projects / dragonfly.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update to dhcpcd-9.0.1 with the following changes:
[dragonfly.git] / contrib / dhcpcd / src / ipv6.c
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * dhcpcd - DHCP client daemon
4  * Copyright (c) 2006-2020 Roy Marples <roy@marples.name>
5  * All rights reserved
6
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28
29 #include <sys/param.h>
30 #include <sys/types.h>
31 #include <sys/socket.h>
32 #include <sys/stat.h>
33
34 #include <arpa/inet.h>
35 #include <net/if.h>
36 #include <net/route.h>
37 #include <netinet/in.h>
38 #include <netinet/if_ether.h>
39
40 #include "config.h"
41
42 #ifdef HAVE_SYS_BITOPS_H
43 #include <sys/bitops.h>
44 #else
45 #include "compat/bitops.h"
46 #endif
47
48 #ifdef BSD
49 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used
50  * to generate our CAN_ADD_LLADDR #define. */
51 #  include <netinet6/in6_var.h>
52 #  include <netinet6/nd6.h>
53 #endif
54
55 #include <errno.h>
56 #include <ifaddrs.h>
57 #include <inttypes.h>
58 #include <stdlib.h>
59 #include <string.h>
60 #include <syslog.h>
61 #include <unistd.h>
62
63 #define ELOOP_QUEUE     ELOOP_IPV6
64 #include "common.h"
65 #include "if.h"
66 #include "dhcpcd.h"
67 #include "dhcp6.h"
68 #include "eloop.h"
69 #include "ipv6.h"
70 #include "ipv6nd.h"
71 #include "logerr.h"
72 #include "sa.h"
73 #include "script.h"
74
75 #ifdef HAVE_MD5_H
76 #  ifndef DEPGEN
77 #    include <md5.h>
78 #  endif
79 #endif
80
81 #ifdef SHA2_H
82 #  include SHA2_H
83 #endif
84
85 #ifndef SHA256_DIGEST_LENGTH
86 #  define SHA256_DIGEST_LENGTH          32
87 #endif
88
89 #ifdef IPV6_POLLADDRFLAG
90 #  warning kernel does not report IPv6 address flag changes
91 #  warning polling tentative address flags periodically
92 #endif
93
94 /* Hackery at it's finest. */
95 #ifndef s6_addr32
96 #  ifdef __sun
97 #    define s6_addr32   _S6_un._S6_u32
98 #  else
99 #    define s6_addr32   __u6_addr.__u6_addr32
100 #  endif
101 #endif
102
103 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \
104     defined(IFF_NOLINKLOCAL)
105 /* Only add the LL address if we have a carrier, so DaD works. */
106 #define CAN_ADD_LLADDR(ifp) \
107     (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN)
108 #ifdef __sun
109 /* Although we can add our own LL address, we cannot drop it
110  * without unplumbing the if which is a lot of code.
111  * So just keep it for the time being. */
112 #define CAN_DROP_LLADDR(ifp)    (0)
113 #else
114 #define CAN_DROP_LLADDR(ifp)    (1)
115 #endif
116 #else
117 /* We have no control over the OS adding the LLADDR, so just let it do it
118  * as we cannot force our own view on it. */
119 #define CAN_ADD_LLADDR(ifp)     (0)
120 #define CAN_DROP_LLADDR(ifp)    (0)
121 #endif
122
123 #ifdef IPV6_MANAGETEMPADDR
124 static void ipv6_regentempaddr(void *);
125 #endif
126
127 int
128 ipv6_init(struct dhcpcd_ctx *ctx)
129 {
130
131         if (ctx->ra_routers != NULL)
132                 return 0;
133
134         ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
135         if (ctx->ra_routers == NULL)
136                 return -1;
137         TAILQ_INIT(ctx->ra_routers);
138
139 #ifndef __sun
140         ctx->nd_fd = -1;
141 #endif
142         ctx->dhcp6_fd = -1;
143         return 0;
144 }
145
146 static ssize_t
147 ipv6_readsecret(struct dhcpcd_ctx *ctx)
148 {
149         FILE *fp;
150         char line[1024];
151         unsigned char *p;
152         size_t len;
153         uint32_t r;
154         int x;
155
156         if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0)
157                 return (ssize_t)ctx->secret_len;
158
159         if (errno != ENOENT)
160                 logerr("%s: %s", __func__, SECRET);
161
162         /* Chaining arc4random should be good enough.
163          * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
164          * To attempt and future proof ourselves, we'll generate a key of
165          * 512 bits (64 bytes). */
166         if (ctx->secret_len < 64) {
167                 if ((ctx->secret = malloc(64)) == NULL) {
168                         logerr(__func__);
169                         return -1;
170                 }
171                 ctx->secret_len = 64;
172         }
173         p = ctx->secret;
174         for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
175                 r = arc4random();
176                 memcpy(p, &r, sizeof(r));
177                 p += sizeof(r);
178         }
179
180         /* Ensure that only the dhcpcd user can read the secret.
181          * Write permission is also denied as changing it would remove
182          * it's stability. */
183         if ((fp = fopen(SECRET, "w")) == NULL ||
184             chmod(SECRET, S_IRUSR) == -1)
185                 goto eexit;
186         x = fprintf(fp, "%s\n",
187             hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)));
188         if (fclose(fp) == EOF)
189                 x = -1;
190         fp = NULL;
191         if (x > 0)
192                 return (ssize_t)ctx->secret_len;
193
194 eexit:
195         logerr("%s: %s", __func__, SECRET);
196         if (fp != NULL)
197                 fclose(fp);
198         unlink(SECRET);
199         ctx->secret_len = 0;
200         return -1;
201 }
202
203 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
204  * RFC5453 */
205 static const struct reslowhigh {
206         const uint8_t high[8];
207         const uint8_t low[8];
208 } reslowhigh[] = {
209         /* RFC4291 + RFC6543 */
210         { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
211           { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
212         /* RFC2526 */
213         { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
214           { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
215 };
216
217 static bool
218 ipv6_reserved(const struct in6_addr *addr)
219 {
220         uint64_t id, low, high;
221         size_t i;
222         const struct reslowhigh *r;
223
224         id = be64dec(addr->s6_addr + sizeof(id));
225         if (id == 0) /* RFC4291 */
226                 return 1;
227         for (i = 0; i < __arraycount(reslowhigh); i++) {
228                 r = &reslowhigh[i];
229                 low = be64dec(r->low);
230                 high = be64dec(r->high);
231                 if (id >= low && id <= high)
232                         return true;
233         }
234         return false;
235 }
236
237 /* RFC7217 */
238 static int
239 ipv6_makestableprivate1(struct dhcpcd_ctx *ctx,
240     struct in6_addr *addr, const struct in6_addr *prefix, int prefix_len,
241     const unsigned char *netiface, size_t netiface_len,
242     const unsigned char *netid, size_t netid_len,
243     unsigned short vlanid,
244     uint32_t *dad_counter)
245 {
246         unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
247         size_t len, l;
248         SHA256_CTX sha_ctx;
249
250         if (prefix_len < 0 || prefix_len > 120) {
251                 errno = EINVAL;
252                 return -1;
253         }
254
255         if (ctx->secret_len == 0) {
256                 if (ipv6_readsecret(ctx) == -1)
257                         return -1;
258         }
259
260         l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
261         len = l + netiface_len + netid_len + sizeof(*dad_counter) +
262             ctx->secret_len;
263         if (vlanid != 0)
264                 len += sizeof(vlanid);
265         if (len > sizeof(buf)) {
266                 errno = ENOBUFS;
267                 return -1;
268         }
269
270         for (;; (*dad_counter)++) {
271                 /* Combine all parameters into one buffer */
272                 p = buf;
273                 memcpy(p, prefix, l);
274                 p += l;
275                 memcpy(p, netiface, netiface_len);
276                 p += netiface_len;
277                 memcpy(p, netid, netid_len);
278                 p += netid_len;
279                 /* Don't use a vlanid if not set.
280                  * This ensures prior versions have the same unique address. */
281                 if (vlanid != 0) {
282                         memcpy(p, &vlanid, sizeof(vlanid));
283                         p += sizeof(vlanid);
284                 }
285                 memcpy(p, dad_counter, sizeof(*dad_counter));
286                 p += sizeof(*dad_counter);
287                 memcpy(p, ctx->secret, ctx->secret_len);
288
289                 /* Make an address using the digest of the above.
290                  * RFC7217 Section 5.1 states that we shouldn't use MD5.
291                  * Pity as we use that for HMAC-MD5 which is still deemed OK.
292                  * SHA-256 is recommended */
293                 SHA256_Init(&sha_ctx);
294                 SHA256_Update(&sha_ctx, buf, len);
295                 SHA256_Final(digest, &sha_ctx);
296
297                 p = addr->s6_addr;
298                 memcpy(p, prefix, l);
299                 /* RFC7217 section 5.2 says we need to start taking the id from
300                  * the least significant bit */
301                 len = sizeof(addr->s6_addr) - l;
302                 memcpy(p + l, digest + (sizeof(digest) - len), len);
303
304                 /* Ensure that the Interface ID does not match a reserved one,
305                  * if it does then treat it as a DAD failure.
