1 /*	$OpenBSD: rtsol.c,v 1.10 2003/10/05 15:29:28 deraadt Exp $	*/
2 /*	$KAME: rtsol.c,v 1.15 2002/05/31 10:10:03 itojun Exp $	*/
3 
4 /*
5  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of the project nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32 
33 #include <sys/param.h>
34 #include <sys/socket.h>
35 #include <sys/uio.h>
36 #include <sys/time.h>
37 #include <sys/queue.h>
38 
39 #include <net/if.h>
40 #include <net/route.h>
41 #include <net/if_dl.h>
42 
43 #include <netinet/in.h>
44 #include <netinet/ip6.h>
45 #include <netinet6/ip6_var.h>
46 #include <netinet/icmp6.h>
47 
48 #include <arpa/inet.h>
49 
50 #include <time.h>
51 #include <unistd.h>
52 #include <stdio.h>
53 #include <err.h>
54 #include <errno.h>
55 #include <string.h>
56 #include <stdlib.h>
57 #include <syslog.h>
58 #include "rtsold.h"
59 
60 __RCSID("$MirOS: src/usr.sbin/rtsold/rtsol.c,v 1.2 2006/11/04 05:57:44 tg Exp $");
61 
62 #define ALLROUTER "ff02::2"
63 
64 static struct msghdr rcvmhdr;
65 static struct msghdr sndmhdr;
66 static struct iovec rcviov[2];
67 static struct iovec sndiov[2];
68 static struct sockaddr_in6 from;
69 
70 int rssock;
71 
72 static struct sockaddr_in6 sin6_allrouters = {sizeof(sin6_allrouters), AF_INET6};
73 
74 int
sockopen(void)75 sockopen(void)
76 {
77 	static u_char *rcvcmsgbuf = NULL, *sndcmsgbuf = NULL;
78 	int rcvcmsglen, sndcmsglen, on;
79 	static u_char answer[1500];
80 	struct icmp6_filter filt;
81 
82 	sndcmsglen = rcvcmsglen = CMSG_SPACE(sizeof(struct in6_pktinfo)) +
83 	    CMSG_SPACE(sizeof(int));
84 	if (rcvcmsgbuf == NULL && (rcvcmsgbuf = malloc(rcvcmsglen)) == NULL) {
85 		warnmsg(LOG_ERR, __func__,
86 		    "malloc for receive msghdr failed");
87 		return(-1);
88 	}
89 	if (sndcmsgbuf == NULL && (sndcmsgbuf = malloc(sndcmsglen)) == NULL) {
90 		warnmsg(LOG_ERR, __func__,
91 		    "malloc for send msghdr failed");
92 		return(-1);
93 	}
94 	memset(&sin6_allrouters, 0, sizeof(struct sockaddr_in6));
95 	sin6_allrouters.sin6_family = AF_INET6;
96 	sin6_allrouters.sin6_len = sizeof(sin6_allrouters);
97 	if (inet_pton(AF_INET6, ALLROUTER,
98 	    &sin6_allrouters.sin6_addr.s6_addr) != 1) {
99 		warnmsg(LOG_ERR, __func__, "inet_pton failed for %s",
100 		    ALLROUTER);
101 		return(-1);
102 	}
103 
104 	if ((rssock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) < 0) {
105 		warnmsg(LOG_ERR, __func__, "socket: %s", strerror(errno));
106 		return(-1);
107 	}
108 
109 	/* specify to tell receiving interface */
110 	on = 1;
111 #ifdef IPV6_RECVPKTINFO
112 	if (setsockopt(rssock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on,
113 	    sizeof(on)) < 0) {
114 		warnmsg(LOG_ERR, __func__, "IPV6_RECVPKTINFO: %s",
115 		    strerror(errno));
116 		exit(1);
117 	}
118 #else  /* old adv. API */
119 	if (setsockopt(rssock, IPPROTO_IPV6, IPV6_PKTINFO, &on,
120 	    sizeof(on)) < 0) {
121 		warnmsg(LOG_ERR, __func__, "IPV6_PKTINFO: %s",
122 		    strerror(errno));
123 		exit(1);
124 	}
125 #endif
126 
127 	on = 1;
