2
0

interface-ip.c 30 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185
  1. /*
  2. * netifd - network interface daemon
  3. * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
  4. * Copyright (C) 2012 Steven Barth <steven@midlink.org>
  5. *
  6. * This program is free software; you can redistribute it and/or modify
  7. * it under the terms of the GNU General Public License version 2
  8. * as published by the Free Software Foundation
  9. *
  10. * This program is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. * GNU General Public License for more details.
  14. */
  15. #include <string.h>
  16. #include <stdlib.h>
  17. #include <stdio.h>
  18. #include <unistd.h>
  19. #include <limits.h>
  20. #include <arpa/inet.h>
  21. #include "netifd.h"
  22. #include "device.h"
  23. #include "interface.h"
  24. #include "interface-ip.h"
  25. #include "proto.h"
  26. #include "ubus.h"
  27. #include "system.h"
  28. enum {
  29. ROUTE_INTERFACE,
  30. ROUTE_TARGET,
  31. ROUTE_MASK,
  32. ROUTE_GATEWAY,
  33. ROUTE_METRIC,
  34. ROUTE_MTU,
  35. ROUTE_VALID,
  36. ROUTE_TABLE,
  37. __ROUTE_MAX
  38. };
  39. static const struct blobmsg_policy route_attr[__ROUTE_MAX] = {
  40. [ROUTE_INTERFACE] = { .name = "interface", .type = BLOBMSG_TYPE_STRING },
  41. [ROUTE_TARGET] = { .name = "target", .type = BLOBMSG_TYPE_STRING },
  42. [ROUTE_MASK] = { .name = "netmask", .type = BLOBMSG_TYPE_STRING },
  43. [ROUTE_GATEWAY] = { .name = "gateway", .type = BLOBMSG_TYPE_STRING },
  44. [ROUTE_METRIC] = { .name = "metric", .type = BLOBMSG_TYPE_INT32 },
  45. [ROUTE_MTU] = { .name = "mtu", .type = BLOBMSG_TYPE_INT32 },
  46. [ROUTE_TABLE] = { .name = "table", .type = BLOBMSG_TYPE_STRING },
  47. [ROUTE_VALID] = { .name = "valid", .type = BLOBMSG_TYPE_INT32 },
  48. };
  49. const struct uci_blob_param_list route_attr_list = {
  50. .n_params = __ROUTE_MAX,
  51. .params = route_attr,
  52. };
  53. struct list_head prefixes = LIST_HEAD_INIT(prefixes);
  54. static struct device_prefix *ula_prefix = NULL;
  55. static struct uloop_timeout valid_until_timeout;
  56. static void
  57. clear_if_addr(union if_addr *a, int mask)
  58. {
  59. int m_bytes = (mask + 7) / 8;
  60. uint8_t m_clear = (1 << (m_bytes * 8 - mask)) - 1;
  61. uint8_t *p = (uint8_t *) a;
  62. if (m_bytes < sizeof(a))
  63. memset(p + m_bytes, 0, sizeof(a) - m_bytes);
  64. p[m_bytes - 1] &= ~m_clear;
  65. }
  66. static bool
  67. match_if_addr(union if_addr *a1, union if_addr *a2, int mask)
  68. {
  69. union if_addr *p1, *p2;
  70. p1 = alloca(sizeof(*a1));
  71. p2 = alloca(sizeof(*a2));
  72. memcpy(p1, a1, sizeof(*a1));
  73. clear_if_addr(p1, mask);
  74. memcpy(p2, a2, sizeof(*a2));
  75. clear_if_addr(p2, mask);
  76. return !memcmp(p1, p2, sizeof(*p1));
  77. }
  78. static int set_ip_source_policy(bool add, bool v6, unsigned int priority,
  79. const union if_addr *addr, uint8_t mask, struct interface *iface,
  80. struct interface *in_iface, const char *action)
  81. {
  82. struct iprule rule = {
  83. .flags = IPRULE_PRIORITY,
  84. .priority = priority
  85. };
  86. if (addr) {
  87. rule.flags |= IPRULE_SRC;
  88. rule.src_addr = *addr;
  89. rule.src_mask = mask;
  90. }
  91. if (iface) {
  92. rule.flags |= IPRULE_LOOKUP;
  93. rule.lookup = (v6) ? iface->ip6table : iface->ip4table;
  94. if (!rule.lookup)
  95. return 0;
  96. } else if (action) {
  97. rule.flags |= IPRULE_ACTION;
  98. system_resolve_iprule_action(action, &rule.action);
  99. }
  100. if (in_iface && in_iface->l3_dev.dev) {
  101. rule.flags |= IPRULE_IN;
  102. strcpy(rule.in_dev, in_iface->l3_dev.dev->ifname);
  103. }
  104. rule.flags |= (v6) ? IPRULE_INET6 : IPRULE_INET4;
  105. return (add) ? system_add_iprule(&rule) : system_del_iprule(&rule);
  106. }
  107. static int set_ip_lo_policy(bool add, bool v6, struct interface *iface)
  108. {
  109. struct iprule rule = {
  110. .flags = IPRULE_IN | IPRULE_LOOKUP | IPRULE_PRIORITY,
  111. .priority = IPRULE_PRIORITY_NW + iface->l3_dev.dev->ifindex,
  112. .lookup = (v6) ? iface->ip6table : iface->ip4table,
  113. .in_dev = "lo"
  114. };
  115. if (!rule.lookup)
  116. return 0;
  117. rule.flags |= (v6) ? IPRULE_INET6 : IPRULE_INET4;
  118. return (add) ? system_add_iprule(&rule) : system_del_iprule(&rule);
  119. }
  120. static bool
  121. __find_ip_addr_target(struct interface_ip_settings *ip, union if_addr *a, bool v6)
  122. {
  123. struct device_addr *addr;
  124. vlist_for_each_element(&ip->addr, addr, node) {
  125. if (!addr->enabled)
  126. continue;
  127. if (v6 != ((addr->flags & DEVADDR_FAMILY) == DEVADDR_INET6))
  128. continue;
  129. // Handle offlink addresses correctly