306                  * RFC7217 section 5.2 */
307                 if (prefix_len != 64)
308                         break;
309                 if (!ipv6_reserved(addr))
310                         break;
311         }
312
313         return 0;
314 }
315
316 int
317 ipv6_makestableprivate(struct in6_addr *addr,
318     const struct in6_addr *prefix, int prefix_len,
319     const struct interface *ifp,
320     int *dad_counter)
321 {
322         uint32_t dad;
323         int r;
324
325         dad = (uint32_t)*dad_counter;
326
327         /* For our implementation, we shall set the hardware address
328          * as the interface identifier */
329         r = ipv6_makestableprivate1(ifp->ctx, addr, prefix, prefix_len,
330             ifp->hwaddr, ifp->hwlen,
331             ifp->ssid, ifp->ssid_len,
332             ifp->vlanid, &dad);
333
334         if (r == 0)
335                 *dad_counter = (int)dad;
336         return r;
337 }
338
339 #ifdef IPV6_AF_TEMPORARY
340 static int
341 ipv6_maketemporaryaddress(struct in6_addr *addr,
342     const struct in6_addr *prefix, int prefix_len,
343     const struct interface *ifp)
344 {
345         struct in6_addr mask;
346         struct interface *ifpn;
347
348         if (ipv6_mask(&mask, prefix_len) == -1)
349                 return -1;
350         *addr = *prefix;
351
352 again:
353         addr->s6_addr32[2] |= (arc4random() & ~mask.s6_addr32[2]);
354         addr->s6_addr32[3] |= (arc4random() & ~mask.s6_addr32[3]);
355
356         TAILQ_FOREACH(ifpn, ifp->ctx->ifaces, next) {
357                 if (ipv6_iffindaddr(ifpn, addr, 0) != NULL)
358                         break;
359         }
360         if (ifpn != NULL)
361                 goto again;
362         if (ipv6_reserved(addr))
363                 goto again;
364         return 0;
365 }
366 #endif
367
368 int
369 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp,
370     const struct in6_addr *prefix, int prefix_len, unsigned int flags)
371 {
372         const struct ipv6_addr *ap;
373         int dad;
374
375         if (prefix_len < 0 || prefix_len > 120) {
376                 errno = EINVAL;
377                 return -1;
378         }
379
380 #ifdef IPV6_AF_TEMPORARY
381         if (flags & IPV6_AF_TEMPORARY)
382                 return ipv6_maketemporaryaddress(addr, prefix, prefix_len, ifp);
383 #else
384         UNUSED(flags);
385 #endif
386
387         if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
388                 dad = 0;
389                 if (ipv6_makestableprivate(addr,
390                     prefix, prefix_len, ifp, &dad) == -1)
391                         return -1;
392                 return dad;
393         }
394
395         if (prefix_len > 64) {
396                 errno = EINVAL;
397                 return -1;
398         }
399         if ((ap = ipv6_linklocal(ifp)) == NULL) {
400                 /* We delay a few functions until we get a local-link address
401                  * so this should never be hit. */
402                 errno = ENOENT;
403                 return -1;
404         }
405
406         /* Make the address from the first local-link address */
407         memcpy(addr, prefix, sizeof(*prefix));
408         addr->s6_addr32[2] = ap->addr.s6_addr32[2];
409         addr->s6_addr32[3] = ap->addr.s6_addr32[3];
410         return 0;
411 }
412
413 static int
414 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
415 {
416         struct in6_addr mask;
417         size_t i;
418
419         if (ipv6_mask(&mask, len) == -1)
420                 return -1;
421         *prefix = *addr;
422         for (i = 0; i < sizeof(prefix->s6_addr); i++)
423                 prefix->s6_addr[i] &= mask.s6_addr[i];
424         return 0;
425 }
426
427 int
428 ipv6_mask(struct in6_addr *mask, int len)
429 {
430         static const unsigned char masks[NBBY] =
431             { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
432         int bytes, bits, i;
433
434         if (len < 0 || len > 128) {
435                 errno = EINVAL;
436                 return -1;
437         }
438
439         memset(mask, 0, sizeof(*mask));
440         bytes = len / NBBY;
441         bits = len % NBBY;
442         for (i = 0; i < bytes; i++)
443                 mask->s6_addr[i] = 0xff;
444         if (bits != 0) {
445                 /* Coverify false positive.
446                  * bytelen cannot be 16 if bitlen is non zero */
447                 /* coverity[overrun-local] */
448                 mask->s6_addr[bytes] = masks[bits - 1];
449         }
450         return 0;
451 }
452
453 uint8_t
454 ipv6_prefixlen(const struct in6_addr *mask)
455 {
456         int x = 0, y;
457         const unsigned char *lim, *p;
458
459         lim = (const unsigned char *)mask + sizeof(*mask);
460         for (p = (const unsigned char *)mask; p < lim; x++, p++) {
461                 if (*p != 0xff)
462                         break;
463         }
464         y = 0;
465         if (p < lim) {
466                 for (y = 0; y < NBBY; y++) {
467                         if ((*p & (0x80 >> y)) == 0)
468                                 break;
469                 }
470         }
471
472         /*
473          * when the limit pointer is given, do a stricter check on the
474          * remaining bits.
475          */
476         if (p < lim) {
477                 if (y != 0 && (*p & (0x00ff >> y)) != 0)
478                         return 0;
479                 for (p = p + 1; p < lim; p++)
480                         if (*p != 0)
481                                 return 0;
482         }
483
484         return (uint8_t)(x * NBBY + y);
485 }
486
487 static void
488 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
489 {
490
491         *vhigh = be64dec(addr->s6_addr);
492         *vlow = be64dec(addr->s6_addr + 8);
493 }
494
495 static void
496 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
497 {
498
499         be64enc(addr->s6_addr, vhigh);
500         be64enc(addr->s6_addr + 8, vlow);
501 }
502
503 int
504 ipv6_userprefix(
505         const struct in6_addr *prefix,  // prefix from router
506         short prefix_len,               // length of prefix received
507         uint64_t user_number,           // "random" number from user
508         struct in6_addr *result,        // resultant prefix
509         short result_len)               // desired prefix length
510 {
511         uint64_t vh, vl, user_low, user_high;
512
513         if (prefix_len < 1 || prefix_len > 128 ||
514             result_len < 1 || result_len > 128)
515         {
516                 errno = EINVAL;
517                 return -1;
518         }
519
520         /* Check that the user_number fits inside result_len less prefix_len */
521         if (result_len < prefix_len ||
522             fls64(user_number) > result_len - prefix_len)
523         {
524                errno = ERANGE;
525                return -1;
526         }
527
528         /* If user_number is zero, just copy the prefix into the result. */
529         if (user_number == 0) {
530                 *result = *prefix;
531                 return 0;
532         }
533
534         /* Shift user_number so it fit's just inside result_len.
535          * Shifting by 0 or sizeof(user_number) is undefined,
536          * so we cater for that. */
537         if (result_len == 128) {
538                 user_high = 0;
539                 user_low = user_number;
540         } else if (result_len > 64) {
541                 if (prefix_len >= 64)
542                         user_high = 0;
543                 else
544                         user_high = user_number >> (result_len - prefix_len);
545                 user_low = user_number << (128 - result_len);
546         } else if (result_len == 64) {
547                 user_high = user_number;
548                 user_low = 0;
549         } else {
550                 user_high = user_number << (64 - result_len);
551                 user_low = 0;
552         }
553
554         /* convert to two 64bit host order values */
555         in6_to_h64(&vh, &vl, prefix);
556
557         vh |= user_high;
558         vl |= user_low;
559
560         /* copy back result */
561         h64_to_in6(result, vh, vl);
562
563         return 0;
564 }
565
566 #ifdef IPV6_POLLADDRFLAG
567 void
568 ipv6_checkaddrflags(void *arg)
569 {
570         struct ipv6_addr *ia;
571         int flags;
572         const char *alias;
573
574         ia = arg;
575 #ifdef ALIAS_ADDR
576         alias = ia->alias;
577 #else
578         alias = NULL;
579 #endif
580         if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) {
581                 if (errno != EEXIST && errno != EADDRNOTAVAIL)
582                         logerr("%s: if_addrflags6", __func__);
583                 return;
584         }
585
586         if (!(flags & IN6_IFF_TENTATIVE)) {
587                 /* Simulate the kernel announcing the new address. */
588                 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR,
589                     ia->iface->ctx->ifaces, ia->iface->name,
590                     &ia->addr, ia->prefix_len, flags, 0);
591         } else {
592                 /* Still tentative? Check again in a bit. */
593                 eloop_timeout_add_msec(ia->iface->ctx->eloop,
594                     RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
595         }
596 }
597 #endif
598
599 static void
600 ipv6_deletedaddr(struct ipv6_addr *ia)
601 {
602
603 #ifdef PRIVSEP
604         if (!(ia->iface->ctx->options & DHCPCD_MASTER))
605                 ps_inet_closedhcp6(ia);
606 #elif defined(SMALL)
607         UNUSED(ia);
608 #else
609         /* NOREJECT is set if we delegated exactly the prefix to another
610          * address.
611          * This can only be one address, so just clear the flag.
