1 /* $KAME: rtsold.c,v 1.67 2003/05/17 18:16:15 itojun Exp $ */
4 * SPDX-License-Identifier: BSD-3-Clause
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include <sys/param.h>
37 #include <sys/capsicum.h>
38 #include <sys/event.h>
39 #include <sys/ioctl.h>
40 #include <sys/socket.h>
43 #include <net/if_dl.h>
45 #include <netinet/in.h>
46 #include <netinet/icmp6.h>
47 #include <netinet/in_var.h>
48 #include <arpa/inet.h>
50 #include <netinet6/nd6.h>
52 #include <capsicum_helpers.h>
66 #include <libcasper.h>
67 #include <casper/cap_syslog.h>
72 #define RTSOL_DUMPFILE "/var/run/rtsold.dump"
74 struct timespec tm_max;
75 static int log_upto = 999;
78 int Fflag = 0; /* force setting sysctl parameters */
83 const char *managedconf_script;
84 const char *otherconf_script;
85 const char *alwaysconf_script;
86 const char *resolvconf_script = "/sbin/resolvconf";
88 cap_channel_t *capllflags, *capscript, *capsendmsg, *capsyslog;
90 /* protocol constants */
91 #define MAX_RTR_SOLICITATION_DELAY 1 /* second */
92 #define RTR_SOLICITATION_INTERVAL 4 /* seconds */
93 #define MAX_RTR_SOLICITATIONS 3 /* times */
96 * implementation dependent constants in seconds
97 * XXX: should be configurable
99 #define PROBE_INTERVAL 60
101 /* static variables and functions */
102 static int mobile_node = 0;
103 static int no_solicitation_delay = 0;
105 static sig_atomic_t do_dump, do_exit;
106 static struct pidfh *pfh;
108 static char **autoifprobe(void);
109 static int ifconfig(char *ifname);
110 static int init_capabilities(void);
111 static int make_packet(struct ifinfo *);
112 static struct timespec *rtsol_check_timer(void);
114 static void set_dumpfile(int);
115 static void set_exit(int);
116 static void usage(const char *progname);
119 main(int argc, char **argv)
121 struct kevent events[2];
124 struct timespec *timeout;
125 const char *opts, *pidfilepath, *progname;
126 int ch, error, kq, once, rcvsock, rtsock;
128 progname = basename(argv[0]);
129 if (strcmp(progname, "rtsold") == 0) {
130 opts = "adDfFim1M:O:A:p:R:u";
134 opts = "adDFiM:O:A:R:u";
139 while ((ch = getopt(argc, argv, opts)) != -1) {
157 no_solicitation_delay = 1;
166 managedconf_script = optarg;
169 otherconf_script = optarg;
172 alwaysconf_script = optarg;
175 pidfilepath = optarg;
178 resolvconf_script = optarg;
190 if ((!aflag && argc == 0) || (aflag && argc != 0))
193 /* Generate maximum time in timespec. */
194 tm_max.tv_sec = (-1) & ~((time_t)1 << ((sizeof(tm_max.tv_sec) * 8) - 1));
195 tm_max.tv_nsec = (-1) & ~((long)1 << ((sizeof(tm_max.tv_nsec) * 8) - 1));
199 log_upto = LOG_DEBUG;
203 log_upto = LOG_NOTICE;
205 if (managedconf_script != NULL && *managedconf_script != '/')
206 errx(1, "configuration script (%s) must be an absolute path",
208 if (otherconf_script != NULL && *otherconf_script != '/')
209 errx(1, "configuration script (%s) must be an absolute path",
211 if (alwaysconf_script != NULL && *alwaysconf_script != '/')
212 errx(1, "configuration script (%s) must be an absolute path",
214 if (*resolvconf_script != '/')
215 errx(1, "configuration script (%s) must be an absolute path",
219 pfh = pidfile_open(pidfilepath, 0644, NULL);
221 errx(1, "failed to open pidfile: %s", strerror(errno));
222 if (daemon(0, 0) != 0)
223 errx(1, "failed to daemonize");
226 if ((error = init_capabilities()) != 0)
227 err(1, "failed to initialize capabilities");
230 cap_openlog(capsyslog, progname, LOG_NDELAY | LOG_PID,
233 (void)cap_setlogmask(capsyslog, LOG_UPTO(log_upto));
234 (void)signal(SIGTERM, set_exit);
235 (void)signal(SIGINT, set_exit);
236 (void)signal(SIGUSR1, set_dumpfile);
237 dumpfp = rtsold_init_dumpfile(RTSOL_DUMPFILE);
243 warnmsg(LOG_ERR, __func__, "failed to create a kqueue: %s",
248 /* Open global sockets and register for read events. */
249 if ((rtsock = rtsock_open()) < 0) {
