From c6dae8e6b2a82dca6e2e00e17b0bc968a504d7fc Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Wed, 3 Apr 2019 16:29:19 +0200 Subject: [PATCH] router: create ICMPv6 socket per interface Get rid of the global raw ICMPv6 socket by creating a raw ICMPv6 socket per interface. This fixes an open raw ICMPv6 socket in case all ra interfaces are configured as disabled. Signed-off-by: Hans Dedecker --- src/config.c | 1 + src/odhcpd.h | 1 + src/router.c | 241 +++++++++++++++++++++++++++------------------------ 3 files changed, 132 insertions(+), 111 deletions(-) diff --git a/src/config.c b/src/config.c index 3e1b3f1..16f003b 100644 --- a/src/config.c +++ b/src/config.c @@ -430,6 +430,7 @@ int config_parse_interface(void *data, size_t len, const char *name, bool overwr iface->name = strcpy(new_name, name); iface->avl.key = iface->name; + iface->router_event.uloop.fd = -1; iface->dhcpv6_event.uloop.fd = -1; iface->ndp_event.uloop.fd = -1; iface->dhcpv4_event.uloop.fd = -1; diff --git a/src/odhcpd.h b/src/odhcpd.h index 80f416d..42d0954 100644 --- a/src/odhcpd.h +++ b/src/odhcpd.h @@ -209,6 +209,7 @@ struct interface { size_t addr6_len; // RA runtime data + struct odhcpd_event router_event; struct uloop_timeout timer_rs; // DHCPv6 runtime data diff --git a/src/router.c b/src/router.c index 976e28a..9055367 100644 --- a/src/router.c +++ b/src/router.c @@ -38,7 +38,6 @@ static void handle_icmpv6(void *addr, void *data, size_t len, static void trigger_router_advert(struct uloop_timeout *event); static void router_netevent_cb(unsigned long event, struct netevent_handler_info *info); -static struct odhcpd_event router_event = {.uloop = {.fd = -1}, .handle_dgram = handle_icmpv6, }; static struct netevent_handler router_netevent_handler = { .cb = router_netevent_cb, }; static FILE *fp_route = NULL; @@ -48,78 +47,8 @@ static FILE *fp_route = NULL; int router_init(void) { - struct icmp6_filter filt; int ret = 0; - /* Open ICMPv6 socket */ - router_event.uloop.fd = socket(AF_INET6, SOCK_RAW | SOCK_CLOEXEC, IPPROTO_ICMPV6); - if (router_event.uloop.fd < 0) { - syslog(LOG_ERR, "socket(AF_INET6): %m"); - ret = -1; - goto out; - } - - /* Let the kernel compute our checksums */ - int val = 2; - if (setsockopt(router_event.uloop.fd, IPPROTO_RAW, IPV6_CHECKSUM, - &val, sizeof(val)) < 0) { - syslog(LOG_ERR, "setsockopt(IPV6_CHECKSUM): %m"); - ret = -1; - goto out; - } - - /* This is required by RFC 4861 */ - val = 255; - if (setsockopt(router_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, - &val, sizeof(val)) < 0) { - syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_HOPS): %m"); - ret = -1; - goto out; - } - - if (setsockopt(router_event.uloop.fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, - &val, sizeof(val)) < 0) { - syslog(LOG_ERR, "setsockopt(IPV6_UNICAST_HOPS): %m"); - ret = -1; - goto out; - } - - /* We need to know the source interface */ - val = 1; - if (setsockopt(router_event.uloop.fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, - &val, sizeof(val)) < 0) { - syslog(LOG_ERR, "setsockopt(IPV6_RECVPKTINFO): %m"); - ret = -1; - goto out; - } - - if (setsockopt(router_event.uloop.fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, - &val, sizeof(val)) < 0) { - syslog(LOG_ERR, "setsockopt(IPV6_RECVHOPLIMIT): %m"); - ret = -1; - goto out; - } - - /* Don't loop back */ - val = 0; - if (setsockopt(router_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, - &val, sizeof(val)) < 0) { - syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_LOOP): %m"); - ret = -1; - goto out; - } - - /* Filter ICMPv6 package types */ - ICMP6_FILTER_SETBLOCKALL(&filt); - ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt); - ICMP6_FILTER_SETPASS(ND_ROUTER_SOLICIT, &filt); - if (setsockopt(router_event.uloop.fd, IPPROTO_ICMPV6, ICMP6_FILTER, - &filt, sizeof(filt)) < 0) { - syslog(LOG_ERR, "setsockopt(ICMP6_FILTER): %m"); - ret = -1; - goto out; - } - if (!