contrib/dhcpcd/src/ipv6.c

   1 /* SPDX-License-Identifier: BSD-2-Clause */
   2 /*
   3  * dhcpcd - DHCP client daemon
   4  * Copyright (c) 2006-2020 Roy Marples <roy@marples.name>
   5  * All rights reserved
   6
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  26  * SUCH DAMAGE.
  27  */
  28
  29 #include <sys/param.h>
  30 #include <sys/types.h>
  31 #include <sys/socket.h>
  32 #include <sys/stat.h>
  33
  34 #include <arpa/inet.h>
  35 #include <net/if.h>
  36 #include <net/route.h>
  37 #include <netinet/in.h>
  38 #include <netinet/if_ether.h>
  39
  40 #include "config.h"
  41
  42 #ifdef HAVE_SYS_BITOPS_H
  43 #include <sys/bitops.h>
  44 #else
  45 #include "compat/bitops.h"
  46 #endif
  47
  48 #ifdef BSD
  49 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used
  50  * to generate our CAN_ADD_LLADDR #define. */
  51 #  include <netinet6/in6_var.h>
  52 #  include <netinet6/nd6.h>
  53 #endif
  54
  55 #include <errno.h>
  56 #include <ifaddrs.h>
  57 #include <inttypes.h>
  58 #include <stdlib.h>
  59 #include <string.h>
  60 #include <syslog.h>
  61 #include <unistd.h>
  62
  63 #define ELOOP_QUEUE     ELOOP_IPV6
  64 #include "common.h"
  65 #include "if.h"
  66 #include "dhcpcd.h"
  67 #include "dhcp6.h"
  68 #include "eloop.h"
  69 #include "ipv6.h"
  70 #include "ipv6nd.h"
  71 #include "logerr.h"
  72 #include "sa.h"
  73 #include "script.h"
  74
  75 #ifdef HAVE_MD5_H
  76 #  ifndef DEPGEN
  77 #    include <md5.h>
  78 #  endif
  79 #endif
  80
  81 #ifdef SHA2_H
  82 #  include SHA2_H
  83 #endif
  84
  85 #ifndef SHA256_DIGEST_LENGTH
  86 #  define SHA256_DIGEST_LENGTH          32
  87 #endif
  88
  89 #ifdef IPV6_POLLADDRFLAG
  90 #  warning kernel does not report IPv6 address flag changes
  91 #  warning polling tentative address flags periodically
  92 #endif
  93
  94 /* Hackery at it's finest. */
  95 #ifndef s6_addr32
  96 #  ifdef __sun
  97 #    define s6_addr32   _S6_un._S6_u32
  98 #  else
  99 #    define s6_addr32   __u6_addr.__u6_addr32
 100 #  endif
 101 #endif
 102
 103 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \
 104     defined(IFF_NOLINKLOCAL)
 105 /* Only add the LL address if we have a carrier, so DaD works. */
 106 #define CAN_ADD_LLADDR(ifp) \
 107     (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN)
 108 #ifdef __sun
 109 /* Although we can add our own LL address, we cannot drop it
 110  * without unplumbing the if which is a lot of code.
 111  * So just keep it for the time being. */
 112 #define CAN_DROP_LLADDR(ifp)    (0)
 113 #else
 114 #define CAN_DROP_LLADDR(ifp)    (1)
 115 #endif
 116 #else
 117 /* We have no control over the OS adding the LLADDR, so just let it do it
 118  * as we cannot force our own view on it. */
 119 #define CAN_ADD_LLADDR(ifp)     (0)
 120 #define CAN_DROP_LLADDR(ifp)    (0)
 121 #endif
 122
 123 #ifdef IPV6_MANAGETEMPADDR
 124 static void ipv6_regentempifid(void *);
 125 static void ipv6_regentempaddr(void *);
 126 #else
 127 #define ipv6_regentempifid(a) {}
 128 #endif
 129
 130 int
 131 ipv6_init(struct dhcpcd_ctx *ctx)
 132 {
 133
 134         if (ctx->ra_routers != NULL)
 135                 return 0;
 136
 137         ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
 138         if (ctx->ra_routers == NULL)
 139                 return -1;
 140         TAILQ_INIT(ctx->ra_routers);
 141
 142 #ifndef __sun
 143         ctx->nd_fd = -1;
 144 #endif
 145         ctx->dhcp6_fd = -1;
 146         return 0;
 147 }
 148
 149 static ssize_t
 150 ipv6_readsecret(struct dhcpcd_ctx *ctx)
 151 {
 152         FILE *fp;
 153         char line[1024];
 154         unsigned char *p;
 155         size_t len;
 156         uint32_t r;
 157         int x;
 158
 159         if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0)
 160                 return (ssize_t)ctx->secret_len;
 161
 162         if (errno != ENOENT)
 163                 logerr("%s: %s", __func__, SECRET);
 164
 165         /* Chaining arc4random should be good enough.
 166          * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
 167          * To attempt and future proof ourselves, we'll generate a key of
 168          * 512 bits (64 bytes). */
 169         if (ctx->secret_len < 64) {
 170                 if ((ctx->secret = malloc(64)) == NULL) {
 171                         logerr(__func__);
 172                         return -1;
 173                 }
 174                 ctx->secret_len = 64;
 175         }
 176         p = ctx->secret;
 177         for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
 178                 r = arc4random();
 179                 memcpy(p, &r, sizeof(r));
 180                 p += sizeof(r);
 181         }
 182
 183         /* Ensure that only the dhcpcd user can read the secret.
 184          * Write permission is also denied as chaning it would remove
 185          * it's stability. */
 186         if ((fp = fopen(SECRET, "w")) == NULL ||
 187             chmod(SECRET, S_IRUSR) == -1)
 188                 goto eexit;
 189         x = fprintf(fp, "%s\n",
 190             hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)));
 191         if (fclose(fp) == EOF)
 192                 x = -1;
 193         fp = NULL;
 194         if (x > 0)
 195                 return (ssize_t)ctx->secret_len;
 196
 197 eexit:
 198         logerr("%s: %s", __func__, SECRET);
 199         if (fp != NULL)
 200                 fclose(fp);
 201         unlink(SECRET);
 202         ctx->secret_len = 0;
 203         return -1;
 204 }
 205
 206 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
 207  * RFC5453 */
 208 static const struct reslowhigh {
 209         const uint8_t high[8];
 210         const uint8_t low[8];
 211 } reslowhigh[] = {
 212         /* RFC4291 + RFC6543 */
 213         { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
 214           { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
 215         /* RFC2526 */
 216         { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
 217           { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
 218 };
 219
 220 static int
 221 ipv6_reserved(const struct in6_addr *addr)
 222 {
 223         uint64_t id, low, high;
 224         size_t i;
 225         const struct reslowhigh *r;
 226
 227         id = be64dec(addr->s6_addr + sizeof(id));
 228         if (id == 0) /* RFC4291 */
 229                 return 1;
 230         for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) {
 231                 r = &reslowhigh[i];
 232                 low = be64dec(r->low);
 233                 high = be64dec(r->high);
 234                 if (id >= low && id <= high)
 235                         return 1;
 236         }
 237         return 0;
 238 }
 239
 240 /* RFC7217 */
 241 static int
 242 ipv6_makestableprivate1(struct in6_addr *addr,
 243     const struct in6_addr *prefix, int prefix_len,
 244     const unsigned char *netiface, size_t netiface_len,
 245     const unsigned char *netid, size_t netid_len,
 246     unsigned short vlanid,
 247     uint32_t *dad_counter,
 248     const unsigned char *secret, size_t secret_len)
 249 {
 250         unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
 251         size_t len, l;
 252         SHA256_CTX ctx;
 253
 254         if (prefix_len < 0 || prefix_len > 120) {
 255                 errno = EINVAL;
 256                 return -1;
 257         }
 258
 259         l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
 260         len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len;
 261         if (vlanid != 0)
 262                 len += sizeof(vlanid);
 263         if (len > sizeof(buf)) {
 264                 errno = ENOBUFS;
 265                 return -1;
 266         }
 267
 268         for (;; (*dad_counter)++) {
 269                 /* Combine all parameters into one buffer */
 270                 p = buf;
 271                 memcpy(p, prefix, l);
 272                 p += l;
 273                 memcpy(p, netiface, netiface_len);
 274                 p += netiface_len;
 275                 memcpy(p, netid, netid_len);
 276                 p += netid_len;
 277                 /* Don't use a vlanid if not set.
 278                  * This ensures prior versions have the same unique address. */
 279                 if (vlanid != 0) {
 280                         memcpy(p, &vlanid, sizeof(vlanid));
 281                         p += sizeof(vlanid);
 282                 }
 283                 memcpy(p, dad_counter, sizeof(*dad_counter));
 284                 p += sizeof(*dad_counter);
 285                 memcpy(p, secret, secret_len);
 286
 287                 /* Make an address using the digest of the above.
 288                  * RFC7217 Section 5.1 states that we shouldn't use MD5.
 289                  * Pity as we use that for HMAC-MD5 which is still deemed OK.
 290                  * SHA-256 is recommended */
 291                 SHA256_Init(&ctx);
 292                 SHA256_Update(&ctx, buf, len);
 293                 SHA256_Final(digest, &ctx);
 294
 295                 p = addr->s6_addr;
 296                 memcpy(p, prefix, l);
 297                 /* RFC7217 section 5.2 says we need to start taking the id from
 298                  * the least significant bit */
 299                 len = sizeof(addr->s6_addr) - l;
 300                 memcpy(p + l, digest + (sizeof(digest) - len), len);
 301
 302                 /* Ensure that the Interface ID does not match a reserved one,
 303                  * if it does then treat it as a DAD failure.