  130. unsigned int mask = addr->mask;
  131. if ((addr->flags & DEVADDR_FAMILY) == DEVADDR_INET6 &&
  132. (addr->flags & DEVADDR_OFFLINK))
  133. mask = 128;
  134. if (!match_if_addr(&addr->addr, a, mask))
  135. continue;
  136. return true;
  137. }
  138. return false;
  139. }
  140. static void
  141. __find_ip_route_target(struct interface_ip_settings *ip, union if_addr *a,
  142. bool v6, struct device_route **res)
  143. {
  144. struct device_route *route;
  145. vlist_for_each_element(&ip->route, route, node) {
  146. if (!route->enabled)
  147. continue;
  148. if (v6 != ((route->flags & DEVADDR_FAMILY) == DEVADDR_INET6))
  149. continue;
  150. if (!match_if_addr(&route->addr, a, route->mask))
  151. continue;
  152. if (route->flags & DEVROUTE_TABLE)
  153. continue;
  154. if (!*res || route->mask < (*res)->mask)
  155. *res = route;
  156. }
  157. }
  158. static bool
  159. interface_ip_find_addr_target(struct interface *iface, union if_addr *a, bool v6)
  160. {
  161. return __find_ip_addr_target(&iface->proto_ip, a, v6) ||
  162. __find_ip_addr_target(&iface->config_ip, a, v6);
  163. }
  164. static void
  165. interface_ip_find_route_target(struct interface *iface, union if_addr *a,
  166. bool v6, struct device_route **route)
  167. {
  168. __find_ip_route_target(&iface->proto_ip, a, v6, route);
  169. __find_ip_route_target(&iface->config_ip, a, v6, route);
  170. }
  171. struct interface *
  172. interface_ip_add_target_route(union if_addr *addr, bool v6, struct interface *iface)
  173. {
  174. struct device_route *route, *r_next = NULL;
  175. bool defaultroute_target = false;
  176. int addrsize = v6 ? sizeof(addr->in6) : sizeof(addr->in);
  177. route = calloc(1, sizeof(*route));
  178. if (!route)
  179. return NULL;
  180. route->flags = v6 ? DEVADDR_INET6 : DEVADDR_INET4;
  181. route->mask = v6 ? 128 : 32;
  182. if (memcmp(&route->addr, addr, addrsize) == 0)
  183. defaultroute_target = true;
  184. else
  185. memcpy(&route->addr, addr, addrsize);
  186. if (iface) {
  187. /* look for locally addressable target first */
  188. if (interface_ip_find_addr_target(iface, addr, v6))
  189. goto done;
  190. /* do not stop at the first route, let the lookup compare
  191. * masks to find the best match */
  192. interface_ip_find_route_target(iface, addr, v6, &r_next);
  193. } else {
  194. vlist_for_each_element(&interfaces, iface, node) {
  195. /* look for locally addressable target first */
  196. if (interface_ip_find_addr_target(iface, addr, v6))
  197. goto done;
  198. /* do not stop at the first route, let the lookup compare
  199. * masks to find the best match */
  200. interface_ip_find_route_target(iface, addr, v6, &r_next);
  201. }
  202. }
  203. if (!r_next) {
  204. free(route);
  205. return NULL;
  206. }
  207. iface = r_next->iface;
  208. memcpy(&route->nexthop, &r_next->nexthop, sizeof(route->nexthop));
  209. route->mtu = r_next->mtu;
  210. route->metric = r_next->metric;
  211. route->table = r_next->table;
  212. done:
  213. route->iface = iface;
  214. if (defaultroute_target)
  215. free(route);
  216. else
  217. vlist_add(&iface->host_routes, &route->node, route);
  218. return iface;
  219. }
  220. void
  221. interface_ip_add_route(struct interface *iface, struct blob_attr *attr, bool v6)
  222. {
  223. struct interface_ip_settings *ip;
  224. struct blob_attr *tb[__ROUTE_MAX], *cur;
  225. struct device_route *route;
  226. int af = v6 ? AF_INET6 : AF_INET;
  227. bool is_proto_route = !!iface;
  228. blobmsg_parse(route_attr, __ROUTE_MAX, tb, blobmsg_data(attr), blobmsg_data_len(attr));
  229. if (!iface) {
  230. if ((cur = tb[ROUTE_INTERFACE]) == NULL)
  231. return;
  232. iface = vlist_find(&interfaces, blobmsg_data(cur), iface, node);
  233. if (!iface)
  234. return;
  235. ip = &iface->config_ip;
  236. } else {
  237. ip = &iface->proto_ip;
  238. }
  239. route = calloc(1, sizeof(*route));
  240. if (!route)
  241. return;
  242. route->flags = v6 ? DEVADDR_INET6 : DEVADDR_INET4;
  243. route->mask = v6 ? 128 : 32;
  244. if ((cur = tb[ROUTE_MASK]) != NULL) {
  245. route->mask = parse_netmask_string(blobmsg_data(cur), v6);
  246. if (route->mask > (v6 ? 128 : 32))
  247. goto error;
  248. }
  249. if ((cur = tb[ROUTE_TARGET]) != NULL) {
  250. if (!parse_ip_and_netmask(af, blobmsg_data(cur), &route->addr, &route->mask)) {
  251. DPRINTF("Failed to parse route target: %s\n", (char *) blobmsg_data(cur));
  252. goto error;
  253. }
  254. }
  255. if ((cur = tb[ROUTE_GATEWAY]) != NULL) {
  256. if (!inet_pton(af, blobmsg_data(cur), &route->nexthop)) {
  257. DPRINTF("Failed to parse route gateway: %s\n", (char *) blobmsg_data(cur));
