blob: 19b58b226388d516463cffc02f27ced8d77fae7b [file] [log] [blame]
Simon Kelleyc5ad4e72012-02-24 16:06:20 +00001/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15*/
16
17
18/* NB. This code may be called during a DHCPv4 transaction which is in ping-wait
19 It therefore cannot use any DHCP buffer resources except outpacket, which is
20 not used by DHCPv4 code. */
21
22#include "dnsmasq.h"
23#include <netinet/icmp6.h>
24
25#ifdef HAVE_DHCP6
26
27struct ra_param {
28 int ind, managed, found_context, first;
29 char *if_name;
30 struct in6_addr link_local;
31};
32
33struct search_param {
34 time_t now; int iface;
35};
36
37static void send_ra(int iface, char *iface_name, struct in6_addr *dest);
38static int add_prefixes(struct in6_addr *local, int prefix,
39 int scope, int if_index, int dad, void *vparam);
40static int iface_search(struct in6_addr *local, int prefix,
41 int scope, int if_index, int dad, void *vparam);
42static int add_lla(int index, unsigned int type, char *mac, size_t maclen, void *parm);
43
Simon Kelleyc5379c12012-02-24 20:05:52 +000044static int hop_limit;
Simon Kelleyc5ad4e72012-02-24 16:06:20 +000045static time_t ra_short_period_start;
46
47void ra_init(time_t now)
48{
49 struct dhcp_context *context;
50 struct icmp6_filter filter;
51 int fd;
52#if defined(IP_TOS) && defined(IPTOS_CLASS_CS6)
53 int class = IPTOS_CLASS_CS6;
54#endif
55 int val = 255; /* radvd uses this value */
Simon Kelleyc5379c12012-02-24 20:05:52 +000056 size_t len = sizeof(int);
Simon Kelleyc5ad4e72012-02-24 16:06:20 +000057
58 ICMP6_FILTER_SETBLOCKALL(&filter);
59 ICMP6_FILTER_SETPASS(ND_ROUTER_SOLICIT, &filter);
60 ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filter);
61
62 if ((fd = socket(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) == -1 ||
Simon Kelleyc5379c12012-02-24 20:05:52 +000063 getsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &hop_limit, &len) ||
Simon Kelleyc5ad4e72012-02-24 16:06:20 +000064#if defined(IP_TOS) && defined(IPTOS_CLASS_CS6)
65 setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &class, sizeof(class)) == -1 ||
66#endif
67 !fix_fd(fd) ||
68 !set_ipv6pktinfo(fd) ||
69 setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &val, sizeof(val)) ||
70 setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &val, sizeof(val)) ||
71 setsockopt(fd, IPPROTO_ICMPV6, ICMP6_FILTER, &filter, sizeof(filter)) == -1)
72 die (_("cannot create ICMPv6 socket: %s"), NULL, EC_BADNET);
73
74 daemon->icmp6fd = fd;
75
76 /* link the DHCP6 contexts to the ra-only ones so we can traverse them all
77 from ->ra_contexts, but only the non-ra-onlies from ->dhcp6 */
78 if (!daemon->ra_contexts)
79 daemon->ra_contexts = daemon->dhcp6;
80 else
81 {
82 for (context = daemon->ra_contexts; context->next; context = context->next);
83 context->next = daemon->dhcp6;
84 }
85
86 if (!daemon->dhcp6)
87 die(_("cannot do router advertisement unless DHCPv6 is enabled"), NULL, EC_BADCONF);
88
89 ra_start_unsolicted(now);
90}
91
92void ra_start_unsolicted(time_t now)
93{
94 struct dhcp_context *context;
95
96 /* init timers so that we do ra's for all soon. some ra_times will end up zeroed
97 if it's not appropriate to advertise those contexts.
98 This gets re-called on a netlink route-change to re-do the advertisement
99 and pick up new interfaces */
100
101 /* range 0 - 5 */
102 for (context = daemon->ra_contexts; context; context = context->next)
103 context->ra_time = now + (rand16()/13000);
104
105 /* re-do ras after a short time, in case the first gets lost.
