1 /* $KAME: rtsold.c,v 1.67 2003/05/17 18:16:15 itojun Exp $ */
4 * SPDX-License-Identifier: BSD-3-Clause
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include <sys/param.h>
37 #include <sys/capsicum.h>
38 #include <sys/event.h>
39 #include <sys/ioctl.h>
40 #include <sys/socket.h>
43 #include <net/if_dl.h>
45 #include <netinet/in.h>
46 #include <netinet/icmp6.h>
47 #include <netinet/in_var.h>
48 #include <arpa/inet.h>
50 #include <netinet6/nd6.h>
52 #include <capsicum_helpers.h>
66 #include <libcasper.h>
67 #include <casper/cap_syslog.h>
72 #define RTSOL_DUMPFILE "/var/run/rtsold.dump"
74 struct timespec tm_max;
75 static int log_upto = 999;
78 int Fflag = 0; /* force setting sysctl parameters */
83 const char *managedconf_script;
84 const char *otherconf_script;
85 const char *resolvconf_script = "/sbin/resolvconf";
87 cap_channel_t *capllflags, *capscript, *capsendmsg, *capsyslog;
89 /* protocol constants */
90 #define MAX_RTR_SOLICITATION_DELAY 1 /* second */
91 #define RTR_SOLICITATION_INTERVAL 4 /* seconds */
92 #define MAX_RTR_SOLICITATIONS 3 /* times */
95 * implementation dependent constants in seconds
96 * XXX: should be configurable
98 #define PROBE_INTERVAL 60
100 /* static variables and functions */
101 static int mobile_node = 0;
103 static sig_atomic_t do_dump, do_exit;
104 static struct pidfh *pfh;
106 static char **autoifprobe(void);
107 static int ifconfig(char *ifname);
108 static int init_capabilities(void);
109 static int make_packet(struct ifinfo *);
110 static struct timespec *rtsol_check_timer(void);
112 static void set_dumpfile(int);
113 static void set_exit(int);
114 static void usage(const char *progname);
117 main(int argc, char **argv)
119 struct kevent events[2];
122 struct timespec *timeout;
123 const char *opts, *pidfilepath, *progname;
124 int ch, error, kq, once, rcvsock, rtsock;
126 progname = basename(argv[0]);
127 if (strcmp(progname, "rtsold") == 0) {
128 opts = "adDfFm1M:O:p:R:u";
132 opts = "adDFM:O:R:u";
137 while ((ch = getopt(argc, argv, opts)) != -1) {
161 managedconf_script = optarg;
164 otherconf_script = optarg;
167 pidfilepath = optarg;
170 resolvconf_script = optarg;
182 if ((!aflag && argc == 0) || (aflag && argc != 0))
185 /* Generate maximum time in timespec. */
186 tm_max.tv_sec = (-1) & ~((time_t)1 << ((sizeof(tm_max.tv_sec) * 8) - 1));
187 tm_max.tv_nsec = (-1) & ~((long)1 << ((sizeof(tm_max.tv_nsec) * 8) - 1));
191 log_upto = LOG_DEBUG;
195 log_upto = LOG_NOTICE;
197 if (managedconf_script != NULL && *managedconf_script != '/')
198 errx(1, "configuration script (%s) must be an absolute path",
200 if (otherconf_script != NULL && *otherconf_script != '/')
201 errx(1, "configuration script (%s) must be an absolute path",
203 if (*resolvconf_script != '/')
204 errx(1, "configuration script (%s) must be an absolute path",
208 pfh = pidfile_open(pidfilepath, 0644, NULL);
210 errx(1, "failed to open pidfile: %s", strerror(errno));
211 if (daemon(0, 0) != 0)
212 errx(1, "failed to daemonize");
215 if ((error = init_capabilities()) != 0)
216 err(1, "failed to initialize capabilities");
219 cap_openlog(capsyslog, progname, LOG_NDELAY | LOG_PID,
222 (void)cap_setlogmask(capsyslog, LOG_UPTO(log_upto));
223 (void)signal(SIGTERM, set_exit);
224 (void)signal(SIGINT, set_exit);
225 (void)signal(SIGUSR1, set_dumpfile);
226 dumpfp = rtsold_init_dumpfile(RTSOL_DUMPFILE);
232 warnmsg(LOG_ERR, __func__, "failed to create a kqueue: %s",
237 /* Open global sockets and register for read events. */
238 if ((rtsock = rtsock_open()) < 0) {
239 warnmsg(LOG_ERR, __func__, "failed to open routing socket");
242 if ((rcvsock = recvsockopen()) < 0) {
243 warnmsg(LOG_ERR, __func__, "failed to open receive socket");
