1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * dhcpcd - DHCP client daemon
4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/param.h>
30 #include <sys/types.h>
31 #include <sys/socket.h>
34 #include <arpa/inet.h>
36 #include <net/route.h>
37 #include <netinet/in.h>
38 #include <netinet/if_ether.h>
42 #ifdef HAVE_SYS_BITOPS_H
43 #include <sys/bitops.h>
45 #include "compat/bitops.h"
49 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used
50 * to generate our CAN_ADD_LLADDR #define. */
51 # include <netinet6/in6_var.h>
52 # include <netinet6/nd6.h>
63 #define ELOOP_QUEUE ELOOP_IPV6
86 #ifndef SHA256_DIGEST_LENGTH
87 # define SHA256_DIGEST_LENGTH 32
90 #ifdef IPV6_POLLADDRFLAG
91 # warning kernel does not report IPv6 address flag changes
92 # warning polling tentative address flags periodically
95 /* Hackery at it's finest. */
98 # define s6_addr32 _S6_un._S6_u32
100 # define s6_addr32 __u6_addr.__u6_addr32
104 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \
105 defined(IFF_NOLINKLOCAL)
106 /* Only add the LL address if we have a carrier, so DaD works. */
107 #define CAN_ADD_LLADDR(ifp) \
108 (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN)
110 /* Although we can add our own LL address, we cannot drop it
111 * without unplumbing the if which is a lot of code.
112 * So just keep it for the time being. */
113 #define CAN_DROP_LLADDR(ifp) (0)
115 #define CAN_DROP_LLADDR(ifp) (1)
118 /* We have no control over the OS adding the LLADDR, so just let it do it
119 * as we cannot force our own view on it. */
120 #define CAN_ADD_LLADDR(ifp) (0)
121 #define CAN_DROP_LLADDR(ifp) (0)
124 #ifdef IPV6_MANAGETEMPADDR
125 static void ipv6_regentempaddr(void *);
129 ipv6_init(struct dhcpcd_ctx *ctx)
132 if (ctx->ra_routers != NULL)
135 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
136 if (ctx->ra_routers == NULL)
138 TAILQ_INIT(ctx->ra_routers);
151 ipv6_readsecret(struct dhcpcd_ctx *ctx)
158 ctx->secret_len = dhcp_read_hwaddr_aton(ctx, &ctx->secret, SECRET);
159 if (ctx->secret_len != 0)
160 return (ssize_t)ctx->secret_len;
163 logerr("%s: cannot read secret", __func__);
165 /* Chaining arc4random should be good enough.
166 * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
167 * To attempt and future proof ourselves, we'll generate a key of
168 * 512 bits (64 bytes). */
169 if (ctx->secret_len < 64) {
170 if ((ctx->secret = malloc(64)) == NULL) {
174 ctx->secret_len = 64;
177 for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
179 memcpy(p, &r, sizeof(r));
183 hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line));
185 if (len < sizeof(line) - 2) {
189 if (dhcp_writefile(ctx, SECRET, S_IRUSR, line, len) == -1) {
190 logerr("%s: cannot write secret", __func__);
194 return (ssize_t)ctx->secret_len;
197 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
199 static const struct reslowhigh {
200 const uint8_t high[8];
201 const uint8_t low[8];
203 /* RFC4291 + RFC6543 */
204 { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
205 { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
207 { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
208 { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
212 ipv6_reserved(const struct in6_addr *addr)
214 uint64_t id, low, high;
216 const struct reslowhigh *r;
218 id = be64dec(addr->s6_addr + sizeof(id));
219 if (id == 0) /* RFC4291 */
221 for (i = 0; i < __arraycount(reslowhigh); i++) {
223 low = be64dec(r->low);
224 high = be64dec(r->high);
225 if (id >= low && id <= high)
233 ipv6_makestableprivate1(struct dhcpcd_ctx *ctx,
234 struct in6_addr *addr, const struct in6_addr *prefix, int prefix_len,
235 const unsigned char *netiface, size_t netiface_len,
236 const unsigned char *netid, size_t netid_len,
237 unsigned short vlanid,
238 uint32_t *dad_counter)
240 unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
244 if (prefix_len < 0 || prefix_len > 120) {
249 if (ctx->secret_len == 0) {
250 if (ipv6_readsecret(ctx) == -1)
254 l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
255 len = l + netiface_len + netid_len + sizeof(*dad_counter) +
258 len += sizeof(vlanid);
259 if (len > sizeof(buf)) {
264 for (;; (*dad_counter)++) {
265 /* Combine all parameters into one buffer */
267 memcpy(p, prefix, l);
269 memcpy(p, netiface, netiface_len);
271 memcpy(p, netid, netid_len);
273 /* Don't use a vlanid if not set.
274 * This ensures prior versions have the same unique address. */
276 memcpy(p, &vlanid, sizeof(vlanid));
279 memcpy(p, dad_counter, sizeof(*dad_counter));
280 p += sizeof(*dad_counter);
281 memcpy(p, ctx->secret, ctx->secret_len);
283 /* Make an address using the digest of the above.
284 * RFC7217 Section 5.1 states that we shouldn't use MD5.
285 * Pity as we use that for HMAC-MD5 which is still deemed OK.
286 * SHA-256 is recommended */
287 SHA256_Init(&sha_ctx);
288 SHA256_Update(&sha_ctx, buf, len);
289 SHA256_Final(digest, &sha_ctx);
292 memcpy(p, prefix, l);
293 /* RFC7217 section 5.2 says we need to start taking the id from
294 * the least significant bit */
295 len = sizeof(addr->s6_addr) - l;
296 memcpy(p + l, digest + (sizeof(digest) - len), len);
298 /* Ensure that the Interface ID does not match a reserved one,
299 * if it does then treat it as a DAD failure.
