1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * dhcpcd - DHCP client daemon
4 * Copyright (c) 2006-2023 Roy Marples <roy@marples.name>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/param.h>
30 #include <sys/types.h>
31 #include <sys/socket.h>
34 #include <arpa/inet.h>
36 #include <net/route.h>
37 #include <netinet/in.h>
38 #include <netinet/if_ether.h>
42 #ifdef HAVE_SYS_BITOPS_H
43 #include <sys/bitops.h>
45 #include "compat/bitops.h"
49 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used
50 * to generate our CAN_ADD_LLADDR #define. */
51 # include <netinet6/in6_var.h>
52 # include <netinet6/nd6.h>
63 #define ELOOP_QUEUE ELOOP_IPV6
86 #ifndef SHA256_DIGEST_LENGTH
87 # define SHA256_DIGEST_LENGTH 32
90 #ifdef IPV6_POLLADDRFLAG
91 # warning kernel does not report IPv6 address flag changes
92 # warning polling tentative address flags periodically
95 /* Hackery at it's finest. */
98 # define s6_addr32 _S6_un._S6_u32
100 # define s6_addr32 __u6_addr.__u6_addr32
104 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \
105 defined(IFF_NOLINKLOCAL)
106 /* Only add the LL address if we have a carrier, so DaD works. */
107 #define CAN_ADD_LLADDR(ifp) \
108 (!((ifp)->options->options & DHCPCD_LINK) || if_is_link_up((ifp)))
110 /* Although we can add our own LL address, we cannot drop it
111 * without unplumbing the if which is a lot of code.
112 * So just keep it for the time being. */
113 #define CAN_DROP_LLADDR(ifp) (0)
115 #define CAN_DROP_LLADDR(ifp) (1)
118 /* We have no control over the OS adding the LLADDR, so just let it do it
119 * as we cannot force our own view on it. */
120 #define CAN_ADD_LLADDR(ifp) (0)
121 #define CAN_DROP_LLADDR(ifp) (0)
124 #ifdef IPV6_MANAGETEMPADDR
125 static void ipv6_regentempaddr(void *);
129 ipv6_init(struct dhcpcd_ctx *ctx)
132 if (ctx->ra_routers != NULL)
135 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
136 if (ctx->ra_routers == NULL)
138 TAILQ_INIT(ctx->ra_routers);
151 ipv6_readsecret(struct dhcpcd_ctx *ctx)
158 ctx->secret_len = dhcp_read_hwaddr_aton(ctx, &ctx->secret, SECRET);
159 if (ctx->secret_len != 0)
160 return (ssize_t)ctx->secret_len;
163 logerr("%s: cannot read secret", __func__);
165 /* Chaining arc4random should be good enough.
166 * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
167 * To attempt and future proof ourselves, we'll generate a key of
168 * 512 bits (64 bytes). */
169 if (ctx->secret_len < 64) {
170 if ((ctx->secret = malloc(64)) == NULL) {
174 ctx->secret_len = 64;
177 for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
179 memcpy(p, &r, sizeof(r));
183 hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line));
185 if (len < sizeof(line) - 2) {
189 if (dhcp_writefile(ctx, SECRET, S_IRUSR, line, len) == -1) {
190 logerr("%s: cannot write secret", __func__);
194 return (ssize_t)ctx->secret_len;
197 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
199 static const struct reslowhigh {
200 const uint8_t high[8];
201 const uint8_t low[8];
203 /* RFC4291 + RFC6543 */
204 { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
205 { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
207 { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
208 { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
212 ipv6_reserved(const struct in6_addr *addr)
214 uint64_t id, low, high;
216 const struct reslowhigh *r;
218 id = be64dec(addr->s6_addr + sizeof(id));
219 if (id == 0) /* RFC4291 */
221 for (i = 0; i < __arraycount(reslowhigh); i++) {
223 low = be64dec(r->low);
224 high = be64dec(r->high);
225 if (id >= low && id <= high)
233 ipv6_makestableprivate1(struct dhcpcd_ctx *ctx,
234 struct in6_addr *addr, const struct in6_addr *prefix, int prefix_len,
235 const unsigned char *netiface, size_t netiface_len,
236 const unsigned char *netid, size_t netid_len,
237 unsigned short vlanid,
238 uint32_t *dad_counter)
240 unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
244 if (prefix_len < 0 || prefix_len > 120) {
249 if (ctx->secret_len == 0) {
250 if (ipv6_readsecret(ctx) == -1)
254 l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
255 len = l + netiface_len + netid_len + sizeof(*dad_counter) +
258 len += sizeof(vlanid);
259 if (len > sizeof(buf)) {
264 for (;; (*dad_counter)++) {
265 /* Combine all parameters into one buffer */
267 memcpy(p, prefix, l);
269 memcpy(p, netiface, netiface_len);
271 memcpy(p, netid, netid_len);
273 /* Don't use a vlanid if not set.
274 * This ensures prior versions have the same unique address. */
276 memcpy(p, &vlanid, sizeof(vlanid));
279 memcpy(p, dad_counter, sizeof(*dad_counter));
280 p += sizeof(*dad_counter);
281 memcpy(p, ctx->secret, ctx->secret_len);
283 /* Make an address using the digest of the above.
284 * RFC7217 Section 5.1 states that we shouldn't use MD5.
285 * Pity as we use that for HMAC-MD5 which is still deemed OK.
286 * SHA-256 is recommended */
287 SHA256_Init(&sha_ctx);
288 SHA256_Update(&sha_ctx, buf, len);
289 SHA256_Final(digest, &sha_ctx);
292 memcpy(p, prefix, l);
293 /* RFC7217 section 5.2 says we need to start taking the id from
294 * the least significant bit */
295 len = sizeof(addr->s6_addr) - l;
296 memcpy(p + l, digest + (sizeof(digest) - len), len);
298 /* Ensure that the Interface ID does not match a reserved one,
299 * if it does then treat it as a DAD failure.
