projects / dragonfly.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'vendor/DHCPCD'
[dragonfly.git] / contrib / dhcpcd / src / ipv6.c
1 /*
2  * dhcpcd - DHCP client daemon
3  * Copyright (c) 2006-2018 Roy Marples <roy@marples.name>
4  * All rights reserved
5
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27
28 #include <sys/param.h>
29 #include <sys/types.h>
30 #include <sys/socket.h>
31 #include <sys/stat.h>
32
33 #include <net/if.h>
34 #include <net/route.h>
35 #include <netinet/in.h>
36 #include <netinet/if_ether.h>
37
38 #include "config.h"
39
40 #ifdef HAVE_SYS_BITOPS_H
41 #include <sys/bitops.h>
42 #else
43 #include "compat/bitops.h"
44 #endif
45
46 #ifdef BSD
47 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used
48  * to generate our CAN_ADD_LLADDR #define. */
49 #  include <netinet6/in6_var.h>
50 #  include <netinet6/nd6.h>
51 #endif
52
53 #include <errno.h>
54 #include <ifaddrs.h>
55 #include <inttypes.h>
56 #include <stdlib.h>
57 #include <string.h>
58 #include <unistd.h>
59
60 #define ELOOP_QUEUE 7
61 #include "common.h"
62 #include "if.h"
63 #include "dhcpcd.h"
64 #include "dhcp6.h"
65 #include "eloop.h"
66 #include "ipv6.h"
67 #include "ipv6nd.h"
68 #include "logerr.h"
69 #include "sa.h"
70 #include "script.h"
71
72 #ifdef HAVE_MD5_H
73 #  ifndef DEPGEN
74 #    include <md5.h>
75 #  endif
76 #endif
77
78 #ifdef SHA2_H
79 #  include SHA2_H
80 #endif
81
82 #ifndef SHA256_DIGEST_LENGTH
83 #  define SHA256_DIGEST_LENGTH          32
84 #endif
85
86 #ifdef IPV6_POLLADDRFLAG
87 #  warning kernel does not report IPv6 address flag changes
88 #  warning polling tentative address flags periodically
89 #endif
90
91 /* Hackery at it's finest. */
92 #ifndef s6_addr32
93 #  ifdef __sun
94 #    define s6_addr32   _S6_un._S6_u32
95 #  else
96 #    define s6_addr32   __u6_addr.__u6_addr32
97 #  endif
98 #endif
99
100 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \
101     defined(IFF_NOLINKLOCAL)
102 /* Only add the LL address if we have a carrier, so DaD works. */
103 #define CAN_ADD_LLADDR(ifp) \
104     (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN)
105 #ifdef __sun
106 /* Although we can add our own LL address, we cannot drop it
107  * without unplumbing the if which is a lot of code.
108  * So just keep it for the time being. */
109 #define CAN_DROP_LLADDR(ifp)    (0)
110 #else
111 #define CAN_DROP_LLADDR(ifp)    (1)
112 #endif
113 #else
114 /* We have no control over the OS adding the LLADDR, so just let it do it
115  * as we cannot force our own view on it. */
116 #define CAN_ADD_LLADDR(ifp)     (0)
117 #define CAN_DROP_LLADDR(ifp)    (0)
118 #endif
119
120 #ifdef IPV6_MANAGETEMPADDR
121 static void ipv6_regentempifid(void *);
122 static void ipv6_regentempaddr(void *);
123 #else
124 #define ipv6_regentempifid(a) {}
125 #endif
126
127 int
128 ipv6_init(struct dhcpcd_ctx *ctx)
129 {
130
131         if (ctx->sndhdr.msg_iovlen == 1)
132                 return 0;
133
134         if (ctx->ra_routers == NULL) {
135                 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
136                 if (ctx->ra_routers == NULL)
137                         return -1;
138         }
139         TAILQ_INIT(ctx->ra_routers);
140
141         ctx->sndhdr.msg_namelen = sizeof(struct sockaddr_in6);
142         ctx->sndhdr.msg_iov = ctx->sndiov;
143         ctx->sndhdr.msg_iovlen = 1;
144         ctx->sndhdr.msg_control = ctx->sndbuf;
145         ctx->sndhdr.msg_controllen = sizeof(ctx->sndbuf);
146         ctx->rcvhdr.msg_name = &ctx->from;
147         ctx->rcvhdr.msg_namelen = sizeof(ctx->from);
148         ctx->rcvhdr.msg_iov = ctx->iov;
149         ctx->rcvhdr.msg_iovlen = 1;
150         ctx->rcvhdr.msg_control = ctx->ctlbuf;
151         // controllen is set at recieve
152         //ctx->rcvhdr.msg_controllen = sizeof(ctx->rcvbuf);
153
154         ctx->nd_fd = -1;
155         ctx->dhcp6_fd = -1;
156         return 0;
157 }
158
159 static ssize_t
160 ipv6_readsecret(struct dhcpcd_ctx *ctx)
161 {
162         FILE *fp;
163         char line[1024];
164         unsigned char *p;
165         size_t len;
166         uint32_t r;
167         int x;
168
169         if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0)
170                 return (ssize_t)ctx->secret_len;
171
172         if (errno != ENOENT)
173                 logerr("%s: %s", __func__, SECRET);
174
175         /* Chaining arc4random should be good enough.
176          * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
177          * To attempt and future proof ourselves, we'll generate a key of
178          * 512 bits (64 bytes). */
179         if (ctx->secret_len < 64) {
180                 if ((ctx->secret = malloc(64)) == NULL) {
181                         logerr(__func__);
182                         return -1;
183                 }
184                 ctx->secret_len = 64;
185         }
186         p = ctx->secret;
187         for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
188                 r = arc4random();
189                 memcpy(p, &r, sizeof(r));
190                 p += sizeof(r);
191         }
192
193         /* Ensure that only the dhcpcd user can read the secret.
194          * Write permission is also denied as chaning it would remove
195          * it's stability. */
196         if ((fp = fopen(SECRET, "w")) == NULL ||
197             chmod(SECRET, S_IRUSR) == -1)
198                 goto eexit;
199         x = fprintf(fp, "%s\n",
200             hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)));
201         if (fclose(fp) == EOF)
202                 x = -1;
203         fp = NULL;
204         if (x > 0)
205                 return (ssize_t)ctx->secret_len;
206
207 eexit:
208         logerr("%s: %s", __func__, SECRET);
209         if (fp != NULL)
210                 fclose(fp);
211         unlink(SECRET);
212         ctx->secret_len = 0;
213         return -1;
214 }
215
216 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
217  * RFC5453 */
218 static const struct reslowhigh {
219         const uint8_t high[8];
220         const uint8_t low[8];
221 } reslowhigh[] = {
222         /* RFC4291 + RFC6543 */
223         { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
224           { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
225         /* RFC2526 */
226         { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
227           { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
228 };
229
230 static int
231 ipv6_reserved(const struct in6_addr *addr)
232 {
233         uint64_t id, low, high;
234         size_t i;
235         const struct reslowhigh *r;
236
237         id = be64dec(addr->s6_addr + sizeof(id));
238         if (id == 0) /* RFC4291 */
239                 return 1;
240         for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) {
241                 r = &reslowhigh[i];
242                 low = be64dec(r->low);
243                 high = be64dec(r->high);
244                 if (id >= low && id <= high)
245                         return 1;
246         }
247         return 0;
248 }
249
250 /* RFC7217 */
251 static int
252 ipv6_makestableprivate1(struct in6_addr *addr,
253     const struct in6_addr *prefix, int prefix_len,
254     const unsigned char *netiface, size_t netiface_len,
255     const unsigned char *netid, size_t netid_len,
256     unsigned short vlanid,
257     uint32_t *dad_counter,
258     const unsigned char *secret, size_t secret_len)
259 {
260         unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
261         size_t len, l;
262         SHA256_CTX ctx;
263
264         if (prefix_len < 0 || prefix_len > 120) {
265                 errno = EINVAL;
266                 return -1;
267         }
268
269         l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
270         len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len;
271         if (vlanid != 0)
272                 len += sizeof(vlanid);
273         if (len > sizeof(buf)) {
274                 errno = ENOBUFS;
275                 return -1;
276         }
277
278         for (;; (*dad_counter)++) {
279                 /* Combine all parameters into one buffer */
280                 p = buf;
281                 memcpy(p, prefix, l);
282                 p += l;
283                 memcpy(p, netiface, netiface_len);
284                 p += netiface_len;
285                 memcpy(p, netid, netid_len);
286                 p += netid_len;
287                 /* Don't use a vlanid if not set.
288                  * This ensures prior versions have the same unique address. */
289                 if (vlanid != 0) {
290                         memcpy(p, &vlanid, sizeof(vlanid));
291                         p += sizeof(vlanid);
292                 }
293                 memcpy(p, dad_counter, sizeof(*dad_counter));
294                 p += sizeof(*dad_counter);
295                 memcpy(p, secret, secret_len);
296
297                 /* Make an address using the digest of the above.
298                  * RFC7217 Section 5.1 states that we shouldn't use MD5.
299                  * Pity as we use that for HMAC-MD5 which is still deemed OK.
300                  * SHA-256 is recommended */
301                 SHA256_Init(&ctx);
302                 SHA256_Update(&ctx, buf, len);
303                 SHA256_Final(digest, &ctx);
304
305                 p = addr->s6_addr;
306                 memcpy(p, prefix, l);
307                 /* RFC7217 section 5.2 says we need to start taking the id from
308                  * the least significant bit */
309                 len = sizeof(addr->s6_addr) - l;
310                 memcpy(p + l, digest + (sizeof(digest) - len), len);
311
312                 /* Ensure that the Interface ID does not match a reserved one,
313                  * if it does then treat it as a DAD failure.
