1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * dhcpcd - DHCP client daemon
4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/param.h>
30 #include <sys/types.h>
31 #include <sys/socket.h>
34 #include <arpa/inet.h>
36 #include <net/route.h>
37 #include <netinet/in.h>
38 #include <netinet/if_ether.h>
42 #ifdef HAVE_SYS_BITOPS_H
43 #include <sys/bitops.h>
45 #include "compat/bitops.h"
49 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used
50 * to generate our CAN_ADD_LLADDR #define. */
51 # include <netinet6/in6_var.h>
52 # include <netinet6/nd6.h>
63 #define ELOOP_QUEUE ELOOP_IPV6
85 #ifndef SHA256_DIGEST_LENGTH
86 # define SHA256_DIGEST_LENGTH 32
89 #ifdef IPV6_POLLADDRFLAG
90 # warning kernel does not report IPv6 address flag changes
91 # warning polling tentative address flags periodically
94 /* Hackery at it's finest. */
97 # define s6_addr32 _S6_un._S6_u32
99 # define s6_addr32 __u6_addr.__u6_addr32
103 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \
104 defined(IFF_NOLINKLOCAL)
105 /* Only add the LL address if we have a carrier, so DaD works. */
106 #define CAN_ADD_LLADDR(ifp) \
107 (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN)
109 /* Although we can add our own LL address, we cannot drop it
110 * without unplumbing the if which is a lot of code.
111 * So just keep it for the time being. */
112 #define CAN_DROP_LLADDR(ifp) (0)
114 #define CAN_DROP_LLADDR(ifp) (1)
117 /* We have no control over the OS adding the LLADDR, so just let it do it
118 * as we cannot force our own view on it. */
119 #define CAN_ADD_LLADDR(ifp) (0)
120 #define CAN_DROP_LLADDR(ifp) (0)
123 #ifdef IPV6_MANAGETEMPADDR
124 static void ipv6_regentempifid(void *);
125 static void ipv6_regentempaddr(void *);
127 #define ipv6_regentempifid(a) {}
131 ipv6_init(struct dhcpcd_ctx *ctx)
134 if (ctx->ra_routers != NULL)
137 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
138 if (ctx->ra_routers == NULL)
140 TAILQ_INIT(ctx->ra_routers);
150 ipv6_readsecret(struct dhcpcd_ctx *ctx)
159 if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0)
160 return (ssize_t)ctx->secret_len;
163 logerr("%s: %s", __func__, SECRET);
165 /* Chaining arc4random should be good enough.
166 * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
167 * To attempt and future proof ourselves, we'll generate a key of
168 * 512 bits (64 bytes). */
169 if (ctx->secret_len < 64) {
170 if ((ctx->secret = malloc(64)) == NULL) {
174 ctx->secret_len = 64;
177 for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
179 memcpy(p, &r, sizeof(r));
183 /* Ensure that only the dhcpcd user can read the secret.
184 * Write permission is also denied as chaning it would remove
186 if ((fp = fopen(SECRET, "w")) == NULL ||
187 chmod(SECRET, S_IRUSR) == -1)
189 x = fprintf(fp, "%s\n",
190 hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)));
191 if (fclose(fp) == EOF)
195 return (ssize_t)ctx->secret_len;
198 logerr("%s: %s", __func__, SECRET);
206 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
208 static const struct reslowhigh {
209 const uint8_t high[8];
210 const uint8_t low[8];
212 /* RFC4291 + RFC6543 */
213 { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
214 { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
216 { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
217 { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
221 ipv6_reserved(const struct in6_addr *addr)
223 uint64_t id, low, high;
225 const struct reslowhigh *r;
227 id = be64dec(addr->s6_addr + sizeof(id));
228 if (id == 0) /* RFC4291 */
230 for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) {
232 low = be64dec(r->low);
233 high = be64dec(r->high);
234 if (id >= low && id <= high)
242 ipv6_makestableprivate1(struct in6_addr *addr,
243 const struct in6_addr *prefix, int prefix_len,
244 const unsigned char *netiface, size_t netiface_len,
245 const unsigned char *netid, size_t netid_len,
246 unsigned short vlanid,
247 uint32_t *dad_counter,
248 const unsigned char *secret, size_t secret_len)
250 unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
254 if (prefix_len < 0 || prefix_len > 120) {
259 l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
260 len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len;
262 len += sizeof(vlanid);
263 if (len > sizeof(buf)) {
268 for (;; (*dad_counter)++) {
269 /* Combine all parameters into one buffer */
271 memcpy(p, prefix, l);
273 memcpy(p, netiface, netiface_len);
275 memcpy(p, netid, netid_len);
277 /* Don't use a vlanid if not set.
278 * This ensures prior versions have the same unique address. */
280 memcpy(p, &vlanid, sizeof(vlanid));
283 memcpy(p, dad_counter, sizeof(*dad_counter));
284 p += sizeof(*dad_counter);
285 memcpy(p, secret, secret_len);
287 /* Make an address using the digest of the above.
288 * RFC7217 Section 5.1 states that we shouldn't use MD5.
289 * Pity as we use that for HMAC-MD5 which is still deemed OK.
290 * SHA-256 is recommended */
292 SHA256_Update(&ctx, buf, len);
293 SHA256_Final(digest, &ctx);
296 memcpy(p, prefix, l);
297 /* RFC7217 section 5.2 says we need to start taking the id from
298 * the least significant bit */
299 len = sizeof(addr->s6_addr) - l;
300 memcpy(p + l, digest + (sizeof(digest) - len), len);
302 /* Ensure that the Interface ID does not match a reserved one,
303 * if it does then treat it as a DAD failure.
