2 /* $KAME: rtadvd.c,v 1.82 2003/08/05 12:34:23 itojun Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * Copyright (C) 2011 Hiroki Sato <hrs@FreeBSD.org>
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/param.h>
35 #include <sys/ioctl.h>
36 #include <sys/socket.h>
38 #include <sys/queue.h>
40 #include <sys/sysctl.h>
43 #include <net/if_types.h>
44 #include <net/if_media.h>
45 #include <net/if_dl.h>
46 #include <net/route.h>
47 #include <netinet/in.h>
48 #include <netinet/ip6.h>
49 #include <netinet6/ip6_var.h>
50 #include <netinet/icmp6.h>
52 #include <arpa/inet.h>
54 #include <net/if_var.h>
55 #include <netinet/in_var.h>
56 #include <netinet6/nd6.h>
72 #include "pathnames.h"
77 #include "timer_subr.h"
81 #include "control_server.h"
83 #define RTADV_TYPE2BITMASK(type) (0x1 << type)
85 struct msghdr rcvmhdr;
86 static char *rcvcmsgbuf;
87 static size_t rcvcmsgbuflen;
88 static char *sndcmsgbuf = NULL;
89 static size_t sndcmsgbuflen;
90 struct msghdr sndmhdr;
91 struct iovec rcviov[2];
92 struct iovec sndiov[2];
93 struct sockaddr_in6 rcvfrom;
94 static const char *pidfilename = _PATH_RTADVDPID;
95 const char *conffile = _PATH_RTADVDCONF;
96 static struct pidfh *pfh;
97 static int dflag, sflag;
98 static int wait_shutdown;
100 #define PFD_RAWSOCK 0
105 struct railist_head_t railist =
106 TAILQ_HEAD_INITIALIZER(railist);
107 struct ifilist_head_t ifilist =
108 TAILQ_HEAD_INITIALIZER(ifilist);
111 TAILQ_ENTRY(nd_optlist) nol_next;
112 struct nd_opt_hdr *nol_opt;
115 struct nd_opt_hdr *opt_array[9];
117 struct nd_opt_hdr *zero;
118 struct nd_opt_hdr *src_lladdr;
119 struct nd_opt_hdr *tgt_lladdr;
120 struct nd_opt_prefix_info *pi;
121 struct nd_opt_rd_hdr *rh;
122 struct nd_opt_mtu *mtu;
123 TAILQ_HEAD(, nd_optlist) opt_list;
126 #define opt_src_lladdr nd_opt_each.src_lladdr
127 #define opt_tgt_lladdr nd_opt_each.tgt_lladdr
128 #define opt_pi nd_opt_each.pi
129 #define opt_rh nd_opt_each.rh
130 #define opt_mtu nd_opt_each.mtu
131 #define opt_list nd_opt_each.opt_list
133 #define NDOPT_FLAG_SRCLINKADDR (1 << 0)
134 #define NDOPT_FLAG_TGTLINKADDR (1 << 1)
135 #define NDOPT_FLAG_PREFIXINFO (1 << 2)
136 #define NDOPT_FLAG_RDHDR (1 << 3)
137 #define NDOPT_FLAG_MTU (1 << 4)
138 #define NDOPT_FLAG_RDNSS (1 << 5)
139 #define NDOPT_FLAG_DNSSL (1 << 6)
141 static uint32_t ndopt_flags[] = {
142 [ND_OPT_SOURCE_LINKADDR] = NDOPT_FLAG_SRCLINKADDR,
143 [ND_OPT_TARGET_LINKADDR] = NDOPT_FLAG_TGTLINKADDR,
144 [ND_OPT_PREFIX_INFORMATION] = NDOPT_FLAG_PREFIXINFO,
145 [ND_OPT_REDIRECTED_HEADER] = NDOPT_FLAG_RDHDR,
146 [ND_OPT_MTU] = NDOPT_FLAG_MTU,
147 [ND_OPT_RDNSS] = NDOPT_FLAG_RDNSS,
148 [ND_OPT_DNSSL] = NDOPT_FLAG_DNSSL,
151 static void rtadvd_shutdown(void);
152 static void sock_open(struct sockinfo *);
153 static void rtsock_open(struct sockinfo *);
154 static void rtadvd_input(struct sockinfo *);
155 static void rs_input(int, struct nd_router_solicit *,
156 struct in6_pktinfo *, struct sockaddr_in6 *);
157 static void ra_input(int, struct nd_router_advert *,
158 struct in6_pktinfo *, struct sockaddr_in6 *);
159 static int prefix_check(struct nd_opt_prefix_info *, struct rainfo *,
160 struct sockaddr_in6 *);
161 static int nd6_options(struct nd_opt_hdr *, int,
162 union nd_opt *, uint32_t);
163 static void free_ndopts(union nd_opt *);
164 static void rtmsg_input(struct sockinfo *);
165 static void set_short_delay(struct ifinfo *);
166 static int check_accept_rtadv(int);
172 fprintf(stderr, "usage: rtadvd [-dDfRs] "
173 "[-c configfile] [-C ctlsock] [-M ifname] [-p pidfile]\n");
178 main(int argc, char *argv[])
180 struct pollfd set[PFD_MAX];
181 struct timespec *timeout;
183 int fflag = 0, logopt;
187 /* get command line options and arguments */
188 while ((ch = getopt(argc, argv, "c:C:dDfhM:p:Rs")) != -1) {
194 ctrlsock.si_name = optarg;
209 fprintf(stderr, "rtadvd: "
210 "the -R option is currently ignored.\n");
218 pidfilename = optarg;
227 logopt = LOG_NDELAY | LOG_PID;
229 logopt |= LOG_PERROR;
230 openlog("rtadvd", logopt, LOG_DAEMON);
234 (void)setlogmask(LOG_UPTO(LOG_DEBUG));
236 (void)setlogmask(LOG_UPTO(LOG_INFO));
238 (void)setlogmask(LOG_UPTO(LOG_NOTICE));
240 (void)setlogmask(LOG_UPTO(LOG_ERR));
242 /* timer initialization */
245 pfh = pidfile_open(pidfilename, 0600, &otherpid);
248 errx(1, "%s already running, pid: %d",
249 getprogname(), otherpid);
251 "failed to open the pid file %s, run anyway.",
259 update_ifinfo(&ifilist, UPDATE_IFINFO_ALL);
260 for (i = 0; i < argc; i++)
261 update_persist_ifinfo(&ifilist, argv[i]);
263 csock_open(&ctrlsock, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
264 if (ctrlsock.si_fd == -1) {
265 syslog(LOG_ERR, "cannot open control socket: %s",
270 /* record the current PID */
274 set[PFD_RAWSOCK].fd = sock.si_fd;
275 set[PFD_RAWSOCK].events = POLLIN;
277 rtsock_open(&rtsock);
278 set[PFD_RTSOCK].fd = rtsock.si_fd;
279 set[PFD_RTSOCK].events = POLLIN;
281 set[PFD_RTSOCK].fd = -1;
282 set[PFD_CSOCK].fd = ctrlsock.si_fd;
283 set[PFD_CSOCK].events = POLLIN;
284 signal(SIGTERM, set_do_shutdown);
285 signal(SIGINT, set_do_shutdown);
286 signal(SIGHUP, set_do_reload);
288 error = csock_listen(&ctrlsock);
290 syslog(LOG_ERR, "cannot listen control socket: %s",
295 /* load configuration file */
299 if (is_do_shutdown())
302 if (is_do_reload()) {
303 loadconfig_ifname(reload_ifname());
304 if (reload_ifname() == NULL)
306 "configuration file reloaded.");
309 "configuration file for %s reloaded.",
314 /* timeout handler update for active interfaces */
315 rtadvd_update_timeout_handler();
