contrib/dhcpcd/src/ipv6.c

   1 /* SPDX-License-Identifier: BSD-2-Clause */
   2 /*
   3  * dhcpcd - DHCP client daemon
   4  * Copyright (c) 2006-2019 Roy Marples <roy@marples.name>
   5  * All rights reserved
   6
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  26  * SUCH DAMAGE.
  27  */
  28
  29 #include <sys/param.h>
  30 #include <sys/types.h>
  31 #include <sys/socket.h>
  32 #include <sys/stat.h>
  33
  34 #include <arpa/inet.h>
  35 #include <net/if.h>
  36 #include <net/route.h>
  37 #include <netinet/in.h>
  38 #include <netinet/if_ether.h>
  39
  40 #include "config.h"
  41
  42 #ifdef HAVE_SYS_BITOPS_H
  43 #include <sys/bitops.h>
  44 #else
  45 #include "compat/bitops.h"
  46 #endif
  47
  48 #ifdef BSD
  49 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used
  50  * to generate our CAN_ADD_LLADDR #define. */
  51 #  include <netinet6/in6_var.h>
  52 #  include <netinet6/nd6.h>
  53 #endif
  54
  55 #include <errno.h>
  56 #include <ifaddrs.h>
  57 #include <inttypes.h>
  58 #include <stdlib.h>
  59 #include <string.h>
  60 #include <unistd.h>
  61
  62 #define ELOOP_QUEUE 7
  63 #include "common.h"
  64 #include "if.h"
  65 #include "dhcpcd.h"
  66 #include "dhcp6.h"
  67 #include "eloop.h"
  68 #include "ipv6.h"
  69 #include "ipv6nd.h"
  70 #include "logerr.h"
  71 #include "sa.h"
  72 #include "script.h"
  73
  74 #ifdef HAVE_MD5_H
  75 #  ifndef DEPGEN
  76 #    include <md5.h>
  77 #  endif
  78 #endif
  79
  80 #ifdef SHA2_H
  81 #  include SHA2_H
  82 #endif
  83
  84 #ifndef SHA256_DIGEST_LENGTH
  85 #  define SHA256_DIGEST_LENGTH          32
  86 #endif
  87
  88 #ifdef IPV6_POLLADDRFLAG
  89 #  warning kernel does not report IPv6 address flag changes
  90 #  warning polling tentative address flags periodically
  91 #endif
  92
  93 /* Hackery at it's finest. */
  94 #ifndef s6_addr32
  95 #  ifdef __sun
  96 #    define s6_addr32   _S6_un._S6_u32
  97 #  else
  98 #    define s6_addr32   __u6_addr.__u6_addr32
  99 #  endif
 100 #endif
 101
 102 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \
 103     defined(IFF_NOLINKLOCAL)
 104 /* Only add the LL address if we have a carrier, so DaD works. */
 105 #define CAN_ADD_LLADDR(ifp) \
 106     (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN)
 107 #ifdef __sun
 108 /* Although we can add our own LL address, we cannot drop it
 109  * without unplumbing the if which is a lot of code.
 110  * So just keep it for the time being. */
 111 #define CAN_DROP_LLADDR(ifp)    (0)
 112 #else
 113 #define CAN_DROP_LLADDR(ifp)    (1)
 114 #endif
 115 #else
 116 /* We have no control over the OS adding the LLADDR, so just let it do it
 117  * as we cannot force our own view on it. */
 118 #define CAN_ADD_LLADDR(ifp)     (0)
 119 #define CAN_DROP_LLADDR(ifp)    (0)
 120 #endif
 121
 122 #ifdef IPV6_MANAGETEMPADDR
 123 static void ipv6_regentempifid(void *);
 124 static void ipv6_regentempaddr(void *);
 125 #else
 126 #define ipv6_regentempifid(a) {}
 127 #endif
 128
 129 int
 130 ipv6_init(struct dhcpcd_ctx *ctx)
 131 {
 132
 133         if (ctx->ra_routers != NULL)
 134                 return 0;
 135
 136         ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
 137         if (ctx->ra_routers == NULL)
 138                 return -1;
 139         TAILQ_INIT(ctx->ra_routers);
 140
 141 #ifndef __sun
 142         ctx->nd_fd = -1;
 143 #endif
 144         ctx->dhcp6_fd = -1;
 145         return 0;
 146 }
 147
 148 static ssize_t
 149 ipv6_readsecret(struct dhcpcd_ctx *ctx)
 150 {
 151         FILE *fp;
 152         char line[1024];
 153         unsigned char *p;
 154         size_t len;
 155         uint32_t r;
 156         int x;
 157
 158         if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0)
 159                 return (ssize_t)ctx->secret_len;
 160
 161         if (errno != ENOENT)
 162                 logerr("%s: %s", __func__, SECRET);
 163
 164         /* Chaining arc4random should be good enough.
 165          * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
 166          * To attempt and future proof ourselves, we'll generate a key of
 167          * 512 bits (64 bytes). */
 168         if (ctx->secret_len < 64) {
 169                 if ((ctx->secret = malloc(64)) == NULL) {
 170                         logerr(__func__);
 171                         return -1;
 172                 }
 173                 ctx->secret_len = 64;
 174         }
 175         p = ctx->secret;
 176         for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
 177                 r = arc4random();
 178                 memcpy(p, &r, sizeof(r));
 179                 p += sizeof(r);
 180         }
 181
 182         /* Ensure that only the dhcpcd user can read the secret.
 183          * Write permission is also denied as chaning it would remove
 184          * it's stability. */
 185         if ((fp = fopen(SECRET, "w")) == NULL ||
 186             chmod(SECRET, S_IRUSR) == -1)
 187                 goto eexit;
 188         x = fprintf(fp, "%s\n",
 189             hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)));
 190         if (fclose(fp) == EOF)
 191                 x = -1;
 192         fp = NULL;
 193         if (x > 0)
 194                 return (ssize_t)ctx->secret_len;
 195
 196 eexit:
 197         logerr("%s: %s", __func__, SECRET);
 198         if (fp != NULL)
 199                 fclose(fp);
 200         unlink(SECRET);
 201         ctx->secret_len = 0;
 202         return -1;
 203 }
 204
 205 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
 206  * RFC5453 */
 207 static const struct reslowhigh {
 208         const uint8_t high[8];
 209         const uint8_t low[8];
 210 } reslowhigh[] = {
 211         /* RFC4291 + RFC6543 */
 212         { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
 213           { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
 214         /* RFC2526 */
 215         { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
 216           { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
 217 };
 218
 219 static int
 220 ipv6_reserved(const struct in6_addr *addr)
 221 {
 222         uint64_t id, low, high;
 223         size_t i;
 224         const struct reslowhigh *r;
 225
 226         id = be64dec(addr->s6_addr + sizeof(id));
 227         if (id == 0) /* RFC4291 */
 228                 return 1;
 229         for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) {
 230                 r = &reslowhigh[i];
 231                 low = be64dec(r->low);
 232                 high = be64dec(r->high);
 233                 if (id >= low && id <= high)
 234                         return 1;
 235         }
 236         return 0;
 237 }
 238
 239 /* RFC7217 */
 240 static int
 241 ipv6_makestableprivate1(struct in6_addr *addr,
 242     const struct in6_addr *prefix, int prefix_len,
 243     const unsigned char *netiface, size_t netiface_len,
 244     const unsigned char *netid, size_t netid_len,
 245     unsigned short vlanid,
 246     uint32_t *dad_counter,
 247     const unsigned char *secret, size_t secret_len)
 248 {
 249         unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
 250         size_t len, l;
 251         SHA256_CTX ctx;
 252
 253         if (prefix_len < 0 || prefix_len > 120) {
 254                 errno = EINVAL;
 255                 return -1;
 256         }
 257
 258         l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
 259         len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len;
 260         if (vlanid != 0)
 261                 len += sizeof(vlanid);
 262         if (len > sizeof(buf)) {
 263                 errno = ENOBUFS;
 264                 return -1;
 265         }
 266
 267         for (;; (*dad_counter)++) {
 268                 /* Combine all parameters into one buffer */
 269                 p = buf;
 270                 memcpy(p, prefix, l);
 271                 p += l;
 272                 memcpy(p, netiface, netiface_len);
 273                 p += netiface_len;
 274                 memcpy(p, netid, netid_len);
 275                 p += netid_len;
 276                 /* Don't use a vlanid if not set.
 277                  * This ensures prior versions have the same unique address. */
 278                 if (vlanid != 0) {
 279                         memcpy(p, &vlanid, sizeof(vlanid));
 280                         p += sizeof(vlanid);
 281                 }
 282                 memcpy(p, dad_counter, sizeof(*dad_counter));
 283                 p += sizeof(*dad_counter);
 284                 memcpy(p, secret, secret_len);
 285
 286                 /* Make an address using the digest of the above.
 287                  * RFC7217 Section 5.1 states that we shouldn't use MD5.
 288                  * Pity as we use that for HMAC-MD5 which is still deemed OK.
 289                  * SHA-256 is recommended */
 290                 SHA256_Init(&ctx);
 291                 SHA256_Update(&ctx, buf, len);
 292                 SHA256_Final(digest, &ctx);
 293
 294                 p = addr->s6_addr;
 295                 memcpy(p, prefix, l);
 296                 /* RFC7217 section 5.2 says we need to start taking the id from
 297                  * the least significant bit */
 298                 len = sizeof(addr->s6_addr) - l;
 299                 memcpy(p + l, digest + (sizeof(digest) - len), len);
 300
 301                 /* Ensure that the Interface ID does not match a reserved one,
 302                  * if it does then treat it as a DAD failure.
