1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * dhcpcd - DHCP client daemon
4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/param.h>
30 #include <sys/types.h>
31 #include <sys/socket.h>
34 #include <arpa/inet.h>
36 #include <net/route.h>
37 #include <netinet/in.h>
38 #include <netinet/if_ether.h>
42 #ifdef HAVE_SYS_BITOPS_H
43 #include <sys/bitops.h>
45 #include "compat/bitops.h"
49 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used
50 * to generate our CAN_ADD_LLADDR #define. */
51 # include <netinet6/in6_var.h>
52 # include <netinet6/nd6.h>
63 #define ELOOP_QUEUE ELOOP_IPV6
85 #ifndef SHA256_DIGEST_LENGTH
86 # define SHA256_DIGEST_LENGTH 32
89 #ifdef IPV6_POLLADDRFLAG
90 # warning kernel does not report IPv6 address flag changes
91 # warning polling tentative address flags periodically
94 /* Hackery at it's finest. */
97 # define s6_addr32 _S6_un._S6_u32
99 # define s6_addr32 __u6_addr.__u6_addr32
103 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \
104 defined(IFF_NOLINKLOCAL)
105 /* Only add the LL address if we have a carrier, so DaD works. */
106 #define CAN_ADD_LLADDR(ifp) \
107 (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN)
109 /* Although we can add our own LL address, we cannot drop it
110 * without unplumbing the if which is a lot of code.
111 * So just keep it for the time being. */
112 #define CAN_DROP_LLADDR(ifp) (0)
114 #define CAN_DROP_LLADDR(ifp) (1)
117 /* We have no control over the OS adding the LLADDR, so just let it do it
118 * as we cannot force our own view on it. */
119 #define CAN_ADD_LLADDR(ifp) (0)
120 #define CAN_DROP_LLADDR(ifp) (0)
123 #ifdef IPV6_MANAGETEMPADDR
124 static void ipv6_regentempaddr(void *);
128 ipv6_init(struct dhcpcd_ctx *ctx)
131 if (ctx->ra_routers != NULL)
134 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
135 if (ctx->ra_routers == NULL)
137 TAILQ_INIT(ctx->ra_routers);
147 ipv6_readsecret(struct dhcpcd_ctx *ctx)
156 if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0)
157 return (ssize_t)ctx->secret_len;
160 logerr("%s: %s", __func__, SECRET);
162 /* Chaining arc4random should be good enough.
163 * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
164 * To attempt and future proof ourselves, we'll generate a key of
165 * 512 bits (64 bytes). */
166 if (ctx->secret_len < 64) {
167 if ((ctx->secret = malloc(64)) == NULL) {
171 ctx->secret_len = 64;
174 for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
176 memcpy(p, &r, sizeof(r));
180 /* Ensure that only the dhcpcd user can read the secret.
181 * Write permission is also denied as changing it would remove
183 if ((fp = fopen(SECRET, "w")) == NULL ||
184 chmod(SECRET, S_IRUSR) == -1)
186 x = fprintf(fp, "%s\n",
187 hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)));
188 if (fclose(fp) == EOF)
192 return (ssize_t)ctx->secret_len;
195 logerr("%s: %s", __func__, SECRET);
203 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
205 static const struct reslowhigh {
206 const uint8_t high[8];
207 const uint8_t low[8];
209 /* RFC4291 + RFC6543 */
210 { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
211 { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
213 { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
214 { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
218 ipv6_reserved(const struct in6_addr *addr)
220 uint64_t id, low, high;
222 const struct reslowhigh *r;
224 id = be64dec(addr->s6_addr + sizeof(id));
225 if (id == 0) /* RFC4291 */
227 for (i = 0; i < __arraycount(reslowhigh); i++) {
229 low = be64dec(r->low);
230 high = be64dec(r->high);
231 if (id >= low && id <= high)
239 ipv6_makestableprivate1(struct dhcpcd_ctx *ctx,
240 struct in6_addr *addr, const struct in6_addr *prefix, int prefix_len,
241 const unsigned char *netiface, size_t netiface_len,
242 const unsigned char *netid, size_t netid_len,
243 unsigned short vlanid,
244 uint32_t *dad_counter)
246 unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
250 if (prefix_len < 0 || prefix_len > 120) {
255 if (ctx->secret_len == 0) {
256 if (ipv6_readsecret(ctx) == -1)
260 l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
261 len = l + netiface_len + netid_len + sizeof(*dad_counter) +
264 len += sizeof(vlanid);
265 if (len > sizeof(buf)) {
270 for (;; (*dad_counter)++) {
271 /* Combine all parameters into one buffer */
273 memcpy(p, prefix, l);
275 memcpy(p, netiface, netiface_len);
277 memcpy(p, netid, netid_len);
279 /* Don't use a vlanid if not set.
280 * This ensures prior versions have the same unique address. */
282 memcpy(p, &vlanid, sizeof(vlanid));
285 memcpy(p, dad_counter, sizeof(*dad_counter));
286 p += sizeof(*dad_counter);
287 memcpy(p, ctx->secret, ctx->secret_len);
289 /* Make an address using the digest of the above.
290 * RFC7217 Section 5.1 states that we shouldn't use MD5.
291 * Pity as we use that for HMAC-MD5 which is still deemed OK.
292 * SHA-256 is recommended */
293 SHA256_Init(&sha_ctx);
294 SHA256_Update(&sha_ctx, buf, len);
295 SHA256_Final(digest, &sha_ctx);
298 memcpy(p, prefix, l);
299 /* RFC7217 section 5.2 says we need to start taking the id from
300 * the least significant bit */
301 len = sizeof(addr->s6_addr) - l;
302 memcpy(p + l, digest + (sizeof(digest) - len), len);
304 /* Ensure that the Interface ID does not match a reserved one,
305 * if it does then treat it as a DAD failure.