612          * This should ensure the reject route will be restored. */
613         if (ia->delegating_prefix != NULL)
614                 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT;
615 #endif
616 }
617
618 void
619 ipv6_deleteaddr(struct ipv6_addr *ia)
620 {
621         struct ipv6_state *state;
622         struct ipv6_addr *ap;
623
624         loginfox("%s: deleting address %s", ia->iface->name, ia->saddr);
625         if (if_address6(RTM_DELADDR, ia) == -1 &&
626             errno != EADDRNOTAVAIL && errno != ESRCH &&
627             errno != ENXIO && errno != ENODEV)
628                 logerr(__func__);
629
630         ipv6_deletedaddr(ia);
631
632         state = IPV6_STATE(ia->iface);
633         TAILQ_FOREACH(ap, &state->addrs, next) {
634                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
635                         TAILQ_REMOVE(&state->addrs, ap, next);
636                         ipv6_freeaddr(ap);
637                         break;
638                 }
639         }
640
641 #ifdef ND6_ADVERTISE
642         /* Advertise the address if it exists on another interface. */
643         ipv6nd_advertise(ia);
644 #endif
645 }
646
647 static int
648 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now)
649 {
650         struct interface *ifp;
651         uint32_t pltime, vltime;
652         int loglevel;
653 #ifdef ND6_ADVERTISE
654         bool vltime_was_zero = ia->prefix_vltime == 0;
655 #endif
656 #ifdef __sun
657         struct ipv6_state *state;
658         struct ipv6_addr *ia2;
659
660         /* If we re-add then address on Solaris then the prefix
661          * route will be scrubbed and re-added. Something might
662          * be using it, so let's avoid it. */
663         if (ia->flags & IPV6_AF_DADCOMPLETED) {
664                 logdebugx("%s: IP address %s already exists",
665                     ia->iface->name, ia->saddr);
666 #ifdef ND6_ADVERTISE
667                 goto advertise;
668 #else
669                 return 0;
670 #endif
671         }
672 #endif
673
674         /* Remember the interface of the address. */
675         ifp = ia->iface;
676
677         if (!(ia->flags & IPV6_AF_DADCOMPLETED) &&
678             ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE))
679                 ia->flags |= IPV6_AF_DADCOMPLETED;
680
681         /* Adjust plftime and vltime based on acquired time */
682         pltime = ia->prefix_pltime;
683         vltime = ia->prefix_vltime;
684         if (timespecisset(&ia->acquired) &&
685             (ia->prefix_pltime != ND6_INFINITE_LIFETIME ||
686             ia->prefix_vltime != ND6_INFINITE_LIFETIME))
687         {
688                 uint32_t elapsed;
689                 struct timespec n;
690
691                 if (now == NULL) {
692                         clock_gettime(CLOCK_MONOTONIC, &n);
693                         now = &n;
694                 }
695                 elapsed = (uint32_t)eloop_timespec_diff(now, &ia->acquired,
696                     NULL);
697                 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) {
698                         if (elapsed > ia->prefix_pltime)
699                                 ia->prefix_pltime = 0;
700                         else
701                                 ia->prefix_pltime -= elapsed;
702                 }
703                 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) {
704                         if (elapsed > ia->prefix_vltime)
705                                 ia->prefix_vltime = 0;
706                         else
707                                 ia->prefix_vltime -= elapsed;
708                 }
709         }
710
711         loglevel = ia->flags & IPV6_AF_NEW ? LOG_INFO : LOG_DEBUG;
712         logmessage(loglevel, "%s: adding %saddress %s", ifp->name,
713 #ifdef IPV6_AF_TEMPORARY
714             ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "",
715 #else
716             "",
717 #endif
718             ia->saddr);
719         if (ia->prefix_pltime == ND6_INFINITE_LIFETIME &&
720             ia->prefix_vltime == ND6_INFINITE_LIFETIME)
721                 logdebugx("%s: pltime infinity, vltime infinity",
722                     ifp->name);
723         else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME)
724                 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds",
725                     ifp->name, ia->prefix_vltime);
726         else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME)
727                 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity",
728                     ifp->name, ia->prefix_pltime);
729         else
730                 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32
731                     " seconds",
732                     ifp->name, ia->prefix_pltime, ia->prefix_vltime);
733
734         if (if_address6(RTM_NEWADDR, ia) == -1) {
735                 logerr(__func__);
736                 /* Restore real pltime and vltime */
737                 ia->prefix_pltime = pltime;
738                 ia->prefix_vltime = vltime;
739                 return -1;
740         }
741
742 #ifdef IPV6_MANAGETEMPADDR
743         /* RFC4941 Section 3.4 */
744         if (ia->flags & IPV6_AF_TEMPORARY &&
745             ia->prefix_pltime &&
746             ia->prefix_vltime &&
747             ip6_use_tempaddr(ifp->name))
748                 eloop_timeout_add_sec(ifp->ctx->eloop,
749                     ia->prefix_pltime - REGEN_ADVANCE,
750                     ipv6_regentempaddr, ia);
751 #endif
752
753         /* Restore real pltime and vltime */
754         ia->prefix_pltime = pltime;
755         ia->prefix_vltime = vltime;
756
757         ia->flags &= ~IPV6_AF_NEW;
758         ia->flags |= IPV6_AF_ADDED;
759 #ifndef SMALL
760         if (ia->delegating_prefix != NULL)
761                 ia->flags |= IPV6_AF_DELEGATED;
762 #endif
763
764 #ifdef IPV6_POLLADDRFLAG
765         eloop_timeout_delete(ifp->ctx->eloop,
766                 ipv6_checkaddrflags, ia);
767         if (!(ia->flags & IPV6_AF_DADCOMPLETED)) {
768                 eloop_timeout_add_msec(ifp->ctx->eloop,
769                     RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
770         }
771 #endif
772
773 #ifdef __sun
774         /* Solaris does not announce new addresses which need DaD
775          * so we need to take a copy and add it to our list.
776          * Otherwise aliasing gets confused if we add another
777          * address during DaD. */
778
779         state = IPV6_STATE(ifp);
780         TAILQ_FOREACH(ia2, &state->addrs, next) {
781                 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr))
782                         break;
783         }
784         if (ia2 == NULL) {
785                 if ((ia2 = malloc(sizeof(*ia2))) == NULL) {
786                         logerr(__func__);
787                         return 0; /* Well, we did add the address */
788                 }
789                 memcpy(ia2, ia, sizeof(*ia2));
790                 TAILQ_INSERT_TAIL(&state->addrs, ia2, next);
791         }
792 #endif
793
794 #ifdef ND6_ADVERTISE
795 #ifdef __sun
796 advertise:
797 #endif
798         /* Re-advertise the preferred address to be safe. */
799         if (!vltime_was_zero)
800                 ipv6nd_advertise(ia);
801 #endif
802
803         return 0;
804 }
805
806 #ifdef ALIAS_ADDR
807 /* Find the next logical alias address we can use. */
808 static int
809 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl)
810 {
811         struct ipv6_state *state;
812         struct ipv6_addr *iap;
813         unsigned int lun;
814         char alias[IF_NAMESIZE];
815
816         if (ia->alias[0] != '\0')
817                 return 0;
818         state = IPV6_STATE(ia->iface);
819
820         /* First find an existng address.
