route when not creating bigger prefixes */
2189         if (addr->flags & IPV6_AF_NOREJECT)
2190                 return NULL;
2191
2192         /* This address is the delegated prefix, so add a reject route for
2193          * it via the loopback interface. */
2194         if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2195                 struct interface *lo0;
2196
2197                 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) {
2198                         if (lo0->flags & IFF_LOOPBACK)
2199                                 break;
2200                 }
2201                 if (lo0 == NULL)
2202                         logwarnx("cannot find a loopback interface "
2203                             "to reject via");
2204                 else
2205                         ifp = lo0;
2206         }
2207
2208         if ((rt = inet6_makeroute(ifp, rap)) == NULL)
2209                 return NULL;
2210
2211         sa_in6_init(&rt->rt_dest, &addr->prefix);
2212         ipv6_mask(&netmask, addr->prefix_len);
2213         sa_in6_init(&rt->rt_netmask, &netmask);
2214         if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2215                 rt->rt_flags |= RTF_REJECT;
2216                 /* Linux does not like a gateway for a reject route. */
2217 #ifndef __linux__
2218                 sa_in6_init(&rt->rt_gateway, &in6addr_loopback);
2219 #endif
2220         } else
2221                 rt->rt_gateway.sa_family = AF_UNSPEC;
2222         sa_in6_init(&rt->rt_ifa, &addr->addr);
2223         return rt;
2224 }
2225
2226 static struct rt *
2227 inet6_makerouter(struct ra *rap)
2228 {
2229         struct rt *rt;
2230
2231         if ((rt = inet6_makeroute(rap->iface, rap)) == NULL)
2232                 return NULL;
2233         sa_in6_init(&rt->rt_dest, &in6addr_any);
2234         sa_in6_init(&rt->rt_netmask, &in6addr_any);
2235         sa_in6_init(&rt->rt_gateway, &rap->from);
2236         return rt;
2237 }
2238
2239 #define RT_IS_DEFAULT(rtp) \
2240         (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) &&                  \
2241             IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any))
2242
2243 static int
2244 inet6_staticroutes(struct rt_head *routes, struct dhcpcd_ctx *ctx)
2245 {
2246         struct interface *ifp;
2247         struct ipv6_state *state;
2248         struct ipv6_addr *ia;
2249         struct rt *rt;
2250
2251         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2252                 if ((state = IPV6_STATE(ifp)) == NULL)
2253                         continue;
2254                 TAILQ_FOREACH(ia, &state->addrs, next) {
2255                         if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) ==
2256                             (IPV6_AF_ADDED | IPV6_AF_STATIC))
2257                         {
2258                                 rt = inet6_makeprefix(ifp, NULL, ia);
2259                                 if (rt)
2260                                         TAILQ_INSERT_TAIL(routes, rt, rt_next);
2261                         }
2262                 }
2263         }
2264         return 0;
2265 }
2266
2267 static int
2268 inet6_raroutes(struct rt_head *routes, struct dhcpcd_ctx *ctx, int expired,
2269     bool *have_default)
2270 {
2271         struct rt *rt;
2272         struct ra *rap;
2273         const struct ipv6_addr *addr;
2274
2275         TAILQ_FOREACH(rap, ctx->ra_routers, next) {
2276                 if (rap->expired != expired)
2277                         continue;
2278                 TAILQ_FOREACH(addr, &rap->addrs, next) {
2279                         if (addr->prefix_vltime == 0)
2280                                 continue;
2281                         rt = inet6_makeprefix(rap->iface, rap, addr);
2282                         if (rt) {
2283                                 rt->rt_dflags |= RTDF_RA;
2284                                 TAILQ_INSERT_TAIL(routes, rt, rt_next);
2285                         }
2286                 }
2287                 if (rap->lifetime) {
2288                         rt = inet6_makerouter(rap);
2289                         if (rt) {
2290                                 rt->rt_dflags |= RTDF_RA;
2291                                 TAILQ_INSERT_TAIL(routes, rt, rt_next);
2292                                 if (have_default)
2293                                         *have_default = true;
2294                         }
2295                 }
2296         }
2297         return 0;
2298 }
2299
2300 static int
2301 inet6_dhcproutes(struct rt_head *routes, struct dhcpcd_ctx *ctx,
2302     enum DH6S dstate)
2303 {
2304         struct interface *ifp;
2305         const struct dhcp6_state *d6_state;
2306         const struct ipv6_addr *addr;
2307         struct rt *rt;
2308
2309         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2310                 d6_state = D6_CSTATE(ifp);
2311                 if (d6_state && d6_state->state == dstate) {
2312                         TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2313                                 rt = inet6_makeprefix(ifp, NULL, addr);
2314                                 if (rt) {
2315                                         rt->rt_dflags |= RTDF_DHCP;
2316                                         TAILQ_INSERT_TAIL(routes, rt, rt_next);
2317                                 }
2318                         }
2319                 }
2320         }
2321         return 0;
2322 }
2323
2324 bool
2325 inet6_getroutes(struct dhcpcd_ctx *ctx, struct rt_head *routes)
2326 {
2327         bool have_default;
2328
2329         /* Should static take priority? */
2330         if (inet6_staticroutes(routes, ctx) == -1)
2331                 return false;
2332
2333         /* First add reachable routers and their prefixes */
2334         have_default = false;
2335         if (inet6_raroutes(routes, ctx, 0, &have_default) == -1)
2336                 return false;
2337
2338         /* We have no way of knowing if prefixes added by DHCP are reachable
2339          * or not, so we have to assume they are.
2340          * Add bound before delegated so we can prefer interfaces better */
2341         if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1)
2342                 return false;
2343         if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1)
2344                 return false;
2345
2346 #ifdef HAVE_ROUTE_METRIC
2347         /* If we have an unreachable router, we really do need to remove the
2348          * route to it beause it could be a lower metric than a reachable
2349          * router. Of course, we should at least have some routers if all
2350          * are unreachable. */
2351         if (!have_default) {
2352 #endif
2353         /* Add our non-reachable routers and prefixes
2354          * Unsure if this is needed, but it's a close match to kernel
2355          * behaviour */
2356                 if (inet6_raroutes(routes, ctx, 1, NULL) == -1)
2357                         return false;
2358 #ifdef HAVE_ROUTE_METRIC
2359         }
2360 #endif
2361
2362         return true;
2363 }
DragonFly Project Source