 303                  * RFC7217 section 5.2 */
 304                 if (prefix_len != 64)
 305                         break;
 306                 if (!ipv6_reserved(addr))
 307                         break;
 308         }
 309
 310         return 0;
 311 }
 312
 313 int
 314 ipv6_makestableprivate(struct in6_addr *addr,
 315     const struct in6_addr *prefix, int prefix_len,
 316     const struct interface *ifp,
 317     int *dad_counter)
 318 {
 319         uint32_t dad;
 320         int r;
 321
 322         if (ifp->ctx->secret_len == 0) {
 323                 if (ipv6_readsecret(ifp->ctx) == -1)
 324                         return -1;
 325         }
 326
 327         dad = (uint32_t)*dad_counter;
 328
 329         /* For our implementation, we shall set the hardware address
 330          * as the interface identifier */
 331         r = ipv6_makestableprivate1(addr, prefix, prefix_len,
 332             ifp->hwaddr, ifp->hwlen,
 333             ifp->ssid, ifp->ssid_len,
 334             ifp->vlanid, &dad,
 335             ifp->ctx->secret, ifp->ctx->secret_len);
 336
 337         if (r == 0)
 338                 *dad_counter = (int)dad;
 339         return r;
 340 }
 341
 342 int
 343 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp,
 344     const struct in6_addr *prefix, int prefix_len)
 345 {
 346         const struct ipv6_addr *ap;
 347         int dad;
 348
 349         if (prefix_len < 0 || prefix_len > 120) {
 350                 errno = EINVAL;
 351                 return -1;
 352         }
 353
 354         if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
 355                 dad = 0;
 356                 if (ipv6_makestableprivate(addr,
 357                     prefix, prefix_len, ifp, &dad) == -1)
 358                         return -1;
 359                 return dad;
 360         }
 361
 362         if (prefix_len > 64) {
 363                 errno = EINVAL;
 364                 return -1;
 365         }
 366         if ((ap = ipv6_linklocal(ifp)) == NULL) {
 367                 /* We delay a few functions until we get a local-link address
 368                  * so this should never be hit. */
 369                 errno = ENOENT;
 370                 return -1;
 371         }
 372
 373         /* Make the address from the first local-link address */
 374         memcpy(addr, prefix, sizeof(*prefix));
 375         addr->s6_addr32[2] = ap->addr.s6_addr32[2];
 376         addr->s6_addr32[3] = ap->addr.s6_addr32[3];
 377         return 0;
 378 }
 379
 380 static int
 381 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
 382 {
 383         int bytes, bits;
 384
 385         if (len < 0 || len > 128) {
 386                 errno = EINVAL;
 387                 return -1;
 388         }
 389
 390         bytes = len / NBBY;
 391         bits = len % NBBY;
 392         memcpy(&prefix->s6_addr, &addr->s6_addr, (size_t)bytes);
 393         if (bits != 0) {
 394                 /* Coverify false positive.
 395                  * bytelen cannot be 16 if bitlen is non zero */
 396                 /* coverity[overrun-local] */
 397                 prefix->s6_addr[bytes] =
 398                     (uint8_t)(prefix->s6_addr[bytes] >> (NBBY - bits));
 399         }
 400         memset((char *)prefix->s6_addr + bytes, 0,
 401             sizeof(prefix->s6_addr) - (size_t)bytes);
 402         return 0;
 403 }
 404
 405 int
 406 ipv6_mask(struct in6_addr *mask, int len)
 407 {
 408         static const unsigned char masks[NBBY] =
 409             { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
 410         int bytes, bits, i;
 411
 412         if (len < 0 || len > 128) {
 413                 errno = EINVAL;
 414                 return -1;
 415         }
 416
 417         memset(mask, 0, sizeof(*mask));
 418         bytes = len / NBBY;
 419         bits = len % NBBY;
 420         for (i = 0; i < bytes; i++)
 421                 mask->s6_addr[i] = 0xff;
 422         if (bits != 0) {
 423                 /* Coverify false positive.
 424                  * bytelen cannot be 16 if bitlen is non zero */
 425                 /* coverity[overrun-local] */
 426                 mask->s6_addr[bytes] = masks[bits - 1];
 427         }
 428         return 0;
 429 }
 430
 431 uint8_t
 432 ipv6_prefixlen(const struct in6_addr *mask)
 433 {
 434         int x = 0, y;
 435         const unsigned char *lim, *p;
 436
 437         lim = (const unsigned char *)mask + sizeof(*mask);
 438         for (p = (const unsigned char *)mask; p < lim; x++, p++) {
 439                 if (*p != 0xff)
 440                         break;
 441         }
 442         y = 0;
 443         if (p < lim) {
 444                 for (y = 0; y < NBBY; y++) {
 445                         if ((*p & (0x80 >> y)) == 0)
 446                                 break;
 447                 }
 448         }
 449
 450         /*
 451          * when the limit pointer is given, do a stricter check on the
 452          * remaining bits.
 453          */
 454         if (p < lim) {
 455                 if (y != 0 && (*p & (0x00ff >> y)) != 0)
 456                         return 0;
 457                 for (p = p + 1; p < lim; p++)
 458                         if (*p != 0)
 459                                 return 0;
 460         }
 461
 462         return (uint8_t)(x * NBBY + y);
 463 }
 464
 465 static void
 466 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
 467 {
 468
 469         *vhigh = be64dec(addr->s6_addr);
 470         *vlow = be64dec(addr->s6_addr + 8);
 471 }
 472
 473 static void
 474 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
 475 {
 476
 477         be64enc(addr->s6_addr, vhigh);
 478         be64enc(addr->s6_addr + 8, vlow);
 479 }
 480
 481 int
 482 ipv6_userprefix(
 483         const struct in6_addr *prefix,  // prefix from router
 484         short prefix_len,               // length of prefix received
 485         uint64_t user_number,           // "random" number from user
 486         struct in6_addr *result,        // resultant prefix
 487         short result_len)               // desired prefix length
 488 {
 489         uint64_t vh, vl, user_low, user_high;
 490
 491         if (prefix_len < 1 || prefix_len > 128 ||
 492             result_len < 1 || result_len > 128)
 493         {
 494                 errno = EINVAL;
 495                 return -1;
 496         }
 497
 498         /* Check that the user_number fits inside result_len less prefix_len */
 499         if (result_len < prefix_len ||
 500             fls64(user_number) > result_len - prefix_len)
 501         {
 502                errno = ERANGE;
 503                return -1;
 504         }
 505
 506         /* If user_number is zero, just copy the prefix into the result. */
 507         if (user_number == 0) {
 508                 *result = *prefix;
 509                 return 0;
 510         }
 511
 512         /* Shift user_number so it fit's just inside result_len.
 513          * Shifting by 0 or sizeof(user_number) is undefined,
 514          * so we cater for that. */
 515         if (result_len == 128) {
 516                 user_high = 0;
 517                 user_low = user_number;
 518         } else if (result_len > 64) {
 519                 if (prefix_len >= 64)
 520                         user_high = 0;
 521                 else
 522                         user_high = user_number >> (result_len - prefix_len);
 523                 user_low = user_number << (128 - result_len);
 524         } else if (result_len == 64) {
 525                 user_high = user_number;
 526                 user_low = 0;
 527         } else {
 528                 user_high = user_number << (64 - result_len);
 529                 user_low = 0;
 530         }
 531
 532         /* convert to two 64bit host order values */
 533         in6_to_h64(&vh, &vl, prefix);
 534
 535         vh |= user_high;
 536         vl |= user_low;
 537
 538         /* copy back result */
 539         h64_to_in6(result, vh, vl);
 540
 541         return 0;
 542 }
 543
 544 #ifdef IPV6_POLLADDRFLAG
 545 void
 546 ipv6_checkaddrflags(void *arg)
 547 {
 548         struct ipv6_addr *ia;
 549         int flags;
 550         const char *alias;
 551
 552         ia = arg;
 553 #ifdef ALIAS_ADDR
 554         alias = ia->alias;
 555 #else
 556         alias = NULL;
 557 #endif
 558         if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) {
 559                 if (errno != EEXIST && errno != EADDRNOTAVAIL)
 560                         logerr("%s: if_addrflags6", __func__);
 561                 return;
 562         }
 563
 564         if (!(flags & IN6_IFF_TENTATIVE)) {
 565                 /* Simulate the kernel announcing the new address. */
 566                 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR,
 567                     ia->iface->ctx->ifaces, ia->iface->name,
 568                     &ia->addr, ia->prefix_len, flags, 0);
 569         } else {
 570                 /* Still tentative? Check again in a bit. */
 571                 struct timespec tv;
 572
 573                 ms_to_ts(&tv, RETRANS_TIMER / 2);
 574                 eloop_timeout_add_tv(ia->iface->ctx->eloop, &tv,
 575                     ipv6_checkaddrflags, ia);
 576         }
 577 }
 578 #endif
 579
 580 static void
 581 ipv6_deletedaddr(struct ipv6_addr *ia)
 582 {
 583
 584 #ifdef SMALL
 585         UNUSED(ia);
 586 #else
 587         /* NOREJECT is set if we delegated exactly the prefix to another
 588          * address.
 589          * This can only be one address, so just clear the flag.