(fp_route = fopen("/proc/net/ipv6_route", "r"))) { syslog(LOG_ERR, "fopen(/proc/net/ipv6_route): %m"); ret = -1; @@ -129,22 +58,12 @@ int router_init(void) if (netlink_add_netevent_handler(&router_netevent_handler) < 0) { syslog(LOG_ERR, "Failed to add netevent handler"); ret = -1; - goto out; } - /* Register socket */ - odhcpd_register(&router_event); out: - if (ret < 0) { - if (router_event.uloop.fd > 0) { - close(router_event.uloop.fd); - router_event.uloop.fd = -1; - } - - if (fp_route) { - fclose(fp_route); - fp_route = NULL; - } + if (ret < 0 && fp_route) { + fclose(fp_route); + fp_route = NULL; } return ret; @@ -153,48 +72,149 @@ out: int router_setup_interface(struct interface *iface, bool enable) { - struct ipv6_mreq mreq; int ret = 0; - if (!fp_route || router_event.uloop.fd < 0) { + if (!fp_route) { ret = -1; goto out; } - uloop_timeout_cancel(&iface->timer_rs); - iface->timer_rs.cb = NULL; - memset(&mreq, 0, sizeof(mreq)); - mreq.ipv6mr_interface = iface->ifindex; - inet_pton(AF_INET6, ALL_IPV6_NODES, &mreq.ipv6mr_multiaddr); - setsockopt(router_event.uloop.fd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP, - &mreq, sizeof(mreq)); + if ((!enable || iface->ra == MODE_DISABLED) && iface->router_event.uloop.fd >= 0) { + if (!iface->master) { + uloop_timeout_cancel(&iface->timer_rs); + iface->timer_rs.cb = NULL; - inet_pton(AF_INET6, ALL_IPV6_ROUTERS, &mreq.ipv6mr_multiaddr); - setsockopt(router_event.uloop.fd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP, - &mreq, sizeof(mreq)); - - if (!enable) { - if (iface->ra == MODE_SERVER || (iface->ra == MODE_RELAY && !iface->master)) trigger_router_advert(&iface->timer_rs); - } else { + } + + uloop_fd_delete(&iface->router_event.uloop); + close(iface->router_event.uloop.fd); + iface->router_event.uloop.fd = -1; + } else if (enable && iface->ra != MODE_DISABLED) { + struct icmp6_filter filt; + struct ipv6_mreq mreq; + int val = 2; + + if (iface->router_event.uloop.fd < 0) { + /* Open ICMPv6 socket */ + iface->router_event.uloop.fd = socket(AF_INET6, SOCK_RAW | SOCK_CLOEXEC, + IPPROTO_ICMPV6); + if (iface->router_event.uloop.fd < 0) { + syslog(LOG_ERR, "socket(AF_INET6): %m"); + ret = -1; + goto out; + } + + if (setsockopt(iface->router_event.uloop.fd, SOL_SOCKET, SO_BINDTODEVICE, + iface->ifname, strlen(iface->ifname)) < 0) { + syslog(LOG_ERR, "setsockopt(SO_BINDTODEVICE): %m"); + ret = -1; + goto out; + } + + /* Let the kernel compute our checksums */ + if (setsockopt(iface->router_event.uloop.fd, IPPROTO_RAW, IPV6_CHECKSUM, + &val, sizeof(val)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_CHECKSUM): %m"); + ret = -1; + goto out; + } + + /* This is required by RFC 4861 */ + val = 255; + if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, + &val, sizeof(val)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_HOPS): %m"); + ret = -1; + goto out; + } + + if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, + &val, sizeof(val)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_UNICAST_HOPS): %m"); + ret = -1; + goto out; + } + + /* We need to know the source interface */ + val = 