317 /* timer expiration check and reset the timer */
318 timeout = rtadvd_check_timer();
320 if (timeout != NULL) {
322 "<%s> set timer to %ld:%ld. waiting for "
323 "inputs or timeout", __func__,
324 (long int)timeout->tv_sec,
325 (long int)timeout->tv_nsec / 1000);
328 "<%s> there's no timer. waiting for inputs",
331 if ((i = poll(set, sizeof(set)/sizeof(set[0]),
332 timeout ? (timeout->tv_sec * 1000 +
333 timeout->tv_nsec / 1000 / 1000) : INFTIM)) < 0) {
335 /* EINTR would occur if a signal was delivered */
337 syslog(LOG_ERR, "poll() failed: %s",
341 if (i == 0) /* timeout */
343 if (rtsock.si_fd != -1 && set[PFD_RTSOCK].revents & POLLIN)
344 rtmsg_input(&rtsock);
346 if (set[PFD_RAWSOCK].revents & POLLIN)
349 if (set[PFD_CSOCK].revents & POLLIN) {
352 fd = csock_accept(&ctrlsock);
355 "cannot accept() control socket: %s",
358 cm_handler_server(fd);
363 exit(0); /* NOTREACHED */
367 rtadvd_shutdown(void)
376 "waiting expiration of the all RA timers.");
378 TAILQ_FOREACH(ifi, &ifilist, ifi_next) {
380 * Ignore !IFF_UP interfaces in waiting for shutdown.
382 if (!(ifi->ifi_flags & IFF_UP) &&
383 ifi->ifi_ra_timer != NULL) {
384 ifi->ifi_state = IFI_STATE_UNCONFIGURED;
385 rtadvd_remove_timer(ifi->ifi_ra_timer);
386 ifi->ifi_ra_timer = NULL;
387 syslog(LOG_DEBUG, "<%s> %s(idx=%d) is down. "
388 "Timer removed and marked as UNCONFIGURED.",
389 __func__, ifi->ifi_ifname,
393 TAILQ_FOREACH(ifi, &ifilist, ifi_next) {
394 if (ifi->ifi_ra_timer != NULL)
398 syslog(LOG_NOTICE, "gracefully terminated.");
406 syslog(LOG_DEBUG, "<%s> cease to be an advertising router",
411 TAILQ_FOREACH(rai, &railist, rai_next) {
412 rai->rai_lifetime = 0;
413 TAILQ_FOREACH(rdn, &rai->rai_rdnss, rd_next)
415 TAILQ_FOREACH(dns, &rai->rai_dnssl, dn_next)
418 TAILQ_FOREACH(ifi, &ifilist, ifi_next) {
419 if (!ifi->ifi_persist)
421 if (ifi->ifi_state == IFI_STATE_UNCONFIGURED)
423 if (ifi->ifi_ra_timer == NULL)
425 if (ifi->ifi_ra_lastsent.tv_sec == 0 &&
426 ifi->ifi_ra_lastsent.tv_nsec == 0 &&
427 ifi->ifi_ra_timer != NULL) {
429 * When RA configured but never sent,
430 * ignore the IF immediately.
432 rtadvd_remove_timer(ifi->ifi_ra_timer);
433 ifi->ifi_ra_timer = NULL;
434 ifi->ifi_state = IFI_STATE_UNCONFIGURED;
438 ifi->ifi_state = IFI_STATE_TRANSITIVE;
440 /* Mark as the shut-down state. */
441 ifi->ifi_rainfo_trans = ifi->ifi_rainfo;
442 ifi->ifi_rainfo = NULL;
444 ifi->ifi_burstcount = MAX_FINAL_RTR_ADVERTISEMENTS;
445 ifi->ifi_burstinterval = MIN_DELAY_BETWEEN_RAS;
447 ra_timer_update(ifi, &ifi->ifi_ra_timer->rat_tm);
448 rtadvd_set_timer(&ifi->ifi_ra_timer->rat_tm,
451 syslog(LOG_NOTICE, "final RA transmission started.");
454 csock_close(&ctrlsock);
458 rtmsg_input(struct sockinfo *s)
460 int n, type, ifindex = 0, plen;
462 char msg[2048], *next, *lim;
463 char ifname[IFNAMSIZ];
464 struct if_announcemsghdr *ifan;
465 struct rt_msghdr *rtm;
468 struct in6_addr *addr;
470 char addrbuf[INET6_ADDRSTRLEN];
471 int prefixchange = 0;
474 syslog(LOG_ERR, "<%s> internal error", __func__);
477 n = read(s->si_fd, msg, sizeof(msg));
478 rtm = (struct rt_msghdr *)msg;
479 syslog(LOG_DEBUG, "<%s> received a routing message "
480 "(type = %d, len = %d)", __func__, rtm->rtm_type, n);
482 if (n > rtm->rtm_msglen) {
484 * This usually won't happen for messages received on
488 "<%s> received data length is larger than "
489 "1st routing message len. multiple messages? "
490 "read %d bytes, but 1st msg len = %d",
491 __func__, n, rtm->rtm_msglen);
499 for (next = msg; next < lim; next += len) {
502 next = get_next_msg(next, lim, 0, &len,
503 RTADV_TYPE2BITMASK(RTM_ADD) |
504 RTADV_TYPE2BITMASK(RTM_DELETE) |
505 RTADV_TYPE2BITMASK(RTM_NEWADDR) |
506 RTADV_TYPE2BITMASK(RTM_DELADDR) |
507 RTADV_TYPE2BITMASK(RTM_IFINFO) |
508 RTADV_TYPE2BITMASK(RTM_IFANNOUNCE));
511 type = ((struct rt_msghdr *)next)->rtm_type;
515 ifindex = get_rtm_ifindex(next);
519 ifindex = (int)((struct ifa_msghdr *)next)->ifam_index;
522 ifindex = (int)((struct if_msghdr *)next)->ifm_index;
525 ifan = (struct if_announcemsghdr *)next;
526 switch (ifan->ifan_what) {
532 "<%s:%d> unknown ifan msg (ifan_what=%d)",
533 __func__, __LINE__, ifan->ifan_what);
537 syslog(LOG_DEBUG, "<%s>: if_announcemsg (idx=%d:%d)",
538 __func__, ifan->ifan_index, ifan->ifan_what);
539 switch (ifan->ifan_what) {
542 "interface added (idx=%d)",
544 update_ifinfo(&ifilist, ifan->ifan_index);
545 loadconfig_index(ifan->ifan_index);
549 "interface removed (idx=%d)",
551 rm_ifinfo_index(ifan->ifan_index);
553 /* Clear ifi_ifindex */
554 TAILQ_FOREACH(ifi, &ifilist, ifi_next) {
556 == ifan->ifan_index) {
557 ifi->ifi_ifindex = 0;
561 update_ifinfo(&ifilist, ifan->ifan_index);
566 /* should not reach here */
568 "<%s:%d> unknown rtmsg %d on %s",
569 __func__, __LINE__, type,
570 if_indextoname(ifindex, ifname));
573 ifi = if_indextoifinfo(ifindex);
576 "<%s> ifinfo not found for idx=%d. Why?",
580 rai = ifi->ifi_rainfo;
583 "<%s> route changed on "
584 "non advertising interface(%s)",
585 __func__, ifi->ifi_ifname);
589 oldifflags = ifi->ifi_flags;
590 /* init ifflags because it may have changed */
591 update_ifinfo(&ifilist, ifindex);
596 break; /* we aren't interested in prefixes */
598 addr = get_addr(msg);
599 plen = get_prefixlen(msg);
600 /* sanity check for plen */
601 /* as RFC2373, prefixlen is at least 4 */
602 if (plen < 4 || plen > 127) {
603 syslog(LOG_INFO, "<%s> new interface route's"
604 "plen %d is invalid for a prefix",
608 pfx = find_prefix(rai, addr, plen);
610 if (pfx->pfx_timer) {
612 * If the prefix has been invalidated,
613 * make it available again.