250 warnmsg(LOG_ERR, __func__, "failed to open routing socket");
253 if ((rcvsock = recvsockopen()) < 0) {
254 warnmsg(LOG_ERR, __func__, "failed to open receive socket");
257 EV_SET(&events[0], rtsock, EVFILT_READ, EV_ADD, 0, 0, NULL);
258 EV_SET(&events[1], rcvsock, EVFILT_READ, EV_ADD, 0, 0, NULL);
259 if (kevent(kq, events, 2, NULL, 0, NULL) < 0) {
260 warnmsg(LOG_ERR, __func__, "kevent(): %s", strerror(errno));
264 /* Probe network interfaces and set up tracking info. */
266 warnmsg(LOG_ERR, __func__, "failed to initialize interfaces");
270 argv = autoifprobe();
271 while (argv && *argv) {
272 if (ifconfig(*argv)) {
273 warnmsg(LOG_ERR, __func__,
274 "failed to initialize %s", *argv);
280 /* Write to our pidfile. */
281 if (pfh != NULL && pidfile_write(pfh) != 0) {
282 warnmsg(LOG_ERR, __func__,
283 "failed to open pidfile: %s", strerror(errno));
287 /* Enter capability mode. */
288 caph_cache_catpages();
289 if (caph_enter_casper() != 0) {
290 warnmsg(LOG_ERR, __func__, "caph_enter(): %s", strerror(errno));
296 /* Handle SIGTERM, SIGINT. */
302 /* Handle SIGUSR1. */
308 timeout = rtsol_check_timer();
311 /* if we have no timeout, we are done (or failed) */
315 /* if all interfaces have got RA packet, we are done */
316 TAILQ_FOREACH(ifi, &ifinfo_head, ifi_next) {
317 if (ifi->state != IFS_DOWN && ifi->racnt == 0)
324 error = kevent(kq, NULL, 0, &events[0], 1, timeout);
326 if (error < 0 && errno != EINTR)
327 warnmsg(LOG_ERR, __func__, "kevent(): %s",
332 if (events[0].ident == (uintptr_t)rtsock)
333 rtsock_input(rtsock);
335 rtsol_input(rcvsock);
342 init_capabilities(void)
345 const char *const scripts[] =
346 { resolvconf_script, managedconf_script, otherconf_script,
348 cap_channel_t *capcasper;
351 capcasper = cap_init();
352 if (capcasper == NULL)
355 capllflags = cap_service_open(capcasper, "rtsold.llflags");
356 if (capllflags == NULL)
359 capscript = cap_service_open(capcasper, "rtsold.script");
360 if (capscript == NULL)
362 limits = nvlist_create(0);
363 for (size_t i = 0; i < nitems(scripts); i++)
364 if (scripts[i] != NULL)
365 nvlist_append_string_array(limits, "scripts",
367 if (cap_limit_set(capscript, limits) != 0)
370 capsendmsg = cap_service_open(capcasper, "rtsold.sendmsg");
371 if (capsendmsg == NULL)
375 capsyslog = cap_service_open(capcasper, "system.syslog");
376 if (capsyslog == NULL)
380 cap_close(capcasper);
381 #endif /* WITH_CASPER */
386 ifconfig(char *ifname)
389 struct sockaddr_dl *sdl;
393 if ((sdl = if_nametosdl(ifname)) == NULL) {
394 warnmsg(LOG_ERR, __func__,
395 "failed to get link layer information for %s", ifname);
398 if (find_ifinfo(sdl->sdl_index)) {
399 warnmsg(LOG_ERR, __func__,
400 "interface %s was already configured", ifname);
405 struct in6_ndireq nd;
408 if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
409 warnmsg(LOG_ERR, __func__, "socket() failed.");
412 memset(&nd, 0, sizeof(nd));
413 strlcpy(nd.ifname, ifname, sizeof(nd.ifname));
414 if (ioctl(s, SIOCGIFINFO_IN6, (caddr_t)&nd) < 0) {
415 warnmsg(LOG_ERR, __func__,
416 "cannot get accept_rtadv flag");
420 nd.ndi.flags |= ND6_IFF_ACCEPT_RTADV;
421 if (ioctl(s, SIOCSIFINFO_IN6, (caddr_t)&nd) < 0) {
422 warnmsg(LOG_ERR, __func__,
423 "cannot set accept_rtadv flag");
430 if ((ifi = malloc(sizeof(*ifi))) == NULL) {
431 warnmsg(LOG_ERR, __func__, "memory allocation failed");
434 memset(ifi, 0, sizeof(*ifi));
436 ifi->ifi_rdnss = IFI_DNSOPT_STATE_NOINFO;
437 ifi->ifi_dnssl = IFI_DNSOPT_STATE_NOINFO;
438 TAILQ_INIT(&ifi->ifi_rainfo);
439 strlcpy(ifi->ifname, ifname, sizeof(ifi->ifname));
441 /* construct a router solicitation message */
442 if (make_packet(ifi))
445 /* set link ID of this interface. */
447 if (inet_zoneid(AF_INET6, 2, ifname, &ifi->linkid))
450 /* XXX: assume interface IDs as link IDs */
451 ifi->linkid = ifi->sdl->sdl_index;
455 * check if the interface is available.