 304                  * RFC7217 section 5.2 */
 305                 if (prefix_len != 64)
 306                         break;
 307                 if (!ipv6_reserved(addr))
 308                         break;
 309         }
 310
 311         return 0;
 312 }
 313
 314 int
 315 ipv6_makestableprivate(struct in6_addr *addr,
 316     const struct in6_addr *prefix, int prefix_len,
 317     const struct interface *ifp,
 318     int *dad_counter)
 319 {
 320         uint32_t dad;
 321         int r;
 322
 323         if (ifp->ctx->secret_len == 0) {
 324                 if (ipv6_readsecret(ifp->ctx) == -1)
 325                         return -1;
 326         }
 327
 328         dad = (uint32_t)*dad_counter;
 329
 330         /* For our implementation, we shall set the hardware address
 331          * as the interface identifier */
 332         r = ipv6_makestableprivate1(addr, prefix, prefix_len,
 333             ifp->hwaddr, ifp->hwlen,
 334             ifp->ssid, ifp->ssid_len,
 335             ifp->vlanid, &dad,
 336             ifp->ctx->secret, ifp->ctx->secret_len);
 337
 338         if (r == 0)
 339                 *dad_counter = (int)dad;
 340         return r;
 341 }
 342
 343 int
 344 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp,
 345     const struct in6_addr *prefix, int prefix_len)
 346 {
 347         const struct ipv6_addr *ap;
 348         int dad;
 349
 350         if (prefix_len < 0 || prefix_len > 120) {
 351                 errno = EINVAL;
 352                 return -1;
 353         }
 354
 355         if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
 356                 dad = 0;
 357                 if (ipv6_makestableprivate(addr,
 358                     prefix, prefix_len, ifp, &dad) == -1)
 359                         return -1;
 360                 return dad;
 361         }
 362
 363         if (prefix_len > 64) {
 364                 errno = EINVAL;
 365                 return -1;
 366         }
 367         if ((ap = ipv6_linklocal(ifp)) == NULL) {
 368                 /* We delay a few functions until we get a local-link address
 369                  * so this should never be hit. */
 370                 errno = ENOENT;
 371                 return -1;
 372         }
 373
 374         /* Make the address from the first local-link address */
 375         memcpy(addr, prefix, sizeof(*prefix));
 376         addr->s6_addr32[2] = ap->addr.s6_addr32[2];
 377         addr->s6_addr32[3] = ap->addr.s6_addr32[3];
 378         return 0;
 379 }
 380
 381 static int
 382 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
 383 {
 384         struct in6_addr mask;
 385         size_t i;
 386
 387         if (ipv6_mask(&mask, len) == -1)
 388                 return -1;
 389         *prefix = *addr;
 390         for (i = 0; i < sizeof(prefix->s6_addr); i++)
 391                 prefix->s6_addr[i] &= mask.s6_addr[i];
 392         return 0;
 393 }
 394
 395 int
 396 ipv6_mask(struct in6_addr *mask, int len)
 397 {
 398         static const unsigned char masks[NBBY] =
 399             { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
 400         int bytes, bits, i;
 401
 402         if (len < 0 || len > 128) {
 403                 errno = EINVAL;
 404                 return -1;
 405         }
 406
 407         memset(mask, 0, sizeof(*mask));
 408         bytes = len / NBBY;
 409         bits = len % NBBY;
 410         for (i = 0; i < bytes; i++)
 411                 mask->s6_addr[i] = 0xff;
 412         if (bits != 0) {
 413                 /* Coverify false positive.
 414                  * bytelen cannot be 16 if bitlen is non zero */
 415                 /* coverity[overrun-local] */
 416                 mask->s6_addr[bytes] = masks[bits - 1];
 417         }
 418         return 0;
 419 }
 420
 421 uint8_t
 422 ipv6_prefixlen(const struct in6_addr *mask)
 423 {
 424         int x = 0, y;
 425         const unsigned char *lim, *p;
 426
 427         lim = (const unsigned char *)mask + sizeof(*mask);
 428         for (p = (const unsigned char *)mask; p < lim; x++, p++) {
 429                 if (*p != 0xff)
 430                         break;
 431         }
 432         y = 0;
 433         if (p < lim) {
 434                 for (y = 0; y < NBBY; y++) {
 435                         if ((*p & (0x80 >> y)) == 0)
 436                                 break;
 437                 }
 438         }
 439
 440         /*
 441          * when the limit pointer is given, do a stricter check on the
 442          * remaining bits.
 443          */
 444         if (p < lim) {
 445                 if (y != 0 && (*p & (0x00ff >> y)) != 0)
 446                         return 0;
 447                 for (p = p + 1; p < lim; p++)
 448                         if (*p != 0)
 449                                 return 0;
 450         }
 451
 452         return (uint8_t)(x * NBBY + y);
 453 }
 454
 455 static void
 456 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
 457 {
 458
 459         *vhigh = be64dec(addr->s6_addr);
 460         *vlow = be64dec(addr->s6_addr + 8);
 461 }
 462
 463 static void
 464 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
 465 {
 466
 467         be64enc(addr->s6_addr, vhigh);
 468         be64enc(addr->s6_addr + 8, vlow);
 469 }
 470
 471 int
 472 ipv6_userprefix(
 473         const struct in6_addr *prefix,  // prefix from router
 474         short prefix_len,               // length of prefix received
 475         uint64_t user_number,           // "random" number from user
 476         struct in6_addr *result,        // resultant prefix
 477         short result_len)               // desired prefix length
 478 {
 479         uint64_t vh, vl, user_low, user_high;
 480
 481         if (prefix_len < 1 || prefix_len > 128 ||
 482             result_len < 1 || result_len > 128)
 483         {
 484                 errno = EINVAL;
 485                 return -1;
 486         }
 487
 488         /* Check that the user_number fits inside result_len less prefix_len */
 489         if (result_len < prefix_len ||
 490             fls64(user_number) > result_len - prefix_len)
 491         {
 492                errno = ERANGE;
 493                return -1;
 494         }
 495
 496         /* If user_number is zero, just copy the prefix into the result. */
 497         if (user_number == 0) {
 498                 *result = *prefix;
 499                 return 0;
 500         }
 501
 502         /* Shift user_number so it fit's just inside result_len.
 503          * Shifting by 0 or sizeof(user_number) is undefined,
 504          * so we cater for that. */
 505         if (result_len == 128) {
 506                 user_high = 0;
 507                 user_low = user_number;
 508         } else if (result_len > 64) {
 509                 if (prefix_len >= 64)
 510                         user_high = 0;
 511                 else
 512                         user_high = user_number >> (result_len - prefix_len);
 513                 user_low = user_number << (128 - result_len);
 514         } else if (result_len == 64) {
 515                 user_high = user_number;
 516                 user_low = 0;
 517         } else {
 518                 user_high = user_number << (64 - result_len);
 519                 user_low = 0;
 520         }
 521
 522         /* convert to two 64bit host order values */
 523         in6_to_h64(&vh, &vl, prefix);
 524
 525         vh |= user_high;
 526         vl |= user_low;
 527
 528         /* copy back result */
 529         h64_to_in6(result, vh, vl);
 530
 531         return 0;
 532 }
 533
 534 #ifdef IPV6_POLLADDRFLAG
 535 void
 536 ipv6_checkaddrflags(void *arg)
 537 {
 538         struct ipv6_addr *ia;
 539         int flags;
 540         const char *alias;
 541
 542         ia = arg;
 543 #ifdef ALIAS_ADDR
 544         alias = ia->alias;
 545 #else
 546         alias = NULL;
 547 #endif
 548         if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) {
 549                 if (errno != EEXIST && errno != EADDRNOTAVAIL)
 550                         logerr("%s: if_addrflags6", __func__);
 551                 return;
 552         }
 553
 554         if (!(flags & IN6_IFF_TENTATIVE)) {
 555                 /* Simulate the kernel announcing the new address. */
 556                 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR,
 557                     ia->iface->ctx->ifaces, ia->iface->name,
 558                     &ia->addr, ia->prefix_len, flags, 0);
 559         } else {
 560                 /* Still tentative? Check again in a bit. */
 561                 eloop_timeout_add_msec(ia->iface->ctx->eloop,
 562                     RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
 563         }
 564 }
 565 #endif
 566
 567 static void
 568 ipv6_deletedaddr(struct ipv6_addr *ia)
 569 {
 570
 571 #ifdef PRIVSEP
 572         if (!(ia->iface->ctx->options & DHCPCD_MASTER))
 573                 ps_inet_closedhcp6(ia);
 574 #elif defined(SMALL)
 575         UNUSED(ia);
 576 #else
 577         /* NOREJECT is set if we delegated exactly the prefix to another
 578          * address.
 579          * This can only be one address, so just clear the flag.