300 * RFC7217 section 5.2 */
301 if (prefix_len != 64)
303 if (!ipv6_reserved(addr))
311 ipv6_makestableprivate(struct in6_addr *addr,
312 const struct in6_addr *prefix, int prefix_len,
313 const struct interface *ifp,
319 dad = (uint32_t)*dad_counter;
321 /* For our implementation, we shall set the hardware address
322 * as the interface identifier */
323 r = ipv6_makestableprivate1(ifp->ctx, addr, prefix, prefix_len,
324 ifp->hwaddr, ifp->hwlen,
325 ifp->ssid, ifp->ssid_len,
329 *dad_counter = (int)dad;
333 #ifdef IPV6_AF_TEMPORARY
335 ipv6_maketemporaryaddress(struct in6_addr *addr,
336 const struct in6_addr *prefix, int prefix_len,
337 const struct interface *ifp)
339 struct in6_addr mask;
340 struct interface *ifpn;
342 if (ipv6_mask(&mask, prefix_len) == -1)
347 addr->s6_addr32[2] |= (arc4random() & ~mask.s6_addr32[2]);
348 addr->s6_addr32[3] |= (arc4random() & ~mask.s6_addr32[3]);
350 TAILQ_FOREACH(ifpn, ifp->ctx->ifaces, next) {
351 if (ipv6_iffindaddr(ifpn, addr, 0) != NULL)
356 if (ipv6_reserved(addr))
363 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp,
364 const struct in6_addr *prefix, int prefix_len, unsigned int flags)
366 const struct ipv6_addr *ap;
369 if (prefix_len < 0 || prefix_len > 120) {
374 #ifdef IPV6_AF_TEMPORARY
375 if (flags & IPV6_AF_TEMPORARY)
376 return ipv6_maketemporaryaddress(addr, prefix, prefix_len, ifp);
381 if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
383 if (ipv6_makestableprivate(addr,
384 prefix, prefix_len, ifp, &dad) == -1)
389 if (prefix_len > 64) {
393 if ((ap = ipv6_linklocal(ifp)) == NULL) {
394 /* We delay a few functions until we get a local-link address
395 * so this should never be hit. */
400 /* Make the address from the first local-link address */
401 memcpy(addr, prefix, sizeof(*prefix));
402 addr->s6_addr32[2] = ap->addr.s6_addr32[2];
403 addr->s6_addr32[3] = ap->addr.s6_addr32[3];
408 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
410 struct in6_addr mask;
413 if (ipv6_mask(&mask, len) == -1)
416 for (i = 0; i < sizeof(prefix->s6_addr); i++)
417 prefix->s6_addr[i] &= mask.s6_addr[i];
422 ipv6_mask(struct in6_addr *mask, int len)
424 static const unsigned char masks[NBBY] =
425 { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
428 if (len < 0 || len > 128) {
433 memset(mask, 0, sizeof(*mask));
436 for (i = 0; i < bytes; i++)
437 mask->s6_addr[i] = 0xff;
439 /* Coverify false positive.
440 * bytelen cannot be 16 if bitlen is non zero */
441 /* coverity[overrun-local] */
442 mask->s6_addr[bytes] = masks[bits - 1];
448 ipv6_prefixlen(const struct in6_addr *mask)
451 const unsigned char *lim, *p;
453 lim = (const unsigned char *)mask + sizeof(*mask);
454 for (p = (const unsigned char *)mask; p < lim; x++, p++) {
460 for (y = 0; y < NBBY; y++) {
461 if ((*p & (0x80 >> y)) == 0)
467 * when the limit pointer is given, do a stricter check on the
471 if (y != 0 && (*p & (0x00ff >> y)) != 0)
473 for (p = p + 1; p < lim; p++)
478 return (uint8_t)(x * NBBY + y);
482 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
485 *vhigh = be64dec(addr->s6_addr);
486 *vlow = be64dec(addr->s6_addr + 8);
490 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
493 be64enc(addr->s6_addr, vhigh);
494 be64enc(addr->s6_addr + 8, vlow);
499 const struct in6_addr *prefix, // prefix from router
500 short prefix_len, // length of prefix received
501 uint64_t user_number, // "random" number from user
502 struct in6_addr *result, // resultant prefix
503 short result_len) // desired prefix length
505 uint64_t vh, vl, user_low, user_high;
507 if (prefix_len < 1 || prefix_len > 128 ||
508 result_len < 1 || result_len > 128)
514 /* Check that the user_number fits inside result_len less prefix_len */
515 if (result_len < prefix_len ||
516 fls64(user_number) > result_len - prefix_len)
522 /* If user_number is zero, just copy the prefix into the result. */
523 if (user_number == 0) {
528 /* Shift user_number so it fit's just inside result_len.
529 * Shifting by 0 or sizeof(user_number) is undefined,
530 * so we cater for that. */
531 if (result_len == 128) {
533 user_low = user_number;
534 } else if (result_len > 64) {
535 if (prefix_len >= 64)
538 user_high = user_number >> (result_len - prefix_len);
539 user_low = user_number << (128 - result_len);
540 } else if (result_len == 64) {
541 user_high = user_number;
544 user_high = user_number << (64 - result_len);
548 /* convert to two 64bit host order values */
549 in6_to_h64(&vh, &vl, prefix);
554 /* copy back result */
555 h64_to_in6(result, vh, vl);
560 #ifdef IPV6_POLLADDRFLAG
562 ipv6_checkaddrflags(void *arg)
564 struct ipv6_addr *ia;
574 if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) {
575 if (errno != EEXIST && errno != EADDRNOTAVAIL)
576 logerr("%s: if_addrflags6", __func__);
580 if (!(flags & IN6_IFF_TENTATIVE)) {
581 /* Simulate the kernel announcing the new address. */
582 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR,
583 ia->iface->ctx->ifaces, ia->iface->name,
584 &ia->addr, ia->prefix_len, flags, 0);
586 /* Still tentative? Check again in a bit. */
587 eloop_timeout_add_msec(ia->iface->ctx->eloop,
588 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
594 ipv6_deletedaddr(struct ipv6_addr *ia)
599 if (!(ia->iface->ctx->options & DHCPCD_MASTER))
600 ps_inet_closedhcp6(ia);
604 /* NOREJECT is set if we delegated exactly the prefix to another
606 * This can only be one address, so just clear the flag.