  258. goto error;
  259. }
  260. }
  261. if ((cur = tb[ROUTE_METRIC]) != NULL) {
  262. route->metric = blobmsg_get_u32(cur);
  263. route->flags |= DEVROUTE_METRIC;
  264. }
  265. if ((cur = tb[ROUTE_MTU]) != NULL) {
  266. route->mtu = blobmsg_get_u32(cur);
  267. route->flags |= DEVROUTE_MTU;
  268. }
  269. // Use source-based routing
  270. if (is_proto_route) {
  271. route->table = (v6) ? iface->ip6table : iface->ip4table;
  272. route->flags |= DEVROUTE_SRCTABLE;
  273. }
  274. if ((cur = tb[ROUTE_TABLE]) != NULL) {
  275. if (!system_resolve_rt_table(blobmsg_data(cur), &route->table)) {
  276. DPRINTF("Failed to resolve routing table: %s\n", (char *) blobmsg_data(cur));
  277. goto error;
  278. }
  279. if (route->table)
  280. route->flags |= DEVROUTE_TABLE;
  281. }
  282. if ((cur = tb[ROUTE_VALID]) != NULL) {
  283. int64_t valid = blobmsg_get_u32(cur);
  284. int64_t valid_until = valid + (int64_t)system_get_rtime();
  285. if (valid_until <= LONG_MAX && valid != 0xffffffffLL) // Catch overflow
  286. route->valid_until = valid_until;
  287. }
  288. vlist_add(&ip->route, &route->node, route);
  289. return;
  290. error:
  291. free(route);
  292. }
  293. static int
  294. addr_cmp(const void *k1, const void *k2, void *ptr)
  295. {
  296. return memcmp(k1, k2, sizeof(struct device_addr) -
  297. offsetof(struct device_addr, flags));
  298. }
  299. static int
  300. route_cmp(const void *k1, const void *k2, void *ptr)
  301. {
  302. const struct device_route *r1 = k1, *r2 = k2;
  303. if (r1->mask != r2->mask)
  304. return r2->mask - r1->mask;
  305. if (r1->metric != r2->metric)
  306. return r1->metric - r2->metric;
  307. if (r1->flags != r2->flags)
  308. return r2->flags - r1->flags;
  309. return memcmp(&r1->addr, &r2->addr, sizeof(r1->addr));
  310. }
  311. static int
  312. prefix_cmp(const void *k1, const void *k2, void *ptr)
  313. {
  314. return memcmp(k1, k2, offsetof(struct device_prefix, pclass) -
  315. offsetof(struct device_prefix, addr));
  316. }
  317. static void
  318. interface_handle_subnet_route(struct interface *iface, struct device_addr *addr, bool add)
  319. {
  320. struct device *dev = iface->l3_dev.dev;
  321. struct device_route route;
  322. memset(&route, 0, sizeof(route));
  323. route.iface = iface;
  324. route.flags = addr->flags;
  325. route.mask = addr->mask;
  326. memcpy(&route.addr, &addr->addr, sizeof(route.addr));
  327. clear_if_addr(&route.addr, route.mask);
  328. if (add) {
  329. route.flags |= DEVADDR_KERNEL;
  330. system_del_route(dev, &route);
  331. if (!(addr->flags & DEVADDR_OFFLINK)) {
  332. route.flags &= ~DEVADDR_KERNEL;
  333. route.metric = iface->metric;
  334. system_add_route(dev, &route);
  335. }
  336. } else {
  337. if (!(addr->flags & DEVADDR_OFFLINK))
  338. system_del_route(dev, &route);
  339. }
  340. }
  341. static void
  342. interface_update_proto_addr(struct vlist_tree *tree,
  343. struct vlist_node *node_new,
  344. struct vlist_node *node_old)
  345. {
  346. struct interface_ip_settings *ip;
  347. struct interface *iface;
  348. struct device *dev;
  349. struct device_addr *a_new = NULL, *a_old = NULL;
  350. bool keep = false;
  351. bool v6 = false;
  352. ip = container_of(tree, struct interface_ip_settings, addr);
  353. iface = ip->iface;
  354. dev = iface->l3_dev.dev;
  355. if (node_new) {
  356. a_new = container_of(node_new, struct device_addr, node);
  357. if ((a_new->flags & DEVADDR_FAMILY) == DEVADDR_INET4 &&
  358. !a_new->broadcast) {
  359. uint32_t mask = ~0;
  360. uint32_t *a = (uint32_t *) &a_new->addr;
  361. mask >>= a_new->mask;
  362. a_new->broadcast = *a | htonl(mask);
  363. }
  364. }
  365. if (node_old)
  366. a_old = container_of(node_old, struct device_addr, node);
  367. if (a_new && a_old) {
  368. keep = true;
  369. if (a_old->flags != a_new->flags ||
  370. a_old->valid_until != a_new->valid_until ||
  371. a_old->preferred_until != a_new->preferred_until)
  372. keep = false;
  373. if ((a_new->flags & DEVADDR_FAMILY) == DEVADDR_INET4 &&
  374. a_new->broadcast != a_old->broadcast)
  375. keep = false;
  376. }
  377. if (node_old) {
  378. if (!(a_old->flags & DEVADDR_EXTERNAL) && a_old->enabled && !keep) {
  379. interface_handle_subnet_route(iface, a_old, false);
  380. if ((a_old->flags & DEVADDR_FAMILY) == DEVADDR_INET6)
  381. v6 = true;
  382. //This is needed for source routing to work correctly. If a device
  383. //has two connections to a network using the same subnet, adding
  384. //only the network-rule will cause packets to be routed through the
  385. //first matching network (source IP matches both masks).