1; + if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, + &val, sizeof(val)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_RECVPKTINFO): %m"); + ret = -1; + goto out; + } + + if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, + &val, sizeof(val)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_RECVHOPLIMIT): %m"); + ret = -1; + goto out; + } + + /* Don't loop back */ + val = 0; + if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, + &val, sizeof(val)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_LOOP): %m"); + ret = -1; + goto out; + } + + /* Filter ICMPv6 package types */ + ICMP6_FILTER_SETBLOCKALL(&filt); + ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt); + ICMP6_FILTER_SETPASS(ND_ROUTER_SOLICIT, &filt); + if (setsockopt(iface->router_event.uloop.fd, IPPROTO_ICMPV6, ICMP6_FILTER, + &filt, sizeof(filt)) < 0) { + syslog(LOG_ERR, "setsockopt(ICMP6_FILTER): %m"); + ret = -1; + goto out; + } + + iface->router_event.handle_dgram = handle_icmpv6; + odhcpd_register(&iface->router_event); + } else { + uloop_timeout_cancel(&iface->timer_rs); + iface->timer_rs.cb = NULL; + + memset(&mreq, 0, sizeof(mreq)); + mreq.ipv6mr_interface = iface->ifindex; + inet_pton(AF_INET6, ALL_IPV6_NODES, &mreq.ipv6mr_multiaddr); + setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP, + &mreq, sizeof(mreq)); + + inet_pton(AF_INET6, ALL_IPV6_ROUTERS, &mreq.ipv6mr_multiaddr); + setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP, + &mreq, sizeof(mreq)); + } + + memset(&mreq, 0, sizeof(mreq)); + mreq.ipv6mr_interface = iface->ifindex; + inet_pton(AF_INET6, ALL_IPV6_ROUTERS, &mreq.ipv6mr_multiaddr); + if (iface->ra == MODE_RELAY && iface->master) { inet_pton(AF_INET6, ALL_IPV6_NODES, &mreq.ipv6mr_multiaddr); forward_router_solicitation(iface); - } else if (iface->ra == MODE_SERVER && !iface->master) { + } else if (iface->ra == MODE_SERVER) { iface->timer_rs.cb = trigger_router_advert; uloop_timeout_set(&iface->timer_rs, 1000); } - if (iface->ra == MODE_RELAY || (iface->ra == MODE_SERVER && !iface->master)) { - if (setsockopt(router_event.uloop.fd, IPPROTO_IPV6, - IPV6_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0) { - ret = -1; - syslog(LOG_ERR, "setsockopt(IPV6_ADD_MEMBERSHIP): %m"); - } + if (setsockopt(iface->router_event.uloop.fd, IPPROTO_IPV6, + IPV6_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0) { + ret = -1; + syslog(LOG_ERR, "setsockopt(IPV6_ADD_MEMBERSHIP): %m"); + goto out; } } out: + if (ret < 0 && iface->router_event.uloop.fd >= 0) { + close(iface->router_event.uloop.fd); + iface->router_event.uloop.fd = -1; + } + return ret; } @@ -677,8 +697,7 @@ static uint64_t send_router_advert(struct interface *iface, const struct in6_add syslog(LOG_INFO, "Sending a RA on %s", iface->name); - odhcpd_send(router_event.uloop.fd, - &dest, iov, ARRAY_SIZE(iov), iface); + odhcpd_send(iface->router_event.uloop.fd, &dest, iov, ARRAY_SIZE(iov), iface); free(pfxs); free(routes); @@ -743,7 +762,7 @@ static void forward_router_solicitation(const struct interface *iface) all_routers.sin6_scope_id = iface->ifindex; syslog(LOG_NOTICE, "Sending RS to %s", iface->name); - odhcpd_send(router_event.uloop.fd, &all_routers, &iov, 1, iface); + odhcpd_send(iface->router_event.uloop.fd, &all_routers, &iov, 1, iface); } @@ -813,6 +832,6 @@ static void forward_router_advertisement(const struct interface *iface, uint8_t syslog(LOG_NOTICE, "Forward a RA on %s", c->name); - odhcpd_send(router_event.uloop.fd, &all_nodes, &iov, 1, c); + odhcpd_send(c->router_event.uloop.fd, &all_nodes, &iov, 1, c); } } -- 2.30.2