304 * RFC7217 section 5.2 */
305 if (prefix_len != 64)
307 if (!ipv6_reserved(addr))
315 ipv6_makestableprivate(struct in6_addr *addr,
316 const struct in6_addr *prefix, int prefix_len,
317 const struct interface *ifp,
323 if (ifp->ctx->secret_len == 0) {
324 if (ipv6_readsecret(ifp->ctx) == -1)
328 dad = (uint32_t)*dad_counter;
330 /* For our implementation, we shall set the hardware address
331 * as the interface identifier */
332 r = ipv6_makestableprivate1(addr, prefix, prefix_len,
333 ifp->hwaddr, ifp->hwlen,
334 ifp->ssid, ifp->ssid_len,
336 ifp->ctx->secret, ifp->ctx->secret_len);
339 *dad_counter = (int)dad;
344 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp,
345 const struct in6_addr *prefix, int prefix_len)
347 const struct ipv6_addr *ap;
350 if (prefix_len < 0 || prefix_len > 120) {
355 if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
357 if (ipv6_makestableprivate(addr,
358 prefix, prefix_len, ifp, &dad) == -1)
363 if (prefix_len > 64) {
367 if ((ap = ipv6_linklocal(ifp)) == NULL) {
368 /* We delay a few functions until we get a local-link address
369 * so this should never be hit. */
374 /* Make the address from the first local-link address */
375 memcpy(addr, prefix, sizeof(*prefix));
376 addr->s6_addr32[2] = ap->addr.s6_addr32[2];
377 addr->s6_addr32[3] = ap->addr.s6_addr32[3];
382 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
384 struct in6_addr mask;
387 if (ipv6_mask(&mask, len) == -1)
390 for (i = 0; i < sizeof(prefix->s6_addr); i++)
391 prefix->s6_addr[i] &= mask.s6_addr[i];
396 ipv6_mask(struct in6_addr *mask, int len)
398 static const unsigned char masks[NBBY] =
399 { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
402 if (len < 0 || len > 128) {
407 memset(mask, 0, sizeof(*mask));
410 for (i = 0; i < bytes; i++)
411 mask->s6_addr[i] = 0xff;
413 /* Coverify false positive.
414 * bytelen cannot be 16 if bitlen is non zero */
415 /* coverity[overrun-local] */
416 mask->s6_addr[bytes] = masks[bits - 1];
422 ipv6_prefixlen(const struct in6_addr *mask)
425 const unsigned char *lim, *p;
427 lim = (const unsigned char *)mask + sizeof(*mask);
428 for (p = (const unsigned char *)mask; p < lim; x++, p++) {
434 for (y = 0; y < NBBY; y++) {
435 if ((*p & (0x80 >> y)) == 0)
441 * when the limit pointer is given, do a stricter check on the
445 if (y != 0 && (*p & (0x00ff >> y)) != 0)
447 for (p = p + 1; p < lim; p++)
452 return (uint8_t)(x * NBBY + y);
456 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
459 *vhigh = be64dec(addr->s6_addr);
460 *vlow = be64dec(addr->s6_addr + 8);
464 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
467 be64enc(addr->s6_addr, vhigh);
468 be64enc(addr->s6_addr + 8, vlow);
473 const struct in6_addr *prefix, // prefix from router
474 short prefix_len, // length of prefix received
475 uint64_t user_number, // "random" number from user
476 struct in6_addr *result, // resultant prefix
477 short result_len) // desired prefix length
479 uint64_t vh, vl, user_low, user_high;
481 if (prefix_len < 1 || prefix_len > 128 ||
482 result_len < 1 || result_len > 128)
488 /* Check that the user_number fits inside result_len less prefix_len */
489 if (result_len < prefix_len ||
490 fls64(user_number) > result_len - prefix_len)
496 /* If user_number is zero, just copy the prefix into the result. */
497 if (user_number == 0) {
502 /* Shift user_number so it fit's just inside result_len.
503 * Shifting by 0 or sizeof(user_number) is undefined,
504 * so we cater for that. */
505 if (result_len == 128) {
507 user_low = user_number;
508 } else if (result_len > 64) {
509 if (prefix_len >= 64)
512 user_high = user_number >> (result_len - prefix_len);
513 user_low = user_number << (128 - result_len);
514 } else if (result_len == 64) {
515 user_high = user_number;
518 user_high = user_number << (64 - result_len);
522 /* convert to two 64bit host order values */
523 in6_to_h64(&vh, &vl, prefix);
528 /* copy back result */
529 h64_to_in6(result, vh, vl);
534 #ifdef IPV6_POLLADDRFLAG
536 ipv6_checkaddrflags(void *arg)
538 struct ipv6_addr *ia;
548 if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) {
549 if (errno != EEXIST && errno != EADDRNOTAVAIL)
550 logerr("%s: if_addrflags6", __func__);
554 if (!(flags & IN6_IFF_TENTATIVE)) {
555 /* Simulate the kernel announcing the new address. */
556 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR,
557 ia->iface->ctx->ifaces, ia->iface->name,
558 &ia->addr, ia->prefix_len, flags, 0);
560 /* Still tentative? Check again in a bit. */
561 eloop_timeout_add_msec(ia->iface->ctx->eloop,
562 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
568 ipv6_deletedaddr(struct ipv6_addr *ia)
572 if (!(ia->iface->ctx->options & DHCPCD_MASTER))
573 ps_inet_closedhcp6(ia);
577 /* NOREJECT is set if we delegated exactly the prefix to another
579 * This can only be one address, so just clear the flag.
580 * This should ensure the reject route will be restored. */
581 if (ia->delegating_prefix != NULL)
582 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT;
587 ipv6_deleteaddr(struct ipv6_addr *ia)
589 struct ipv6_state *state;
590 struct ipv6_addr *ap;
592 loginfox("%s: deleting address %s", ia->iface->name, ia->saddr);
593 if (if_address6(RTM_DELADDR, ia) == -1 &&
594 errno != EADDRNOTAVAIL && errno != ESRCH &&
595 errno != ENXIO && errno != ENODEV)
598 ipv6_deletedaddr(ia);
600 state = IPV6_STATE(ia->iface);
601 TAILQ_FOREACH(ap, &state->addrs, next) {
602 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
603 TAILQ_REMOVE(&state->addrs, ap, next);
610 /* Advertise the address if it exists on another interface. */
611 ipv6nd_advertise(ia);
616 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now)
618 struct interface *ifp;
619 uint32_t pltime, vltime;
622 bool vltime_was_zero = ia->prefix_vltime == 0;
625 struct ipv6_state *state;
626 struct ipv6_addr *ia2;