821          * This can happen when dhcpcd restarts as ND and DHCPv6
822          * maintain their own lists of addresses. */
823         TAILQ_FOREACH(iap, &state->addrs, next) {
824                 if (iap->alias[0] != '\0' &&
825                     IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
826                 {
827                         strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
828                         return 0;
829                 }
830         }
831
832         lun = 0;
833 find_unit:
834         if (if_makealias(alias, IF_NAMESIZE, ia->iface->name, lun) >=
835             IF_NAMESIZE)
836         {
837                 errno = ENOMEM;
838                 return -1;
839         }
840         TAILQ_FOREACH(iap, &state->addrs, next) {
841                 if (iap->alias[0] == '\0')
842                         continue;
843                 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) {
844                         /* No address assigned? Lets use it. */
845                         strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
846                         if (repl)
847                                 *repl = iap;
848                         return 1;
849                 }
850                 if (strcmp(iap->alias, alias) == 0)
851                         break;
852         }
853
854         if (iap != NULL) {
855                 if (lun == UINT_MAX) {
856                         errno = ERANGE;
857                         return -1;
858                 }
859                 lun++;
860                 goto find_unit;
861         }
862
863         strlcpy(ia->alias, alias, sizeof(ia->alias));
864         return 0;
865 }
866 #endif
867
868 int
869 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now)
870 {
871         int r;
872 #ifdef ALIAS_ADDR
873         int replaced, blank;
874         struct ipv6_addr *replaced_ia;
875
876         blank = (ia->alias[0] == '\0');
877         if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1)
878                 return -1;
879         if (blank)
880                 logdebugx("%s: aliased %s", ia->alias, ia->saddr);
881 #endif
882
883         if ((r = ipv6_addaddr1(ia, now)) == 0) {
884 #ifdef ALIAS_ADDR
885                 if (replaced) {
886                         struct ipv6_state *state;
887
888                         state = IPV6_STATE(ia->iface);
889                         TAILQ_REMOVE(&state->addrs, replaced_ia, next);
890                         ipv6_freeaddr(replaced_ia);
891                 }
892 #endif
893         }
894         return r;
895 }
896
897 int
898 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match,
899     unsigned int flags)
900 {
901
902         if (match == NULL) {
903                 if ((addr->flags &
904                     (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) ==
905                     (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED))
906                         return 1;
907         } else if (addr->prefix_vltime &&
908             IN6_ARE_ADDR_EQUAL(&addr->addr, match) &&
909             (!flags || addr->flags & flags))
910                 return 1;
911
912         return 0;
913 }
914
915 struct ipv6_addr *
916 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags)
917 {
918         struct ipv6_addr *nap;
919 #ifdef DHCP6
920         struct ipv6_addr *dap;
921 #endif
922
923         nap = ipv6nd_findaddr(ctx, addr, flags);
924 #ifdef DHCP6
925         dap = dhcp6_findaddr(ctx, addr, flags);
926         if (!dap && !nap)
927                 return NULL;
928         if (dap && !nap)
929                 return dap;
930         if (nap && !dap)
931                 return nap;
932         if (nap->iface->metric < dap->iface->metric)
933                 return nap;
934         return dap;
935 #else
936         return nap;
937 #endif
938 }
939
940 int
941 ipv6_doaddr(struct ipv6_addr *ia, struct timespec *now)
942 {
943
944         /* A delegated prefix is not an address. */
945         if (ia->flags & IPV6_AF_DELEGATEDPFX)
946                 return 0;
947
948         if (ia->prefix_vltime == 0) {
949                 if (ia->flags & IPV6_AF_ADDED)
950                         ipv6_deleteaddr(ia);
951                 eloop_q_timeout_delete(ia->iface->ctx->eloop,
952                     ELOOP_QUEUE_ALL, NULL, ia);
953                 if (ia->flags & IPV6_AF_REQUEST) {
954                         ia->flags &= ~IPV6_AF_ADDED;
955                         return 0;
956                 }
957                 return -1;
958         }
959
960         if (ia->flags & IPV6_AF_STALE ||
961             IN6_IS_ADDR_UNSPECIFIED(&ia->addr))
962                 return 0;
963
964         if (!timespecisset(now))
965                 clock_gettime(CLOCK_MONOTONIC, now);
966         ipv6_addaddr(ia, now);
967         return ia->flags & IPV6_AF_NEW ? 1 : 0;
968 }
969
970 ssize_t
971 ipv6_addaddrs(struct ipv6_addrhead *iaddrs)
972 {
973         struct timespec now;
974         struct ipv6_addr *ia, *ian;
975         ssize_t i, r;
976
977         i = 0;
978         timespecclear(&now);
979         TAILQ_FOREACH_SAFE(ia, iaddrs, next, ian) {
980                 r = ipv6_doaddr(ia, &now);
981                 if (r != 0)
982                         i++;
983                 if (r == -1) {
984                         TAILQ_REMOVE(iaddrs, ia, next);
985                         ipv6_freeaddr(ia);
986                 }
987         }
988         return i;
989 }
990
991 void
992 ipv6_freeaddr(struct ipv6_addr *ia)
993 {
994         struct eloop *eloop = ia->iface->ctx->eloop;
995 #ifndef SMALL
996         struct ipv6_addr *iad;
997
998         /* Forget the reference */
999         if (ia->flags & IPV6_AF_DELEGATEDPFX) {
1000                 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) {
1001                         iad->delegating_prefix = NULL;
1002                 }
1003         } else if (ia->delegating_prefix != NULL) {
1004                 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next);
1005         }
1006 #endif
1007
1008         if (ia->dhcp6_fd != -1) {
1009                 close(ia->dhcp6_fd);
1010                 eloop_event_delete(eloop, ia->dhcp6_fd);
1011         }
1012
1013         eloop_q_timeout_delete(eloop, ELOOP_QUEUE_ALL, NULL, ia);
1014         free(ia->na);
1015         free(ia);
1016 }
1017
1018 void
1019 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
1020     const struct interface *ifd)
1021 {
1022         struct ipv6_addr *ap, *apn, *apf;
1023         struct timespec now;
1024
1025 #ifdef SMALL
1026         UNUSED(ifd);
1027 #endif
1028         timespecclear(&now);
1029         TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
1030 #ifndef SMALL
1031                 if (ifd != NULL &&
1032                     (ap->delegating_prefix == NULL ||
1033                     ap->delegating_prefix->iface != ifd))
1034                         continue;
1035 #endif
1036                 if (drop != 2)
1037                         TAILQ_REMOVE(addrs, ap, next);
1038                 if (drop && ap->flags & IPV6_AF_ADDED &&
1039                     (ap->iface->options->options &
1040                     (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
1041                     (DHCPCD_EXITING | DHCPCD_PERSISTENT))
1042                 {
1043                         /* Don't drop link-local addresses. */
1044                         if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) ||
1045                             CAN_DROP_LLADDR(ap->iface))
1046                         {
1047                                 if (drop == 2)
1048                                         TAILQ_REMOVE(addrs, ap, next);
1049                                 /* Find the same address somewhere else */
1050                                 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr,
1051                                     0);
1052                                 if ((apf == NULL ||
1053                                     (apf->iface != ap->iface)))
1054                                         ipv6_deleteaddr(ap);
1055                                 if (!(ap->iface->options->options &
1056                                     DHCPCD_EXITING) && apf)
1057                                 {
1058                                         if (!timespecisset(&now))
1059                                                 clock_gettime(CLOCK_MONOTONIC,
1060                                                     &now);
1061                                         ipv6_addaddr(apf, &now);
1062                                 }
1063                                 if (drop == 2)
1064                                         ipv6_freeaddr(ap);
1065                         }
1066                 }
1067                 if (drop != 2)
1068                         ipv6_freeaddr(ap);
1069         }
1070 }
1071
1072 static struct ipv6_state *
1073 ipv6_getstate(struct interface *ifp)
1074 {
1075         struct ipv6_state *state;
1076
1077         state = IPV6_STATE(ifp);
1078         if (state == NULL) {
1079                 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
1080                 state = IPV6_STATE(ifp);
1081                 if (state == NULL) {
1082                         logerr(__func__);
1083                         return NULL;
1084                 }
1085                 TAILQ_INIT(&state->addrs);
1086                 TAILQ_INIT(&state->ll_callbacks);
1087         }
1088         return state;
1089 }
1090
1091 struct ipv6_addr *
1092 ipv6_anyglobal(struct interface *sifp)
1093 {
1094         struct interface *ifp;
1095         struct ipv6_state *state;
1096         struct ipv6_addr *ia;
1097
1098         TAILQ_FOREACH(ifp, sifp->ctx->ifaces, next) {
1099                 if (ifp != sifp && ip6_forwarding(ifp->name) != 1)
1100                         continue;
1101
1102                 state = IPV6_STATE(ifp);
1103                 if (state == NULL)
1104                         continue;
1105
1106                 TAILQ_FOREACH(ia, &state->addrs, next) {
1107                         if (IN6_IS_ADDR_LINKLOCAL(&ia->addr))
1108                                 continue;
1109                         /* Let's be optimistic.
1110                          * Any decent OS won't forward or accept traffic
1111                          * from/to tentative or detached addresses. */
1112                         if (!(ia->addr_flags & IN6_IFF_DUPLICATED))
1113                                 return ia;
1114                 }
1115         }
1116         return NULL;
1117 }
1118
1119 void
1120 ipv6_handleifa(struct dhcpcd_ctx *ctx,
1121     int cmd, struct if_head *ifs, const char *ifname,
1122     const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid)
1123 {
1124         struct interface *ifp;
1125         struct ipv6_state *state;
1126         struct ipv6_addr *ia;
1127         struct ll_callback *cb;
1128         bool anyglobal;
1129
1130 #ifdef __sun
1131         struct sockaddr_in6 subnet;
1132
1133         /* Solaris on-link route is an unspecified address! */
1134         if (IN6_IS_ADDR_UNSPECIFIED(addr)) {
1135                 if (if_getsubnet(ctx, ifname, AF_INET6,
1136                     &subnet, sizeof(subnet)) == -1)
1137                 {
1138                         logerr(__func__);
1139                         return;
1140                 }
1141                 addr = &subnet.sin6_addr;
1142         }
1143 #endif
1144
1145 #if 0
1146         char dbuf[INET6_ADDRSTRLEN];
1147         const char *dbp;
1148
1149         dbp = inet_ntop(AF_INET6, &addr->s6_addr,
1150             dbuf, INET6_ADDRSTRLEN);
1151         loginfox("%s: cmd %d addr %s addrflags %d",
1152             ifname, cmd, dbp, addrflags);
1153 #endif
1154
1155         if (ifs == NULL)
1156                 ifs = ctx->ifaces;
1157         if (ifs == NULL)
1158                 return;
1159         if ((ifp = if_find(ifs, ifname)) == NULL)
1160                 return;
1161         if ((state = ipv6_getstate(ifp)) == NULL)
1162                 return;
1163         anyglobal = ipv6_anyglobal(ifp) != NULL;
1164
1165         TAILQ_FOREACH(ia, &state->addrs, next) {
1166                 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr))
1167                         break;
1168         }
1169
1170         switch (cmd) {
1171         case RTM_DELADDR:
1172                 if (ia != NULL) {
1173                         TAILQ_REMOVE(&state->addrs, ia, next);
1174 #ifdef ND6_ADVERTISE
1175                         /* Advertise the address if it exists on
1176                          * another interface. */
1177                         ipv6nd_advertise(ia);
1178 #endif
1179                         /* We'll free it at the end of the function. */
1180                 }
1181                 break;
1182         case RTM_NEWADDR:
1183                 if (ia == NULL) {
1184                         ia = ipv6_newaddr(ifp, addr, prefix_len, 0);
1185 #ifdef ALIAS_ADDR
1186                         strlcpy(ia->alias, ifname, sizeof(ia->alias));
1187 #endif
1188                         if (if_getlifetime6(ia) == -1) {
1189                                 /* No support or address vanished.