306 * RFC7217 section 5.2 */
307 if (prefix_len != 64)
309 if (!ipv6_reserved(addr))
317 ipv6_makestableprivate(struct in6_addr *addr,
318 const struct in6_addr *prefix, int prefix_len,
319 const struct interface *ifp,
325 dad = (uint32_t)*dad_counter;
327 /* For our implementation, we shall set the hardware address
328 * as the interface identifier */
329 r = ipv6_makestableprivate1(ifp->ctx, addr, prefix, prefix_len,
330 ifp->hwaddr, ifp->hwlen,
331 ifp->ssid, ifp->ssid_len,
335 *dad_counter = (int)dad;
339 #ifdef IPV6_AF_TEMPORARY
341 ipv6_maketemporaryaddress(struct in6_addr *addr,
342 const struct in6_addr *prefix, int prefix_len,
343 const struct interface *ifp)
345 struct in6_addr mask;
346 struct interface *ifpn;
348 if (ipv6_mask(&mask, prefix_len) == -1)
353 addr->s6_addr32[2] |= (arc4random() & ~mask.s6_addr32[2]);
354 addr->s6_addr32[3] |= (arc4random() & ~mask.s6_addr32[3]);
356 TAILQ_FOREACH(ifpn, ifp->ctx->ifaces, next) {
357 if (ipv6_iffindaddr(ifpn, addr, 0) != NULL)
362 if (ipv6_reserved(addr))
369 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp,
370 const struct in6_addr *prefix, int prefix_len, unsigned int flags)
372 const struct ipv6_addr *ap;
375 if (prefix_len < 0 || prefix_len > 120) {
380 #ifdef IPV6_AF_TEMPORARY
381 if (flags & IPV6_AF_TEMPORARY)
382 return ipv6_maketemporaryaddress(addr, prefix, prefix_len, ifp);
387 if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
389 if (ipv6_makestableprivate(addr,
390 prefix, prefix_len, ifp, &dad) == -1)
395 if (prefix_len > 64) {
399 if ((ap = ipv6_linklocal(ifp)) == NULL) {
400 /* We delay a few functions until we get a local-link address
401 * so this should never be hit. */
406 /* Make the address from the first local-link address */
407 memcpy(addr, prefix, sizeof(*prefix));
408 addr->s6_addr32[2] = ap->addr.s6_addr32[2];
409 addr->s6_addr32[3] = ap->addr.s6_addr32[3];
414 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
416 struct in6_addr mask;
419 if (ipv6_mask(&mask, len) == -1)
422 for (i = 0; i < sizeof(prefix->s6_addr); i++)
423 prefix->s6_addr[i] &= mask.s6_addr[i];
428 ipv6_mask(struct in6_addr *mask, int len)
430 static const unsigned char masks[NBBY] =
431 { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
434 if (len < 0 || len > 128) {
439 memset(mask, 0, sizeof(*mask));
442 for (i = 0; i < bytes; i++)
443 mask->s6_addr[i] = 0xff;
445 /* Coverify false positive.
446 * bytelen cannot be 16 if bitlen is non zero */
447 /* coverity[overrun-local] */
448 mask->s6_addr[bytes] = masks[bits - 1];
454 ipv6_prefixlen(const struct in6_addr *mask)
457 const unsigned char *lim, *p;
459 lim = (const unsigned char *)mask + sizeof(*mask);
460 for (p = (const unsigned char *)mask; p < lim; x++, p++) {
466 for (y = 0; y < NBBY; y++) {
467 if ((*p & (0x80 >> y)) == 0)
473 * when the limit pointer is given, do a stricter check on the
477 if (y != 0 && (*p & (0x00ff >> y)) != 0)
479 for (p = p + 1; p < lim; p++)
484 return (uint8_t)(x * NBBY + y);
488 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
491 *vhigh = be64dec(addr->s6_addr);
492 *vlow = be64dec(addr->s6_addr + 8);
496 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
499 be64enc(addr->s6_addr, vhigh);
500 be64enc(addr->s6_addr + 8, vlow);
505 const struct in6_addr *prefix, // prefix from router
506 short prefix_len, // length of prefix received
507 uint64_t user_number, // "random" number from user
508 struct in6_addr *result, // resultant prefix
509 short result_len) // desired prefix length
511 uint64_t vh, vl, user_low, user_high;
513 if (prefix_len < 1 || prefix_len > 128 ||
514 result_len < 1 || result_len > 128)
520 /* Check that the user_number fits inside result_len less prefix_len */
521 if (result_len < prefix_len ||
522 fls64(user_number) > result_len - prefix_len)
528 /* If user_number is zero, just copy the prefix into the result. */
529 if (user_number == 0) {
534 /* Shift user_number so it fit's just inside result_len.
535 * Shifting by 0 or sizeof(user_number) is undefined,
536 * so we cater for that. */
537 if (result_len == 128) {
539 user_low = user_number;
540 } else if (result_len > 64) {
541 if (prefix_len >= 64)
544 user_high = user_number >> (result_len - prefix_len);
545 user_low = user_number << (128 - result_len);
546 } else if (result_len == 64) {
547 user_high = user_number;
550 user_high = user_number << (64 - result_len);
554 /* convert to two 64bit host order values */
555 in6_to_h64(&vh, &vl, prefix);
560 /* copy back result */
561 h64_to_in6(result, vh, vl);
566 #ifdef IPV6_POLLADDRFLAG
568 ipv6_checkaddrflags(void *arg)
570 struct ipv6_addr *ia;
580 if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) {
581 if (errno != EEXIST && errno != EADDRNOTAVAIL)
582 logerr("%s: if_addrflags6", __func__);
586 if (!(flags & IN6_IFF_TENTATIVE)) {
587 /* Simulate the kernel announcing the new address. */
588 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR,
589 ia->iface->ctx->ifaces, ia->iface->name,
590 &ia->addr, ia->prefix_len, flags, 0);
592 /* Still tentative? Check again in a bit. */
593 eloop_timeout_add_msec(ia->iface->ctx->eloop,
594 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
600 ipv6_deletedaddr(struct ipv6_addr *ia)
604 if (!(ia->iface->ctx->options & DHCPCD_MASTER))
605 ps_inet_closedhcp6(ia);
609 /* NOREJECT is set if we delegated exactly the prefix to another
611 * This can only be one address, so just clear the flag.
