2 * dhcpcd - DHCP client daemon
3 * Copyright (c) 2006-2018 Roy Marples <roy@marples.name>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 #include <sys/param.h>
29 #include <sys/types.h>
30 #include <sys/socket.h>
34 #include <net/route.h>
35 #include <netinet/in.h>
36 #include <netinet/if_ether.h>
40 #ifdef HAVE_SYS_BITOPS_H
41 #include <sys/bitops.h>
43 #include "compat/bitops.h"
47 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used
48 * to generate our CAN_ADD_LLADDR #define. */
49 # include <netinet6/in6_var.h>
50 # include <netinet6/nd6.h>
82 #ifndef SHA256_DIGEST_LENGTH
83 # define SHA256_DIGEST_LENGTH 32
86 #if 0 /* XXX: suppress the warning as dfly currently doesn't support it */
87 #ifdef IPV6_POLLADDRFLAG
88 # warning kernel does not report IPv6 address flag changes
89 # warning polling tentative address flags periodically
93 /* Hackery at it's finest. */
96 # define s6_addr32 _S6_un._S6_u32
98 # define s6_addr32 __u6_addr.__u6_addr32
102 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \
103 defined(IFF_NOLINKLOCAL)
104 /* Only add the LL address if we have a carrier, so DaD works. */
105 #define CAN_ADD_LLADDR(ifp) \
106 (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN)
108 /* Although we can add our own LL address, we cannot drop it
109 * without unplumbing the if which is a lot of code.
110 * So just keep it for the time being. */
111 #define CAN_DROP_LLADDR(ifp) (0)
113 #define CAN_DROP_LLADDR(ifp) (1)
116 /* We have no control over the OS adding the LLADDR, so just let it do it
117 * as we cannot force our own view on it. */
118 #define CAN_ADD_LLADDR(ifp) (0)
119 #define CAN_DROP_LLADDR(ifp) (0)
122 #ifdef IPV6_MANAGETEMPADDR
123 static void ipv6_regentempifid(void *);
124 static void ipv6_regentempaddr(void *);
126 #define ipv6_regentempifid(a) {}
130 ipv6_init(struct dhcpcd_ctx *ctx)
133 if (ctx->sndhdr.msg_iovlen == 1)
136 if (ctx->ra_routers == NULL) {
137 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers));
138 if (ctx->ra_routers == NULL)
141 TAILQ_INIT(ctx->ra_routers);
143 ctx->sndhdr.msg_namelen = sizeof(struct sockaddr_in6);
144 ctx->sndhdr.msg_iov = ctx->sndiov;
145 ctx->sndhdr.msg_iovlen = 1;
146 ctx->sndhdr.msg_control = ctx->sndbuf;
147 ctx->sndhdr.msg_controllen = sizeof(ctx->sndbuf);
148 ctx->rcvhdr.msg_name = &ctx->from;
149 ctx->rcvhdr.msg_namelen = sizeof(ctx->from);
150 ctx->rcvhdr.msg_iov = ctx->iov;
151 ctx->rcvhdr.msg_iovlen = 1;
152 ctx->rcvhdr.msg_control = ctx->ctlbuf;
153 // controllen is set at recieve
154 //ctx->rcvhdr.msg_controllen = sizeof(ctx->rcvbuf);
162 ipv6_readsecret(struct dhcpcd_ctx *ctx)
171 if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0)
172 return (ssize_t)ctx->secret_len;
175 logerr("%s: %s", __func__, SECRET);
177 /* Chaining arc4random should be good enough.
178 * RFC7217 section 5.1 states the key SHOULD be at least 128 bits.
179 * To attempt and future proof ourselves, we'll generate a key of
180 * 512 bits (64 bytes). */
181 if (ctx->secret_len < 64) {
182 if ((ctx->secret = malloc(64)) == NULL) {
186 ctx->secret_len = 64;
189 for (len = 0; len < 512 / NBBY; len += sizeof(r)) {
191 memcpy(p, &r, sizeof(r));
195 /* Ensure that only the dhcpcd user can read the secret.
196 * Write permission is also denied as chaning it would remove
198 if ((fp = fopen(SECRET, "w")) == NULL ||
199 chmod(SECRET, S_IRUSR) == -1)
201 x = fprintf(fp, "%s\n",
202 hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)));
203 if (fclose(fp) == EOF)
207 return (ssize_t)ctx->secret_len;
210 logerr("%s: %s", __func__, SECRET);
218 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml
220 static const struct reslowhigh {
221 const uint8_t high[8];
222 const uint8_t low[8];
224 /* RFC4291 + RFC6543 */
225 { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 },
226 { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } },
228 { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 },
229 { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }
233 ipv6_reserved(const struct in6_addr *addr)
235 uint64_t id, low, high;
237 const struct reslowhigh *r;
239 id = be64dec(addr->s6_addr + sizeof(id));
240 if (id == 0) /* RFC4291 */
242 for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) {
244 low = be64dec(r->low);
245 high = be64dec(r->high);
246 if (id >= low && id <= high)
254 ipv6_makestableprivate1(struct in6_addr *addr,
255 const struct in6_addr *prefix, int prefix_len,
256 const unsigned char *netiface, size_t netiface_len,
257 const unsigned char *netid, size_t netid_len,
258 unsigned short vlanid,
259 uint32_t *dad_counter,
260 const unsigned char *secret, size_t secret_len)
262 unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH];
266 if (prefix_len < 0 || prefix_len > 120) {
271 l = (size_t)(ROUNDUP8(prefix_len) / NBBY);
272 len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len;
274 len += sizeof(vlanid);
275 if (len > sizeof(buf)) {
280 for (;; (*dad_counter)++) {
281 /* Combine all parameters into one buffer */
283 memcpy(p, prefix, l);
285 memcpy(p, netiface, netiface_len);
287 memcpy(p, netid, netid_len);
289 /* Don't use a vlanid if not set.
290 * This ensures prior versions have the same unique address. */
292 memcpy(p, &vlanid, sizeof(vlanid));
295 memcpy(p, dad_counter, sizeof(*dad_counter));
296 p += sizeof(*dad_counter);
297 memcpy(p, secret, secret_len);
299 /* Make an address using the digest of the above.
300 * RFC7217 Section 5.1 states that we shouldn't use MD5.
301 * Pity as we use that for HMAC-MD5 which is still deemed OK.
302 * SHA-256 is recommended */
304 SHA256_Update(&ctx, buf, len);
305 SHA256_Final(digest, &ctx);
308 memcpy(p, prefix, l);
309 /* RFC7217 section 5.2 says we need to start taking the id from
310 * the least significant bit */
311 len = sizeof(addr->s6_addr) - l;
312 memcpy(p + l, digest + (sizeof(digest) - len), len);
314 /* Ensure that the Interface ID does not match a reserved one,
315 * if it does then treat it as a DAD failure.