106 This is reset once that's done. */
107 ra_short_period_start = now;
108}
109
110void icmp6_packet(void)
111{
112 char interface[IF_NAMESIZE+1];
113 ssize_t sz;
114 int if_index = 0;
115 struct cmsghdr *cmptr;
116 struct msghdr msg;
117 union {
118 struct cmsghdr align; /* this ensures alignment */
119 char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
120 } control_u;
121 struct sockaddr_in6 from;
122 unsigned char *p;
123 char *mac = "";
124 struct iname *tmp;
125 struct dhcp_context *context;
126
127 /* Note: use outpacket for input buffer */
128 msg.msg_control = control_u.control6;
129 msg.msg_controllen = sizeof(control_u);
130 msg.msg_flags = 0;
131 msg.msg_name = &from;
132 msg.msg_namelen = sizeof(from);
133 msg.msg_iov = &daemon->outpacket;
134 msg.msg_iovlen = 1;
135
136 if ((sz = recv_dhcp_packet(daemon->icmp6fd, &msg)) == -1 || sz < 8)
137 return;
138
139 for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
140 if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
141 {
142 union {
143 unsigned char *c;
144 struct in6_pktinfo *p;
145 } p;
146 p.c = CMSG_DATA(cmptr);
147
148 if_index = p.p->ipi6_ifindex;
149 }
150
151 if (!indextoname(daemon->icmp6fd, if_index, interface))
152 return;
153
154 if (!iface_check(AF_LOCAL, NULL, interface))
155 return;
156
157 for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
158 if (tmp->name && (strcmp(tmp->name, interface) == 0))
159 return;
160
161 /* weird libvirt-inspired access control */
162 for (context = daemon->dhcp6; context; context = context->next)
163 if (!context->interface || strcmp(context->interface, interface) == 0)
164 break;
165
166 if (!context)
167 return;
168
169 p = (unsigned char *)daemon->outpacket.iov_base;
170
171 if (p[0] != ICMP6_ROUTER_SOLICIT || p[1] != 0)
172 return;
173
174 /* look for link-layer address option for logging */
175 if (sz >= 16 && p[8] == ICMP6_OPT_SOURCE_MAC && (p[9] * 8) + 8 <= sz)
176 {
177 print_mac(daemon->namebuff, &p[10], (p[9] * 8) - 2);
178 mac = daemon->namebuff;
179 }
180
181 my_syslog(MS_DHCP | LOG_INFO, "RTR-SOLICIT(%s) %s", interface, mac);
182
183 send_ra(if_index, interface, &from.sin6_addr);
184}
185
186static void send_ra(int iface, char *iface_name, struct in6_addr *dest)
187{
188 struct ra_packet *ra;
189 struct ra_param parm;
190 struct ifreq ifr;
191 struct sockaddr_in6 addr;
192 struct dhcp_context *context;
193
194 save_counter(0);
195 ra = expand(sizeof(struct ra_packet));
196
197 ra->type = ICMP6_ROUTER_ADVERT;
198 ra->code = 0;
Simon Kelleyc5379c12012-02-24 20:05:52 +0000199 ra->hop_limit = hop_limit;
Simon Kelleyc5ad4e72012-02-24 16:06:20 +0000200 ra->flags = 0;
201 ra->lifetime = htons(1800); /* AdvDefaultLifetime*/
202 ra->reachable_time = 0;
203 ra->retrans_time = 0;
204
205 parm.ind = iface;
206 parm.managed = 0;
207 parm.found_context = 0;
208 parm.if_name = iface_name;
209 parm.first = 1;
210
211 for (context = daemon->ra_contexts; context; context = context->next)
212 context->flags &= ~CONTEXT_RA_DONE;
213
214 if (!iface_enumerate(AF_INET6, &parm, add_prefixes) ||
215 !parm.found_context)
216 return;
217
218 strncpy(ifr.ifr_name, iface_name, IF_NAMESIZE);