628 /* If we re-add then address on Solaris then the prefix
629 * route will be scrubbed and re-added. Something might
630 * be using it, so let's avoid it. */
631 if (ia->flags & IPV6_AF_DADCOMPLETED) {
632 logdebugx("%s: IP address %s already exists",
633 ia->iface->name, ia->saddr);
642 /* Remember the interface of the address. */
645 if (!(ia->flags & IPV6_AF_DADCOMPLETED) &&
646 ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE))
647 ia->flags |= IPV6_AF_DADCOMPLETED;
649 /* Adjust plftime and vltime based on acquired time */
650 pltime = ia->prefix_pltime;
651 vltime = ia->prefix_vltime;
652 if (timespecisset(&ia->acquired) &&
653 (ia->prefix_pltime != ND6_INFINITE_LIFETIME ||
654 ia->prefix_vltime != ND6_INFINITE_LIFETIME))
660 clock_gettime(CLOCK_MONOTONIC, &n);
663 elapsed = (uint32_t)eloop_timespec_diff(now, &ia->acquired,
665 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) {
666 if (elapsed > ia->prefix_pltime)
667 ia->prefix_pltime = 0;
669 ia->prefix_pltime -= elapsed;
671 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) {
672 if (elapsed > ia->prefix_vltime)
673 ia->prefix_vltime = 0;
675 ia->prefix_vltime -= elapsed;
679 loglevel = ia->flags & IPV6_AF_NEW ? LOG_INFO : LOG_DEBUG;
680 logmessage(loglevel, "%s: adding %saddress %s", ifp->name,
681 #ifdef IPV6_AF_TEMPORARY
682 ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "",
687 if (ia->prefix_pltime == ND6_INFINITE_LIFETIME &&
688 ia->prefix_vltime == ND6_INFINITE_LIFETIME)
689 logdebugx("%s: pltime infinity, vltime infinity",
691 else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME)
692 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds",
693 ifp->name, ia->prefix_vltime);
694 else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME)
695 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity",
696 ifp->name, ia->prefix_pltime);
698 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32
700 ifp->name, ia->prefix_pltime, ia->prefix_vltime);
702 if (if_address6(RTM_NEWADDR, ia) == -1) {
704 /* Restore real pltime and vltime */
705 ia->prefix_pltime = pltime;
706 ia->prefix_vltime = vltime;
710 #ifdef IPV6_MANAGETEMPADDR
711 /* RFC4941 Section 3.4 */
712 if (ia->flags & IPV6_AF_TEMPORARY &&
715 ip6_use_tempaddr(ifp->name))
716 eloop_timeout_add_sec(ifp->ctx->eloop,
717 ia->prefix_pltime - REGEN_ADVANCE,
718 ipv6_regentempaddr, ia);
721 /* Restore real pltime and vltime */
722 ia->prefix_pltime = pltime;
723 ia->prefix_vltime = vltime;
725 ia->flags &= ~IPV6_AF_NEW;
726 ia->flags |= IPV6_AF_ADDED;
728 if (ia->delegating_prefix != NULL)
729 ia->flags |= IPV6_AF_DELEGATED;
732 #ifdef IPV6_POLLADDRFLAG
733 eloop_timeout_delete(ifp->ctx->eloop,
734 ipv6_checkaddrflags, ia);
735 if (!(ia->flags & IPV6_AF_DADCOMPLETED)) {
736 eloop_timeout_add_msec(ifp->ctx->eloop,
737 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
742 /* Solaris does not announce new addresses which need DaD
743 * so we need to take a copy and add it to our list.
744 * Otherwise aliasing gets confused if we add another
745 * address during DaD. */
747 state = IPV6_STATE(ifp);
748 TAILQ_FOREACH(ia2, &state->addrs, next) {
749 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr))
753 if ((ia2 = malloc(sizeof(*ia2))) == NULL) {
755 return 0; /* Well, we did add the address */
757 memcpy(ia2, ia, sizeof(*ia2));
758 TAILQ_INSERT_TAIL(&state->addrs, ia2, next);
766 /* Re-advertise the preferred address to be safe. */
767 if (!vltime_was_zero)
768 ipv6nd_advertise(ia);
775 /* Find the next logical alias address we can use. */
777 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl)
779 struct ipv6_state *state;
780 struct ipv6_addr *iap;
782 char alias[IF_NAMESIZE];
784 if (ia->alias[0] != '\0')
786 state = IPV6_STATE(ia->iface);
788 /* First find an existng address.
789 * This can happen when dhcpcd restarts as ND and DHCPv6
790 * maintain their own lists of addresses. */
791 TAILQ_FOREACH(iap, &state->addrs, next) {
792 if (iap->alias[0] != '\0' &&
793 IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
795 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
802 if (if_makealias(alias, IF_NAMESIZE, ia->iface->name, lun) >=
808 TAILQ_FOREACH(iap, &state->addrs, next) {
809 if (iap->alias[0] == '\0')
811 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) {
812 /* No address assigned? Lets use it. */
813 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
818 if (strcmp(iap->alias, alias) == 0)
823 if (lun == UINT_MAX) {
831 strlcpy(ia->alias, alias, sizeof(ia->alias));
837 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now)
842 struct ipv6_addr *replaced_ia;
844 blank = (ia->alias[0] == '\0');
845 if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1)
848 logdebugx("%s: aliased %s", ia->alias, ia->saddr);
851 if ((r = ipv6_addaddr1(ia, now)) == 0) {
854 struct ipv6_state *state;
856 state = IPV6_STATE(ia->iface);
857 TAILQ_REMOVE(&state->addrs, replaced_ia, next);
858 ipv6_freeaddr(replaced_ia);
866 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match,
872 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) ==
873 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED))
875 } else if (addr->prefix_vltime &&
876 IN6_ARE_ADDR_EQUAL(&addr->addr, match) &&
877 (!flags || addr->flags & flags))
884 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags)
886 struct ipv6_addr *nap;
888 struct ipv6_addr *dap;
891 nap = ipv6nd_findaddr(ctx, addr, flags);
893 dap = dhcp6_findaddr(ctx, addr, flags);
900 if (nap->iface->metric < dap->iface->metric)
909 ipv6_doaddr(struct ipv6_addr *ia, struct timespec *now)
912 /* A delegated prefix is not an address. */
913 if (ia->flags & IPV6_AF_DELEGATEDPFX)
916 if (ia->prefix_vltime == 0) {
917 if (ia->flags & IPV6_AF_ADDED)
919 eloop_q_timeout_delete(ia->iface->ctx->eloop,
920 ELOOP_QUEUE_ALL, NULL, ia);
921 if (ia->flags & IPV6_AF_REQUEST) {