314                  * RFC7217 section 5.2 */
315                 if (prefix_len != 64)
316                         break;
317                 if (!ipv6_reserved(addr))
318                         break;
319         }
320
321         return 0;
322 }
323
324 int
325 ipv6_makestableprivate(struct in6_addr *addr,
326     const struct in6_addr *prefix, int prefix_len,
327     const struct interface *ifp,
328     int *dad_counter)
329 {
330         uint32_t dad;
331         int r;
332
333         if (ifp->ctx->secret_len == 0) {
334                 if (ipv6_readsecret(ifp->ctx) == -1)
335                         return -1;
336         }
337
338         dad = (uint32_t)*dad_counter;
339
340         /* For our implementation, we shall set the hardware address
341          * as the interface identifier */
342         r = ipv6_makestableprivate1(addr, prefix, prefix_len,
343             ifp->hwaddr, ifp->hwlen,
344             ifp->ssid, ifp->ssid_len,
345             ifp->vlanid, &dad,
346             ifp->ctx->secret, ifp->ctx->secret_len);
347
348         if (r == 0)
349                 *dad_counter = (int)dad;
350         return r;
351 }
352
353 int
354 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp,
355     const struct in6_addr *prefix, int prefix_len)
356 {
357         const struct ipv6_addr *ap;
358         int dad;
359
360         if (prefix_len < 0 || prefix_len > 120) {
361                 errno = EINVAL;
362                 return -1;
363         }
364
365         if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
366                 dad = 0;
367                 if (ipv6_makestableprivate(addr,
368                     prefix, prefix_len, ifp, &dad) == -1)
369                         return -1;
370                 return dad;
371         }
372
373         if (prefix_len > 64) {
374                 errno = EINVAL;
375                 return -1;
376         }
377         if ((ap = ipv6_linklocal(ifp)) == NULL) {
378                 /* We delay a few functions until we get a local-link address
379                  * so this should never be hit. */
380                 errno = ENOENT;
381                 return -1;
382         }
383
384         /* Make the address from the first local-link address */
385         memcpy(addr, prefix, sizeof(*prefix));
386         addr->s6_addr32[2] = ap->addr.s6_addr32[2];
387         addr->s6_addr32[3] = ap->addr.s6_addr32[3];
388         return 0;
389 }
390
391 static int
392 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
393 {
394         int bytes, bits;
395
396         if (len < 0 || len > 128) {
397                 errno = EINVAL;
398                 return -1;
399         }
400
401         bytes = len / NBBY;
402         bits = len % NBBY;
403         memcpy(&prefix->s6_addr, &addr->s6_addr, (size_t)bytes);
404         if (bits != 0) {
405                 /* Coverify false positive.
406                  * bytelen cannot be 16 if bitlen is non zero */
407                 /* coverity[overrun-local] */
408                 prefix->s6_addr[bytes] =
409                     (uint8_t)(prefix->s6_addr[bytes] >> (NBBY - bits));
410         }
411         memset((char *)prefix->s6_addr + bytes, 0,
412             sizeof(prefix->s6_addr) - (size_t)bytes);
413         return 0;
414 }
415
416 int
417 ipv6_mask(struct in6_addr *mask, int len)
418 {
419         static const unsigned char masks[NBBY] =
420             { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
421         int bytes, bits, i;
422
423         if (len < 0 || len > 128) {
424                 errno = EINVAL;
425                 return -1;
426         }
427
428         memset(mask, 0, sizeof(*mask));
429         bytes = len / NBBY;
430         bits = len % NBBY;
431         for (i = 0; i < bytes; i++)
432                 mask->s6_addr[i] = 0xff;
433         if (bits != 0) {
434                 /* Coverify false positive.
435                  * bytelen cannot be 16 if bitlen is non zero */
436                 /* coverity[overrun-local] */
437                 mask->s6_addr[bytes] = masks[bits - 1];
438         }
439         return 0;
440 }
441
442 uint8_t
443 ipv6_prefixlen(const struct in6_addr *mask)
444 {
445         int x = 0, y;
446         const unsigned char *lim, *p;
447
448         lim = (const unsigned char *)mask + sizeof(*mask);
449         for (p = (const unsigned char *)mask; p < lim; x++, p++) {
450                 if (*p != 0xff)
451                         break;
452         }
453         y = 0;
454         if (p < lim) {
455                 for (y = 0; y < NBBY; y++) {
456                         if ((*p & (0x80 >> y)) == 0)
457                                 break;
458                 }
459         }
460
461         /*
462          * when the limit pointer is given, do a stricter check on the
463          * remaining bits.
464          */
465         if (p < lim) {
466                 if (y != 0 && (*p & (0x00ff >> y)) != 0)
467                         return 0;
468                 for (p = p + 1; p < lim; p++)
469                         if (*p != 0)
470                                 return 0;
471         }
472
473         return (uint8_t)(x * NBBY + y);
474 }
475
476 static void
477 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
478 {
479
480         *vhigh = be64dec(addr->s6_addr);
481         *vlow = be64dec(addr->s6_addr + 8);
482 }
483
484 static void
485 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
486 {
487
488         be64enc(addr->s6_addr, vhigh);
489         be64enc(addr->s6_addr + 8, vlow);
490 }
491
492 int
493 ipv6_userprefix(
494         const struct in6_addr *prefix,  // prefix from router
495         short prefix_len,               // length of prefix received
496         uint64_t user_number,           // "random" number from user
497         struct in6_addr *result,        // resultant prefix
498         short result_len)               // desired prefix length
499 {
500         uint64_t vh, vl, user_low, user_high;
501
502         if (prefix_len < 1 || prefix_len > 128 ||
503             result_len < 1 || result_len > 128)
504         {
505                 errno = EINVAL;
506                 return -1;
507         }
508
509         /* Check that the user_number fits inside result_len less prefix_len */
510         if (result_len < prefix_len ||
511             fls64(user_number) > result_len - prefix_len)
512         {
513                errno = ERANGE;
514                return -1;
515         }
516
517         /* If user_number is zero, just copy the prefix into the result. */
518         if (user_number == 0) {
519                 *result = *prefix;
520                 return 0;
521         }
522
523         /* Shift user_number so it fit's just inside result_len.
524          * Shifting by 0 or sizeof(user_number) is undefined,
525          * so we cater for that. */
526         if (result_len == 128) {
527                 user_high = 0;
528                 user_low = user_number;
529         } else if (result_len > 64) {
530                 if (prefix_len >= 64)
531                         user_high = 0;
532                 else
533                         user_high = user_number >> (result_len - prefix_len);
534                 user_low = user_number << (128 - result_len);
535         } else if (result_len == 64) {
536                 user_high = user_number;
537                 user_low = 0;
538         } else {
539                 user_high = user_number << (64 - result_len);
540                 user_low = 0;
541         }
542
543         /* convert to two 64bit host order values */
544         in6_to_h64(&vh, &vl, prefix);
545
546         vh |= user_high;
547         vl |= user_low;
548
549         /* copy back result */
550         h64_to_in6(result, vh, vl);
551
552         return 0;
553 }
554
555 #ifdef IPV6_POLLADDRFLAG
556 void
557 ipv6_checkaddrflags(void *arg)
558 {
559         struct ipv6_addr *ia;
560         int flags;
561         const char *alias;
562
563         ia = arg;
564 #ifdef ALIAS_ADDR
565         alias = ia->alias;
566 #else
567         alias = NULL;
568 #endif
569         if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) {
570                 if (errno != EEXIST && errno != EADDRNOTAVAIL)
571                         logerr("%s: if_addrflags6", __func__);
572                 return;
573         }
574
575         if (!(flags & IN6_IFF_TENTATIVE)) {
576                 /* Simulate the kernel announcing the new address. */
577                 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR,
578                     ia->iface->ctx->ifaces, ia->iface->name,
579                     &ia->addr, ia->prefix_len, flags, 0);
580         } else {
581                 /* Still tentative? Check again in a bit. */
582                 struct timespec tv;
583
584                 ms_to_ts(&tv, RETRANS_TIMER / 2);
585                 eloop_timeout_add_tv(ia->iface->ctx->eloop, &tv,
586                     ipv6_checkaddrflags, ia);
587         }
588 }
589 #endif
590
591 static void
592 ipv6_deletedaddr(struct ipv6_addr *ia)
593 {
594
595 #ifdef SMALL
596         UNUSED(ia);
597 #else
598         /* NOREJECT is set if we delegated exactly the prefix to another
599          * address.
600          * This can only be one address, so just clear the flag.