619 "<%s> new prefix(%s/%d) "
621 "but it was already in list",
623 inet_ntop(AF_INET6, addr,
626 plen, ifi->ifi_ifname);
629 make_prefix(rai, ifindex, addr, plen);
636 addr = get_addr(msg);
637 plen = get_prefixlen(msg);
638 /* sanity check for plen */
639 /* as RFC2373, prefixlen is at least 4 */
640 if (plen < 4 || plen > 127) {
642 "<%s> deleted interface route's "
643 "plen %d is invalid for a prefix",
647 pfx = find_prefix(rai, addr, plen);
650 "<%s> prefix(%s/%d) was deleted on %s, "
651 "but it was not in list",
652 __func__, inet_ntop(AF_INET6, addr,
653 (char *)addrbuf, sizeof(addrbuf)),
654 plen, ifi->ifi_ifname);
657 invalidate_prefix(pfx);
665 /* should not reach here */
667 "<%s:%d> unknown rtmsg %d on %s",
668 __func__, __LINE__, type,
669 if_indextoname(ifindex, ifname));
673 /* check if an interface flag is changed */
674 if ((oldifflags & IFF_UP) && /* UP to DOWN */
675 !(ifi->ifi_flags & IFF_UP)) {
677 "<interface %s becomes down. stop timer.",
679 rtadvd_remove_timer(ifi->ifi_ra_timer);
680 ifi->ifi_ra_timer = NULL;
681 } else if (!(oldifflags & IFF_UP) && /* DOWN to UP */
682 (ifi->ifi_flags & IFF_UP)) {
684 "interface %s becomes up. restart timer.",
687 ifi->ifi_state = IFI_STATE_TRANSITIVE;
688 ifi->ifi_burstcount =
689 MAX_INITIAL_RTR_ADVERTISEMENTS;
690 ifi->ifi_burstinterval =
691 MAX_INITIAL_RTR_ADVERT_INTERVAL;
693 ifi->ifi_ra_timer = rtadvd_add_timer(ra_timeout,
694 ra_timer_update, ifi, ifi);
695 ra_timer_update(ifi, &ifi->ifi_ra_timer->rat_tm);
696 rtadvd_set_timer(&ifi->ifi_ra_timer->rat_tm,
698 } else if (prefixchange &&
699 (ifi->ifi_flags & IFF_UP)) {
701 * An advertised prefix has been added or invalidated.
702 * Will notice the change in a short delay.
704 set_short_delay(ifi);
712 rtadvd_input(struct sockinfo *s)
719 struct icmp6_hdr *icp;
722 struct in6_pktinfo *pi = NULL;
723 char ntopbuf[INET6_ADDRSTRLEN], ifnamebuf[IFNAMSIZ];
724 struct in6_addr dst = in6addr_any;
727 syslog(LOG_DEBUG, "<%s> enter", __func__);
730 syslog(LOG_ERR, "<%s> internal error", __func__);
734 * Get message. We reset msg_controllen since the field could
735 * be modified if we had received a message before setting
738 rcvmhdr.msg_controllen = rcvcmsgbuflen;
739 if ((i = recvmsg(s->si_fd, &rcvmhdr, 0)) < 0)
742 /* extract optional information via Advanced API */
743 for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(&rcvmhdr);
745 cm = (struct cmsghdr *)CMSG_NXTHDR(&rcvmhdr, cm)) {
746 if (cm->cmsg_level == IPPROTO_IPV6 &&
747 cm->cmsg_type == IPV6_PKTINFO &&
748 cm->cmsg_len == CMSG_LEN(sizeof(struct in6_pktinfo))) {
749 pi = (struct in6_pktinfo *)(CMSG_DATA(cm));
750 ifindex = pi->ipi6_ifindex;
753 if (cm->cmsg_level == IPPROTO_IPV6 &&
754 cm->cmsg_type == IPV6_HOPLIMIT &&
755 cm->cmsg_len == CMSG_LEN(sizeof(int)))
756 hlimp = (int *)CMSG_DATA(cm);
759 syslog(LOG_ERR, "failed to get receiving interface");
763 syslog(LOG_ERR, "failed to get receiving hop limit");
768 * If we happen to receive data on an interface which is now gone
769 * or down, just discard the data.
771 ifi = if_indextoifinfo(pi->ipi6_ifindex);
772 if (ifi == NULL || !(ifi->ifi_flags & IFF_UP)) {
774 "<%s> received data on a disabled interface (%s)",
776 (ifi == NULL) ? "[gone]" : ifi->ifi_ifname);
781 if ((size_t)i < sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)) {
783 "packet size(%d) is too short", i);
787 ip = (struct ip6_hdr *)rcvmhdr.msg_iov[0].iov_base;
788 icp = (struct icmp6_hdr *)(ip + 1); /* XXX: ext. hdr? */
790 if ((size_t)i < sizeof(struct icmp6_hdr)) {
791 syslog(LOG_ERR, "packet size(%zd) is too short", i);
795 icp = (struct icmp6_hdr *)rcvmhdr.msg_iov[0].iov_base;
798 switch (icp->icmp6_type) {
799 case ND_ROUTER_SOLICIT:
801 * Message verification - RFC 4861 6.1.1
802 * XXX: these checks must be done in the kernel as well,
803 * but we can't completely rely on them.