612 * This should ensure the reject route will be restored. */
613 if (ia->delegating_prefix != NULL)
614 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT;
619 ipv6_deleteaddr(struct ipv6_addr *ia)
621 struct ipv6_state *state;
622 struct ipv6_addr *ap;
624 loginfox("%s: deleting address %s", ia->iface->name, ia->saddr);
625 if (if_address6(RTM_DELADDR, ia) == -1 &&
626 errno != EADDRNOTAVAIL && errno != ESRCH &&
627 errno != ENXIO && errno != ENODEV)
630 ipv6_deletedaddr(ia);
632 state = IPV6_STATE(ia->iface);
633 TAILQ_FOREACH(ap, &state->addrs, next) {
634 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
635 TAILQ_REMOVE(&state->addrs, ap, next);
642 /* Advertise the address if it exists on another interface. */
643 ipv6nd_advertise(ia);
648 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now)
650 struct interface *ifp;
651 uint32_t pltime, vltime;
654 bool vltime_was_zero = ia->prefix_vltime == 0;
657 struct ipv6_state *state;
658 struct ipv6_addr *ia2;
660 /* If we re-add then address on Solaris then the prefix
661 * route will be scrubbed and re-added. Something might
662 * be using it, so let's avoid it. */
663 if (ia->flags & IPV6_AF_DADCOMPLETED) {
664 logdebugx("%s: IP address %s already exists",
665 ia->iface->name, ia->saddr);
674 /* Remember the interface of the address. */
677 if (!(ia->flags & IPV6_AF_DADCOMPLETED) &&
678 ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE))
679 ia->flags |= IPV6_AF_DADCOMPLETED;
681 /* Adjust plftime and vltime based on acquired time */
682 pltime = ia->prefix_pltime;
683 vltime = ia->prefix_vltime;
684 if (timespecisset(&ia->acquired) &&
685 (ia->prefix_pltime != ND6_INFINITE_LIFETIME ||
686 ia->prefix_vltime != ND6_INFINITE_LIFETIME))
692 clock_gettime(CLOCK_MONOTONIC, &n);
695 elapsed = (uint32_t)eloop_timespec_diff(now, &ia->acquired,
697 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) {
698 if (elapsed > ia->prefix_pltime)
699 ia->prefix_pltime = 0;
701 ia->prefix_pltime -= elapsed;
703 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) {
704 if (elapsed > ia->prefix_vltime)
705 ia->prefix_vltime = 0;
707 ia->prefix_vltime -= elapsed;
711 loglevel = ia->flags & IPV6_AF_NEW ? LOG_INFO : LOG_DEBUG;
712 logmessage(loglevel, "%s: adding %saddress %s", ifp->name,
713 #ifdef IPV6_AF_TEMPORARY
714 ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "",
719 if (ia->prefix_pltime == ND6_INFINITE_LIFETIME &&
720 ia->prefix_vltime == ND6_INFINITE_LIFETIME)
721 logdebugx("%s: pltime infinity, vltime infinity",
723 else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME)
724 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds",
725 ifp->name, ia->prefix_vltime);
726 else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME)
727 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity",
728 ifp->name, ia->prefix_pltime);
730 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32
732 ifp->name, ia->prefix_pltime, ia->prefix_vltime);
734 if (if_address6(RTM_NEWADDR, ia) == -1) {
736 /* Restore real pltime and vltime */
737 ia->prefix_pltime = pltime;
738 ia->prefix_vltime = vltime;
742 #ifdef IPV6_MANAGETEMPADDR
743 /* RFC4941 Section 3.4 */
744 if (ia->flags & IPV6_AF_TEMPORARY &&
747 ip6_use_tempaddr(ifp->name))
748 eloop_timeout_add_sec(ifp->ctx->eloop,
749 ia->prefix_pltime - REGEN_ADVANCE,
750 ipv6_regentempaddr, ia);
753 /* Restore real pltime and vltime */
754 ia->prefix_pltime = pltime;
755 ia->prefix_vltime = vltime;
757 ia->flags &= ~IPV6_AF_NEW;
758 ia->flags |= IPV6_AF_ADDED;
760 if (ia->delegating_prefix != NULL)
761 ia->flags |= IPV6_AF_DELEGATED;
764 #ifdef IPV6_POLLADDRFLAG
765 eloop_timeout_delete(ifp->ctx->eloop,
766 ipv6_checkaddrflags, ia);
767 if (!(ia->flags & IPV6_AF_DADCOMPLETED)) {
768 eloop_timeout_add_msec(ifp->ctx->eloop,
769 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
774 /* Solaris does not announce new addresses which need DaD
775 * so we need to take a copy and add it to our list.
776 * Otherwise aliasing gets confused if we add another
777 * address during DaD. */
779 state = IPV6_STATE(ifp);
780 TAILQ_FOREACH(ia2, &state->addrs, next) {
781 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr))
785 if ((ia2 = malloc(sizeof(*ia2))) == NULL) {
787 return 0; /* Well, we did add the address */
789 memcpy(ia2, ia, sizeof(*ia2));
790 TAILQ_INSERT_TAIL(&state->addrs, ia2, next);
798 /* Re-advertise the preferred address to be safe. */
799 if (!vltime_was_zero)
800 ipv6nd_advertise(ia);
807 /* Find the next logical alias address we can use. */
809 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl)
811 struct ipv6_state *state;
812 struct ipv6_addr *iap;
814 char alias[IF_NAMESIZE];
816 if (ia->alias[0] != '\0')
818 state = IPV6_STATE(ia->iface);
820 /* First find an existng address.