  386. set_ip_source_policy(false, v6, IPRULE_PRIORITY_ADDR, &a_old->addr,
  387. (v6) ? 128 : 32, iface, NULL, NULL);
  388. set_ip_source_policy(false, v6, IPRULE_PRIORITY_NW, &a_old->addr,
  389. a_old->mask, iface, NULL, NULL);
  390. system_del_address(dev, a_old);
  391. }
  392. free(a_old);
  393. }
  394. if (node_new) {
  395. a_new->enabled = true;
  396. if (!(a_new->flags & DEVADDR_EXTERNAL) && !keep) {
  397. system_add_address(dev, a_new);
  398. if ((a_new->flags & DEVADDR_FAMILY) == DEVADDR_INET6)
  399. v6 = true;
  400. set_ip_source_policy(true, v6, IPRULE_PRIORITY_ADDR, &a_new->addr,
  401. (v6) ? 128 : 32, iface, NULL, NULL);
  402. set_ip_source_policy(true, v6, IPRULE_PRIORITY_NW, &a_new->addr,
  403. a_new->mask, iface, NULL, NULL);
  404. if ((a_new->flags & DEVADDR_OFFLINK) || iface->metric)
  405. interface_handle_subnet_route(iface, a_new, true);
  406. }
  407. }
  408. }
  409. static bool
  410. enable_route(struct interface_ip_settings *ip, struct device_route *route)
  411. {
  412. if (ip->no_defaultroute && !route->mask)
  413. return false;
  414. return ip->enabled;
  415. }
  416. static void
  417. interface_update_proto_route(struct vlist_tree *tree,
  418. struct vlist_node *node_new,
  419. struct vlist_node *node_old)
  420. {
  421. struct interface_ip_settings *ip;
  422. struct interface *iface;
  423. struct device *dev;
  424. struct device_route *route_old, *route_new;
  425. bool keep = false;
  426. ip = container_of(tree, struct interface_ip_settings, route);
  427. iface = ip->iface;
  428. dev = iface->l3_dev.dev;
  429. route_old = container_of(node_old, struct device_route, node);
  430. route_new = container_of(node_new, struct device_route, node);
  431. if (node_old && node_new)
  432. keep = !memcmp(&route_old->nexthop, &route_new->nexthop, sizeof(route_old->nexthop));
  433. if (node_old) {
  434. if (!(route_old->flags & DEVADDR_EXTERNAL) && route_old->enabled && !keep)
  435. system_del_route(dev, route_old);
  436. free(route_old);
  437. }
  438. if (node_new) {
  439. bool _enabled = enable_route(ip, route_new);
  440. if (!(route_new->flags & DEVROUTE_METRIC))
  441. route_new->metric = iface->metric;
  442. if (!(route_new->flags & DEVADDR_EXTERNAL) && !keep && _enabled)
  443. system_add_route(dev, route_new);
  444. route_new->iface = iface;
  445. route_new->enabled = _enabled;
  446. }
  447. }
  448. static void
  449. interface_update_host_route(struct vlist_tree *tree,
  450. struct vlist_node *node_new,
  451. struct vlist_node *node_old)
  452. {
  453. struct interface *iface;
  454. struct device *dev;
  455. struct device_route *route_old, *route_new;
  456. iface = container_of(tree, struct interface, host_routes);
  457. dev = iface->l3_dev.dev;
  458. route_old = container_of(node_old, struct device_route, node);
  459. route_new = container_of(node_new, struct device_route, node);
  460. if (node_old) {
  461. system_del_route(dev, route_old);
  462. free(route_old);
  463. }
  464. if (node_new)
  465. system_add_route(dev, route_new);
  466. }
  467. static void
  468. interface_set_prefix_address(struct device_prefix_assignment *assignment,
  469. const struct device_prefix *prefix, struct interface *iface, bool add)
  470. {
  471. const struct interface *uplink = prefix->iface;
  472. if (!iface->l3_dev.dev)
  473. return;
  474. struct device *l3_downlink = iface->l3_dev.dev;
  475. struct device_addr addr;
  476. memset(&addr, 0, sizeof(addr));
  477. addr.addr.in6 = prefix->addr;
  478. addr.addr.in6.s6_addr32[1] |= htonl(assignment->assigned);
  479. addr.addr.in6.s6_addr[15] += 1;
  480. addr.mask = assignment->length;
  481. addr.flags = DEVADDR_INET6;
  482. addr.preferred_until = prefix->preferred_until;
  483. addr.valid_until = prefix->valid_until;
  484. if (!add && assignment->enabled) {
  485. time_t now = system_get_rtime();
  486. addr.preferred_until = now;
  487. if (!addr.valid_until || addr.valid_until - now > 7200)
  488. addr.valid_until = now + 7200;
  489. system_add_address(l3_downlink, &addr);
  490. if (prefix->iface) {
  491. set_ip_source_policy(false, true, IPRULE_PRIORITY_NW, &addr.addr,
  492. addr.mask, prefix->iface, iface, NULL);
  493. set_ip_source_policy(false, true, IPRULE_PRIORITY_REJECT, &addr.addr,
  494. addr.mask, NULL, iface, "unreachable");
  495. }