316 * RFC7217 section 5.2 */
317 if (prefix_len != 64)
319 if (!ipv6_reserved(addr))
327 ipv6_makestableprivate(struct in6_addr *addr,
328 const struct in6_addr *prefix, int prefix_len,
329 const struct interface *ifp,
335 if (ifp->ctx->secret_len == 0) {
336 if (ipv6_readsecret(ifp->ctx) == -1)
340 dad = (uint32_t)*dad_counter;
342 /* For our implementation, we shall set the hardware address
343 * as the interface identifier */
344 r = ipv6_makestableprivate1(addr, prefix, prefix_len,
345 ifp->hwaddr, ifp->hwlen,
346 ifp->ssid, ifp->ssid_len,
348 ifp->ctx->secret, ifp->ctx->secret_len);
351 *dad_counter = (int)dad;
356 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp,
357 const struct in6_addr *prefix, int prefix_len)
359 const struct ipv6_addr *ap;
362 if (prefix_len < 0 || prefix_len > 120) {
367 if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
369 if (ipv6_makestableprivate(addr,
370 prefix, prefix_len, ifp, &dad) == -1)
375 if (prefix_len > 64) {
379 if ((ap = ipv6_linklocal(ifp)) == NULL) {
380 /* We delay a few functions until we get a local-link address
381 * so this should never be hit. */
386 /* Make the address from the first local-link address */
387 memcpy(addr, prefix, sizeof(*prefix));
388 addr->s6_addr32[2] = ap->addr.s6_addr32[2];
389 addr->s6_addr32[3] = ap->addr.s6_addr32[3];
394 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len)
398 if (len < 0 || len > 128) {
405 memcpy(&prefix->s6_addr, &addr->s6_addr, (size_t)bytes);
407 /* Coverify false positive.
408 * bytelen cannot be 16 if bitlen is non zero */
409 /* coverity[overrun-local] */
410 prefix->s6_addr[bytes] =
411 (uint8_t)(prefix->s6_addr[bytes] >> (NBBY - bits));
413 memset((char *)prefix->s6_addr + bytes, 0,
414 sizeof(prefix->s6_addr) - (size_t)bytes);
419 ipv6_mask(struct in6_addr *mask, int len)
421 static const unsigned char masks[NBBY] =
422 { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff };
425 if (len < 0 || len > 128) {
430 memset(mask, 0, sizeof(*mask));
433 for (i = 0; i < bytes; i++)
434 mask->s6_addr[i] = 0xff;
436 /* Coverify false positive.
437 * bytelen cannot be 16 if bitlen is non zero */
438 /* coverity[overrun-local] */
439 mask->s6_addr[bytes] = masks[bits - 1];
445 ipv6_prefixlen(const struct in6_addr *mask)
448 const unsigned char *lim, *p;
450 lim = (const unsigned char *)mask + sizeof(*mask);
451 for (p = (const unsigned char *)mask; p < lim; x++, p++) {
457 for (y = 0; y < NBBY; y++) {
458 if ((*p & (0x80 >> y)) == 0)
464 * when the limit pointer is given, do a stricter check on the
468 if (y != 0 && (*p & (0x00ff >> y)) != 0)
470 for (p = p + 1; p < lim; p++)
475 return (uint8_t)(x * NBBY + y);
479 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr)
482 *vhigh = be64dec(addr->s6_addr);
483 *vlow = be64dec(addr->s6_addr + 8);
487 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow)
490 be64enc(addr->s6_addr, vhigh);
491 be64enc(addr->s6_addr + 8, vlow);
496 const struct in6_addr *prefix, // prefix from router
497 short prefix_len, // length of prefix received
498 uint64_t user_number, // "random" number from user
499 struct in6_addr *result, // resultant prefix
500 short result_len) // desired prefix length
502 uint64_t vh, vl, user_low, user_high;
504 if (prefix_len < 1 || prefix_len > 128 ||
505 result_len < 1 || result_len > 128)
511 /* Check that the user_number fits inside result_len less prefix_len */
512 if (result_len < prefix_len ||
513 fls64(user_number) > result_len - prefix_len)
519 /* If user_number is zero, just copy the prefix into the result. */
520 if (user_number == 0) {
525 /* Shift user_number so it fit's just inside result_len.
526 * Shifting by 0 or sizeof(user_number) is undefined,
527 * so we cater for that. */
528 if (result_len == 128) {
530 user_low = user_number;
531 } else if (result_len > 64) {
532 if (prefix_len >= 64)
535 user_high = user_number >> (result_len - prefix_len);
536 user_low = user_number << (128 - result_len);
537 } else if (result_len == 64) {
538 user_high = user_number;
541 user_high = user_number << (64 - result_len);
545 /* convert to two 64bit host order values */
546 in6_to_h64(&vh, &vl, prefix);
551 /* copy back result */
552 h64_to_in6(result, vh, vl);
557 #ifdef IPV6_POLLADDRFLAG
559 ipv6_checkaddrflags(void *arg)
561 struct ipv6_addr *ia;
571 if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) {
572 if (errno != EEXIST && errno != EADDRNOTAVAIL)
573 logerr("%s: if_addrflags6", __func__);
577 if (!(flags & IN6_IFF_TENTATIVE)) {
578 /* Simulate the kernel announcing the new address. */
579 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR,
580 ia->iface->ctx->ifaces, ia->iface->name,
581 &ia->addr, ia->prefix_len, flags, 0);
583 /* Still tentative? Check again in a bit. */
586 ms_to_ts(&tv, RETRANS_TIMER / 2);
587 eloop_timeout_add_tv(ia->iface->ctx->eloop, &tv,
588 ipv6_checkaddrflags, ia);
594 ipv6_deletedaddr(struct ipv6_addr *ia)
600 /* NOREJECT is set if we delegated exactly the prefix to another
602 * This can only be one address, so just clear the flag.