821 * This can happen when dhcpcd restarts as ND and DHCPv6
822 * maintain their own lists of addresses. */
823 TAILQ_FOREACH(iap, &state->addrs, next) {
824 if (iap->alias[0] != '\0' &&
825 IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
827 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
834 if (if_makealias(alias, IF_NAMESIZE, ia->iface->name, lun) >=
840 TAILQ_FOREACH(iap, &state->addrs, next) {
841 if (iap->alias[0] == '\0')
843 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) {
844 /* No address assigned? Lets use it. */
845 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
850 if (strcmp(iap->alias, alias) == 0)
855 if (lun == UINT_MAX) {
863 strlcpy(ia->alias, alias, sizeof(ia->alias));
869 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now)
874 struct ipv6_addr *replaced_ia;
876 blank = (ia->alias[0] == '\0');
877 if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1)
880 logdebugx("%s: aliased %s", ia->alias, ia->saddr);
883 if ((r = ipv6_addaddr1(ia, now)) == 0) {
886 struct ipv6_state *state;
888 state = IPV6_STATE(ia->iface);
889 TAILQ_REMOVE(&state->addrs, replaced_ia, next);
890 ipv6_freeaddr(replaced_ia);
898 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match,
904 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) ==
905 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED))
907 } else if (addr->prefix_vltime &&
908 IN6_ARE_ADDR_EQUAL(&addr->addr, match) &&
909 (!flags || addr->flags & flags))
916 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags)
918 struct ipv6_addr *nap;
920 struct ipv6_addr *dap;
923 nap = ipv6nd_findaddr(ctx, addr, flags);
925 dap = dhcp6_findaddr(ctx, addr, flags);
932 if (nap->iface->metric < dap->iface->metric)
941 ipv6_doaddr(struct ipv6_addr *ia, struct timespec *now)
944 /* A delegated prefix is not an address. */
945 if (ia->flags & IPV6_AF_DELEGATEDPFX)
948 if (ia->prefix_vltime == 0) {
949 if (ia->flags & IPV6_AF_ADDED)
951 eloop_q_timeout_delete(ia->iface->ctx->eloop,
952 ELOOP_QUEUE_ALL, NULL, ia);
953 if (ia->flags & IPV6_AF_REQUEST) {
954 ia->flags &= ~IPV6_AF_ADDED;
960 if (ia->flags & IPV6_AF_STALE ||
961 IN6_IS_ADDR_UNSPECIFIED(&ia->addr))
964 if (!timespecisset(now))
965 clock_gettime(CLOCK_MONOTONIC, now);
966 ipv6_addaddr(ia, now);
967 return ia->flags & IPV6_AF_NEW ? 1 : 0;
971 ipv6_addaddrs(struct ipv6_addrhead *iaddrs)
974 struct ipv6_addr *ia, *ian;
979 TAILQ_FOREACH_SAFE(ia, iaddrs, next, ian) {
980 r = ipv6_doaddr(ia, &now);
984 TAILQ_REMOVE(iaddrs, ia, next);
992 ipv6_freeaddr(struct ipv6_addr *ia)
994 struct eloop *eloop = ia->iface->ctx->eloop;
996 struct ipv6_addr *iad;
998 /* Forget the reference */
999 if (ia->flags & IPV6_AF_DELEGATEDPFX) {
1000 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) {
1001 iad->delegating_prefix = NULL;
1003 } else if (ia->delegating_prefix != NULL) {
1004 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next);
1008 if (ia->dhcp6_fd != -1) {
1009 close(ia->dhcp6_fd);
1010 eloop_event_delete(eloop, ia->dhcp6_fd);
1013 eloop_q_timeout_delete(eloop, ELOOP_QUEUE_ALL, NULL, ia);
1019 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
1020 const struct interface *ifd)
1022 struct ipv6_addr *ap, *apn, *apf;
1023 struct timespec now;
1028 timespecclear(&now);
1029 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
1032 (ap->delegating_prefix == NULL ||
1033 ap->delegating_prefix->iface != ifd))
1037 TAILQ_REMOVE(addrs, ap, next);
1038 if (drop && ap->flags & IPV6_AF_ADDED &&
1039 (ap->iface->options->options &
1040 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
1041 (DHCPCD_EXITING | DHCPCD_PERSISTENT))
1043 /* Don't drop link-local addresses. */
1044 if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) ||
1045 CAN_DROP_LLADDR(ap->iface))
1048 TAILQ_REMOVE(addrs, ap, next);
1049 /* Find the same address somewhere else */
1050 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr,
1053 (apf->iface != ap->iface)))
1054 ipv6_deleteaddr(ap);
1055 if (!(ap->iface->options->options &
1056 DHCPCD_EXITING) && apf)
1058 if (!timespecisset(&now))
1059 clock_gettime(CLOCK_MONOTONIC,
1061 ipv6_addaddr(apf, &now);
1072 static struct ipv6_state *
1073 ipv6_getstate(struct interface *ifp)
1075 struct ipv6_state *state;
1077 state = IPV6_STATE(ifp);
1078 if (state == NULL) {
1079 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
1080 state = IPV6_STATE(ifp);
1081 if (state == NULL) {
1085 TAILQ_INIT(&state->addrs);
1086 TAILQ_INIT(&state->ll_callbacks);
1092 ipv6_anyglobal(struct interface *sifp)
1094 struct interface *ifp;
1095 struct ipv6_state *state;
1096 struct ipv6_addr *ia;
1098 TAILQ_FOREACH(ifp, sifp->ctx->ifaces, next) {
1099 if (ifp != sifp && ip6_forwarding(ifp->name) != 1)
1102 state = IPV6_STATE(ifp);
1106 TAILQ_FOREACH(ia, &state->addrs, next) {
1107 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr))
1109 /* Let's be optimistic.
1110 * Any decent OS won't forward or accept traffic
1111 * from/to tentative or detached addresses. */
1112 if (!(ia->addr_flags & IN6_IFF_DUPLICATED))
1120 ipv6_handleifa(struct dhcpcd_ctx *ctx,
1121 int cmd, struct if_head *ifs, const char *ifname,
1122 const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid)
1124 struct interface *ifp;
1125 struct ipv6_state *state;
1126 struct ipv6_addr *ia;
1127 struct ll_callback *cb;
1131 struct sockaddr_in6 subnet;
1133 /* Solaris on-link route is an unspecified address! */
1134 if (IN6_IS_ADDR_UNSPECIFIED(addr)) {
1135 if (if_getsubnet(ctx, ifname, AF_INET6,
1136 &subnet, sizeof(subnet)) == -1)
1141 addr = &subnet.sin6_addr;
1146 char dbuf[INET6_ADDRSTRLEN];
1149 dbp = inet_ntop(AF_INET6, &addr->s6_addr,
1150 dbuf, INET6_ADDRSTRLEN);
1151 loginfox("%s: cmd %d addr %s addrflags %d",
1152 ifname, cmd, dbp, addrflags);
1159 if ((ifp = if_find(ifs, ifname)) == NULL)
1161 if ((state = ipv6_getstate(ifp)) == NULL)
1163 anyglobal = ipv6_anyglobal(ifp) != NULL;
1165 TAILQ_FOREACH(ia, &state->addrs, next) {
1166 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr))
1173 TAILQ_REMOVE(&state->addrs, ia, next);
1174 #ifdef ND6_ADVERTISE
1175 /* Advertise the address if it exists on
1176 * another interface. */
1177 ipv6nd_advertise(ia);
1179 /* We'll free it at the end of the function. */
1184 ia = ipv6_newaddr(ifp, addr, prefix_len, 0);
1186 strlcpy(ia->alias, ifname, sizeof(ia->alias));
1188 if (if_getlifetime6(ia) == -1) {
1189 /* No support or address vanished.
1190 * Either way, just set a deprecated
1191 * infinite time lifetime and continue.