246 EV_SET(&events[0], rtsock, EVFILT_READ, EV_ADD, 0, 0, NULL);
247 EV_SET(&events[1], rcvsock, EVFILT_READ, EV_ADD, 0, 0, NULL);
248 if (kevent(kq, events, 2, NULL, 0, NULL) < 0) {
249 warnmsg(LOG_ERR, __func__, "kevent(): %s", strerror(errno));
253 /* Probe network interfaces and set up tracking info. */
255 warnmsg(LOG_ERR, __func__, "failed to initialize interfaces");
259 argv = autoifprobe();
260 while (argv && *argv) {
261 if (ifconfig(*argv)) {
262 warnmsg(LOG_ERR, __func__,
263 "failed to initialize %s", *argv);
269 /* Write to our pidfile. */
270 if (pfh != NULL && pidfile_write(pfh) != 0) {
271 warnmsg(LOG_ERR, __func__,
272 "failed to open pidfile: %s", strerror(errno));
276 /* Enter capability mode. */
277 caph_cache_catpages();
278 if (caph_enter_casper() != 0) {
279 warnmsg(LOG_ERR, __func__, "caph_enter(): %s", strerror(errno));
285 /* Handle SIGTERM, SIGINT. */
291 /* Handle SIGUSR1. */
297 timeout = rtsol_check_timer();
300 /* if we have no timeout, we are done (or failed) */
304 /* if all interfaces have got RA packet, we are done */
305 TAILQ_FOREACH(ifi, &ifinfo_head, ifi_next) {
306 if (ifi->state != IFS_DOWN && ifi->racnt == 0)
313 error = kevent(kq, NULL, 0, &events[0], 1, timeout);
315 if (error < 0 && errno != EINTR)
316 warnmsg(LOG_ERR, __func__, "kevent(): %s",
321 if (events[0].ident == (uintptr_t)rtsock)
322 rtsock_input(rtsock);
324 rtsol_input(rcvsock);
331 init_capabilities(void)
334 const char *const scripts[] =
335 { resolvconf_script, managedconf_script, otherconf_script };
336 cap_channel_t *capcasper;
340 capcasper = cap_init();
341 if (capcasper == NULL)
344 capllflags = cap_service_open(capcasper, "rtsold.llflags");
345 if (capllflags == NULL)
348 capscript = cap_service_open(capcasper, "rtsold.script");
349 if (capscript == NULL)
352 for (size_t i = 0; i < nitems(scripts); i++)
353 if (scripts[i] != NULL)
355 limits = nvlist_create(0);
356 nvlist_add_string_array(limits, "scripts", scripts, count);
357 if (cap_limit_set(capscript, limits) != 0)
360 capsendmsg = cap_service_open(capcasper, "rtsold.sendmsg");
361 if (capsendmsg == NULL)
365 capsyslog = cap_service_open(capcasper, "system.syslog");
366 if (capsyslog == NULL)
370 cap_close(capcasper);
371 #endif /* WITH_CASPER */
376 ifconfig(char *ifname)
379 struct sockaddr_dl *sdl;
383 if ((sdl = if_nametosdl(ifname)) == NULL) {
384 warnmsg(LOG_ERR, __func__,
385 "failed to get link layer information for %s", ifname);
388 if (find_ifinfo(sdl->sdl_index)) {
389 warnmsg(LOG_ERR, __func__,
390 "interface %s was already configured", ifname);
395 struct in6_ndireq nd;
398 if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
399 warnmsg(LOG_ERR, __func__, "socket() failed.");
402 memset(&nd, 0, sizeof(nd));
403 strlcpy(nd.ifname, ifname, sizeof(nd.ifname));
404 if (ioctl(s, SIOCGIFINFO_IN6, (caddr_t)&nd) < 0) {
405 warnmsg(LOG_ERR, __func__,
406 "cannot get accept_rtadv flag");
410 nd.ndi.flags |= ND6_IFF_ACCEPT_RTADV;
411 if (ioctl(s, SIOCSIFINFO_IN6, (caddr_t)&nd) < 0) {
412 warnmsg(LOG_ERR, __func__,
413 "cannot set accept_rtadv flag");
420 if ((ifi = malloc(sizeof(*ifi))) == NULL) {
421 warnmsg(LOG_ERR, __func__, "memory allocation failed");
424 memset(ifi, 0, sizeof(*ifi));
426 ifi->ifi_rdnss = IFI_DNSOPT_STATE_NOINFO;
427 ifi->ifi_dnssl = IFI_DNSOPT_STATE_NOINFO;
428 TAILQ_INIT(&ifi->ifi_rainfo);
429 strlcpy(ifi->ifname, ifname, sizeof(ifi->ifname));
431 /* construct a router solicitation message */
432 if (make_packet(ifi))
435 /* set link ID of this interface. */
437 if (inet_zoneid(AF_INET6, 2, ifname, &ifi->linkid))
440 /* XXX: assume interface IDs as link IDs */
441 ifi->linkid = ifi->sdl->sdl_index;
445 * check if the interface is available.