603 * This should ensure the reject route will be restored. */
604 if (ia->delegating_prefix != NULL)
605 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT;
610 ipv6_deleteaddr(struct ipv6_addr *ia)
612 struct ipv6_state *state;
613 struct ipv6_addr *ap;
615 loginfox("%s: deleting address %s", ia->iface->name, ia->saddr);
616 if (if_address6(RTM_DELADDR, ia) == -1 &&
617 errno != EADDRNOTAVAIL && errno != ESRCH &&
618 errno != ENXIO && errno != ENODEV)
621 ipv6_deletedaddr(ia);
623 state = IPV6_STATE(ia->iface);
624 TAILQ_FOREACH(ap, &state->addrs, next) {
625 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) {
626 TAILQ_REMOVE(&state->addrs, ap, next);
634 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now)
636 struct interface *ifp;
637 struct ipv6_state *state;
638 struct ipv6_addr *ia2;
639 uint32_t pltime, vltime;
640 __printflike(1, 2) void (*logfunc)(const char *, ...);
642 /* Ensure no other interface has this address */
643 TAILQ_FOREACH(ifp, ia->iface->ctx->ifaces, next) {
644 if (ifp == ia->iface)
646 state = IPV6_STATE(ifp);
649 TAILQ_FOREACH(ia2, &state->addrs, next) {
650 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr)) {
651 ipv6_deleteaddr(ia2);
657 /* Remember the interface of the address. */
660 if (!(ia->flags & IPV6_AF_DADCOMPLETED) &&
661 ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE))
662 ia->flags |= IPV6_AF_DADCOMPLETED;
664 /* Adjust plftime and vltime based on acquired time */
665 pltime = ia->prefix_pltime;
666 vltime = ia->prefix_vltime;
667 if (timespecisset(&ia->acquired) &&
668 (ia->prefix_pltime != ND6_INFINITE_LIFETIME ||
669 ia->prefix_vltime != ND6_INFINITE_LIFETIME))
674 clock_gettime(CLOCK_MONOTONIC, &n);
677 timespecsub(now, &ia->acquired, &n);
678 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) {
679 ia->prefix_pltime -= (uint32_t)n.tv_sec;
680 /* This can happen when confirming a
681 * deprecated but still valid lease. */
682 if (ia->prefix_pltime > pltime)
683 ia->prefix_pltime = 0;
685 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) {
686 ia->prefix_vltime -= (uint32_t)n.tv_sec;
687 /* This should never happen. */
688 if (ia->prefix_vltime > vltime) {
689 logerrx("%s: %s: lifetime overflow",
690 ifp->name, ia->saddr);
691 ia->prefix_vltime = ia->prefix_pltime = 0;
696 logfunc = ia->flags & IPV6_AF_NEW ? loginfox : logdebugx;
697 logfunc("%s: adding %saddress %s", ifp->name,
698 #ifdef IPV6_AF_TEMPORARY
699 ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "",
704 if (ia->prefix_pltime == ND6_INFINITE_LIFETIME &&
705 ia->prefix_vltime == ND6_INFINITE_LIFETIME)
706 logdebugx("%s: pltime infinity, vltime infinity",
708 else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME)
709 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds",
710 ifp->name, ia->prefix_vltime);
711 else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME)
712 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity",
713 ifp->name, ia->prefix_pltime);
715 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32
717 ifp->name, ia->prefix_pltime, ia->prefix_vltime);
720 if (if_address6(RTM_NEWADDR, ia) == -1) {
722 /* Restore real pltime and vltime */
723 ia->prefix_pltime = pltime;
724 ia->prefix_vltime = vltime;
728 #ifdef IPV6_MANAGETEMPADDR
729 /* RFC4941 Section 3.4 */
730 if (ia->flags & IPV6_AF_TEMPORARY &&
733 ip6_use_tempaddr(ifp->name))
734 eloop_timeout_add_sec(ifp->ctx->eloop,
735 (time_t)ia->prefix_pltime - REGEN_ADVANCE,
736 ipv6_regentempaddr, ia);
739 /* Restore real pltime and vltime */
740 ia->prefix_pltime = pltime;
741 ia->prefix_vltime = vltime;
743 ia->flags &= ~IPV6_AF_NEW;
744 ia->flags |= IPV6_AF_ADDED;
746 if (ia->delegating_prefix != NULL)
747 ia->flags |= IPV6_AF_DELEGATED;
750 #ifdef IPV6_POLLADDRFLAG
751 eloop_timeout_delete(ifp->ctx->eloop,
752 ipv6_checkaddrflags, ia);
753 if (!(ia->flags & IPV6_AF_DADCOMPLETED)) {
756 ms_to_ts(&tv, RETRANS_TIMER / 2);
757 eloop_timeout_add_tv(ifp->ctx->eloop,
758 &tv, ipv6_checkaddrflags, ia);
763 /* Solaris does not announce new addresses which need DaD
764 * so we need to take a copy and add it to our list.
765 * Otherwise aliasing gets confused if we add another
766 * address during DaD. */
768 state = IPV6_STATE(ifp);
769 TAILQ_FOREACH(ia2, &state->addrs, next) {
770 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr))
774 if ((ia2 = malloc(sizeof(*ia2))) == NULL) {
776 return 0; /* Well, we did add the address */
778 memcpy(ia2, ia, sizeof(*ia2));
779 TAILQ_INSERT_TAIL(&state->addrs, ia2, next);
787 /* Find the next logical aliase address we can use. */
789 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl)
791 struct ipv6_state *state;
792 struct ipv6_addr *iap;
794 char alias[IF_NAMESIZE];
796 if (ia->alias[0] != '\0')
798 state = IPV6_STATE(ia->iface);
800 /* First find an existng address.
801 * This can happen when dhcpcd restarts as ND and DHCPv6
802 * maintain their own lists of addresses. */
803 TAILQ_FOREACH(iap, &state->addrs, next) {
804 if (iap->alias[0] != '\0' &&
805 IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr))
807 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
815 strlcpy(alias, ia->iface->name, sizeof(alias));
817 snprintf(alias, sizeof(alias), "%s:%u", ia->iface->name, unit);
818 TAILQ_FOREACH(iap, &state->addrs, next) {
819 if (iap->alias[0] == '\0')
821 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) {
822 /* No address assigned? Lets use it. */
823 strlcpy(ia->alias, iap->alias, sizeof(ia->alias));
828 if (strcmp(iap->alias, alias) == 0)
833 if (unit == UINT_MAX) {
841 strlcpy(ia->alias, alias, sizeof(ia->alias));
847 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now)
852 struct ipv6_addr *replaced_ia;
854 blank = (ia->alias[0] == '\0');
855 if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1)
858 logdebugx("%s: aliased %s", ia->alias, ia->saddr);
861 if ((r = ipv6_addaddr1(ia, now)) == 0) {
864 struct ipv6_state *state;
866 state = IPV6_STATE(ia->iface);
867 TAILQ_REMOVE(&state->addrs, replaced_ia, next);
868 ipv6_freeaddr(replaced_ia);