 590          * This should ensure the reject route will be restored. */
 591         if (ia->delegating_prefix != NULL)
 592                 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT;
 593 #endif
 594 }
 595
 596 void
 597 ipv6_deleteaddr(struct ipv6_addr *ia)
 598 {
 599         struct ipv6_state *state;
 600         struct ipv6_addr *ap;
 601
 602         loginfox("%s: deleting address %s", ia->iface->name, ia->saddr);
 603         if (if_address6(RTM_DELADDR, ia) == -1 &&
 604             errno != EADDRNOTAVAIL && errno != ESRCH &&
 605             errno != ENXIO && errno != ENODEV)
 606                 logerr(__func__);
 607
 608         ipv6_deletedaddr(ia);
 609
 610         state = IPV6_STATE(ia->iface);
 611         TAILQ_FOREACH(ap, &state->addrs, next) {
 612                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
 613                         TAILQ_REMOVE(&state->addrs, ap, next);
 614                         ipv6_freeaddr(ap);
 615                         break;
 616                 }
 617         }
 618
 619 #ifdef ND6_ADVERTISE
 620         /* Advertise the address if it exists on another interface. */
 621         ipv6nd_advertise(ia);
 622 #endif
 623 }
 624
 625 static int
 626 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now)
 627 {
 628         struct interface *ifp;
 629         uint32_t pltime, vltime;
 630         __printflike(1, 2) void (*logfunc)(const char *, ...);
 631 #ifdef ND6_ADVERTISE
 632         bool vltime_was_zero = ia->prefix_vltime == 0;
 633 #endif
 634 #ifdef __sun
 635         struct ipv6_state *state;
 636         struct ipv6_addr *ia2;
 637
 638         /* If we re-add then address on Solaris then the prefix
 639          * route will be scrubbed and re-added. Something might
 640          * be using it, so let's avoid it. */
 641         if (ia->flags & IPV6_AF_DADCOMPLETED) {
 642                 logdebugx("%s: IP address %s already exists",
 643                     ia->iface->name, ia->saddr);
 644 #ifdef ND6_ADVERTISE
 645                 goto advertise;
 646 #else
 647                 return 0;
 648 #endif
 649         }
 650 #endif
 651
 652         /* Remember the interface of the address. */
 653         ifp = ia->iface;
 654
 655         if (!(ia->flags & IPV6_AF_DADCOMPLETED) &&
 656             ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE))
 657                 ia->flags |= IPV6_AF_DADCOMPLETED;
 658
 659         /* Adjust plftime and vltime based on acquired time */
 660         pltime = ia->prefix_pltime;
 661         vltime = ia->prefix_vltime;
 662         if (timespecisset(&ia->acquired) &&
 663             (ia->prefix_pltime != ND6_INFINITE_LIFETIME ||
 664             ia->prefix_vltime != ND6_INFINITE_LIFETIME))
 665         {
 666                 struct timespec n;
 667
 668                 if (now == NULL) {
 669                         clock_gettime(CLOCK_MONOTONIC, &n);
 670                         now = &n;
 671                 }
 672                 timespecsub(now, &ia->acquired, &n);
 673                 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) {
 674                         ia->prefix_pltime -= (uint32_t)n.tv_sec;
 675                         /* This can happen when confirming a
 676                          * deprecated but still valid lease. */
 677                         if (ia->prefix_pltime > pltime)
 678                                 ia->prefix_pltime = 0;
 679                 }
 680                 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) {
 681                         ia->prefix_vltime -= (uint32_t)n.tv_sec;
 682                         /* This should never happen. */
 683                         if (ia->prefix_vltime > vltime) {
 684                                 logerrx("%s: %s: lifetime overflow",
 685                                     ifp->name, ia->saddr);
 686                                 ia->prefix_vltime = ia->prefix_pltime = 0;
 687                         }
 688                 }
 689         }
 690
 691         logfunc = ia->flags & IPV6_AF_NEW ? loginfox : logdebugx;
 692         logfunc("%s: adding %saddress %s", ifp->name,
 693 #ifdef IPV6_AF_TEMPORARY
 694             ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "",
 695 #else
 696             "",
 697 #endif
 698             ia->saddr);
 699         if (ia->prefix_pltime == ND6_INFINITE_LIFETIME &&
 700             ia->prefix_vltime == ND6_INFINITE_LIFETIME)
 701                 logdebugx("%s: pltime infinity, vltime infinity",
 702                     ifp->name);
 703         else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME)
 704                 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds",
 705                     ifp->name, ia->prefix_vltime);
 706         else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME)
 707                 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity",
 708                     ifp->name, ia->prefix_pltime);
 709         else
 710                 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32
 711                     " seconds",
 712                     ifp->name, ia->prefix_pltime, ia->prefix_vltime);
 713
 714         if (if_address6(RTM_NEWADDR, ia) == -1) {
 715                 logerr(__func__);
 716                 /* Restore real pltime and vltime */
 717                 ia->prefix_pltime = pltime;
 718                 ia->prefix_vltime = vltime;
 719                 return -1;
 720         }
 721
 722 #ifdef IPV6_MANAGETEMPADDR
 723         /* RFC4941 Section 3.4 */
 724         if (ia->flags & IPV6_AF_TEMPORARY &&
 725             ia->prefix_pltime &&
 726             ia->prefix_vltime &&
 727             ip6_use_tempaddr(ifp->name))
 728                 eloop_timeout_add_sec(ifp->ctx->eloop,
 729                     (time_t)ia->prefix_pltime - REGEN_ADVANCE,
 730                     ipv6_regentempaddr, ia);
 731 #endif
 732
 733         /* Restore real pltime and vltime */
 734         ia->prefix_pltime = pltime;
 735         ia->prefix_vltime = vltime;
 736
 737         ia->flags &= ~IPV6_AF_NEW;
 738         ia->flags |= IPV6_AF_ADDED;
 739 #ifndef SMALL
 740         if (ia->delegating_prefix != NULL)
 741                 ia->flags |= IPV6_AF_DELEGATED;
 742 #endif
 743
 744 #ifdef IPV6_POLLADDRFLAG
 745         eloop_timeout_delete(ifp->ctx->eloop,
 746                 ipv6_checkaddrflags, ia);
 747         if (!(ia->flags & IPV6_AF_DADCOMPLETED)) {
 748                 struct timespec tv;
 749
 750                 ms_to_ts(&tv, RETRANS_TIMER / 2);
 751                 eloop_timeout_add_tv(ifp->ctx->eloop,
 752                     &tv, ipv6_checkaddrflags, ia);
 753         }
 754 #endif
 755
 756 #ifdef __sun
 757         /* Solaris does not announce new addresses which need DaD
 758          * so we need to take a copy and add it to our list.
 759          * Otherwise aliasing gets confused if we add another
 760          * address during DaD. */
 761
 762         state = IPV6_STATE(ifp);
 763         TAILQ_FOREACH(ia2, &state->addrs, next) {
 764                 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr))
 765                         break;
 766         }
 767         if (ia2 == NULL) {
 768                 if ((ia2 = malloc(sizeof(*ia2))) == NULL) {
 769                         logerr(__func__);
 770                         return 0; /* Well, we did add the address */
 771                 }
 772                 memcpy(ia2, ia, sizeof(*ia2));
 773                 TAILQ_INSERT_TAIL(&state->addrs, ia2, next);
 774         }
 775 #endif
 776
 777 #ifdef ND6_ADVERTISE
 778 #ifdef __sun
 779 advertise:
 780 #endif
 781         /* Re-advertise the preferred address to be safe. */
 782         if (!vltime_was_zero)
 783                 ipv6nd_advertise(ia);
 784 #endif
 785
 786         return 0;
 787 }
 788
 789 #ifdef ALIAS_ADDR
 790 /* Find the next logical alias address we can use. */
 791 static int
 792 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl)
 793 {
 794         struct ipv6_state *state;
 795         struct ipv6_addr *iap;
 796         unsigned int lun;
 797         char alias[IF_NAMESIZE];
 798
 799         if (ia->alias[0] != '\0')
 800                 return 0;
 801         state = IPV6_STATE(ia->iface);
 802
 803         /* First find an existng address.
 804          * This can happen when dhcpcd restarts as ND and DHCPv6
 805          * maintain their own lists of addresses. */
 806         TAILQ_FOREACH(iap, &state->addrs, next) {
 807                 if (iap->alias[0] != '\0' &&
 808                     IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
 809                 {
 810                         strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
 811                         return 0;
 812                 }
 813         }
 814
 815         lun = 0;
 816 find_unit:
 817         if (if_makealias(alias, IF_NAMESIZE, ia->iface->name, lun) >=
 818             IF_NAMESIZE)
 819         {
 820                 errno = ENOMEM;
 821                 return -1;
 822         }
 823         TAILQ_FOREACH(iap, &state->addrs, next) {
 824                 if (iap->alias[0] == '\0')
 825                         continue;
 826                 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) {
 827                         /* No address assigned? Lets use it. */
 828                         strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
 829                         if (repl)
 830                                 *repl = iap;
 831                         return 1;
 832                 }
 833                 if (strcmp(iap->alias, alias) == 0)
 834                         break;
 835         }
 836
 837         if (iap != NULL) {
 838                 if (lun == UINT_MAX) {
 839                         errno = ERANGE;
 840                         return -1;
 841                 }
 842                 lun++;
 843                 goto find_unit;
 844         }
 845
 846         strlcpy(ia->alias, alias, sizeof(ia->alias));
 847         return 0;
 848 }
 849 #endif
 850
 851 int
 852 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now)
 853 {
 854         int r;
 855 #ifdef ALIAS_ADDR
 856         int replaced, blank;
 857         struct ipv6_addr *replaced_ia;
 858
 859         blank = (ia->alias[0] == '\0');
 860         if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1)
 861                 return -1;
 862         if (blank)
 863                 logdebugx("%s: aliased %s", ia->alias, ia->saddr);
 864 #endif
 865
 866         if ((r = ipv6_addaddr1(ia, now)) == 0) {
 867 #ifdef ALIAS_ADDR
 868                 if (replaced) {
 869                         struct ipv6_state *state;
 870
 871                         state = IPV6_STATE(ia->iface);
 872                         TAILQ_REMOVE(&state->addrs, replaced_ia, next);
 873                         ipv6_freeaddr(replaced_ia);
 874                 }
 875 #endif
 876         }
 877         return r;
 878 }
 879
 880 int
 881 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match,
 882     unsigned int flags)
 883 {
 884
 885         if (match == NULL) {
 886                 if ((addr->flags &
 887                     (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) ==
 888                     (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED))
 889                         return 1;
 890         } else if (addr->prefix_vltime &&
 891             IN6_ARE_ADDR_EQUAL(&addr->addr, match) &&