300 * RFC7217 section 5.2 */
301 if (prefix_len != 64)
303 if (!ipv6_reserved(addr))
311 ipv6_makestableprivate(struct in6_addr *addr,
312 const struct in6_addr *prefix, int prefix_len,
313 const struct interface *ifp,
319 dad = (uint32_t)*dad_counter;
321 /* For our implementation, we shall set the hardware address
322 * as the interface identifier */
323 r = ipv6_makestableprivate1(ifp->ctx, addr, prefix, prefix_len,
324 ifp->hwaddr, ifp->hwlen,
325 ifp->ssid, ifp->ssid_len,
329 *dad_counter = (int)dad;
333 #ifdef IPV6_AF_TEMPORARY
335 ipv6_maketemporaryaddress(struct in6_addr *addr,
336 const struct in6_addr *prefix, int prefix_len,
337 const struct interface *ifp)
339 struct in6_addr mask;
340 struct interface *ifpn;
342 if (ipv6_mask(&mask, prefix_len) == -1)
347 addr->s6_addr32[2] |= (arc4random() & ~mask.s6_addr32[2]);
348 addr->s6_addr32[3] |= (arc4random() & ~mask.s6_addr32[3]);
350 TAILQ_FOREACH(ifpn, ifp->ctx->ifaces, next) {
351 if (ipv6_iffindaddr(ifpn, addr, 0) != NULL)
356 if (ipv6_reserved(addr))
363 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
365 struct in6_addr mask;
368 if (ipv6_mask(&mask, len) == -1)
371 for (i = 0; i < sizeof(prefix->s6_addr); i++)
372 prefix->s6_addr[i] &= mask.s6_addr[i];
377 ipv6_mask(struct in6_addr *mask, int len)
379 static const unsigned char masks[NBBY] =
380 { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
383 if (len < 0 || len > 128) {
388 memset(mask, 0, sizeof(*mask));
391 for (i = 0; i < bytes; i++)
392 mask->s6_addr[i] = 0xff;
394 /* Coverify false positive.
395 * bytelen cannot be 16 if bitlen is non zero */
396 /* coverity[overrun-local] */
397 mask->s6_addr[bytes] = masks[bits - 1];
403 ipv6_prefixlen(const struct in6_addr *mask)
406 const unsigned char *lim, *p;
408 lim = (const unsigned char *)mask + sizeof(*mask);
409 for (p = (const unsigned char *)mask; p < lim; x++, p++) {
415 for (y = 0; y < NBBY; y++) {
416 if ((*p & (0x80 >> y)) == 0)
422 * when the limit pointer is given, do a stricter check on the
426 if (y != 0 && (*p & (0x00ff >> y)) != 0)
428 for (p = p + 1; p < lim; p++)
433 return (uint8_t)(x * NBBY + y);
437 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp,
438 const struct in6_addr *prefix, int prefix_len, unsigned int flags)
440 const struct ipv6_addr *ap;
441 const struct if_options *ifo = ifp->options;
444 if (prefix_len < 0 || prefix_len > 120) {
449 #ifdef IPV6_AF_TEMPORARY
450 if (flags & IPV6_AF_TEMPORARY)
451 return ipv6_maketemporaryaddress(addr, prefix, prefix_len, ifp);
456 if (ifo->options & DHCPCD_SLAACPRIVATE) {
458 if (ipv6_makestableprivate(addr,
459 prefix, prefix_len, ifp, &dad) == -1)
462 } else if (!IN6_IS_ADDR_UNSPECIFIED(&ifo->token)) {
463 int bytes = prefix_len / NBBY;
464 int bits = prefix_len % NBBY;
466 // Copy the token into the address.
469 // If we have any dangling bits, just copy that in also.
470 // XXX Can we preserve part of the token still?
474 // Copy the prefix in.
476 memcpy(addr->s6_addr, prefix->s6_addr, (size_t)bytes);
480 if (prefix_len > 64) {
484 if ((ap = ipv6_linklocal(ifp)) == NULL) {
485 /* We delay a few functions until we get a local-link address
486 * so this should never be hit. */
491 /* Make the address from the first local-link address */
492 memcpy(addr, prefix, sizeof(*prefix));
493 addr->s6_addr32[2] = ap->addr.s6_addr32[2];
494 addr->s6_addr32[3] = ap->addr.s6_addr32[3];
499 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
502 *vhigh = be64dec(addr->s6_addr);
503 *vlow = be64dec(addr->s6_addr + 8);
507 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
510 be64enc(addr->s6_addr, vhigh);
511 be64enc(addr->s6_addr + 8, vlow);
516 const struct in6_addr *prefix, // prefix from router
517 short prefix_len, // length of prefix received
518 uint64_t user_number, // "random" number from user
519 struct in6_addr *result, // resultant prefix
520 short result_len) // desired prefix length
522 uint64_t vh, vl, user_low, user_high;
524 if (prefix_len < 1 || prefix_len > 128 ||
525 result_len < 1 || result_len > 128)
531 /* Check that the user_number fits inside result_len less prefix_len */
532 if (result_len < prefix_len ||
533 fls64(user_number) > result_len - prefix_len)
539 /* If user_number is zero, just copy the prefix into the result. */
540 if (user_number == 0) {
545 /* Shift user_number so it fit's just inside result_len.
546 * Shifting by 0 or sizeof(user_number) is undefined,
547 * so we cater for that. */
548 if (result_len == 128) {
550 user_low = user_number;
551 } else if (result_len > 64) {
552 if (prefix_len >= 64)
555 user_high = user_number >> (result_len - prefix_len);
556 user_low = user_number << (128 - result_len);
557 } else if (result_len == 64) {
558 user_high = user_number;
561 user_high = user_number << (64 - result_len);
565 /* convert to two 64bit host order values */
566 in6_to_h64(&vh, &vl, prefix);
571 /* copy back result */
572 h64_to_in6(result, vh, vl);
577 #ifdef IPV6_POLLADDRFLAG
579 ipv6_checkaddrflags(void *arg)
581 struct ipv6_addr *ia;
591 if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) {
592 if (errno != EEXIST && errno != EADDRNOTAVAIL)
593 logerr("%s: if_addrflags6", __func__);
597 if (!(flags & IN6_IFF_TENTATIVE)) {
598 /* Simulate the kernel announcing the new address. */
599 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR,
600 ia->iface->ctx->ifaces, ia->iface->name,
601 &ia->addr, ia->prefix_len, flags, 0);
603 /* Still tentative? Check again in a bit. */
604 eloop_timeout_add_msec(ia->iface->ctx->eloop,
605 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
611 ipv6_deletedaddr(struct ipv6_addr *ia)
616 if (!(ia->iface->ctx->options & DHCPCD_MANAGER))
617 ps_inet_closedhcp6(ia);
621 /* NOREJECT is set if we delegated exactly the prefix to another
623 * This can only be one address, so just clear the flag.