456 * also check if SIOCGIFMEDIA ioctl is OK on the interface.
459 ifi->active = interface_status(ifi);
460 if (!ifi->mediareqok) {
462 * probe routers periodically even if the link status
465 ifi->probeinterval = PROBE_INTERVAL;
468 /* activate interface: interface_up returns 0 on success */
469 flags = interface_up(ifi->ifname);
471 ifi->state = IFS_DELAY;
472 else if (flags == IFS_TENTATIVE)
473 ifi->state = IFS_TENTATIVE;
475 ifi->state = IFS_DOWN;
477 rtsol_timer_update(ifi);
479 TAILQ_INSERT_TAIL(&ifinfo_head, ifi, ifi_next);
489 find_rainfo(struct ifinfo *ifi, struct sockaddr_in6 *sin6)
493 TAILQ_FOREACH(rai, &ifi->ifi_rainfo, rai_next)
494 if (memcmp(&rai->rai_saddr.sin6_addr, &sin6->sin6_addr,
495 sizeof(rai->rai_saddr.sin6_addr)) == 0)
502 find_ifinfo(int ifindex)
506 TAILQ_FOREACH(ifi, &ifinfo_head, ifi_next) {
507 if (ifi->sdl->sdl_index == ifindex)
514 make_packet(struct ifinfo *ifi)
516 size_t packlen = sizeof(struct nd_router_solicit), lladdroptlen = 0;
517 struct nd_router_solicit *rs;
520 if ((lladdroptlen = lladdropt_length(ifi->sdl)) == 0) {
521 warnmsg(LOG_INFO, __func__,
522 "link-layer address option has null length"
523 " on %s. Treat as not included.", ifi->ifname);
525 packlen += lladdroptlen;
526 ifi->rs_datalen = packlen;
528 /* allocate buffer */
529 if ((buf = malloc(packlen)) == NULL) {
530 warnmsg(LOG_ERR, __func__,
531 "memory allocation failed for %s", ifi->ifname);
536 /* fill in the message */
537 rs = (struct nd_router_solicit *)buf;
538 rs->nd_rs_type = ND_ROUTER_SOLICIT;
541 rs->nd_rs_reserved = 0;
544 /* fill in source link-layer address option */
546 lladdropt_fill(ifi->sdl, (struct nd_opt_hdr *)buf);
551 static struct timespec *
552 rtsol_check_timer(void)
554 static struct timespec returnval;
555 struct timespec now, rtsol_timer;
558 struct ra_opt *rao, *raotmp;
561 clock_gettime(CLOCK_MONOTONIC_FAST, &now);
563 rtsol_timer = tm_max;
565 TAILQ_FOREACH(ifi, &ifinfo_head, ifi_next) {
566 if (TS_CMP(&ifi->expire, &now, <=)) {
567 warnmsg(LOG_DEBUG, __func__, "timer expiration on %s, "
568 "state = %d", ifi->ifname, ifi->state);
570 while((rai = TAILQ_FIRST(&ifi->ifi_rainfo)) != NULL) {
571 /* Remove all RA options. */
572 TAILQ_REMOVE(&ifi->ifi_rainfo, rai, rai_next);
573 while ((rao = TAILQ_FIRST(&rai->rai_ra_opt)) !=
575 TAILQ_REMOVE(&rai->rai_ra_opt, rao,
577 if (rao->rao_msg != NULL)
583 switch (ifi->state) {
586 /* interface_up returns 0 on success */
587 flags = interface_up(ifi->ifname);
589 ifi->state = IFS_DELAY;
590 else if (flags == IFS_TENTATIVE)
591 ifi->state = IFS_TENTATIVE;
593 ifi->state = IFS_DOWN;
597 int oldstatus = ifi->active;
600 ifi->active = interface_status(ifi);
602 if (oldstatus != ifi->active) {
603 warnmsg(LOG_DEBUG, __func__,
604 "%s status is changed"
607 oldstatus, ifi->active);
609 ifi->state = IFS_DELAY;
610 } else if (ifi->probeinterval &&
612 ifi->timer.tv_sec) <= 0) {
613 /* probe timer expired */
617 ifi->state = IFS_PROBE;
621 * If we need a probe, clear the previous
622 * status wrt the "managed/other" configuration.