 892             (!flags || addr->flags & flags))
 893                 return 1;
 894
 895         return 0;
 896 }
 897
 898 struct ipv6_addr *
 899 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags)
 900 {
 901         struct ipv6_addr *nap;
 902 #ifdef DHCP6
 903         struct ipv6_addr *dap;
 904 #endif
 905
 906         nap = ipv6nd_findaddr(ctx, addr, flags);
 907 #ifdef DHCP6
 908         dap = dhcp6_findaddr(ctx, addr, flags);
 909         if (!dap && !nap)
 910                 return NULL;
 911         if (dap && !nap)
 912                 return dap;
 913         if (nap && !dap)
 914                 return nap;
 915         if (nap->iface->metric < dap->iface->metric)
 916                 return nap;
 917         return dap;
 918 #else
 919         return nap;
 920 #endif
 921 }
 922
 923 int
 924 ipv6_doaddr(struct ipv6_addr *ia, struct timespec *now)
 925 {
 926
 927         /* A delegated prefix is not an address. */
 928         if (ia->flags & IPV6_AF_DELEGATEDPFX)
 929                 return 0;
 930
 931         if (ia->prefix_vltime == 0) {
 932                 if (ia->flags & IPV6_AF_ADDED)
 933                         ipv6_deleteaddr(ia);
 934                 eloop_q_timeout_delete(ia->iface->ctx->eloop,
 935                     0, NULL, ia);
 936                 if (ia->flags & IPV6_AF_REQUEST) {
 937                         ia->flags &= ~IPV6_AF_ADDED;
 938                         return 0;
 939                 }
 940                 return -1;
 941         }
 942
 943         if (ia->flags & IPV6_AF_STALE ||
 944             IN6_IS_ADDR_UNSPECIFIED(&ia->addr))
 945                 return 0;
 946
 947         if (!timespecisset(now))
 948                 clock_gettime(CLOCK_MONOTONIC, now);
 949         ipv6_addaddr(ia, now);
 950         return ia->flags & IPV6_AF_NEW ? 1 : 0;
 951 }
 952
 953 ssize_t
 954 ipv6_addaddrs(struct ipv6_addrhead *iaddrs)
 955 {
 956         struct timespec now;
 957         struct ipv6_addr *ia, *ian;
 958         ssize_t i, r;
 959
 960         i = 0;
 961         timespecclear(&now);
 962         TAILQ_FOREACH_SAFE(ia, iaddrs, next, ian) {
 963                 r = ipv6_doaddr(ia, &now);
 964                 if (r != 0)
 965                         i++;
 966                 if (r == -1) {
 967                         TAILQ_REMOVE(iaddrs, ia, next);
 968                         ipv6_freeaddr(ia);
 969                 }
 970         }
 971         return i;
 972 }
 973
 974 void
 975 ipv6_freeaddr(struct ipv6_addr *ia)
 976 {
 977 #ifndef SMALL
 978         struct ipv6_addr *iad;
 979
 980         /* Forget the reference */
 981         if (ia->flags & IPV6_AF_DELEGATEDPFX) {
 982                 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) {
 983                         iad->delegating_prefix = NULL;
 984                 }
 985         } else if (ia->delegating_prefix != NULL) {
 986                 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next);
 987         }
 988 #endif
 989
 990         if (ia->dhcp6_fd != -1) {
 991                 close(ia->dhcp6_fd);
 992                 eloop_event_delete(ia->iface->ctx->eloop, ia->dhcp6_fd);
 993         }
 994
 995         eloop_q_timeout_delete(ia->iface->ctx->eloop, 0, NULL, ia);
 996         free(ia->na);
 997         free(ia);
 998 }
 999
1000 void
1001 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
1002     const struct interface *ifd)
1003 {
1004         struct ipv6_addr *ap, *apn, *apf;
1005         struct timespec now;
1006
1007 #ifdef SMALL
1008         UNUSED(ifd);
1009 #endif
1010         timespecclear(&now);
1011         TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
1012 #ifndef SMALL
1013                 if (ifd != NULL &&
1014                     (ap->delegating_prefix == NULL ||
1015                     ap->delegating_prefix->iface != ifd))
1016                         continue;
1017 #endif
1018                 if (drop != 2)
1019                         TAILQ_REMOVE(addrs, ap, next);
1020                 if (drop && ap->flags & IPV6_AF_ADDED &&
1021                     (ap->iface->options->options &
1022                     (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
1023                     (DHCPCD_EXITING | DHCPCD_PERSISTENT))
1024                 {
1025                         /* Don't drop link-local addresses. */
1026                         if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) ||
1027                             CAN_DROP_LLADDR(ap->iface))
1028                         {
1029                                 if (drop == 2)
1030                                         TAILQ_REMOVE(addrs, ap, next);
1031                                 /* Find the same address somewhere else */
1032                                 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr,
1033                                     0);
1034                                 if ((apf == NULL ||
1035                                     (apf->iface != ap->iface)))
1036                                         ipv6_deleteaddr(ap);
1037                                 if (!(ap->iface->options->options &
1038                                     DHCPCD_EXITING) && apf)
1039                                 {
1040                                         if (!timespecisset(&now))
1041                                                 clock_gettime(CLOCK_MONOTONIC,
1042                                                     &now);
1043                                         ipv6_addaddr(apf, &now);
1044                                 }
1045                                 if (drop == 2)
1046                                         ipv6_freeaddr(ap);
1047                         }
1048                 }
1049                 if (drop != 2)
1050                         ipv6_freeaddr(ap);
1051         }
1052 }
1053
1054 static struct ipv6_state *
1055 ipv6_getstate(struct interface *ifp)
1056 {
1057         struct ipv6_state *state;
1058
1059         state = IPV6_STATE(ifp);
1060         if (state == NULL) {
1061                 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
1062                 state = IPV6_STATE(ifp);
1063                 if (state == NULL) {
1064                         logerr(__func__);
1065                         return NULL;
1066                 }
1067                 TAILQ_INIT(&state->addrs);
1068                 TAILQ_INIT(&state->ll_callbacks);
1069
1070                 /* Regenerate new ids */
1071                 if (ifp->options &&
1072                     ip6_use_tempaddr(ifp->name))
1073                         ipv6_regentempifid(ifp);
1074         }
1075         return state;
1076 }
1077
1078 struct ipv6_addr *
1079 ipv6_anyglobal(struct interface *sifp)
1080 {
1081         struct interface *ifp;
1082         struct ipv6_state *state;
1083         struct ipv6_addr *ia;
1084
1085         TAILQ_FOREACH(ifp, sifp->ctx->ifaces, next) {
1086                 if (ifp != sifp && ip6_forwarding(ifp->name) != 1)
1087                         continue;
1088
1089                 state = IPV6_STATE(ifp);
1090                 if (state == NULL)
1091                         continue;
1092
1093                 TAILQ_FOREACH(ia, &state->addrs, next) {
1094                         if (IN6_IS_ADDR_LINKLOCAL(&ia->addr))
1095                                 continue;
1096                         /* Let's be optimistic.
1097                          * Any decent OS won't forward or accept traffic
1098                          * from/to tentative or detached addresses. */
1099                         if (!(ia->addr_flags & IN6_IFF_DUPLICATED))
1100                                 return ia;
1101                 }
1102         }
1103         return NULL;
1104 }
1105
1106 void
1107 ipv6_handleifa(struct dhcpcd_ctx *ctx,
1108     int cmd, struct if_head *ifs, const char *ifname,
1109     const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid)
1110 {
1111         struct interface *ifp;
1112         struct ipv6_state *state;
1113         struct ipv6_addr *ia;
1114         struct ll_callback *cb;
1115         bool anyglobal;
1116
1117 #ifdef __sun
1118         struct sockaddr_in6 subnet;
1119
1120         /* Solaris on-link route is an unspecified address! */
1121         if (IN6_IS_ADDR_UNSPECIFIED(addr)) {
1122                 if (if_getsubnet(ctx, ifname, AF_INET6,
1123                     &subnet, sizeof(subnet)) == -1)
1124                 {
1125                         logerr(__func__);
1126                         return;
1127                 }
1128                 addr = &subnet.sin6_addr;
1129         }
1130 #endif
1131
1132 #if 0
1133         char dbuf[INET6_ADDRSTRLEN];
1134         const char *dbp;
1135
1136         dbp = inet_ntop(AF_INET6, &addr->s6_addr,
1137             dbuf, INET6_ADDRSTRLEN);
1138         loginfox("%s: cmd %d addr %s addrflags %d",
1139             ifname, cmd, dbp, addrflags);
1140 #endif
1141
1142         if (ifs == NULL)
1143                 ifs = ctx->ifaces;
1144         if (ifs == NULL)
1145                 return;
1146         if ((ifp = if_find(ifs, ifname)) == NULL)
1147                 return;
1148         if ((state = ipv6_getstate(ifp)) == NULL)
1149                 return;
1150         anyglobal = ipv6_anyglobal(ifp) != NULL;
1151
1152         TAILQ_FOREACH(ia, &state->addrs, next) {
1153                 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr))
1154                         break;
1155         }
1156
1157         switch (cmd) {
1158         case RTM_DELADDR:
1159                 if (ia != NULL) {
1160                         TAILQ_REMOVE(&state->addrs, ia, next);
1161 #ifdef ND6_ADVERTISE
1162                         /* Advertise the address if it exists on
1163                          * another interface. */
1164                         ipv6nd_advertise(ia);
1165 #endif
1166                         /* We'll free it at the end of the function. */
1167                 }
1168                 break;
1169         case RTM_NEWADDR:
1170                 if (ia == NULL) {
1171                         ia = ipv6_newaddr(ifp, addr, prefix_len, 0);
1172 #ifdef ALIAS_ADDR
1173                         strlcpy(ia->alias, ifname, sizeof(ia->alias));
1174 #endif
1175                         if (if_getlifetime6(ia) == -1) {
1176                                 /* No support or address vanished.
1177                                  * Either way, just set a deprecated
1178                                  * infinite time lifetime and continue.
1179                                  * This is fine because we only want
1180                                  * to know this when trying to extend
1181                                  * temporary addresses.
1182                                  * As we can't extend infinite, we'll
1183                                  * create a new temporary address. */
1184                                 ia->prefix_pltime = 0;
1185                                 ia->prefix_vltime =
1186                                     ND6_INFINITE_LIFETIME;
1187                         }
1188                         /* This is a minor regression against RFC 4941
1189                          * because the kernel only knows when the
1190                          * lifetimes were last updated, not when the
1191                          * address was initially created.
1192                          * Provided dhcpcd is not restarted, this
1193                          * won't be a problem.