807 "RS with invalid hop limit(%d) "
808 "received from %s on %s",
810 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf,
812 if_indextoname(pi->ipi6_ifindex, ifnamebuf));
815 if (icp->icmp6_code) {
817 "RS with invalid ICMP6 code(%d) "
818 "received from %s on %s",
820 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf,
822 if_indextoname(pi->ipi6_ifindex, ifnamebuf));
825 if ((size_t)i < sizeof(struct nd_router_solicit)) {
827 "RS from %s on %s does not have enough "
828 "length (len = %zd)",
829 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf,
831 if_indextoname(pi->ipi6_ifindex, ifnamebuf), i);
834 rs_input(i, (struct nd_router_solicit *)icp, pi, &rcvfrom);
836 case ND_ROUTER_ADVERT:
838 * Message verification - RFC 4861 6.1.2
839 * XXX: there's the same dilemma as above...
841 if (!IN6_IS_ADDR_LINKLOCAL(&rcvfrom.sin6_addr)) {
843 "RA with non-linklocal source address "
844 "received from %s on %s",
845 inet_ntop(AF_INET6, &rcvfrom.sin6_addr,
846 ntopbuf, sizeof(ntopbuf)),
847 if_indextoname(pi->ipi6_ifindex, ifnamebuf));
852 "RA with invalid hop limit(%d) "
853 "received from %s on %s",
855 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf,
857 if_indextoname(pi->ipi6_ifindex, ifnamebuf));
860 if (icp->icmp6_code) {
862 "RA with invalid ICMP6 code(%d) "
863 "received from %s on %s",
865 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf,
867 if_indextoname(pi->ipi6_ifindex, ifnamebuf));
870 if ((size_t)i < sizeof(struct nd_router_advert)) {
872 "RA from %s on %s does not have enough "
873 "length (len = %zd)",
874 inet_ntop(AF_INET6, &rcvfrom.sin6_addr, ntopbuf,
876 if_indextoname(pi->ipi6_ifindex, ifnamebuf), i);
879 ra_input(i, (struct nd_router_advert *)icp, pi, &rcvfrom);
881 case ICMP6_ROUTER_RENUMBERING:
882 if (mcastif == NULL) {
883 syslog(LOG_ERR, "received a router renumbering "
884 "message, but not allowed to be accepted");
887 rr_input(i, (struct icmp6_router_renum *)icp, pi, &rcvfrom,
892 * Note that this case is POSSIBLE, especially just
893 * after invocation of the daemon. This is because we
894 * could receive message after opening the socket and
895 * before setting ICMP6 type filter(see sock_open()).
897 syslog(LOG_ERR, "invalid icmp type(%d)", icp->icmp6_type);
905 rs_input(int len, struct nd_router_solicit *rs,
906 struct in6_pktinfo *pi, struct sockaddr_in6 *from)
908 char ntopbuf[INET6_ADDRSTRLEN];
909 char ifnamebuf[IFNAMSIZ];
913 struct soliciter *sol;
916 "<%s> RS received from %s on %s",
918 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, sizeof(ntopbuf)),
919 if_indextoname(pi->ipi6_ifindex, ifnamebuf));
921 /* ND option check */
922 memset(&ndopts, 0, sizeof(ndopts));
923 TAILQ_INIT(&ndopts.opt_list);
924 if (nd6_options((struct nd_opt_hdr *)(rs + 1),
925 len - sizeof(struct nd_router_solicit),
926 &ndopts, NDOPT_FLAG_SRCLINKADDR)) {
928 "<%s> ND option check failed for an RS from %s on %s",
930 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
932 if_indextoname(pi->ipi6_ifindex, ifnamebuf));
937 * If the IP source address is the unspecified address, there
938 * must be no source link-layer address option in the message.
941 if (IN6_IS_ADDR_UNSPECIFIED(&from->sin6_addr) &&
942 ndopts.opt_src_lladdr) {
944 "<%s> RS from unspecified src on %s has a link-layer"
946 __func__, if_indextoname(pi->ipi6_ifindex, ifnamebuf));
950 ifi = if_indextoifinfo(pi->ipi6_ifindex);
953 "<%s> if (idx=%d) not found. Why?",
954 __func__, pi->ipi6_ifindex);
957 rai = ifi->ifi_rainfo;
960 "<%s> RS received on non advertising interface(%s)",
962 if_indextoname(pi->ipi6_ifindex, ifnamebuf));
966 rai->rai_ifinfo->ifi_rsinput++;
969 * Decide whether to send RA according to the rate-limit
973 /* record sockaddr waiting for RA, if possible */
974 sol = (struct soliciter *)malloc(sizeof(*sol));
976 sol->sol_addr = *from;
977 /* XXX RFC 2553 need clarification on flowinfo */
978 sol->sol_addr.sin6_flowinfo = 0;
979 TAILQ_INSERT_TAIL(&rai->rai_soliciter, sol, sol_next);
983 * If there is already a waiting RS packet, don't
986 if (ifi->ifi_rs_waitcount++)
989 set_short_delay(ifi);
992 free_ndopts(&ndopts);
997 set_short_delay(struct ifinfo *ifi)
999 long delay; /* must not be greater than 1000000 */
1000 struct timespec interval, now, min_delay, tm_tmp, *rest;
1002 if (ifi->ifi_ra_timer == NULL)
1005 * Compute a random delay. If the computed value
1006 * corresponds to a time later than the time the next
1007 * multicast RA is scheduled to be sent, ignore the random
1008 * delay and send the advertisement at the
1009 * already-scheduled time. RFC 4861 6.2.6
1011 delay = arc4random_uniform(MAX_RA_DELAY_TIME);
1012 interval.tv_sec = 0;
1013 interval.tv_nsec = delay * 1000;
1014 rest = rtadvd_timer_rest(ifi->ifi_ra_timer);
1015 if (TS_CMP(rest, &interval, <)) {
1016 syslog(LOG_DEBUG, "<%s> random delay is larger than "
1017 "the rest of the current timer", __func__);
1022 * If we sent a multicast Router Advertisement within
1023 * the last MIN_DELAY_BETWEEN_RAS seconds, schedule
1024 * the advertisement to be sent at a time corresponding to
1025 * MIN_DELAY_BETWEEN_RAS plus the random value after the
1026 * previous advertisement was sent.