625 ifi->managedconfig = 0;
626 ifi->otherconfig = 0;
627 ifi->alwaysconfig = 0;
629 if (probe && mobile_node) {
630 error = cap_probe_defrouters(capsendmsg,
633 warnmsg(LOG_DEBUG, __func__,
634 "failed to probe routers: %d",
640 ifi->state = IFS_PROBE;
641 (void)cap_rssend(capsendmsg, ifi);
644 if (ifi->probes < MAX_RTR_SOLICITATIONS)
645 (void)cap_rssend(capsendmsg, ifi);
647 warnmsg(LOG_INFO, __func__,
648 "No answer after sending %d RSs",
651 ifi->state = IFS_IDLE;
655 rtsol_timer_update(ifi);
657 /* Expiration check for RA options. */
660 TAILQ_FOREACH(rai, &ifi->ifi_rainfo, rai_next) {
661 TAILQ_FOREACH_SAFE(rao, &rai->rai_ra_opt,
663 warnmsg(LOG_DEBUG, __func__,
664 "RA expiration timer: "
665 "type=%d, msg=%s, expire=%s",
666 rao->rao_type, (char *)rao->rao_msg,
667 sec2str(&rao->rao_expire));
668 if (TS_CMP(&now, &rao->rao_expire,
670 warnmsg(LOG_DEBUG, __func__,
671 "RA expiration timer: "
673 TAILQ_REMOVE(&rai->rai_ra_opt,
675 if (rao->rao_msg != NULL)
685 if (TS_CMP(&ifi->expire, &rtsol_timer, <))
686 rtsol_timer = ifi->expire;
689 if (TS_CMP(&rtsol_timer, &tm_max, ==)) {
690 warnmsg(LOG_DEBUG, __func__, "there is no timer");
692 } else if (TS_CMP(&rtsol_timer, &now, <))
693 /* this may occur when the interval is too small */
694 returnval.tv_sec = returnval.tv_nsec = 0;
696 TS_SUB(&rtsol_timer, &now, &returnval);
698 now.tv_sec += returnval.tv_sec;
699 now.tv_nsec += returnval.tv_nsec;
700 warnmsg(LOG_DEBUG, __func__, "New timer is %s",
707 rtsol_timer_update(struct ifinfo *ifi)
709 #define MILLION 1000000
710 #define DADRETRY 10 /* XXX: adhoc */
714 bzero(&ifi->timer, sizeof(ifi->timer));
716 switch (ifi->state) {
719 if (++ifi->dadcount > DADRETRY) {
721 ifi->timer.tv_sec = PROBE_INTERVAL;
723 ifi->timer.tv_sec = 1;
727 /* XXX should be configurable */
728 ifi->timer.tv_sec = 3;
730 ifi->timer = tm_max; /* stop timer(valid?) */
733 if (no_solicitation_delay)
736 interval = arc4random_uniform(MAX_RTR_SOLICITATION_DELAY * MILLION);
737 ifi->timer.tv_sec = interval / MILLION;
738 ifi->timer.tv_nsec = (interval % MILLION) * 1000;
741 if (ifi->probes < MAX_RTR_SOLICITATIONS)
742 ifi->timer.tv_sec = RTR_SOLICITATION_INTERVAL;
745 * After sending MAX_RTR_SOLICITATIONS solicitations,
746 * we're just waiting for possible replies; there
747 * will be no more solicitation. Thus, we change
748 * the timer value to MAX_RTR_SOLICITATION_DELAY based
749 * on RFC 2461, Section 6.3.7.