601          * This should ensure the reject route will be restored. */
602         if (ia->delegating_prefix != NULL)
603                 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT;
604 #endif
605 }
606
607 void
608 ipv6_deleteaddr(struct ipv6_addr *ia)
609 {
610         struct ipv6_state *state;
611         struct ipv6_addr *ap;
612
613         loginfox("%s: deleting address %s", ia->iface->name, ia->saddr);
614         if (if_address6(RTM_DELADDR, ia) == -1 &&
615             errno != EADDRNOTAVAIL && errno != ESRCH &&
616             errno != ENXIO && errno != ENODEV)
617                 logerr(__func__);
618
619         ipv6_deletedaddr(ia);
620
621         state = IPV6_STATE(ia->iface);
622         TAILQ_FOREACH(ap, &state->addrs, next) {
623                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
624                         TAILQ_REMOVE(&state->addrs, ap, next);
625                         ipv6_freeaddr(ap);
626                         break;
627                 }
628         }
629 }
630
631 static int
632 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now)
633 {
634         struct interface *ifp;
635         struct ipv6_state *state;
636         struct ipv6_addr *ia2;
637         uint32_t pltime, vltime;
638         __printflike(1, 2) void (*logfunc)(const char *, ...);
639
640         /* Ensure no other interface has this address */
641         TAILQ_FOREACH(ifp, ia->iface->ctx->ifaces, next) {
642                 if (ifp == ia->iface)
643                         continue;
644                 state = IPV6_STATE(ifp);
645                 if (state == NULL)
646                         continue;
647                 TAILQ_FOREACH(ia2, &state->addrs, next) {
648                         if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr)) {
649                                 ipv6_deleteaddr(ia2);
650                                 break;
651                         }
652                 }
653         }
654
655         /* Remember the interface of the address. */
656         ifp = ia->iface;
657
658         if (!(ia->flags & IPV6_AF_DADCOMPLETED) &&
659             ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE))
660                 ia->flags |= IPV6_AF_DADCOMPLETED;
661
662         /* Adjust plftime and vltime based on acquired time */
663         pltime = ia->prefix_pltime;
664         vltime = ia->prefix_vltime;
665         if (timespecisset(&ia->acquired) &&
666             (ia->prefix_pltime != ND6_INFINITE_LIFETIME ||
667             ia->prefix_vltime != ND6_INFINITE_LIFETIME))
668         {
669                 struct timespec n;
670
671                 if (now == NULL) {
672                         clock_gettime(CLOCK_MONOTONIC, &n);
673                         now = &n;
674                 }
675                 timespecsub(now, &ia->acquired, &n);
676                 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) {
677                         ia->prefix_pltime -= (uint32_t)n.tv_sec;
678                         /* This can happen when confirming a
679                          * deprecated but still valid lease. */
680                         if (ia->prefix_pltime > pltime)
681                                 ia->prefix_pltime = 0;
682                 }
683                 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) {
684                         ia->prefix_vltime -= (uint32_t)n.tv_sec;
685                         /* This should never happen. */
686                         if (ia->prefix_vltime > vltime) {
687                                 logerrx("%s: %s: lifetime overflow",
688                                     ifp->name, ia->saddr);
689                                 ia->prefix_vltime = ia->prefix_pltime = 0;
690                         }
691                 }
692         }
693
694         logfunc = ia->flags & IPV6_AF_NEW ? loginfox : logdebugx;
695         logfunc("%s: adding %saddress %s", ifp->name,
696 #ifdef IPV6_AF_TEMPORARY
697             ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "",
698 #else
699             "",
700 #endif
701             ia->saddr);
702         if (ia->prefix_pltime == ND6_INFINITE_LIFETIME &&
703             ia->prefix_vltime == ND6_INFINITE_LIFETIME)
704                 logdebugx("%s: pltime infinity, vltime infinity",
705                     ifp->name);
706         else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME)
707                 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds",
708                     ifp->name, ia->prefix_vltime);
709         else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME)
710                 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity",
711                     ifp->name, ia->prefix_pltime);
712         else
713                 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32
714                     " seconds",
715                     ifp->name, ia->prefix_pltime, ia->prefix_vltime);
716
717
718         if (if_address6(RTM_NEWADDR, ia) == -1) {
719                 logerr(__func__);
720                 /* Restore real pltime and vltime */
721                 ia->prefix_pltime = pltime;
722                 ia->prefix_vltime = vltime;
723                 return -1;
724         }
725
726 #ifdef IPV6_MANAGETEMPADDR
727         /* RFC4941 Section 3.4 */
728         if (ia->flags & IPV6_AF_TEMPORARY &&
729             ia->prefix_pltime &&
730             ia->prefix_vltime &&
731             ip6_use_tempaddr(ifp->name))
732                 eloop_timeout_add_sec(ifp->ctx->eloop,
733                     (time_t)ia->prefix_pltime - REGEN_ADVANCE,
734                     ipv6_regentempaddr, ia);
735 #endif
736
737         /* Restore real pltime and vltime */
738         ia->prefix_pltime = pltime;
739         ia->prefix_vltime = vltime;
740
741         ia->flags &= ~IPV6_AF_NEW;
742         ia->flags |= IPV6_AF_ADDED;
743 #ifndef SMALL
744         if (ia->delegating_prefix != NULL)
745                 ia->flags |= IPV6_AF_DELEGATED;
746 #endif
747
748 #ifdef IPV6_POLLADDRFLAG
749         eloop_timeout_delete(ifp->ctx->eloop,
750                 ipv6_checkaddrflags, ia);
751         if (!(ia->flags & IPV6_AF_DADCOMPLETED)) {
752                 struct timespec tv;
753
754                 ms_to_ts(&tv, RETRANS_TIMER / 2);
755                 eloop_timeout_add_tv(ifp->ctx->eloop,
756                     &tv, ipv6_checkaddrflags, ia);
757         }
758 #endif
759
760 #ifdef __sun
761         /* Solaris does not announce new addresses which need DaD
762          * so we need to take a copy and add it to our list.
763          * Otherwise aliasing gets confused if we add another
764          * address during DaD. */
765
766         state = IPV6_STATE(ifp);
767         TAILQ_FOREACH(ia2, &state->addrs, next) {
768                 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr))
769                         break;
770         }
771         if (ia2 == NULL) {
772                 if ((ia2 = malloc(sizeof(*ia2))) == NULL) {
773                         logerr(__func__);
774                         return 0; /* Well, we did add the address */
775                 }
776                 memcpy(ia2, ia, sizeof(*ia2));
777                 TAILQ_INSERT_TAIL(&state->addrs, ia2, next);
778         }
779 #endif
780
781         return 0;
782 }
783
784 #ifdef ALIAS_ADDR
785 /* Find the next logical aliase address we can use. */
786 static int
787 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl)
788 {
789         struct ipv6_state *state;
790         struct ipv6_addr *iap;
791         unsigned int unit;
792         char alias[IF_NAMESIZE];
793
794         if (ia->alias[0] != '\0')
795                 return 0;
796         state = IPV6_STATE(ia->iface);
797
798         /* First find an existng address.
799          * This can happen when dhcpcd restarts as ND and DHCPv6
800          * maintain their own lists of addresses. */
801         TAILQ_FOREACH(iap, &state->addrs, next) {
802                 if (iap->alias[0] != '\0' &&
803                     IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
804                 {
805                         strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
806                         return 0;
807                 }
808         }
809
810         unit = 0;
811 find_unit:
812         if (unit == 0)
813                 strlcpy(alias, ia->iface->name, sizeof(alias));
814         else
815                 snprintf(alias, sizeof(alias), "%s:%u", ia->iface->name, unit);
816         TAILQ_FOREACH(iap, &state->addrs, next) {
817                 if (iap->alias[0] == '\0')
818                         continue;
819                 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) {
820                         /* No address assigned? Lets use it. */
821                         strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
822                         if (repl)
823                                 *repl = iap;
824                         return 1;
825                 }
826                 if (strcmp(iap->alias, alias) == 0)
827                         break;
828         }
829
830         if (iap != NULL) {
831                 if (unit == UINT_MAX) {
832                         errno = ERANGE;
833                         return -1;
834                 }
835                 unit++;
836                 goto find_unit;
837         }
838
839         strlcpy(ia->alias, alias, sizeof(ia->alias));
840         return 0;
841 }
842 #endif
843
844 int
845 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now)
846 {
847         int r;
848 #ifdef ALIAS_ADDR
849         int replaced, blank;
850         struct ipv6_addr *replaced_ia;
851
852         blank = (ia->alias[0] == '\0');
853         if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1)
854                 return -1;
855         if (blank)
856                 logdebugx("%s: aliased %s", ia->alias, ia->saddr);
857 #endif
858
859         if ((r = ipv6_addaddr1(ia, now)) == 0) {
860 #ifdef ALIAS_ADDR
861                 if (replaced) {
862                         struct ipv6_state *state;
863
864                         state = IPV6_STATE(ia->iface);
865                         TAILQ_REMOVE(&state->addrs, replaced_ia, next);
866                         ipv6_freeaddr(replaced_ia);
867                 }
868 #endif
869         }
870         return r;
871 }
872
873 int
874 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match,
875     unsigned int flags)
876 {
877
878         if (match == NULL) {
879                 if ((addr->flags &
880                     (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) ==
881                     (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED))
882                         return 1;
883         } else if (addr->prefix_vltime &&
884             IN6_ARE_ADDR_EQUAL(&addr->addr, match) &&
885             (!flags || addr->flags & flags))
886                 return 1;
887
888         return 0;
889 }
890
891 struct ipv6_addr *
892 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags)
893 {
894         struct ipv6_addr *dap, *nap;
895
896         dap = dhcp6_findaddr(ctx, addr, flags);
897         nap = ipv6nd_findaddr(ctx, addr, flags);
898         if (!dap && !nap)
899                 return NULL;
900         if (dap && !nap)
901                 return dap;
902         if (nap && !dap)
903                 return nap;
904         if (nap->iface->metric < dap->iface->metric)
905                 return nap;
906         return dap;
907 }
908
909 ssize_t
910 ipv6_addaddrs(struct ipv6_addrhead *addrs)
911 {
912         struct ipv6_addr *ap, *apn, *apf;
913         ssize_t i;
914         struct timespec now;