607 * This should ensure the reject route will be restored. */
608 if (ia->delegating_prefix != NULL)
609 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT;
617 ipv6_deleteaddr(struct ipv6_addr *ia)
619 struct ipv6_state *state;
620 struct ipv6_addr *ap;
622 loginfox("%s: deleting address %s", ia->iface->name, ia->saddr);
623 if (if_address6(RTM_DELADDR, ia) == -1 &&
624 errno != EADDRNOTAVAIL && errno != ESRCH &&
625 errno != ENXIO && errno != ENODEV)
628 ipv6_deletedaddr(ia);
630 state = IPV6_STATE(ia->iface);
631 TAILQ_FOREACH(ap, &state->addrs, next) {
632 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
633 TAILQ_REMOVE(&state->addrs, ap, next);
640 /* Advertise the address if it exists on another interface. */
641 ipv6nd_advertise(ia);
646 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now)
648 struct interface *ifp;
649 uint32_t pltime, vltime;
652 bool vltime_was_zero = ia->prefix_vltime == 0;
655 struct ipv6_state *state;
656 struct ipv6_addr *ia2;
658 /* If we re-add then address on Solaris then the prefix
659 * route will be scrubbed and re-added. Something might
660 * be using it, so let's avoid it. */
661 if (ia->flags & IPV6_AF_DADCOMPLETED) {
662 logdebugx("%s: IP address %s already exists",
663 ia->iface->name, ia->saddr);
672 /* Remember the interface of the address. */
675 if (!(ia->flags & IPV6_AF_DADCOMPLETED) &&
676 ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE))
677 ia->flags |= IPV6_AF_DADCOMPLETED;
679 /* Adjust plftime and vltime based on acquired time */
680 pltime = ia->prefix_pltime;
681 vltime = ia->prefix_vltime;
682 if (timespecisset(&ia->acquired) &&
683 (ia->prefix_pltime != ND6_INFINITE_LIFETIME ||
684 ia->prefix_vltime != ND6_INFINITE_LIFETIME))
690 clock_gettime(CLOCK_MONOTONIC, &n);
693 elapsed = (uint32_t)eloop_timespec_diff(now, &ia->acquired,
695 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) {
696 if (elapsed > ia->prefix_pltime)
697 ia->prefix_pltime = 0;
699 ia->prefix_pltime -= elapsed;
701 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) {
702 if (elapsed > ia->prefix_vltime)
703 ia->prefix_vltime = 0;
705 ia->prefix_vltime -= elapsed;
709 loglevel = ia->flags & IPV6_AF_NEW ? LOG_INFO : LOG_DEBUG;
710 logmessage(loglevel, "%s: adding %saddress %s", ifp->name,
711 #ifdef IPV6_AF_TEMPORARY
712 ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "",
717 if (ia->prefix_pltime == ND6_INFINITE_LIFETIME &&
718 ia->prefix_vltime == ND6_INFINITE_LIFETIME)
719 logdebugx("%s: pltime infinity, vltime infinity",
721 else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME)
722 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds",
723 ifp->name, ia->prefix_vltime);
724 else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME)
725 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity",
726 ifp->name, ia->prefix_pltime);
728 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32
730 ifp->name, ia->prefix_pltime, ia->prefix_vltime);
732 if (if_address6(RTM_NEWADDR, ia) == -1) {
734 /* Restore real pltime and vltime */
735 ia->prefix_pltime = pltime;
736 ia->prefix_vltime = vltime;
740 #ifdef IPV6_MANAGETEMPADDR
741 /* RFC4941 Section 3.4 */
742 if (ia->flags & IPV6_AF_TEMPORARY &&
745 ifp->options->options & DHCPCD_SLAACTEMP)
746 eloop_timeout_add_sec(ifp->ctx->eloop,
747 ia->prefix_pltime - REGEN_ADVANCE,
748 ipv6_regentempaddr, ia);
751 /* Restore real pltime and vltime */
752 ia->prefix_pltime = pltime;
753 ia->prefix_vltime = vltime;
755 ia->flags &= ~IPV6_AF_NEW;
756 ia->flags |= IPV6_AF_ADDED;
758 if (ia->delegating_prefix != NULL)
759 ia->flags |= IPV6_AF_DELEGATED;
762 #ifdef IPV6_POLLADDRFLAG
763 eloop_timeout_delete(ifp->ctx->eloop,
764 ipv6_checkaddrflags, ia);
765 if (!(ia->flags & IPV6_AF_DADCOMPLETED)) {
766 eloop_timeout_add_msec(ifp->ctx->eloop,
767 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
772 /* Solaris does not announce new addresses which need DaD
773 * so we need to take a copy and add it to our list.
774 * Otherwise aliasing gets confused if we add another
775 * address during DaD. */
777 state = IPV6_STATE(ifp);
778 TAILQ_FOREACH(ia2, &state->addrs, next) {
779 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr))
783 if ((ia2 = malloc(sizeof(*ia2))) == NULL) {
785 return 0; /* Well, we did add the address */
787 memcpy(ia2, ia, sizeof(*ia2));
788 TAILQ_INSERT_TAIL(&state->addrs, ia2, next);
796 /* Re-advertise the preferred address to be safe. */
797 if (!vltime_was_zero)
798 ipv6nd_advertise(ia);
805 /* Find the next logical alias address we can use. */
807 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl)
809 struct ipv6_state *state;
810 struct ipv6_addr *iap;
812 char alias[IF_NAMESIZE];
814 if (ia->alias[0] != '\0')
816 state = IPV6_STATE(ia->iface);
818 /* First find an existng address.
819 * This can happen when dhcpcd restarts as ND and DHCPv6
820 * maintain their own lists of addresses. */
821 TAILQ_FOREACH(iap, &state->addrs, next) {
822 if (iap->alias[0] != '\0' &&
823 IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
825 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
832 if (if_makealias(alias, IF_NAMESIZE, ia->iface->name, lun) >=
838 TAILQ_FOREACH(iap, &state->addrs, next) {
839 if (iap->alias[0] == '\0')
841 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) {
842 /* No address assigned? Lets use it. */
843 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
848 if (strcmp(iap->alias, alias) == 0)
853 if (lun == UINT_MAX) {
861 strlcpy(ia->alias, alias, sizeof(ia->alias));
867 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now)
872 struct ipv6_addr *replaced_ia;
874 blank = (ia->alias[0] == '\0');
875 if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1)
878 logdebugx("%s: aliased %s", ia->alias, ia->saddr);
881 if ((r = ipv6_addaddr1(ia, now)) == 0) {
884 struct ipv6_state *state;
886 state = IPV6_STATE(ia->iface);
887 TAILQ_REMOVE(&state->addrs, replaced_ia, next);
888 ipv6_freeaddr(replaced_ia);
896 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match,