624 * This should ensure the reject route will be restored. */
625 if (ia->delegating_prefix != NULL)
626 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT;
634 ipv6_deleteaddr(struct ipv6_addr *ia)
636 struct ipv6_state *state;
637 struct ipv6_addr *ap;
639 loginfox("%s: deleting address %s", ia->iface->name, ia->saddr);
640 if (if_address6(RTM_DELADDR, ia) == -1 &&
641 errno != EADDRNOTAVAIL && errno != ESRCH &&
642 errno != ENXIO && errno != ENODEV)
645 ipv6_deletedaddr(ia);
647 state = IPV6_STATE(ia->iface);
648 TAILQ_FOREACH(ap, &state->addrs, next) {
649 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
650 TAILQ_REMOVE(&state->addrs, ap, next);
657 /* Advertise the address if it exists on another interface. */
658 ipv6nd_advertise(ia);
663 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now)
665 struct interface *ifp;
666 uint32_t pltime, vltime;
669 bool vltime_was_zero = ia->prefix_vltime == 0;
672 struct ipv6_state *state;
673 struct ipv6_addr *ia2;
675 /* If we re-add then address on Solaris then the prefix
676 * route will be scrubbed and re-added. Something might
677 * be using it, so let's avoid it. */
678 if (ia->flags & IPV6_AF_DADCOMPLETED) {
679 logdebugx("%s: IP address %s already exists",
680 ia->iface->name, ia->saddr);
689 /* Remember the interface of the address. */
692 if (!(ia->flags & IPV6_AF_DADCOMPLETED) &&
693 ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE))
694 ia->flags |= IPV6_AF_DADCOMPLETED;
696 /* Adjust plftime and vltime based on acquired time */
697 pltime = ia->prefix_pltime;
698 vltime = ia->prefix_vltime;
700 if (ifp->options->options & DHCPCD_LASTLEASE_EXTEND) {
701 /* We don't want the kernel to expire the address.
702 * The saved times will be re-applied to the ia
703 * before exiting this function. */
704 ia->prefix_vltime = ia->prefix_pltime = ND6_INFINITE_LIFETIME;
707 if (timespecisset(&ia->acquired) &&
708 (ia->prefix_pltime != ND6_INFINITE_LIFETIME ||
709 ia->prefix_vltime != ND6_INFINITE_LIFETIME))
715 clock_gettime(CLOCK_MONOTONIC, &n);
718 elapsed = (uint32_t)eloop_timespec_diff(now, &ia->acquired,
720 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) {
721 if (elapsed > ia->prefix_pltime)
722 ia->prefix_pltime = 0;
724 ia->prefix_pltime -= elapsed;
726 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) {
727 if (elapsed > ia->prefix_vltime)
728 ia->prefix_vltime = 0;
730 ia->prefix_vltime -= elapsed;
734 loglevel = ia->flags & IPV6_AF_NEW ? LOG_INFO : LOG_DEBUG;
735 logmessage(loglevel, "%s: adding %saddress %s", ifp->name,
736 #ifdef IPV6_AF_TEMPORARY
737 ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "",
742 if (ia->prefix_pltime == ND6_INFINITE_LIFETIME &&
743 ia->prefix_vltime == ND6_INFINITE_LIFETIME)
744 logdebugx("%s: pltime infinity, vltime infinity",
746 else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME)
747 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds",
748 ifp->name, ia->prefix_vltime);
749 else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME)
750 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity",
751 ifp->name, ia->prefix_pltime);
753 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32
755 ifp->name, ia->prefix_pltime, ia->prefix_vltime);
757 if (if_address6(RTM_NEWADDR, ia) == -1) {
759 /* Restore real pltime and vltime */
760 ia->prefix_pltime = pltime;
761 ia->prefix_vltime = vltime;
765 #ifdef IPV6_MANAGETEMPADDR
766 /* RFC4941 Section 3.4 */
767 if (ia->flags & IPV6_AF_TEMPORARY &&
770 ifp->options->options & DHCPCD_SLAACTEMP)
771 eloop_timeout_add_sec(ifp->ctx->eloop,
772 ia->prefix_pltime - REGEN_ADVANCE,
773 ipv6_regentempaddr, ia);
776 /* Restore real pltime and vltime */
777 ia->prefix_pltime = pltime;
778 ia->prefix_vltime = vltime;
780 ia->flags &= ~IPV6_AF_NEW;
781 ia->flags |= IPV6_AF_ADDED;
783 if (ia->delegating_prefix != NULL)
784 ia->flags |= IPV6_AF_DELEGATED;
787 #ifdef IPV6_POLLADDRFLAG
788 eloop_timeout_delete(ifp->ctx->eloop,
789 ipv6_checkaddrflags, ia);
790 if (!(ia->flags & IPV6_AF_DADCOMPLETED)) {
791 eloop_timeout_add_msec(ifp->ctx->eloop,
792 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
797 /* Solaris does not announce new addresses which need DaD
798 * so we need to take a copy and add it to our list.
799 * Otherwise aliasing gets confused if we add another
800 * address during DaD. */
802 state = IPV6_STATE(ifp);
803 TAILQ_FOREACH(ia2, &state->addrs, next) {
804 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr))
808 if ((ia2 = malloc(sizeof(*ia2))) == NULL) {
810 return 0; /* Well, we did add the address */
812 memcpy(ia2, ia, sizeof(*ia2));
813 TAILQ_INSERT_TAIL(&state->addrs, ia2, next);
821 /* Re-advertise the preferred address to be safe. */
822 if (!vltime_was_zero)
823 ipv6nd_advertise(ia);
830 /* Find the next logical alias address we can use. */
832 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl)
834 struct ipv6_state *state;
835 struct ipv6_addr *iap;
837 char alias[IF_NAMESIZE];
839 if (ia->alias[0] != '\0')
841 state = IPV6_STATE(ia->iface);
843 /* First find an existng address.