751 ifi->timer.tv_sec = MAX_RTR_SOLICITATION_DELAY;
754 warnmsg(LOG_ERR, __func__,
755 "illegal interface state(%d) on %s",
756 ifi->state, ifi->ifname);
760 /* reset the timer */
761 if (TS_CMP(&ifi->timer, &tm_max, ==)) {
762 ifi->expire = tm_max;
763 warnmsg(LOG_DEBUG, __func__,
764 "stop timer for %s", ifi->ifname);
766 clock_gettime(CLOCK_MONOTONIC_FAST, &now);
767 TS_ADD(&now, &ifi->timer, &ifi->expire);
769 now.tv_sec += ifi->timer.tv_sec;
770 now.tv_nsec += ifi->timer.tv_nsec;
771 warnmsg(LOG_DEBUG, __func__, "set timer for %s to %s",
772 ifi->ifname, sec2str(&now));
779 set_dumpfile(int sig __unused)
786 set_exit(int sig __unused)
793 usage(const char *progname)
796 if (strcmp(progname, "rtsold") == 0) {
797 fprintf(stderr, "usage: rtsold [-dDfFm1] [-O script-name] "
798 "[-M script-name ] [-A script-name ] "
799 "[-p pidfile] [-R script-name] interface ...\n");
800 fprintf(stderr, "usage: rtsold [-dDfFm1] [-O script-name] "
801 "[-M script-name ] [-A script-name ] "
802 "[-p pidfile] [-R script-name] -a\n");
804 fprintf(stderr, "usage: rtsol [-dDF] [-O script-name] "
805 "[-M script-name ] [-A script-name ] "
806 "[-p pidfile] [-R script-name] interface ...\n");
807 fprintf(stderr, "usage: rtsol [-dDF] [-O script-name] "
808 "[-M script-name ] [-A script-name ] "
809 "[-p pidfile] [-R script-name] -a\n");
815 warnmsg(int priority, const char *func, const char *msg, ...)
822 if (priority <= log_upto)
825 snprintf(buf, sizeof(buf), "<%s> %s", func, msg);
827 cap_vsyslog(capsyslog, priority, msg, ap);
833 * return a list of interfaces which is suitable to sending an RS.
838 static char **argv = NULL;
842 struct ifaddrs *ifap, *ifa;
843 struct in6_ndireq nd;
854 if (getifaddrs(&ifap) != 0)
857 if (!Fflag && (s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
858 warnmsg(LOG_ERR, __func__, "socket");
862 /* find an ethernet */
863 for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
864 if ((ifa->ifa_flags & IFF_UP) == 0)
866 if ((ifa->ifa_flags & IFF_LOOPBACK) != 0)
868 if ((ifa->ifa_flags & IFF_MULTICAST) == 0)
871 if (ifa->ifa_addr->sa_family != AF_INET6)
875 for (i = 0; i < n; i++) {
876 if (strcmp(argv[i], ifa->ifa_name) == 0) {
885 * Skip the interfaces which IPv6 and/or accepting RA
889 memset(&nd, 0, sizeof(nd));
890 strlcpy(nd.ifname, ifa->ifa_name, sizeof(nd.ifname));
891 if (ioctl(s, SIOCGIFINFO_IN6, (caddr_t)&nd) < 0) {
892 warnmsg(LOG_ERR, __func__,
893 "ioctl(SIOCGIFINFO_IN6)");
896 if ((nd.ndi.flags & ND6_IFF_IFDISABLED))
898 if (!(nd.ndi.flags & ND6_IFF_ACCEPT_RTADV))
902 /* if we find multiple candidates, just warn. */
903 if (n != 0 && dflag > 1)
904 warnmsg(LOG_WARNING, __func__,
905 "multiple interfaces found");
907 a = realloc(argv, (n + 1) * sizeof(char *));
909 warnmsg(LOG_ERR, __func__, "realloc");
913 argv[n] = strdup(ifa->ifa_name);
915 warnmsg(LOG_ERR, __func__, "malloc");
922 a = realloc(argv, (n + 1) * sizeof(char *));
924 warnmsg(LOG_ERR, __func__, "realloc");
931 for (i = 0; i < n; i++)
932 warnmsg(LOG_WARNING, __func__, "probing %s",