1028 clock_gettime(CLOCK_MONOTONIC_FAST, &now);
1029 TS_SUB(&now, &ifi->ifi_ra_lastsent, &tm_tmp);
1030 min_delay.tv_sec = MIN_DELAY_BETWEEN_RAS;
1031 min_delay.tv_nsec = 0;
1032 if (TS_CMP(&tm_tmp, &min_delay, <)) {
1033 TS_SUB(&min_delay, &tm_tmp, &min_delay);
1034 TS_ADD(&min_delay, &interval, &interval);
1036 rtadvd_set_timer(&interval, ifi->ifi_ra_timer);
1040 check_accept_rtadv(int idx)
1044 TAILQ_FOREACH(ifi, &ifilist, ifi_next) {
1045 if (ifi->ifi_ifindex == idx)
1050 "<%s> if (idx=%d) not found. Why?",
1054 #if (__FreeBSD_version < 900000)
1056 * RA_RECV: !ip6.forwarding && ip6.accept_rtadv
1057 * RA_SEND: ip6.forwarding
1059 return ((getinet6sysctl(IPV6CTL_FORWARDING) == 0) &&
1060 (getinet6sysctl(IPV6CTL_ACCEPT_RTADV) == 1));
1063 * RA_RECV: ND6_IFF_ACCEPT_RTADV
1064 * RA_SEND: ip6.forwarding
1066 if (update_ifinfo_nd_flags(ifi) != 0) {
1067 syslog(LOG_ERR, "cannot get nd6 flags (idx=%d)", idx);
1071 return (ifi->ifi_nd_flags & ND6_IFF_ACCEPT_RTADV);
1076 ra_input(int len, struct nd_router_advert *nra,
1077 struct in6_pktinfo *pi, struct sockaddr_in6 *from)
1081 char ntopbuf[INET6_ADDRSTRLEN];
1082 char ifnamebuf[IFNAMSIZ];
1083 union nd_opt ndopts;
1084 const char *on_off[] = {"OFF", "ON"};
1085 uint32_t reachabletime, retranstimer, mtu;
1086 int inconsistent = 0;
1089 syslog(LOG_DEBUG, "<%s> RA received from %s on %s", __func__,
1090 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, sizeof(ntopbuf)),
1091 if_indextoname(pi->ipi6_ifindex, ifnamebuf));
1093 /* ND option check */
1094 memset(&ndopts, 0, sizeof(ndopts));
1095 TAILQ_INIT(&ndopts.opt_list);
1096 error = nd6_options((struct nd_opt_hdr *)(nra + 1),
1097 len - sizeof(struct nd_router_advert), &ndopts,
1098 NDOPT_FLAG_SRCLINKADDR | NDOPT_FLAG_PREFIXINFO | NDOPT_FLAG_MTU |
1099 NDOPT_FLAG_RDNSS | NDOPT_FLAG_DNSSL);
1102 "<%s> ND option check failed for an RA from %s on %s",
1104 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1105 sizeof(ntopbuf)), if_indextoname(pi->ipi6_ifindex,
1111 * RA consistency check according to RFC 4861 6.2.7
1113 ifi = if_indextoifinfo(pi->ipi6_ifindex);
1114 if (ifi->ifi_rainfo == NULL) {
1116 "<%s> received RA from %s on non-advertising"
1119 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1120 sizeof(ntopbuf)), if_indextoname(pi->ipi6_ifindex,
1124 rai = ifi->ifi_rainfo;
1126 syslog(LOG_DEBUG, "<%s> ifi->ifi_rainput = %" PRIu64, __func__,
1129 /* Cur Hop Limit value */
1130 if (nra->nd_ra_curhoplimit && rai->rai_hoplimit &&
1131 nra->nd_ra_curhoplimit != rai->rai_hoplimit) {
1133 "CurHopLimit inconsistent on %s:"
1134 " %d from %s, %d from us",
1135 ifi->ifi_ifname, nra->nd_ra_curhoplimit,
1136 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1137 sizeof(ntopbuf)), rai->rai_hoplimit);
1141 if ((nra->nd_ra_flags_reserved & ND_RA_FLAG_MANAGED) !=
1142 rai->rai_managedflg) {
1144 "M flag inconsistent on %s:"
1145 " %s from %s, %s from us",
1146 ifi->ifi_ifname, on_off[!rai->rai_managedflg],
1147 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1148 sizeof(ntopbuf)), on_off[rai->rai_managedflg]);
1152 if ((nra->nd_ra_flags_reserved & ND_RA_FLAG_OTHER) !=
1153 rai->rai_otherflg) {
1155 "O flag inconsistent on %s:"
1156 " %s from %s, %s from us",
1157 ifi->ifi_ifname, on_off[!rai->rai_otherflg],
1158 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1159 sizeof(ntopbuf)), on_off[rai->rai_otherflg]);
1162 /* Reachable Time */
1163 reachabletime = ntohl(nra->nd_ra_reachable);
1164 if (reachabletime && rai->rai_reachabletime &&
1165 reachabletime != rai->rai_reachabletime) {
1167 "ReachableTime inconsistent on %s:"
1168 " %d from %s, %d from us",
1169 ifi->ifi_ifname, reachabletime,
1170 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1171 sizeof(ntopbuf)), rai->rai_reachabletime);
1175 retranstimer = ntohl(nra->nd_ra_retransmit);
1176 if (retranstimer && rai->rai_retranstimer &&
1177 retranstimer != rai->rai_retranstimer) {
1179 "RetranceTimer inconsistent on %s:"
1180 " %d from %s, %d from us",
1181 ifi->ifi_ifname, retranstimer,
1182 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1183 sizeof(ntopbuf)), rai->rai_retranstimer);
1186 /* Values in the MTU options */
1187 if (ndopts.opt_mtu) {
1188 mtu = ntohl(ndopts.opt_mtu->nd_opt_mtu_mtu);
1189 if (mtu && rai->rai_linkmtu && mtu != rai->rai_linkmtu) {
1191 "MTU option value inconsistent on %s:"
1192 " %d from %s, %d from us",
1193 ifi->ifi_ifname, mtu,
1194 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1195 sizeof(ntopbuf)), rai->rai_linkmtu);
1199 /* Preferred and Valid Lifetimes for prefixes */
1201 struct nd_optlist *nol;
1204 if (prefix_check(ndopts.opt_pi, rai, from))
1207 TAILQ_FOREACH(nol, &ndopts.opt_list, nol_next)
1208 if (prefix_check((struct nd_opt_prefix_info *)nol->nol_opt,
1214 ifi->ifi_rainconsistent++;
1217 free_ndopts(&ndopts);
1222 udiff(uint32_t u, uint32_t v)
1224 return (u >= v ? u - v : v - u);
1227 /* return a non-zero value if the received prefix is inconsitent with ours */
1229 prefix_check(struct nd_opt_prefix_info *pinfo,
1230 struct rainfo *rai, struct sockaddr_in6 *from)
1233 uint32_t preferred_time, valid_time;
1235 int inconsistent = 0;
1236 char ntopbuf[INET6_ADDRSTRLEN];
1237 char prefixbuf[INET6_ADDRSTRLEN];
1238 struct timespec now;
1240 #if 0 /* impossible */
1241 if (pinfo->nd_opt_pi_type != ND_OPT_PREFIX_INFORMATION)
1244 ifi = rai->rai_ifinfo;
1246 * log if the adveritsed prefix has link-local scope(sanity check?)