876 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match,
882 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) ==
883 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED))
885 } else if (addr->prefix_vltime &&
886 IN6_ARE_ADDR_EQUAL(&addr->addr, match) &&
887 (!flags || addr->flags & flags))
894 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags)
896 struct ipv6_addr *dap, *nap;
898 dap = dhcp6_findaddr(ctx, addr, flags);
899 nap = ipv6nd_findaddr(ctx, addr, flags);
906 if (nap->iface->metric < dap->iface->metric)
912 ipv6_addaddrs(struct ipv6_addrhead *addrs)
914 struct ipv6_addr *ap, *apn, *apf;
920 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
921 /* A delegated prefix is not an address. */
922 if (ap->flags & IPV6_AF_DELEGATEDPFX)
924 if (ap->prefix_vltime == 0) {
925 if (ap->flags & IPV6_AF_ADDED) {
929 eloop_q_timeout_delete(ap->iface->ctx->eloop,
931 if (ap->flags & IPV6_AF_REQUEST) {
932 ap->flags &= ~IPV6_AF_ADDED;
934 TAILQ_REMOVE(addrs, ap, next);
937 } else if (!(ap->flags & IPV6_AF_STALE) &&
938 !IN6_IS_ADDR_UNSPECIFIED(&ap->addr))
940 apf = ipv6_findaddr(ap->iface->ctx,
941 &ap->addr, IPV6_AF_ADDED);
942 if (apf && apf->iface != ap->iface) {
943 if (apf->iface->metric <= ap->iface->metric) {
944 loginfox("%s: preferring %s on %s",
950 loginfox("%s: preferring %s on %s",
954 if (if_address6(RTM_DELADDR, apf) == -1 &&
955 errno != EADDRNOTAVAIL && errno != ENXIO)
958 ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED);
960 apf->flags &= ~IPV6_AF_ADDED;
961 if (ap->flags & IPV6_AF_NEW)
963 if (!timespecisset(&now))
964 clock_gettime(CLOCK_MONOTONIC, &now);
965 ipv6_addaddr(ap, &now);
973 ipv6_freeaddr(struct ipv6_addr *ia)
976 struct ipv6_addr *iad;
978 /* Forget the reference */
979 if (ia->flags & IPV6_AF_DELEGATEDPFX) {
980 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) {
981 iad->delegating_prefix = NULL;
983 } else if (ia->delegating_prefix != NULL) {
984 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next);
988 if (ia->dhcp6_fd != -1) {
990 eloop_event_delete(ia->iface->ctx->eloop, ia->dhcp6_fd);
993 eloop_q_timeout_delete(ia->iface->ctx->eloop, 0, NULL, ia);
998 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop,
999 const struct interface *ifd)
1001 struct ipv6_addr *ap, *apn, *apf;
1002 struct timespec now;
1007 timespecclear(&now);
1008 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) {
1011 (ap->delegating_prefix == NULL ||
1012 ap->delegating_prefix->iface != ifd))
1016 TAILQ_REMOVE(addrs, ap, next);
1017 if (drop && ap->flags & IPV6_AF_ADDED &&
1018 (ap->iface->options->options &
1019 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) !=
1020 (DHCPCD_EXITING | DHCPCD_PERSISTENT))
1022 /* Don't drop link-local addresses. */
1023 if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) ||
1024 CAN_DROP_LLADDR(ap->iface))
1027 TAILQ_REMOVE(addrs, ap, next);
1028 /* Find the same address somewhere else */
1029 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr,
1032 (apf->iface != ap->iface)))
1033 ipv6_deleteaddr(ap);
1034 if (!(ap->iface->options->options &
1035 DHCPCD_EXITING) && apf)
1037 if (!timespecisset(&now))
1038 clock_gettime(CLOCK_MONOTONIC,
1040 ipv6_addaddr(apf, &now);
1051 static struct ipv6_state *
1052 ipv6_getstate(struct interface *ifp)
1054 struct ipv6_state *state;
1056 state = IPV6_STATE(ifp);
1057 if (state == NULL) {
1058 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state));
1059 state = IPV6_STATE(ifp);
1060 if (state == NULL) {
1064 TAILQ_INIT(&state->addrs);
1065 TAILQ_INIT(&state->ll_callbacks);
1067 /* Regenerate new ids */
1069 ip6_use_tempaddr(ifp->name))
1070 ipv6_regentempifid(ifp);
1076 ipv6_handleifa(struct dhcpcd_ctx *ctx,
1077 int cmd, struct if_head *ifs, const char *ifname,
1078 const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid)
1080 struct interface *ifp;
1081 struct ipv6_state *state;
1082 struct ipv6_addr *ia;
1083 struct ll_callback *cb;
1086 char dbuf[INET6_ADDRSTRLEN];
1089 dbp = inet_ntop(AF_INET6, &addr->s6_addr,
1090 dbuf, INET6_ADDRSTRLEN);
1091 loginfox("%s: cmd %d addr %s",
1099 if ((ifp = if_find(ifs, ifname)) == NULL)
1101 if ((state = ipv6_getstate(ifp)) == NULL)
1104 TAILQ_FOREACH(ia, &state->addrs, next) {
1105 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr))
1112 TAILQ_REMOVE(&state->addrs, ia, next);
1113 /* We'll free it at the end of the function. */
1118 ia = ipv6_newaddr(ifp, addr, prefix_len, 0);
1120 strlcpy(ia->alias, ifname, sizeof(ia->alias));
1122 if (if_getlifetime6(ia) == -1) {
1123 /* No support or address vanished.
1124 * Either way, just set a deprecated
1125 * infinite time lifetime and continue.
1126 * This is fine because we only want
1127 * to know this when trying to extend
1128 * temporary addresses.
1129 * As we can't extend infinite, we'll
1130 * create a new temporary address. */
1131 ia->prefix_pltime = 0;
1133 ND6_INFINITE_LIFETIME;
1135 /* This is a minor regression against RFC 4941
1136 * because the kernel only knows when the
1137 * lifetimes were last updated, not when the
1138 * address was initially created.
1139 * Provided dhcpcd is not restarted, this
1140 * won't be a problem.
1141 * If we don't like it, we can always
1142 * pretend lifetimes are infinite and always
1143 * generate a new temporary address on
1145 ia->acquired = ia->created;
1146 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1148 ia->addr_flags = addrflags;
1149 ia->flags &= ~IPV6_AF_STALE;
1150 #ifdef IPV6_MANAGETEMPADDR
1151 if (ia->addr_flags & IN6_IFF_TEMPORARY)
1152 ia->flags |= IPV6_AF_TEMPORARY;
1154 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) {
1155 #ifdef IPV6_POLLADDRFLAG
1156 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1159 ms_to_ts(&tv, RETRANS_TIMER / 2);
1160 eloop_timeout_add_tv(
1161 ia->iface->ctx->eloop,
1162 &tv, ipv6_checkaddrflags, ia);
1167 if (ia->dadcallback) {
1168 ia->dadcallback(ia);
1169 if (ctx->options & DHCPCD_FORKED)
1173 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) &&
1174 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1176 /* Now run any callbacks.