  496. assignment->enabled = false;
  497. } else if (add && (iface->state == IFS_UP || iface->state == IFS_SETUP)) {
  498. system_add_address(l3_downlink, &addr);
  499. if (prefix->iface && !assignment->enabled) {
  500. set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
  501. addr.mask, NULL, iface, "unreachable");
  502. set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
  503. addr.mask, prefix->iface, iface, NULL);
  504. }
  505. if (uplink && uplink->l3_dev.dev) {
  506. int mtu = system_update_ipv6_mtu(
  507. uplink->l3_dev.dev, 0);
  508. if (mtu > 0)
  509. system_update_ipv6_mtu(l3_downlink, mtu);
  510. }
  511. assignment->enabled = true;
  512. }
  513. }
  514. static bool interface_prefix_assign(struct list_head *list,
  515. struct device_prefix_assignment *assign)
  516. {
  517. int32_t current = 0, asize = (1 << (64 - assign->length)) - 1;
  518. struct device_prefix_assignment *c;
  519. list_for_each_entry(c, list, head) {
  520. if (assign->assigned != -1) {
  521. if (assign->assigned > current && assign->assigned + asize < c->assigned) {
  522. list_add_tail(&assign->head, &c->head);
  523. return true;
  524. }
  525. } else if (assign->assigned == -1) {
  526. current = (current + asize) & (~asize);
  527. if (current + asize < c->assigned) {
  528. assign->assigned = current;
  529. list_add_tail(&assign->head, &c->head);
  530. return true;
  531. }
  532. }
  533. current = (c->assigned + (1 << (64 - c->length)));
  534. }
  535. return false;
  536. }
  537. static void interface_update_prefix_assignments(struct device_prefix *prefix, bool setup)
  538. {
  539. struct device_prefix_assignment *c;
  540. struct interface *iface;
  541. // Delete all assignments
  542. while (!list_empty(&prefix->assignments)) {
  543. c = list_first_entry(&prefix->assignments,
  544. struct device_prefix_assignment, head);
  545. if ((iface = vlist_find(&interfaces, c->name, iface, node)))
  546. interface_set_prefix_address(c, prefix, iface, false);
  547. list_del(&c->head);
  548. free(c);
  549. }
  550. if (!setup)
  551. return;
  552. // End-of-assignment sentinel
  553. c = malloc(sizeof(*c) + 1);
  554. c->assigned = 1 << (64 - prefix->length);
  555. c->length = 64;
  556. c->name[0] = 0;
  557. list_add(&c->head, &prefix->assignments);
  558. // Excluded prefix
  559. if (prefix->excl_length > 0) {
  560. const char name[] = "!excluded";
  561. c = malloc(sizeof(*c) + sizeof(name));
  562. c->assigned = ntohl(prefix->excl_addr.s6_addr32[1]) &
  563. ((1 << (64 - prefix->length)) - 1);
  564. c->length = prefix->excl_length;
  565. memcpy(c->name, name, sizeof(name));
  566. list_add(&c->head, &prefix->assignments);
  567. }
  568. bool assigned_any = false;
  569. struct list_head assign_later = LIST_HEAD_INIT(assign_later);
  570. vlist_for_each_element(&interfaces, iface, node) {
  571. if (iface->assignment_length < 48 ||
  572. iface->assignment_length > 64)
  573. continue;
  574. // Test whether there is a matching class
  575. if (!list_empty(&iface->assignment_classes)) {
  576. bool found = false;
  577. struct interface_assignment_class *c;
  578. list_for_each_entry(c, &iface->assignment_classes, head) {
  579. if (!strcmp(c->name, prefix->pclass)) {
  580. found = true;
  581. break;
  582. }
  583. }
  584. if (!found)
  585. continue;
  586. }
  587. size_t namelen = strlen(iface->name) + 1;
  588. c = malloc(sizeof(*c) + namelen);
  589. c->length = iface->assignment_length;
  590. c->assigned = iface->assignment_hint;
  591. c->enabled = false;
  592. memcpy(c->name, iface->name, namelen);
  593. // First process all custom assignments, put all others in later-list
  594. if (c->assigned == -1 || !interface_prefix_assign(&prefix->assignments, c)) {
  595. if (c->assigned != -1) {
  596. c->assigned = -1;
  597. netifd_log_message(L_WARNING, "Failed to assign requested subprefix "
  598. "of size %hhu for %s, trying other\n", c->length, c->name);
  599. }
  600. list_add_tail(&c->head, &assign_later);
  601. }
  602. if (c->assigned != -1)
  603. assigned_any = true;
  604. }
  605. // Then try to assign all other + failed custom assignments
  606. while (!list_empty(&assign_later)) {
  607. c = list_first_entry(&assign_later, struct device_prefix_assignment, head);
  608. list_del(&c->head);
  609. bool assigned = false;
  610. do {