128 	/* specify to tell value of hoplimit field of received IP6 hdr */
129 #ifdef IPV6_RECVHOPLIMIT
130 	if (setsockopt(rssock, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &on,
131 	    sizeof(on)) < 0) {
132 		warnmsg(LOG_ERR, __func__, "IPV6_RECVHOPLIMIT: %s",
133 		    strerror(errno));
134 		exit(1);
135 	}
136 #else  /* old adv. API */
137 	if (setsockopt(rssock, IPPROTO_IPV6, IPV6_HOPLIMIT, &on,
138 	    sizeof(on)) < 0) {
139 		warnmsg(LOG_ERR, __func__, "IPV6_HOPLIMIT: %s",
140 		    strerror(errno));
141 		exit(1);
142 	}
143 #endif
144 
145 	/* specfiy to accept only router advertisements on the socket */
146 	ICMP6_FILTER_SETBLOCKALL(&filt);
147 	ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt);
148 	if (setsockopt(rssock, IPPROTO_ICMPV6, ICMP6_FILTER, &filt,
149 	    sizeof(filt)) == -1) {
150 		warnmsg(LOG_ERR, __func__, "setsockopt(ICMP6_FILTER): %s",
151 		    strerror(errno));
152 		return(-1);
153 	}
154 
155 	/* initialize msghdr for receiving packets */
156 	rcviov[0].iov_base = (caddr_t)answer;
157 	rcviov[0].iov_len = sizeof(answer);
158 	rcvmhdr.msg_name = (caddr_t)&from;
159 	rcvmhdr.msg_namelen = sizeof(from);
160 	rcvmhdr.msg_iov = rcviov;
161 	rcvmhdr.msg_iovlen = 1;
162 	rcvmhdr.msg_control = (caddr_t) rcvcmsgbuf;
163 	rcvmhdr.msg_controllen = rcvcmsglen;
164 
165 	/* initialize msghdr for sending packets */
166 	sndmhdr.msg_namelen = sizeof(struct sockaddr_in6);
167 	sndmhdr.msg_iov = sndiov;
168 	sndmhdr.msg_iovlen = 1;
169 	sndmhdr.msg_control = (caddr_t)sndcmsgbuf;
170 	sndmhdr.msg_controllen = sndcmsglen;
171 
172 	return(rssock);
173 }
174 
175 void
sendpacket(struct ifinfo * ifinfo)176 sendpacket(struct ifinfo *ifinfo)
177 {
178 	struct in6_pktinfo *pi;
179 	struct cmsghdr *cm;
180 	int hoplimit = 255;
181 	struct sockaddr_in6 dst;
182 	ssize_t i;
183 
184 	dst = sin6_allrouters;
185 	dst.sin6_scope_id = ifinfo->linkid;
186 
187 	sndmhdr.msg_name = (caddr_t)&dst;
188 	sndmhdr.msg_iov[0].iov_base = (caddr_t)ifinfo->rs_data;
189 	sndmhdr.msg_iov[0].iov_len = ifinfo->rs_datalen;
190 
191 	cm = CMSG_FIRSTHDR(&sndmhdr);
192 	/* specify the outgoing interface */
193 	cm->cmsg_level = IPPROTO_IPV6;
194 	cm->cmsg_type = IPV6_PKTINFO;
195 	cm->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
196 	pi = (struct in6_pktinfo *)CMSG_DATA(cm);
197 	memset(&pi->ipi6_addr, 0, sizeof(pi->ipi6_addr));	/*XXX*/
198 	pi->ipi6_ifindex = ifinfo->sdl->sdl_index;
199 
200 	/* specify the hop limit of the packet */
201 	cm = CMSG_NXTHDR(&sndmhdr, cm);
202 	cm->cmsg_level = IPPROTO_IPV6;
203 	cm->cmsg_type = IPV6_HOPLIMIT;
204 	cm->cmsg_len = CMSG_LEN(sizeof(int));
205 	memcpy(CMSG_DATA(cm), &hoplimit, sizeof(int));
206 
207 	warnmsg(LOG_DEBUG, __func__,
208 	    "send RS on %s, whose state is %d",
209 	    ifinfo->ifname, ifinfo->state);
210 
211 	i = sendmsg(rssock, &sndmhdr, 0);
212 
213 	if (i < 0 || i != ifinfo->rs_datalen) {
214 		/*
215 		 * ENETDOWN is not so serious, especially when using several
216 		 * network cards on a mobile node. We ignore it.