1190                                  * Either way, just set a deprecated
1191                                  * infinite time lifetime and continue.
1192                                  * This is fine because we only want
1193                                  * to know this when trying to extend
1194                                  * temporary addresses.
1195                                  * As we can't extend infinite, we'll
1196                                  * create a new temporary address. */
1197                                 ia->prefix_pltime = 0;
1198                                 ia->prefix_vltime =
1199                                     ND6_INFINITE_LIFETIME;
1200                         }
1201                         /* This is a minor regression against RFC 4941
1202                          * because the kernel only knows when the
1203                          * lifetimes were last updated, not when the
1204                          * address was initially created.
1205                          * Provided dhcpcd is not restarted, this
1206                          * won't be a problem.
1207                          * If we don't like it, we can always
1208                          * pretend lifetimes are infinite and always
1209                          * generate a new temporary address on
1210                          * restart. */
1211                         ia->acquired = ia->created;
1212                         TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1213                 }
1214                 ia->addr_flags = addrflags;
1215                 ia->flags &= ~IPV6_AF_STALE;
1216 #ifdef IPV6_MANAGETEMPADDR
1217                 if (ia->addr_flags & IN6_IFF_TEMPORARY)
1218                         ia->flags |= IPV6_AF_TEMPORARY;
1219 #endif
1220                 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) {
1221 #ifdef IPV6_POLLADDRFLAG
1222                         if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1223                                 eloop_timeout_add_msec(
1224                                     ia->iface->ctx->eloop,
1225                                     RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1226                                 break;
1227                         }
1228 #endif
1229
1230                         if (ia->dadcallback) {
1231                                 ia->dadcallback(ia);
1232                                 if (ctx->options & DHCPCD_FORKED)
1233                                         goto out;
1234                         }
1235
1236                         if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) &&
1237                             !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1238                         {
1239                                 /* Now run any callbacks.
1240                                  * Typically IPv6RS or DHCPv6 */
1241                                 while ((cb =
1242                                     TAILQ_FIRST(&state->ll_callbacks)))
1243                                 {
1244                                         TAILQ_REMOVE(
1245                                             &state->ll_callbacks,
1246                                             cb, next);
1247                                         cb->callback(cb->arg);
1248                                         free(cb);
1249                                         if (ctx->options & DHCPCD_FORKED)
1250                                                 goto out;
1251                                 }
1252                         }
1253                 }
1254                 break;
1255         }
1256
1257         if (ia == NULL)
1258                 return;
1259
1260         ctx->options &= ~DHCPCD_RTBUILD;
1261         ipv6nd_handleifa(cmd, ia, pid);
1262 #ifdef DHCP6
1263         dhcp6_handleifa(cmd, ia, pid);
1264 #endif
1265
1266 out:
1267         /* Done with the ia now, so free it. */
1268         if (cmd == RTM_DELADDR)
1269                 ipv6_freeaddr(ia);
1270         else if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1271                 ia->flags |= IPV6_AF_DADCOMPLETED;
1272
1273         /* If we've not already called rt_build via the IPv6ND
1274          * or DHCP6 handlers and the existance of any useable
1275          * global address on the interface has changed,
1276          * call rt_build to add/remove the default route. */
1277         if (ifp->active &&
1278             ((ifp->options != NULL && ifp->options->options & DHCPCD_IPV6) ||
1279              (ifp->options == NULL && ctx->options & DHCPCD_IPV6)) &&
1280             !(ctx->options & DHCPCD_RTBUILD) &&
1281             (ipv6_anyglobal(ifp) != NULL) != anyglobal)
1282                 rt_build(ctx, AF_INET6);
1283 }
1284
1285 int
1286 ipv6_hasaddr(const struct interface *ifp)
1287 {
1288
1289         if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL)
1290                 return 1;
1291 #ifdef DHCP6
1292         if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL)
1293                 return 1;
1294 #endif
1295         return 0;
1296 }
1297
1298 struct ipv6_addr *
1299 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr,
1300     int revflags)
1301 {
1302         struct ipv6_state *state;
1303         struct ipv6_addr *ap;
1304
1305         state = IPV6_STATE(ifp);
1306         if (state) {
1307                 TAILQ_FOREACH(ap, &state->addrs, next) {
1308                         if (addr == NULL) {
1309                                 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1310                                     (!revflags || !(ap->addr_flags & revflags)))
1311                                         return ap;
1312                         } else {
1313                                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1314                                     (!revflags || !(ap->addr_flags & revflags)))
1315                                         return ap;
1316                         }
1317                 }
1318         }
1319         return NULL;
1320 }
1321
1322 static struct ipv6_addr *
1323 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr)
1324 {
1325         struct ipv6_state *state;
1326         struct ipv6_addr *ap;
1327         struct in6_addr mask;
1328
1329         state = IPV6_STATE(ifp);
1330         if (state) {
1331                 TAILQ_FOREACH(ap, &state->addrs, next) {
1332                         if (ipv6_mask(&mask, ap->prefix_len) == -1)
1333                                 continue;
1334                         if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask))
1335                                 return ap;
1336                 }
1337         }
1338         return NULL;
1339 }
1340
1341 struct ipv6_addr *
1342 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr)
1343 {
1344         struct interface *ifp;
1345         struct ipv6_addr *ap;
1346
1347         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1348                 ap = ipv6_iffindmaskaddr(ifp, addr);
1349                 if (ap != NULL)
1350                         return ap;
1351         }
1352         return NULL;
1353 }
1354
1355 int
1356 ipv6_addlinklocalcallback(struct interface *ifp,
1357     void (*callback)(void *), void *arg)
1358 {
1359         struct ipv6_state *state;
1360         struct ll_callback *cb;
1361
1362         state = ipv6_getstate(ifp);
1363         TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1364                 if (cb->callback == callback && cb->arg == arg)
1365                         break;
1366         }
1367         if (cb == NULL) {
1368                 cb = malloc(sizeof(*cb));
1369                 if (cb == NULL) {
1370                         logerr(__func__);
1371                         return -1;
1372                 }
1373                 cb->callback = callback;
1374                 cb->arg = arg;
1375                 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1376         }
1377         return 0;
1378 }
1379
1380 static struct ipv6_addr *
1381 ipv6_newlinklocal(struct interface *ifp)
1382 {
1383         struct ipv6_addr *ia;
1384         struct in6_addr in6;
1385
1386         memset(&in6, 0, sizeof(in6));
1387         in6.s6_addr32[0] = htonl(0xfe800000);
1388         ia = ipv6_newaddr(ifp, &in6, 64, 0);
1389         if (ia != NULL) {
1390                 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1391                 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1392         }
1393         return ia;
1394 }
1395
1396 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1397 static const uint8_t allone[8] =
1398     { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1399
1400 static int
1401 ipv6_addlinklocal(struct interface *ifp)
1402 {
1403         struct ipv6_state *state;
1404         struct ipv6_addr *ap, *ap2;
1405         int dadcounter;
1406
1407         /* Check sanity before malloc */
1408         if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1409                 switch (ifp->family) {
1410                 case ARPHRD_ETHER:
1411                         /* Check for a valid hardware address */
1412                         if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1413                                 errno = ENOTSUP;
1414                                 return -1;
1415                         }
1416                         if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1417                             memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1418                         {
1419                                 errno = EINVAL;
1420                                 return -1;
1421                         }
1422                         break;
1423                 default:
1424                         errno = ENOTSUP;
1425                         return -1;
1426                 }
1427         }
1428
1429         state = ipv6_getstate(ifp);
1430         if (state == NULL)
1431                 return -1;
1432
1433         ap = ipv6_newlinklocal(ifp);
1434         if (ap == NULL)
1435                 return -1;
1436
1437         dadcounter = 0;
1438         if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1439 nextslaacprivate:
1440                 if (ipv6_makestableprivate(&ap->addr,
1441                         &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1442                 {
1443                         free(ap);
1444                         return -1;
1445                 }
1446                 ap->dadcounter = dadcounter;
1447         } else {
1448                 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1449                 switch (ifp->family) {
1450                 case ARPHRD_ETHER:
1451                         if (ifp->hwlen == 6) {
1452                                 ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1453                                 ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1454                                 ap->addr.s6_addr[10] = ifp->hwaddr[2];
1455                                 ap->addr.s6_addr[11] = 0xff;