  611. assigned = interface_prefix_assign(&prefix->assignments, c);
  612. } while (!assigned && ++c->length <= 64);
  613. if (!assigned) {
  614. netifd_log_message(L_WARNING, "Failed to assign subprefix "
  615. "of size %hhu for %s\n", c->length, c->name);
  616. free(c);
  617. } else {
  618. assigned_any = true;
  619. }
  620. }
  621. list_for_each_entry(c, &prefix->assignments, head)
  622. if ((iface = vlist_find(&interfaces, c->name, iface, node)))
  623. interface_set_prefix_address(c, prefix, iface, true);
  624. if (!assigned_any)
  625. netifd_log_message(L_WARNING, "You have delegated IPv6-prefixes but haven't assigned them "
  626. "to any interface. Did you forget to set option ip6assign on your lan-interfaces?");
  627. }
  628. void interface_refresh_assignments(bool hint)
  629. {
  630. static bool refresh = false;
  631. if (!hint && refresh) {
  632. struct device_prefix *p;
  633. list_for_each_entry(p, &prefixes, head)
  634. interface_update_prefix_assignments(p, true);
  635. }
  636. refresh = hint;
  637. }
  638. static void
  639. interface_update_prefix(struct vlist_tree *tree,
  640. struct vlist_node *node_new,
  641. struct vlist_node *node_old)
  642. {
  643. struct device_prefix *prefix_old, *prefix_new;
  644. prefix_old = container_of(node_old, struct device_prefix, node);
  645. prefix_new = container_of(node_new, struct device_prefix, node);
  646. struct device_route route;
  647. memset(&route, 0, sizeof(route));
  648. route.flags = DEVADDR_INET6;
  649. route.metric = INT32_MAX;
  650. route.mask = (node_new) ? prefix_new->length : prefix_old->length;
  651. route.addr.in6 = (node_new) ? prefix_new->addr : prefix_old->addr;
  652. struct device_prefix_assignment *c;
  653. struct interface *iface;
  654. if (node_old && node_new) {
  655. // Move assignments and refresh addresses to update valid times
  656. list_splice(&prefix_old->assignments, &prefix_new->assignments);
  657. list_for_each_entry(c, &prefix_new->assignments, head)
  658. if ((iface = vlist_find(&interfaces, c->name, iface, node)))
  659. interface_set_prefix_address(c, prefix_new, iface, true);
  660. } else if (node_new) {
  661. // Set null-route to avoid routing loops
  662. system_add_route(NULL, &route);
  663. interface_update_prefix_assignments(prefix_new, true);
  664. } else if (node_old) {
  665. // Remove null-route
  666. interface_update_prefix_assignments(prefix_old, false);
  667. system_del_route(NULL, &route);
  668. }
  669. if (node_old) {
  670. list_del(&prefix_old->head);
  671. free(prefix_old);
  672. }
  673. if (node_new)
  674. list_add(&prefix_new->head, &prefixes);
  675. }
  676. struct device_prefix*
  677. interface_ip_add_device_prefix(struct interface *iface, struct in6_addr *addr,
  678. uint8_t length, time_t valid_until, time_t preferred_until,
  679. struct in6_addr *excl_addr, uint8_t excl_length, const char *pclass)
  680. {
  681. if (!pclass)
  682. pclass = (iface) ? iface->name : "local";
  683. struct device_prefix *prefix = calloc(1, sizeof(*prefix) + strlen(pclass) + 1);
  684. prefix->length = length;
  685. prefix->addr = *addr;
  686. prefix->preferred_until = preferred_until;
  687. prefix->valid_until = valid_until;
  688. prefix->iface = iface;
  689. INIT_LIST_HEAD(&prefix->assignments);
  690. if (excl_addr) {
  691. prefix->excl_addr = *excl_addr;
  692. prefix->excl_length = excl_length;
  693. }
  694. strcpy(prefix->pclass, pclass);
  695. if (iface)
  696. vlist_add(&iface->proto_ip.prefix, &prefix->node, &prefix->addr);
  697. else
  698. interface_update_prefix(NULL, &prefix->node, NULL);
  699. return prefix;
  700. }
  701. void
  702. interface_ip_set_ula_prefix(const char *prefix)
  703. {
  704. char buf[INET6_ADDRSTRLEN + 4] = {0}, *saveptr;
  705. if (prefix)
  706. strncpy(buf, prefix, sizeof(buf) - 1);
  707. char *prefixaddr = strtok_r(buf, "/", &saveptr);
  708. struct in6_addr addr;
  709. if (!prefixaddr || inet_pton(AF_INET6, prefixaddr, &addr) < 1) {
  710. if (ula_prefix) {
  711. interface_update_prefix(NULL, NULL, &ula_prefix->node);
  712. ula_prefix = NULL;
  713. }
  714. return;
  715. }
  716. int length;
  717. char *prefixlen = strtok_r(NULL, ",", &saveptr);
  718. if (!prefixlen || (length = atoi(prefixlen)) < 1 || length > 64)
  719. return;
  720. if (!ula_prefix || !IN6_ARE_ADDR_EQUAL(&addr, &ula_prefix->addr) ||