 580          * This should ensure the reject route will be restored. */
 581         if (ia->delegating_prefix != NULL)
 582                 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT;
 583 #endif
 584 }
 585
 586 void
 587 ipv6_deleteaddr(struct ipv6_addr *ia)
 588 {
 589         struct ipv6_state *state;
 590         struct ipv6_addr *ap;
 591
 592         loginfox("%s: deleting address %s", ia->iface->name, ia->saddr);
 593         if (if_address6(RTM_DELADDR, ia) == -1 &&
 594             errno != EADDRNOTAVAIL && errno != ESRCH &&
 595             errno != ENXIO && errno != ENODEV)
 596                 logerr(__func__);
 597
 598         ipv6_deletedaddr(ia);
 599
 600         state = IPV6_STATE(ia->iface);
 601         TAILQ_FOREACH(ap, &state->addrs, next) {
 602                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
 603                         TAILQ_REMOVE(&state->addrs, ap, next);
 604                         ipv6_freeaddr(ap);
 605                         break;
 606                 }
 607         }
 608
 609 #ifdef ND6_ADVERTISE
 610         /* Advertise the address if it exists on another interface. */
 611         ipv6nd_advertise(ia);
 612 #endif
 613 }
 614
 615 static int
 616 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now)
 617 {
 618         struct interface *ifp;
 619         uint32_t pltime, vltime;
 620         int loglevel;
 621 #ifdef ND6_ADVERTISE
 622         bool vltime_was_zero = ia->prefix_vltime == 0;
 623 #endif
 624 #ifdef __sun
 625         struct ipv6_state *state;
 626         struct ipv6_addr *ia2;
 627
 628         /* If we re-add then address on Solaris then the prefix
 629          * route will be scrubbed and re-added. Something might
 630          * be using it, so let's avoid it. */
 631         if (ia->flags & IPV6_AF_DADCOMPLETED) {
 632                 logdebugx("%s: IP address %s already exists",
 633                     ia->iface->name, ia->saddr);
 634 #ifdef ND6_ADVERTISE
 635                 goto advertise;
 636 #else
 637                 return 0;
 638 #endif
 639         }
 640 #endif
 641
 642         /* Remember the interface of the address. */
 643         ifp = ia->iface;
 644
 645         if (!(ia->flags & IPV6_AF_DADCOMPLETED) &&
 646             ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE))
 647                 ia->flags |= IPV6_AF_DADCOMPLETED;
 648
 649         /* Adjust plftime and vltime based on acquired time */
 650         pltime = ia->prefix_pltime;
 651         vltime = ia->prefix_vltime;
 652         if (timespecisset(&ia->acquired) &&
 653             (ia->prefix_pltime != ND6_INFINITE_LIFETIME ||
 654             ia->prefix_vltime != ND6_INFINITE_LIFETIME))
 655         {
 656                 uint32_t elapsed;
 657                 struct timespec n;
 658
 659                 if (now == NULL) {
 660                         clock_gettime(CLOCK_MONOTONIC, &n);
 661                         now = &n;
 662                 }
 663                 elapsed = (uint32_t)eloop_timespec_diff(now, &ia->acquired,
 664                     NULL);
 665                 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) {
 666                         if (elapsed > ia->prefix_pltime)
 667                                 ia->prefix_pltime = 0;
 668                         else
 669                                 ia->prefix_pltime -= elapsed;
 670                 }
 671                 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) {
 672                         if (elapsed > ia->prefix_vltime)
 673                                 ia->prefix_vltime = 0;
 674                         else
 675                                 ia->prefix_vltime -= elapsed;
 676                 }
 677         }
 678
 679         loglevel = ia->flags & IPV6_AF_NEW ? LOG_INFO : LOG_DEBUG;
 680         logmessage(loglevel, "%s: adding %saddress %s", ifp->name,
 681 #ifdef IPV6_AF_TEMPORARY
 682             ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "",
 683 #else
 684             "",
 685 #endif
 686             ia->saddr);
 687         if (ia->prefix_pltime == ND6_INFINITE_LIFETIME &&
 688             ia->prefix_vltime == ND6_INFINITE_LIFETIME)
 689                 logdebugx("%s: pltime infinity, vltime infinity",
 690                     ifp->name);
 691         else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME)
 692                 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds",
 693                     ifp->name, ia->prefix_vltime);
 694         else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME)
 695                 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity",
 696                     ifp->name, ia->prefix_pltime);
 697         else
 698                 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32
 699                     " seconds",
 700                     ifp->name, ia->prefix_pltime, ia->prefix_vltime);
 701
 702         if (if_address6(RTM_NEWADDR, ia) == -1) {
 703                 logerr(__func__);
 704                 /* Restore real pltime and vltime */
 705                 ia->prefix_pltime = pltime;
 706                 ia->prefix_vltime = vltime;
 707                 return -1;
 708         }
 709
 710 #ifdef IPV6_MANAGETEMPADDR
 711         /* RFC4941 Section 3.4 */
 712         if (ia->flags & IPV6_AF_TEMPORARY &&
 713             ia->prefix_pltime &&
 714             ia->prefix_vltime &&
 715             ip6_use_tempaddr(ifp->name))
 716                 eloop_timeout_add_sec(ifp->ctx->eloop,
 717                     ia->prefix_pltime - REGEN_ADVANCE,
 718                     ipv6_regentempaddr, ia);
 719 #endif
 720
 721         /* Restore real pltime and vltime */
 722         ia->prefix_pltime = pltime;
 723         ia->prefix_vltime = vltime;
 724
 725         ia->flags &= ~IPV6_AF_NEW;
 726         ia->flags |= IPV6_AF_ADDED;
 727 #ifndef SMALL
 728         if (ia->delegating_prefix != NULL)
 729                 ia->flags |= IPV6_AF_DELEGATED;
 730 #endif
 731
 732 #ifdef IPV6_POLLADDRFLAG
 733         eloop_timeout_delete(ifp->ctx->eloop,
 734                 ipv6_checkaddrflags, ia);
 735         if (!(ia->flags & IPV6_AF_DADCOMPLETED)) {
 736                 eloop_timeout_add_msec(ifp->ctx->eloop,
 737                     RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
 738         }
 739 #endif
 740
 741 #ifdef __sun
 742         /* Solaris does not announce new addresses which need DaD
 743          * so we need to take a copy and add it to our list.
 744          * Otherwise aliasing gets confused if we add another
 745          * address during DaD. */
 746
 747         state = IPV6_STATE(ifp);
 748         TAILQ_FOREACH(ia2, &state->addrs, next) {
 749                 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr))
 750                         break;
 751         }
 752         if (ia2 == NULL) {
 753                 if ((ia2 = malloc(sizeof(*ia2))) == NULL) {
 754                         logerr(__func__);
 755                         return 0; /* Well, we did add the address */
 756                 }
 757                 memcpy(ia2, ia, sizeof(*ia2));
 758                 TAILQ_INSERT_TAIL(&state->addrs, ia2, next);
 759         }
 760 #endif
 761
 762 #ifdef ND6_ADVERTISE
 763 #ifdef __sun
 764 advertise:
 765 #endif
 766         /* Re-advertise the preferred address to be safe. */
 767         if (!vltime_was_zero)
 768                 ipv6nd_advertise(ia);
 769 #endif
 770
 771         return 0;
 772 }
 773
 774 #ifdef ALIAS_ADDR
 775 /* Find the next logical alias address we can use. */
 776 static int
 777 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl)
 778 {
 779         struct ipv6_state *state;
 780         struct ipv6_addr *iap;
 781         unsigned int lun;
 782         char alias[IF_NAMESIZE];
 783
 784         if (ia->alias[0] != '\0')
 785                 return 0;
 786         state = IPV6_STATE(ia->iface);
 787
 788         /* First find an existng address.
 789          * This can happen when dhcpcd restarts as ND and DHCPv6
 790          * maintain their own lists of addresses. */
 791         TAILQ_FOREACH(iap, &state->addrs, next) {
 792                 if (iap->alias[0] != '\0' &&
 793                     IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
 794                 {
 795                         strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
 796                         return 0;
 797                 }
 798         }
 799
 800         lun = 0;
 801 find_unit:
 802         if (if_makealias(alias, IF_NAMESIZE, ia->iface->name, lun) >=
 803             IF_NAMESIZE)
 804         {
 805                 errno = ENOMEM;
 806                 return -1;
 807         }
 808         TAILQ_FOREACH(iap, &state->addrs, next) {
 809                 if (iap->alias[0] == '\0')
 810                         continue;
 811                 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) {
 812                         /* No address assigned? Lets use it. */
 813                         strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
 814                         if (repl)
 815                                 *repl = iap;
 816                         return 1;
 817                 }
 818                 if (strcmp(iap->alias, alias) == 0)
 819                         break;
 820         }
 821
 822         if (iap != NULL) {
 823                 if (lun == UINT_MAX) {
 824                         errno = ERANGE;
 825                         return -1;
 826                 }
 827                 lun++;
 828                 goto find_unit;
 829         }
 830
 831         strlcpy(ia->alias, alias, sizeof(ia->alias));
 832         return 0;
 833 }
 834 #endif
 835
 836 int
 837 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now)
 838 {
 839         int r;
 840 #ifdef ALIAS_ADDR
 841         int replaced, blank;
 842         struct ipv6_addr *replaced_ia;
 843
 844         blank = (ia->alias[0] == '\0');
 845         if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1)
 846                 return -1;
 847         if (blank)
 848                 logdebugx("%s: aliased %s", ia->alias, ia->saddr);
 849 #endif
 850
 851         if ((r = ipv6_addaddr1(ia, now)) == 0) {
 852 #ifdef ALIAS_ADDR
 853                 if (replaced) {
 854                         struct ipv6_state *state;
 855
 856                         state = IPV6_STATE(ia->iface);
 857                         TAILQ_REMOVE(&state->addrs, replaced_ia, next);
 858                         ipv6_freeaddr(replaced_ia);
 859                 }
 860 #endif
 861         }
 862         return r;
 863 }
 864
 865 int
 866 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match,
 867     unsigned int flags)
 868 {
 869
 870         if (match == NULL) {
 871                 if ((addr->flags &
 872                     (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) ==
 873                     (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED))
 874                         return 1;
 875         } else if (addr->prefix_vltime &&
 876             IN6_ARE_ADDR_EQUAL(&addr->addr, match) &&
 877             (!flags || addr->flags & flags))
 878                 return 1;
 879
 880         return 0;
 881 }
 882
 883 struct ipv6_addr *
 884 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags)