1192 * This is fine because we only want
1193 * to know this when trying to extend
1194 * temporary addresses.
1195 * As we can't extend infinite, we'll
1196 * create a new temporary address. */
1197 ia->prefix_pltime = 0;
1199 ND6_INFINITE_LIFETIME;
1201 /* This is a minor regression against RFC 4941
1202 * because the kernel only knows when the
1203 * lifetimes were last updated, not when the
1204 * address was initially created.
1205 * Provided dhcpcd is not restarted, this
1206 * won't be a problem.
1207 * If we don't like it, we can always
1208 * pretend lifetimes are infinite and always
1209 * generate a new temporary address on
1211 ia->acquired = ia->created;
1212 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1214 ia->addr_flags = addrflags;
1215 ia->flags &= ~IPV6_AF_STALE;
1216 #ifdef IPV6_MANAGETEMPADDR
1217 if (ia->addr_flags & IN6_IFF_TEMPORARY)
1218 ia->flags |= IPV6_AF_TEMPORARY;
1220 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) {
1221 #ifdef IPV6_POLLADDRFLAG
1222 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1223 eloop_timeout_add_msec(
1224 ia->iface->ctx->eloop,
1225 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1230 if (ia->dadcallback) {
1231 ia->dadcallback(ia);
1232 if (ctx->options & DHCPCD_FORKED)
1236 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) &&
1237 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1239 /* Now run any callbacks.
1240 * Typically IPv6RS or DHCPv6 */
1242 TAILQ_FIRST(&state->ll_callbacks)))
1245 &state->ll_callbacks,
1247 cb->callback(cb->arg);
1249 if (ctx->options & DHCPCD_FORKED)
1260 ctx->options &= ~DHCPCD_RTBUILD;
1261 ipv6nd_handleifa(cmd, ia, pid);
1263 dhcp6_handleifa(cmd, ia, pid);
1267 /* Done with the ia now, so free it. */
1268 if (cmd == RTM_DELADDR)
1270 else if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1271 ia->flags |= IPV6_AF_DADCOMPLETED;
1273 /* If we've not already called rt_build via the IPv6ND
1274 * or DHCP6 handlers and the existance of any useable
1275 * global address on the interface has changed,
1276 * call rt_build to add/remove the default route. */
1278 ((ifp->options != NULL && ifp->options->options & DHCPCD_IPV6) ||
1279 (ifp->options == NULL && ctx->options & DHCPCD_IPV6)) &&
1280 !(ctx->options & DHCPCD_RTBUILD) &&
1281 (ipv6_anyglobal(ifp) != NULL) != anyglobal)
1282 rt_build(ctx, AF_INET6);
1286 ipv6_hasaddr(const struct interface *ifp)
1289 if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL)
1292 if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL)
1299 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr,
1302 struct ipv6_state *state;
1303 struct ipv6_addr *ap;
1305 state = IPV6_STATE(ifp);
1307 TAILQ_FOREACH(ap, &state->addrs, next) {
1309 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1310 (!revflags || !(ap->addr_flags & revflags)))
1313 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1314 (!revflags || !(ap->addr_flags & revflags)))
1322 static struct ipv6_addr *
1323 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr)
1325 struct ipv6_state *state;
1326 struct ipv6_addr *ap;
1327 struct in6_addr mask;
1329 state = IPV6_STATE(ifp);
1331 TAILQ_FOREACH(ap, &state->addrs, next) {
1332 if (ipv6_mask(&mask, ap->prefix_len) == -1)
1334 if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask))
1342 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr)
1344 struct interface *ifp;
1345 struct ipv6_addr *ap;
1347 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1348 ap = ipv6_iffindmaskaddr(ifp, addr);
1356 ipv6_addlinklocalcallback(struct interface *ifp,
1357 void (*callback)(void *), void *arg)
1359 struct ipv6_state *state;
1360 struct ll_callback *cb;
1362 state = ipv6_getstate(ifp);
1363 TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1364 if (cb->callback == callback && cb->arg == arg)
1368 cb = malloc(sizeof(*cb));
1373 cb->callback = callback;
1375 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1380 static struct ipv6_addr *
1381 ipv6_newlinklocal(struct interface *ifp)
1383 struct ipv6_addr *ia;
1384 struct in6_addr in6;
1386 memset(&in6, 0, sizeof(in6));
1387 in6.s6_addr32[0] = htonl(0xfe800000);
1388 ia = ipv6_newaddr(ifp, &in6, 64, 0);
1390 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1391 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1396 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1397 static const uint8_t allone[8] =
1398 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1401 ipv6_addlinklocal(struct interface *ifp)
1403 struct ipv6_state *state;
1404 struct ipv6_addr *ap, *ap2;
1407 /* Check sanity before malloc */
1408 if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1409 switch (ifp->family) {
1411 /* Check for a valid hardware address */
1412 if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1416 if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1417 memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1429 state = ipv6_getstate(ifp);
1433 ap = ipv6_newlinklocal(ifp);
1438 if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1440 if (ipv6_makestableprivate(&ap->addr,
1441 &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1446 ap->dadcounter = dadcounter;
1448 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1449 switch (ifp->family) {
1451 if (ifp->hwlen == 6) {
1452 ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1453 ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1454 ap->addr.s6_addr[10] = ifp->hwaddr[2];
1455 ap->addr.s6_addr[11] = 0xff;
1456 ap->addr.s6_addr[12] = 0xfe;
1457 ap->addr.s6_addr[13] = ifp->hwaddr[3];
1458 ap->addr.s6_addr[14] = ifp->hwaddr[4];
1459 ap->addr.s6_addr[15] = ifp->hwaddr[5];