844 * This can happen when dhcpcd restarts as ND and DHCPv6
845 * maintain their own lists of addresses. */
846 TAILQ_FOREACH(iap, &state->addrs, next) {
847 if (iap->alias[0] != '\0' &&
848 IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
850 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
857 if (if_makealias(alias, IF_NAMESIZE, ia->iface->name, lun) >=
863 TAILQ_FOREACH(iap, &state->addrs, next) {
864 if (iap->alias[0] == '\0')
866 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) {
867 /* No address assigned? Lets use it. */
868 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
873 if (strcmp(iap->alias, alias) == 0)
878 if (lun == UINT_MAX) {
886 strlcpy(ia->alias, alias, sizeof(ia->alias));
892 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now)
897 struct ipv6_addr *replaced_ia;
899 blank = (ia->alias[0] == '\0');
900 if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1)
903 logdebugx("%s: aliased %s", ia->alias, ia->saddr);
906 if ((r = ipv6_addaddr1(ia, now)) == 0) {
909 struct ipv6_state *state;
911 state = IPV6_STATE(ia->iface);
912 TAILQ_REMOVE(&state->addrs, replaced_ia, next);
913 ipv6_freeaddr(replaced_ia);
921 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match,
927 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) ==
928 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED))
930 } else if (addr->prefix_vltime &&
931 IN6_ARE_ADDR_EQUAL(&addr->addr, match) &&
932 (!flags || addr->flags & flags))
939 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags)
941 struct ipv6_addr *nap;
943 struct ipv6_addr *dap;
946 nap = ipv6nd_findaddr(ctx, addr, flags);
948 dap = dhcp6_findaddr(ctx, addr, flags);
955 if (nap->iface->metric < dap->iface->metric)
964 ipv6_doaddr(struct ipv6_addr *ia, struct timespec *now)
967 /* A delegated prefix is not an address. */
968 if (ia->flags & IPV6_AF_DELEGATEDPFX)
971 if (ia->prefix_vltime == 0) {
972 if (ia->flags & IPV6_AF_ADDED)
974 eloop_q_timeout_delete(ia->iface->ctx->eloop,
975 ELOOP_QUEUE_ALL, NULL, ia);
976 if (ia->flags & IPV6_AF_REQUEST) {
977 ia->flags &= ~IPV6_AF_ADDED;
983 if (ia->flags & IPV6_AF_STALE ||
984 IN6_IS_ADDR_UNSPECIFIED(&ia->addr))
987 if (!timespecisset(now))
988 clock_gettime(CLOCK_MONOTONIC, now);
989 ipv6_addaddr(ia, now);
990 return ia->flags & IPV6_AF_NEW ? 1 : 0;
994 ipv6_addaddrs(struct ipv6_addrhead *iaddrs)
997 struct ipv6_addr *ia, *ian;
1001 timespecclear(&now);
1002 TAILQ_FOREACH_SAFE(ia, iaddrs, next, ian) {
1003 r = ipv6_doaddr(ia, &now);
1007 TAILQ_REMOVE(iaddrs, ia, next);
1015 ipv6_freeaddr(struct ipv6_addr *ia)
1017 struct eloop *eloop = ia->iface->ctx->eloop;
1019 struct ipv6_addr *iad;
1021 /* Forget the reference */
1022 if (ia->flags & IPV6_AF_DELEGATEDPFX) {
1023 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) {
1024 iad->delegating_prefix = NULL;
1026 } else if (ia->delegating_prefix != NULL) {
1027 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next);
1031 if (ia->dhcp6_fd != -1) {
1032 close(ia->dhcp6_fd);
1033 eloop_event_delete(eloop, ia->dhcp6_fd);
1036 eloop_q_timeout_delete(eloop, ELOOP_QUEUE_ALL, NULL, ia);
1042 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
1043 const struct interface *ifd)
1045 struct ipv6_addr *ap, *apn, *apf;
1046 struct timespec now;
1051 timespecclear(&now);
1052 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
1055 (ap->delegating_prefix == NULL ||
1056 ap->delegating_prefix->iface != ifd))
1060 TAILQ_REMOVE(addrs, ap, next);
1061 if (drop && ap->flags & IPV6_AF_ADDED &&
1062 (ap->iface->options->options &
1063 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
1064 (DHCPCD_EXITING | DHCPCD_PERSISTENT))
1066 /* Don't drop link-local addresses. */
1067 if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) ||
1068 CAN_DROP_LLADDR(ap->iface))
1071 TAILQ_REMOVE(addrs, ap, next);
1072 /* Find the same address somewhere else */
1073 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr,
1076 (apf->iface != ap->iface)))
1077 ipv6_deleteaddr(ap);
1078 if (!(ap->iface->options->options &
1079 DHCPCD_EXITING) && apf)
1081 if (!timespecisset(&now))
1082 clock_gettime(CLOCK_MONOTONIC,
1084 ipv6_addaddr(apf, &now);
1095 static struct ipv6_state *
1096 ipv6_getstate(struct interface *ifp)
1098 struct ipv6_state *state;
1100 state = IPV6_STATE(ifp);
1101 if (state == NULL) {
1102 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
1103 state = IPV6_STATE(ifp);
1104 if (state == NULL) {
1108 TAILQ_INIT(&state->addrs);
1109 TAILQ_INIT(&state->ll_callbacks);
1115 ipv6_anyglobal(struct interface *sifp)
1117 struct interface *ifp;
1118 struct ipv6_state *state;
1119 struct ipv6_addr *ia;
1122 /* BSD forwarding is either on or off.
1123 * Linux forwarding is technically the same as it's
1124 * configured by the "all" interface.
1125 * Per interface only affects IsRouter of NA messages. */
1126 #if defined(PRIVSEP) && (defined(HAVE_PLEDGE) || defined(__linux__))
1127 if (IN_PRIVSEP(sifp->ctx))
1128 forwarding = ps_root_ip6forwarding(sifp->ctx, NULL) != 0;
1131 forwarding = ip6_forwarding(NULL) != 0;
1133 TAILQ_FOREACH(ifp, sifp->ctx->ifaces, next) {
1134 if (ifp != sifp && !forwarding)
1137 state = IPV6_STATE(ifp);
1141 TAILQ_FOREACH(ia, &state->addrs, next) {
1142 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr))
1144 /* Let's be optimistic.
1145 * Any decent OS won't forward or accept traffic
1146 * from/to tentative or detached addresses. */
1147 if (!(ia->addr_flags & IN6_IFF_DUPLICATED))
1155 ipv6_handleifa(struct dhcpcd_ctx *ctx,
1156 int cmd, struct if_head *ifs, const char *ifname,
1157 const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid)
1159 struct interface *ifp;
1160 struct ipv6_state *state;
1161 struct ipv6_addr *ia;
1162 struct ll_callback *cb;
1166 struct sockaddr_in6 subnet;
1168 /* Solaris on-link route is an unspecified address! */
1169 if (IN6_IS_ADDR_UNSPECIFIED(addr)) {
1170 if (if_getsubnet(ctx, ifname, AF_INET6,
1171 &subnet, sizeof(subnet)) == -1)
1176 addr = &subnet.sin6_addr;
1181 char dbuf[INET6_ADDRSTRLEN];
1184 dbp = inet_ntop(AF_INET6, &addr->s6_addr,
1185 dbuf, INET6_ADDRSTRLEN);
1186 loginfox("%s: cmd %d addr %s addrflags %d",
1187 ifname, cmd, dbp, addrflags);
1194 if ((ifp = if_find(ifs, ifname)) == NULL)
1196 if ((state = ipv6_getstate(ifp)) == NULL)
1198 anyglobal = ipv6_anyglobal(ifp) != NULL;
1200 TAILQ_FOREACH(ia, &state->addrs, next) {
1201 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr))
1208 TAILQ_REMOVE(&state->addrs, ia, next);
1209 #ifdef ND6_ADVERTISE
1210 /* Advertise the address if it exists on
1211 * another interface. */
1212 ipv6nd_advertise(ia);
1214 /* We'll free it at the end of the function. */
1219 ia = ipv6_newaddr(ifp, addr, prefix_len, 0);
1221 strlcpy(ia->alias, ifname, sizeof(ia->alias));
1223 if (if_getlifetime6(ia) == -1) {
1224 /* No support or address vanished.