922 ia->flags &= ~IPV6_AF_ADDED;
928 if (ia->flags & IPV6_AF_STALE ||
929 IN6_IS_ADDR_UNSPECIFIED(&ia->addr))
932 if (!timespecisset(now))
933 clock_gettime(CLOCK_MONOTONIC, now);
934 ipv6_addaddr(ia, now);
935 return ia->flags & IPV6_AF_NEW ? 1 : 0;
939 ipv6_addaddrs(struct ipv6_addrhead *iaddrs)
942 struct ipv6_addr *ia, *ian;
947 TAILQ_FOREACH_SAFE(ia, iaddrs, next, ian) {
948 r = ipv6_doaddr(ia, &now);
952 TAILQ_REMOVE(iaddrs, ia, next);
960 ipv6_freeaddr(struct ipv6_addr *ia)
962 struct eloop *eloop = ia->iface->ctx->eloop;
964 struct ipv6_addr *iad;
966 /* Forget the reference */
967 if (ia->flags & IPV6_AF_DELEGATEDPFX) {
968 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) {
969 iad->delegating_prefix = NULL;
971 } else if (ia->delegating_prefix != NULL) {
972 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next);
976 if (ia->dhcp6_fd != -1) {
978 eloop_event_delete(eloop, ia->dhcp6_fd);
981 eloop_q_timeout_delete(eloop, ELOOP_QUEUE_ALL, NULL, ia);
987 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
988 const struct interface *ifd)
990 struct ipv6_addr *ap, *apn, *apf;
997 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
1000 (ap->delegating_prefix == NULL ||
1001 ap->delegating_prefix->iface != ifd))
1005 TAILQ_REMOVE(addrs, ap, next);
1006 if (drop && ap->flags & IPV6_AF_ADDED &&
1007 (ap->iface->options->options &
1008 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
1009 (DHCPCD_EXITING | DHCPCD_PERSISTENT))
1011 /* Don't drop link-local addresses. */
1012 if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) ||
1013 CAN_DROP_LLADDR(ap->iface))
1016 TAILQ_REMOVE(addrs, ap, next);
1017 /* Find the same address somewhere else */
1018 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr,
1021 (apf->iface != ap->iface)))
1022 ipv6_deleteaddr(ap);
1023 if (!(ap->iface->options->options &
1024 DHCPCD_EXITING) && apf)
1026 if (!timespecisset(&now))
1027 clock_gettime(CLOCK_MONOTONIC,
1029 ipv6_addaddr(apf, &now);
1040 static struct ipv6_state *
1041 ipv6_getstate(struct interface *ifp)
1043 struct ipv6_state *state;
1045 state = IPV6_STATE(ifp);
1046 if (state == NULL) {
1047 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
1048 state = IPV6_STATE(ifp);
1049 if (state == NULL) {
1053 TAILQ_INIT(&state->addrs);
1054 TAILQ_INIT(&state->ll_callbacks);
1056 /* Regenerate new ids */
1058 ip6_use_tempaddr(ifp->name))
1059 ipv6_regentempifid(ifp);
1065 ipv6_anyglobal(struct interface *sifp)
1067 struct interface *ifp;
1068 struct ipv6_state *state;
1069 struct ipv6_addr *ia;
1071 TAILQ_FOREACH(ifp, sifp->ctx->ifaces, next) {
1072 if (ifp != sifp && ip6_forwarding(ifp->name) != 1)
1075 state = IPV6_STATE(ifp);
1079 TAILQ_FOREACH(ia, &state->addrs, next) {
1080 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr))
1082 /* Let's be optimistic.
1083 * Any decent OS won't forward or accept traffic
1084 * from/to tentative or detached addresses. */
1085 if (!(ia->addr_flags & IN6_IFF_DUPLICATED))
1093 ipv6_handleifa(struct dhcpcd_ctx *ctx,
1094 int cmd, struct if_head *ifs, const char *ifname,
1095 const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid)
1097 struct interface *ifp;
1098 struct ipv6_state *state;
1099 struct ipv6_addr *ia;
1100 struct ll_callback *cb;
1104 struct sockaddr_in6 subnet;
1106 /* Solaris on-link route is an unspecified address! */
1107 if (IN6_IS_ADDR_UNSPECIFIED(addr)) {
1108 if (if_getsubnet(ctx, ifname, AF_INET6,
1109 &subnet, sizeof(subnet)) == -1)
1114 addr = &subnet.sin6_addr;
1119 char dbuf[INET6_ADDRSTRLEN];
1122 dbp = inet_ntop(AF_INET6, &addr->s6_addr,
1123 dbuf, INET6_ADDRSTRLEN);
1124 loginfox("%s: cmd %d addr %s addrflags %d",
1125 ifname, cmd, dbp, addrflags);
1132 if ((ifp = if_find(ifs, ifname)) == NULL)
1134 if ((state = ipv6_getstate(ifp)) == NULL)
1136 anyglobal = ipv6_anyglobal(ifp) != NULL;
1138 TAILQ_FOREACH(ia, &state->addrs, next) {
1139 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr))
1146 TAILQ_REMOVE(&state->addrs, ia, next);
1147 #ifdef ND6_ADVERTISE
1148 /* Advertise the address if it exists on
1149 * another interface. */
1150 ipv6nd_advertise(ia);
1152 /* We'll free it at the end of the function. */
1157 ia = ipv6_newaddr(ifp, addr, prefix_len, 0);
1159 strlcpy(ia->alias, ifname, sizeof(ia->alias));
1161 if (if_getlifetime6(ia) == -1) {
1162 /* No support or address vanished.
1163 * Either way, just set a deprecated
1164 * infinite time lifetime and continue.
1165 * This is fine because we only want
1166 * to know this when trying to extend
1167 * temporary addresses.
1168 * As we can't extend infinite, we'll
1169 * create a new temporary address. */
1170 ia->prefix_pltime = 0;
1172 ND6_INFINITE_LIFETIME;
1174 /* This is a minor regression against RFC 4941
1175 * because the kernel only knows when the
1176 * lifetimes were last updated, not when the
1177 * address was initially created.
1178 * Provided dhcpcd is not restarted, this
1179 * won't be a problem.
1180 * If we don't like it, we can always
1181 * pretend lifetimes are infinite and always
1182 * generate a new temporary address on
1184 ia->acquired = ia->created;
1185 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1187 ia->addr_flags = addrflags;
1188 ia->flags &= ~IPV6_AF_STALE;
1189 #ifdef IPV6_MANAGETEMPADDR
1190 if (ia->addr_flags & IN6_IFF_TEMPORARY)
1191 ia->flags |= IPV6_AF_TEMPORARY;
1193 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) {
1194 #ifdef IPV6_POLLADDRFLAG
1195 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1196 eloop_timeout_add_msec(
1197 ia->iface->ctx->eloop,
1198 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1203 if (ia->dadcallback) {
1204 ia->dadcallback(ia);
1205 if (ctx->options & DHCPCD_FORKED)
1209 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) &&
1210 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1212 /* Now run any callbacks.