446 * also check if SIOCGIFMEDIA ioctl is OK on the interface.
449 ifi->active = interface_status(ifi);
450 if (!ifi->mediareqok) {
452 * probe routers periodically even if the link status
455 ifi->probeinterval = PROBE_INTERVAL;
458 /* activate interface: interface_up returns 0 on success */
459 flags = interface_up(ifi->ifname);
461 ifi->state = IFS_DELAY;
462 else if (flags == IFS_TENTATIVE)
463 ifi->state = IFS_TENTATIVE;
465 ifi->state = IFS_DOWN;
467 rtsol_timer_update(ifi);
469 TAILQ_INSERT_TAIL(&ifinfo_head, ifi, ifi_next);
479 find_rainfo(struct ifinfo *ifi, struct sockaddr_in6 *sin6)
483 TAILQ_FOREACH(rai, &ifi->ifi_rainfo, rai_next)
484 if (memcmp(&rai->rai_saddr.sin6_addr, &sin6->sin6_addr,
485 sizeof(rai->rai_saddr.sin6_addr)) == 0)
492 find_ifinfo(int ifindex)
496 TAILQ_FOREACH(ifi, &ifinfo_head, ifi_next) {
497 if (ifi->sdl->sdl_index == ifindex)
504 make_packet(struct ifinfo *ifi)
506 size_t packlen = sizeof(struct nd_router_solicit), lladdroptlen = 0;
507 struct nd_router_solicit *rs;
510 if ((lladdroptlen = lladdropt_length(ifi->sdl)) == 0) {
511 warnmsg(LOG_INFO, __func__,
512 "link-layer address option has null length"
513 " on %s. Treat as not included.", ifi->ifname);
515 packlen += lladdroptlen;
516 ifi->rs_datalen = packlen;
518 /* allocate buffer */
519 if ((buf = malloc(packlen)) == NULL) {
520 warnmsg(LOG_ERR, __func__,
521 "memory allocation failed for %s", ifi->ifname);
526 /* fill in the message */
527 rs = (struct nd_router_solicit *)buf;
528 rs->nd_rs_type = ND_ROUTER_SOLICIT;
531 rs->nd_rs_reserved = 0;
534 /* fill in source link-layer address option */
536 lladdropt_fill(ifi->sdl, (struct nd_opt_hdr *)buf);
541 static struct timespec *
542 rtsol_check_timer(void)
544 static struct timespec returnval;
545 struct timespec now, rtsol_timer;
548 struct ra_opt *rao, *raotmp;
551 clock_gettime(CLOCK_MONOTONIC_FAST, &now);
553 rtsol_timer = tm_max;
555 TAILQ_FOREACH(ifi, &ifinfo_head, ifi_next) {
556 if (TS_CMP(&ifi->expire, &now, <=)) {
557 warnmsg(LOG_DEBUG, __func__, "timer expiration on %s, "
558 "state = %d", ifi->ifname, ifi->state);
560 while((rai = TAILQ_FIRST(&ifi->ifi_rainfo)) != NULL) {
561 /* Remove all RA options. */
562 TAILQ_REMOVE(&ifi->ifi_rainfo, rai, rai_next);
563 while ((rao = TAILQ_FIRST(&rai->rai_ra_opt)) !=
565 TAILQ_REMOVE(&rai->rai_ra_opt, rao,
567 if (rao->rao_msg != NULL)
573 switch (ifi->state) {
576 /* interface_up returns 0 on success */
577 flags = interface_up(ifi->ifname);
579 ifi->state = IFS_DELAY;
580 else if (flags == IFS_TENTATIVE)
581 ifi->state = IFS_TENTATIVE;
583 ifi->state = IFS_DOWN;
587 int oldstatus = ifi->active;
590 ifi->active = interface_status(ifi);
592 if (oldstatus != ifi->active) {
593 warnmsg(LOG_DEBUG, __func__,
594 "%s status is changed"
597 oldstatus, ifi->active);
599 ifi->state = IFS_DELAY;
600 } else if (ifi->probeinterval &&
602 ifi->timer.tv_sec) <= 0) {
603 /* probe timer expired */
607 ifi->state = IFS_PROBE;
611 * If we need a probe, clear the previous
612 * status wrt the "managed/other" configuration.