915
916         i = 0;
917         timespecclear(&now);
918         TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
919                 /* A delegated prefix is not an address. */
920                 if (ap->flags & IPV6_AF_DELEGATEDPFX)
921                         continue;
922                 if (ap->prefix_vltime == 0) {
923                         if (ap->flags & IPV6_AF_ADDED) {
924                                 ipv6_deleteaddr(ap);
925                                 i++;
926                         }
927                         eloop_q_timeout_delete(ap->iface->ctx->eloop,
928                             0, NULL, ap);
929                         if (ap->flags & IPV6_AF_REQUEST) {
930                                 ap->flags &= ~IPV6_AF_ADDED;
931                         } else {
932                                 TAILQ_REMOVE(addrs, ap, next);
933                                 ipv6_freeaddr(ap);
934                         }
935                 } else if (!(ap->flags & IPV6_AF_STALE) &&
936                     !IN6_IS_ADDR_UNSPECIFIED(&ap->addr))
937                 {
938                         apf = ipv6_findaddr(ap->iface->ctx,
939                             &ap->addr, IPV6_AF_ADDED);
940                         if (apf && apf->iface != ap->iface) {
941                                 if (apf->iface->metric <= ap->iface->metric) {
942                                         loginfox("%s: preferring %s on %s",
943                                             ap->iface->name,
944                                             ap->saddr,
945                                             apf->iface->name);
946                                         continue;
947                                 }
948                                 loginfox("%s: preferring %s on %s",
949                                     apf->iface->name,
950                                     ap->saddr,
951                                     ap->iface->name);
952                                 if (if_address6(RTM_DELADDR, apf) == -1 &&
953                                     errno != EADDRNOTAVAIL && errno != ENXIO)
954                                         logerr(__func__);
955                                 apf->flags &=
956                                     ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED);
957                         } else if (apf)
958                                 apf->flags &= ~IPV6_AF_ADDED;
959                         if (ap->flags & IPV6_AF_NEW)
960                                 i++;
961                         if (!timespecisset(&now))
962                                 clock_gettime(CLOCK_MONOTONIC, &now);
963                         ipv6_addaddr(ap, &now);
964                 }
965         }
966
967         return i;
968 }
969
970 void
971 ipv6_freeaddr(struct ipv6_addr *ia)
972 {
973 #ifndef SMALL
974         struct ipv6_addr *iad;
975
976         /* Forget the reference */
977         if (ia->flags & IPV6_AF_DELEGATEDPFX) {
978                 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) {
979                         iad->delegating_prefix = NULL;
980                 }
981         } else if (ia->delegating_prefix != NULL) {
982                 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next);
983         }
984 #endif
985
986         if (ia->dhcp6_fd != -1) {
987                 close(ia->dhcp6_fd);
988                 eloop_event_delete(ia->iface->ctx->eloop, ia->dhcp6_fd);
989         }
990
991         eloop_q_timeout_delete(ia->iface->ctx->eloop, 0, NULL, ia);
992         free(ia);
993 }
994
995 void
996 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
997     const struct interface *ifd)
998 {
999         struct ipv6_addr *ap, *apn, *apf;
1000         struct timespec now;
1001
1002 #ifdef SMALL
1003         UNUSED(ifd);
1004 #endif
1005         timespecclear(&now);
1006         TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
1007 #ifndef SMALL
1008                 if (ifd != NULL &&
1009                     (ap->delegating_prefix == NULL ||
1010                     ap->delegating_prefix->iface != ifd))
1011                         continue;
1012 #endif
1013                 if (drop != 2)
1014                         TAILQ_REMOVE(addrs, ap, next);
1015                 if (drop && ap->flags & IPV6_AF_ADDED &&
1016                     (ap->iface->options->options &
1017                     (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
1018                     (DHCPCD_EXITING | DHCPCD_PERSISTENT))
1019                 {
1020                         /* Don't drop link-local addresses. */
1021                         if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) ||
1022                             CAN_DROP_LLADDR(ap->iface))
1023                         {
1024                                 if (drop == 2)
1025                                         TAILQ_REMOVE(addrs, ap, next);
1026                                 /* Find the same address somewhere else */
1027                                 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr,
1028                                     0);
1029                                 if ((apf == NULL ||
1030                                     (apf->iface != ap->iface)))
1031                                         ipv6_deleteaddr(ap);
1032                                 if (!(ap->iface->options->options &
1033                                     DHCPCD_EXITING) && apf)
1034                                 {
1035                                         if (!timespecisset(&now))
1036                                                 clock_gettime(CLOCK_MONOTONIC,
1037                                                     &now);
1038                                         ipv6_addaddr(apf, &now);
1039                                 }
1040                                 if (drop == 2)
1041                                         ipv6_freeaddr(ap);
1042                         }
1043                 }
1044                 if (drop != 2)
1045                         ipv6_freeaddr(ap);
1046         }
1047 }
1048
1049 static struct ipv6_state *
1050 ipv6_getstate(struct interface *ifp)
1051 {
1052         struct ipv6_state *state;
1053
1054         state = IPV6_STATE(ifp);
1055         if (state == NULL) {
1056                 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
1057                 state = IPV6_STATE(ifp);
1058                 if (state == NULL) {
1059                         logerr(__func__);
1060                         return NULL;
1061                 }
1062                 TAILQ_INIT(&state->addrs);
1063                 TAILQ_INIT(&state->ll_callbacks);
1064
1065                 /* Regenerate new ids */
1066                 if (ifp->options &&
1067                     ip6_use_tempaddr(ifp->name))
1068                         ipv6_regentempifid(ifp);
1069         }
1070         return state;
1071 }
1072
1073 void
1074 ipv6_handleifa(struct dhcpcd_ctx *ctx,
1075     int cmd, struct if_head *ifs, const char *ifname,
1076     const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid)
1077 {
1078         struct interface *ifp;
1079         struct ipv6_state *state;
1080         struct ipv6_addr *ia;
1081         struct ll_callback *cb;
1082
1083 #if 0
1084         char dbuf[INET6_ADDRSTRLEN];
1085         const char *dbp;
1086
1087         dbp = inet_ntop(AF_INET6, &addr->s6_addr,
1088             dbuf, INET6_ADDRSTRLEN);
1089         loginfox("%s: cmd %d addr %s",
1090             ifname, cmd, dbp);
1091 #endif
1092
1093         if (ifs == NULL)
1094                 ifs = ctx->ifaces;
1095         if (ifs == NULL)
1096                 return;
1097         if ((ifp = if_find(ifs, ifname)) == NULL)
1098                 return;
1099         if ((state = ipv6_getstate(ifp)) == NULL)
1100                 return;
1101
1102         TAILQ_FOREACH(ia, &state->addrs, next) {
1103                 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr))
1104                         break;
1105         }
1106
1107         switch (cmd) {
1108         case RTM_DELADDR:
1109                 if (ia != NULL) {
1110                         TAILQ_REMOVE(&state->addrs, ia, next);
1111                         /* We'll free it at the end of the function. */
1112                 }
1113                 break;
1114         case RTM_NEWADDR:
1115                 if (ia == NULL) {
1116                         ia = ipv6_newaddr(ifp, addr, prefix_len, 0);
1117 #ifdef ALIAS_ADDR
1118                         strlcpy(ia->alias, ifname, sizeof(ia->alias));
1119 #endif
1120                         if (if_getlifetime6(ia) == -1) {
1121                                 /* No support or address vanished.
1122                                  * Either way, just set a deprecated
1123                                  * infinite time lifetime and continue.
1124                                  * This is fine because we only want
1125                                  * to know this when trying to extend
1126                                  * temporary addresses.
1127                                  * As we can't extend infinite, we'll
1128                                  * create a new temporary address. */
1129                                 ia->prefix_pltime = 0;
1130                                 ia->prefix_vltime =
1131                                     ND6_INFINITE_LIFETIME;
1132                         }
1133                         /* This is a minor regression against RFC 4941
1134                          * because the kernel only knows when the
1135                          * lifetimes were last updated, not when the
1136                          * address was initially created.
1137                          * Provided dhcpcd is not restarted, this
1138                          * won't be a problem.
1139                          * If we don't like it, we can always
1140                          * pretend lifetimes are infinite and always
1141                          * generate a new temporary address on
1142                          * restart. */
1143                         ia->acquired = ia->created;
1144                         TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1145                 }
1146                 ia->addr_flags = addrflags;
1147                 ia->flags &= ~IPV6_AF_STALE;
1148 #ifdef IPV6_MANAGETEMPADDR
1149                 if (ia->addr_flags & IN6_IFF_TEMPORARY)
1150                         ia->flags |= IPV6_AF_TEMPORARY;
1151 #endif
1152                 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) {
1153 #ifdef IPV6_POLLADDRFLAG
1154                         if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1155                                 struct timespec tv;
1156
1157                                 ms_to_ts(&tv, RETRANS_TIMER / 2);
1158                                 eloop_timeout_add_tv(
1159                                     ia->iface->ctx->eloop,
1160                                     &tv, ipv6_checkaddrflags, ia);
1161                                 break;
1162                         }
1163 #endif
1164
1165                         if (ia->dadcallback) {
1166                                 ia->dadcallback(ia);
1167                                 if (ctx->options & DHCPCD_FORKED)
1168                                         goto out;
1169                         }
1170
1171                         if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) &&
1172                             !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1173                         {
1174                                 /* Now run any callbacks.