 885 {
 886         struct ipv6_addr *nap;
 887 #ifdef DHCP6
 888         struct ipv6_addr *dap;
 889 #endif
 890
 891         nap = ipv6nd_findaddr(ctx, addr, flags);
 892 #ifdef DHCP6
 893         dap = dhcp6_findaddr(ctx, addr, flags);
 894         if (!dap && !nap)
 895                 return NULL;
 896         if (dap && !nap)
 897                 return dap;
 898         if (nap && !dap)
 899                 return nap;
 900         if (nap->iface->metric < dap->iface->metric)
 901                 return nap;
 902         return dap;
 903 #else
 904         return nap;
 905 #endif
 906 }
 907
 908 int
 909 ipv6_doaddr(struct ipv6_addr *ia, struct timespec *now)
 910 {
 911
 912         /* A delegated prefix is not an address. */
 913         if (ia->flags & IPV6_AF_DELEGATEDPFX)
 914                 return 0;
 915
 916         if (ia->prefix_vltime == 0) {
 917                 if (ia->flags & IPV6_AF_ADDED)
 918                         ipv6_deleteaddr(ia);
 919                 eloop_q_timeout_delete(ia->iface->ctx->eloop,
 920                     ELOOP_QUEUE_ALL, NULL, ia);
 921                 if (ia->flags & IPV6_AF_REQUEST) {
 922                         ia->flags &= ~IPV6_AF_ADDED;
 923                         return 0;
 924                 }
 925                 return -1;
 926         }
 927
 928         if (ia->flags & IPV6_AF_STALE ||
 929             IN6_IS_ADDR_UNSPECIFIED(&ia->addr))
 930                 return 0;
 931
 932         if (!timespecisset(now))
 933                 clock_gettime(CLOCK_MONOTONIC, now);
 934         ipv6_addaddr(ia, now);
 935         return ia->flags & IPV6_AF_NEW ? 1 : 0;
 936 }
 937
 938 ssize_t
 939 ipv6_addaddrs(struct ipv6_addrhead *iaddrs)
 940 {
 941         struct timespec now;
 942         struct ipv6_addr *ia, *ian;
 943         ssize_t i, r;
 944
 945         i = 0;
 946         timespecclear(&now);
 947         TAILQ_FOREACH_SAFE(ia, iaddrs, next, ian) {
 948                 r = ipv6_doaddr(ia, &now);
 949                 if (r != 0)
 950                         i++;
 951                 if (r == -1) {
 952                         TAILQ_REMOVE(iaddrs, ia, next);
 953                         ipv6_freeaddr(ia);
 954                 }
 955         }
 956         return i;
 957 }
 958
 959 void
 960 ipv6_freeaddr(struct ipv6_addr *ia)
 961 {
 962         struct eloop *eloop = ia->iface->ctx->eloop;
 963 #ifndef SMALL
 964         struct ipv6_addr *iad;
 965
 966         /* Forget the reference */
 967         if (ia->flags & IPV6_AF_DELEGATEDPFX) {
 968                 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) {
 969                         iad->delegating_prefix = NULL;
 970                 }
 971         } else if (ia->delegating_prefix != NULL) {
 972                 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next);
 973         }
 974 #endif
 975
 976         if (ia->dhcp6_fd != -1) {
 977                 close(ia->dhcp6_fd);
 978                 eloop_event_delete(eloop, ia->dhcp6_fd);
 979         }
 980
 981         eloop_q_timeout_delete(eloop, ELOOP_QUEUE_ALL, NULL, ia);
 982         free(ia->na);
 983         free(ia);
 984 }
 985
 986 void
 987 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
 988     const struct interface *ifd)
 989 {
 990         struct ipv6_addr *ap, *apn, *apf;
 991         struct timespec now;
 992
 993 #ifdef SMALL
 994         UNUSED(ifd);
 995 #endif
 996         timespecclear(&now);
 997         TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
 998 #ifndef SMALL
 999                 if (ifd != NULL &&
1000                     (ap->delegating_prefix == NULL ||
1001                     ap->delegating_prefix->iface != ifd))
1002                         continue;
1003 #endif
1004                 if (drop != 2)
1005                         TAILQ_REMOVE(addrs, ap, next);
1006                 if (drop && ap->flags & IPV6_AF_ADDED &&
1007                     (ap->iface->options->options &
1008                     (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
1009                     (DHCPCD_EXITING | DHCPCD_PERSISTENT))
1010                 {
1011                         /* Don't drop link-local addresses. */
1012                         if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) ||
1013                             CAN_DROP_LLADDR(ap->iface))
1014                         {
1015                                 if (drop == 2)
1016                                         TAILQ_REMOVE(addrs, ap, next);
1017                                 /* Find the same address somewhere else */
1018                                 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr,
1019                                     0);
1020                                 if ((apf == NULL ||
1021                                     (apf->iface != ap->iface)))
1022                                         ipv6_deleteaddr(ap);
1023                                 if (!(ap->iface->options->options &
1024                                     DHCPCD_EXITING) && apf)
1025                                 {
1026                                         if (!timespecisset(&now))
1027                                                 clock_gettime(CLOCK_MONOTONIC,
1028                                                     &now);
1029                                         ipv6_addaddr(apf, &now);
1030                                 }
1031                                 if (drop == 2)
1032                                         ipv6_freeaddr(ap);
1033                         }
1034                 }
1035                 if (drop != 2)
1036                         ipv6_freeaddr(ap);
1037         }
1038 }
1039
1040 static struct ipv6_state *
1041 ipv6_getstate(struct interface *ifp)
1042 {
1043         struct ipv6_state *state;
1044
1045         state = IPV6_STATE(ifp);
1046         if (state == NULL) {
1047                 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
1048                 state = IPV6_STATE(ifp);
1049                 if (state == NULL) {
1050                         logerr(__func__);
1051                         return NULL;
1052                 }
1053                 TAILQ_INIT(&state->addrs);
1054                 TAILQ_INIT(&state->ll_callbacks);
1055
1056                 /* Regenerate new ids */
1057                 if (ifp->options &&
1058                     ip6_use_tempaddr(ifp->name))
1059                         ipv6_regentempifid(ifp);
1060         }
1061         return state;
1062 }
1063
1064 struct ipv6_addr *
1065 ipv6_anyglobal(struct interface *sifp)
1066 {
1067         struct interface *ifp;
1068         struct ipv6_state *state;
1069         struct ipv6_addr *ia;
1070
1071         TAILQ_FOREACH(ifp, sifp->ctx->ifaces, next) {
1072                 if (ifp != sifp && ip6_forwarding(ifp->name) != 1)
1073                         continue;
1074
1075                 state = IPV6_STATE(ifp);
1076                 if (state == NULL)
1077                         continue;
1078
1079                 TAILQ_FOREACH(ia, &state->addrs, next) {
1080                         if (IN6_IS_ADDR_LINKLOCAL(&ia->addr))
1081                                 continue;
1082                         /* Let's be optimistic.
1083                          * Any decent OS won't forward or accept traffic
1084                          * from/to tentative or detached addresses. */
1085                         if (!(ia->addr_flags & IN6_IFF_DUPLICATED))
1086                                 return ia;
1087                 }
1088         }
1089         return NULL;
1090 }
1091
1092 void
1093 ipv6_handleifa(struct dhcpcd_ctx *ctx,
1094     int cmd, struct if_head *ifs, const char *ifname,
1095     const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid)
1096 {
1097         struct interface *ifp;
1098         struct ipv6_state *state;
1099         struct ipv6_addr *ia;
1100         struct ll_callback *cb;
1101         bool anyglobal;
1102
1103 #ifdef __sun
1104         struct sockaddr_in6 subnet;
1105
1106         /* Solaris on-link route is an unspecified address! */
1107         if (IN6_IS_ADDR_UNSPECIFIED(addr)) {
1108                 if (if_getsubnet(ctx, ifname, AF_INET6,
1109                     &subnet, sizeof(subnet)) == -1)
1110                 {
1111                         logerr(__func__);
1112                         return;
1113                 }
1114                 addr = &subnet.sin6_addr;
1115         }
1116 #endif
1117
1118 #if 0
1119         char dbuf[INET6_ADDRSTRLEN];
1120         const char *dbp;
1121
1122         dbp = inet_ntop(AF_INET6, &addr->s6_addr,
1123             dbuf, INET6_ADDRSTRLEN);
1124         loginfox("%s: cmd %d addr %s addrflags %d",
1125             ifname, cmd, dbp, addrflags);
1126 #endif
1127
1128         if (ifs == NULL)
1129                 ifs = ctx->ifaces;
1130         if (ifs == NULL)
1131                 return;
1132         if ((ifp = if_find(ifs, ifname)) == NULL)
1133                 return;
1134         if ((state = ipv6_getstate(ifp)) == NULL)
1135                 return;
1136         anyglobal = ipv6_anyglobal(ifp) != NULL;
1137
1138         TAILQ_FOREACH(ia, &state->addrs, next) {
1139                 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr))
1140                         break;
1141         }
1142
1143         switch (cmd) {
1144         case RTM_DELADDR:
1145                 if (ia != NULL) {
1146                         TAILQ_REMOVE(&state->addrs, ia, next);
1147 #ifdef ND6_ADVERTISE
1148                         /* Advertise the address if it exists on
1149                          * another interface. */
1150                         ipv6nd_advertise(ia);
1151 #endif
1152                         /* We'll free it at the end of the function. */
1153                 }
1154                 break;
1155         case RTM_NEWADDR:
1156                 if (ia == NULL) {
1157                         ia = ipv6_newaddr(ifp, addr, prefix_len, 0);
1158 #ifdef ALIAS_ADDR
1159                         strlcpy(ia->alias, ifname, sizeof(ia->alias));
1160 #endif
1161                         if (if_getlifetime6(ia) == -1) {
1162                                 /* No support or address vanished.
1163                                  * Either way, just set a deprecated
1164                                  * infinite time lifetime and continue.
1165                                  * This is fine because we only want
1166                                  * to know this when trying to extend
1167                                  * temporary addresses.
1168                                  * As we can't extend infinite, we'll
1169                                  * create a new temporary address. */
1170                                 ia->prefix_pltime = 0;
1171                                 ia->prefix_vltime =
1172                                     ND6_INFINITE_LIFETIME;
1173                         }
1174                         /* This is a minor regression against RFC 4941
1175                          * because the kernel only knows when the
1176                          * lifetimes were last updated, not when the
1177                          * address was initially created.
1178                          * Provided dhcpcd is not restarted, this
1179                          * won't be a problem.