1177 * Typically IPv6RS or DHCPv6 */
1179 TAILQ_FIRST(&state->ll_callbacks)))
1182 &state->ll_callbacks,
1184 cb->callback(cb->arg);
1186 if (ctx->options & DHCPCD_FORKED)
1197 ipv6nd_handleifa(cmd, ia, pid);
1199 dhcp6_handleifa(cmd, ia, pid);
1203 /* Done with the ia now, so free it. */
1204 if (cmd == RTM_DELADDR)
1209 ipv6_hasaddr(const struct interface *ifp)
1212 if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL)
1214 if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL)
1220 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr,
1223 struct ipv6_state *state;
1224 struct ipv6_addr *ap;
1226 state = IPV6_STATE(ifp);
1228 TAILQ_FOREACH(ap, &state->addrs, next) {
1230 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) &&
1231 (!revflags || !(ap->addr_flags & revflags)))
1234 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) &&
1235 (!revflags || !(ap->addr_flags & revflags)))
1243 static struct ipv6_addr *
1244 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr)
1246 struct ipv6_state *state;
1247 struct ipv6_addr *ap;
1248 struct in6_addr mask;
1250 state = IPV6_STATE(ifp);
1252 TAILQ_FOREACH(ap, &state->addrs, next) {
1253 if (ipv6_mask(&mask, ap->prefix_len) == -1)
1255 if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask))
1263 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr)
1265 struct interface *ifp;
1266 struct ipv6_addr *ap;
1268 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1269 ap = ipv6_iffindmaskaddr(ifp, addr);
1277 ipv6_addlinklocalcallback(struct interface *ifp,
1278 void (*callback)(void *), void *arg)
1280 struct ipv6_state *state;
1281 struct ll_callback *cb;
1283 state = ipv6_getstate(ifp);
1284 TAILQ_FOREACH(cb, &state->ll_callbacks, next) {
1285 if (cb->callback == callback && cb->arg == arg)
1289 cb = malloc(sizeof(*cb));
1294 cb->callback = callback;
1296 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next);
1301 static struct ipv6_addr *
1302 ipv6_newlinklocal(struct interface *ifp)
1304 struct ipv6_addr *ia;
1305 struct in6_addr in6;
1307 memset(&in6, 0, sizeof(in6));
1308 in6.s6_addr32[0] = htonl(0xfe800000);
1309 ia = ipv6_newaddr(ifp, &in6, 64, 0);
1311 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1312 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1317 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1318 static const uint8_t allone[8] =
1319 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1322 ipv6_addlinklocal(struct interface *ifp)
1324 struct ipv6_state *state;
1325 struct ipv6_addr *ap, *ap2;
1328 /* Check sanity before malloc */
1329 if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) {
1330 switch (ifp->family) {
1332 /* Check for a valid hardware address */
1333 if (ifp->hwlen != 6 && ifp->hwlen != 8) {
1337 if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 ||
1338 memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0)
1350 state = ipv6_getstate(ifp);
1354 ap = ipv6_newlinklocal(ifp);
1359 if (ifp->options->options & DHCPCD_SLAACPRIVATE) {
1361 if (ipv6_makestableprivate(&ap->addr,
1362 &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1)
1367 ap->dadcounter = dadcounter;
1369 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8);
1370 switch (ifp->family) {
1372 if (ifp->hwlen == 6) {
1373 ap->addr.s6_addr[ 8] = ifp->hwaddr[0];
1374 ap->addr.s6_addr[ 9] = ifp->hwaddr[1];
1375 ap->addr.s6_addr[10] = ifp->hwaddr[2];
1376 ap->addr.s6_addr[11] = 0xff;
1377 ap->addr.s6_addr[12] = 0xfe;
1378 ap->addr.s6_addr[13] = ifp->hwaddr[3];
1379 ap->addr.s6_addr[14] = ifp->hwaddr[4];
1380 ap->addr.s6_addr[15] = ifp->hwaddr[5];
1381 } else if (ifp->hwlen == 8)
1382 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8);
1391 /* Sanity check: g bit must not indciate "group" */
1392 if (EUI64_GROUP(&ap->addr)) {
1397 EUI64_TO_IFID(&ap->addr);
1400 /* Do we already have this address? */
1401 TAILQ_FOREACH(ap2, &state->addrs, next) {
1402 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) {
1403 if (ap2->addr_flags & IN6_IFF_DUPLICATED) {
1404 if (ifp->options->options &
1405 DHCPCD_SLAACPRIVATE)
1408 goto nextslaacprivate;
1411 errno = EADDRNOTAVAIL;
1415 logwarnx("%s: waiting for %s to complete",
1416 ap2->iface->name, ap2->saddr);
1423 inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr));
1424 TAILQ_INSERT_TAIL(&state->addrs, ap, next);
1425 ipv6_addaddr(ap, NULL);
1430 ipv6_tryaddlinklocal(struct interface *ifp)
1432 struct ipv6_addr *ia;
1434 /* We can't assign a link-locak address to this,
1435 * the ppp process has to. */
1436 if (ifp->flags & IFF_POINTOPOINT)
1439 ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED);
1441 #ifdef IPV6_POLLADDRFLAG
1442 if (ia->addr_flags & IN6_IFF_TENTATIVE) {
1445 ms_to_ts(&tv, RETRANS_TIMER / 2);
1446 eloop_timeout_add_tv(
1447 ia->iface->ctx->eloop,
1448 &tv, ipv6_checkaddrflags, ia);
1453 if (!CAN_ADD_LLADDR(ifp))
1456 return ipv6_addlinklocal(ifp);
1460 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr,
1461 uint8_t prefix_len, unsigned int flags)
1463 struct ipv6_addr *ia;
1464 char buf[INET6_ADDRSTRLEN];
1469 /* If adding a new DHCP / RA derived address, check current flags
1470 * from an existing address. */
1471 ia = ipv6_iffindaddr(ifp, addr, 0);
1473 addr_flags = ia->addr_flags;
1475 addr_flags = IN6_IFF_TENTATIVE;
1477 ia = calloc(1, sizeof(*ia));
1482 ia->flags = IPV6_AF_NEW | flags;
1483 ia->addr_flags = addr_flags;
1484 ia->prefix_len = prefix_len;
1487 #ifdef IPV6_AF_TEMPORARY
1488 tempaddr = ia->flags & IPV6_AF_TEMPORARY;
1493 if (ia->flags & IPV6_AF_AUTOCONF && !tempaddr) {
1495 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp,
1498 if (ia->dadcounter == -1)
1500 } else if (ia->flags & IPV6_AF_RAPFX) {
1503 } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX) &&
1507 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf));
1511 if (ipv6_makeprefix(&ia->prefix,
1512 &ia->addr, ia->prefix_len) == -1)