1175                                  * Typically IPv6RS or DHCPv6 */
1176                                 while ((cb =
1177                                     TAILQ_FIRST(&state->ll_callbacks)))
1178                                 {
1179                                         TAILQ_REMOVE(
1180                                             &state->ll_callbacks,
1181                                             cb, next);
1182                                         cb->callback(cb->arg);
1183                                         free(cb);
1184                                         if (ctx->options & DHCPCD_FORKED)
1185                                                 goto out;
1186                                 }
1187                         }
1188                 }
1189                 break;
1190         }
1191
1192         if (ia == NULL)
1193                 return;
1194
1195         ipv6nd_handleifa(cmd, ia, pid);
1196 #ifdef DHCP6
1197         dhcp6_handleifa(cmd, ia, pid);
1198 #endif
1199
1200 out:
1201         /* Done with the ia now, so free it. */
1202         if (cmd == RTM_DELADDR)
1203                 ipv6_freeaddr(ia);
1204 }
1205
1206 int
1207 ipv6_hasaddr(const struct interface *ifp)
1208 {
1209
1210         if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL)
1211                 return 1;
1212         if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL)
1213                 return 1;
1214         return 0;
1215 }
1216
1217 struct ipv6_addr *
1218 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr,
1219     int revflags)
1220 {
1221         struct ipv6_state *state;
1222         struct ipv6_addr *ap;
1223
1224         state = IPV6_STATE(ifp);
1225         if (state) {
1226                 TAILQ_FOREACH(ap, &state->addrs, next) {
1227                         if (addr == NULL) {
1228                                 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1229                                     (!revflags || !(ap->addr_flags & revflags)))
1230                                         return ap;
1231                         } else {
1232                                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1233                                     (!revflags || !(ap->addr_flags & revflags)))
1234                                         return ap;
1235                         }
1236                 }
1237         }
1238         return NULL;
1239 }
1240
1241 static struct ipv6_addr *
1242 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr)
1243 {
1244         struct ipv6_state *state;
1245         struct ipv6_addr *ap;
1246         struct in6_addr mask;
1247
1248         state = IPV6_STATE(ifp);
1249         if (state) {
1250                 TAILQ_FOREACH(ap, &state->addrs, next) {
1251                         if (ipv6_mask(&mask, ap->prefix_len) == -1)
1252                                 continue;
1253                         if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask))
1254                                 return ap;
1255                 }
1256         }
1257         return NULL;
1258 }
1259
1260 struct ipv6_addr *
1261 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr)
1262 {
1263         struct interface *ifp;
1264         struct ipv6_addr *ap;
1265
1266         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1267                 ap = ipv6_iffindmaskaddr(ifp, addr);
1268                 if (ap != NULL)
1269                         return ap;
1270         }
1271         return NULL;
1272 }
1273
1274 int
1275 ipv6_addlinklocalcallback(struct interface *ifp,
1276     void (*callback)(void *), void *arg)
1277 {
1278         struct ipv6_state *state;
1279         struct ll_callback *cb;
1280
1281         state = ipv6_getstate(ifp);
1282         TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1283                 if (cb->callback == callback && cb->arg == arg)
1284                         break;
1285         }
1286         if (cb == NULL) {
1287                 cb = malloc(sizeof(*cb));
1288                 if (cb == NULL) {
1289                         logerr(__func__);
1290                         return -1;
1291                 }
1292                 cb->callback = callback;
1293                 cb->arg = arg;
1294                 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1295         }
1296         return 0;
1297 }
1298
1299 static struct ipv6_addr *
1300 ipv6_newlinklocal(struct interface *ifp)
1301 {
1302         struct ipv6_addr *ia;
1303         struct in6_addr in6;
1304
1305         memset(&in6, 0, sizeof(in6));
1306         in6.s6_addr32[0] = htonl(0xfe800000);
1307         ia = ipv6_newaddr(ifp, &in6, 64, 0);
1308         if (ia != NULL) {
1309                 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1310                 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1311         }
1312         return ia;
1313 }
1314
1315 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1316 static const uint8_t allone[8] =
1317     { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1318
1319 static int
1320 ipv6_addlinklocal(struct interface *ifp)
1321 {
1322         struct ipv6_state *state;
1323         struct ipv6_addr *ap, *ap2;
1324         int dadcounter;
1325
1326         /* Check sanity before malloc */
1327         if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1328                 switch (ifp->family) {
1329                 case ARPHRD_ETHER:
1330                         /* Check for a valid hardware address */
1331                         if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1332                                 errno = ENOTSUP;
1333                                 return -1;
1334                         }
1335                         if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1336                             memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1337                         {
1338                                 errno = EINVAL;
1339                                 return -1;
1340                         }
1341                         break;
1342                 default:
1343                         errno = ENOTSUP;
1344                         return -1;
1345                 }
1346         }
1347
1348         state = ipv6_getstate(ifp);
1349         if (state == NULL)
1350                 return -1;
1351
1352         ap = ipv6_newlinklocal(ifp);
1353         if (ap == NULL)
1354                 return -1;
1355
1356         dadcounter = 0;
1357         if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1358 nextslaacprivate:
1359                 if (ipv6_makestableprivate(&ap->addr,
1360                         &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1361                 {
1362                         free(ap);
1363                         return -1;
1364                 }
1365                 ap->dadcounter = dadcounter;
1366         } else {
1367                 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1368                 switch (ifp->family) {
1369                 case ARPHRD_ETHER:
1370                         if (ifp->hwlen == 6) {
1371                                 ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1372                                 ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1373                                 ap->addr.s6_addr[10] = ifp->hwaddr[2];
1374                                 ap->addr.s6_addr[11] = 0xff;
1375                                 ap->addr.s6_addr[12] = 0xfe;
1376                                 ap->addr.s6_addr[13] = ifp->hwaddr[3];
1377                                 ap->addr.s6_addr[14] = ifp->hwaddr[4];
1378                                 ap->addr.s6_addr[15] = ifp->hwaddr[5];
1379                         } else if (ifp->hwlen == 8)
1380                                 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1381                         else {
1382                                 free(ap);
1383                                 errno = ENOTSUP;
1384                                 return -1;
1385                         }
1386                         break;
1387                 }
1388
1389                 /* Sanity check: g bit must not indciate "group" */
1390                 if (EUI64_GROUP(&ap->addr)) {
1391                         free(ap);
1392                         errno = EINVAL;
1393                         return -1;
1394                 }
1395                 EUI64_TO_IFID(&ap->addr);
1396         }
1397
1398         /* Do we already have this address? */
1399         TAILQ_FOREACH(ap2, &state->addrs, next) {
1400                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1401                         if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1402                                 if (ifp->options->options &
1403                                     DHCPCD_SLAACPRIVATE)
1404                                 {
1405                                         dadcounter++;
1406                                         goto nextslaacprivate;
1407                                 }
1408                                 free(ap);
1409                                 errno = EADDRNOTAVAIL;
1410                                 return -1;
1411                         }
1412
1413                         logwarnx("%s: waiting for %s to complete",
1414                             ap2->iface->name, ap2->saddr);
1415                         free(ap);
1416                         errno = EEXIST;
1417                         return 0;
1418                 }
1419         }
1420
1421         inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1422         TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1423         ipv6_addaddr(ap, NULL);
1424         return 1;
1425 }
1426
1427 static int
1428 ipv6_tryaddlinklocal(struct interface *ifp)
1429 {
1430         struct ipv6_addr *ia;
1431
1432         /* We can't assign a link-locak address to this,
1433          * the ppp process has to. */
1434         if (ifp->flags & IFF_POINTOPOINT)
1435                 return 0;
1436
1437         ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED);
1438         if (ia != NULL) {
1439 #ifdef IPV6_POLLADDRFLAG
1440                 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1441                         struct timespec tv;
1442
1443                         ms_to_ts(&tv, RETRANS_TIMER / 2);
1444                         eloop_timeout_add_tv(
1445                             ia->iface->ctx->eloop,
1446                             &tv, ipv6_checkaddrflags, ia);
1447                 }
1448 #endif
1449                 return 0;
1450         }
1451         if (!CAN_ADD_LLADDR(ifp))
1452                 return 0;
1453
1454         return ipv6_addlinklocal(ifp);
1455 }
1456
1457 struct ipv6_addr *
1458 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr,
1459     uint8_t prefix_len, unsigned int flags)
1460 {
1461         struct ipv6_addr *ia;
1462         char buf[INET6_ADDRSTRLEN];
1463         const char *cbp;
1464         bool tempaddr;
1465         int addr_flags;
1466
1467         /* If adding a new DHCP / RA derived address, check current flags
1468          * from an existing address. */
1469         ia = ipv6_iffindaddr(ifp, addr, 0);
1470         if (ia != NULL)
1471                 addr_flags = ia->addr_flags;
1472         else
1473                 addr_flags = IN6_IFF_TENTATIVE;
1474
1475         ia = calloc(1, sizeof(*ia));
1476         if (ia == NULL)
1477                 goto err;