1180                          * If we don't like it, we can always
1181                          * pretend lifetimes are infinite and always
1182                          * generate a new temporary address on
1183                          * restart. */
1184                         ia->acquired = ia->created;
1185                         TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1186                 }
1187                 ia->addr_flags = addrflags;
1188                 ia->flags &= ~IPV6_AF_STALE;
1189 #ifdef IPV6_MANAGETEMPADDR
1190                 if (ia->addr_flags & IN6_IFF_TEMPORARY)
1191                         ia->flags |= IPV6_AF_TEMPORARY;
1192 #endif
1193                 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) {
1194 #ifdef IPV6_POLLADDRFLAG
1195                         if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1196                                 eloop_timeout_add_msec(
1197                                     ia->iface->ctx->eloop,
1198                                     RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1199                                 break;
1200                         }
1201 #endif
1202
1203                         if (ia->dadcallback) {
1204                                 ia->dadcallback(ia);
1205                                 if (ctx->options & DHCPCD_FORKED)
1206                                         goto out;
1207                         }
1208
1209                         if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) &&
1210                             !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1211                         {
1212                                 /* Now run any callbacks.
1213                                  * Typically IPv6RS or DHCPv6 */
1214                                 while ((cb =
1215                                     TAILQ_FIRST(&state->ll_callbacks)))
1216                                 {
1217                                         TAILQ_REMOVE(
1218                                             &state->ll_callbacks,
1219                                             cb, next);
1220                                         cb->callback(cb->arg);
1221                                         free(cb);
1222                                         if (ctx->options & DHCPCD_FORKED)
1223                                                 goto out;
1224                                 }
1225                         }
1226                 }
1227                 break;
1228         }
1229
1230         if (ia == NULL)
1231                 return;
1232
1233         ctx->options &= ~DHCPCD_RTBUILD;
1234         ipv6nd_handleifa(cmd, ia, pid);
1235 #ifdef DHCP6
1236         dhcp6_handleifa(cmd, ia, pid);
1237 #endif
1238
1239 out:
1240         /* Done with the ia now, so free it. */
1241         if (cmd == RTM_DELADDR)
1242                 ipv6_freeaddr(ia);
1243         else if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1244                 ia->flags |= IPV6_AF_DADCOMPLETED;
1245
1246         /* If we've not already called rt_build via the IPv6ND
1247          * or DHCP6 handlers and the existance of any useable
1248          * global address on the interface has changed,
1249          * call rt_build to add/remove the default route. */
1250         if (ifp->active &&
1251             ((ifp->options != NULL && ifp->options->options & DHCPCD_IPV6) ||
1252              (ifp->options == NULL && ctx->options & DHCPCD_IPV6)) &&
1253             !(ctx->options & DHCPCD_RTBUILD) &&
1254             (ipv6_anyglobal(ifp) != NULL) != anyglobal)
1255                 rt_build(ctx, AF_INET6);
1256 }
1257
1258 int
1259 ipv6_hasaddr(const struct interface *ifp)
1260 {
1261
1262         if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL)
1263                 return 1;
1264 #ifdef DHCP6
1265         if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL)
1266                 return 1;
1267 #endif
1268         return 0;
1269 }
1270
1271 struct ipv6_addr *
1272 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr,
1273     int revflags)
1274 {
1275         struct ipv6_state *state;
1276         struct ipv6_addr *ap;
1277
1278         state = IPV6_STATE(ifp);
1279         if (state) {
1280                 TAILQ_FOREACH(ap, &state->addrs, next) {
1281                         if (addr == NULL) {
1282                                 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1283                                     (!revflags || !(ap->addr_flags & revflags)))
1284                                         return ap;
1285                         } else {
1286                                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1287                                     (!revflags || !(ap->addr_flags & revflags)))
1288                                         return ap;
1289                         }
1290                 }
1291         }
1292         return NULL;
1293 }
1294
1295 static struct ipv6_addr *
1296 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr)
1297 {
1298         struct ipv6_state *state;
1299         struct ipv6_addr *ap;
1300         struct in6_addr mask;
1301
1302         state = IPV6_STATE(ifp);
1303         if (state) {
1304                 TAILQ_FOREACH(ap, &state->addrs, next) {
1305                         if (ipv6_mask(&mask, ap->prefix_len) == -1)
1306                                 continue;
1307                         if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask))
1308                                 return ap;
1309                 }
1310         }
1311         return NULL;
1312 }
1313
1314 struct ipv6_addr *
1315 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr)
1316 {
1317         struct interface *ifp;
1318         struct ipv6_addr *ap;
1319
1320         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1321                 ap = ipv6_iffindmaskaddr(ifp, addr);
1322                 if (ap != NULL)
1323                         return ap;
1324         }
1325         return NULL;
1326 }
1327
1328 int
1329 ipv6_addlinklocalcallback(struct interface *ifp,
1330     void (*callback)(void *), void *arg)
1331 {
1332         struct ipv6_state *state;
1333         struct ll_callback *cb;
1334
1335         state = ipv6_getstate(ifp);
1336         TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1337                 if (cb->callback == callback && cb->arg == arg)
1338                         break;
1339         }
1340         if (cb == NULL) {
1341                 cb = malloc(sizeof(*cb));
1342                 if (cb == NULL) {
1343                         logerr(__func__);
1344                         return -1;
1345                 }
1346                 cb->callback = callback;
1347                 cb->arg = arg;
1348                 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1349         }
1350         return 0;
1351 }
1352
1353 static struct ipv6_addr *
1354 ipv6_newlinklocal(struct interface *ifp)
1355 {
1356         struct ipv6_addr *ia;
1357         struct in6_addr in6;
1358
1359         memset(&in6, 0, sizeof(in6));
1360         in6.s6_addr32[0] = htonl(0xfe800000);
1361         ia = ipv6_newaddr(ifp, &in6, 64, 0);
1362         if (ia != NULL) {
1363                 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1364                 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1365         }
1366         return ia;
1367 }
1368
1369 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1370 static const uint8_t allone[8] =
1371     { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1372
1373 static int
1374 ipv6_addlinklocal(struct interface *ifp)
1375 {
1376         struct ipv6_state *state;
1377         struct ipv6_addr *ap, *ap2;
1378         int dadcounter;
1379
1380         /* Check sanity before malloc */
1381         if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1382                 switch (ifp->family) {
1383                 case ARPHRD_ETHER:
1384                         /* Check for a valid hardware address */
1385                         if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1386                                 errno = ENOTSUP;
1387                                 return -1;
1388                         }
1389                         if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1390                             memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1391                         {
1392                                 errno = EINVAL;
1393                                 return -1;
1394                         }
1395                         break;
1396                 default:
1397                         errno = ENOTSUP;
1398                         return -1;
1399                 }
1400         }
1401
1402         state = ipv6_getstate(ifp);
1403         if (state == NULL)
1404                 return -1;
1405
1406         ap = ipv6_newlinklocal(ifp);
1407         if (ap == NULL)
1408                 return -1;
1409
1410         dadcounter = 0;
1411         if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1412 nextslaacprivate:
1413                 if (ipv6_makestableprivate(&ap->addr,
1414                         &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1415                 {
1416                         free(ap);
1417                         return -1;
1418                 }
1419                 ap->dadcounter = dadcounter;
1420         } else {
1421                 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1422                 switch (ifp->family) {
1423                 case ARPHRD_ETHER:
1424                         if (ifp->hwlen == 6) {
1425                                 ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1426                                 ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1427                                 ap->addr.s6_addr[10] = ifp->hwaddr[2];
1428                                 ap->addr.s6_addr[11] = 0xff;
1429                                 ap->addr.s6_addr[12] = 0xfe;
1430                                 ap->addr.s6_addr[13] = ifp->hwaddr[3];
1431                                 ap->addr.s6_addr[14] = ifp->hwaddr[4];
1432                                 ap->addr.s6_addr[15] = ifp->hwaddr[5];
1433                         } else if (ifp->hwlen == 8)
1434                                 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1435                         else {
1436                                 free(ap);
1437                                 errno = ENOTSUP;
1438                                 return -1;
1439                         }
1440                         break;
1441                 }
1442
1443                 /* Sanity check: g bit must not indciate "group" */
1444                 if (EUI64_GROUP(&ap->addr)) {
1445                         free(ap);
1446                         errno = EINVAL;
1447                         return -1;
1448                 }
1449                 EUI64_TO_IFID(&ap->addr);
1450         }
1451
1452         /* Do we already have this address? */
1453         TAILQ_FOREACH(ap2, &state->addrs, next) {
1454                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1455                         if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1456                                 if (ifp->options->options &
1457                                     DHCPCD_SLAACPRIVATE)
1458                                 {
1459                                         dadcounter++;
1460                                         goto nextslaacprivate;
1461                                 }
1462                                 free(ap);
1463                                 errno = EADDRNOTAVAIL;
1464                                 return -1;
1465                         }
1466
1467                         logwarnx("%s: waiting for %s to complete",
1468                             ap2->iface->name, ap2->saddr);
1469                         free(ap);
1470                         errno = EEXIST;
1471                         return 0;
1472                 }
1473         }
1474
1475         inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1476         TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1477         ipv6_addaddr(ap, NULL);
1478         return 1;
1479 }
1480
1481 static int
1482 ipv6_tryaddlinklocal(struct interface *ifp)
1483 {
1484         struct ipv6_addr *ia;
1485
1486         /* We can't assign a link-locak address to this,
1487          * the ppp process has to. */