1225 * Either way, just set a deprecated
1226 * infinite time lifetime and continue.
1227 * This is fine because we only want
1228 * to know this when trying to extend
1229 * temporary addresses.
1230 * As we can't extend infinite, we'll
1231 * create a new temporary address. */
1232 ia->prefix_pltime = 0;
1234 ND6_INFINITE_LIFETIME;
1236 /* This is a minor regression against RFC 4941
1237 * because the kernel only knows when the
1238 * lifetimes were last updated, not when the
1239 * address was initially created.
1240 * Provided dhcpcd is not restarted, this
1241 * won't be a problem.
1242 * If we don't like it, we can always
1243 * pretend lifetimes are infinite and always
1244 * generate a new temporary address on
1246 ia->acquired = ia->created;
1247 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1249 ia->addr_flags = addrflags;
1250 ia->flags &= ~IPV6_AF_STALE;
1251 #ifdef IPV6_MANAGETEMPADDR
1252 if (ia->addr_flags & IN6_IFF_TEMPORARY)
1253 ia->flags |= IPV6_AF_TEMPORARY;
1255 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) {
1256 #ifdef IPV6_POLLADDRFLAG
1257 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1258 eloop_timeout_add_msec(
1259 ia->iface->ctx->eloop,
1260 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1265 if (ia->dadcallback)
1266 ia->dadcallback(ia);
1268 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) &&
1269 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1271 /* Now run any callbacks.
1272 * Typically IPv6RS or DHCPv6 */
1274 TAILQ_FIRST(&state->ll_callbacks)))
1277 &state->ll_callbacks,
1279 cb->callback(cb->arg);
1290 ctx->options &= ~DHCPCD_RTBUILD;
1291 ipv6nd_handleifa(cmd, ia, pid);
1293 dhcp6_handleifa(cmd, ia, pid);
1296 /* Done with the ia now, so free it. */
1297 if (cmd == RTM_DELADDR)
1299 else if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1300 ia->flags |= IPV6_AF_DADCOMPLETED;
1302 /* If we've not already called rt_build via the IPv6ND
1303 * or DHCP6 handlers and the existance of any useable
1304 * global address on the interface has changed,
1305 * call rt_build to add/remove the default route. */
1307 ((ifp->options != NULL && ifp->options->options & DHCPCD_IPV6) ||
1308 (ifp->options == NULL && ctx->options & DHCPCD_IPV6)) &&
1309 !(ctx->options & DHCPCD_RTBUILD) &&
1310 (ipv6_anyglobal(ifp) != NULL) != anyglobal)
1311 rt_build(ctx, AF_INET6);
1315 ipv6_hasaddr(const struct interface *ifp)
1318 if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL)
1321 if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL)
1328 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr,
1331 struct ipv6_state *state;
1332 struct ipv6_addr *ap;
1334 state = IPV6_STATE(ifp);
1336 TAILQ_FOREACH(ap, &state->addrs, next) {
1338 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1339 (!revflags || !(ap->addr_flags & revflags)))
1342 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1343 (!revflags || !(ap->addr_flags & revflags)))
1351 static struct ipv6_addr *
1352 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr)
1354 struct ipv6_state *state;
1355 struct ipv6_addr *ap;
1356 struct in6_addr mask;
1358 state = IPV6_STATE(ifp);
1360 TAILQ_FOREACH(ap, &state->addrs, next) {
1361 if (ipv6_mask(&mask, ap->prefix_len) == -1)
1363 if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask))
1371 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr)
1373 struct interface *ifp;
1374 struct ipv6_addr *ap;
1376 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1377 ap = ipv6_iffindmaskaddr(ifp, addr);
1385 ipv6_addlinklocalcallback(struct interface *ifp,
1386 void (*callback)(void *), void *arg)
1388 struct ipv6_state *state;
1389 struct ll_callback *cb;
1391 state = ipv6_getstate(ifp);
1392 TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1393 if (cb->callback == callback && cb->arg == arg)
1397 cb = malloc(sizeof(*cb));
1402 cb->callback = callback;
1404 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1409 static struct ipv6_addr *
1410 ipv6_newlinklocal(struct interface *ifp)
1412 struct ipv6_addr *ia;
1413 struct in6_addr in6;
1415 memset(&in6, 0, sizeof(in6));
1416 in6.s6_addr32[0] = htonl(0xfe800000);
1417 ia = ipv6_newaddr(ifp, &in6, 64, 0);
1419 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1420 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1425 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1426 static const uint8_t allone[8] =
1427 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1430 ipv6_addlinklocal(struct interface *ifp)
1432 struct ipv6_state *state;
1433 struct ipv6_addr *ap, *ap2;
1436 if (!(ifp->options->options & DHCPCD_CONFIGURE))
1439 /* Check sanity before malloc */
1440 if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1441 switch (ifp->hwtype) {
1443 /* Check for a valid hardware address */
1444 if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1448 if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1449 memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1461 state = ipv6_getstate(ifp);
1465 ap = ipv6_newlinklocal(ifp);
1470 if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1472 if (ipv6_makestableprivate(&ap->addr,
1473 &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1478 ap->dadcounter = dadcounter;
1480 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1481 switch (ifp->hwtype) {
1483 if (ifp->hwlen == 6) {
1484 ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1485 ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1486 ap->addr.s6_addr[10] = ifp->hwaddr[2];
1487 ap->addr.s6_addr[11] = 0xff;
1488 ap->addr.s6_addr[12] = 0xfe;
1489 ap->addr.s6_addr[13] = ifp->hwaddr[3];
1490 ap->addr.s6_addr[14] = ifp->hwaddr[4];
1491 ap->addr.s6_addr[15] = ifp->hwaddr[5];
1492 } else if (ifp->hwlen == 8)
1493 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1502 /* Sanity check: g bit must not indciate "group" */