1213 * Typically IPv6RS or DHCPv6 */
1215 TAILQ_FIRST(&state->ll_callbacks)))
1218 &state->ll_callbacks,
1220 cb->callback(cb->arg);
1222 if (ctx->options & DHCPCD_FORKED)
1233 ctx->options &= ~DHCPCD_RTBUILD;
1234 ipv6nd_handleifa(cmd, ia, pid);
1236 dhcp6_handleifa(cmd, ia, pid);
1240 /* Done with the ia now, so free it. */
1241 if (cmd == RTM_DELADDR)
1243 else if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1244 ia->flags |= IPV6_AF_DADCOMPLETED;
1246 /* If we've not already called rt_build via the IPv6ND
1247 * or DHCP6 handlers and the existance of any useable
1248 * global address on the interface has changed,
1249 * call rt_build to add/remove the default route. */
1251 ((ifp->options != NULL && ifp->options->options & DHCPCD_IPV6) ||
1252 (ifp->options == NULL && ctx->options & DHCPCD_IPV6)) &&
1253 !(ctx->options & DHCPCD_RTBUILD) &&
1254 (ipv6_anyglobal(ifp) != NULL) != anyglobal)
1255 rt_build(ctx, AF_INET6);
1259 ipv6_hasaddr(const struct interface *ifp)
1262 if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL)
1265 if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL)
1272 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr,
1275 struct ipv6_state *state;
1276 struct ipv6_addr *ap;
1278 state = IPV6_STATE(ifp);
1280 TAILQ_FOREACH(ap, &state->addrs, next) {
1282 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1283 (!revflags || !(ap->addr_flags & revflags)))
1286 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1287 (!revflags || !(ap->addr_flags & revflags)))
1295 static struct ipv6_addr *
1296 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr)
1298 struct ipv6_state *state;
1299 struct ipv6_addr *ap;
1300 struct in6_addr mask;
1302 state = IPV6_STATE(ifp);
1304 TAILQ_FOREACH(ap, &state->addrs, next) {
1305 if (ipv6_mask(&mask, ap->prefix_len) == -1)
1307 if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask))
1315 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr)
1317 struct interface *ifp;
1318 struct ipv6_addr *ap;
1320 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1321 ap = ipv6_iffindmaskaddr(ifp, addr);
1329 ipv6_addlinklocalcallback(struct interface *ifp,
1330 void (*callback)(void *), void *arg)
1332 struct ipv6_state *state;
1333 struct ll_callback *cb;
1335 state = ipv6_getstate(ifp);
1336 TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1337 if (cb->callback == callback && cb->arg == arg)
1341 cb = malloc(sizeof(*cb));
1346 cb->callback = callback;
1348 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1353 static struct ipv6_addr *
1354 ipv6_newlinklocal(struct interface *ifp)
1356 struct ipv6_addr *ia;
1357 struct in6_addr in6;
1359 memset(&in6, 0, sizeof(in6));
1360 in6.s6_addr32[0] = htonl(0xfe800000);
1361 ia = ipv6_newaddr(ifp, &in6, 64, 0);
1363 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1364 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1369 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1370 static const uint8_t allone[8] =
1371 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1374 ipv6_addlinklocal(struct interface *ifp)
1376 struct ipv6_state *state;
1377 struct ipv6_addr *ap, *ap2;
1380 /* Check sanity before malloc */
1381 if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1382 switch (ifp->family) {
1384 /* Check for a valid hardware address */
1385 if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1389 if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1390 memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1402 state = ipv6_getstate(ifp);
1406 ap = ipv6_newlinklocal(ifp);
1411 if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1413 if (ipv6_makestableprivate(&ap->addr,
1414 &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1419 ap->dadcounter = dadcounter;
1421 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1422 switch (ifp->family) {
1424 if (ifp->hwlen == 6) {
1425 ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1426 ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1427 ap->addr.s6_addr[10] = ifp->hwaddr[2];
1428 ap->addr.s6_addr[11] = 0xff;
1429 ap->addr.s6_addr[12] = 0xfe;
1430 ap->addr.s6_addr[13] = ifp->hwaddr[3];
1431 ap->addr.s6_addr[14] = ifp->hwaddr[4];
1432 ap->addr.s6_addr[15] = ifp->hwaddr[5];
1433 } else if (ifp->hwlen == 8)
1434 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1443 /* Sanity check: g bit must not indciate "group" */
1444 if (EUI64_GROUP(&ap->addr)) {
1449 EUI64_TO_IFID(&ap->addr);
1452 /* Do we already have this address? */
1453 TAILQ_FOREACH(ap2, &state->addrs, next) {
1454 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1455 if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1456 if (ifp->options->options &
1457 DHCPCD_SLAACPRIVATE)
1460 goto nextslaacprivate;
1463 errno = EADDRNOTAVAIL;
1467 logwarnx("%s: waiting for %s to complete",
1468 ap2->iface->name, ap2->saddr);
1475 inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1476 TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1477 ipv6_addaddr(ap, NULL);
1482 ipv6_tryaddlinklocal(struct interface *ifp)
1484 struct ipv6_addr *ia;
1486 /* We can't assign a link-locak address to this,
1487 * the ppp process has to. */
1488 if (ifp->flags & IFF_POINTOPOINT)
1491 ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED);
1493 #ifdef IPV6_POLLADDRFLAG
1494 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1495 eloop_timeout_add_msec(
1496 ia->iface->ctx->eloop,
1497 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1502 if (!CAN_ADD_LLADDR(ifp))
1505 return ipv6_addlinklocal(ifp);
1509 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr,
1510 uint8_t prefix_len, unsigned int flags)
1512 struct ipv6_addr *ia, *iaf;
1513 char buf[INET6_ADDRSTRLEN];
1518 #ifdef IPV6_AF_TEMPORARY
1519 tempaddr = flags & IPV6_AF_TEMPORARY;
1524 /* If adding a new DHCP / RA derived address, check current flags
1525 * from an existing address. */
1526 if (flags & IPV6_AF_AUTOCONF)
1527 iaf = ipv6nd_iffindprefix(ifp, addr, prefix_len);
1529 iaf = ipv6_iffindaddr(ifp, addr, 0);
1531 addr_flags = iaf->addr_flags;
1532 flags |= IPV6_AF_ADDED;
1534 addr_flags = IN6_IFF_TENTATIVE;
1536 ia = calloc(1, sizeof(*ia));
1541 ia->addr_flags = addr_flags;
1542 ia->flags = IPV6_AF_NEW | flags;
1543 if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1544 ia->flags |= IPV6_AF_DADCOMPLETED;