1488         if (ifp->flags & IFF_POINTOPOINT)
1489                 return 0;
1490
1491         ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED);
1492         if (ia != NULL) {
1493 #ifdef IPV6_POLLADDRFLAG
1494                 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1495                         eloop_timeout_add_msec(
1496                             ia->iface->ctx->eloop,
1497                             RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1498                 }
1499 #endif
1500                 return 0;
1501         }
1502         if (!CAN_ADD_LLADDR(ifp))
1503                 return 0;
1504
1505         return ipv6_addlinklocal(ifp);
1506 }
1507
1508 struct ipv6_addr *
1509 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr,
1510     uint8_t prefix_len, unsigned int flags)
1511 {
1512         struct ipv6_addr *ia, *iaf;
1513         char buf[INET6_ADDRSTRLEN];
1514         const char *cbp;
1515         bool tempaddr;
1516         int addr_flags;
1517
1518 #ifdef IPV6_AF_TEMPORARY
1519         tempaddr = flags & IPV6_AF_TEMPORARY;
1520 #else
1521         tempaddr = false;
1522 #endif
1523
1524         /* If adding a new DHCP / RA derived address, check current flags
1525          * from an existing address. */
1526         if (flags & IPV6_AF_AUTOCONF)
1527                 iaf = ipv6nd_iffindprefix(ifp, addr, prefix_len);
1528         else
1529                 iaf = ipv6_iffindaddr(ifp, addr, 0);
1530         if (iaf != NULL) {
1531                 addr_flags = iaf->addr_flags;
1532                 flags |= IPV6_AF_ADDED;
1533         } else
1534                 addr_flags = IN6_IFF_TENTATIVE;
1535
1536         ia = calloc(1, sizeof(*ia));
1537         if (ia == NULL)
1538                 goto err;
1539
1540         ia->iface = ifp;
1541         ia->addr_flags = addr_flags;
1542         ia->flags = IPV6_AF_NEW | flags;
1543         if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1544                 ia->flags |= IPV6_AF_DADCOMPLETED;
1545         ia->prefix_len = prefix_len;
1546         ia->dhcp6_fd = -1;
1547
1548 #ifndef SMALL
1549         TAILQ_INIT(&ia->pd_pfxs);
1550 #endif
1551
1552         if (prefix_len == 128)
1553                 goto makepfx;
1554         else if (ia->flags & IPV6_AF_AUTOCONF && !tempaddr) {
1555                 ia->prefix = *addr;
1556                 if (iaf != NULL)
1557                         memcpy(&ia->addr, &iaf->addr, sizeof(ia->addr));
1558                 else {
1559                         ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp,
1560                                                        &ia->prefix,
1561                                                        ia->prefix_len);
1562                         if (ia->dadcounter == -1)
1563                                 goto err;
1564                 }
1565         } else if (ia->flags & IPV6_AF_RAPFX) {
1566                 ia->prefix = *addr;
1567 #ifdef __sun
1568                 ia->addr = *addr;
1569                 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1570                 goto paddr;
1571 #else
1572                 return ia;
1573 #endif
1574         } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX)) {
1575                 ia->prefix = *addr;
1576                 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf));
1577                 goto paddr;
1578         } else {
1579 makepfx:
1580                 ia->addr = *addr;
1581                 if (ipv6_makeprefix(&ia->prefix,
1582                                     &ia->addr, ia->prefix_len) == -1)
1583                         goto err;
1584         }
1585
1586         cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1587 paddr:
1588         if (cbp == NULL)
1589                 goto err;
1590         snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len);
1591
1592         return ia;
1593
1594 err:
1595         logerr(__func__);
1596         free(ia);
1597         return NULL;
1598 }
1599
1600 static void
1601 ipv6_staticdadcallback(void *arg)
1602 {
1603         struct ipv6_addr *ia = arg;
1604         int wascompleted;
1605
1606         wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
1607         ia->flags |= IPV6_AF_DADCOMPLETED;
1608         if (ia->flags & IPV6_AF_DUPLICATED)
1609                 logwarnx("%s: DAD detected %s", ia->iface->name,
1610                     ia->saddr);
1611         else if (!wascompleted) {
1612                 logdebugx("%s: IPv6 static DAD completed",
1613                     ia->iface->name);
1614         }
1615
1616 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1617         if (!wascompleted) {
1618                 struct interface *ifp;
1619                 struct ipv6_state *state;
1620
1621                 ifp = ia->iface;
1622                 state = IPV6_STATE(ifp);
1623                 TAILQ_FOREACH(ia, &state->addrs, next) {
1624                         if (ia->flags & IPV6_AF_STATIC &&
1625                             (ia->flags & FINISHED) != FINISHED)
1626                         {
1627                                 wascompleted = 1;
1628                                 break;
1629                         }
1630                 }
1631                 if (!wascompleted)
1632                         script_runreason(ifp, "STATIC6");
1633         }
1634 #undef FINISHED
1635 }
1636
1637 ssize_t
1638 ipv6_env(FILE *fp, const char *prefix, const struct interface *ifp)
1639 {
1640         struct ipv6_addr *ia;
1641
1642         ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6,
1643             IN6_IFF_NOTUSEABLE);
1644         if (ia == NULL)
1645                 return 0;
1646         if (efprintf(fp, "%s_ip6_address=%s", prefix, ia->saddr) == -1)
1647                 return -1;
1648         return 1;
1649 }
1650
1651 int
1652 ipv6_staticdadcompleted(const struct interface *ifp)
1653 {
1654         const struct ipv6_state *state;
1655         const struct ipv6_addr *ia;
1656         int n;
1657
1658         if ((state = IPV6_CSTATE(ifp)) == NULL)
1659                 return 0;
1660         n = 0;
1661 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1662         TAILQ_FOREACH(ia, &state->addrs, next) {
1663                 if ((ia->flags & COMPLETED) == COMPLETED &&
1664                     !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1665                         n++;
1666         }
1667         return n;
1668 }
1669
1670 int
1671 ipv6_startstatic(struct interface *ifp)
1672 {
1673         struct ipv6_addr *ia;
1674         int run_script;
1675
1676         if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6))
1677                 return 0;
1678
1679         ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0);
1680         if (ia != NULL &&
1681             (ia->prefix_len != ifp->options->req_prefix_len ||
1682             ia->addr_flags & IN6_IFF_NOTUSEABLE))
1683         {
1684                 ipv6_deleteaddr(ia);
1685                 ia = NULL;
1686         }
1687         if (ia == NULL) {
1688                 struct ipv6_state *state;
1689
1690                 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6,
1691                     ifp->options->req_prefix_len, 0);
1692                 if (ia == NULL)
1693                         return -1;
1694                 state = IPV6_STATE(ifp);
1695                 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1696                 run_script = 0;
1697         } else
1698                 run_script = 1;
1699         ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK;
1700         ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1701         ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1702         ia->dadcallback = ipv6_staticdadcallback;
1703         ipv6_addaddr(ia, NULL);
1704         rt_build(ifp->ctx, AF_INET6);
1705         if (run_script)
1706                 script_runreason(ifp, "STATIC6");
1707         return 1;
1708 }
1709
1710 /* Ensure the interface has a link-local address */
1711 int
1712 ipv6_start(struct interface *ifp)
1713 {
1714 #ifdef IPV6_POLLADDRFLAG
1715         struct ipv6_state *state;
1716
1717         /* We need to update the address flags. */
1718         if ((state = IPV6_STATE(ifp)) != NULL) {
1719                 struct ipv6_addr *ia;
1720                 const char *alias;
1721                 int flags;
1722
1723                 TAILQ_FOREACH(ia, &state->addrs, next) {
1724 #ifdef ALIAS_ADDR
1725                         alias = ia->alias;
1726 #else
1727                         alias = NULL;
1728 #endif
1729                         flags = if_addrflags6(ia->iface, &ia->addr, alias);
1730                         if (flags != -1)
1731                                 ia->addr_flags = flags;
1732                 }
1733         }
1734 #endif
1735
1736         if (ipv6_tryaddlinklocal(ifp) == -1)
1737                 return -1;
1738
1739         if (IPV6_CSTATE(ifp)) {
1740                 /* Regenerate new ids */
1741                 if (ip6_use_tempaddr(ifp->name))
1742                         ipv6_regentempifid(ifp);
1743         }
1744
1745         return 0;
1746 }
1747
1748 void
1749 ipv6_freedrop(struct interface *ifp, int drop)
1750 {
1751         struct ipv6_state *state;
1752         struct ll_callback *cb;
1753
1754         if (ifp == NULL)
1755                 return;
1756
1757         if ((state = IPV6_STATE(ifp)) == NULL)
1758                 return;
1759
1760         /* If we got here, we can get rid of any LL callbacks. */
1761         while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1762                 TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1763                 free(cb);
1764         }
1765
1766         ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1767         if (drop) {
1768                 if (ifp->ctx->ra_routers != NULL)
1769                         rt_build(ifp->ctx, AF_INET6);
1770         } else {
1771                 /* Because we need to cache the addresses we don't control,
1772                  * we only free the state on when NOT dropping addresses. */
1773                 free(state);
1774                 ifp->if_data[IF_DATA_IPV6] = NULL;
1775                 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1776         }
1777 }
1778
1779 void
1780 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1781 {
1782
1783         free(ctx->ra_routers);
1784         free(ctx->secret);
1785 }
1786
1787 int
1788 ipv6_handleifa_addrs(int cmd,
1789     struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid)
1790 {
1791         struct ipv6_addr *ia, *ian;
1792         uint8_t found, alldadcompleted;
1793
1794         alldadcompleted = 1;
1795         found = 0;
1796         TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
1797                 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) {
1798                         if (ia->flags & IPV6_AF_ADDED &&
1799                             !(ia->flags & IPV6_AF_DADCOMPLETED))
1800                                 alldadcompleted = 0;
1801                         continue;
1802                 }
1803                 switch (cmd) {
1804                 case RTM_DELADDR:
1805                         if (ia->flags & IPV6_AF_ADDED) {
1806                                 logwarnx("%s: pid %d deleted address %s",
1807                                     ia->iface->name, pid, ia->saddr);
1808                                 ia->flags &= ~IPV6_AF_ADDED;
1809                         }
1810                         ipv6_deletedaddr(ia);
1811                         if (ia->flags & IPV6_AF_DELEGATED) {
1812                                 TAILQ_REMOVE(addrs, ia, next);
1813                                 ipv6_freeaddr(ia);
1814                         }
1815                         break;
1816                 case RTM_NEWADDR:
1817                         /* Safety - ignore tentative announcements */
1818                         if (addr->addr_flags &
1819                             (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE))
1820                                 break;
1821                         if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) {
1822                                 found++;
1823                                 if (addr->addr_flags & IN6_IFF_DUPLICATED)
1824                                         ia->flags |= IPV6_AF_DUPLICATED;
1825                                 else
1826                                         ia->flags &= ~IPV6_AF_DUPLICATED;
1827                                 if (ia->dadcallback)