1516 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf));
1520 snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len);
1531 ipv6_staticdadcallback(void *arg)
1533 struct ipv6_addr *ia = arg;
1536 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED);
1537 ia->flags |= IPV6_AF_DADCOMPLETED;
1538 if (ia->flags & IPV6_AF_DUPLICATED)
1539 logwarnx("%s: DAD detected %s", ia->iface->name,
1541 else if (!wascompleted) {
1542 logdebugx("%s: IPv6 static DAD completed",
1546 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1547 if (!wascompleted) {
1548 struct interface *ifp;
1549 struct ipv6_state *state;
1552 state = IPV6_STATE(ifp);
1553 TAILQ_FOREACH(ia, &state->addrs, next) {
1554 if (ia->flags & IPV6_AF_STATIC &&
1555 (ia->flags & FINISHED) != FINISHED)
1562 script_runreason(ifp, "STATIC6");
1568 ipv6_env(char **env, const char *prefix, const struct interface *ifp)
1572 struct ipv6_addr *ia;
1576 ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6,
1577 IN6_IFF_NOTUSEABLE);
1580 addvar(&ep, prefix, "ip6_address", ia->saddr);
1588 ipv6_staticdadcompleted(const struct interface *ifp)
1590 const struct ipv6_state *state;
1591 const struct ipv6_addr *ia;
1594 if ((state = IPV6_CSTATE(ifp)) == NULL)
1597 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)
1598 TAILQ_FOREACH(ia, &state->addrs, next) {
1599 if ((ia->flags & COMPLETED) == COMPLETED &&
1600 !(ia->addr_flags & IN6_IFF_NOTUSEABLE))
1607 ipv6_startstatic(struct interface *ifp)
1609 struct ipv6_addr *ia;
1612 if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6))
1615 ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0);
1617 (ia->prefix_len != ifp->options->req_prefix_len ||
1618 ia->addr_flags & IN6_IFF_NOTUSEABLE))
1620 ipv6_deleteaddr(ia);
1624 struct ipv6_state *state;
1626 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6,
1627 ifp->options->req_prefix_len, 0);
1630 state = IPV6_STATE(ifp);
1631 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1635 ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK;
1636 ia->prefix_vltime = ND6_INFINITE_LIFETIME;
1637 ia->prefix_pltime = ND6_INFINITE_LIFETIME;
1638 ia->dadcallback = ipv6_staticdadcallback;
1639 ipv6_addaddr(ia, NULL);
1640 if_initrt(ifp->ctx, AF_INET6);
1641 rt_build(ifp->ctx, AF_INET6);
1643 script_runreason(ifp, "STATIC6");
1647 /* Ensure the interface has a link-local address */
1649 ipv6_start(struct interface *ifp)
1651 #ifdef IPV6_POLLADDRFLAG
1652 struct ipv6_state *state;
1654 /* We need to update the address flags. */
1655 if ((state = IPV6_STATE(ifp)) != NULL) {
1656 struct ipv6_addr *ia;
1660 TAILQ_FOREACH(ia, &state->addrs, next) {
1666 flags = if_addrflags6(ia->iface, &ia->addr, alias);
1668 ia->addr_flags = flags;
1673 if (ipv6_tryaddlinklocal(ifp) == -1)
1676 if (IPV6_CSTATE(ifp)) {
1677 /* Regenerate new ids */
1678 if (ip6_use_tempaddr(ifp->name))
1679 ipv6_regentempifid(ifp);
1682 /* Load existing routes */
1683 if_initrt(ifp->ctx, AF_INET6);
1688 ipv6_freedrop(struct interface *ifp, int drop)
1690 struct ipv6_state *state;
1691 struct ll_callback *cb;
1696 if ((state = IPV6_STATE(ifp)) == NULL)
1699 /* If we got here, we can get rid of any LL callbacks. */
1700 while ((cb = TAILQ_FIRST(&state->ll_callbacks))) {
1701 TAILQ_REMOVE(&state->ll_callbacks, cb, next);
1705 ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL);
1707 if (ifp->ctx->ra_routers != NULL) {
1708 if_initrt(ifp->ctx, AF_INET6);
1709 rt_build(ifp->ctx, AF_INET6);
1712 /* Because we need to cache the addresses we don't control,
1713 * we only free the state on when NOT dropping addresses. */
1715 ifp->if_data[IF_DATA_IPV6] = NULL;
1716 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
1721 ipv6_ctxfree(struct dhcpcd_ctx *ctx)
1724 free(ctx->ra_routers);
1729 ipv6_handleifa_addrs(int cmd,
1730 struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid)
1732 struct ipv6_addr *ia, *ian;
1733 uint8_t found, alldadcompleted;
1735 alldadcompleted = 1;
1737 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
1738 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) {
1739 if (ia->flags & IPV6_AF_ADDED &&
1740 !(ia->flags & IPV6_AF_DADCOMPLETED))
1741 alldadcompleted = 0;
1746 if (ia->flags & IPV6_AF_ADDED) {
1747 logwarnx("%s: pid %d deleted address %s",
1748 ia->iface->name, pid, ia->saddr);
1749 ia->flags &= ~IPV6_AF_ADDED;
1751 if (ia->flags & IPV6_AF_DELEGATED) {
1752 TAILQ_REMOVE(addrs, ia, next);
1753 ipv6_deletedaddr(ia);
1758 /* Safety - ignore tentative announcements */
1759 if (addr->addr_flags &
1760 (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE))
1762 if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) {
1764 if (addr->addr_flags & IN6_IFF_DUPLICATED)
1765 ia->flags |= IPV6_AF_DUPLICATED;
1767 ia->flags &= ~IPV6_AF_DUPLICATED;
1768 if (ia->dadcallback)
1769 ia->dadcallback(ia);
1770 /* We need to set this here in-case the
1771 * dadcallback function checks it */
1772 ia->flags |= IPV6_AF_DADCOMPLETED;
1778 return alldadcompleted ? found : 0;
1781 #ifdef IPV6_MANAGETEMPADDR
1782 static const struct ipv6_addr *
1783 ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr)
1785 const struct interface *ifp;
1786 const struct ipv6_state *state;
1787 const struct ipv6_addr *ia;
1789 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
1790 if ((state = IPV6_CSTATE(ifp))) {
1791 TAILQ_FOREACH(ia, &state->addrs, next) {
1792 if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0)
1800 static const uint8_t nullid[8];
1801 static const uint8_t anycastid[8] = {
1802 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 };
1803 static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe };
1806 ipv6_regen_desync(struct interface *ifp, int force)
1808 struct ipv6_state *state;
1811 state = IPV6_STATE(ifp);
1813 /* RFC4941 Section 5 states that DESYNC_FACTOR must never be
1814 * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE.