1248 if (IN6_IS_ADDR_LINKLOCAL(&pinfo->nd_opt_pi_prefix))
1250 "<%s> link-local prefix %s/%d is advertised "
1253 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf,
1255 pinfo->nd_opt_pi_prefix_len,
1256 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1257 sizeof(ntopbuf)), ifi->ifi_ifname);
1259 if ((pfx = find_prefix(rai, &pinfo->nd_opt_pi_prefix,
1260 pinfo->nd_opt_pi_prefix_len)) == NULL) {
1262 "<%s> prefix %s/%d from %s on %s is not in our list",
1264 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf,
1266 pinfo->nd_opt_pi_prefix_len,
1267 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1268 sizeof(ntopbuf)), ifi->ifi_ifname);
1272 preferred_time = ntohl(pinfo->nd_opt_pi_preferred_time);
1273 if (pfx->pfx_pltimeexpire) {
1275 * The lifetime is decremented in real time, so we should
1276 * compare the expiration time.
1277 * (RFC 2461 Section 6.2.7.)
1278 * XXX: can we really expect that all routers on the link
1279 * have synchronized clocks?
1281 clock_gettime(CLOCK_MONOTONIC_FAST, &now);
1282 preferred_time += now.tv_sec;
1284 if (!pfx->pfx_timer && rai->rai_clockskew &&
1285 udiff(preferred_time, pfx->pfx_pltimeexpire) > rai->rai_clockskew) {
1287 "<%s> preferred lifetime for %s/%d"
1288 " (decr. in real time) inconsistent on %s:"
1289 " %" PRIu32 " from %s, %" PRIu32 " from us",
1291 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf,
1293 pinfo->nd_opt_pi_prefix_len,
1294 ifi->ifi_ifname, preferred_time,
1295 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1296 sizeof(ntopbuf)), pfx->pfx_pltimeexpire);
1299 } else if (!pfx->pfx_timer && preferred_time != pfx->pfx_preflifetime)
1301 "<%s> preferred lifetime for %s/%d"
1302 " inconsistent on %s:"
1303 " %d from %s, %d from us",
1305 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf,
1307 pinfo->nd_opt_pi_prefix_len,
1308 ifi->ifi_ifname, preferred_time,
1309 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1310 sizeof(ntopbuf)), pfx->pfx_preflifetime);
1312 valid_time = ntohl(pinfo->nd_opt_pi_valid_time);
1313 if (pfx->pfx_vltimeexpire) {
1314 clock_gettime(CLOCK_MONOTONIC_FAST, &now);
1315 valid_time += now.tv_sec;
1317 if (!pfx->pfx_timer && rai->rai_clockskew &&
1318 udiff(valid_time, pfx->pfx_vltimeexpire) > rai->rai_clockskew) {
1320 "<%s> valid lifetime for %s/%d"
1321 " (decr. in real time) inconsistent on %s:"
1322 " %d from %s, %" PRIu32 " from us",
1324 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf,
1326 pinfo->nd_opt_pi_prefix_len,
1327 ifi->ifi_ifname, preferred_time,
1328 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1329 sizeof(ntopbuf)), pfx->pfx_vltimeexpire);
1332 } else if (!pfx->pfx_timer && valid_time != pfx->pfx_validlifetime) {
1334 "<%s> valid lifetime for %s/%d"
1335 " inconsistent on %s:"
1336 " %d from %s, %d from us",
1338 inet_ntop(AF_INET6, &pinfo->nd_opt_pi_prefix, prefixbuf,
1340 pinfo->nd_opt_pi_prefix_len,
1341 ifi->ifi_ifname, valid_time,
1342 inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
1343 sizeof(ntopbuf)), pfx->pfx_validlifetime);
1347 return (inconsistent);
1351 find_prefix(struct rainfo *rai, struct in6_addr *prefix, int plen)
1354 int bytelen, bitlen;
1357 TAILQ_FOREACH(pfx, &rai->rai_prefix, pfx_next) {
1358 if (plen != pfx->pfx_prefixlen)
1363 bitmask = 0xff << (8 - bitlen);
1365 if (memcmp((void *)prefix, (void *)&pfx->pfx_prefix, bytelen))
1369 ((prefix->s6_addr[bytelen] & bitmask) ==
1370 (pfx->pfx_prefix.s6_addr[bytelen] & bitmask))) {
1378 /* check if p0/plen0 matches p1/plen1; return 1 if matches, otherwise 0. */
1380 prefix_match(struct in6_addr *p0, int plen0,
1381 struct in6_addr *p1, int plen1)
1383 int bytelen, bitlen;
1389 bytelen = plen1 / 8;
1391 bitmask = 0xff << (8 - bitlen);
1393 if (memcmp((void *)p0, (void *)p1, bytelen))
1397 ((p0->s6_addr[bytelen] & bitmask) ==
1398 (p1->s6_addr[bytelen] & bitmask))) {
1406 nd6_options(struct nd_opt_hdr *hdr, int limit,
1407 union nd_opt *ndopts, uint32_t optflags)
1411 for (; limit > 0; limit -= optlen) {
1412 if ((size_t)limit < sizeof(struct nd_opt_hdr)) {
1413 syslog(LOG_INFO, "<%s> short option header", __func__);
1417 hdr = (struct nd_opt_hdr *)((caddr_t)hdr + optlen);
1418 if (hdr->nd_opt_len == 0) {
1420 "<%s> bad ND option length(0) (type = %d)",
1421 __func__, hdr->nd_opt_type);
1424 optlen = hdr->nd_opt_len << 3;
1425 if (optlen > limit) {
1426 syslog(LOG_INFO, "<%s> short option", __func__);
1430 if (hdr->nd_opt_type > ND_OPT_MTU &&
1431 hdr->nd_opt_type != ND_OPT_RDNSS &&
1432 hdr->nd_opt_type != ND_OPT_DNSSL) {
1433 syslog(LOG_INFO, "<%s> unknown ND option(type %d)",
1434 __func__, hdr->nd_opt_type);
1438 if ((ndopt_flags[hdr->nd_opt_type] & optflags) == 0) {
1439 syslog(LOG_INFO, "<%s> unexpected ND option(type %d)",
1440 __func__, hdr->nd_opt_type);
1445 * Option length check. Do it here for all fixed-length
1448 switch (hdr->nd_opt_type) {