1828                                         ia->dadcallback(ia);
1829                                 /* We need to set this here in-case the
1830                                  * dadcallback function checks it */
1831                                 ia->flags |= IPV6_AF_DADCOMPLETED;
1832                         }
1833                         break;
1834                 }
1835         }
1836
1837         return alldadcompleted ? found : 0;
1838 }
1839
1840 #ifdef IPV6_MANAGETEMPADDR
1841 static const struct ipv6_addr *
1842 ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr)
1843 {
1844         const struct interface *ifp;
1845         const struct ipv6_state *state;
1846         const struct ipv6_addr *ia;
1847
1848         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1849                 if ((state = IPV6_CSTATE(ifp))) {
1850                         TAILQ_FOREACH(ia, &state->addrs, next) {
1851                                 if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0)
1852                                         return ia;
1853                         }
1854                 }
1855         }
1856         return NULL;
1857 }
1858
1859 static const uint8_t nullid[8];
1860 static const uint8_t anycastid[8] = {
1861     0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 };
1862 static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe };
1863
1864 static void
1865 ipv6_regen_desync(struct interface *ifp, int force)
1866 {
1867         struct ipv6_state *state;
1868         unsigned int max, pref;
1869
1870         state = IPV6_STATE(ifp);
1871
1872         /* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1873          * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1874          * I believe this is an error and it should be never be greateter than
1875          * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1876         pref = (unsigned int)ip6_temp_preferred_lifetime(ifp->name);
1877         max = pref - REGEN_ADVANCE;
1878         if (state->desync_factor && !force && state->desync_factor < max)
1879                 return;
1880         if (state->desync_factor == 0)
1881                 state->desync_factor =
1882                     arc4random_uniform(MIN(MAX_DESYNC_FACTOR, max));
1883         max = pref - state->desync_factor - REGEN_ADVANCE;
1884         eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp);
1885 }
1886
1887 void
1888 ipv6_gentempifid(struct interface *ifp)
1889 {
1890         struct ipv6_state *state;
1891         MD5_CTX md5;
1892         uint8_t seed[16], digest[16];
1893         int retry;
1894
1895         if ((state = IPV6_STATE(ifp)) == NULL)
1896                 return;
1897
1898         retry = 0;
1899         if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) {
1900                 uint32_t r;
1901
1902                 r = arc4random();
1903                 memcpy(seed, &r, sizeof(r));
1904                 r = arc4random();
1905                 memcpy(seed + sizeof(r), &r, sizeof(r));
1906         } else
1907                 memcpy(seed, state->randomseed0, sizeof(state->randomseed0));
1908
1909         memcpy(seed + sizeof(state->randomseed0),
1910             state->randomseed1, sizeof(state->randomseed1));
1911
1912 again:
1913         MD5Init(&md5);
1914         MD5Update(&md5, seed, sizeof(seed));
1915         MD5Final(digest, &md5);
1916
1917         /* RFC4941 Section 3.2.1.1
1918          * Take the left-most 64bits and set bit 6 to zero */
1919         memcpy(state->randomid, digest, sizeof(state->randomid));
1920         state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT);
1921
1922         /* RFC4941 Section 3.2.1.4
1923          * Reject reserved or existing id's */
1924         if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 ||
1925             (memcmp(anycastid, state->randomid, 7) == 0 &&
1926             (anycastid[7] & state->randomid[7]) == anycastid[7]) ||
1927             memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 ||
1928             ipv6_findaddrid(ifp->ctx, state->randomid))
1929         {
1930                 if (++retry < GEN_TEMPID_RETRY_MAX) {
1931                         memcpy(seed, digest + 8, 8);
1932                         goto again;
1933                 }
1934                 memset(state->randomid, 0, sizeof(state->randomid));
1935         }
1936
1937         /* RFC4941 Section 3.2.1.6
1938          * Save the right-most 64bits of the digest */
1939         memcpy(state->randomseed0, digest + 8,
1940             sizeof(state->randomseed0));
1941 }
1942
1943 /* RFC4941 Section 3.3.7 */
1944 static void
1945 ipv6_tempdadcallback(void *arg)
1946 {
1947         struct ipv6_addr *ia = arg;
1948
1949         if (ia->flags & IPV6_AF_DUPLICATED) {
1950                 struct ipv6_addr *ia1;
1951                 struct timespec tv;
1952
1953                 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1954                         logerrx("%s: too many duplicate temporary addresses",
1955                             ia->iface->name);
1956                         return;
1957                 }
1958                 clock_gettime(CLOCK_MONOTONIC, &tv);
1959                 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1960                         logerr(__func__);
1961                 else
1962                         ia1->dadcounter = ia->dadcounter;
1963                 ipv6_deleteaddr(ia);
1964                 if (ia1)
1965                         ipv6_addaddr(ia1, &ia1->acquired);
1966         }
1967 }
1968
1969 struct ipv6_addr *
1970 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1971 {
1972         struct ipv6_state *state;
1973         const struct ipv6_state *cstate;
1974         int genid;
1975         struct in6_addr addr, mask;
1976         uint32_t randid[2];
1977         const struct interface *ifp;
1978         const struct ipv6_addr *ap;
1979         struct ipv6_addr *ia;
1980         uint32_t i, trylimit;
1981
1982         trylimit = TEMP_IDGEN_RETRIES;
1983         state = IPV6_STATE(ia0->iface);
1984         genid = 0;
1985
1986         addr = ia0->addr;
1987         ipv6_mask(&mask, ia0->prefix_len);
1988         /* clear the old ifid */
1989         for (i = 0; i < 4; i++)
1990                 addr.s6_addr32[i] &= mask.s6_addr32[i];
1991
1992 again:
1993         if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0)
1994                 genid = 1;
1995         if (genid) {
1996                 memcpy(state->randomseed1, &ia0->addr.s6_addr[8],
1997                     sizeof(state->randomseed1));
1998                 ipv6_gentempifid(ia0->iface);
1999                 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) {
2000                         errno = EFAULT;
2001                         return NULL;
2002                 }
2003         }
2004         memcpy(&randid[0], state->randomid, sizeof(randid[0]));
2005         memcpy(&randid[1], state->randomid + sizeof(randid[1]),
2006             sizeof(randid[2]));
2007         addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2];
2008         addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3];
2009
2010         /* Ensure we don't already have it */
2011         TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) {
2012                 cstate = IPV6_CSTATE(ifp);
2013                 if (cstate) {
2014                         TAILQ_FOREACH(ap, &cstate->addrs, next) {
2015                                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) {
2016                                         if (--trylimit == 0) {
2017                                                 errno = EEXIST;
2018                                                 return NULL;
2019                                         }
2020                                         genid = 1;
2021                                         goto again;
2022                                 }
2023                         }
2024                 }
2025         }
2026
2027         ia = ipv6_newaddr(ia0->iface, &addr, ia0->prefix_len,
2028             IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY);
2029         /* Must be made tentative, for our DaD to work */
2030         ia->addr_flags = IN6_IFF_TENTATIVE;
2031         ia->dadcallback = ipv6_tempdadcallback;
2032         ia->created = ia->acquired = now ? *now : ia0->acquired;
2033
2034         /* Ensure desync is still valid */
2035         ipv6_regen_desync(ia->iface, 0);
2036
2037         /* RFC4941 Section 3.3.4 */
2038         i = (uint32_t)ip6_temp_preferred_lifetime(ia0->iface->name) -
2039             state->desync_factor;
2040         ia->prefix_pltime = MIN(ia0->prefix_pltime, i);
2041         i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name);
2042         ia->prefix_vltime = MIN(ia0->prefix_vltime, i);
2043         if (ia->prefix_pltime <= REGEN_ADVANCE ||
2044             ia->prefix_pltime > ia0->prefix_vltime)
2045         {
2046                 errno = EINVAL;
2047                 free(ia);
2048                 return NULL;
2049         }
2050
2051         TAILQ_INSERT_TAIL(&state->addrs, ia, next);
2052         return ia;
2053 }
2054
2055 struct ipv6_addr *
2056 ipv6_settemptime(struct ipv6_addr *ia, int flags)
2057 {
2058         struct ipv6_state *state;
2059         struct ipv6_addr *ap, *first;
2060
2061         state = IPV6_STATE(ia->iface);
2062         first = NULL;
2063         TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
2064                 if (ap->flags & IPV6_AF_TEMPORARY &&
2065                     ap->prefix_pltime &&
2066                     IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
2067                 {
2068                         unsigned int max, ext;
2069
2070                         if (flags == 0) {
2071                                 if (ap->prefix_pltime -
2072                                     (uint32_t)(ia->acquired.tv_sec -
2073                                     ap->acquired.tv_sec)
2074                                     < REGEN_ADVANCE)
2075                                         continue;
2076
2077                                 return ap;
2078                         }
2079
2080                         if (!(ap->flags & IPV6_AF_ADDED))
2081                                 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
2082                         ap->flags &= ~IPV6_AF_STALE;
2083
2084                         /* RFC4941 Section 3.4
2085                          * Deprecated prefix, deprecate the temporary address */
2086                         if (ia->prefix_pltime == 0) {
2087                                 ap->prefix_pltime = 0;
2088                                 goto valid;
2089                         }
2090
2091                         /* Ensure desync is still valid */
2092                         ipv6_regen_desync(ap->iface, 0);
2093
2094                         /* RFC4941 Section 3.3.2
2095                          * Extend temporary times, but ensure that they
2096                          * never last beyond the system limit. */
2097                         ext = (unsigned int)ia->acquired.tv_sec
2098                             + ia->prefix_pltime;
2099                         max = (unsigned int)(ap->created.tv_sec +
2100                             ip6_temp_preferred_lifetime(ap->iface->name) -
2101                             state->desync_factor);
2102                         if (ext < max)
2103                                 ap->prefix_pltime = ia->prefix_pltime;
2104                         else
2105                                 ap->prefix_pltime =
2106                                     (uint32_t)(max - ia->acquired.tv_sec);
2107
2108 valid:
2109                         ext = (unsigned int)ia->acquired.tv_sec +
2110                             ia->prefix_vltime;
2111                         max = (unsigned int)(ap->created.tv_sec +
2112                             ip6_temp_valid_lifetime(ap->iface->name));
2113                         if (ext < max)
2114                                 ap->prefix_vltime = ia->prefix_vltime;
2115                         else
2116                                 ap->prefix_vltime =
2117                                     (uint32_t)(max - ia->acquired.tv_sec);
2118
2119                         /* Just extend the latest matching prefix */
2120                         ap->acquired = ia->acquired;
2121
2122                         /* If extending return the last match as
2123                          * it's the most current.
