nat46: Refuse link local address as implicit source in 464xlat

[feed/routing.git] / nat46 / src / 464xlatcfg.c
diff --git a/nat46/src/464xlatcfg.c b/nat46/src/464xlatcfg.c

index dfce9d720d29e9a358db404afd782dbce8b20963..f1846161db0e0aa6384e493985380b0836685619 100644 (file)
--- a/nat46/src/464xlatcfg.c
+++ b/nat46/src/464xlatcfg.c
@@ -23,6 +23,10 @@
  #include <stdio.h>
  #include <netdb.h>
  
+static void sighandler(__attribute__((unused)) int signal)
+{
+}
+
  int main(int argc, const char *argv[])
  {
         char buf[INET6_ADDRSTRLEN], prefix[INET6_ADDRSTRLEN + 4];
@@ -48,6 +52,8 @@ int main(int argc, const char *argv[])
         if (!argv[3] || !argv[4] || !(fp = fopen(buf, "wx")))
                 return 1;
  
+       signal(SIGTERM, sighandler);
+
         prefix[sizeof(prefix) - 1] = 0;
         strncpy(prefix, argv[3], sizeof(prefix) - 1);
  
@@ -65,19 +71,39 @@ int main(int argc, const char *argv[])
                 freeaddrinfo(res);
         }
                 
-       struct sockaddr_in6 saddr = {.sin6_family = AF_INET6, .sin6_addr = {{{0x20, 0x01, 0x0d, 0xb8}}}};
-       socklen_t saddrlen = sizeof(saddr);
-       int sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
-       struct icmp6_filter filt;
-       ICMP6_FILTER_SETBLOCKALL(&filt);
-       setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &filt, sizeof(filt));
-       setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[2], strlen(argv[2]));
-       if (connect(sock, (struct sockaddr*)&saddr, sizeof(saddr)) ||
-                       getsockname(sock, (struct sockaddr*)&saddr, &saddrlen))
-               return 3;
+       int i = 0;
+       int sock;
+       struct sockaddr_in6 saddr;
+
+       do {
+               socklen_t saddrlen = sizeof(saddr);
+               struct icmp6_filter filt;
+
+               sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
+               ICMP6_FILTER_SETBLOCKALL(&filt);
+               setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &filt, sizeof(filt));
+               setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[2], strlen(argv[2]));
+               memset(&saddr, 0, sizeof(saddr));
+               saddr.sin6_family = AF_INET6;
+               saddr.sin6_addr.s6_addr32[0] = htonl(0x2001);
+               saddr.sin6_addr.s6_addr32[1] = htonl(0xdb8);
+               if (connect(sock, (struct sockaddr*)&saddr, sizeof(saddr)) ||
+                               getsockname(sock, (struct sockaddr*)&saddr, &saddrlen))
+                       return 3;
+
+               if (!IN6_IS_ADDR_LINKLOCAL(&saddr.sin6_addr) || argv[5])
+                       break;
+
+               close(sock);
+               sleep(3);
+               i++;
+       } while (i < 3);
         
         struct ipv6_mreq mreq = {saddr.sin6_addr, if_nametoindex(argv[2])};
         if (!argv[5]) {
+               if (IN6_IS_ADDR_LINKLOCAL(&mreq.ipv6mr_multiaddr))
+                       return 5;
+
                 srandom(mreq.ipv6mr_multiaddr.s6_addr32[0] ^ mreq.ipv6mr_multiaddr.s6_addr32[1] ^
                                 mreq.ipv6mr_multiaddr.s6_addr32[2] ^ mreq.ipv6mr_multiaddr.s6_addr32[3]);
                 mreq.ipv6mr_multiaddr.s6_addr32[2] = random();
@@ -108,6 +134,12 @@ int main(int argc, const char *argv[])
                 chdir("/");
                 setsid();
                 pause();
+
+               nat46 = fopen("/proc/net/nat46/control", "w");
+               if (nat46) {
+                       fprintf(nat46, "del %s\n", argv[1]);
+                       fclose(nat46);
+               }
         } else {
                 fprintf(fp, "%d\n", pid);
         }