1815 * I believe this is an error and it should be never be greateter than
1816 * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */
1817 max = ip6_temp_preferred_lifetime(ifp->name) - REGEN_ADVANCE;
1818 if (state->desync_factor && !force && state->desync_factor < max)
1820 if (state->desync_factor == 0)
1821 state->desync_factor =
1822 (time_t)arc4random_uniform(MIN(MAX_DESYNC_FACTOR,
1824 max = ip6_temp_preferred_lifetime(ifp->name) -
1825 state->desync_factor - REGEN_ADVANCE;
1826 eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp);
1830 ipv6_gentempifid(struct interface *ifp)
1832 struct ipv6_state *state;
1834 uint8_t seed[16], digest[16];
1837 if ((state = IPV6_STATE(ifp)) == NULL)
1841 if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) {
1845 memcpy(seed, &r, sizeof(r));
1847 memcpy(seed + sizeof(r), &r, sizeof(r));
1849 memcpy(seed, state->randomseed0, sizeof(state->randomseed0));
1851 memcpy(seed + sizeof(state->randomseed0),
1852 state->randomseed1, sizeof(state->randomseed1));
1856 MD5Update(&md5, seed, sizeof(seed));
1857 MD5Final(digest, &md5);
1859 /* RFC4941 Section 3.2.1.1
1860 * Take the left-most 64bits and set bit 6 to zero */
1861 memcpy(state->randomid, digest, sizeof(state->randomid));
1862 state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT);
1864 /* RFC4941 Section 3.2.1.4
1865 * Reject reserved or existing id's */
1866 if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 ||
1867 (memcmp(anycastid, state->randomid, 7) == 0 &&
1868 (anycastid[7] & state->randomid[7]) == anycastid[7]) ||
1869 memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 ||
1870 ipv6_findaddrid(ifp->ctx, state->randomid))
1872 if (++retry < GEN_TEMPID_RETRY_MAX) {
1873 memcpy(seed, digest + 8, 8);
1876 memset(state->randomid, 0, sizeof(state->randomid));
1879 /* RFC4941 Section 3.2.1.6
1880 * Save the right-most 64bits of the digest */
1881 memcpy(state->randomseed0, digest + 8,
1882 sizeof(state->randomseed0));
1885 /* RFC4941 Section 3.3.7 */
1887 ipv6_tempdadcallback(void *arg)
1889 struct ipv6_addr *ia = arg;
1891 if (ia->flags & IPV6_AF_DUPLICATED) {
1892 struct ipv6_addr *ia1;
1895 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) {
1896 logerrx("%s: too many duplicate temporary addresses",
1900 clock_gettime(CLOCK_MONOTONIC, &tv);
1901 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL)
1904 ia1->dadcounter = ia->dadcounter;
1905 ipv6_deleteaddr(ia);
1907 ipv6_addaddr(ia1, &ia1->acquired);
1912 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now)
1914 struct ipv6_state *state;
1915 const struct ipv6_state *cstate;
1917 struct in6_addr addr, mask;
1919 const struct interface *ifp;
1920 const struct ipv6_addr *ap;
1921 struct ipv6_addr *ia;
1922 uint32_t i, trylimit;
1924 trylimit = TEMP_IDGEN_RETRIES;
1925 state = IPV6_STATE(ia0->iface);
1929 ipv6_mask(&mask, ia0->prefix_len);
1930 /* clear the old ifid */
1931 for (i = 0; i < 4; i++)
1932 addr.s6_addr32[i] &= mask.s6_addr32[i];
1935 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0)
1938 memcpy(state->randomseed1, &ia0->addr.s6_addr[8],
1939 sizeof(state->randomseed1));
1940 ipv6_gentempifid(ia0->iface);
1941 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) {
1946 memcpy(&randid[0], state->randomid, sizeof(randid[0]));
1947 memcpy(&randid[1], state->randomid + sizeof(randid[1]),
1949 addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2];
1950 addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3];
1952 /* Ensure we don't already have it */
1953 TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) {
1954 cstate = IPV6_CSTATE(ifp);
1956 TAILQ_FOREACH(ap, &cstate->addrs, next) {
1957 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) {
1958 if (--trylimit == 0) {
1969 ia = ipv6_newaddr(ia0->iface, &addr, ia0->prefix_len,
1970 IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY);
1971 /* Must be made tentative, for our DaD to work */
1972 ia->addr_flags = IN6_IFF_TENTATIVE;
1973 ia->dadcallback = ipv6_tempdadcallback;
1974 ia->created = ia->acquired = now ? *now : ia0->acquired;
1976 /* Ensure desync is still valid */
1977 ipv6_regen_desync(ia->iface, 0);
1979 /* RFC4941 Section 3.3.4 */
1980 i = (uint32_t)(ip6_temp_preferred_lifetime(ia0->iface->name) -
1981 state->desync_factor);
1982 ia->prefix_pltime = MIN(ia0->prefix_pltime, i);
1983 i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name);
1984 ia->prefix_vltime = MIN(ia0->prefix_vltime, i);
1985 if (ia->prefix_pltime <= REGEN_ADVANCE ||
1986 ia->prefix_pltime > ia0->prefix_vltime)
1993 TAILQ_INSERT_TAIL(&state->addrs, ia, next);
1998 ipv6_settemptime(struct ipv6_addr *ia, int flags)
2000 struct ipv6_state *state;
2001 struct ipv6_addr *ap, *first;
2003 state = IPV6_STATE(ia->iface);
2005 TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) {
2006 if (ap->flags & IPV6_AF_TEMPORARY &&
2007 ap->prefix_pltime &&
2008 IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix))
2013 if (ap->prefix_pltime -
2014 (uint32_t)(ia->acquired.tv_sec -
2015 ap->acquired.tv_sec)
2022 if (!(ap->flags & IPV6_AF_ADDED))
2023 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF;
2024 ap->flags &= ~IPV6_AF_STALE;
2026 /* RFC4941 Section 3.4
2027 * Deprecated prefix, deprecate the temporary address */
2028 if (ia->prefix_pltime == 0) {
2029 ap->prefix_pltime = 0;
2033 /* Ensure desync is still valid */
2034 ipv6_regen_desync(ap->iface, 0);
2036 /* RFC4941 Section 3.3.2
2037 * Extend temporary times, but ensure that they
2038 * never last beyond the system limit. */
2039 ext = ia->acquired.tv_sec + (time_t)ia->prefix_pltime;
2040 max = ap->created.tv_sec +
2041 ip6_temp_preferred_lifetime(ap->iface->name) -
2042 state->desync_factor;
2044 ap->prefix_pltime = ia->prefix_pltime;
2047 (uint32_t)(max - ia->acquired.tv_sec);
2050 ext = ia->acquired.tv_sec + (time_t)ia->prefix_vltime;
2051 max = ap->created.tv_sec +
2052 ip6_temp_valid_lifetime(ap->iface->name);
2054 ap->prefix_vltime = ia->prefix_vltime;
2057 (uint32_t)(max - ia->acquired.tv_sec);
2059 /* Just extend the latest matching prefix */
2060 ap->acquired = ia->acquired;
2062 /* If extending return the last match as
2063 * it's the most current.