1545 ia->prefix_len = prefix_len;
1549 TAILQ_INIT(&ia->pd_pfxs);
1552 if (prefix_len == 128)
1554 else if (ia->flags & IPV6_AF_AUTOCONF && !tempaddr) {
1557 memcpy(&ia->addr, &iaf->addr, sizeof(ia->addr));
1559 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp,
1562 if (ia->dadcounter == -1)
1565 } else if (ia->flags & IPV6_AF_RAPFX) {
1569 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1574 } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX)) {
1576 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf));
1581 if (ipv6_makeprefix(&ia->prefix,
1582 &ia->addr, ia->prefix_len) == -1)
1586 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1590 snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len);
1601 ipv6_staticdadcallback(void *arg)
1603 struct ipv6_addr *ia = arg;
1606 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
1607 ia->flags |= IPV6_AF_DADCOMPLETED;
1608 if (ia->flags & IPV6_AF_DUPLICATED)
1609 logwarnx("%s: DAD detected %s", ia->iface->name,
1611 else if (!wascompleted) {
1612 logdebugx("%s: IPv6 static DAD completed",
1616 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1617 if (!wascompleted) {
1618 struct interface *ifp;
1619 struct ipv6_state *state;
1622 state = IPV6_STATE(ifp);
1623 TAILQ_FOREACH(ia, &state->addrs, next) {
1624 if (ia->flags & IPV6_AF_STATIC &&
1625 (ia->flags & FINISHED) != FINISHED)
1632 script_runreason(ifp, "STATIC6");
1638 ipv6_env(FILE *fp, const char *prefix, const struct interface *ifp)
1640 struct ipv6_addr *ia;
1642 ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6,
1643 IN6_IFF_NOTUSEABLE);
1646 if (efprintf(fp, "%s_ip6_address=%s", prefix, ia->saddr) == -1)
1652 ipv6_staticdadcompleted(const struct interface *ifp)
1654 const struct ipv6_state *state;
1655 const struct ipv6_addr *ia;
1658 if ((state = IPV6_CSTATE(ifp)) == NULL)
1661 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1662 TAILQ_FOREACH(ia, &state->addrs, next) {
1663 if ((ia->flags & COMPLETED) == COMPLETED &&
1664 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1671 ipv6_startstatic(struct interface *ifp)
1673 struct ipv6_addr *ia;
1676 if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6))
1679 ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0);
1681 (ia->prefix_len != ifp->options->req_prefix_len ||
1682 ia->addr_flags & IN6_IFF_NOTUSEABLE))
1684 ipv6_deleteaddr(ia);
1688 struct ipv6_state *state;
1690 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6,
1691 ifp->options->req_prefix_len, 0);
1694 state = IPV6_STATE(ifp);
1695 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1699 ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK;
1700 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1701 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1702 ia->dadcallback = ipv6_staticdadcallback;
1703 ipv6_addaddr(ia, NULL);
1704 rt_build(ifp->ctx, AF_INET6);
1706 script_runreason(ifp, "STATIC6");
1710 /* Ensure the interface has a link-local address */
1712 ipv6_start(struct interface *ifp)
1714 #ifdef IPV6_POLLADDRFLAG
1715 struct ipv6_state *state;
1717 /* We need to update the address flags. */
1718 if ((state = IPV6_STATE(ifp)) != NULL) {
1719 struct ipv6_addr *ia;
1723 TAILQ_FOREACH(ia, &state->addrs, next) {
1729 flags = if_addrflags6(ia->iface, &ia->addr, alias);
1731 ia->addr_flags = flags;
1736 if (ipv6_tryaddlinklocal(ifp) == -1)
1739 if (IPV6_CSTATE(ifp)) {
1740 /* Regenerate new ids */
1741 if (ip6_use_tempaddr(ifp->name))
1742 ipv6_regentempifid(ifp);
1749 ipv6_freedrop(struct interface *ifp, int drop)
1751 struct ipv6_state *state;
1752 struct ll_callback *cb;
1757 if ((state = IPV6_STATE(ifp)) == NULL)
1760 /* If we got here, we can get rid of any LL callbacks. */
1761 while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1762 TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1766 ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1768 if (ifp->ctx->ra_routers != NULL)
1769 rt_build(ifp->ctx, AF_INET6);
1771 /* Because we need to cache the addresses we don't control,
1772 * we only free the state on when NOT dropping addresses. */
1774 ifp->if_data[IF_DATA_IPV6] = NULL;
1775 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1780 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1783 free(ctx->ra_routers);
1788 ipv6_handleifa_addrs(int cmd,
1789 struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid)
1791 struct ipv6_addr *ia, *ian;
1792 uint8_t found, alldadcompleted;
1794 alldadcompleted = 1;
1796 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
1797 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) {
1798 if (ia->flags & IPV6_AF_ADDED &&
1799 !(ia->flags & IPV6_AF_DADCOMPLETED))
1800 alldadcompleted = 0;
1805 if (ia->flags & IPV6_AF_ADDED) {
1806 logwarnx("%s: pid %d deleted address %s",
1807 ia->iface->name, pid, ia->saddr);
1808 ia->flags &= ~IPV6_AF_ADDED;
1810 ipv6_deletedaddr(ia);
1811 if (ia->flags & IPV6_AF_DELEGATED) {
1812 TAILQ_REMOVE(addrs, ia, next);
1817 /* Safety - ignore tentative announcements */
1818 if (addr->addr_flags &
1819 (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE))
1821 if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) {
1823 if (addr->addr_flags & IN6_IFF_DUPLICATED)
1824 ia->flags |= IPV6_AF_DUPLICATED;
1826 ia->flags &= ~IPV6_AF_DUPLICATED;
1827 if (ia->dadcallback)
1828 ia->dadcallback(ia);
1829 /* We need to set this here in-case the
1830 * dadcallback function checks it */
1831 ia->flags |= IPV6_AF_DADCOMPLETED;
1837 return alldadcompleted ? found : 0;
1840 #ifdef IPV6_MANAGETEMPADDR
1841 static const struct ipv6_addr *
1842 ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr)
1844 const struct interface *ifp;
1845 const struct ipv6_state *state;
1846 const struct ipv6_addr *ia;
1848 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1849 if ((state = IPV6_CSTATE(ifp))) {
1850 TAILQ_FOREACH(ia, &state->addrs, next) {
1851 if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0)
1859 static const uint8_t nullid[8];
1860 static const uint8_t anycastid[8] = {
1861 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 };
1862 static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe };
1865 ipv6_regen_desync(struct interface *ifp, int force)
1867 struct ipv6_state *state;
1868 unsigned int max, pref;
1870 state = IPV6_STATE(ifp);