902 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) ==
903 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED))
905 } else if (addr->prefix_vltime &&
906 IN6_ARE_ADDR_EQUAL(&addr->addr, match) &&
907 (!flags || addr->flags & flags))
914 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags)
916 struct ipv6_addr *nap;
918 struct ipv6_addr *dap;
921 nap = ipv6nd_findaddr(ctx, addr, flags);
923 dap = dhcp6_findaddr(ctx, addr, flags);
930 if (nap->iface->metric < dap->iface->metric)
939 ipv6_doaddr(struct ipv6_addr *ia, struct timespec *now)
942 /* A delegated prefix is not an address. */
943 if (ia->flags & IPV6_AF_DELEGATEDPFX)
946 if (ia->prefix_vltime == 0) {
947 if (ia->flags & IPV6_AF_ADDED)
949 eloop_q_timeout_delete(ia->iface->ctx->eloop,
950 ELOOP_QUEUE_ALL, NULL, ia);
951 if (ia->flags & IPV6_AF_REQUEST) {
952 ia->flags &= ~IPV6_AF_ADDED;
958 if (ia->flags & IPV6_AF_STALE ||
959 IN6_IS_ADDR_UNSPECIFIED(&ia->addr))
962 if (!timespecisset(now))
963 clock_gettime(CLOCK_MONOTONIC, now);
964 ipv6_addaddr(ia, now);
965 return ia->flags & IPV6_AF_NEW ? 1 : 0;
969 ipv6_addaddrs(struct ipv6_addrhead *iaddrs)
972 struct ipv6_addr *ia, *ian;
977 TAILQ_FOREACH_SAFE(ia, iaddrs, next, ian) {
978 r = ipv6_doaddr(ia, &now);
982 TAILQ_REMOVE(iaddrs, ia, next);
990 ipv6_freeaddr(struct ipv6_addr *ia)
992 struct eloop *eloop = ia->iface->ctx->eloop;
994 struct ipv6_addr *iad;
996 /* Forget the reference */
997 if (ia->flags & IPV6_AF_DELEGATEDPFX) {
998 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) {
999 iad->delegating_prefix = NULL;
1001 } else if (ia->delegating_prefix != NULL) {
1002 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next);
1006 if (ia->dhcp6_fd != -1) {
1007 close(ia->dhcp6_fd);
1008 eloop_event_delete(eloop, ia->dhcp6_fd);
1011 eloop_q_timeout_delete(eloop, ELOOP_QUEUE_ALL, NULL, ia);
1017 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
1018 const struct interface *ifd)
1020 struct ipv6_addr *ap, *apn, *apf;
1021 struct timespec now;
1026 timespecclear(&now);
1027 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
1030 (ap->delegating_prefix == NULL ||
1031 ap->delegating_prefix->iface != ifd))
1035 TAILQ_REMOVE(addrs, ap, next);
1036 if (drop && ap->flags & IPV6_AF_ADDED &&
1037 (ap->iface->options->options &
1038 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
1039 (DHCPCD_EXITING | DHCPCD_PERSISTENT))
1041 /* Don't drop link-local addresses. */
1042 if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) ||
1043 CAN_DROP_LLADDR(ap->iface))
1046 TAILQ_REMOVE(addrs, ap, next);
1047 /* Find the same address somewhere else */
1048 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr,
1051 (apf->iface != ap->iface)))
1052 ipv6_deleteaddr(ap);
1053 if (!(ap->iface->options->options &
1054 DHCPCD_EXITING) && apf)
1056 if (!timespecisset(&now))
1057 clock_gettime(CLOCK_MONOTONIC,
1059 ipv6_addaddr(apf, &now);
1070 static struct ipv6_state *
1071 ipv6_getstate(struct interface *ifp)
1073 struct ipv6_state *state;
1075 state = IPV6_STATE(ifp);
1076 if (state == NULL) {
1077 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
1078 state = IPV6_STATE(ifp);
1079 if (state == NULL) {
1083 TAILQ_INIT(&state->addrs);
1084 TAILQ_INIT(&state->ll_callbacks);
1090 ipv6_anyglobal(struct interface *sifp)
1092 struct interface *ifp;
1093 struct ipv6_state *state;
1094 struct ipv6_addr *ia;
1098 #if defined(PRIVSEP) && defined(HAVE_PLEDGE)
1099 if (IN_PRIVSEP(sifp->ctx))
1100 forwarding = ps_root_ip6forwarding(sifp->ctx, NULL) == 1;
1103 forwarding = ip6_forwarding(NULL) == 1;
1107 TAILQ_FOREACH(ifp, sifp->ctx->ifaces, next) {
1109 if (ifp != sifp && !forwarding)
1112 #if defined(PRIVSEP) && defined(__linux__)
1113 if (IN_PRIVSEP(sifp->ctx)) {
1115 ps_root_ip6forwarding(sifp->ctx, ifp->name) != 1)
1119 if (ifp != sifp && ip6_forwarding(ifp->name) != 1)
1123 state = IPV6_STATE(ifp);
1127 TAILQ_FOREACH(ia, &state->addrs, next) {
1128 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr))
1130 /* Let's be optimistic.
1131 * Any decent OS won't forward or accept traffic
1132 * from/to tentative or detached addresses. */
1133 if (!(ia->addr_flags & IN6_IFF_DUPLICATED))
1141 ipv6_handleifa(struct dhcpcd_ctx *ctx,
1142 int cmd, struct if_head *ifs, const char *ifname,
1143 const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid)
1145 struct interface *ifp;
1146 struct ipv6_state *state;
1147 struct ipv6_addr *ia;
1148 struct ll_callback *cb;
1152 struct sockaddr_in6 subnet;
1154 /* Solaris on-link route is an unspecified address! */
1155 if (IN6_IS_ADDR_UNSPECIFIED(addr)) {
1156 if (if_getsubnet(ctx, ifname, AF_INET6,
1157 &subnet, sizeof(subnet)) == -1)
1162 addr = &subnet.sin6_addr;
1167 char dbuf[INET6_ADDRSTRLEN];
1170 dbp = inet_ntop(AF_INET6, &addr->s6_addr,
1171 dbuf, INET6_ADDRSTRLEN);
1172 loginfox("%s: cmd %d addr %s addrflags %d",
1173 ifname, cmd, dbp, addrflags);
1180 if ((ifp = if_find(ifs, ifname)) == NULL)
1182 if ((state = ipv6_getstate(ifp)) == NULL)
1184 anyglobal = ipv6_anyglobal(ifp) != NULL;
1186 TAILQ_FOREACH(ia, &state->addrs, next) {
1187 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr))
1194 TAILQ_REMOVE(&state->addrs, ia, next);
1195 #ifdef ND6_ADVERTISE
1196 /* Advertise the address if it exists on
1197 * another interface. */
1198 ipv6nd_advertise(ia);
1200 /* We'll free it at the end of the function. */
1205 ia = ipv6_newaddr(ifp, addr, prefix_len, 0);
1207 strlcpy(ia->alias, ifname, sizeof(ia->alias));
1209 if (if_getlifetime6(ia) == -1) {
1210 /* No support or address vanished.
1211 * Either way, just set a deprecated
1212 * infinite time lifetime and continue.
1213 * This is fine because we only want
1214 * to know this when trying to extend
1215 * temporary addresses.
1216 * As we can't extend infinite, we'll
1217 * create a new temporary address. */
1218 ia->prefix_pltime = 0;
1220 ND6_INFINITE_LIFETIME;
1222 /* This is a minor regression against RFC 4941
1223 * because the kernel only knows when the
1224 * lifetimes were last updated, not when the
1225 * address was initially created.