1478
1479         ia->iface = ifp;
1480         ia->flags = IPV6_AF_NEW | flags;
1481         ia->addr_flags = addr_flags;
1482         ia->prefix_len = prefix_len;
1483         ia->dhcp6_fd = -1;
1484
1485 #ifdef IPV6_AF_TEMPORARY
1486         tempaddr = ia->flags & IPV6_AF_TEMPORARY;
1487 #else
1488         tempaddr = false;
1489 #endif
1490
1491         if (ia->flags & IPV6_AF_AUTOCONF && !tempaddr) {
1492                 ia->prefix = *addr;
1493                 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp,
1494                                                &ia->prefix,
1495                                                ia->prefix_len);
1496                 if (ia->dadcounter == -1)
1497                         goto err;
1498         } else if (ia->flags & IPV6_AF_RAPFX) {
1499                 ia->prefix = *addr;
1500                 return ia;
1501         } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX) &&
1502                    prefix_len != 128)
1503         {
1504                 ia->prefix = *addr;
1505                 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf));
1506                 goto paddr;
1507         } else {
1508                 ia->addr = *addr;
1509                 if (ipv6_makeprefix(&ia->prefix,
1510                                     &ia->addr, ia->prefix_len) == -1)
1511                         goto err;
1512         }
1513
1514         cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1515 paddr:
1516         if (cbp == NULL)
1517                 goto err;
1518         snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len);
1519
1520         return ia;
1521
1522 err:
1523         logerr(__func__);
1524         free(ia);
1525         return NULL;
1526 }
1527
1528 static void
1529 ipv6_staticdadcallback(void *arg)
1530 {
1531         struct ipv6_addr *ia = arg;
1532         int wascompleted;
1533
1534         wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
1535         ia->flags |= IPV6_AF_DADCOMPLETED;
1536         if (ia->flags & IPV6_AF_DUPLICATED)
1537                 logwarnx("%s: DAD detected %s", ia->iface->name,
1538                     ia->saddr);
1539         else if (!wascompleted) {
1540                 logdebugx("%s: IPv6 static DAD completed",
1541                     ia->iface->name);
1542         }
1543
1544 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1545         if (!wascompleted) {
1546                 struct interface *ifp;
1547                 struct ipv6_state *state;
1548
1549                 ifp = ia->iface;
1550                 state = IPV6_STATE(ifp);
1551                 TAILQ_FOREACH(ia, &state->addrs, next) {
1552                         if (ia->flags & IPV6_AF_STATIC &&
1553                             (ia->flags & FINISHED) != FINISHED)
1554                         {
1555                                 wascompleted = 1;
1556                                 break;
1557                         }
1558                 }
1559                 if (!wascompleted)
1560                         script_runreason(ifp, "STATIC6");
1561         }
1562 #undef FINISHED
1563 }
1564
1565 ssize_t
1566 ipv6_env(char **env, const char *prefix, const struct interface *ifp)
1567 {
1568         char **ep;
1569         ssize_t n;
1570         struct ipv6_addr *ia;
1571
1572         ep = env;
1573         n = 0;
1574         ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6,
1575             IN6_IFF_NOTUSEABLE);
1576         if (ia) {
1577                 if (env)
1578                         addvar(&ep, prefix, "ip6_address", ia->saddr);
1579                 n++;
1580         }
1581
1582         return n;
1583 }
1584
1585 int
1586 ipv6_staticdadcompleted(const struct interface *ifp)
1587 {
1588         const struct ipv6_state *state;
1589         const struct ipv6_addr *ia;
1590         int n;
1591
1592         if ((state = IPV6_CSTATE(ifp)) == NULL)
1593                 return 0;
1594         n = 0;
1595 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1596         TAILQ_FOREACH(ia, &state->addrs, next) {
1597                 if ((ia->flags & COMPLETED) == COMPLETED &&
1598                     !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1599                         n++;
1600         }
1601         return n;
1602 }
1603
1604 int
1605 ipv6_startstatic(struct interface *ifp)
1606 {
1607         struct ipv6_addr *ia;
1608         int run_script;
1609
1610         if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6))
1611                 return 0;
1612
1613         ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0);
1614         if (ia != NULL &&
1615             (ia->prefix_len != ifp->options->req_prefix_len ||
1616             ia->addr_flags & IN6_IFF_NOTUSEABLE))
1617         {
1618                 ipv6_deleteaddr(ia);
1619                 ia = NULL;
1620         }
1621         if (ia == NULL) {
1622                 struct ipv6_state *state;
1623
1624                 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6,
1625                     ifp->options->req_prefix_len, 0);
1626                 if (ia == NULL)
1627                         return -1;
1628                 state = IPV6_STATE(ifp);
1629                 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1630                 run_script = 0;
1631         } else
1632                 run_script = 1;
1633         ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK;
1634         ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1635         ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1636         ia->dadcallback = ipv6_staticdadcallback;
1637         ipv6_addaddr(ia, NULL);
1638         if_initrt(ifp->ctx, AF_INET6);
1639         rt_build(ifp->ctx, AF_INET6);
1640         if (run_script)
1641                 script_runreason(ifp, "STATIC6");
1642         return 1;
1643 }
1644
1645 /* Ensure the interface has a link-local address */
1646 int
1647 ipv6_start(struct interface *ifp)
1648 {
1649 #ifdef IPV6_POLLADDRFLAG
1650         struct ipv6_state *state;
1651
1652         /* We need to update the address flags. */
1653         if ((state = IPV6_STATE(ifp)) != NULL) {
1654                 struct ipv6_addr *ia;
1655                 const char *alias;
1656                 int flags;
1657
1658                 TAILQ_FOREACH(ia, &state->addrs, next) {
1659 #ifdef ALIAS_ADDR
1660                         alias = ia->alias;
1661 #else
1662                         alias = NULL;
1663 #endif
1664                         flags = if_addrflags6(ia->iface, &ia->addr, alias);
1665                         if (flags != -1)
1666                                 ia->addr_flags = flags;
1667                 }
1668         }
1669 #endif
1670
1671         if (ipv6_tryaddlinklocal(ifp) == -1)
1672                 return -1;
1673
1674         if (IPV6_CSTATE(ifp)) {
1675                 /* Regenerate new ids */
1676                 if (ip6_use_tempaddr(ifp->name))
1677                         ipv6_regentempifid(ifp);
1678         }
1679
1680         /* Load existing routes */
1681         if_initrt(ifp->ctx, AF_INET6);
1682         return 0;
1683 }
1684
1685 void
1686 ipv6_freedrop(struct interface *ifp, int drop)
1687 {
1688         struct ipv6_state *state;
1689         struct ll_callback *cb;
1690
1691         if (ifp == NULL)
1692                 return;
1693
1694         if ((state = IPV6_STATE(ifp)) == NULL)
1695                 return;
1696
1697         /* If we got here, we can get rid of any LL callbacks. */
1698         while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1699                 TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1700                 free(cb);
1701         }
1702
1703         ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1704         if (drop) {
1705                 if (ifp->ctx->ra_routers != NULL) {
1706                         if_initrt(ifp->ctx, AF_INET6);
1707                         rt_build(ifp->ctx, AF_INET6);
1708                 }
1709         } else {
1710                 /* Because we need to cache the addresses we don't control,
1711                  * we only free the state on when NOT dropping addresses. */
1712                 free(state);
1713                 ifp->if_data[IF_DATA_IPV6] = NULL;
1714                 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1715         }
1716 }
1717
1718 void
1719 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1720 {
1721
1722         free(ctx->ra_routers);
1723         free(ctx->secret);
1724 }
1725
1726 int
1727 ipv6_handleifa_addrs(int cmd,
1728     struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid)
1729 {
1730         struct ipv6_addr *ia, *ian;
1731         uint8_t found, alldadcompleted;
1732
1733         alldadcompleted = 1;
1734         found = 0;
1735         TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
1736                 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) {
1737                         if (ia->flags & IPV6_AF_ADDED &&
1738                             !(ia->flags & IPV6_AF_DADCOMPLETED))
1739                                 alldadcompleted = 0;
1740                         continue;
1741                 }
1742                 switch (cmd) {
1743                 case RTM_DELADDR:
1744                         if (ia->flags & IPV6_AF_ADDED) {
1745                                 logwarnx("%s: pid %d deleted address %s",
1746                                     ia->iface->name, pid, ia->saddr);
1747                                 ia->flags &= ~IPV6_AF_ADDED;
1748                         }
1749                         if (ia->flags & IPV6_AF_DELEGATED) {
1750                                 TAILQ_REMOVE(addrs, ia, next);
1751                                 ipv6_deletedaddr(ia);
1752                                 ipv6_freeaddr(ia);
1753                         }
1754                         break;
1755                 case RTM_NEWADDR:
1756                         /* Safety - ignore tentative announcements */
1757                         if (addr->addr_flags &
1758                             (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE))
1759                                 break;
1760                         if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) {
1761                                 found++;
1762                                 if (addr->addr_flags & IN6_IFF_DUPLICATED)
1763                                         ia->flags |= IPV6_AF_DUPLICATED;
1764                                 else
1765                                         ia->flags &= ~IPV6_AF_DUPLICATED;
1766                                 if (ia->dadcallback)
1767                                         ia->dadcallback(ia);
1768                                 /* We need to set this here in-case the
1769                                  * dadcallback function checks it */
1770                                 ia->flags |= IPV6_AF_DADCOMPLETED;
1771                         }
1772                         break;
1773                 }
1774         }
1775
1776         return alldadcompleted ? found : 0;
1777 }
1778
1779 #ifdef IPV6_MANAGETEMPADDR
1780 static const struct ipv6_addr *
1781 ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr)
1782 {
1783         const struct interface *ifp;
1784         const struct ipv6_state *state;
1785         const struct ipv6_addr *ia;
1786
1787         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1788                 if ((state = IPV6_CSTATE(ifp))) {
1789                         TAILQ_FOREACH(ia, &state->addrs, next) {