1872 /* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1873 * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1874 * I believe this is an error and it should be never be greateter than
1875 * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1876 pref = (unsigned int)ip6_temp_preferred_lifetime(ifp->name);
1877 max = pref - REGEN_ADVANCE;
1878 if (state->desync_factor && !force && state->desync_factor < max)
1880 if (state->desync_factor == 0)
1881 state->desync_factor =
1882 arc4random_uniform(MIN(MAX_DESYNC_FACTOR, max));
1883 max = pref - state->desync_factor - REGEN_ADVANCE;
1884 eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp);
1888 ipv6_gentempifid(struct interface *ifp)
1890 struct ipv6_state *state;
1892 uint8_t seed[16], digest[16];
1895 if ((state = IPV6_STATE(ifp)) == NULL)
1899 if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) {
1903 memcpy(seed, &r, sizeof(r));
1905 memcpy(seed + sizeof(r), &r, sizeof(r));
1907 memcpy(seed, state->randomseed0, sizeof(state->randomseed0));
1909 memcpy(seed + sizeof(state->randomseed0),
1910 state->randomseed1, sizeof(state->randomseed1));
1914 MD5Update(&md5, seed, sizeof(seed));
1915 MD5Final(digest, &md5);
1917 /* RFC4941 Section 3.2.1.1
1918 * Take the left-most 64bits and set bit 6 to zero */
1919 memcpy(state->randomid, digest, sizeof(state->randomid));
1920 state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT);
1922 /* RFC4941 Section 3.2.1.4
1923 * Reject reserved or existing id's */
1924 if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 ||
1925 (memcmp(anycastid, state->randomid, 7) == 0 &&
1926 (anycastid[7] & state->randomid[7]) == anycastid[7]) ||
1927 memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 ||
1928 ipv6_findaddrid(ifp->ctx, state->randomid))
1930 if (++retry < GEN_TEMPID_RETRY_MAX) {
1931 memcpy(seed, digest + 8, 8);
1934 memset(state->randomid, 0, sizeof(state->randomid));
1937 /* RFC4941 Section 3.2.1.6
1938 * Save the right-most 64bits of the digest */
1939 memcpy(state->randomseed0, digest + 8,
1940 sizeof(state->randomseed0));
1943 /* RFC4941 Section 3.3.7 */
1945 ipv6_tempdadcallback(void *arg)
1947 struct ipv6_addr *ia = arg;
1949 if (ia->flags & IPV6_AF_DUPLICATED) {
1950 struct ipv6_addr *ia1;
1953 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1954 logerrx("%s: too many duplicate temporary addresses",
1958 clock_gettime(CLOCK_MONOTONIC, &tv);
1959 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1962 ia1->dadcounter = ia->dadcounter;
1963 ipv6_deleteaddr(ia);
1965 ipv6_addaddr(ia1, &ia1->acquired);
1970 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1972 struct ipv6_state *state;
1973 const struct ipv6_state *cstate;
1975 struct in6_addr addr, mask;
1977 const struct interface *ifp;
1978 const struct ipv6_addr *ap;
1979 struct ipv6_addr *ia;
1980 uint32_t i, trylimit;
1982 trylimit = TEMP_IDGEN_RETRIES;
1983 state = IPV6_STATE(ia0->iface);
1987 ipv6_mask(&mask, ia0->prefix_len);
1988 /* clear the old ifid */
1989 for (i = 0; i < 4; i++)
1990 addr.s6_addr32[i] &= mask.s6_addr32[i];
1993 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0)
1996 memcpy(state->randomseed1, &ia0->addr.s6_addr[8],
1997 sizeof(state->randomseed1));
1998 ipv6_gentempifid(ia0->iface);
1999 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) {
2004 memcpy(&randid[0], state->randomid, sizeof(randid[0]));
2005 memcpy(&randid[1], state->randomid + sizeof(randid[1]),
2007 addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2];
2008 addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3];
2010 /* Ensure we don't already have it */
2011 TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) {
2012 cstate = IPV6_CSTATE(ifp);
2014 TAILQ_FOREACH(ap, &cstate->addrs, next) {
2015 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) {
2016 if (--trylimit == 0) {
2027 ia = ipv6_newaddr(ia0->iface, &addr, ia0->prefix_len,
2028 IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY);
2029 /* Must be made tentative, for our DaD to work */
2030 ia->addr_flags = IN6_IFF_TENTATIVE;
2031 ia->dadcallback = ipv6_tempdadcallback;
2032 ia->created = ia->acquired = now ? *now : ia0->acquired;
2034 /* Ensure desync is still valid */
2035 ipv6_regen_desync(ia->iface, 0);
2037 /* RFC4941 Section 3.3.4 */
2038 i = (uint32_t)ip6_temp_preferred_lifetime(ia0->iface->name) -
2039 state->desync_factor;
2040 ia->prefix_pltime = MIN(ia0->prefix_pltime, i);
2041 i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name);
2042 ia->prefix_vltime = MIN(ia0->prefix_vltime, i);
2043 if (ia->prefix_pltime <= REGEN_ADVANCE ||
2044 ia->prefix_pltime > ia0->prefix_vltime)
2051 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
2056 ipv6_settemptime(struct ipv6_addr *ia, int flags)
2058 struct ipv6_state *state;
2059 struct ipv6_addr *ap, *first;
2061 state = IPV6_STATE(ia->iface);
2063 TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
2064 if (ap->flags & IPV6_AF_TEMPORARY &&
2065 ap->prefix_pltime &&
2066 IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
2068 unsigned int max, ext;
2071 if (ap->prefix_pltime -
2072 (uint32_t)(ia->acquired.tv_sec -
2073 ap->acquired.tv_sec)
2080 if (!(ap->flags & IPV6_AF_ADDED))
2081 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
2082 ap->flags &= ~IPV6_AF_STALE;
2084 /* RFC4941 Section 3.4
2085 * Deprecated prefix, deprecate the temporary address */
2086 if (ia->prefix_pltime == 0) {
2087 ap->prefix_pltime = 0;
2091 /* Ensure desync is still valid */
2092 ipv6_regen_desync(ap->iface, 0);
2094 /* RFC4941 Section 3.3.2
2095 * Extend temporary times, but ensure that they
2096 * never last beyond the system limit. */
2097 ext = (unsigned int)ia->acquired.tv_sec
2098 + ia->prefix_pltime;
2099 max = (unsigned int)(ap->created.tv_sec +
2100 ip6_temp_preferred_lifetime(ap->iface->name) -
2101 state->desync_factor);
2103 ap->prefix_pltime = ia->prefix_pltime;
2106 (uint32_t)(max - ia->acquired.tv_sec);
2109 ext = (unsigned int)ia->acquired.tv_sec +
2111 max = (unsigned int)(ap->created.tv_sec +
2112 ip6_temp_valid_lifetime(ap->iface->name));
2114 ap->prefix_vltime = ia->prefix_vltime;
2117 (uint32_t)(max - ia->acquired.tv_sec);
2119 /* Just extend the latest matching prefix */
2120 ap->acquired = ia->acquired;
2122 /* If extending return the last match as
2123 * it's the most current.