1460 } else if (ifp->hwlen == 8)
1461 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1470 /* Sanity check: g bit must not indciate "group" */
1471 if (EUI64_GROUP(&ap->addr)) {
1476 EUI64_TO_IFID(&ap->addr);
1479 /* Do we already have this address? */
1480 TAILQ_FOREACH(ap2, &state->addrs, next) {
1481 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1482 if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1483 if (ifp->options->options &
1484 DHCPCD_SLAACPRIVATE)
1487 goto nextslaacprivate;
1490 errno = EADDRNOTAVAIL;
1494 logwarnx("%s: waiting for %s to complete",
1495 ap2->iface->name, ap2->saddr);
1502 inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1503 TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1504 ipv6_addaddr(ap, NULL);
1509 ipv6_tryaddlinklocal(struct interface *ifp)
1511 struct ipv6_addr *ia;
1513 /* We can't assign a link-locak address to this,
1514 * the ppp process has to. */
1515 if (ifp->flags & IFF_POINTOPOINT)
1518 ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED);
1520 #ifdef IPV6_POLLADDRFLAG
1521 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1522 eloop_timeout_add_msec(
1523 ia->iface->ctx->eloop,
1524 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1529 if (!CAN_ADD_LLADDR(ifp))
1532 return ipv6_addlinklocal(ifp);
1536 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr,
1537 uint8_t prefix_len, unsigned int flags)
1539 struct ipv6_addr *ia, *iaf;
1540 char buf[INET6_ADDRSTRLEN];
1545 #ifdef IPV6_AF_TEMPORARY
1546 tempaddr = flags & IPV6_AF_TEMPORARY;
1551 /* If adding a new DHCP / RA derived address, check current flags
1552 * from an existing address. */
1555 else if (flags & IPV6_AF_AUTOCONF)
1556 iaf = ipv6nd_iffindprefix(ifp, addr, prefix_len);
1558 iaf = ipv6_iffindaddr(ifp, addr, 0);
1560 addr_flags = iaf->addr_flags;
1561 flags |= IPV6_AF_ADDED;
1563 addr_flags = IN6_IFF_TENTATIVE;
1565 ia = calloc(1, sizeof(*ia));
1570 ia->addr_flags = addr_flags;
1571 ia->flags = IPV6_AF_NEW | flags;
1572 if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1573 ia->flags |= IPV6_AF_DADCOMPLETED;
1574 ia->prefix_len = prefix_len;
1578 TAILQ_INIT(&ia->pd_pfxs);
1581 if (prefix_len == 128)
1583 else if (ia->flags & IPV6_AF_AUTOCONF) {
1586 memcpy(&ia->addr, &iaf->addr, sizeof(ia->addr));
1588 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp,
1592 if (ia->dadcounter == -1)
1595 } else if (ia->flags & IPV6_AF_RAPFX) {
1599 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1604 } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX)) {
1606 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf));
1611 if (ipv6_makeprefix(&ia->prefix,
1612 &ia->addr, ia->prefix_len) == -1)
1616 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1620 snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len);
1631 ipv6_staticdadcallback(void *arg)
1633 struct ipv6_addr *ia = arg;
1636 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
1637 ia->flags |= IPV6_AF_DADCOMPLETED;
1638 if (ia->flags & IPV6_AF_DUPLICATED)
1639 logwarnx("%s: DAD detected %s", ia->iface->name,
1641 else if (!wascompleted) {
1642 logdebugx("%s: IPv6 static DAD completed",
1646 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1647 if (!wascompleted) {
1648 struct interface *ifp;
1649 struct ipv6_state *state;
1652 state = IPV6_STATE(ifp);
1653 TAILQ_FOREACH(ia, &state->addrs, next) {
1654 if (ia->flags & IPV6_AF_STATIC &&
1655 (ia->flags & FINISHED) != FINISHED)
1662 script_runreason(ifp, "STATIC6");
1668 ipv6_env(FILE *fp, const char *prefix, const struct interface *ifp)
1670 struct ipv6_addr *ia;
1672 ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6,
1673 IN6_IFF_NOTUSEABLE);
1676 if (efprintf(fp, "%s_ip6_address=%s", prefix, ia->saddr) == -1)
1682 ipv6_staticdadcompleted(const struct interface *ifp)
1684 const struct ipv6_state *state;
1685 const struct ipv6_addr *ia;
1688 if ((state = IPV6_CSTATE(ifp)) == NULL)
1691 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1692 TAILQ_FOREACH(ia, &state->addrs, next) {
1693 if ((ia->flags & COMPLETED) == COMPLETED &&
1694 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1701 ipv6_startstatic(struct interface *ifp)
1703 struct ipv6_addr *ia;
1706 if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6))
1709 ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0);
1711 (ia->prefix_len != ifp->options->req_prefix_len ||
1712 ia->addr_flags & IN6_IFF_NOTUSEABLE))
1714 ipv6_deleteaddr(ia);
1718 struct ipv6_state *state;
1720 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6,
1721 ifp->options->req_prefix_len, 0);
1724 state = IPV6_STATE(ifp);
1725 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1729 ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK;
1730 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1731 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1732 ia->dadcallback = ipv6_staticdadcallback;
1733 ipv6_addaddr(ia, NULL);
1734 rt_build(ifp->ctx, AF_INET6);
1736 script_runreason(ifp, "STATIC6");
1740 /* Ensure the interface has a link-local address */
1742 ipv6_start(struct interface *ifp)
1744 #ifdef IPV6_POLLADDRFLAG
1745 struct ipv6_state *state;
1747 /* We need to update the address flags. */
1748 if ((state = IPV6_STATE(ifp)) != NULL) {
1749 struct ipv6_addr *ia;
1753 TAILQ_FOREACH(ia, &state->addrs, next) {
1759 flags = if_addrflags6(ia->iface, &ia->addr, alias);
1761 ia->addr_flags = flags;
1766 if (ipv6_tryaddlinklocal(ifp) == -1)
1773 ipv6_freedrop(struct interface *ifp, int drop)
1775 struct ipv6_state *state;
1776 struct ll_callback *cb;
1781 if ((state = IPV6_STATE(ifp)) == NULL)
1784 /* If we got here, we can get rid of any LL callbacks. */