1503 if (EUI64_GROUP(&ap->addr)) {
1508 EUI64_TO_IFID(&ap->addr);
1511 /* Do we already have this address? */
1512 TAILQ_FOREACH(ap2, &state->addrs, next) {
1513 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1514 if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1515 if (ifp->options->options &
1516 DHCPCD_SLAACPRIVATE)
1519 goto nextslaacprivate;
1522 errno = EADDRNOTAVAIL;
1526 logwarnx("%s: waiting for %s to complete",
1527 ap2->iface->name, ap2->saddr);
1534 inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1535 TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1536 ipv6_addaddr(ap, NULL);
1541 ipv6_tryaddlinklocal(struct interface *ifp)
1543 struct ipv6_addr *ia;
1545 /* We can't assign a link-locak address to this,
1546 * the ppp process has to. */
1547 if (ifp->flags & IFF_POINTOPOINT)
1550 ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED);
1552 #ifdef IPV6_POLLADDRFLAG
1553 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1554 eloop_timeout_add_msec(
1555 ia->iface->ctx->eloop,
1556 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1561 if (!CAN_ADD_LLADDR(ifp))
1564 return ipv6_addlinklocal(ifp);
1568 ipv6_setscope(struct sockaddr_in6 *sin, unsigned int ifindex)
1572 /* KAME based systems want to store the scope inside the sin6_addr
1573 * for link local addresses */
1574 if (IN6_IS_ADDR_LINKLOCAL(&sin->sin6_addr)) {
1575 uint16_t scope = htons((uint16_t)ifindex);
1576 memcpy(&sin->sin6_addr.s6_addr[2], &scope,
1579 sin->sin6_scope_id = 0;
1581 if (IN6_IS_ADDR_LINKLOCAL(&sin->sin6_addr))
1582 sin->sin6_scope_id = ifindex;
1584 sin->sin6_scope_id = 0;
1589 ipv6_getscope(const struct sockaddr_in6 *sin)
1595 if (!IN6_IS_ADDR_LINKLOCAL(&sin->sin6_addr))
1598 memcpy(&scope, &sin->sin6_addr.s6_addr[2], sizeof(scope));
1599 return (unsigned int)ntohs(scope);
1601 return (unsigned int)sin->sin6_scope_id;
1606 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr,
1607 uint8_t prefix_len, unsigned int flags)
1609 struct ipv6_addr *ia, *iaf;
1610 char buf[INET6_ADDRSTRLEN];
1615 #ifdef IPV6_AF_TEMPORARY
1616 tempaddr = flags & IPV6_AF_TEMPORARY;
1621 /* If adding a new DHCP / RA derived address, check current flags
1622 * from an existing address. */
1625 else if (flags & IPV6_AF_AUTOCONF)
1626 iaf = ipv6nd_iffindprefix(ifp, addr, prefix_len);
1628 iaf = ipv6_iffindaddr(ifp, addr, 0);
1630 addr_flags = iaf->addr_flags;
1631 flags |= IPV6_AF_ADDED;
1633 addr_flags = IN6_IFF_TENTATIVE;
1635 ia = calloc(1, sizeof(*ia));
1640 ia->addr_flags = addr_flags;
1641 ia->flags = IPV6_AF_NEW | flags;
1642 if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1643 ia->flags |= IPV6_AF_DADCOMPLETED;
1644 ia->prefix_len = prefix_len;
1648 TAILQ_INIT(&ia->pd_pfxs);
1651 if (prefix_len == 128)
1653 else if (ia->flags & IPV6_AF_AUTOCONF) {
1656 memcpy(&ia->addr, &iaf->addr, sizeof(ia->addr));
1658 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp,
1662 if (ia->dadcounter == -1)
1665 } else if (ia->flags & IPV6_AF_RAPFX) {
1669 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1674 } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX)) {
1676 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf));
1681 if (ipv6_makeprefix(&ia->prefix,
1682 &ia->addr, ia->prefix_len) == -1)
1686 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1690 snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len);
1701 ipv6_staticdadcallback(void *arg)
1703 struct ipv6_addr *ia = arg;
1706 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
1707 ia->flags |= IPV6_AF_DADCOMPLETED;
1708 if (ia->addr_flags & IN6_IFF_DUPLICATED)
1709 logwarnx("%s: DAD detected %s", ia->iface->name,
1711 else if (!wascompleted) {
1712 logdebugx("%s: IPv6 static DAD completed",
1716 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1717 if (!wascompleted) {
1718 struct interface *ifp;
1719 struct ipv6_state *state;
1722 state = IPV6_STATE(ifp);
1723 TAILQ_FOREACH(ia, &state->addrs, next) {
1724 if (ia->flags & IPV6_AF_STATIC &&
1725 (ia->flags & FINISHED) != FINISHED)
1732 script_runreason(ifp, "STATIC6");
1738 ipv6_env(FILE *fp, const char *prefix, const struct interface *ifp)
1740 struct ipv6_addr *ia;
1742 ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6,
1743 IN6_IFF_NOTUSEABLE);
1746 if (efprintf(fp, "%s_ip6_address=%s", prefix, ia->saddr) == -1)
1752 ipv6_staticdadcompleted(const struct interface *ifp)
1754 const struct ipv6_state *state;
1755 const struct ipv6_addr *ia;
1758 if ((state = IPV6_CSTATE(ifp)) == NULL)
1761 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1762 TAILQ_FOREACH(ia, &state->addrs, next) {
1763 if ((ia->flags & COMPLETED) == COMPLETED &&
1764 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1771 ipv6_startstatic(struct interface *ifp)
1773 struct ipv6_addr *ia;
1776 if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6))
1779 ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0);
1781 (ia->prefix_len != ifp->options->req_prefix_len ||
1782 ia->addr_flags & IN6_IFF_NOTUSEABLE))
1784 ipv6_deleteaddr(ia);
1788 struct ipv6_state *state;
1790 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6,
1791 ifp->options->req_prefix_len, 0);
1794 state = IPV6_STATE(ifp);
1795 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1799 ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK;
1800 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1801 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1802 ia->dadcallback = ipv6_staticdadcallback;
1803 ipv6_addaddr(ia, NULL);
1804 rt_build(ifp->ctx, AF_INET6);
1806 script_runreason(ifp, "STATIC6");
1810 /* Ensure the interface has a link-local address */
1812 ipv6_start(struct interface *ifp)
1814 #ifdef IPV6_POLLADDRFLAG
1815 struct ipv6_state *state;
1817 /* We need to update the address flags. */
1818 if ((state = IPV6_STATE(ifp)) != NULL) {
1819 struct ipv6_addr *ia;