2124                          * If deprecating, deprecate any other addresses we
2125                          * may have, although this should not be needed */
2126                         if (ia->prefix_pltime)
2127                                 return ap;
2128                         if (first == NULL)
2129                                 first = ap;
2130                 }
2131         }
2132         return first;
2133 }
2134
2135 void
2136 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
2137 {
2138         struct ipv6_state *state;
2139         struct ipv6_addr *ia;
2140
2141         state = IPV6_STATE(ifp);
2142         TAILQ_FOREACH(ia, &state->addrs, next) {
2143                 if (ia->flags & IPV6_AF_TEMPORARY &&
2144                     !(ia->flags & IPV6_AF_STALE))
2145                         ipv6_addaddr(ia, now);
2146         }
2147 }
2148
2149 static void
2150 ipv6_regentempaddr(void *arg)
2151 {
2152         struct ipv6_addr *ia = arg, *ia1;
2153         struct timespec tv;
2154
2155         logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr);
2156         clock_gettime(CLOCK_MONOTONIC, &tv);
2157         ia1 = ipv6_createtempaddr(ia, &tv);
2158         if (ia1)
2159                 ipv6_addaddr(ia1, &tv);
2160         else
2161                 logerr(__func__);
2162 }
2163
2164 static void
2165 ipv6_regentempifid(void *arg)
2166 {
2167         struct interface *ifp = arg;
2168         struct ipv6_state *state;
2169
2170         state = IPV6_STATE(ifp);
2171         if (memcmp(state->randomid, nullid, sizeof(state->randomid)))
2172                 ipv6_gentempifid(ifp);
2173
2174         ipv6_regen_desync(ifp, 1);
2175 }
2176 #endif /* IPV6_MANAGETEMPADDR */
2177
2178 void
2179 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags)
2180 {
2181         struct ipv6_state *state;
2182         struct ipv6_addr *ia;
2183
2184         state = IPV6_STATE(ifp);
2185         if (state == NULL)
2186                 return;
2187
2188         TAILQ_FOREACH(ia, &state->addrs, next) {
2189                 if (flags == 0 || ia->flags & flags)
2190                         ia->flags |= IPV6_AF_STALE;
2191         }
2192 }
2193
2194 void
2195 ipv6_deletestaleaddrs(struct interface *ifp)
2196 {
2197         struct ipv6_state *state;
2198         struct ipv6_addr *ia, *ia1;
2199
2200         state = IPV6_STATE(ifp);
2201         if (state == NULL)
2202                 return;
2203
2204         TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) {
2205                 if (ia->flags & IPV6_AF_STALE)
2206                         ipv6_handleifa(ifp->ctx, RTM_DELADDR,
2207                             ifp->ctx->ifaces, ifp->name,
2208                             &ia->addr, ia->prefix_len, 0, getpid());
2209         }
2210 }
2211
2212
2213 static struct rt *
2214 inet6_makeroute(struct interface *ifp, const struct ra *rap)
2215 {
2216         struct rt *rt;
2217
2218         if ((rt = rt_new(ifp)) == NULL)
2219                 return NULL;
2220
2221 #ifdef HAVE_ROUTE_METRIC
2222         rt->rt_metric = ifp->metric;
2223 #endif
2224         if (rap != NULL)
2225                 rt->rt_mtu = rap->mtu;
2226         return rt;
2227 }
2228
2229 static struct rt *
2230 inet6_makeprefix(struct interface *ifp, const struct ra *rap,
2231     const struct ipv6_addr *addr)
2232 {
2233         struct rt *rt;
2234         struct in6_addr netmask;
2235
2236         if (addr == NULL || addr->prefix_len > 128) {
2237                 errno = EINVAL;
2238                 return NULL;
2239         }
2240
2241         /* There is no point in trying to manage a /128 prefix,
2242          * ones without a lifetime.  */
2243         if (addr->prefix_len == 128 || addr->prefix_vltime == 0)
2244                 return NULL;
2245
2246         /* Don't install a reject route when not creating bigger prefixes. */
2247         if (addr->flags & IPV6_AF_NOREJECT)
2248                 return NULL;
2249
2250         /* This address is the delegated prefix, so add a reject route for
2251          * it via the loopback interface. */
2252         if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2253                 struct interface *lo0;
2254
2255                 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) {
2256                         if (lo0->flags & IFF_LOOPBACK)
2257                                 break;
2258                 }
2259                 if (lo0 == NULL)
2260                         logwarnx("cannot find a loopback interface "
2261                             "to reject via");
2262                 else
2263                         ifp = lo0;
2264         }
2265
2266         if ((rt = inet6_makeroute(ifp, rap)) == NULL)
2267                 return NULL;
2268
2269         sa_in6_init(&rt->rt_dest, &addr->prefix);
2270         ipv6_mask(&netmask, addr->prefix_len);
2271         sa_in6_init(&rt->rt_netmask, &netmask);
2272         if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2273                 rt->rt_flags |= RTF_REJECT;
2274                 /* Linux does not like a gateway for a reject route. */
2275 #ifndef __linux__
2276                 sa_in6_init(&rt->rt_gateway, &in6addr_loopback);
2277 #endif
2278         } else if (!(addr->flags & IPV6_AF_ONLINK))
2279                 sa_in6_init(&rt->rt_gateway, &rap->from);
2280         else
2281                 rt->rt_gateway.sa_family = AF_UNSPEC;
2282         sa_in6_init(&rt->rt_ifa, &addr->addr);
2283         return rt;
2284 }
2285
2286 static struct rt *
2287 inet6_makerouter(struct ra *rap)
2288 {
2289         struct rt *rt;
2290
2291         if ((rt = inet6_makeroute(rap->iface, rap)) == NULL)
2292                 return NULL;
2293         sa_in6_init(&rt->rt_dest, &in6addr_any);
2294         sa_in6_init(&rt->rt_netmask, &in6addr_any);
2295         sa_in6_init(&rt->rt_gateway, &rap->from);
2296         return rt;
2297 }
2298
2299 #define RT_IS_DEFAULT(rtp) \
2300         (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) &&                  \
2301             IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any))
2302
2303 static int
2304 inet6_staticroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2305 {
2306         struct interface *ifp;
2307         struct ipv6_state *state;
2308         struct ipv6_addr *ia;
2309         struct rt *rt;
2310
2311         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2312                 if ((state = IPV6_STATE(ifp)) == NULL)
2313                         continue;
2314                 TAILQ_FOREACH(ia, &state->addrs, next) {
2315                         if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) ==
2316                             (IPV6_AF_ADDED | IPV6_AF_STATIC))
2317                         {
2318                                 rt = inet6_makeprefix(ifp, NULL, ia);
2319                                 if (rt)
2320                                         rt_proto_add(routes, rt);
2321                         }
2322                 }
2323         }
2324         return 0;
2325 }
2326
2327 static int
2328 inet6_raroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2329 {
2330         struct rt *rt;
2331         struct ra *rap;
2332         const struct ipv6_addr *addr;
2333
2334         if (ctx->ra_routers == NULL)
2335                 return 0;
2336
2337         TAILQ_FOREACH(rap, ctx->ra_routers, next) {
2338                 if (rap->expired)
2339                         continue;
2340                 TAILQ_FOREACH(addr, &rap->addrs, next) {
2341                         if (addr->prefix_vltime == 0)
2342                                 continue;
2343                         rt = inet6_makeprefix(rap->iface, rap, addr);
2344                         if (rt) {
2345                                 rt->rt_dflags |= RTDF_RA;
2346                                 rt_proto_add(routes, rt);
2347                         }
2348                 }
2349                 if (rap->lifetime == 0)
2350                         continue;
2351                 if (ipv6_anyglobal(rap->iface) == NULL)
2352                         continue;
2353                 rt = inet6_makerouter(rap);
2354                 if (rt == NULL)
2355                         continue;
2356                 rt->rt_dflags |= RTDF_RA;
2357                 rt_proto_add(routes, rt);
2358         }
2359         return 0;
2360 }
2361
2362 #ifdef DHCP6
2363 static int
2364 inet6_dhcproutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx,
2365     enum DH6S dstate)
2366 {
2367         struct interface *ifp;
2368         const struct dhcp6_state *d6_state;
2369         const struct ipv6_addr *addr;
2370         struct rt *rt;
2371
2372         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2373                 d6_state = D6_CSTATE(ifp);
2374                 if (d6_state && d6_state->state == dstate) {
2375                         TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2376                                 rt = inet6_makeprefix(ifp, NULL, addr);
2377                                 if (rt == NULL)
2378                                         continue;
2379                                 rt->rt_dflags |= RTDF_DHCP;
2380                                 rt_proto_add(routes, rt);
2381                         }
2382                 }
2383         }
2384         return 0;
2385 }
2386 #endif
2387
2388 bool
2389 inet6_getroutes(struct dhcpcd_ctx *ctx, rb_tree_t *routes)
2390 {
2391
2392         /* Should static take priority? */
2393         if (inet6_staticroutes(routes, ctx) == -1)
2394                 return false;
2395
2396         /* First add reachable routers and their prefixes */
2397         if (inet6_raroutes(routes, ctx) == -1)
2398                 return false;
2399
2400 #ifdef DHCP6
2401         /* We have no way of knowing if prefixes added by DHCP are reachable
2402          * or not, so we have to assume they are.
2403          * Add bound before delegated so we can prefer interfaces better. */
2404         if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1)
2405                 return false;
2406         if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1)
2407                 return false;
2408 #endif
2409
2410         return true;
2411 }