217 		 */
218 		if (errno != ENETDOWN || dflag > 0)
219 			warnmsg(LOG_ERR, __func__, "sendmsg on %s: %s",
220 			    ifinfo->ifname, strerror(errno));
221 	}
222 
223 	/* update counter */
224 	ifinfo->probes++;
225 }
226 
227 void
rtsol_input(int s)228 rtsol_input(int s)
229 {
230 	u_char ntopbuf[INET6_ADDRSTRLEN], ifnamebuf[IFNAMSIZ];
231 	int ifindex = 0, *hlimp = NULL;
232 	struct in6_pktinfo *pi = NULL;
233 	struct ifinfo *ifi = NULL;
234 	struct icmp6_hdr *icp;
235 	struct cmsghdr *cm;
236 	ssize_t i;
237 
238 	/* get message */
239 	if ((i = recvmsg(s, &rcvmhdr, 0)) < 0) {
240 		warnmsg(LOG_ERR, __func__, "recvmsg: %s", strerror(errno));
241 		return;
242 	}
243 
244 	/* extract optional information via Advanced API */
245 	for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(&rcvmhdr); cm;
246 	    cm = (struct cmsghdr *)CMSG_NXTHDR(&rcvmhdr, cm)) {
247 		if (cm->cmsg_level == IPPROTO_IPV6 &&
248 		    cm->cmsg_type == IPV6_PKTINFO &&
249 		    cm->cmsg_len == CMSG_LEN(sizeof(struct in6_pktinfo))) {
250 			pi = (struct in6_pktinfo *)(CMSG_DATA(cm));
251 			ifindex = pi->ipi6_ifindex;
252 		}
253 		if (cm->cmsg_level == IPPROTO_IPV6 &&
254 		    cm->cmsg_type == IPV6_HOPLIMIT &&
255 		    cm->cmsg_len == CMSG_LEN(sizeof(int)))
256 			hlimp = (int *)CMSG_DATA(cm);
257 	}
258 
259 	if (ifindex == 0) {
260 		warnmsg(LOG_ERR, __func__,
261 		    "failed to get receiving interface");
262 		return;
263 	}
264 	if (hlimp == NULL) {
265 		warnmsg(LOG_ERR, __func__,
266 		    "failed to get receiving hop limit");
267 		return;
268 	}
269 
270 	if (i < sizeof(struct nd_router_advert)) {
271 		warnmsg(LOG_ERR, __func__,
272 		    "packet size(%zd) is too short", i);
273 		return;
274 	}
275 
276 	icp = (struct icmp6_hdr *)rcvmhdr.msg_iov[0].iov_base;
277 
278 	if (icp->icmp6_type != ND_ROUTER_ADVERT) {
279 		warnmsg(LOG_ERR, __func__,
280 		    "invalid icmp type(%d) from %s on %s", icp->icmp6_type,
281 		    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
282 		    INET6_ADDRSTRLEN),
283 		    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
284 		return;
285 	}
286 
287 	if (icp->icmp6_code != 0) {
288 		warnmsg(LOG_ERR, __func__,
289 		    "invalid icmp code(%d) from %s on %s", icp->icmp6_code,
290 		    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
291 		    INET6_ADDRSTRLEN),
292 		    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
293 		return;
294 	}
295 
296 	if (*hlimp != 255) {
297 		warnmsg(LOG_NOTICE, __func__,
298 		    "invalid RA with hop limit(%d) from %s on %s",
299 		    *hlimp,
300 		    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
301 		    INET6_ADDRSTRLEN),
302 		    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
303 		return;
304 	}
305 
306 	if (pi && !IN6_IS_ADDR_LINKLOCAL(&from.sin6_addr)) {
307 		warnmsg(LOG_NOTICE, __func__,
308 		    "invalid RA with non link-local source from %s on %s",
309 		    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
310 		    INET6_ADDRSTRLEN),
311 		    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
312 		return;
313 	}
314 
315 	/* xxx: more validation? */
316 
317 	if ((ifi = find_ifinfo(pi->ipi6_ifindex)) == NULL) {
318 		warnmsg(LOG_NOTICE, __func__,
319 		    "received RA from %s on an unexpeced IF(%s)",
320 		    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
321 		    INET6_ADDRSTRLEN),
322 		    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
323 		return;
324 	}
325 
326 	warnmsg(LOG_DEBUG, __func__,
327 	    "received RA from %s on %s, state is %d",
328 	    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf, INET6_ADDRSTRLEN),
329 	    ifi->ifname, ifi->state);
330 
331 	ifi->racnt++;
332 
333 	switch (ifi->state) {
334 	case IFS_IDLE:		/* should be ignored */
335 	case IFS_DELAY:		/* right? */
336 		break;
337 	case IFS_PROBE:
338 		ifi->state = IFS_IDLE;
339 		ifi->probes = 0;
340 		rtsol_timer_update(ifi);
341 		break;
342 	}
343 }
344