1823 TAILQ_FOREACH(ia, &state->addrs, next) {
1829 flags = if_addrflags6(ia->iface, &ia->addr, alias);
1831 ia->addr_flags = flags;
1836 if (ipv6_tryaddlinklocal(ifp) == -1)
1843 ipv6_freedrop(struct interface *ifp, int drop)
1845 struct ipv6_state *state;
1846 struct ll_callback *cb;
1851 if ((state = IPV6_STATE(ifp)) == NULL)
1854 /* If we got here, we can get rid of any LL callbacks. */
1855 while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1856 TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1860 ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1862 if (ifp->ctx->ra_routers != NULL)
1863 rt_build(ifp->ctx, AF_INET6);
1865 /* Because we need to cache the addresses we don't control,
1866 * we only free the state on when NOT dropping addresses. */
1868 ifp->if_data[IF_DATA_IPV6] = NULL;
1869 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1874 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1877 free(ctx->ra_routers);
1882 ipv6_handleifa_addrs(int cmd,
1883 struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid)
1885 struct ipv6_addr *ia, *ian;
1886 uint8_t found, alldadcompleted;
1888 alldadcompleted = 1;
1890 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
1891 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) {
1892 if (ia->flags & IPV6_AF_ADDED &&
1893 !(ia->flags & IPV6_AF_DADCOMPLETED))
1894 alldadcompleted = 0;
1899 if (ia->flags & IPV6_AF_ADDED) {
1900 logwarnx("%s: pid %d deleted address %s",
1901 ia->iface->name, pid, ia->saddr);
1902 ia->flags &= ~IPV6_AF_ADDED;
1904 ipv6_deletedaddr(ia);
1905 if (ia->flags & IPV6_AF_DELEGATED) {
1906 TAILQ_REMOVE(addrs, ia, next);
1911 ia->addr_flags = addr->addr_flags;
1912 /* Safety - ignore tentative announcements */
1913 if (ia->addr_flags &
1914 (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE))
1916 if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) {
1918 if (ia->dadcallback)
1919 ia->dadcallback(ia);
1920 /* We need to set this here in-case the
1921 * dadcallback function checks it */
1922 ia->flags |= IPV6_AF_DADCOMPLETED;
1928 return alldadcompleted ? found : 0;
1931 #ifdef IPV6_MANAGETEMPADDR
1933 ipv6_regen_desync(struct interface *ifp, bool force)
1935 struct ipv6_state *state;
1938 state = IPV6_STATE(ifp);
1940 /* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1941 * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1942 * I believe this is an error and it should be never be greater than
1943 * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1944 max = TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE;
1945 if (state->desync_factor && !force && state->desync_factor < max)
1947 if (state->desync_factor == 0)
1948 state->desync_factor =
1949 arc4random_uniform(MIN(MAX_DESYNC_FACTOR, max));
1950 max = TEMP_PREFERRED_LIFETIME - state->desync_factor - REGEN_ADVANCE;
1951 eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempaddrs, ifp);
1954 /* RFC4941 Section 3.3.7 */
1956 ipv6_tempdadcallback(void *arg)
1958 struct ipv6_addr *ia = arg;
1960 if (ia->addr_flags & IN6_IFF_DUPLICATED) {
1961 struct ipv6_addr *ia1;
1964 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1965 logerrx("%s: too many duplicate temporary addresses",
1969 clock_gettime(CLOCK_MONOTONIC, &tv);
1970 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1973 ia1->dadcounter = ia->dadcounter;
1974 ipv6_deleteaddr(ia);
1976 ipv6_addaddr(ia1, &ia1->acquired);
1981 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1983 struct ipv6_state *state;
1984 struct interface *ifp = ia0->iface;
1985 struct ipv6_addr *ia;
1987 ia = ipv6_newaddr(ifp, &ia0->prefix, ia0->prefix_len,
1988 IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY);
1992 ia->dadcallback = ipv6_tempdadcallback;
1993 ia->created = ia->acquired = now ? *now : ia0->acquired;
1995 /* Ensure desync is still valid */
1996 ipv6_regen_desync(ifp, false);
1998 /* RFC4941 Section 3.3.4 */
1999 state = IPV6_STATE(ia->iface);
2000 ia->prefix_pltime = MIN(ia0->prefix_pltime,
2001 TEMP_PREFERRED_LIFETIME - state->desync_factor);
2002 ia->prefix_vltime = MIN(ia0->prefix_vltime, TEMP_VALID_LIFETIME);
2003 if (ia->prefix_pltime <= REGEN_ADVANCE ||
2004 ia->prefix_pltime > ia0->prefix_vltime)
2011 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
2016 ipv6_settemptime(struct ipv6_addr *ia, int flags)
2018 struct ipv6_state *state;
2019 struct ipv6_addr *ap, *first;
2021 state = IPV6_STATE(ia->iface);
2023 TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
2024 if (ap->flags & IPV6_AF_TEMPORARY &&
2025 ap->prefix_pltime &&
2026 IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
2028 unsigned int max, ext;
2031 if (ap->prefix_pltime -
2032 (uint32_t)(ia->acquired.tv_sec -
2033 ap->acquired.tv_sec)
2040 if (!(ap->flags & IPV6_AF_ADDED))
2041 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
2042 ap->flags &= ~IPV6_AF_STALE;
2044 /* RFC4941 Section 3.4
2045 * Deprecated prefix, deprecate the temporary address */
2046 if (ia->prefix_pltime == 0) {
2047 ap->prefix_pltime = 0;
2051 /* Ensure desync is still valid */
2052 ipv6_regen_desync(ap->iface, false);
2054 /* RFC4941 Section 3.3.2
2055 * Extend temporary times, but ensure that they
2056 * never last beyond the system limit. */
2057 ext = (unsigned int)ia->acquired.tv_sec
2058 + ia->prefix_pltime;
2059 max = (unsigned int)(ap->created.tv_sec +
2060 TEMP_PREFERRED_LIFETIME -
2061 state->desync_factor);
2063 ap->prefix_pltime = ia->prefix_pltime;
2066 (uint32_t)(max - ia->acquired.tv_sec);
2069 ext = (unsigned int)ia->acquired.tv_sec +
2071 max = (unsigned int)(ap->created.tv_sec +
2072 TEMP_VALID_LIFETIME);
2074 ap->prefix_vltime = ia->prefix_vltime;
2077 (uint32_t)(max - ia->acquired.tv_sec);
2079 /* Just extend the latest matching prefix */
2080 ap->acquired = ia->acquired;
2082 /* If extending return the last match as
2083 * it's the most current.