1226 * Provided dhcpcd is not restarted, this
1227 * won't be a problem.
1228 * If we don't like it, we can always
1229 * pretend lifetimes are infinite and always
1230 * generate a new temporary address on
1232 ia->acquired = ia->created;
1233 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1235 ia->addr_flags = addrflags;
1236 ia->flags &= ~IPV6_AF_STALE;
1237 #ifdef IPV6_MANAGETEMPADDR
1238 if (ia->addr_flags & IN6_IFF_TEMPORARY)
1239 ia->flags |= IPV6_AF_TEMPORARY;
1241 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) {
1242 #ifdef IPV6_POLLADDRFLAG
1243 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1244 eloop_timeout_add_msec(
1245 ia->iface->ctx->eloop,
1246 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1251 if (ia->dadcallback)
1252 ia->dadcallback(ia);
1254 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) &&
1255 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1257 /* Now run any callbacks.
1258 * Typically IPv6RS or DHCPv6 */
1260 TAILQ_FIRST(&state->ll_callbacks)))
1263 &state->ll_callbacks,
1265 cb->callback(cb->arg);
1276 ctx->options &= ~DHCPCD_RTBUILD;
1277 ipv6nd_handleifa(cmd, ia, pid);
1279 dhcp6_handleifa(cmd, ia, pid);
1282 /* Done with the ia now, so free it. */
1283 if (cmd == RTM_DELADDR)
1285 else if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1286 ia->flags |= IPV6_AF_DADCOMPLETED;
1288 /* If we've not already called rt_build via the IPv6ND
1289 * or DHCP6 handlers and the existance of any useable
1290 * global address on the interface has changed,
1291 * call rt_build to add/remove the default route. */
1293 ((ifp->options != NULL && ifp->options->options & DHCPCD_IPV6) ||
1294 (ifp->options == NULL && ctx->options & DHCPCD_IPV6)) &&
1295 !(ctx->options & DHCPCD_RTBUILD) &&
1296 (ipv6_anyglobal(ifp) != NULL) != anyglobal)
1297 rt_build(ctx, AF_INET6);
1301 ipv6_hasaddr(const struct interface *ifp)
1304 if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL)
1307 if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL)
1314 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr,
1317 struct ipv6_state *state;
1318 struct ipv6_addr *ap;
1320 state = IPV6_STATE(ifp);
1322 TAILQ_FOREACH(ap, &state->addrs, next) {
1324 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1325 (!revflags || !(ap->addr_flags & revflags)))
1328 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1329 (!revflags || !(ap->addr_flags & revflags)))
1337 static struct ipv6_addr *
1338 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr)
1340 struct ipv6_state *state;
1341 struct ipv6_addr *ap;
1342 struct in6_addr mask;
1344 state = IPV6_STATE(ifp);
1346 TAILQ_FOREACH(ap, &state->addrs, next) {
1347 if (ipv6_mask(&mask, ap->prefix_len) == -1)
1349 if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask))
1357 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr)
1359 struct interface *ifp;
1360 struct ipv6_addr *ap;
1362 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1363 ap = ipv6_iffindmaskaddr(ifp, addr);
1371 ipv6_addlinklocalcallback(struct interface *ifp,
1372 void (*callback)(void *), void *arg)
1374 struct ipv6_state *state;
1375 struct ll_callback *cb;
1377 state = ipv6_getstate(ifp);
1378 TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1379 if (cb->callback == callback && cb->arg == arg)
1383 cb = malloc(sizeof(*cb));
1388 cb->callback = callback;
1390 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1395 static struct ipv6_addr *
1396 ipv6_newlinklocal(struct interface *ifp)
1398 struct ipv6_addr *ia;
1399 struct in6_addr in6;
1401 memset(&in6, 0, sizeof(in6));
1402 in6.s6_addr32[0] = htonl(0xfe800000);
1403 ia = ipv6_newaddr(ifp, &in6, 64, 0);
1405 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1406 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1411 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1412 static const uint8_t allone[8] =
1413 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1416 ipv6_addlinklocal(struct interface *ifp)
1418 struct ipv6_state *state;
1419 struct ipv6_addr *ap, *ap2;
1422 /* Check sanity before malloc */
1423 if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1424 switch (ifp->hwtype) {
1426 /* Check for a valid hardware address */
1427 if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1431 if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1432 memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1444 state = ipv6_getstate(ifp);
1448 ap = ipv6_newlinklocal(ifp);
1453 if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1455 if (ipv6_makestableprivate(&ap->addr,
1456 &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1461 ap->dadcounter = dadcounter;
1463 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1464 switch (ifp->hwtype) {
1466 if (ifp->hwlen == 6) {
1467 ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1468 ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1469 ap->addr.s6_addr[10] = ifp->hwaddr[2];
1470 ap->addr.s6_addr[11] = 0xff;
1471 ap->addr.s6_addr[12] = 0xfe;
1472 ap->addr.s6_addr[13] = ifp->hwaddr[3];
1473 ap->addr.s6_addr[14] = ifp->hwaddr[4];
1474 ap->addr.s6_addr[15] = ifp->hwaddr[5];
1475 } else if (ifp->hwlen == 8)
1476 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1485 /* Sanity check: g bit must not indciate "group" */
1486 if (EUI64_GROUP(&ap->addr)) {
1491 EUI64_TO_IFID(&ap->addr);
1494 /* Do we already have this address? */
1495 TAILQ_FOREACH(ap2, &state->addrs, next) {
1496 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1497 if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1498 if (ifp->options->options &
1499 DHCPCD_SLAACPRIVATE)
1502 goto nextslaacprivate;