  721. ula_prefix->length != length) {
  722. if (ula_prefix)
  723. interface_update_prefix(NULL, NULL, &ula_prefix->node);
  724. ula_prefix = interface_ip_add_device_prefix(NULL, &addr, length,
  725. 0, 0, NULL, 0, NULL);
  726. }
  727. }
  728. void
  729. interface_add_dns_server(struct interface_ip_settings *ip, const char *str)
  730. {
  731. struct dns_server *s;
  732. s = calloc(1, sizeof(*s));
  733. if (!s)
  734. return;
  735. s->af = AF_INET;
  736. if (inet_pton(s->af, str, &s->addr.in))
  737. goto add;
  738. s->af = AF_INET6;
  739. if (inet_pton(s->af, str, &s->addr.in))
  740. goto add;
  741. free(s);
  742. return;
  743. add:
  744. D(INTERFACE, "Add IPv%c DNS server: %s\n",
  745. s->af == AF_INET6 ? '6' : '4', str);
  746. vlist_simple_add(&ip->dns_servers, &s->node);
  747. }
  748. void
  749. interface_add_dns_server_list(struct interface_ip_settings *ip, struct blob_attr *list)
  750. {
  751. struct blob_attr *cur;
  752. int rem;
  753. blobmsg_for_each_attr(cur, list, rem) {
  754. if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
  755. continue;
  756. if (!blobmsg_check_attr(cur, NULL))
  757. continue;
  758. interface_add_dns_server(ip, blobmsg_data(cur));
  759. }
  760. }
  761. static void
  762. interface_add_dns_search_domain(struct interface_ip_settings *ip, const char *str)
  763. {
  764. struct dns_search_domain *s;
  765. int len = strlen(str);
  766. s = calloc(1, sizeof(*s) + len + 1);
  767. if (!s)
  768. return;
  769. D(INTERFACE, "Add DNS search domain: %s\n", str);
  770. memcpy(s->name, str, len);
  771. vlist_simple_add(&ip->dns_search, &s->node);
  772. }
  773. void
  774. interface_add_dns_search_list(struct interface_ip_settings *ip, struct blob_attr *list)
  775. {
  776. struct blob_attr *cur;
  777. int rem;
  778. blobmsg_for_each_attr(cur, list, rem) {
  779. if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
  780. continue;
  781. if (!blobmsg_check_attr(cur, NULL))
  782. continue;
  783. interface_add_dns_search_domain(ip, blobmsg_data(cur));
  784. }
  785. }
  786. static void
  787. write_resolv_conf_entries(FILE *f, struct interface_ip_settings *ip)
  788. {
  789. struct dns_server *s;
  790. struct dns_search_domain *d;
  791. const char *str;
  792. char buf[INET6_ADDRSTRLEN];
  793. vlist_simple_for_each_element(&ip->dns_servers, s, node) {
  794. str = inet_ntop(s->af, &s->addr, buf, sizeof(buf));
  795. if (!str)
  796. continue;
  797. fprintf(f, "nameserver %s\n", str);
  798. }
  799. vlist_simple_for_each_element(&ip->dns_search, d, node) {
  800. fprintf(f, "search %s\n", d->name);
  801. }
  802. }
  803. void
  804. interface_write_resolv_conf(void)
  805. {
  806. struct interface *iface;
  807. char *path = alloca(strlen(resolv_conf) + 5);
  808. FILE *f;
  809. uint32_t crcold, crcnew;
  810. sprintf(path, "%s.tmp", resolv_conf);
  811. unlink(path);
  812. f = fopen(path, "w+");
  813. if (!f) {
  814. D(INTERFACE, "Failed to open %s for writing\n", path);
  815. return;
  816. }
  817. vlist_for_each_element(&interfaces, iface, node) {
  818. if (iface->state != IFS_UP)
  819. continue;
  820. if (vlist_simple_empty(&iface->proto_ip.dns_search) &&
  821. vlist_simple_empty(&iface->proto_ip.dns_servers) &&
  822. vlist_simple_empty(&iface->config_ip.dns_search) &&
  823. vlist_simple_empty(&iface->config_ip.dns_servers))
  824. continue;
  825. fprintf(f, "# Interface %s\n", iface->name);
  826. write_resolv_conf_entries(f, &iface->config_ip);
  827. if (!iface->proto_ip.no_dns)
  828. write_resolv_conf_entries(f, &iface->proto_ip);
  829. }
  830. fflush(f);
  831. rewind(f);
  832. crcnew = crc32_file(f);
  833. fclose(f);
  834. crcold = crcnew + 1;
  835. f = fopen(resolv_conf, "r");
  836. if (f) {
  837. crcold = crc32_file(f);
  838. fclose(f);
  839. }
  840. if (crcold == crcnew) {
  841. unlink(path);
  842. } else if (rename(path, resolv_conf) < 0) {
  843. D(INTERFACE, "Failed to replace %s\n", resolv_conf);
  844. unlink(path);
  845. }
  846. }
  847. void interface_ip_set_enabled(struct interface_ip_settings *ip, bool enabled)
  848. {
  849. struct device_addr *addr;
  850. struct device_route *route;
  851. struct device *dev;
  852. ip->enabled = enabled;
  853. dev = ip->iface->l3_dev.dev;
  854. if (!dev)
  855. return;