2084 * If deprecating, deprecate any other addresses we
2085 * may have, although this should not be needed */
2086 if (ia->prefix_pltime)
2096 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
2098 struct ipv6_state *state;
2099 struct ipv6_addr *ia;
2101 state = IPV6_STATE(ifp);
2102 TAILQ_FOREACH(ia, &state->addrs, next) {
2103 if (ia->flags & IPV6_AF_TEMPORARY &&
2104 !(ia->flags & IPV6_AF_STALE))
2105 ipv6_addaddr(ia, now);
2110 ipv6_regentempaddr0(struct ipv6_addr *ia, struct timespec *tv)
2112 struct ipv6_addr *ia1;
2114 logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr);
2115 ia1 = ipv6_createtempaddr(ia, tv);
2117 ipv6_addaddr(ia1, tv);
2123 ipv6_regentempaddr(void *arg)
2127 clock_gettime(CLOCK_MONOTONIC, &tv);
2128 ipv6_regentempaddr0(arg, &tv);
2132 ipv6_regentempaddrs(void *arg)
2134 struct interface *ifp = arg;
2136 struct ipv6_state *state;
2137 struct ipv6_addr *ia;
2139 state = IPV6_STATE(ifp);
2143 ipv6_regen_desync(ifp, true);
2145 clock_gettime(CLOCK_MONOTONIC, &tv);
2147 /* Mark addresses for regen so we don't infinite loop. */
2148 TAILQ_FOREACH(ia, &state->addrs, next) {
2149 if (ia->flags & IPV6_AF_TEMPORARY &&
2150 ia->flags & IPV6_AF_ADDED &&
2151 !(ia->flags & IPV6_AF_STALE))
2152 ia->flags |= IPV6_AF_REGEN;
2154 ia->flags &= ~IPV6_AF_REGEN;
2157 /* Now regen temp addrs */
2158 TAILQ_FOREACH(ia, &state->addrs, next) {
2159 if (ia->flags & IPV6_AF_REGEN) {
2160 ipv6_regentempaddr0(ia, &tv);
2161 ia->flags &= ~IPV6_AF_REGEN;
2165 #endif /* IPV6_MANAGETEMPADDR */
2168 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags)
2170 struct ipv6_state *state;
2171 struct ipv6_addr *ia;
2173 state = IPV6_STATE(ifp);
2177 TAILQ_FOREACH(ia, &state->addrs, next) {
2178 if (flags == 0 || ia->flags & flags)
2179 ia->flags |= IPV6_AF_STALE;
2184 ipv6_deletestaleaddrs(struct interface *ifp)
2186 struct ipv6_state *state;
2187 struct ipv6_addr *ia, *ia1;
2189 state = IPV6_STATE(ifp);
2193 TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) {
2194 if (ia->flags & IPV6_AF_STALE)
2195 ipv6_handleifa(ifp->ctx, RTM_DELADDR,
2196 ifp->ctx->ifaces, ifp->name,
2197 &ia->addr, ia->prefix_len, 0, getpid());
2203 inet6_makeroute(struct interface *ifp, const struct ra *rap)
2207 if ((rt = rt_new(ifp)) == NULL)
2210 #ifdef HAVE_ROUTE_METRIC
2211 rt->rt_metric = ifp->metric;
2214 rt->rt_mtu = rap->mtu;
2219 inet6_makeprefix(struct interface *ifp, const struct ra *rap,
2220 const struct ipv6_addr *addr)
2223 struct in6_addr netmask;
2225 if (addr == NULL || addr->prefix_len > 128) {
2230 /* There is no point in trying to manage a /128 prefix,
2231 * ones without a lifetime. */
2232 if (addr->prefix_len == 128 || addr->prefix_vltime == 0)
2235 /* Don't install a reject route when not creating bigger prefixes. */
2236 if (addr->flags & IPV6_AF_NOREJECT)
2239 /* This address is the delegated prefix, so add a reject route for
2240 * it via the loopback interface. */
2241 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2242 struct interface *lo0;
2244 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) {
2245 if (lo0->flags & IFF_LOOPBACK)
2249 logwarnx("cannot find a loopback interface "
2255 if ((rt = inet6_makeroute(ifp, rap)) == NULL)
2258 sa_in6_init(&rt->rt_dest, &addr->prefix);
2259 ipv6_mask(&netmask, addr->prefix_len);
2260 sa_in6_init(&rt->rt_netmask, &netmask);
2261 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2262 rt->rt_flags |= RTF_REJECT;
2263 /* Linux does not like a gateway for a reject route. */
2265 sa_in6_init(&rt->rt_gateway, &in6addr_loopback);
2267 } else if (!(addr->flags & IPV6_AF_ONLINK))
2268 sa_in6_init(&rt->rt_gateway, &rap->from);
2270 rt->rt_gateway.sa_family = AF_UNSPEC;
2271 sa_in6_init(&rt->rt_ifa, &addr->addr);
2276 inet6_makerouter(struct ra *rap)
2280 if ((rt = inet6_makeroute(rap->iface, rap)) == NULL)
2282 sa_in6_init(&rt->rt_dest, &in6addr_any);
2283 sa_in6_init(&rt->rt_netmask, &in6addr_any);
2284 sa_in6_init(&rt->rt_gateway, &rap->from);
2288 #define RT_IS_DEFAULT(rtp) \
2289 (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) && \
2290 IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any))
2293 inet6_staticroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2295 struct interface *ifp;
2296 struct ipv6_state *state;
2297 struct ipv6_addr *ia;
2300 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2301 if ((state = IPV6_STATE(ifp)) == NULL)
2303 TAILQ_FOREACH(ia, &state->addrs, next) {
2304 if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) ==
2305 (IPV6_AF_ADDED | IPV6_AF_STATIC))
2307 rt = inet6_makeprefix(ifp, NULL, ia);
2309 rt_proto_add(routes, rt);
2317 inet6_raroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2321 const struct ipv6_addr *addr;
2323 if (ctx->ra_routers == NULL)
2326 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
2329 TAILQ_FOREACH(addr, &rap->addrs, next) {
2330 if (addr->prefix_vltime == 0)
2332 rt = inet6_makeprefix(rap->iface, rap, addr);
2334 rt->rt_dflags |= RTDF_RA;
2335 #ifdef HAVE_ROUTE_PREF
2336 rt->rt_pref = ipv6nd_rtpref(rap);
2338 rt_proto_add(routes, rt);
2341 if (rap->lifetime == 0)
2343 if (ipv6_anyglobal(rap->iface) == NULL)
2345 rt = inet6_makerouter(rap);
2348 rt->rt_dflags |= RTDF_RA;
2349 #ifdef HAVE_ROUTE_PREF
2350 rt->rt_pref = ipv6nd_rtpref(rap);
2352 rt_proto_add(routes, rt);
2359 inet6_dhcproutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx,
2362 struct interface *ifp;
2363 const struct dhcp6_state *d6_state;
2364 const struct ipv6_addr *addr;
2367 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2368 d6_state = D6_CSTATE(ifp);
2369 if (d6_state && d6_state->state == dstate) {
2370 TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2371 rt = inet6_makeprefix(ifp, NULL, addr);
2374 rt->rt_dflags |= RTDF_DHCP;
2375 rt_proto_add(routes, rt);
2384 inet6_getroutes(struct dhcpcd_ctx *ctx, rb_tree_t *routes)
2387 /* Should static take priority? */
2388 if (inet6_staticroutes(routes, ctx) == -1)
2391 /* First add reachable routers and their prefixes */
2392 if (inet6_raroutes(routes, ctx) == -1)
2396 /* We have no way of knowing if prefixes added by DHCP are reachable
2397 * or not, so we have to assume they are.
2398 * Add bound before delegated so we can prefer interfaces better. */
2399 if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1)
2401 if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1)