1505 errno = EADDRNOTAVAIL;
1509 logwarnx("%s: waiting for %s to complete",
1510 ap2->iface->name, ap2->saddr);
1517 inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1518 TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1519 ipv6_addaddr(ap, NULL);
1524 ipv6_tryaddlinklocal(struct interface *ifp)
1526 struct ipv6_addr *ia;
1528 /* We can't assign a link-locak address to this,
1529 * the ppp process has to. */
1530 if (ifp->flags & IFF_POINTOPOINT)
1533 ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED);
1535 #ifdef IPV6_POLLADDRFLAG
1536 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1537 eloop_timeout_add_msec(
1538 ia->iface->ctx->eloop,
1539 RETRANS_TIMER / 2, ipv6_checkaddrflags, ia);
1544 if (!CAN_ADD_LLADDR(ifp))
1547 return ipv6_addlinklocal(ifp);
1551 ipv6_setscope(struct sockaddr_in6 *sin, unsigned int ifindex)
1555 /* KAME based systems want to store the scope inside the sin6_addr
1556 * for link local addresses */
1557 if (IN6_IS_ADDR_LINKLOCAL(&sin->sin6_addr)) {
1558 uint16_t scope = htons((uint16_t)ifindex);
1559 memcpy(&sin->sin6_addr.s6_addr[2], &scope,
1562 sin->sin6_scope_id = 0;
1564 if (IN6_IS_ADDR_LINKLOCAL(&sin->sin6_addr))
1565 sin->sin6_scope_id = ifindex;
1567 sin->sin6_scope_id = 0;
1572 ipv6_getscope(const struct sockaddr_in6 *sin)
1578 if (!IN6_IS_ADDR_LINKLOCAL(&sin->sin6_addr))
1581 memcpy(&scope, &sin->sin6_addr.s6_addr[2], sizeof(scope));
1582 return (unsigned int)ntohs(scope);
1584 return (unsigned int)sin->sin6_scope_id;
1589 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr,
1590 uint8_t prefix_len, unsigned int flags)
1592 struct ipv6_addr *ia, *iaf;
1593 char buf[INET6_ADDRSTRLEN];
1598 #ifdef IPV6_AF_TEMPORARY
1599 tempaddr = flags & IPV6_AF_TEMPORARY;
1604 /* If adding a new DHCP / RA derived address, check current flags
1605 * from an existing address. */
1608 else if (flags & IPV6_AF_AUTOCONF)
1609 iaf = ipv6nd_iffindprefix(ifp, addr, prefix_len);
1611 iaf = ipv6_iffindaddr(ifp, addr, 0);
1613 addr_flags = iaf->addr_flags;
1614 flags |= IPV6_AF_ADDED;
1616 addr_flags = IN6_IFF_TENTATIVE;
1618 ia = calloc(1, sizeof(*ia));
1623 ia->addr_flags = addr_flags;
1624 ia->flags = IPV6_AF_NEW | flags;
1625 if (!(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1626 ia->flags |= IPV6_AF_DADCOMPLETED;
1627 ia->prefix_len = prefix_len;
1631 TAILQ_INIT(&ia->pd_pfxs);
1634 if (prefix_len == 128)
1636 else if (ia->flags & IPV6_AF_AUTOCONF) {
1639 memcpy(&ia->addr, &iaf->addr, sizeof(ia->addr));
1641 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp,
1645 if (ia->dadcounter == -1)
1648 } else if (ia->flags & IPV6_AF_RAPFX) {
1652 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1657 } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX)) {
1659 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf));
1664 if (ipv6_makeprefix(&ia->prefix,
1665 &ia->addr, ia->prefix_len) == -1)
1669 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1673 snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len);
1684 ipv6_staticdadcallback(void *arg)
1686 struct ipv6_addr *ia = arg;
1689 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
1690 ia->flags |= IPV6_AF_DADCOMPLETED;
1691 if (ia->addr_flags & IN6_IFF_DUPLICATED)
1692 logwarnx("%s: DAD detected %s", ia->iface->name,
1694 else if (!wascompleted) {
1695 logdebugx("%s: IPv6 static DAD completed",
1699 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1700 if (!wascompleted) {
1701 struct interface *ifp;
1702 struct ipv6_state *state;
1705 state = IPV6_STATE(ifp);
1706 TAILQ_FOREACH(ia, &state->addrs, next) {
1707 if (ia->flags & IPV6_AF_STATIC &&
1708 (ia->flags & FINISHED) != FINISHED)
1715 script_runreason(ifp, "STATIC6");
1721 ipv6_env(FILE *fp, const char *prefix, const struct interface *ifp)
1723 struct ipv6_addr *ia;
1725 ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6,
1726 IN6_IFF_NOTUSEABLE);
1729 if (efprintf(fp, "%s_ip6_address=%s", prefix, ia->saddr) == -1)
1735 ipv6_staticdadcompleted(const struct interface *ifp)
1737 const struct ipv6_state *state;
1738 const struct ipv6_addr *ia;
1741 if ((state = IPV6_CSTATE(ifp)) == NULL)
1744 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1745 TAILQ_FOREACH(ia, &state->addrs, next) {
1746 if ((ia->flags & COMPLETED) == COMPLETED &&
1747 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1754 ipv6_startstatic(struct interface *ifp)
1756 struct ipv6_addr *ia;
1759 if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6))
1762 ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0);
1764 (ia->prefix_len != ifp->options->req_prefix_len ||
1765 ia->addr_flags & IN6_IFF_NOTUSEABLE))
1767 ipv6_deleteaddr(ia);
1771 struct ipv6_state *state;
1773 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6,
1774 ifp->options->req_prefix_len, 0);
1777 state = IPV6_STATE(ifp);
1778 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1782 ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK;
1783 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1784 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1785 ia->dadcallback = ipv6_staticdadcallback;
1786 ipv6_addaddr(ia, NULL);
1787 rt_build(ifp->ctx, AF_INET6);
1789 script_runreason(ifp, "STATIC6");
1793 /* Ensure the interface has a link-local address */
1795 ipv6_start(struct interface *ifp)
1797 #ifdef IPV6_POLLADDRFLAG
1798 struct ipv6_state *state;
1800 /* We need to update the address flags. */
1801 if ((state = IPV6_STATE(ifp)) != NULL) {
1802 struct ipv6_addr *ia;
1806 TAILQ_FOREACH(ia, &state->addrs, next) {
1812 flags = if_addrflags6(ia->iface, &ia->addr, alias);
1814 ia->addr_flags = flags;
1819 if (ipv6_tryaddlinklocal(ifp) == -1)