1194                          * If we don't like it, we can always
1195                          * pretend lifetimes are infinite and always
1196                          * generate a new temporary address on
1197                          * restart. */
1198                         ia->acquired = ia->created;
1199                         TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1200                 }
1201                 ia->addr_flags = addrflags;
1202                 ia->flags &= ~IPV6_AF_STALE;
1203 #ifdef IPV6_MANAGETEMPADDR
1204                 if (ia->addr_flags & IN6_IFF_TEMPORARY)
1205                         ia->flags |= IPV6_AF_TEMPORARY;
1206 #endif
1207                 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) {
1208 #ifdef IPV6_POLLADDRFLAG
1209                         if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1210                                 struct timespec tv;
1211
1212                                 ms_to_ts(&tv, RETRANS_TIMER / 2);
1213                                 eloop_timeout_add_tv(
1214                                     ia->iface->ctx->eloop,
1215                                     &tv, ipv6_checkaddrflags, ia);
1216                                 break;
1217                         }
1218 #endif
1219
1220                         if (ia->dadcallback) {
1221                                 ia->dadcallback(ia);
1222                                 if (ctx->options & DHCPCD_FORKED)
1223                                         goto out;
1224                         }
1225
1226                         if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) &&
1227                             !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1228                         {
1229                                 /* Now run any callbacks.
1230                                  * Typically IPv6RS or DHCPv6 */
1231                                 while ((cb =
1232                                     TAILQ_FIRST(&state->ll_callbacks)))
1233                                 {
1234                                         TAILQ_REMOVE(
1235                                             &state->ll_callbacks,
1236                                             cb, next);
1237                                         cb->callback(cb->arg);
1238                                         free(cb);
1239                                         if (ctx->options & DHCPCD_FORKED)
1240                                                 goto out;
1241                                 }
1242                         }
1243                 }
1244                 break;
1245         }
1246
1247         if (ia == NULL)
1248                 return;
1249
1250         ctx->options &= ~DHCPCD_RTBUILD;
1251         ipv6nd_handleifa(cmd, ia, pid);
1252 #ifdef DHCP6
1253         dhcp6_handleifa(cmd, ia, pid);
1254 #endif
1255
1256 out:
1257         /* Done with the ia now, so free it. */
1258         if (cmd == RTM_DELADDR)
1259                 ipv6_freeaddr(ia);
1260         else if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1261                 ia->flags |= IPV6_AF_DADCOMPLETED;
1262
1263         /* If we've not already called rt_build via the IPv6ND
1264          * or DHCP6 handlers and the existance of any useable
1265          * global address on the interface has changed,
1266          * call rt_build to add/remove the default route. */
1267         if (ifp->active &&
1268             ((ifp->options != NULL && ifp->options->options & DHCPCD_IPV6) ||
1269              (ifp->options == NULL && ctx->options & DHCPCD_IPV6)) &&
1270             !(ctx->options & DHCPCD_RTBUILD) &&
1271             (ipv6_anyglobal(ifp) != NULL) != anyglobal)
1272                 rt_build(ctx, AF_INET6);
1273 }
1274
1275 int
1276 ipv6_hasaddr(const struct interface *ifp)
1277 {
1278
1279         if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL)
1280                 return 1;
1281 #ifdef DHCP6
1282         if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL)
1283                 return 1;
1284 #endif
1285         return 0;
1286 }
1287
1288 struct ipv6_addr *
1289 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr,
1290     int revflags)
1291 {
1292         struct ipv6_state *state;
1293         struct ipv6_addr *ap;
1294
1295         state = IPV6_STATE(ifp);
1296         if (state) {
1297                 TAILQ_FOREACH(ap, &state->addrs, next) {
1298                         if (addr == NULL) {
1299                                 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1300                                     (!revflags || !(ap->addr_flags & revflags)))
1301                                         return ap;
1302                         } else {
1303                                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1304                                     (!revflags || !(ap->addr_flags & revflags)))
1305                                         return ap;
1306                         }
1307                 }
1308         }
1309         return NULL;
1310 }
1311
1312 static struct ipv6_addr *
1313 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr)
1314 {
1315         struct ipv6_state *state;
1316         struct ipv6_addr *ap;
1317         struct in6_addr mask;
1318
1319         state = IPV6_STATE(ifp);
1320         if (state) {
1321                 TAILQ_FOREACH(ap, &state->addrs, next) {
1322                         if (ipv6_mask(&mask, ap->prefix_len) == -1)
1323                                 continue;
1324                         if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask))
1325                                 return ap;
1326                 }
1327         }
1328         return NULL;
1329 }
1330
1331 struct ipv6_addr *
1332 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr)
1333 {
1334         struct interface *ifp;
1335         struct ipv6_addr *ap;
1336
1337         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1338                 ap = ipv6_iffindmaskaddr(ifp, addr);
1339                 if (ap != NULL)
1340                         return ap;
1341         }
1342         return NULL;
1343 }
1344
1345 int
1346 ipv6_addlinklocalcallback(struct interface *ifp,
1347     void (*callback)(void *), void *arg)
1348 {
1349         struct ipv6_state *state;
1350         struct ll_callback *cb;
1351
1352         state = ipv6_getstate(ifp);
1353         TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1354                 if (cb->callback == callback && cb->arg == arg)
1355                         break;
1356         }
1357         if (cb == NULL) {
1358                 cb = malloc(sizeof(*cb));
1359                 if (cb == NULL) {
1360                         logerr(__func__);
1361                         return -1;
1362                 }
1363                 cb->callback = callback;
1364                 cb->arg = arg;
1365                 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1366         }
1367         return 0;
1368 }
1369
1370 static struct ipv6_addr *
1371 ipv6_newlinklocal(struct interface *ifp)
1372 {
1373         struct ipv6_addr *ia;
1374         struct in6_addr in6;
1375
1376         memset(&in6, 0, sizeof(in6));
1377         in6.s6_addr32[0] = htonl(0xfe800000);
1378         ia = ipv6_newaddr(ifp, &in6, 64, 0);
1379         if (ia != NULL) {
1380                 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1381                 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1382         }
1383         return ia;
1384 }
1385
1386 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1387 static const uint8_t allone[8] =
1388     { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1389
1390 static int
1391 ipv6_addlinklocal(struct interface *ifp)
1392 {
1393         struct ipv6_state *state;
1394         struct ipv6_addr *ap, *ap2;
1395         int dadcounter;
1396
1397         /* Check sanity before malloc */
1398         if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1399                 switch (ifp->family) {
1400                 case ARPHRD_ETHER:
1401                         /* Check for a valid hardware address */
1402                         if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1403                                 errno = ENOTSUP;
1404                                 return -1;
1405                         }
1406                         if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1407                             memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1408                         {
1409                                 errno = EINVAL;
1410                                 return -1;
1411                         }
1412                         break;
1413                 default:
1414                         errno = ENOTSUP;
1415                         return -1;
1416                 }
1417         }
1418
1419         state = ipv6_getstate(ifp);
1420         if (state == NULL)
1421                 return -1;
1422
1423         ap = ipv6_newlinklocal(ifp);
1424         if (ap == NULL)
1425                 return -1;
1426
1427         dadcounter = 0;
1428         if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1429 nextslaacprivate:
1430                 if (ipv6_makestableprivate(&ap->addr,
1431                         &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1432                 {
1433                         free(ap);
1434                         return -1;
1435                 }
1436                 ap->dadcounter = dadcounter;
1437         } else {
1438                 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1439                 switch (ifp->family) {
1440                 case ARPHRD_ETHER:
1441                         if (ifp->hwlen == 6) {
1442                                 ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1443                                 ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1444                                 ap->addr.s6_addr[10] = ifp->hwaddr[2];
1445                                 ap->addr.s6_addr[11] = 0xff;
1446                                 ap->addr.s6_addr[12] = 0xfe;
1447                                 ap->addr.s6_addr[13] = ifp->hwaddr[3];
1448                                 ap->addr.s6_addr[14] = ifp->hwaddr[4];
1449                                 ap->addr.s6_addr[15] = ifp->hwaddr[5];
1450                         } else if (ifp->hwlen == 8)
1451                                 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1452                         else {
1453                                 free(ap);
1454                                 errno = ENOTSUP;
1455                                 return -1;
1456                         }
1457                         break;
1458                 }
1459
1460                 /* Sanity check: g bit must not indciate "group" */
1461                 if (EUI64_GROUP(&ap->addr)) {
1462                         free(ap);
1463                         errno = EINVAL;
1464                         return -1;
1465                 }
1466                 EUI64_TO_IFID(&ap->addr);
1467         }
1468
1469         /* Do we already have this address? */
1470         TAILQ_FOREACH(ap2, &state->addrs, next) {
1471                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1472                         if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1473                                 if (ifp->options->options &
1474                                     DHCPCD_SLAACPRIVATE)
1475                                 {
1476                                         dadcounter++;
1477                                         goto nextslaacprivate;
1478                                 }
1479                                 free(ap);
1480                                 errno = EADDRNOTAVAIL;
1481                                 return -1;
1482                         }
1483
1484                         logwarnx("%s: waiting for %s to complete",
1485                             ap2->iface->name, ap2->saddr);
1486                         free(ap);
1487                         errno = EEXIST;
1488                         return 0;
1489                 }
1490         }
1491
1492         inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1493         TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1494         ipv6_addaddr(ap, NULL);
1495         return 1;
1496 }