1450 if (optlen == sizeof(struct nd_opt_mtu))
1455 (optlen - sizeof(struct nd_opt_rdnss)) % 16 == 0)
1460 (optlen - sizeof(struct nd_opt_dnssl)) % 8 == 0)
1463 case ND_OPT_PREFIX_INFORMATION:
1464 if (optlen == sizeof(struct nd_opt_prefix_info))
1467 syslog(LOG_INFO, "<%s> invalid option length",
1472 switch (hdr->nd_opt_type) {
1473 case ND_OPT_TARGET_LINKADDR:
1474 case ND_OPT_REDIRECTED_HEADER:
1477 break; /* we don't care about these options */
1478 case ND_OPT_SOURCE_LINKADDR:
1480 if (ndopts->opt_array[hdr->nd_opt_type]) {
1482 "<%s> duplicated ND option (type = %d)",
1483 __func__, hdr->nd_opt_type);
1485 ndopts->opt_array[hdr->nd_opt_type] = hdr;
1487 case ND_OPT_PREFIX_INFORMATION:
1489 struct nd_optlist *nol;
1491 if (ndopts->opt_pi == 0) {
1493 (struct nd_opt_prefix_info *)hdr;
1496 nol = malloc(sizeof(*nol));
1498 syslog(LOG_ERR, "<%s> can't allocate memory",
1503 TAILQ_INSERT_TAIL(&(ndopts->opt_list), nol, nol_next);
1507 default: /* impossible */
1515 free_ndopts(ndopts);
1521 free_ndopts(union nd_opt *ndopts)
1523 struct nd_optlist *nol;
1525 while ((nol = TAILQ_FIRST(&ndopts->opt_list)) != NULL) {
1526 TAILQ_REMOVE(&ndopts->opt_list, nol, nol_next);
1532 sock_open(struct sockinfo *s)
1534 struct icmp6_filter filt;
1536 /* XXX: should be max MTU attached to the node */
1537 static char answer[1500];
1539 syslog(LOG_DEBUG, "<%s> enter", __func__);
1542 syslog(LOG_ERR, "<%s> internal error", __func__);
1545 rcvcmsgbuflen = CMSG_SPACE(sizeof(struct in6_pktinfo)) +
1546 CMSG_SPACE(sizeof(int));
1547 rcvcmsgbuf = (char *)malloc(rcvcmsgbuflen);
1548 if (rcvcmsgbuf == NULL) {
1549 syslog(LOG_ERR, "<%s> not enough core", __func__);
1553 sndcmsgbuflen = CMSG_SPACE(sizeof(struct in6_pktinfo)) +
1554 CMSG_SPACE(sizeof(int));
1555 sndcmsgbuf = (char *)malloc(sndcmsgbuflen);
1556 if (sndcmsgbuf == NULL) {
1557 syslog(LOG_ERR, "<%s> not enough core", __func__);
1561 if ((s->si_fd = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) < 0) {
1562 syslog(LOG_ERR, "<%s> socket: %s", __func__, strerror(errno));
1565 /* specify to tell receiving interface */
1567 if (setsockopt(s->si_fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on,
1569 syslog(LOG_ERR, "<%s> IPV6_RECVPKTINFO: %s", __func__,
1574 /* specify to tell value of hoplimit field of received IP6 hdr */
1575 if (setsockopt(s->si_fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &on,
1577 syslog(LOG_ERR, "<%s> IPV6_RECVHOPLIMIT: %s", __func__,
1581 ICMP6_FILTER_SETBLOCKALL(&filt);
1582 ICMP6_FILTER_SETPASS(ND_ROUTER_SOLICIT, &filt);
1583 ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt);
1584 if (mcastif != NULL)
1585 ICMP6_FILTER_SETPASS(ICMP6_ROUTER_RENUMBERING, &filt);
1587 if (setsockopt(s->si_fd, IPPROTO_ICMPV6, ICMP6_FILTER, &filt,
1588 sizeof(filt)) < 0) {
1589 syslog(LOG_ERR, "<%s> IICMP6_FILTER: %s",
1590 __func__, strerror(errno));
1594 /* initialize msghdr for receiving packets */
1595 rcviov[0].iov_base = (caddr_t)answer;
1596 rcviov[0].iov_len = sizeof(answer);
1597 rcvmhdr.msg_name = (caddr_t)&rcvfrom;
1598 rcvmhdr.msg_namelen = sizeof(rcvfrom);
1599 rcvmhdr.msg_iov = rcviov;
1600 rcvmhdr.msg_iovlen = 1;
1601 rcvmhdr.msg_control = (caddr_t) rcvcmsgbuf;
1602 rcvmhdr.msg_controllen = rcvcmsgbuflen;
1604 /* initialize msghdr for sending packets */
1605 sndmhdr.msg_namelen = sizeof(struct sockaddr_in6);
1606 sndmhdr.msg_iov = sndiov;
1607 sndmhdr.msg_iovlen = 1;
1608 sndmhdr.msg_control = (caddr_t)sndcmsgbuf;
1609 sndmhdr.msg_controllen = sndcmsgbuflen;
1614 /* open a routing socket to watch the routing table */
1616 rtsock_open(struct sockinfo *s)
1619 syslog(LOG_ERR, "<%s> internal error", __func__);
1622 if ((s->si_fd = socket(PF_ROUTE, SOCK_RAW, 0)) < 0) {
1624 "<%s> socket: %s", __func__, strerror(errno));
1630 if_indextoifinfo(int idx)
1633 char *name, name0[IFNAMSIZ];
1635 /* Check if the interface has a valid name or not. */
1636 if (if_indextoname(idx, name0) == NULL)
1639 TAILQ_FOREACH(ifi, &ifilist, ifi_next) {
1640 if (ifi->ifi_ifindex == idx)
1645 syslog(LOG_DEBUG, "<%s> ifi found (idx=%d)",
1648 syslog(LOG_DEBUG, "<%s> ifi not found (idx=%d)",
1651 return (NULL); /* search failed */
1655 ra_output(struct ifinfo *ifi)
1659 struct in6_pktinfo *pi;
1660 struct soliciter *sol;
1663 switch (ifi->ifi_state) {
1664 case IFI_STATE_CONFIGURED:
1665 rai = ifi->ifi_rainfo;
1667 case IFI_STATE_TRANSITIVE:
1668 rai = ifi->ifi_rainfo_trans;
1670 case IFI_STATE_UNCONFIGURED:
1671 syslog(LOG_DEBUG, "<%s> %s is unconfigured. "
1672 "Skip sending RAs.",
1673 __func__, ifi->ifi_ifname);
1679 syslog(LOG_DEBUG, "<%s> rainfo is NULL on %s."
1680 "Skip sending RAs.",
1681 __func__, ifi->ifi_ifname);
1684 if (!(ifi->ifi_flags & IFF_UP)) {
1685 syslog(LOG_DEBUG, "<%s> %s is not up. "
1686 "Skip sending RAs.",
1687 __func__, ifi->ifi_ifname);
1691 * Check lifetime, ACCEPT_RTADV flag, and ip6.forwarding.