1785 while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1786 TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1790 ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1792 if (ifp->ctx->ra_routers != NULL)
1793 rt_build(ifp->ctx, AF_INET6);
1795 /* Because we need to cache the addresses we don't control,
1796 * we only free the state on when NOT dropping addresses. */
1798 ifp->if_data[IF_DATA_IPV6] = NULL;
1799 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1804 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1807 free(ctx->ra_routers);
1812 ipv6_handleifa_addrs(int cmd,
1813 struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid)
1815 struct ipv6_addr *ia, *ian;
1816 uint8_t found, alldadcompleted;
1818 alldadcompleted = 1;
1820 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
1821 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) {
1822 if (ia->flags & IPV6_AF_ADDED &&
1823 !(ia->flags & IPV6_AF_DADCOMPLETED))
1824 alldadcompleted = 0;
1829 if (ia->flags & IPV6_AF_ADDED) {
1830 logwarnx("%s: pid %d deleted address %s",
1831 ia->iface->name, pid, ia->saddr);
1832 ia->flags &= ~IPV6_AF_ADDED;
1834 ipv6_deletedaddr(ia);
1835 if (ia->flags & IPV6_AF_DELEGATED) {
1836 TAILQ_REMOVE(addrs, ia, next);
1841 /* Safety - ignore tentative announcements */
1842 if (addr->addr_flags &
1843 (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE))
1845 if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) {
1847 if (addr->addr_flags & IN6_IFF_DUPLICATED)
1848 ia->flags |= IPV6_AF_DUPLICATED;
1850 ia->flags &= ~IPV6_AF_DUPLICATED;
1851 if (ia->dadcallback)
1852 ia->dadcallback(ia);
1853 /* We need to set this here in-case the
1854 * dadcallback function checks it */
1855 ia->flags |= IPV6_AF_DADCOMPLETED;
1861 return alldadcompleted ? found : 0;
1864 #ifdef IPV6_MANAGETEMPADDR
1866 ipv6_regen_desync(struct interface *ifp, bool force)
1868 struct ipv6_state *state;
1869 unsigned int max, pref;
1871 state = IPV6_STATE(ifp);
1873 /* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1874 * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1875 * I believe this is an error and it should be never be greater than
1876 * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1877 pref = (unsigned int)ip6_temp_preferred_lifetime(ifp->name);
1878 max = pref - REGEN_ADVANCE;
1879 if (state->desync_factor && !force && state->desync_factor < max)
1881 if (state->desync_factor == 0)
1882 state->desync_factor =
1883 arc4random_uniform(MIN(MAX_DESYNC_FACTOR, max));
1884 max = pref - state->desync_factor - REGEN_ADVANCE;
1885 eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempaddrs, ifp);
1888 /* RFC4941 Section 3.3.7 */
1890 ipv6_tempdadcallback(void *arg)
1892 struct ipv6_addr *ia = arg;
1894 if (ia->flags & IPV6_AF_DUPLICATED) {
1895 struct ipv6_addr *ia1;
1898 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1899 logerrx("%s: too many duplicate temporary addresses",
1903 clock_gettime(CLOCK_MONOTONIC, &tv);
1904 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1907 ia1->dadcounter = ia->dadcounter;
1908 ipv6_deleteaddr(ia);
1910 ipv6_addaddr(ia1, &ia1->acquired);
1915 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1917 struct ipv6_state *state;
1918 struct interface *ifp = ia0->iface;
1919 struct ipv6_addr *ia;
1922 ia = ipv6_newaddr(ifp, &ia0->prefix, ia0->prefix_len,
1923 IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY);
1927 ia->dadcallback = ipv6_tempdadcallback;
1928 ia->created = ia->acquired = now ? *now : ia0->acquired;
1930 /* Ensure desync is still valid */
1931 ipv6_regen_desync(ifp, false);
1933 /* RFC4941 Section 3.3.4 */
1934 state = IPV6_STATE(ia->iface);
1935 i = (uint32_t)ip6_temp_preferred_lifetime(ifp->name) -
1936 state->desync_factor;
1937 ia->prefix_pltime = MIN(ia0->prefix_pltime, i);
1938 i = (uint32_t)ip6_temp_valid_lifetime(ifp->name);
1939 ia->prefix_vltime = MIN(ia0->prefix_vltime, i);
1940 if (ia->prefix_pltime <= REGEN_ADVANCE ||
1941 ia->prefix_pltime > ia0->prefix_vltime)
1948 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1953 ipv6_settemptime(struct ipv6_addr *ia, int flags)
1955 struct ipv6_state *state;
1956 struct ipv6_addr *ap, *first;
1958 state = IPV6_STATE(ia->iface);
1960 TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
1961 if (ap->flags & IPV6_AF_TEMPORARY &&
1962 ap->prefix_pltime &&
1963 IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
1965 unsigned int max, ext;
1968 if (ap->prefix_pltime -
1969 (uint32_t)(ia->acquired.tv_sec -
1970 ap->acquired.tv_sec)
1977 if (!(ap->flags & IPV6_AF_ADDED))
1978 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
1979 ap->flags &= ~IPV6_AF_STALE;
1981 /* RFC4941 Section 3.4
1982 * Deprecated prefix, deprecate the temporary address */
1983 if (ia->prefix_pltime == 0) {
1984 ap->prefix_pltime = 0;
1988 /* Ensure desync is still valid */
1989 ipv6_regen_desync(ap->iface, false);
1991 /* RFC4941 Section 3.3.2
1992 * Extend temporary times, but ensure that they
1993 * never last beyond the system limit. */
1994 ext = (unsigned int)ia->acquired.tv_sec
1995 + ia->prefix_pltime;
1996 max = (unsigned int)(ap->created.tv_sec +
1997 ip6_temp_preferred_lifetime(ap->iface->name) -
1998 state->desync_factor);
2000 ap->prefix_pltime = ia->prefix_pltime;
2003 (uint32_t)(max - ia->acquired.tv_sec);
2006 ext = (unsigned int)ia->acquired.tv_sec +
2008 max = (unsigned int)(ap->created.tv_sec +
2009 ip6_temp_valid_lifetime(ap->iface->name));
2011 ap->prefix_vltime = ia->prefix_vltime;
2014 (uint32_t)(max - ia->acquired.tv_sec);
2016 /* Just extend the latest matching prefix */
2017 ap->acquired = ia->acquired;
2019 /* If extending return the last match as
2020 * it's the most current.