1497
1498 static int
1499 ipv6_tryaddlinklocal(struct interface *ifp)
1500 {
1501         struct ipv6_addr *ia;
1502
1503         /* We can't assign a link-locak address to this,
1504          * the ppp process has to. */
1505         if (ifp->flags & IFF_POINTOPOINT)
1506                 return 0;
1507
1508         ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED);
1509         if (ia != NULL) {
1510 #ifdef IPV6_POLLADDRFLAG
1511                 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1512                         struct timespec tv;
1513
1514                         ms_to_ts(&tv, RETRANS_TIMER / 2);
1515                         eloop_timeout_add_tv(
1516                             ia->iface->ctx->eloop,
1517                             &tv, ipv6_checkaddrflags, ia);
1518                 }
1519 #endif
1520                 return 0;
1521         }
1522         if (!CAN_ADD_LLADDR(ifp))
1523                 return 0;
1524
1525         return ipv6_addlinklocal(ifp);
1526 }
1527
1528 struct ipv6_addr *
1529 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr,
1530     uint8_t prefix_len, unsigned int flags)
1531 {
1532         struct ipv6_addr *ia;
1533         char buf[INET6_ADDRSTRLEN];
1534         const char *cbp;
1535         bool tempaddr;
1536         int addr_flags;
1537
1538         /* If adding a new DHCP / RA derived address, check current flags
1539          * from an existing address. */
1540         ia = ipv6_iffindaddr(ifp, addr, 0);
1541         if (ia != NULL)
1542                 addr_flags = ia->addr_flags;
1543         else
1544                 addr_flags = IN6_IFF_TENTATIVE;
1545
1546         ia = calloc(1, sizeof(*ia));
1547         if (ia == NULL)
1548                 goto err;
1549
1550         ia->iface = ifp;
1551         ia->addr_flags = addr_flags;
1552         ia->flags = IPV6_AF_NEW | flags;
1553         if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1554                 ia->flags |= IPV6_AF_DADCOMPLETED;
1555         ia->prefix_len = prefix_len;
1556         ia->dhcp6_fd = -1;
1557
1558 #ifndef SMALL
1559         TAILQ_INIT(&ia->pd_pfxs);
1560 #endif
1561
1562 #ifdef IPV6_AF_TEMPORARY
1563         tempaddr = ia->flags & IPV6_AF_TEMPORARY;
1564 #else
1565         tempaddr = false;
1566 #endif
1567
1568         if (ia->flags & IPV6_AF_AUTOCONF && !tempaddr) {
1569                 ia->prefix = *addr;
1570                 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp,
1571                                                &ia->prefix,
1572                                                ia->prefix_len);
1573                 if (ia->dadcounter == -1)
1574                         goto err;
1575         } else if (ia->flags & IPV6_AF_RAPFX) {
1576                 ia->prefix = *addr;
1577 #ifdef __sun
1578                 ia->addr = *addr;
1579                 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1580                 goto paddr;
1581 #else
1582                 return ia;
1583 #endif
1584         } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX) &&
1585                    prefix_len != 128)
1586         {
1587                 ia->prefix = *addr;
1588                 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf));
1589                 goto paddr;
1590         } else {
1591                 ia->addr = *addr;
1592                 if (ipv6_makeprefix(&ia->prefix,
1593                                     &ia->addr, ia->prefix_len) == -1)
1594                         goto err;
1595         }
1596
1597         cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1598 paddr:
1599         if (cbp == NULL)
1600                 goto err;
1601         snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len);
1602
1603         return ia;
1604
1605 err:
1606         logerr(__func__);
1607         free(ia);
1608         return NULL;
1609 }
1610
1611 static void
1612 ipv6_staticdadcallback(void *arg)
1613 {
1614         struct ipv6_addr *ia = arg;
1615         int wascompleted;
1616
1617         wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
1618         ia->flags |= IPV6_AF_DADCOMPLETED;
1619         if (ia->flags & IPV6_AF_DUPLICATED)
1620                 logwarnx("%s: DAD detected %s", ia->iface->name,
1621                     ia->saddr);
1622         else if (!wascompleted) {
1623                 logdebugx("%s: IPv6 static DAD completed",
1624                     ia->iface->name);
1625         }
1626
1627 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1628         if (!wascompleted) {
1629                 struct interface *ifp;
1630                 struct ipv6_state *state;
1631
1632                 ifp = ia->iface;
1633                 state = IPV6_STATE(ifp);
1634                 TAILQ_FOREACH(ia, &state->addrs, next) {
1635                         if (ia->flags & IPV6_AF_STATIC &&
1636                             (ia->flags & FINISHED) != FINISHED)
1637                         {
1638                                 wascompleted = 1;
1639                                 break;
1640                         }
1641                 }
1642                 if (!wascompleted)
1643                         script_runreason(ifp, "STATIC6");
1644         }
1645 #undef FINISHED
1646 }
1647
1648 ssize_t
1649 ipv6_env(FILE *fp, const char *prefix, const struct interface *ifp)
1650 {
1651         struct ipv6_addr *ia;
1652
1653         ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6,
1654             IN6_IFF_NOTUSEABLE);
1655         if (ia == NULL)
1656                 return 0;
1657         if (efprintf(fp, "%s_ip6_address=%s", prefix, ia->saddr) == -1)
1658                 return -1;
1659         return 1;
1660 }
1661
1662 int
1663 ipv6_staticdadcompleted(const struct interface *ifp)
1664 {
1665         const struct ipv6_state *state;
1666         const struct ipv6_addr *ia;
1667         int n;
1668
1669         if ((state = IPV6_CSTATE(ifp)) == NULL)
1670                 return 0;
1671         n = 0;
1672 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1673         TAILQ_FOREACH(ia, &state->addrs, next) {
1674                 if ((ia->flags & COMPLETED) == COMPLETED &&
1675                     !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1676                         n++;
1677         }
1678         return n;
1679 }
1680
1681 int
1682 ipv6_startstatic(struct interface *ifp)
1683 {
1684         struct ipv6_addr *ia;
1685         int run_script;
1686
1687         if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6))
1688                 return 0;
1689
1690         ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0);
1691         if (ia != NULL &&
1692             (ia->prefix_len != ifp->options->req_prefix_len ||
1693             ia->addr_flags & IN6_IFF_NOTUSEABLE))
1694         {
1695                 ipv6_deleteaddr(ia);
1696                 ia = NULL;
1697         }
1698         if (ia == NULL) {
1699                 struct ipv6_state *state;
1700
1701                 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6,
1702                     ifp->options->req_prefix_len, 0);
1703                 if (ia == NULL)
1704                         return -1;
1705                 state = IPV6_STATE(ifp);
1706                 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1707                 run_script = 0;
1708         } else
1709                 run_script = 1;
1710         ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK;
1711         ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1712         ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1713         ia->dadcallback = ipv6_staticdadcallback;
1714         ipv6_addaddr(ia, NULL);
1715         rt_build(ifp->ctx, AF_INET6);
1716         if (run_script)
1717                 script_runreason(ifp, "STATIC6");
1718         return 1;
1719 }
1720
1721 /* Ensure the interface has a link-local address */
1722 int
1723 ipv6_start(struct interface *ifp)
1724 {
1725 #ifdef IPV6_POLLADDRFLAG
1726         struct ipv6_state *state;
1727
1728         /* We need to update the address flags. */
1729         if ((state = IPV6_STATE(ifp)) != NULL) {
1730                 struct ipv6_addr *ia;
1731                 const char *alias;
1732                 int flags;
1733
1734                 TAILQ_FOREACH(ia, &state->addrs, next) {
1735 #ifdef ALIAS_ADDR
1736                         alias = ia->alias;
1737 #else
1738                         alias = NULL;
1739 #endif
1740                         flags = if_addrflags6(ia->iface, &ia->addr, alias);
1741                         if (flags != -1)
1742                                 ia->addr_flags = flags;
1743                 }
1744         }
1745 #endif
1746
1747         if (ipv6_tryaddlinklocal(ifp) == -1)
1748                 return -1;
1749
1750         if (IPV6_CSTATE(ifp)) {
1751                 /* Regenerate new ids */
1752                 if (ip6_use_tempaddr(ifp->name))
1753                         ipv6_regentempifid(ifp);
1754         }
1755
1756         return 0;
1757 }
1758
1759 void
1760 ipv6_freedrop(struct interface *ifp, int drop)
1761 {
1762         struct ipv6_state *state;
1763         struct ll_callback *cb;
1764
1765         if (ifp == NULL)
1766                 return;
1767
1768         if ((state = IPV6_STATE(ifp)) == NULL)
1769                 return;
1770
1771         /* If we got here, we can get rid of any LL callbacks. */
1772         while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1773                 TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1774                 free(cb);
1775         }
1776
1777         ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1778         if (drop) {
1779                 if (ifp->ctx->ra_routers != NULL)
1780                         rt_build(ifp->ctx, AF_INET6);
1781         } else {
1782                 /* Because we need to cache the addresses we don't control,
1783                  * we only free the state on when NOT dropping addresses. */
1784                 free(state);
1785                 ifp->if_data[IF_DATA_IPV6] = NULL;
1786                 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1787         }
1788 }
1789
1790 void
1791 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1792 {
1793
1794         free(ctx->ra_routers);
1795         free(ctx->secret);
1796 }
1797
1798 int
1799 ipv6_handleifa_addrs(int cmd,
1800     struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid)
1801 {
1802         struct ipv6_addr *ia, *ian;
1803         uint8_t found, alldadcompleted;
1804
1805         alldadcompleted = 1;
1806         found = 0;
1807         TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
1808                 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) {
1809                         if (ia->flags & IPV6_AF_ADDED &&
1810                             !(ia->flags & IPV6_AF_DADCOMPLETED))
1811                                 alldadcompleted = 0;
1812                         continue;
1813                 }
1814                 switch (cmd) {
1815                 case RTM_DELADDR:
1816                         if (ia->flags & IPV6_AF_ADDED) {
1817                                 logwarnx("%s: pid %d deleted address %s",
1818                                     ia->iface->name, pid, ia->saddr);
1819                                 ia->flags &= ~IPV6_AF_ADDED;
1820                         }
1821                         if (ia->flags & IPV6_AF_DELEGATED) {
1822                                 TAILQ_REMOVE(addrs, ia, next);
1823                                 ipv6_deletedaddr(ia);
1824                                 ipv6_freeaddr(ia);
1825                         }
1826                         break;
1827                 case RTM_NEWADDR:
1828                         /* Safety - ignore tentative announcements */
1829                         if (addr->addr_flags &
1830                             (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE))
1831                                 break;
1832                         if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) {
1833                                 found++;
1834                                 if (addr->addr_flags & IN6_IFF_DUPLICATED)
1835                                         ia->flags |= IPV6_AF_DUPLICATED;
1836                                 else
1837                                         ia->flags &= ~IPV6_AF_DUPLICATED;
1838                                 if (ia->dadcallback)