  856. vlist_for_each_element(&ip->addr, addr, node) {
  857. if (addr->enabled == enabled)
  858. continue;
  859. if (enabled)
  860. system_add_address(dev, addr);
  861. else
  862. system_del_address(dev, addr);
  863. addr->enabled = enabled;
  864. }
  865. vlist_for_each_element(&ip->route, route, node) {
  866. bool _enabled = enabled;
  867. if (!enable_route(ip, route))
  868. _enabled = false;
  869. if (route->enabled == _enabled)
  870. continue;
  871. if (_enabled) {
  872. if (!(route->flags & DEVROUTE_METRIC))
  873. route->metric = ip->iface->metric;
  874. system_add_route(dev, route);
  875. } else
  876. system_del_route(dev, route);
  877. route->enabled = _enabled;
  878. }
  879. struct device_prefix *c;
  880. struct device_prefix_assignment *a;
  881. list_for_each_entry(c, &prefixes, head)
  882. list_for_each_entry(a, &c->assignments, head)
  883. if (!strcmp(a->name, ip->iface->name))
  884. interface_set_prefix_address(a, c, ip->iface, enabled);
  885. if (ip->iface && ip->iface->l3_dev.dev) {
  886. set_ip_lo_policy(enabled, true, ip->iface);
  887. set_ip_lo_policy(enabled, false, ip->iface);
  888. set_ip_source_policy(enabled, true, IPRULE_PRIORITY_REJECT + ip->iface->l3_dev.dev->ifindex,
  889. NULL, 0, NULL, ip->iface, "failed_policy");
  890. }
  891. }
  892. void
  893. interface_ip_update_start(struct interface_ip_settings *ip)
  894. {
  895. if (ip != &ip->iface->config_ip) {
  896. vlist_simple_update(&ip->dns_servers);
  897. vlist_simple_update(&ip->dns_search);
  898. }
  899. vlist_update(&ip->route);
  900. vlist_update(&ip->addr);
  901. vlist_update(&ip->prefix);
  902. }
  903. void
  904. interface_ip_update_complete(struct interface_ip_settings *ip)
  905. {
  906. vlist_simple_flush(&ip->dns_servers);
  907. vlist_simple_flush(&ip->dns_search);
  908. vlist_flush(&ip->route);
  909. vlist_flush(&ip->addr);
  910. vlist_flush(&ip->prefix);
  911. interface_write_resolv_conf();
  912. }
  913. void
  914. interface_ip_flush(struct interface_ip_settings *ip)
  915. {
  916. if (ip == &ip->iface->proto_ip)
  917. vlist_flush_all(&ip->iface->host_routes);
  918. vlist_simple_flush_all(&ip->dns_servers);
  919. vlist_simple_flush_all(&ip->dns_search);
  920. vlist_flush_all(&ip->route);
  921. vlist_flush_all(&ip->addr);
  922. vlist_flush_all(&ip->prefix);
  923. }
  924. static void
  925. __interface_ip_init(struct interface_ip_settings *ip, struct interface *iface)
  926. {
  927. ip->iface = iface;
  928. ip->enabled = true;
  929. vlist_simple_init(&ip->dns_search, struct dns_search_domain, node);
  930. vlist_simple_init(&ip->dns_servers, struct dns_server, node);
  931. vlist_init(&ip->route, route_cmp, interface_update_proto_route);
  932. vlist_init(&ip->addr, addr_cmp, interface_update_proto_addr);
  933. vlist_init(&ip->prefix, prefix_cmp, interface_update_prefix);
  934. }
  935. void
  936. interface_ip_init(struct interface *iface)
  937. {
  938. __interface_ip_init(&iface->proto_ip, iface);
  939. __interface_ip_init(&iface->config_ip, iface);
  940. vlist_init(&iface->host_routes, route_cmp, interface_update_host_route);
  941. }
  942. static void
  943. interface_ip_valid_until_handler(struct uloop_timeout *t)
  944. {
  945. time_t now = system_get_rtime();
  946. struct interface *iface;
  947. vlist_for_each_element(&interfaces, iface, node) {
  948. if (iface->state != IFS_UP)
  949. continue;
  950. struct device_addr *addr, *addrp;
  951. struct device_route *route, *routep;
  952. struct device_prefix *pref, *prefp;
  953. vlist_for_each_element_safe(&iface->proto_ip.addr, addr, node, addrp)
  954. if (addr->valid_until && addr->valid_until < now)
  955. vlist_delete(&iface->proto_ip.addr, &addr->node);
  956. vlist_for_each_element_safe(&iface->proto_ip.route, route, node, routep)
  957. if (route->valid_until && route->valid_until < now)
  958. vlist_delete(&iface->proto_ip.route, &route->node);
  959. vlist_for_each_element_safe(&iface->proto_ip.prefix, pref, node, prefp)
  960. if (pref->valid_until && pref->valid_until < now)
  961. vlist_delete(&iface->proto_ip.prefix, &pref->node);
  962. }
  963. uloop_timeout_set(t, 1000);
  964. }
  965. static void __init
  966. interface_ip_init_worker(void)
  967. {
  968. valid_until_timeout.cb = interface_ip_valid_until_handler;
  969. uloop_timeout_set(&valid_until_timeout, 1000);
  970. }