1790                                 if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0)
1791                                         return ia;
1792                         }
1793                 }
1794         }
1795         return NULL;
1796 }
1797
1798 static const uint8_t nullid[8];
1799 static const uint8_t anycastid[8] = {
1800     0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 };
1801 static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe };
1802
1803 static void
1804 ipv6_regen_desync(struct interface *ifp, int force)
1805 {
1806         struct ipv6_state *state;
1807         time_t max;
1808
1809         state = IPV6_STATE(ifp);
1810
1811         /* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1812          * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1813          * I believe this is an error and it should be never be greateter than
1814          * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1815         max = ip6_temp_preferred_lifetime(ifp->name) - REGEN_ADVANCE;
1816         if (state->desync_factor && !force && state->desync_factor < max)
1817                 return;
1818         if (state->desync_factor == 0)
1819                 state->desync_factor =
1820                     (time_t)arc4random_uniform(MIN(MAX_DESYNC_FACTOR,
1821                     (uint32_t)max));
1822         max = ip6_temp_preferred_lifetime(ifp->name) -
1823             state->desync_factor - REGEN_ADVANCE;
1824         eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp);
1825 }
1826
1827 void
1828 ipv6_gentempifid(struct interface *ifp)
1829 {
1830         struct ipv6_state *state;
1831         MD5_CTX md5;
1832         uint8_t seed[16], digest[16];
1833         int retry;
1834
1835         if ((state = IPV6_STATE(ifp)) == NULL)
1836                 return;
1837
1838         retry = 0;
1839         if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) {
1840                 uint32_t r;
1841
1842                 r = arc4random();
1843                 memcpy(seed, &r, sizeof(r));
1844                 r = arc4random();
1845                 memcpy(seed + sizeof(r), &r, sizeof(r));
1846         } else
1847                 memcpy(seed, state->randomseed0, sizeof(state->randomseed0));
1848
1849         memcpy(seed + sizeof(state->randomseed0),
1850             state->randomseed1, sizeof(state->randomseed1));
1851
1852 again:
1853         MD5Init(&md5);
1854         MD5Update(&md5, seed, sizeof(seed));
1855         MD5Final(digest, &md5);
1856
1857         /* RFC4941 Section 3.2.1.1
1858          * Take the left-most 64bits and set bit 6 to zero */
1859         memcpy(state->randomid, digest, sizeof(state->randomid));
1860         state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT);
1861
1862         /* RFC4941 Section 3.2.1.4
1863          * Reject reserved or existing id's */
1864         if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 ||
1865             (memcmp(anycastid, state->randomid, 7) == 0 &&
1866             (anycastid[7] & state->randomid[7]) == anycastid[7]) ||
1867             memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 ||
1868             ipv6_findaddrid(ifp->ctx, state->randomid))
1869         {
1870                 if (++retry < GEN_TEMPID_RETRY_MAX) {
1871                         memcpy(seed, digest + 8, 8);
1872                         goto again;
1873                 }
1874                 memset(state->randomid, 0, sizeof(state->randomid));
1875         }
1876
1877         /* RFC4941 Section 3.2.1.6
1878          * Save the right-most 64bits of the digest */
1879         memcpy(state->randomseed0, digest + 8,
1880             sizeof(state->randomseed0));
1881 }
1882
1883 /* RFC4941 Section 3.3.7 */
1884 static void
1885 ipv6_tempdadcallback(void *arg)
1886 {
1887         struct ipv6_addr *ia = arg;
1888
1889         if (ia->flags & IPV6_AF_DUPLICATED) {
1890                 struct ipv6_addr *ia1;
1891                 struct timespec tv;
1892
1893                 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1894                         logerrx("%s: too many duplicate temporary addresses",
1895                             ia->iface->name);
1896                         return;
1897                 }
1898                 clock_gettime(CLOCK_MONOTONIC, &tv);
1899                 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1900                         logerr(__func__);
1901                 else
1902                         ia1->dadcounter = ia->dadcounter;
1903                 ipv6_deleteaddr(ia);
1904                 if (ia1)
1905                         ipv6_addaddr(ia1, &ia1->acquired);
1906         }
1907 }
1908
1909 struct ipv6_addr *
1910 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1911 {
1912         struct ipv6_state *state;
1913         const struct ipv6_state *cstate;
1914         int genid;
1915         struct in6_addr addr, mask;
1916         uint32_t randid[2];
1917         const struct interface *ifp;
1918         const struct ipv6_addr *ap;
1919         struct ipv6_addr *ia;
1920         uint32_t i, trylimit;
1921
1922         trylimit = TEMP_IDGEN_RETRIES;
1923         state = IPV6_STATE(ia0->iface);
1924         genid = 0;
1925
1926         addr = ia0->addr;
1927         ipv6_mask(&mask, ia0->prefix_len);
1928         /* clear the old ifid */
1929         for (i = 0; i < 4; i++)
1930                 addr.s6_addr32[i] &= mask.s6_addr32[i];
1931
1932 again:
1933         if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0)
1934                 genid = 1;
1935         if (genid) {
1936                 memcpy(state->randomseed1, &ia0->addr.s6_addr[8],
1937                     sizeof(state->randomseed1));
1938                 ipv6_gentempifid(ia0->iface);
1939                 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) {
1940                         errno = EFAULT;
1941                         return NULL;
1942                 }
1943         }
1944         memcpy(&randid[0], state->randomid, sizeof(randid[0]));
1945         memcpy(&randid[1], state->randomid + sizeof(randid[1]),
1946             sizeof(randid[2]));
1947         addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2];
1948         addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3];
1949
1950         /* Ensure we don't already have it */
1951         TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) {
1952                 cstate = IPV6_CSTATE(ifp);
1953                 if (cstate) {
1954                         TAILQ_FOREACH(ap, &cstate->addrs, next) {
1955                                 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) {
1956                                         if (--trylimit == 0) {
1957                                                 errno = EEXIST;
1958                                                 return NULL;
1959                                         }
1960                                         genid = 1;
1961                                         goto again;
1962                                 }
1963                         }
1964                 }
1965         }
1966
1967         ia = ipv6_newaddr(ia0->iface, &addr, ia0->prefix_len,
1968             IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY);
1969         /* Must be made tentative, for our DaD to work */
1970         ia->addr_flags = IN6_IFF_TENTATIVE;
1971         ia->dadcallback = ipv6_tempdadcallback;
1972         ia->created = ia->acquired = now ? *now : ia0->acquired;
1973
1974         /* Ensure desync is still valid */
1975         ipv6_regen_desync(ia->iface, 0);
1976
1977         /* RFC4941 Section 3.3.4 */
1978         i = (uint32_t)(ip6_temp_preferred_lifetime(ia0->iface->name) -
1979             state->desync_factor);
1980         ia->prefix_pltime = MIN(ia0->prefix_pltime, i);
1981         i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name);
1982         ia->prefix_vltime = MIN(ia0->prefix_vltime, i);
1983         if (ia->prefix_pltime <= REGEN_ADVANCE ||
1984             ia->prefix_pltime > ia0->prefix_vltime)
1985         {
1986                 errno = EINVAL;
1987                 free(ia);
1988                 return NULL;
1989         }
1990
1991         TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1992         return ia;
1993 }
1994
1995 struct ipv6_addr *
1996 ipv6_settemptime(struct ipv6_addr *ia, int flags)
1997 {
1998         struct ipv6_state *state;
1999         struct ipv6_addr *ap, *first;
2000
2001         state = IPV6_STATE(ia->iface);
2002         first = NULL;
2003         TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
2004                 if (ap->flags & IPV6_AF_TEMPORARY &&
2005                     ap->prefix_pltime &&
2006                     IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
2007                 {
2008                         time_t max, ext;
2009
2010                         if (flags == 0) {
2011                                 if (ap->prefix_pltime -
2012                                     (uint32_t)(ia->acquired.tv_sec -
2013                                     ap->acquired.tv_sec)
2014                                     < REGEN_ADVANCE)
2015                                         continue;
2016
2017                                 return ap;
2018                         }
2019
2020                         if (!(ap->flags & IPV6_AF_ADDED))
2021                                 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
2022                         ap->flags &= ~IPV6_AF_STALE;
2023
2024                         /* RFC4941 Section 3.4
2025                          * Deprecated prefix, deprecate the temporary address */
2026                         if (ia->prefix_pltime == 0) {
2027                                 ap->prefix_pltime = 0;
2028                                 goto valid;
2029                         }
2030
2031                         /* Ensure desync is still valid */
2032                         ipv6_regen_desync(ap->iface, 0);
2033
2034                         /* RFC4941 Section 3.3.2
2035                          * Extend temporary times, but ensure that they
2036                          * never last beyond the system limit. */
2037                         ext = ia->acquired.tv_sec + (time_t)ia->prefix_pltime;
2038                         max = ap->created.tv_sec +
2039                             ip6_temp_preferred_lifetime(ap->iface->name) -
2040                             state->desync_factor;
2041                         if (ext < max)
2042                                 ap->prefix_pltime = ia->prefix_pltime;
2043                         else
2044                                 ap->prefix_pltime =
2045                                     (uint32_t)(max - ia->acquired.tv_sec);
2046
2047 valid:
2048                         ext = ia->acquired.tv_sec + (time_t)ia->prefix_vltime;
2049                         max = ap->created.tv_sec +
2050                             ip6_temp_valid_lifetime(ap->iface->name);
2051                         if (ext < max)
2052                                 ap->prefix_vltime = ia->prefix_vltime;
2053                         else
2054                                 ap->prefix_vltime =
2055                                     (uint32_t)(max - ia->acquired.tv_sec);
2056
2057                         /* Just extend the latest matching prefix */
2058                         ap->acquired = ia->acquired;
2059
2060                         /* If extending return the last match as
2061                          * it's the most current.