1456                                 ap->addr.s6_addr[12] = 0xfe;
1457                                 ap->addr.s6_addr[13] = ifp->hwaddr[3];
1458                                 ap->addr.s6_addr[14] = ifp->hwaddr[4];
1459                                 ap->addr.s6_addr[15] = ifp->hwaddr[5];
1460                         } else if (ifp->hwlen == 8)
1461                                 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1462                         else {
1463                                 free(ap);
1464                                 errno = ENOTSUP;
1465                                 return -1;
1466                         }
1467                         break;
1468                 }
1469
1470                 /* Sanity check: g bit must not indciate "group" */
1471                 if (EUI64_GROUP(&ap->addr)) {
1472                         free(ap);
1473                         errno = EINVAL;
1474                         return -1;
1475                 }
1476                 EUI64_TO_IFID(&ap->addr);
1477         }
1478
1479         /* Do we already have this address? */
1480         TAILQ_FOREACH(ap2, &state->addrs, next) {
1481                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1482                         if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1483                                 if (ifp->options->options &
1484                                     DHCPCD_SLAACPRIVATE)
1485                                 {
1486                                         dadcounter++;
1487                                         goto nextslaacprivate;
1488                                 }
1489                                 free(ap);
1490                                 errno = EADDRNOTAVAIL;
1491                                 return -1;
1492                         }
1493
1494                         logwarnx("%s: waiting for %s to complete",
1495                             ap2->iface->name, ap2->saddr);
1496                         free(ap);
1497                         errno = EEXIST;
1498                         return 0;
1499                 }
1500         }
1501
1502         inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1503         TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1504         ipv6_addaddr(ap, NULL);
1505         return 1;
1506 }
1507
1508 static int
1509 ipv6_tryaddlinklocal(struct interface *ifp)
1510 {
1511         struct ipv6_addr *ia;
1512
1513         /* We can't assign a link-locak address to this,
1514          * the ppp process has to. */
1515         if (ifp->flags & IFF_POINTOPOINT)
1516                 return 0;
1517
1518         ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED);
1519         if (ia != NULL) {
1520 #ifdef IPV6_POLLADDRFLAG
1521                 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1522                         eloop_timeout_add_msec(
1523                             ia->iface->ctx->eloop,
1524                             RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1525                 }
1526 #endif
1527                 return 0;
1528         }
1529         if (!CAN_ADD_LLADDR(ifp))
1530                 return 0;
1531
1532         return ipv6_addlinklocal(ifp);
1533 }
1534
1535 struct ipv6_addr *
1536 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr,
1537     uint8_t prefix_len, unsigned int flags)
1538 {
1539         struct ipv6_addr *ia, *iaf;
1540         char buf[INET6_ADDRSTRLEN];
1541         const char *cbp;
1542         bool tempaddr;
1543         int addr_flags;
1544
1545 #ifdef IPV6_AF_TEMPORARY
1546         tempaddr = flags & IPV6_AF_TEMPORARY;
1547 #else
1548         tempaddr = false;
1549 #endif
1550
1551         /* If adding a new DHCP / RA derived address, check current flags
1552          * from an existing address. */
1553         if (tempaddr)
1554                 iaf = NULL;
1555         else if (flags & IPV6_AF_AUTOCONF)
1556                 iaf = ipv6nd_iffindprefix(ifp, addr, prefix_len);
1557         else
1558                 iaf = ipv6_iffindaddr(ifp, addr, 0);
1559         if (iaf != NULL) {
1560                 addr_flags = iaf->addr_flags;
1561                 flags |= IPV6_AF_ADDED;
1562         } else
1563                 addr_flags = IN6_IFF_TENTATIVE;
1564
1565         ia = calloc(1, sizeof(*ia));
1566         if (ia == NULL)
1567                 goto err;
1568
1569         ia->iface = ifp;
1570         ia->addr_flags = addr_flags;
1571         ia->flags = IPV6_AF_NEW | flags;
1572         if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1573                 ia->flags |= IPV6_AF_DADCOMPLETED;
1574         ia->prefix_len = prefix_len;
1575         ia->dhcp6_fd = -1;
1576
1577 #ifndef SMALL
1578         TAILQ_INIT(&ia->pd_pfxs);
1579 #endif
1580
1581         if (prefix_len == 128)
1582                 goto makepfx;
1583         else if (ia->flags & IPV6_AF_AUTOCONF) {
1584                 ia->prefix = *addr;
1585                 if (iaf != NULL)
1586                         memcpy(&ia->addr, &iaf->addr, sizeof(ia->addr));
1587                 else {
1588                         ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp,
1589                                                        &ia->prefix,
1590                                                        ia->prefix_len,
1591                                                        ia->flags);
1592                         if (ia->dadcounter == -1)
1593                                 goto err;
1594                 }
1595         } else if (ia->flags & IPV6_AF_RAPFX) {
1596                 ia->prefix = *addr;
1597 #ifdef __sun
1598                 ia->addr = *addr;
1599                 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1600                 goto paddr;
1601 #else
1602                 return ia;
1603 #endif
1604         } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX)) {
1605                 ia->prefix = *addr;
1606                 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf));
1607                 goto paddr;
1608         } else {
1609 makepfx:
1610                 ia->addr = *addr;
1611                 if (ipv6_makeprefix(&ia->prefix,
1612                                     &ia->addr, ia->prefix_len) == -1)
1613                         goto err;
1614         }
1615
1616         cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1617 paddr:
1618         if (cbp == NULL)
1619                 goto err;
1620         snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len);
1621
1622         return ia;
1623
1624 err:
1625         logerr(__func__);
1626         free(ia);
1627         return NULL;
1628 }
1629
1630 static void
1631 ipv6_staticdadcallback(void *arg)
1632 {
1633         struct ipv6_addr *ia = arg;
1634         int wascompleted;
1635
1636         wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
1637         ia->flags |= IPV6_AF_DADCOMPLETED;
1638         if (ia->flags & IPV6_AF_DUPLICATED)
1639                 logwarnx("%s: DAD detected %s", ia->iface->name,
1640                     ia->saddr);
1641         else if (!wascompleted) {
1642                 logdebugx("%s: IPv6 static DAD completed",
1643                     ia->iface->name);
1644         }
1645
1646 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1647         if (!wascompleted) {
1648                 struct interface *ifp;
1649                 struct ipv6_state *state;
1650
1651                 ifp = ia->iface;
1652                 state = IPV6_STATE(ifp);
1653                 TAILQ_FOREACH(ia, &state->addrs, next) {
1654                         if (ia->flags & IPV6_AF_STATIC &&
1655                             (ia->flags & FINISHED) != FINISHED)
1656                         {
1657                                 wascompleted = 1;
1658                                 break;
1659                         }
1660                 }
1661                 if (!wascompleted)
1662                         script_runreason(ifp, "STATIC6");
1663         }
1664 #undef FINISHED
1665 }
1666
1667 ssize_t
1668 ipv6_env(FILE *fp, const char *prefix, const struct interface *ifp)
1669 {
1670         struct ipv6_addr *ia;
1671
1672         ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6,
1673             IN6_IFF_NOTUSEABLE);
1674         if (ia == NULL)
1675                 return 0;
1676         if (efprintf(fp, "%s_ip6_address=%s", prefix, ia->saddr) == -1)
1677                 return -1;
1678         return 1;
1679 }
1680
1681 int
1682 ipv6_staticdadcompleted(const struct interface *ifp)
1683 {
1684         const struct ipv6_state *state;
1685         const struct ipv6_addr *ia;
1686         int n;
1687
1688         if ((state = IPV6_CSTATE(ifp)) == NULL)
1689                 return 0;
1690         n = 0;
1691 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1692         TAILQ_FOREACH(ia, &state->addrs, next) {
1693                 if ((ia->flags & COMPLETED) == COMPLETED &&
1694                     !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1695                         n++;
1696         }
1697         return n;
1698 }
1699
1700 int
1701 ipv6_startstatic(struct interface *ifp)
1702 {
1703         struct ipv6_addr *ia;
1704         int run_script;
1705
1706         if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6))
1707                 return 0;
1708
1709         ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0);
1710         if (ia != NULL &&
1711             (ia->prefix_len != ifp->options->req_prefix_len ||
1712             ia->addr_flags & IN6_IFF_NOTUSEABLE))
1713         {
1714                 ipv6_deleteaddr(ia);
1715                 ia = NULL;
1716         }
1717         if (ia == NULL) {
1718                 struct ipv6_state *state;
1719
1720                 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6,
1721                     ifp->options->req_prefix_len, 0);
1722                 if (ia == NULL)
1723                         return -1;
1724                 state = IPV6_STATE(ifp);
1725                 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1726                 run_script = 0;
1727         } else
1728                 run_script = 1;
1729         ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK;
1730         ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1731         ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1732         ia->dadcallback = ipv6_staticdadcallback;
1733         ipv6_addaddr(ia, NULL);
1734         rt_build(ifp->ctx, AF_INET6);
1735         if (run_script)
1736                 script_runreason(ifp, "STATIC6");
1737         return 1;
1738 }
1739
1740 /* Ensure the interface has a link-local address */
1741 int
1742 ipv6_start(struct interface *ifp)
1743 {
1744 #ifdef IPV6_POLLADDRFLAG
1745         struct ipv6_state *state;
1746
1747         /* We need to update the address flags. */
1748         if ((state = IPV6_STATE(ifp)) != NULL) {
1749                 struct ipv6_addr *ia;
1750                 const char *alias;
1751                 int flags;
1752
1753                 TAILQ_FOREACH(ia, &state->addrs, next) {
1754 #ifdef ALIAS_ADDR