1839                                         ia->dadcallback(ia);
1840                                 /* We need to set this here in-case the
1841                                  * dadcallback function checks it */
1842                                 ia->flags |= IPV6_AF_DADCOMPLETED;
1843                         }
1844                         break;
1845                 }
1846         }
1847
1848         return alldadcompleted ? found : 0;
1849 }
1850
1851 #ifdef IPV6_MANAGETEMPADDR
1852 static const struct ipv6_addr *
1853 ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr)
1854 {
1855         const struct interface *ifp;
1856         const struct ipv6_state *state;
1857         const struct ipv6_addr *ia;
1858
1859         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1860                 if ((state = IPV6_CSTATE(ifp))) {
1861                         TAILQ_FOREACH(ia, &state->addrs, next) {
1862                                 if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0)
1863                                         return ia;
1864                         }
1865                 }
1866         }
1867         return NULL;
1868 }
1869
1870 static const uint8_t nullid[8];
1871 static const uint8_t anycastid[8] = {
1872     0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 };
1873 static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe };
1874
1875 static void
1876 ipv6_regen_desync(struct interface *ifp, int force)
1877 {
1878         struct ipv6_state *state;
1879         time_t max;
1880
1881         state = IPV6_STATE(ifp);
1882
1883         /* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1884          * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1885          * I believe this is an error and it should be never be greateter than
1886          * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1887         max = ip6_temp_preferred_lifetime(ifp->name) - REGEN_ADVANCE;
1888         if (state->desync_factor && !force && state->desync_factor < max)
1889                 return;
1890         if (state->desync_factor == 0)
1891                 state->desync_factor =
1892                     (time_t)arc4random_uniform(MIN(MAX_DESYNC_FACTOR,
1893                     (uint32_t)max));
1894         max = ip6_temp_preferred_lifetime(ifp->name) -
1895             state->desync_factor - REGEN_ADVANCE;
1896         eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp);
1897 }
1898
1899 void
1900 ipv6_gentempifid(struct interface *ifp)
1901 {
1902         struct ipv6_state *state;
1903         MD5_CTX md5;
1904         uint8_t seed[16], digest[16];
1905         int retry;
1906
1907         if ((state = IPV6_STATE(ifp)) == NULL)
1908                 return;
1909
1910         retry = 0;
1911         if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) {
1912                 uint32_t r;
1913
1914                 r = arc4random();
1915                 memcpy(seed, &r, sizeof(r));
1916                 r = arc4random();
1917                 memcpy(seed + sizeof(r), &r, sizeof(r));
1918         } else
1919                 memcpy(seed, state->randomseed0, sizeof(state->randomseed0));
1920
1921         memcpy(seed + sizeof(state->randomseed0),
1922             state->randomseed1, sizeof(state->randomseed1));
1923
1924 again:
1925         MD5Init(&md5);
1926         MD5Update(&md5, seed, sizeof(seed));
1927         MD5Final(digest, &md5);
1928
1929         /* RFC4941 Section 3.2.1.1
1930          * Take the left-most 64bits and set bit 6 to zero */
1931         memcpy(state->randomid, digest, sizeof(state->randomid));
1932         state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT);
1933
1934         /* RFC4941 Section 3.2.1.4
1935          * Reject reserved or existing id's */
1936         if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 ||
1937             (memcmp(anycastid, state->randomid, 7) == 0 &&
1938             (anycastid[7] & state->randomid[7]) == anycastid[7]) ||
1939             memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 ||
1940             ipv6_findaddrid(ifp->ctx, state->randomid))
1941         {
1942                 if (++retry < GEN_TEMPID_RETRY_MAX) {
1943                         memcpy(seed, digest + 8, 8);
1944                         goto again;
1945                 }
1946                 memset(state->randomid, 0, sizeof(state->randomid));
1947         }
1948
1949         /* RFC4941 Section 3.2.1.6
1950          * Save the right-most 64bits of the digest */
1951         memcpy(state->randomseed0, digest + 8,
1952             sizeof(state->randomseed0));
1953 }
1954
1955 /* RFC4941 Section 3.3.7 */
1956 static void
1957 ipv6_tempdadcallback(void *arg)
1958 {
1959         struct ipv6_addr *ia = arg;
1960
1961         if (ia->flags & IPV6_AF_DUPLICATED) {
1962                 struct ipv6_addr *ia1;
1963                 struct timespec tv;
1964
1965                 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1966                         logerrx("%s: too many duplicate temporary addresses",
1967                             ia->iface->name);
1968                         return;
1969                 }
1970                 clock_gettime(CLOCK_MONOTONIC, &tv);
1971                 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1972                         logerr(__func__);
1973                 else
1974                         ia1->dadcounter = ia->dadcounter;
1975                 ipv6_deleteaddr(ia);
1976                 if (ia1)
1977                         ipv6_addaddr(ia1, &ia1->acquired);
1978         }
1979 }
1980
1981 struct ipv6_addr *
1982 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1983 {
1984         struct ipv6_state *state;
1985         const struct ipv6_state *cstate;
1986         int genid;
1987         struct in6_addr addr, mask;
1988         uint32_t randid[2];
1989         const struct interface *ifp;
1990         const struct ipv6_addr *ap;
1991         struct ipv6_addr *ia;
1992         uint32_t i, trylimit;
1993
1994         trylimit = TEMP_IDGEN_RETRIES;
1995         state = IPV6_STATE(ia0->iface);
1996         genid = 0;
1997
1998         addr = ia0->addr;
1999         ipv6_mask(&mask, ia0->prefix_len);
2000         /* clear the old ifid */
2001         for (i = 0; i < 4; i++)
2002                 addr.s6_addr32[i] &= mask.s6_addr32[i];
2003
2004 again:
2005         if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0)
2006                 genid = 1;
2007         if (genid) {
2008                 memcpy(state->randomseed1, &ia0->addr.s6_addr[8],
2009                     sizeof(state->randomseed1));
2010                 ipv6_gentempifid(ia0->iface);
2011                 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) {
2012                         errno = EFAULT;
2013                         return NULL;
2014                 }
2015         }
2016         memcpy(&randid[0], state->randomid, sizeof(randid[0]));
2017         memcpy(&randid[1], state->randomid + sizeof(randid[1]),
2018             sizeof(randid[2]));
2019         addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2];
2020         addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3];
2021
2022         /* Ensure we don't already have it */
2023         TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) {
2024                 cstate = IPV6_CSTATE(ifp);
2025                 if (cstate) {
2026                         TAILQ_FOREACH(ap, &cstate->addrs, next) {
2027                                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) {
2028                                         if (--trylimit == 0) {
2029                                                 errno = EEXIST;
2030                                                 return NULL;
2031                                         }
2032                                         genid = 1;
2033                                         goto again;
2034                                 }
2035                         }
2036                 }
2037         }
2038
2039         ia = ipv6_newaddr(ia0->iface, &addr, ia0->prefix_len,
2040             IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY);
2041         /* Must be made tentative, for our DaD to work */
2042         ia->addr_flags = IN6_IFF_TENTATIVE;
2043         ia->dadcallback = ipv6_tempdadcallback;
2044         ia->created = ia->acquired = now ? *now : ia0->acquired;
2045
2046         /* Ensure desync is still valid */
2047         ipv6_regen_desync(ia->iface, 0);
2048
2049         /* RFC4941 Section 3.3.4 */
2050         i = (uint32_t)(ip6_temp_preferred_lifetime(ia0->iface->name) -
2051             state->desync_factor);
2052         ia->prefix_pltime = MIN(ia0->prefix_pltime, i);
2053         i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name);
2054         ia->prefix_vltime = MIN(ia0->prefix_vltime, i);
2055         if (ia->prefix_pltime <= REGEN_ADVANCE ||
2056             ia->prefix_pltime > ia0->prefix_vltime)
2057         {
2058                 errno = EINVAL;
2059                 free(ia);
2060                 return NULL;
2061         }
2062
2063         TAILQ_INSERT_TAIL(&state->addrs, ia, next);
2064         return ia;
2065 }
2066
2067 struct ipv6_addr *
2068 ipv6_settemptime(struct ipv6_addr *ia, int flags)
2069 {
2070         struct ipv6_state *state;
2071         struct ipv6_addr *ap, *first;
2072
2073         state = IPV6_STATE(ia->iface);
2074         first = NULL;
2075         TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
2076                 if (ap->flags & IPV6_AF_TEMPORARY &&
2077                     ap->prefix_pltime &&
2078                     IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
2079                 {
2080                         time_t max, ext;
2081
2082                         if (flags == 0) {
2083                                 if (ap->prefix_pltime -
2084                                     (uint32_t)(ia->acquired.tv_sec -
2085                                     ap->acquired.tv_sec)
2086                                     < REGEN_ADVANCE)
2087                                         continue;
2088
2089                                 return ap;
2090                         }
2091
2092                         if (!(ap->flags & IPV6_AF_ADDED))
2093                                 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
2094                         ap->flags &= ~IPV6_AF_STALE;
2095
2096                         /* RFC4941 Section 3.4
2097                          * Deprecated prefix, deprecate the temporary address */
2098                         if (ia->prefix_pltime == 0) {
2099                                 ap->prefix_pltime = 0;
2100                                 goto valid;
2101                         }
2102
2103                         /* Ensure desync is still valid */
2104                         ipv6_regen_desync(ap->iface, 0);
2105
2106                         /* RFC4941 Section 3.3.2
2107                          * Extend temporary times, but ensure that they
2108                          * never last beyond the system limit. */
2109                         ext = ia->acquired.tv_sec + (time_t)ia->prefix_pltime;
2110                         max = ap->created.tv_sec +
2111                             ip6_temp_preferred_lifetime(ap->iface->name) -
2112                             state->desync_factor;
2113                         if (ext < max)
2114                                 ap->prefix_pltime = ia->prefix_pltime;
2115                         else
2116                                 ap->prefix_pltime =
2117                                     (uint32_t)(max - ia->acquired.tv_sec);
2118
2119 valid:
2120                         ext = ia->acquired.tv_sec + (time_t)ia->prefix_vltime;
2121                         max = ap->created.tv_sec +
2122                             ip6_temp_valid_lifetime(ap->iface->name);
2123                         if (ext < max)
2124                                 ap->prefix_vltime = ia->prefix_vltime;
2125                         else
2126                                 ap->prefix_vltime =
2127                                     (uint32_t)(max - ia->acquired.tv_sec);
2128
2129                         /* Just extend the latest matching prefix */
2130                         ap->acquired = ia->acquired;
2131
2132                         /* If extending return the last match as
2133                          * it's the most current.