2064 * If deprecating, deprecate any other addresses we
2065 * may have, although this should not be needed */
2066 if (ia->prefix_pltime)
2076 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now)
2078 struct ipv6_state *state;
2079 struct ipv6_addr *ia;
2081 state = IPV6_STATE(ifp);
2082 TAILQ_FOREACH(ia, &state->addrs, next) {
2083 if (ia->flags & IPV6_AF_TEMPORARY &&
2084 !(ia->flags & IPV6_AF_STALE))
2085 ipv6_addaddr(ia, now);
2090 ipv6_regentempaddr(void *arg)
2092 struct ipv6_addr *ia = arg, *ia1;
2095 logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr);
2096 clock_gettime(CLOCK_MONOTONIC, &tv);
2097 ia1 = ipv6_createtempaddr(ia, &tv);
2099 ipv6_addaddr(ia1, &tv);
2105 ipv6_regentempifid(void *arg)
2107 struct interface *ifp = arg;
2108 struct ipv6_state *state;
2110 state = IPV6_STATE(ifp);
2111 if (memcmp(state->randomid, nullid, sizeof(state->randomid)))
2112 ipv6_gentempifid(ifp);
2114 ipv6_regen_desync(ifp, 1);
2116 #endif /* IPV6_MANAGETEMPADDR */
2119 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags)
2121 struct ipv6_state *state;
2122 struct ipv6_addr *ia;
2124 state = IPV6_STATE(ifp);
2128 TAILQ_FOREACH(ia, &state->addrs, next) {
2129 if (flags == 0 || ia->flags & flags)
2130 ia->flags |= IPV6_AF_STALE;
2135 ipv6_deletestaleaddrs(struct interface *ifp)
2137 struct ipv6_state *state;
2138 struct ipv6_addr *ia, *ia1;
2140 state = IPV6_STATE(ifp);
2144 TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) {
2145 if (ia->flags & IPV6_AF_STALE)
2146 ipv6_handleifa(ifp->ctx, RTM_DELADDR,
2147 ifp->ctx->ifaces, ifp->name,
2148 &ia->addr, ia->prefix_len, 0, getpid());
2154 inet6_makeroute(struct interface *ifp, const struct ra *rap)
2158 if ((rt = rt_new(ifp)) == NULL)
2161 #ifdef HAVE_ROUTE_METRIC
2162 rt->rt_metric = ifp->metric;
2165 rt->rt_mtu = rap->mtu;
2170 inet6_makeprefix(struct interface *ifp, const struct ra *rap,
2171 const struct ipv6_addr *addr)
2174 struct in6_addr netmask;
2176 if (addr == NULL || addr->prefix_len > 128) {
2181 /* There is no point in trying to manage a /128 prefix,
2182 * ones without a lifetime or ones not on link or delegated */
2183 if (addr->prefix_len == 128 ||
2184 addr->prefix_vltime == 0 ||
2185 !(addr->flags & (IPV6_AF_ONLINK | IPV6_AF_DELEGATEDPFX)))
2188 /* Don't install a reject route when not creating bigger prefixes */
2189 if (addr->flags & IPV6_AF_NOREJECT)
2192 /* This address is the delegated prefix, so add a reject route for
2193 * it via the loopback interface. */
2194 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2195 struct interface *lo0;
2197 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) {
2198 if (lo0->flags & IFF_LOOPBACK)
2202 logwarnx("cannot find a loopback interface "
2208 if ((rt = inet6_makeroute(ifp, rap)) == NULL)
2211 sa_in6_init(&rt->rt_dest, &addr->prefix);
2212 ipv6_mask(&netmask, addr->prefix_len);
2213 sa_in6_init(&rt->rt_netmask, &netmask);
2214 if (addr->flags & IPV6_AF_DELEGATEDPFX) {
2215 rt->rt_flags |= RTF_REJECT;
2216 /* Linux does not like a gateway for a reject route. */
2218 sa_in6_init(&rt->rt_gateway, &in6addr_loopback);
2221 rt->rt_gateway.sa_family = AF_UNSPEC;
2222 sa_in6_init(&rt->rt_ifa, &addr->addr);
2227 inet6_makerouter(struct ra *rap)
2231 if ((rt = inet6_makeroute(rap->iface, rap)) == NULL)
2233 sa_in6_init(&rt->rt_dest, &in6addr_any);
2234 sa_in6_init(&rt->rt_netmask, &in6addr_any);
2235 sa_in6_init(&rt->rt_gateway, &rap->from);
2239 #define RT_IS_DEFAULT(rtp) \
2240 (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) && \
2241 IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any))
2244 inet6_staticroutes(struct rt_head *routes, struct dhcpcd_ctx *ctx)
2246 struct interface *ifp;
2247 struct ipv6_state *state;
2248 struct ipv6_addr *ia;
2251 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2252 if ((state = IPV6_STATE(ifp)) == NULL)
2254 TAILQ_FOREACH(ia, &state->addrs, next) {
2255 if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) ==
2256 (IPV6_AF_ADDED | IPV6_AF_STATIC))
2258 rt = inet6_makeprefix(ifp, NULL, ia);
2260 TAILQ_INSERT_TAIL(routes, rt, rt_next);
2268 inet6_raroutes(struct rt_head *routes, struct dhcpcd_ctx *ctx, int expired,
2273 const struct ipv6_addr *addr;
2275 TAILQ_FOREACH(rap, ctx->ra_routers, next) {
2276 if (rap->expired != expired)
2278 TAILQ_FOREACH(addr, &rap->addrs, next) {
2279 if (addr->prefix_vltime == 0)
2281 rt = inet6_makeprefix(rap->iface, rap, addr);
2283 rt->rt_dflags |= RTDF_RA;
2284 TAILQ_INSERT_TAIL(routes, rt, rt_next);
2287 if (rap->lifetime) {
2288 rt = inet6_makerouter(rap);
2290 rt->rt_dflags |= RTDF_RA;
2291 TAILQ_INSERT_TAIL(routes, rt, rt_next);
2293 *have_default = true;
2301 inet6_dhcproutes(struct rt_head *routes, struct dhcpcd_ctx *ctx,
2304 struct interface *ifp;
2305 const struct dhcp6_state *d6_state;
2306 const struct ipv6_addr *addr;
2309 TAILQ_FOREACH(ifp, ctx->ifaces, next) {
2310 d6_state = D6_CSTATE(ifp);
2311 if (d6_state && d6_state->state == dstate) {
2312 TAILQ_FOREACH(addr, &d6_state->addrs, next) {
2313 rt = inet6_makeprefix(ifp, NULL, addr);
2315 rt->rt_dflags |= RTDF_DHCP;
2316 TAILQ_INSERT_TAIL(routes, rt, rt_next);
2325 inet6_getroutes(struct dhcpcd_ctx *ctx, struct rt_head *routes)
2329 /* Should static take priority? */
2330 if (inet6_staticroutes(routes, ctx) == -1)
2333 /* First add reachable routers and their prefixes */
2334 have_default = false;
2335 if (inet6_raroutes(routes, ctx, 0, &have_default) == -1)
2338 /* We have no way of knowing if prefixes added by DHCP are reachable
2339 * or not, so we have to assume they are.
2340 * Add bound before delegated so we can prefer interfaces better */
2341 if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1)
2343 if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1)
2346 #ifdef HAVE_ROUTE_METRIC
2347 /* If we have an unreachable router, we really do need to remove the
2348 * route to it beause it could be a lower metric than a reachable
2349 * router. Of course, we should at least have some routers if all
2350 * are unreachable. */
2351 if (!have_default) {
2353 /* Add our non-reachable routers and prefixes
2354 * Unsure if this is needed, but it's a close match to kernel
2356 if (inet6_raroutes(routes, ctx, 1, NULL) == -1)
2358 #ifdef HAVE_ROUTE_METRIC