1755                         alias = ia->alias;
1756 #else
1757                         alias = NULL;
1758 #endif
1759                         flags = if_addrflags6(ia->iface, &ia->addr, alias);
1760                         if (flags != -1)
1761                                 ia->addr_flags = flags;
1762                 }
1763         }
1764 #endif
1765
1766         if (ipv6_tryaddlinklocal(ifp) == -1)
1767                 return -1;
1768
1769         return 0;
1770 }
1771
1772 void
1773 ipv6_freedrop(struct interface *ifp, int drop)
1774 {
1775         struct ipv6_state *state;
1776         struct ll_callback *cb;
1777
1778         if (ifp == NULL)
1779                 return;
1780
1781         if ((state = IPV6_STATE(ifp)) == NULL)
1782                 return;
1783
1784         /* If we got here, we can get rid of any LL callbacks. */
1785         while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1786                 TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1787                 free(cb);
1788         }
1789
1790         ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1791         if (drop) {
1792                 if (ifp->ctx->ra_routers != NULL)
1793                         rt_build(ifp->ctx, AF_INET6);
1794         } else {
1795                 /* Because we need to cache the addresses we don't control,
1796                  * we only free the state on when NOT dropping addresses. */
1797                 free(state);
1798                 ifp->if_data[IF_DATA_IPV6] = NULL;
1799                 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1800         }
1801 }
1802
1803 void
1804 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1805 {
1806
1807         free(ctx->ra_routers);
1808         free(ctx->secret);
1809 }
1810
1811 int
1812 ipv6_handleifa_addrs(int cmd,
1813     struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid)
1814 {
1815         struct ipv6_addr *ia, *ian;
1816         uint8_t found, alldadcompleted;
1817
1818         alldadcompleted = 1;
1819         found = 0;
1820         TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
1821                 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) {
1822                         if (ia->flags & IPV6_AF_ADDED &&
1823                             !(ia->flags & IPV6_AF_DADCOMPLETED))
1824                                 alldadcompleted = 0;
1825                         continue;
1826                 }
1827                 switch (cmd) {
1828                 case RTM_DELADDR:
1829                         if (ia->flags & IPV6_AF_ADDED) {
1830                                 logwarnx("%s: pid %d deleted address %s",
1831                                     ia->iface->name, pid, ia->saddr);
1832                                 ia->flags &= ~IPV6_AF_ADDED;
1833                         }
1834                         ipv6_deletedaddr(ia);
1835                         if (ia->flags & IPV6_AF_DELEGATED) {
1836                                 TAILQ_REMOVE(addrs, ia, next);
1837                                 ipv6_freeaddr(ia);
1838                         }
1839                         break;
1840                 case RTM_NEWADDR:
1841                         /* Safety - ignore tentative announcements */
1842                         if (addr->addr_flags &
1843                             (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE))
1844                                 break;
1845                         if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) {
1846                                 found++;
1847                                 if (addr->addr_flags & IN6_IFF_DUPLICATED)
1848                                         ia->flags |= IPV6_AF_DUPLICATED;
1849                                 else
1850                                         ia->flags &= ~IPV6_AF_DUPLICATED;
1851                                 if (ia->dadcallback)
1852                                         ia->dadcallback(ia);
1853                                 /* We need to set this here in-case the
1854                                  * dadcallback function checks it */
1855                                 ia->flags |= IPV6_AF_DADCOMPLETED;
1856                         }
1857                         break;
1858                 }
1859         }
1860
1861         return alldadcompleted ? found : 0;
1862 }
1863
1864 #ifdef IPV6_MANAGETEMPADDR
1865 static void
1866 ipv6_regen_desync(struct interface *ifp, bool force)
1867 {
1868         struct ipv6_state *state;
1869         unsigned int max, pref;
1870
1871         state = IPV6_STATE(ifp);
1872
1873         /* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1874          * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1875          * I believe this is an error and it should be never be greater than
1876          * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1877         pref = (unsigned int)ip6_temp_preferred_lifetime(ifp->name);
1878         max = pref - REGEN_ADVANCE;
1879         if (state->desync_factor && !force && state->desync_factor < max)
1880                 return;
1881         if (state->desync_factor == 0)
1882                 state->desync_factor =
1883                     arc4random_uniform(MIN(MAX_DESYNC_FACTOR, max));
1884         max = pref - state->desync_factor - REGEN_ADVANCE;
1885         eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempaddrs, ifp);
1886 }
1887
1888 /* RFC4941 Section 3.3.7 */
1889 static void
1890 ipv6_tempdadcallback(void *arg)
1891 {
1892         struct ipv6_addr *ia = arg;
1893
1894         if (ia->flags & IPV6_AF_DUPLICATED) {
1895                 struct ipv6_addr *ia1;
1896                 struct timespec tv;
1897
1898                 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1899                         logerrx("%s: too many duplicate temporary addresses",
1900                             ia->iface->name);
1901                         return;
1902                 }
1903                 clock_gettime(CLOCK_MONOTONIC, &tv);
1904                 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1905                         logerr(__func__);
1906                 else
1907                         ia1->dadcounter = ia->dadcounter;
1908                 ipv6_deleteaddr(ia);
1909                 if (ia1)
1910                         ipv6_addaddr(ia1, &ia1->acquired);
1911         }
1912 }
1913
1914 struct ipv6_addr *
1915 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1916 {
1917         struct ipv6_state *state;
1918         struct interface *ifp = ia0->iface;
1919         struct ipv6_addr *ia;
1920         uint32_t i;
1921
1922         ia = ipv6_newaddr(ifp, &ia0->prefix, ia0->prefix_len,
1923             IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY);
1924         if (ia == NULL)
1925                 return NULL;
1926
1927         ia->dadcallback = ipv6_tempdadcallback;
1928         ia->created = ia->acquired = now ? *now : ia0->acquired;
1929
1930         /* Ensure desync is still valid */
1931         ipv6_regen_desync(ifp, false);
1932
1933         /* RFC4941 Section 3.3.4 */
1934         state = IPV6_STATE(ia->iface);
1935         i = (uint32_t)ip6_temp_preferred_lifetime(ifp->name) -
1936             state->desync_factor;
1937         ia->prefix_pltime = MIN(ia0->prefix_pltime, i);
1938         i = (uint32_t)ip6_temp_valid_lifetime(ifp->name);
1939         ia->prefix_vltime = MIN(ia0->prefix_vltime, i);
1940         if (ia->prefix_pltime <= REGEN_ADVANCE ||
1941             ia->prefix_pltime > ia0->prefix_vltime)
1942         {
1943                 errno = EINVAL;
1944                 free(ia);
1945                 return NULL;
1946         }
1947
1948         TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1949         return ia;
1950 }
1951
1952 struct ipv6_addr *
1953 ipv6_settemptime(struct ipv6_addr *ia, int flags)
1954 {
1955         struct ipv6_state *state;
1956         struct ipv6_addr *ap, *first;
1957
1958         state = IPV6_STATE(ia->iface);
1959         first = NULL;
1960         TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
1961                 if (ap->flags & IPV6_AF_TEMPORARY &&
1962                     ap->prefix_pltime &&
1963                     IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
1964                 {
1965                         unsigned int max, ext;
1966
1967                         if (flags == 0) {
1968                                 if (ap->prefix_pltime -
1969                                     (uint32_t)(ia->acquired.tv_sec -
1970                                     ap->acquired.tv_sec)
1971                                     < REGEN_ADVANCE)
1972                                         continue;
1973
1974                                 return ap;
1975                         }
1976
1977                         if (!(ap->flags & IPV6_AF_ADDED))
1978                                 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
1979                         ap->flags &= ~IPV6_AF_STALE;
1980
1981                         /* RFC4941 Section 3.4
1982                          * Deprecated prefix, deprecate the temporary address */
1983                         if (ia->prefix_pltime == 0) {
1984                                 ap->prefix_pltime = 0;
1985                                 goto valid;
1986                         }
1987
1988                         /* Ensure desync is still valid */
1989                         ipv6_regen_desync(ap->iface, false);
1990
1991                         /* RFC4941 Section 3.3.2
1992                          * Extend temporary times, but ensure that they
1993                          * never last beyond the system limit. */
1994                         ext = (unsigned int)ia->acquired.tv_sec
1995                             + ia->prefix_pltime;
1996                         max = (unsigned int)(ap->created.tv_sec +
1997                             ip6_temp_preferred_lifetime(ap->iface->name) -
1998                             state->desync_factor);
1999                         if (ext < max)
2000                                 ap->prefix_pltime = ia->prefix_pltime;
2001                         else
2002                                 ap->prefix_pltime =
2003                                     (uint32_t)(max - ia->acquired.tv_sec);
2004
2005 valid:
2006                         ext = (unsigned int)ia->acquired.tv_sec +
2007                             ia->prefix_vltime;
2008                         max = (unsigned int)(ap->created.tv_sec +
2009                             ip6_temp_valid_lifetime(ap->iface->name));
2010                         if (ext < max)
2011                                 ap->prefix_vltime = ia->prefix_vltime;
2012                         else
2013                                 ap->prefix_vltime =
2014                                     (uint32_t)(max - ia->acquired.tv_sec);
2015
2016                         /* Just extend the latest matching prefix */
2017                         ap->acquired = ia->acquired;
2018
2019                         /* If extending return the last match as
2020                          * it's the most current.