615 ifi->managedconfig = 0;
616 ifi->otherconfig = 0;
618 if (probe && mobile_node) {
619 error = cap_probe_defrouters(capsendmsg,
622 warnmsg(LOG_DEBUG, __func__,
623 "failed to probe routers: %d",
629 ifi->state = IFS_PROBE;
630 (void)cap_rssend(capsendmsg, ifi);
633 if (ifi->probes < MAX_RTR_SOLICITATIONS)
634 (void)cap_rssend(capsendmsg, ifi);
636 warnmsg(LOG_INFO, __func__,
637 "No answer after sending %d RSs",
640 ifi->state = IFS_IDLE;
644 rtsol_timer_update(ifi);
646 /* Expiration check for RA options. */
649 TAILQ_FOREACH(rai, &ifi->ifi_rainfo, rai_next) {
650 TAILQ_FOREACH_SAFE(rao, &rai->rai_ra_opt,
652 warnmsg(LOG_DEBUG, __func__,
653 "RA expiration timer: "
654 "type=%d, msg=%s, expire=%s",
655 rao->rao_type, (char *)rao->rao_msg,
656 sec2str(&rao->rao_expire));
657 if (TS_CMP(&now, &rao->rao_expire,
659 warnmsg(LOG_DEBUG, __func__,
660 "RA expiration timer: "
662 TAILQ_REMOVE(&rai->rai_ra_opt,
664 if (rao->rao_msg != NULL)
674 if (TS_CMP(&ifi->expire, &rtsol_timer, <))
675 rtsol_timer = ifi->expire;
678 if (TS_CMP(&rtsol_timer, &tm_max, ==)) {
679 warnmsg(LOG_DEBUG, __func__, "there is no timer");
681 } else if (TS_CMP(&rtsol_timer, &now, <))
682 /* this may occur when the interval is too small */
683 returnval.tv_sec = returnval.tv_nsec = 0;
685 TS_SUB(&rtsol_timer, &now, &returnval);
687 now.tv_sec += returnval.tv_sec;
688 now.tv_nsec += returnval.tv_nsec;
689 warnmsg(LOG_DEBUG, __func__, "New timer is %s",
696 rtsol_timer_update(struct ifinfo *ifi)
698 #define MILLION 1000000
699 #define DADRETRY 10 /* XXX: adhoc */
703 bzero(&ifi->timer, sizeof(ifi->timer));
705 switch (ifi->state) {
708 if (++ifi->dadcount > DADRETRY) {
710 ifi->timer.tv_sec = PROBE_INTERVAL;
712 ifi->timer.tv_sec = 1;
716 /* XXX should be configurable */
717 ifi->timer.tv_sec = 3;
719 ifi->timer = tm_max; /* stop timer(valid?) */
722 interval = arc4random_uniform(MAX_RTR_SOLICITATION_DELAY * MILLION);
723 ifi->timer.tv_sec = interval / MILLION;
724 ifi->timer.tv_nsec = (interval % MILLION) * 1000;
727 if (ifi->probes < MAX_RTR_SOLICITATIONS)
728 ifi->timer.tv_sec = RTR_SOLICITATION_INTERVAL;
731 * After sending MAX_RTR_SOLICITATIONS solicitations,
732 * we're just waiting for possible replies; there
733 * will be no more solicitation. Thus, we change
734 * the timer value to MAX_RTR_SOLICITATION_DELAY based
735 * on RFC 2461, Section 6.3.7.