1826 ipv6_freedrop(struct interface *ifp, int drop)
1828 struct ipv6_state *state;
1829 struct ll_callback *cb;
1834 if ((state = IPV6_STATE(ifp)) == NULL)
1837 /* If we got here, we can get rid of any LL callbacks. */
1838 while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1839 TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1843 ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1845 if (ifp->ctx->ra_routers != NULL)
1846 rt_build(ifp->ctx, AF_INET6);
1848 /* Because we need to cache the addresses we don't control,
1849 * we only free the state on when NOT dropping addresses. */
1851 ifp->if_data[IF_DATA_IPV6] = NULL;
1852 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1857 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1860 free(ctx->ra_routers);
1865 ipv6_handleifa_addrs(int cmd,
1866 struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid)
1868 struct ipv6_addr *ia, *ian;
1869 uint8_t found, alldadcompleted;
1871 alldadcompleted = 1;
1873 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
1874 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) {
1875 if (ia->flags & IPV6_AF_ADDED &&
1876 !(ia->flags & IPV6_AF_DADCOMPLETED))
1877 alldadcompleted = 0;
1882 if (ia->flags & IPV6_AF_ADDED) {
1883 logwarnx("%s: pid %d deleted address %s",
1884 ia->iface->name, pid, ia->saddr);
1885 ia->flags &= ~IPV6_AF_ADDED;
1887 ipv6_deletedaddr(ia);
1888 if (ia->flags & IPV6_AF_DELEGATED) {
1889 TAILQ_REMOVE(addrs, ia, next);
1894 ia->addr_flags = addr->addr_flags;
1895 /* Safety - ignore tentative announcements */
1896 if (ia->addr_flags &
1897 (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE))
1899 if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) {
1901 if (ia->dadcallback)
1902 ia->dadcallback(ia);
1903 /* We need to set this here in-case the
1904 * dadcallback function checks it */
1905 ia->flags |= IPV6_AF_DADCOMPLETED;
1911 return alldadcompleted ? found : 0;
1914 #ifdef IPV6_MANAGETEMPADDR
1916 ipv6_regen_desync(struct interface *ifp, bool force)
1918 struct ipv6_state *state;
1921 state = IPV6_STATE(ifp);
1923 /* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1924 * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1925 * I believe this is an error and it should be never be greater than
1926 * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1927 max = TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE;
1928 if (state->desync_factor && !force && state->desync_factor < max)
1930 if (state->desync_factor == 0)
1931 state->desync_factor =
1932 arc4random_uniform(MIN(MAX_DESYNC_FACTOR, max));
1933 max = TEMP_PREFERRED_LIFETIME - state->desync_factor - REGEN_ADVANCE;
1934 eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempaddrs, ifp);
1937 /* RFC4941 Section 3.3.7 */
1939 ipv6_tempdadcallback(void *arg)
1941 struct ipv6_addr *ia = arg;
1943 if (ia->addr_flags & IN6_IFF_DUPLICATED) {
1944 struct ipv6_addr *ia1;
1947 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1948 logerrx("%s: too many duplicate temporary addresses",
1952 clock_gettime(CLOCK_MONOTONIC, &tv);
1953 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1956 ia1->dadcounter = ia->dadcounter;
1957 ipv6_deleteaddr(ia);
1959 ipv6_addaddr(ia1, &ia1->acquired);
1964 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1966 struct ipv6_state *state;
1967 struct interface *ifp = ia0->iface;
1968 struct ipv6_addr *ia;
1970 ia = ipv6_newaddr(ifp, &ia0->prefix, ia0->prefix_len,
1971 IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY);
1975 ia->dadcallback = ipv6_tempdadcallback;
1976 ia->created = ia->acquired = now ? *now : ia0->acquired;
1978 /* Ensure desync is still valid */
1979 ipv6_regen_desync(ifp, false);
1981 /* RFC4941 Section 3.3.4 */
1982 state = IPV6_STATE(ia->iface);
1983 ia->prefix_pltime = MIN(ia0->prefix_pltime,
1984 TEMP_PREFERRED_LIFETIME - state->desync_factor);
1985 ia->prefix_vltime = MIN(ia0->prefix_vltime, TEMP_VALID_LIFETIME);
1986 if (ia->prefix_pltime <= REGEN_ADVANCE ||
1987 ia->prefix_pltime > ia0->prefix_vltime)
1994 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1999 ipv6_settemptime(struct ipv6_addr *ia, int flags)
2001 struct ipv6_state *state;
2002 struct ipv6_addr *ap, *first;
2004 state = IPV6_STATE(ia->iface);
2006 TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
2007 if (ap->flags & IPV6_AF_TEMPORARY &&
2008 ap->prefix_pltime &&
2009 IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
2011 unsigned int max, ext;
2014 if (ap->prefix_pltime -
2015 (uint32_t)(ia->acquired.tv_sec -
2016 ap->acquired.tv_sec)
2023 if (!(ap->flags & IPV6_AF_ADDED))
2024 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
2025 ap->flags &= ~IPV6_AF_STALE;
2027 /* RFC4941 Section 3.4
2028 * Deprecated prefix, deprecate the temporary address */
2029 if (ia->prefix_pltime == 0) {
2030 ap->prefix_pltime = 0;
2034 /* Ensure desync is still valid */
2035 ipv6_regen_desync(ap->iface, false);
2037 /* RFC4941 Section 3.3.2
2038 * Extend temporary times, but ensure that they
2039 * never last beyond the system limit. */
2040 ext = (unsigned int)ia->acquired.tv_sec
2041 + ia->prefix_pltime;
2042 max = (unsigned int)(ap->created.tv_sec +
2043 TEMP_PREFERRED_LIFETIME -
2044 state->desync_factor);
2046 ap->prefix_pltime = ia->prefix_pltime;
2049 (uint32_t)(max - ia->acquired.tv_sec);
2052 ext = (unsigned int)ia->acquired.tv_sec +
2054 max = (unsigned int)(ap->created.tv_sec +
2055 TEMP_VALID_LIFETIME);
2057 ap->prefix_vltime = ia->prefix_vltime;
2060 (uint32_t)(max - ia->acquired.tv_sec);
2062 /* Just extend the latest matching prefix */
2063 ap->acquired = ia->acquired;
2065 /* If extending return the last match as
2066 * it's the most current.