2134                          * If deprecating, deprecate any other addresses we
2135                          * may have, although this should not be needed */
2136                         if (ia->prefix_pltime)
2137                                 return ap;
2138                         if (first == NULL)
2139                                 first = ap;
2140                 }
2141         }
2142         return first;
2143 }
2144
2145 void
2146 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
2147 {
2148         struct ipv6_state *state;
2149         struct ipv6_addr *ia;
2150
2151         state = IPV6_STATE(ifp);
2152         TAILQ_FOREACH(ia, &state->addrs, next) {
2153                 if (ia->flags & IPV6_AF_TEMPORARY &&
2154                     !(ia->flags & IPV6_AF_STALE))
2155                         ipv6_addaddr(ia, now);
2156         }
2157 }
2158
2159 static void
2160 ipv6_regentempaddr(void *arg)
2161 {
2162         struct ipv6_addr *ia = arg, *ia1;
2163         struct timespec tv;
2164
2165         logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr);
2166         clock_gettime(CLOCK_MONOTONIC, &tv);
2167         ia1 = ipv6_createtempaddr(ia, &tv);
2168         if (ia1)
2169                 ipv6_addaddr(ia1, &tv);
2170         else
2171                 logerr(__func__);
2172 }
2173
2174 static void
2175 ipv6_regentempifid(void *arg)
2176 {
2177         struct interface *ifp = arg;
2178         struct ipv6_state *state;
2179
2180         state = IPV6_STATE(ifp);
2181         if (memcmp(state->randomid, nullid, sizeof(state->randomid)))
2182                 ipv6_gentempifid(ifp);
2183
2184         ipv6_regen_desync(ifp, 1);
2185 }
2186 #endif /* IPV6_MANAGETEMPADDR */
2187
2188 void
2189 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags)
2190 {
2191         struct ipv6_state *state;
2192         struct ipv6_addr *ia;
2193
2194         state = IPV6_STATE(ifp);
2195         if (state == NULL)
2196                 return;
2197
2198         TAILQ_FOREACH(ia, &state->addrs, next) {
2199                 if (flags == 0 || ia->flags & flags)
2200                         ia->flags |= IPV6_AF_STALE;
2201         }
2202 }
2203
2204 void
2205 ipv6_deletestaleaddrs(struct interface *ifp)
2206 {
2207         struct ipv6_state *state;
2208         struct ipv6_addr *ia, *ia1;
2209
2210         state = IPV6_STATE(ifp);
2211         if (state == NULL)
2212                 return;
2213
2214         TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) {
2215                 if (ia->flags & IPV6_AF_STALE)
2216                         ipv6_handleifa(ifp->ctx, RTM_DELADDR,
2217                             ifp->ctx->ifaces, ifp->name,
2218                             &ia->addr, ia->prefix_len, 0, getpid());
2219         }
2220 }
2221
2222
2223 static struct rt *
2224 inet6_makeroute(struct interface *ifp, const struct ra *rap)
2225 {
2226         struct rt *rt;
2227
2228         if ((rt = rt_new(ifp)) == NULL)
2229                 return NULL;
2230
2231 #ifdef HAVE_ROUTE_METRIC
2232         rt->rt_metric = ifp->metric;
2233 #endif
2234         if (rap != NULL)
2235                 rt->rt_mtu = rap->mtu;
2236         return rt;
2237 }
2238
2239 static struct rt *
2240 inet6_makeprefix(struct interface *ifp, const struct ra *rap,
2241     const struct ipv6_addr *addr)
2242 {
2243         struct rt *rt;
2244         struct in6_addr netmask;
2245
2246         if (addr == NULL || addr->prefix_len > 128) {
2247                 errno = EINVAL;
2248                 return NULL;
2249         }
2250
2251         /* There is no point in trying to manage a /128 prefix,
2252          * ones without a lifetime.  */
2253         if (addr->prefix_len == 128 || addr->prefix_vltime == 0)
2254                 return NULL;
2255
2256         /* Don't install a reject route when not creating bigger prefixes. */
2257         if (addr->flags & IPV6_AF_NOREJECT)
2258                 return NULL;
2259
2260         /* This address is the delegated prefix, so add a reject route for
2261          * it via the loopback interface. */
2262         if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2263                 struct interface *lo0;
2264
2265                 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) {
2266                         if (lo0->flags & IFF_LOOPBACK)
2267                                 break;
2268                 }
2269                 if (lo0 == NULL)
2270                         logwarnx("cannot find a loopback interface "
2271                             "to reject via");
2272                 else
2273                         ifp = lo0;
2274         }
2275
2276         if ((rt = inet6_makeroute(ifp, rap)) == NULL)
2277                 return NULL;
2278
2279         sa_in6_init(&rt->rt_dest, &addr->prefix);
2280         ipv6_mask(&netmask, addr->prefix_len);
2281         sa_in6_init(&rt->rt_netmask, &netmask);
2282         if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2283                 rt->rt_flags |= RTF_REJECT;
2284                 /* Linux does not like a gateway for a reject route. */
2285 #ifndef __linux__
2286                 sa_in6_init(&rt->rt_gateway, &in6addr_loopback);
2287 #endif
2288         } else if (!(addr->flags & IPV6_AF_ONLINK))
2289                 sa_in6_init(&rt->rt_gateway, &rap->from);
2290         else
2291                 rt->rt_gateway.sa_family = AF_UNSPEC;
2292         sa_in6_init(&rt->rt_ifa, &addr->addr);
2293         return rt;
2294 }
2295
2296 static struct rt *
2297 inet6_makerouter(struct ra *rap)
2298 {
2299         struct rt *rt;
2300
2301         if ((rt = inet6_makeroute(rap->iface, rap)) == NULL)
2302                 return NULL;
2303         sa_in6_init(&rt->rt_dest, &in6addr_any);
2304         sa_in6_init(&rt->rt_netmask, &in6addr_any);
2305         sa_in6_init(&rt->rt_gateway, &rap->from);
2306         return rt;
2307 }
2308
2309 #define RT_IS_DEFAULT(rtp) \
2310         (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) &&                  \
2311             IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any))
2312
2313 static int
2314 inet6_staticroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2315 {
2316         struct interface *ifp;
2317         struct ipv6_state *state;
2318         struct ipv6_addr *ia;
2319         struct rt *rt;
2320
2321         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2322                 if ((state = IPV6_STATE(ifp)) == NULL)
2323                         continue;
2324                 TAILQ_FOREACH(ia, &state->addrs, next) {
2325                         if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) ==
2326                             (IPV6_AF_ADDED | IPV6_AF_STATIC))
2327                         {
2328                                 rt = inet6_makeprefix(ifp, NULL, ia);
2329                                 if (rt)
2330                                         rt_proto_add(routes, rt);
2331                         }
2332                 }
2333         }
2334         return 0;
2335 }
2336
2337 static int
2338 inet6_raroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2339 {
2340         struct rt *rt;
2341         struct ra *rap;
2342         const struct ipv6_addr *addr;
2343
2344         TAILQ_FOREACH(rap, ctx->ra_routers, next) {
2345                 if (rap->expired)
2346                         continue;
2347                 TAILQ_FOREACH(addr, &rap->addrs, next) {
2348                         if (addr->prefix_vltime == 0)
2349                                 continue;
2350                         rt = inet6_makeprefix(rap->iface, rap, addr);
2351                         if (rt) {
2352                                 rt->rt_dflags |= RTDF_RA;
2353                                 rt_proto_add(routes, rt);
2354                         }
2355                 }
2356                 if (rap->lifetime == 0)
2357                         continue;
2358                 if (ipv6_anyglobal(rap->iface) == NULL)
2359                         continue;
2360                 rt = inet6_makerouter(rap);
2361                 if (rt == NULL)
2362                         continue;
2363                 rt->rt_dflags |= RTDF_RA;
2364                 rt_proto_add(routes, rt);
2365         }
2366         return 0;
2367 }
2368
2369 #ifdef DHCP6
2370 static int
2371 inet6_dhcproutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx,
2372     enum DH6S dstate)
2373 {
2374         struct interface *ifp;
2375         const struct dhcp6_state *d6_state;
2376         const struct ipv6_addr *addr;
2377         struct rt *rt;
2378
2379         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2380                 d6_state = D6_CSTATE(ifp);
2381                 if (d6_state && d6_state->state == dstate) {
2382                         TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2383                                 rt = inet6_makeprefix(ifp, NULL, addr);
2384                                 if (rt == NULL)
2385                                         continue;
2386                                 rt->rt_dflags |= RTDF_DHCP;
2387                                 rt_proto_add(routes, rt);
2388                         }
2389                 }
2390         }
2391         return 0;
2392 }
2393 #endif
2394
2395 bool
2396 inet6_getroutes(struct dhcpcd_ctx *ctx, rb_tree_t *routes)
2397 {
2398
2399         /* Should static take priority? */
2400         if (inet6_staticroutes(routes, ctx) == -1)
2401                 return false;
2402
2403         /* First add reachable routers and their prefixes */
2404         if (inet6_raroutes(routes, ctx) == -1)
2405                 return false;
2406
2407 #ifdef DHCP6
2408         /* We have no way of knowing if prefixes added by DHCP are reachable
2409          * or not, so we have to assume they are.
2410          * Add bound before delegated so we can prefer interfaces better. */
2411         if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1)
2412                 return false;
2413         if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1)
2414                 return false;
2415 #endif
2416
2417         return true;
2418 }