2021                          * If deprecating, deprecate any other addresses we
2022                          * may have, although this should not be needed */
2023                         if (ia->prefix_pltime)
2024                                 return ap;
2025                         if (first == NULL)
2026                                 first = ap;
2027                 }
2028         }
2029         return first;
2030 }
2031
2032 void
2033 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
2034 {
2035         struct ipv6_state *state;
2036         struct ipv6_addr *ia;
2037
2038         state = IPV6_STATE(ifp);
2039         TAILQ_FOREACH(ia, &state->addrs, next) {
2040                 if (ia->flags & IPV6_AF_TEMPORARY &&
2041                     !(ia->flags & IPV6_AF_STALE))
2042                         ipv6_addaddr(ia, now);
2043         }
2044 }
2045
2046 static void
2047 ipv6_regentempaddr0(struct ipv6_addr *ia, struct timespec *tv)
2048 {
2049         struct ipv6_addr *ia1;
2050
2051         logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr);
2052         ia1 = ipv6_createtempaddr(ia, tv);
2053         if (ia1)
2054                 ipv6_addaddr(ia1, tv);
2055         else
2056                 logerr(__func__);
2057 }
2058
2059 static void
2060 ipv6_regentempaddr(void *arg)
2061 {
2062         struct timespec tv;
2063
2064         clock_gettime(CLOCK_MONOTONIC, &tv);
2065         ipv6_regentempaddr0(arg, &tv);
2066 }
2067
2068 void
2069 ipv6_regentempaddrs(void *arg)
2070 {
2071         struct interface *ifp = arg;
2072         struct timespec tv;
2073         struct ipv6_state *state;
2074         struct ipv6_addr *ia;
2075
2076         ipv6_regen_desync(ifp, true);
2077
2078         clock_gettime(CLOCK_MONOTONIC, &tv);
2079         state = IPV6_STATE(ifp);
2080         TAILQ_FOREACH(ia, &state->addrs, next) {
2081                 if (ia->flags & IPV6_AF_TEMPORARY &&
2082                     !(ia->flags & IPV6_AF_STALE))
2083                         ipv6_regentempaddr0(ia, &tv);
2084         }
2085 }
2086 #endif /* IPV6_MANAGETEMPADDR */
2087
2088 void
2089 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags)
2090 {
2091         struct ipv6_state *state;
2092         struct ipv6_addr *ia;
2093
2094         state = IPV6_STATE(ifp);
2095         if (state == NULL)
2096                 return;
2097
2098         TAILQ_FOREACH(ia, &state->addrs, next) {
2099                 if (flags == 0 || ia->flags & flags)
2100                         ia->flags |= IPV6_AF_STALE;
2101         }
2102 }
2103
2104 void
2105 ipv6_deletestaleaddrs(struct interface *ifp)
2106 {
2107         struct ipv6_state *state;
2108         struct ipv6_addr *ia, *ia1;
2109
2110         state = IPV6_STATE(ifp);
2111         if (state == NULL)
2112                 return;
2113
2114         TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) {
2115                 if (ia->flags & IPV6_AF_STALE)
2116                         ipv6_handleifa(ifp->ctx, RTM_DELADDR,
2117                             ifp->ctx->ifaces, ifp->name,
2118                             &ia->addr, ia->prefix_len, 0, getpid());
2119         }
2120 }
2121
2122
2123 static struct rt *
2124 inet6_makeroute(struct interface *ifp, const struct ra *rap)
2125 {
2126         struct rt *rt;
2127
2128         if ((rt = rt_new(ifp)) == NULL)
2129                 return NULL;
2130
2131 #ifdef HAVE_ROUTE_METRIC
2132         rt->rt_metric = ifp->metric;
2133 #endif
2134         if (rap != NULL)
2135                 rt->rt_mtu = rap->mtu;
2136         return rt;
2137 }
2138
2139 static struct rt *
2140 inet6_makeprefix(struct interface *ifp, const struct ra *rap,
2141     const struct ipv6_addr *addr)
2142 {
2143         struct rt *rt;
2144         struct in6_addr netmask;
2145
2146         if (addr == NULL || addr->prefix_len > 128) {
2147                 errno = EINVAL;
2148                 return NULL;
2149         }
2150
2151         /* There is no point in trying to manage a /128 prefix,
2152          * ones without a lifetime.  */
2153         if (addr->prefix_len == 128 || addr->prefix_vltime == 0)
2154                 return NULL;
2155
2156         /* Don't install a reject route when not creating bigger prefixes. */
2157         if (addr->flags & IPV6_AF_NOREJECT)
2158                 return NULL;
2159
2160         /* This address is the delegated prefix, so add a reject route for
2161          * it via the loopback interface. */
2162         if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2163                 struct interface *lo0;
2164
2165                 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) {
2166                         if (lo0->flags & IFF_LOOPBACK)
2167                                 break;
2168                 }
2169                 if (lo0 == NULL)
2170                         logwarnx("cannot find a loopback interface "
2171                             "to reject via");
2172                 else
2173                         ifp = lo0;
2174         }
2175
2176         if ((rt = inet6_makeroute(ifp, rap)) == NULL)
2177                 return NULL;
2178
2179         sa_in6_init(&rt->rt_dest, &addr->prefix);
2180         ipv6_mask(&netmask, addr->prefix_len);
2181         sa_in6_init(&rt->rt_netmask, &netmask);
2182         if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2183                 rt->rt_flags |= RTF_REJECT;
2184                 /* Linux does not like a gateway for a reject route. */
2185 #ifndef __linux__
2186                 sa_in6_init(&rt->rt_gateway, &in6addr_loopback);
2187 #endif
2188         } else if (!(addr->flags & IPV6_AF_ONLINK))
2189                 sa_in6_init(&rt->rt_gateway, &rap->from);
2190         else
2191                 rt->rt_gateway.sa_family = AF_UNSPEC;
2192         sa_in6_init(&rt->rt_ifa, &addr->addr);
2193         return rt;
2194 }
2195
2196 static struct rt *
2197 inet6_makerouter(struct ra *rap)
2198 {
2199         struct rt *rt;
2200
2201         if ((rt = inet6_makeroute(rap->iface, rap)) == NULL)
2202                 return NULL;
2203         sa_in6_init(&rt->rt_dest, &in6addr_any);
2204         sa_in6_init(&rt->rt_netmask, &in6addr_any);
2205         sa_in6_init(&rt->rt_gateway, &rap->from);
2206         return rt;
2207 }
2208
2209 #define RT_IS_DEFAULT(rtp) \
2210         (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) &&                  \
2211             IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any))
2212
2213 static int
2214 inet6_staticroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2215 {
2216         struct interface *ifp;
2217         struct ipv6_state *state;
2218         struct ipv6_addr *ia;
2219         struct rt *rt;
2220
2221         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2222                 if ((state = IPV6_STATE(ifp)) == NULL)
2223                         continue;
2224                 TAILQ_FOREACH(ia, &state->addrs, next) {
2225                         if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) ==
2226                             (IPV6_AF_ADDED | IPV6_AF_STATIC))
2227                         {
2228                                 rt = inet6_makeprefix(ifp, NULL, ia);
2229                                 if (rt)
2230                                         rt_proto_add(routes, rt);
2231                         }
2232                 }
2233         }
2234         return 0;
2235 }
2236
2237 static int
2238 inet6_raroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2239 {
2240         struct rt *rt;
2241         struct ra *rap;
2242         const struct ipv6_addr *addr;
2243
2244         if (ctx->ra_routers == NULL)
2245                 return 0;
2246
2247         TAILQ_FOREACH(rap, ctx->ra_routers, next) {
2248                 if (rap->expired)
2249                         continue;
2250                 TAILQ_FOREACH(addr, &rap->addrs, next) {
2251                         if (addr->prefix_vltime == 0)
2252                                 continue;
2253                         rt = inet6_makeprefix(rap->iface, rap, addr);
2254                         if (rt) {
2255                                 rt->rt_dflags |= RTDF_RA;
2256 #ifdef HAVE_ROUTE_PREF
2257                                 rt->rt_pref = ipv6nd_rtpref(rap);
2258 #endif
2259                                 rt_proto_add(routes, rt);
2260                         }
2261                 }
2262                 if (rap->lifetime == 0)
2263                         continue;
2264                 if (ipv6_anyglobal(rap->iface) == NULL)
2265                         continue;
2266                 rt = inet6_makerouter(rap);
2267                 if (rt == NULL)
2268                         continue;
2269                 rt->rt_dflags |= RTDF_RA;
2270 #ifdef HAVE_ROUTE_PREF
2271                 rt->rt_pref = ipv6nd_rtpref(rap);
2272 #endif
2273                 rt_proto_add(routes, rt);
2274         }
2275         return 0;
2276 }
2277
2278 #ifdef DHCP6
2279 static int
2280 inet6_dhcproutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx,
2281     enum DH6S dstate)
2282 {
2283         struct interface *ifp;
2284         const struct dhcp6_state *d6_state;
2285         const struct ipv6_addr *addr;
2286         struct rt *rt;
2287
2288         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2289                 d6_state = D6_CSTATE(ifp);
2290                 if (d6_state && d6_state->state == dstate) {
2291                         TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2292                                 rt = inet6_makeprefix(ifp, NULL, addr);
2293                                 if (rt == NULL)
2294                                         continue;
2295                                 rt->rt_dflags |= RTDF_DHCP;
2296                                 rt_proto_add(routes, rt);
2297                         }
2298                 }
2299         }
2300         return 0;
2301 }
2302 #endif
2303
2304 bool
2305 inet6_getroutes(struct dhcpcd_ctx *ctx, rb_tree_t *routes)
2306 {
2307
2308         /* Should static take priority? */
2309         if (inet6_staticroutes(routes, ctx) == -1)
2310                 return false;
2311
2312         /* First add reachable routers and their prefixes */
2313         if (inet6_raroutes(routes, ctx) == -1)
2314                 return false;
2315
2316 #ifdef DHCP6
2317         /* We have no way of knowing if prefixes added by DHCP are reachable
2318          * or not, so we have to assume they are.
2319          * Add bound before delegated so we can prefer interfaces better. */
2320         if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1)
2321                 return false;
2322         if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1)
2323                 return false;
2324 #endif
2325
2326         return true;
2327 }
DragonFly Project Source