2021 * If deprecating, deprecate any other addresses we
2022 * may have, although this should not be needed */
2023 if (ia->prefix_pltime)
2033 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
2035 struct ipv6_state *state;
2036 struct ipv6_addr *ia;
2038 state = IPV6_STATE(ifp);
2039 TAILQ_FOREACH(ia, &state->addrs, next) {
2040 if (ia->flags & IPV6_AF_TEMPORARY &&
2041 !(ia->flags & IPV6_AF_STALE))
2042 ipv6_addaddr(ia, now);
2047 ipv6_regentempaddr0(struct ipv6_addr *ia, struct timespec *tv)
2049 struct ipv6_addr *ia1;
2051 logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr);
2052 ia1 = ipv6_createtempaddr(ia, tv);
2054 ipv6_addaddr(ia1, tv);
2060 ipv6_regentempaddr(void *arg)
2064 clock_gettime(CLOCK_MONOTONIC, &tv);
2065 ipv6_regentempaddr0(arg, &tv);
2069 ipv6_regentempaddrs(void *arg)
2071 struct interface *ifp = arg;
2073 struct ipv6_state *state;
2074 struct ipv6_addr *ia;
2076 ipv6_regen_desync(ifp, true);
2078 clock_gettime(CLOCK_MONOTONIC, &tv);
2079 state = IPV6_STATE(ifp);
2080 TAILQ_FOREACH(ia, &state->addrs, next) {
2081 if (ia->flags & IPV6_AF_TEMPORARY &&
2082 !(ia->flags & IPV6_AF_STALE))
2083 ipv6_regentempaddr0(ia, &tv);
2086 #endif /* IPV6_MANAGETEMPADDR */
2089 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags)
2091 struct ipv6_state *state;
2092 struct ipv6_addr *ia;
2094 state = IPV6_STATE(ifp);
2098 TAILQ_FOREACH(ia, &state->addrs, next) {
2099 if (flags == 0 || ia->flags & flags)
2100 ia->flags |= IPV6_AF_STALE;
2105 ipv6_deletestaleaddrs(struct interface *ifp)
2107 struct ipv6_state *state;
2108 struct ipv6_addr *ia, *ia1;
2110 state = IPV6_STATE(ifp);
2114 TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) {
2115 if (ia->flags & IPV6_AF_STALE)
2116 ipv6_handleifa(ifp->ctx, RTM_DELADDR,
2117 ifp->ctx->ifaces, ifp->name,
2118 &ia->addr, ia->prefix_len, 0, getpid());
2124 inet6_makeroute(struct interface *ifp, const struct ra *rap)
2128 if ((rt = rt_new(ifp)) == NULL)
2131 #ifdef HAVE_ROUTE_METRIC
2132 rt->rt_metric = ifp->metric;
2135 rt->rt_mtu = rap->mtu;
2140 inet6_makeprefix(struct interface *ifp, const struct ra *rap,
2141 const struct ipv6_addr *addr)
2144 struct in6_addr netmask;
2146 if (addr == NULL || addr->prefix_len > 128) {
2151 /* There is no point in trying to manage a /128 prefix,
2152 * ones without a lifetime. */
2153 if (addr->prefix_len == 128 || addr->prefix_vltime == 0)
2156 /* Don't install a reject route when not creating bigger prefixes. */
2157 if (addr->flags & IPV6_AF_NOREJECT)
2160 /* This address is the delegated prefix, so add a reject route for
2161 * it via the loopback interface. */
2162 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2163 struct interface *lo0;
2165 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) {
2166 if (lo0->flags & IFF_LOOPBACK)
2170 logwarnx("cannot find a loopback interface "
2176 if ((rt = inet6_makeroute(ifp, rap)) == NULL)
2179 sa_in6_init(&rt->rt_dest, &addr->prefix);
2180 ipv6_mask(&netmask, addr->prefix_len);
2181 sa_in6_init(&rt->rt_netmask, &netmask);
2182 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2183 rt->rt_flags |= RTF_REJECT;
2184 /* Linux does not like a gateway for a reject route. */
2186 sa_in6_init(&rt->rt_gateway, &in6addr_loopback);
2188 } else if (!(addr->flags & IPV6_AF_ONLINK))
2189 sa_in6_init(&rt->rt_gateway, &rap->from);
2191 rt->rt_gateway.sa_family = AF_UNSPEC;
2192 sa_in6_init(&rt->rt_ifa, &addr->addr);
2197 inet6_makerouter(struct ra *rap)
2201 if ((rt = inet6_makeroute(rap->iface, rap)) == NULL)
2203 sa_in6_init(&rt->rt_dest, &in6addr_any);
2204 sa_in6_init(&rt->rt_netmask, &in6addr_any);
2205 sa_in6_init(&rt->rt_gateway, &rap->from);
2209 #define RT_IS_DEFAULT(rtp) \
2210 (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) && \
2211 IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any))
2214 inet6_staticroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2216 struct interface *ifp;
2217 struct ipv6_state *state;
2218 struct ipv6_addr *ia;
2221 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2222 if ((state = IPV6_STATE(ifp)) == NULL)
2224 TAILQ_FOREACH(ia, &state->addrs, next) {
2225 if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) ==
2226 (IPV6_AF_ADDED | IPV6_AF_STATIC))
2228 rt = inet6_makeprefix(ifp, NULL, ia);
2230 rt_proto_add(routes, rt);
2238 inet6_raroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2242 const struct ipv6_addr *addr;
2244 if (ctx->ra_routers == NULL)
2247 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
2250 TAILQ_FOREACH(addr, &rap->addrs, next) {
2251 if (addr->prefix_vltime == 0)
2253 rt = inet6_makeprefix(rap->iface, rap, addr);
2255 rt->rt_dflags |= RTDF_RA;
2256 #ifdef HAVE_ROUTE_PREF
2257 rt->rt_pref = ipv6nd_rtpref(rap);
2259 rt_proto_add(routes, rt);
2262 if (rap->lifetime == 0)
2264 if (ipv6_anyglobal(rap->iface) == NULL)
2266 rt = inet6_makerouter(rap);
2269 rt->rt_dflags |= RTDF_RA;
2270 #ifdef HAVE_ROUTE_PREF
2271 rt->rt_pref = ipv6nd_rtpref(rap);
2273 rt_proto_add(routes, rt);
2280 inet6_dhcproutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx,
2283 struct interface *ifp;
2284 const struct dhcp6_state *d6_state;
2285 const struct ipv6_addr *addr;
2288 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2289 d6_state = D6_CSTATE(ifp);
2290 if (d6_state && d6_state->state == dstate) {
2291 TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2292 rt = inet6_makeprefix(ifp, NULL, addr);
2295 rt->rt_dflags |= RTDF_DHCP;
2296 rt_proto_add(routes, rt);
2305 inet6_getroutes(struct dhcpcd_ctx *ctx, rb_tree_t *routes)
2308 /* Should static take priority? */
2309 if (inet6_staticroutes(routes, ctx) == -1)
2312 /* First add reachable routers and their prefixes */
2313 if (inet6_raroutes(routes, ctx) == -1)
2317 /* We have no way of knowing if prefixes added by DHCP are reachable
2318 * or not, so we have to assume they are.
2319 * Add bound before delegated so we can prefer interfaces better. */
2320 if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1)
2322 if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1)