219
220 if (ioctl(daemon->icmp6fd, SIOCGIFMTU, &ifr) != -1)
221 {
222 put_opt6_char(ICMP6_OPT_MTU);
223 put_opt6_char(1);
224 put_opt6_short(0);
225 put_opt6_long(ifr.ifr_mtu);
226 }
227
228 iface_enumerate(AF_LOCAL, &iface, add_lla);
229
230 /* RDNSS, RFC 6106 */
231 put_opt6_char(ICMP6_OPT_RDNSS);
232 put_opt6_char(3);
233 put_opt6_short(0);
234 put_opt6_long(1800); /* lifetime - twice RA retransmit */
235 put_opt6(&parm.link_local, IN6ADDRSZ);
236
237
238 /* set managed bits unless we're providing only RA on this link */
239 if (parm.managed)
240 ra->flags = 0xc0;
241
242 /* decide where we're sending */
243 memset(&addr, 0, sizeof(addr));
244 addr.sin6_family = AF_INET6;
245 addr.sin6_port = htons(IPPROTO_ICMPV6);
246 if (dest)
247 {
248 memcpy(&addr.sin6_addr, dest, sizeof(struct in6_addr));
249 if (IN6_IS_ADDR_LINKLOCAL(dest) ||
250 IN6_IS_ADDR_MC_LINKLOCAL(dest))
251 addr.sin6_scope_id = iface;
252 }
253 else
254 inet_pton(AF_INET6, ALL_HOSTS, &addr.sin6_addr);
255
256 send_from(daemon->icmp6fd, 0, daemon->outpacket.iov_base, save_counter(0),
257 (union mysockaddr *)&addr, (struct all_addr *)&parm.link_local, iface);
258
259}
260
261static int add_prefixes(struct in6_addr *local, int prefix,
262 int scope, int if_index, int dad, void *vparam)
263{
264 struct dhcp_context *context, *tmp;
265 struct ra_param *param = vparam;
266 struct prefix_opt *opt;
267
268 (void)scope; /* warning */
269 (void)dad;
270
271 if (if_index == param->ind)
272 {
273 if (IN6_IS_ADDR_LINKLOCAL(local))
274 param->link_local = *local;
275 else if (!IN6_IS_ADDR_LOOPBACK(local) &&
276 !IN6_IS_ADDR_LINKLOCAL(local) &&
277 !IN6_IS_ADDR_MULTICAST(local))
278 {
279 for (context = daemon->ra_contexts; context; context = context->next)
280 if (prefix == context->prefix &&
281 is_same_net6(local, &context->start6, prefix) &&
282 is_same_net6(local, &context->end6, prefix))
283 {
284 if (!(context->flags & CONTEXT_RA_ONLY))
285 param->managed = 1;
286
287 if (context->flags & CONTEXT_RA_DONE)
288 continue;
289
290 /* subsequent prefixes on the same interface don't need timers */
291 if (!param->first)
292 context->ra_time = 0;
293 param->first = 0;
294 param->found_context = 1;
295 context->flags |= CONTEXT_RA_DONE;
296
297 /* mark this subnet and duplicates: as done. */
298 for (tmp = context->next; tmp; tmp = tmp->next)
299 if (tmp->prefix == prefix &&
300 is_same_net6(local, &tmp->start6, prefix) &&
301 is_same_net6(local, &tmp->end6, prefix))
302 {
303 tmp->flags |= CONTEXT_RA_DONE;
304 context->ra_time = 0;
305 }
306
307 if ((opt = expand(sizeof(struct prefix_opt))))
308 {
309 u64 addrpart = addr6part(&context->start6);
310 u64 mask = (prefix == 64) ? (u64)-1LL : (1LLU << (128 - prefix)) - 1LLU;
311 unsigned int time = context->lease_time;
312
313 /* lifetimes must be min 2 hrs, by RFC 2462 */
314 if (time < 7200)
315 time = 7200;
316
317 opt->type = ICMP6_OPT_PREFIX;
318 opt->len = 4;
319 opt->prefix_len = prefix;
320 /* autonomous only is we're not doing dhcp */
321 opt->flags = (context->flags & CONTEXT_RA_ONLY) ? 0xc0 : 0x00;
322 opt->valid_lifetime = opt->preferred_lifetime = htonl(time);