737 ifi->timer.tv_sec = MAX_RTR_SOLICITATION_DELAY;
740 warnmsg(LOG_ERR, __func__,
741 "illegal interface state(%d) on %s",
742 ifi->state, ifi->ifname);
746 /* reset the timer */
747 if (TS_CMP(&ifi->timer, &tm_max, ==)) {
748 ifi->expire = tm_max;
749 warnmsg(LOG_DEBUG, __func__,
750 "stop timer for %s", ifi->ifname);
752 clock_gettime(CLOCK_MONOTONIC_FAST, &now);
753 TS_ADD(&now, &ifi->timer, &ifi->expire);
755 now.tv_sec += ifi->timer.tv_sec;
756 now.tv_nsec += ifi->timer.tv_nsec;
757 warnmsg(LOG_DEBUG, __func__, "set timer for %s to %s",
758 ifi->ifname, sec2str(&now));
765 set_dumpfile(int sig __unused)
772 set_exit(int sig __unused)
779 usage(const char *progname)
782 if (strcmp(progname, "rtsold") == 0) {
783 fprintf(stderr, "usage: rtsold [-dDfFm1] [-O script-name] "
784 "[-p pidfile] [-R script-name] interface ...\n");
785 fprintf(stderr, "usage: rtsold [-dDfFm1] [-O script-name] "
786 "[-p pidfile] [-R script-name] -a\n");
788 fprintf(stderr, "usage: rtsol [-dDF] [-O script-name] "
789 "[-p pidfile] [-R script-name] interface ...\n");
790 fprintf(stderr, "usage: rtsol [-dDF] [-O script-name] "
791 "[-p pidfile] [-R script-name] -a\n");
797 warnmsg(int priority, const char *func, const char *msg, ...)
804 if (priority <= log_upto)
807 snprintf(buf, sizeof(buf), "<%s> %s", func, msg);
809 cap_vsyslog(capsyslog, priority, msg, ap);
815 * return a list of interfaces which is suitable to sending an RS.
820 static char **argv = NULL;
824 struct ifaddrs *ifap, *ifa;
825 struct in6_ndireq nd;
836 if (getifaddrs(&ifap) != 0)
839 if (!Fflag && (s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
840 warnmsg(LOG_ERR, __func__, "socket");
844 /* find an ethernet */
845 for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
846 if ((ifa->ifa_flags & IFF_UP) == 0)
848 if ((ifa->ifa_flags & IFF_POINTOPOINT) != 0)
850 if ((ifa->ifa_flags & IFF_LOOPBACK) != 0)
852 if ((ifa->ifa_flags & IFF_MULTICAST) == 0)
855 if (ifa->ifa_addr->sa_family != AF_INET6)
859 for (i = 0; i < n; i++) {
860 if (strcmp(argv[i], ifa->ifa_name) == 0) {
869 * Skip the interfaces which IPv6 and/or accepting RA
873 memset(&nd, 0, sizeof(nd));
874 strlcpy(nd.ifname, ifa->ifa_name, sizeof(nd.ifname));
875 if (ioctl(s, SIOCGIFINFO_IN6, (caddr_t)&nd) < 0) {
876 warnmsg(LOG_ERR, __func__,
877 "ioctl(SIOCGIFINFO_IN6)");
880 if ((nd.ndi.flags & ND6_IFF_IFDISABLED))
882 if (!(nd.ndi.flags & ND6_IFF_ACCEPT_RTADV))
886 /* if we find multiple candidates, just warn. */
887 if (n != 0 && dflag > 1)
888 warnmsg(LOG_WARNING, __func__,
889 "multiple interfaces found");
891 a = realloc(argv, (n + 1) * sizeof(char *));
893 warnmsg(LOG_ERR, __func__, "realloc");
897 argv[n] = strdup(ifa->ifa_name);
899 warnmsg(LOG_ERR, __func__, "malloc");
906 a = realloc(argv, (n + 1) * sizeof(char *));
908 warnmsg(LOG_ERR, __func__, "realloc");
915 for (i = 0; i < n; i++)
916 warnmsg(LOG_WARNING, __func__, "probing %s",
projects / FreeBSD / FreeBSD.git / blob