2067 * If deprecating, deprecate any other addresses we
2068 * may have, although this should not be needed */
2069 if (ia->prefix_pltime)
2079 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
2081 struct ipv6_state *state;
2082 struct ipv6_addr *ia;
2084 state = IPV6_STATE(ifp);
2085 TAILQ_FOREACH(ia, &state->addrs, next) {
2086 if (ia->flags & IPV6_AF_TEMPORARY &&
2087 !(ia->flags & IPV6_AF_STALE))
2088 ipv6_addaddr(ia, now);
2093 ipv6_regentempaddr0(struct ipv6_addr *ia, struct timespec *tv)
2095 struct ipv6_addr *ia1;
2097 logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr);
2098 ia1 = ipv6_createtempaddr(ia, tv);
2100 ipv6_addaddr(ia1, tv);
2106 ipv6_regentempaddr(void *arg)
2110 clock_gettime(CLOCK_MONOTONIC, &tv);
2111 ipv6_regentempaddr0(arg, &tv);
2115 ipv6_regentempaddrs(void *arg)
2117 struct interface *ifp = arg;
2119 struct ipv6_state *state;
2120 struct ipv6_addr *ia;
2122 state = IPV6_STATE(ifp);
2126 ipv6_regen_desync(ifp, true);
2128 clock_gettime(CLOCK_MONOTONIC, &tv);
2130 /* Mark addresses for regen so we don't infinite loop. */
2131 TAILQ_FOREACH(ia, &state->addrs, next) {
2132 if (ia->flags & IPV6_AF_TEMPORARY &&
2133 ia->flags & IPV6_AF_ADDED &&
2134 !(ia->flags & IPV6_AF_STALE))
2135 ia->flags |= IPV6_AF_REGEN;
2137 ia->flags &= ~IPV6_AF_REGEN;
2140 /* Now regen temp addrs */
2141 TAILQ_FOREACH(ia, &state->addrs, next) {
2142 if (ia->flags & IPV6_AF_REGEN) {
2143 ipv6_regentempaddr0(ia, &tv);
2144 ia->flags &= ~IPV6_AF_REGEN;
2148 #endif /* IPV6_MANAGETEMPADDR */
2151 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags)
2153 struct ipv6_state *state;
2154 struct ipv6_addr *ia;
2156 state = IPV6_STATE(ifp);
2160 TAILQ_FOREACH(ia, &state->addrs, next) {
2161 if (flags == 0 || ia->flags & flags)
2162 ia->flags |= IPV6_AF_STALE;
2167 ipv6_deletestaleaddrs(struct interface *ifp)
2169 struct ipv6_state *state;
2170 struct ipv6_addr *ia, *ia1;
2172 state = IPV6_STATE(ifp);
2176 TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) {
2177 if (ia->flags & IPV6_AF_STALE)
2178 ipv6_handleifa(ifp->ctx, RTM_DELADDR,
2179 ifp->ctx->ifaces, ifp->name,
2180 &ia->addr, ia->prefix_len, 0, getpid());
2186 inet6_makeroute(struct interface *ifp, const struct ra *rap)
2190 if ((rt = rt_new(ifp)) == NULL)
2193 #ifdef HAVE_ROUTE_METRIC
2194 rt->rt_metric = ifp->metric;
2197 rt->rt_mtu = rap->mtu;
2202 inet6_makeprefix(struct interface *ifp, const struct ra *rap,
2203 const struct ipv6_addr *addr)
2206 struct in6_addr netmask;
2208 if (addr == NULL || addr->prefix_len > 128) {
2213 /* There is no point in trying to manage a /128 prefix,
2214 * ones without a lifetime. */
2215 if (addr->prefix_len == 128 || addr->prefix_vltime == 0)
2218 /* Don't install a reject route when not creating bigger prefixes. */
2219 if (addr->flags & IPV6_AF_NOREJECT)
2222 /* This address is the delegated prefix, so add a reject route for
2223 * it via the loopback interface. */
2224 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2225 struct interface *lo0;
2227 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) {
2228 if (lo0->flags & IFF_LOOPBACK)
2232 logwarnx("cannot find a loopback interface "
2238 if ((rt = inet6_makeroute(ifp, rap)) == NULL)
2241 sa_in6_init(&rt->rt_dest, &addr->prefix);
2242 ipv6_mask(&netmask, addr->prefix_len);
2243 sa_in6_init(&rt->rt_netmask, &netmask);
2244 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2245 rt->rt_flags |= RTF_REJECT;
2246 /* Linux does not like a gateway for a reject route. */
2248 sa_in6_init(&rt->rt_gateway, &in6addr_loopback);
2250 } else if (!(addr->flags & IPV6_AF_ONLINK))
2251 sa_in6_init(&rt->rt_gateway, &rap->from);
2253 rt->rt_gateway.sa_family = AF_UNSPEC;
2254 sa_in6_init(&rt->rt_ifa, &addr->addr);
2259 inet6_makerouter(struct ra *rap)
2263 if ((rt = inet6_makeroute(rap->iface, rap)) == NULL)
2265 sa_in6_init(&rt->rt_dest, &in6addr_any);
2266 sa_in6_init(&rt->rt_netmask, &in6addr_any);
2267 sa_in6_init(&rt->rt_gateway, &rap->from);
2271 #define RT_IS_DEFAULT(rtp) \
2272 (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) && \
2273 IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any))
2276 inet6_staticroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2278 struct interface *ifp;
2279 struct ipv6_state *state;
2280 struct ipv6_addr *ia;
2283 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2284 if ((state = IPV6_STATE(ifp)) == NULL)
2286 TAILQ_FOREACH(ia, &state->addrs, next) {
2287 if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) ==
2288 (IPV6_AF_ADDED | IPV6_AF_STATIC))
2290 rt = inet6_makeprefix(ifp, NULL, ia);
2292 rt_proto_add(routes, rt);
2300 inet6_raroutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx)
2304 const struct ipv6_addr *addr;
2306 if (ctx->ra_routers == NULL)
2309 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
2312 TAILQ_FOREACH(addr, &rap->addrs, next) {
2313 if (addr->prefix_vltime == 0)
2315 rt = inet6_makeprefix(rap->iface, rap, addr);
2317 rt->rt_dflags |= RTDF_RA;
2318 #ifdef HAVE_ROUTE_PREF
2319 rt->rt_pref = ipv6nd_rtpref(rap);
2321 rt_proto_add(routes, rt);
2324 if (rap->lifetime == 0)
2326 if (ipv6_anyglobal(rap->iface) == NULL)
2328 rt = inet6_makerouter(rap);
2331 rt->rt_dflags |= RTDF_RA;
2332 #ifdef HAVE_ROUTE_PREF
2333 rt->rt_pref = ipv6nd_rtpref(rap);
2335 rt_proto_add(routes, rt);
2342 inet6_dhcproutes(rb_tree_t *routes, struct dhcpcd_ctx *ctx,
2345 struct interface *ifp;
2346 const struct dhcp6_state *d6_state;
2347 const struct ipv6_addr *addr;
2350 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2351 d6_state = D6_CSTATE(ifp);
2352 if (d6_state && d6_state->state == dstate) {
2353 TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2354 rt = inet6_makeprefix(ifp, NULL, addr);
2357 rt->rt_dflags |= RTDF_DHCP;
2358 rt_proto_add(routes, rt);
2367 inet6_getroutes(struct dhcpcd_ctx *ctx, rb_tree_t *routes)
2370 /* Should static take priority? */
2371 if (inet6_staticroutes(routes, ctx) == -1)
2374 /* First add reachable routers and their prefixes */
2375 if (inet6_raroutes(routes, ctx) == -1)
2379 /* We have no way of knowing if prefixes added by DHCP are reachable
2380 * or not, so we have to assume they are.
2381 * Add bound before delegated so we can prefer interfaces better. */
2382 if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1)
2384 if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1)