323 opt->reserved = 0;
324
325 opt->prefix = context->start6;
326 setaddr6part(&opt->prefix, addrpart & ~mask);
327
328 inet_ntop(AF_INET6, &opt->prefix, daemon->addrbuff, ADDRSTRLEN);
329 my_syslog(MS_DHCP | LOG_INFO, "RTR-ADVERT(%s) %s", param->if_name, daemon->addrbuff);
330 }
331 }
332 }
333 }
334 return 1;
335}
336
337static int add_lla(int index, unsigned int type, char *mac, size_t maclen, void *parm)
338{
339 (void)type;
340
341 if (index == *((int *)parm))
342 {
343 /* size is in units of 8 octets and includes type and length (2 bytes)
344 add 7 to round up */
345 int len = (maclen + 9) >> 3;
346 unsigned char *p = expand(len << 3);
347 memset(p, 0, len << 3);
348 *p++ = ICMP6_OPT_SOURCE_MAC;
349 *p++ = len;
350 memcpy(p, mac, maclen);
351
352 return 0;
353 }
354
355 return 1;
356}
357
358time_t periodic_ra(time_t now)
359{
360 struct search_param param;
361 struct dhcp_context *context;
362 time_t next_event;
363 char interface[IF_NAMESIZE+1];
364
365 param.now = now;
366
367 while (1)
368 {
369 /* find overdue events, and time of first future event */
370 for (next_event = 0, context = daemon->ra_contexts; context; context = context->next)
371 if (context->ra_time != 0)
372 {
373 if (difftime(context->ra_time, now) < 0.0)
374 break; /* overdue */
375
376 if (next_event == 0 || difftime(next_event, context->ra_time + 2) > 0.0)
377 next_event = context->ra_time + 2;
378 }
379
380 /* none overdue */
381 if (!context)
382 break;
383
384 /* There's a context overdue, but we can't find an interface
385 associated with it, because it's for a subnet we dont
386 have an interface on. Probably we're doing DHCP on
387 a remote subnet via a relay. Zero the timer, since we won't
388 ever be able to send ra's and satistfy it. */
389 if (iface_enumerate(AF_INET6, &param, iface_search))
390 context->ra_time = 0;
391 else if (indextoname(daemon->icmp6fd, param.iface, interface))
392 send_ra(param.iface, interface, NULL);
393 }
394
395 return next_event;
396}
397
398static int iface_search(struct in6_addr *local, int prefix,
399 int scope, int if_index, int dad, void *vparam)
400{
401 struct search_param *param = vparam;
Simon Kelley741c2952012-02-25 13:09:18 +0000402 struct dhcp_context *context;
Simon Kelleyc5ad4e72012-02-24 16:06:20 +0000403
404 (void)scope;
405 (void)dad;
406
407 for (context = daemon->ra_contexts; context; context = context->next)
408 if (prefix == context->prefix &&
409 is_same_net6(local, &context->start6, prefix) &&
410 is_same_net6(local, &context->end6, prefix))
411 if (context->ra_time != 0 && difftime(context->ra_time, param->now) < 0.0)
412 {
413 /* found an interface that's overdue for RA determine new
414 timeout value and zap other contexts on the same interface
415 so they don't timeout independently .*/
416 param->iface = if_index;
417
418 if (difftime(param->now, ra_short_period_start) < 60.0)
419 /* range 5 - 20 */
420 context->ra_time = param->now + 5 + (rand16()/4400);
421 else
422 /* range 450 - 600 */
423 context->ra_time = param->now + 450 + (rand16()/440);
424
425 return 0; /* found, abort */
426 }
427
428 return 1; /* keep searching */
429}
430
431#endif