2124 * If deprecating, deprecate any other addresses we
2125 * may have, although this should not be needed */
2126 if (ia->prefix_pltime)
2136 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
2138 struct ipv6_state *state;
2139 struct ipv6_addr *ia;
2141 state = IPV6_STATE(ifp);
2142 TAILQ_FOREACH(ia, &state->addrs, next) {
2143 if (ia->flags & IPV6_AF_TEMPORARY &&
2144 !(ia->flags & IPV6_AF_STALE))
2145 ipv6_addaddr(ia, now);
2150 ipv6_regentempaddr(void *arg)
2152 struct ipv6_addr *ia = arg, *ia1;
2155 logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr);
2156 clock_gettime(CLOCK_MONOTONIC, &tv);
2157 ia1 = ipv6_createtempaddr(ia, &tv);
2159 ipv6_addaddr(ia1, &tv);
2165 ipv6_regentempifid(void *arg)
2167 struct interface *ifp = arg;
2168 struct ipv6_state *state;
2170 state = IPV6_STATE(ifp);
2171 if (memcmp(state->randomid, nullid, sizeof(state->randomid)))
2172 ipv6_gentempifid(ifp);
2174 ipv6_regen_desync(ifp, 1);
2176 #endif /* IPV6_MANAGETEMPADDR */
2179 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags)
2181 struct ipv6_state *state;
2182 struct ipv6_addr *ia;
2184 state = IPV6_STATE(ifp);
2188 TAILQ_FOREACH(ia, &state->addrs, next) {
2189 if (flags == 0 || ia->flags & flags)
2190 ia->flags |= IPV6_AF_STALE;
2195 ipv6_deletestaleaddrs(struct interface *ifp)
2197 struct ipv6_state *state;
2198 struct ipv6_addr *ia, *ia1;
2200 state = IPV6_STATE(ifp);
2204 TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) {
2205 if (ia->flags & IPV6_AF_STALE)
2206 ipv6_handleifa(ifp->ctx, RTM_DELADDR,
2207 ifp->ctx->ifaces, ifp->name,
2208 &ia->addr, ia->prefix_len, 0, getpid());
2214 inet6_makeroute(struct interface *ifp, const struct ra *rap)
2218 if ((rt = rt_new(ifp)) == NULL)
2221 #ifdef HAVE_ROUTE_METRIC
2222 rt->rt_metric = ifp->metric;
2225 rt->rt_mtu = rap->mtu;
2230 inet6_makeprefix(struct interface *ifp, const struct ra *rap,
2231 const struct ipv6_addr *addr)
2234 struct in6_addr netmask;
2236 if (addr == NULL || addr->prefix_len > 128) {
2241 /* There is no point in trying to manage a /128 prefix,
2242 * ones without a lifetime. */
2243 if (addr->prefix_len == 128 || addr->prefix_vltime == 0)
2246 /* Don't install a reject route when not creating bigger prefixes. */
2247 if (addr->flags & IPV6_AF_NOREJECT)
2250 /* This address is the delegated prefix, so add a reject route for
2251 * it via the loopback interface. */
2252 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2253 struct interface *lo0;
2255 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) {
2256 if (lo0->flags & IFF_LOOPBACK)
2260 logwarnx("cannot find a loopback interface "
2266 if ((rt = inet6_makeroute(ifp, rap)) == NULL)
2269 sa_in6_init(&rt->rt_dest, &addr->prefix);
2270 ipv6_mask(&netmask, addr->prefix_len);
2271 sa_in6_init(&rt->rt_netmask, &netmask);
2272 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2273 rt->rt_flags |= RTF_REJECT;
2274 /* Linux does not like a gateway for a reject route. */
2276 sa_in6_init(&rt->rt_gateway, &in6addr_loopback);
2278 } else if (!(addr->flags & IPV6_AF_ONLINK))
2279 sa_in6_init(&rt->rt_gateway, &rap->from);
2281 rt->rt_gateway.sa_family = AF_UNSPEC;
2282 sa_in6_init(&rt->rt_ifa, &addr->addr);
2287 inet6_makerouter(struct ra *rap)
2291 if ((rt = inet6_makeroute(rap->iface, rap)) == NULL)
2293 sa_in6_init(&rt->rt_dest, &in6addr_any);
2294 sa_in6_init(&rt->rt_netmask, &in6addr_any);
2295 sa_in6_init(&rt->rt_gateway, &rap->from);
2299 #define RT_IS_DEFAULT(rtp) \
2300 (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) && \
2301 IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any))
2304 inet6_staticroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2306 struct interface *ifp;
2307 struct ipv6_state *state;
2308 struct ipv6_addr *ia;
2311 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2312 if ((state = IPV6_STATE(ifp)) == NULL)
2314 TAILQ_FOREACH(ia, &state->addrs, next) {
2315 if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) ==
2316 (IPV6_AF_ADDED | IPV6_AF_STATIC))
2318 rt = inet6_makeprefix(ifp, NULL, ia);
2320 rt_proto_add(routes, rt);
2328 inet6_raroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2332 const struct ipv6_addr *addr;
2334 if (ctx->ra_routers == NULL)
2337 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
2340 TAILQ_FOREACH(addr, &rap->addrs, next) {
2341 if (addr->prefix_vltime == 0)
2343 rt = inet6_makeprefix(rap->iface, rap, addr);
2345 rt->rt_dflags |= RTDF_RA;
2346 rt_proto_add(routes, rt);
2349 if (rap->lifetime == 0)
2351 if (ipv6_anyglobal(rap->iface) == NULL)
2353 rt = inet6_makerouter(rap);
2356 rt->rt_dflags |= RTDF_RA;
2357 rt_proto_add(routes, rt);
2364 inet6_dhcproutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx,
2367 struct interface *ifp;
2368 const struct dhcp6_state *d6_state;
2369 const struct ipv6_addr *addr;
2372 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2373 d6_state = D6_CSTATE(ifp);
2374 if (d6_state && d6_state->state == dstate) {
2375 TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2376 rt = inet6_makeprefix(ifp, NULL, addr);
2379 rt->rt_dflags |= RTDF_DHCP;
2380 rt_proto_add(routes, rt);
2389 inet6_getroutes(struct dhcpcd_ctx *ctx, rb_tree_t *routes)
2392 /* Should static take priority? */
2393 if (inet6_staticroutes(routes, ctx) == -1)
2396 /* First add reachable routers and their prefixes */
2397 if (inet6_raroutes(routes, ctx) == -1)
2401 /* We have no way of knowing if prefixes added by DHCP are reachable
2402 * or not, so we have to assume they are.
2403 * Add bound before delegated so we can prefer interfaces better. */
2404 if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1)
2406 if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1)