2062                          * If deprecating, deprecate any other addresses we
2063                          * may have, although this should not be needed */
2064                         if (ia->prefix_pltime)
2065                                 return ap;
2066                         if (first == NULL)
2067                                 first = ap;
2068                 }
2069         }
2070         return first;
2071 }
2072
2073 void
2074 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
2075 {
2076         struct ipv6_state *state;
2077         struct ipv6_addr *ia;
2078
2079         state = IPV6_STATE(ifp);
2080         TAILQ_FOREACH(ia, &state->addrs, next) {
2081                 if (ia->flags & IPV6_AF_TEMPORARY &&
2082                     !(ia->flags & IPV6_AF_STALE))
2083                         ipv6_addaddr(ia, now);
2084         }
2085 }
2086
2087 static void
2088 ipv6_regentempaddr(void *arg)
2089 {
2090         struct ipv6_addr *ia = arg, *ia1;
2091         struct timespec tv;
2092
2093         logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr);
2094         clock_gettime(CLOCK_MONOTONIC, &tv);
2095         ia1 = ipv6_createtempaddr(ia, &tv);
2096         if (ia1)
2097                 ipv6_addaddr(ia1, &tv);
2098         else
2099                 logerr(__func__);
2100 }
2101
2102 static void
2103 ipv6_regentempifid(void *arg)
2104 {
2105         struct interface *ifp = arg;
2106         struct ipv6_state *state;
2107
2108         state = IPV6_STATE(ifp);
2109         if (memcmp(state->randomid, nullid, sizeof(state->randomid)))
2110                 ipv6_gentempifid(ifp);
2111
2112         ipv6_regen_desync(ifp, 1);
2113 }
2114 #endif /* IPV6_MANAGETEMPADDR */
2115
2116 void
2117 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags)
2118 {
2119         struct ipv6_state *state;
2120         struct ipv6_addr *ia;
2121
2122         state = IPV6_STATE(ifp);
2123         if (state == NULL)
2124                 return;
2125
2126         TAILQ_FOREACH(ia, &state->addrs, next) {
2127                 if (flags == 0 || ia->flags & flags)
2128                         ia->flags |= IPV6_AF_STALE;
2129         }
2130 }
2131
2132 void
2133 ipv6_deletestaleaddrs(struct interface *ifp)
2134 {
2135         struct ipv6_state *state;
2136         struct ipv6_addr *ia, *ia1;
2137
2138         state = IPV6_STATE(ifp);
2139         if (state == NULL)
2140                 return;
2141
2142         TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) {
2143                 if (ia->flags & IPV6_AF_STALE)
2144                         ipv6_handleifa(ifp->ctx, RTM_DELADDR,
2145                             ifp->ctx->ifaces, ifp->name,
2146                             &ia->addr, ia->prefix_len, 0, getpid());
2147         }
2148 }
2149
2150
2151 static struct rt *
2152 inet6_makeroute(struct interface *ifp, const struct ra *rap)
2153 {
2154         struct rt *rt;
2155
2156         if ((rt = rt_new(ifp)) == NULL)
2157                 return NULL;
2158
2159 #ifdef HAVE_ROUTE_METRIC
2160         rt->rt_metric = ifp->metric;
2161 #endif
2162         if (rap != NULL)
2163                 rt->rt_mtu = rap->mtu;
2164         return rt;
2165 }
2166
2167 static struct rt *
2168 inet6_makeprefix(struct interface *ifp, const struct ra *rap,
2169     const struct ipv6_addr *addr)
2170 {
2171         struct rt *rt;
2172         struct in6_addr netmask;
2173
2174         if (addr == NULL || addr->prefix_len > 128) {
2175                 errno = EINVAL;
2176                 return NULL;
2177         }
2178
2179         /* There is no point in trying to manage a /128 prefix,
2180          * ones without a lifetime or ones not on link or delegated */
2181         if (addr->prefix_len == 128 ||
2182             addr->prefix_vltime == 0 ||
2183             !(addr->flags & (IPV6_AF_ONLINK | IPV6_AF_DELEGATEDPFX)))
2184                 return NULL;
2185
2186         /* Don't install a reject route when not creating bigger prefixes */
2187         if (addr->flags & IPV6_AF_NOREJECT)
2188                 return NULL;
2189
2190         /* This address is the delegated prefix, so add a reject route for
2191          * it via the loopback interface. */
2192         if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2193                 struct interface *lo0;
2194
2195                 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) {
2196                         if (lo0->flags & IFF_LOOPBACK)
2197                                 break;
2198                 }
2199                 if (lo0 == NULL)
2200                         logwarnx("cannot find a loopback interface "
2201                             "to reject via");
2202                 else
2203                         ifp = lo0;
2204         }
2205
2206         if ((rt = inet6_makeroute(ifp, rap)) == NULL)
2207                 return NULL;
2208
2209         sa_in6_init(&rt->rt_dest, &addr->prefix);
2210         ipv6_mask(&netmask, addr->prefix_len);
2211         sa_in6_init(&rt->rt_netmask, &netmask);
2212         if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2213                 rt->rt_flags |= RTF_REJECT;
2214                 /* Linux does not like a gateway for a reject route. */
2215 #ifndef __linux__
2216                 sa_in6_init(&rt->rt_gateway, &in6addr_loopback);
2217 #endif
2218         } else
2219                 rt->rt_gateway.sa_family = AF_UNSPEC;
2220         sa_in6_init(&rt->rt_ifa, &addr->addr);
2221         return rt;
2222 }
2223
2224 static struct rt *
2225 inet6_makerouter(struct ra *rap)
2226 {
2227         struct rt *rt;
2228
2229         if ((rt = inet6_makeroute(rap->iface, rap)) == NULL)
2230                 return NULL;
2231         sa_in6_init(&rt->rt_dest, &in6addr_any);
2232         sa_in6_init(&rt->rt_netmask, &in6addr_any);
2233         sa_in6_init(&rt->rt_gateway, &rap->from);
2234         return rt;
2235 }
2236
2237 #define RT_IS_DEFAULT(rtp) \
2238         (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) &&                  \
2239             IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any))
2240
2241 static int
2242 inet6_staticroutes(struct rt_head *routes, struct dhcpcd_ctx *ctx)
2243 {
2244         struct interface *ifp;
2245         struct ipv6_state *state;
2246         struct ipv6_addr *ia;
2247         struct rt *rt;
2248
2249         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2250                 if ((state = IPV6_STATE(ifp)) == NULL)
2251                         continue;
2252                 TAILQ_FOREACH(ia, &state->addrs, next) {
2253                         if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) ==
2254                             (IPV6_AF_ADDED | IPV6_AF_STATIC))
2255                         {
2256                                 rt = inet6_makeprefix(ifp, NULL, ia);
2257                                 if (rt)
2258                                         TAILQ_INSERT_TAIL(routes, rt, rt_next);
2259                         }
2260                 }
2261         }
2262         return 0;
2263 }
2264
2265 static int
2266 inet6_raroutes(struct rt_head *routes, struct dhcpcd_ctx *ctx, int expired,
2267     bool *have_default)
2268 {
2269         struct rt *rt;
2270         struct ra *rap;
2271         const struct ipv6_addr *addr;
2272
2273         TAILQ_FOREACH(rap, ctx->ra_routers, next) {
2274                 if (rap->expired != expired)
2275                         continue;
2276                 TAILQ_FOREACH(addr, &rap->addrs, next) {
2277                         if (addr->prefix_vltime == 0)
2278                                 continue;
2279                         rt = inet6_makeprefix(rap->iface, rap, addr);
2280                         if (rt) {
2281                                 rt->rt_dflags |= RTDF_RA;
2282                                 TAILQ_INSERT_TAIL(routes, rt, rt_next);
2283                         }
2284                 }
2285                 if (rap->lifetime) {
2286                         rt = inet6_makerouter(rap);
2287                         if (rt) {
2288                                 rt->rt_dflags |= RTDF_RA;
2289                                 TAILQ_INSERT_TAIL(routes, rt, rt_next);
2290                                 if (have_default)
2291                                         *have_default = true;
2292                         }
2293                 }
2294         }
2295         return 0;
2296 }
2297
2298 static int
2299 inet6_dhcproutes(struct rt_head *routes, struct dhcpcd_ctx *ctx,
2300     enum DH6S dstate)
2301 {
2302         struct interface *ifp;
2303         const struct dhcp6_state *d6_state;
2304         const struct ipv6_addr *addr;
2305         struct rt *rt;
2306
2307         TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2308                 d6_state = D6_CSTATE(ifp);
2309                 if (d6_state && d6_state->state == dstate) {
2310                         TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2311                                 rt = inet6_makeprefix(ifp, NULL, addr);
2312                                 if (rt) {
2313                                         rt->rt_dflags |= RTDF_DHCP;
2314                                         TAILQ_INSERT_TAIL(routes, rt, rt_next);
2315                                 }
2316                         }
2317                 }
2318         }
2319         return 0;
2320 }
2321
2322 bool
2323 inet6_getroutes(struct dhcpcd_ctx *ctx, struct rt_head *routes)
2324 {
2325         bool have_default;
2326
2327         /* Should static take priority? */
2328         if (inet6_staticroutes(routes, ctx) == -1)
2329                 return false;
2330
2331         /* First add reachable routers and their prefixes */
2332         have_default = false;
2333         if (inet6_raroutes(routes, ctx, 0, &have_default) == -1)
2334                 return false;
2335
2336         /* We have no way of knowing if prefixes added by DHCP are reachable
2337          * or not, so we have to assume they are.
2338          * Add bound before delegated so we can prefer interfaces better */
2339         if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1)
2340                 return false;
2341         if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1)
2342                 return false;
2343
2344 #ifdef HAVE_ROUTE_METRIC
2345         /* If we have an unreachable router, we really do need to remove the
2346          * route to it beause it could be a lower metric than a reachable
2347          * router. Of course, we should at least have some routers if all
2348          * are unreachable. */
2349         if (!have_default) {
2350 #endif
2351         /* Add our non-reachable routers and prefixes
2352          * Unsure if this is needed, but it's a close match to kernel
2353          * behaviour */
2354                 if (inet6_raroutes(routes, ctx, 1, NULL) == -1)
2355                         return false;
2356 #ifdef HAVE_ROUTE_METRIC
2357         }
2358 #endif
2359
2360         return true;
2361 }
DragonFly Project Source