1693 * (lifetime == 0) = output
1694 * (lifetime != 0 && (check_accept_rtadv()) = no output
1696 * Basically, hosts MUST NOT send Router Advertisement
1697 * messages at any time (RFC 4861, Section 6.2.3). However, it
1698 * would sometimes be useful to allow hosts to advertise some
1699 * parameters such as prefix information and link MTU. Thus,
1700 * we allow hosts to invoke rtadvd only when router lifetime
1701 * (on every advertising interface) is explicitly set
1702 * zero. (see also the above section)
1705 "<%s> check lifetime=%d, ACCEPT_RTADV=%d, ip6.forwarding=%d "
1708 check_accept_rtadv(ifi->ifi_ifindex),
1709 getinet6sysctl(IPV6CTL_FORWARDING),
1712 if (rai->rai_lifetime != 0) {
1713 if (getinet6sysctl(IPV6CTL_FORWARDING) == 0) {
1715 "non-zero lifetime RA "
1716 "but net.inet6.ip6.forwarding=0. "
1720 if (check_accept_rtadv(ifi->ifi_ifindex)) {
1722 "non-zero lifetime RA "
1723 "on RA receiving interface %s."
1724 " Ignored.", ifi->ifi_ifname);
1729 make_packet(rai); /* XXX: inefficient */
1731 sndmhdr.msg_name = (caddr_t)&sin6_linklocal_allnodes;
1732 sndmhdr.msg_iov[0].iov_base = (caddr_t)rai->rai_ra_data;
1733 sndmhdr.msg_iov[0].iov_len = rai->rai_ra_datalen;
1735 cm = CMSG_FIRSTHDR(&sndmhdr);
1736 /* specify the outgoing interface */
1737 cm->cmsg_level = IPPROTO_IPV6;
1738 cm->cmsg_type = IPV6_PKTINFO;
1739 cm->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
1740 pi = (struct in6_pktinfo *)CMSG_DATA(cm);
1741 memset(&pi->ipi6_addr, 0, sizeof(pi->ipi6_addr)); /*XXX*/
1742 pi->ipi6_ifindex = ifi->ifi_ifindex;
1744 /* specify the hop limit of the packet */
1748 cm = CMSG_NXTHDR(&sndmhdr, cm);
1749 cm->cmsg_level = IPPROTO_IPV6;
1750 cm->cmsg_type = IPV6_HOPLIMIT;
1751 cm->cmsg_len = CMSG_LEN(sizeof(int));
1752 memcpy(CMSG_DATA(cm), &hoplimit, sizeof(int));
1756 "<%s> send RA on %s, # of RS waitings = %d",
1757 __func__, ifi->ifi_ifname, ifi->ifi_rs_waitcount);
1759 i = sendmsg(sock.si_fd, &sndmhdr, 0);
1761 if (i < 0 || (size_t)i != rai->rai_ra_datalen) {
1763 syslog(LOG_ERR, "<%s> sendmsg on %s: %s",
1764 __func__, ifi->ifi_ifname,
1770 * unicast advertisements
1771 * XXX commented out. reason: though spec does not forbit it, unicast
1772 * advert does not really help
1774 while ((sol = TAILQ_FIRST(&rai->rai_soliciter)) != NULL) {
1775 TAILQ_REMOVE(&rai->rai_soliciter, sol, sol_next);
1779 /* update timestamp */
1780 clock_gettime(CLOCK_MONOTONIC_FAST, &ifi->ifi_ra_lastsent);
1782 /* update counter */
1783 ifi->ifi_rs_waitcount = 0;
1784 ifi->ifi_raoutput++;
1786 switch (ifi->ifi_state) {
1787 case IFI_STATE_CONFIGURED:
1788 if (ifi->ifi_burstcount > 0)
1789 ifi->ifi_burstcount--;
1791 case IFI_STATE_TRANSITIVE:
1792 ifi->ifi_burstcount--;
1793 if (ifi->ifi_burstcount == 0) {
1794 if (ifi->ifi_rainfo == ifi->ifi_rainfo_trans) {
1795 /* Initial burst finished. */
1796 if (ifi->ifi_rainfo_trans != NULL)
1797 ifi->ifi_rainfo_trans = NULL;
1800 /* Remove burst RA information */
1801 if (ifi->ifi_rainfo_trans != NULL) {
1802 rm_rainfo(ifi->ifi_rainfo_trans);
1803 ifi->ifi_rainfo_trans = NULL;
1806 if (ifi->ifi_rainfo != NULL) {
1808 * TRANSITIVE -> CONFIGURED
1810 * After initial burst or transition from
1811 * one configuration to another,
1812 * ifi_rainfo always points to the next RA
1815 ifi->ifi_state = IFI_STATE_CONFIGURED;
1817 "<%s> ifname=%s marked as "
1818 "CONFIGURED.", __func__,
1822 * TRANSITIVE -> UNCONFIGURED
1824 * If ifi_rainfo points to NULL, this
1825 * interface is shutting down.
1830 ifi->ifi_state = IFI_STATE_UNCONFIGURED;
1832 "<%s> ifname=%s marked as "
1833 "UNCONFIGURED.", __func__,
1835 error = sock_mc_leave(&sock,
1845 /* process RA timer */
1846 struct rtadvd_timer *
1847 ra_timeout(void *arg)
1851 ifi = (struct ifinfo *)arg;
1852 syslog(LOG_DEBUG, "<%s> RA timer on %s is expired",
1853 __func__, ifi->ifi_ifname);
1857 return (ifi->ifi_ra_timer);
1860 /* update RA timer */
1862 ra_timer_update(void *arg, struct timespec *tm)
1868 ifi = (struct ifinfo *)arg;
1869 rai = ifi->ifi_rainfo;
1872 switch (ifi->ifi_state) {
1873 case IFI_STATE_UNCONFIGURED:
1876 case IFI_STATE_CONFIGURED:
1878 * Whenever a multicast advertisement is sent from
1879 * an interface, the timer is reset to a
1880 * uniformly-distributed random value between the
1881 * interface's configured MinRtrAdvInterval and
1882 * MaxRtrAdvInterval (RFC4861 6.2.4).
1884 interval = rai->rai_mininterval;
1885 interval += arc4random_uniform(rai->rai_maxinterval -
1886 rai->rai_mininterval);
1888 case IFI_STATE_TRANSITIVE:
1890 * For the first few advertisements (up to
1891 * MAX_INITIAL_RTR_ADVERTISEMENTS), if the randomly chosen
1892 * interval is greater than
1893 * MAX_INITIAL_RTR_ADVERT_INTERVAL, the timer SHOULD be
1894 * set to MAX_INITIAL_RTR_ADVERT_INTERVAL instead. (RFC
1897 * In such cases, the router SHOULD transmit one or more
1898 * (but not more than MAX_FINAL_RTR_ADVERTISEMENTS) final
1899 * multicast Router Advertisements on the interface with a
1900 * Router Lifetime field of zero. (RFC 4861 6.2.5)
1902 interval = ifi->ifi_burstinterval;
1906 tm->tv_sec = interval;
1910 "<%s> RA timer on %s is set to %ld:%ld",
1911 __func__, ifi->ifi_ifname,
1912 (long int)tm->tv_sec, (long int)tm->tv_nsec / 1000);
projects / FreeBSD / stable / 10.git / blob