static int ping_socket = -1;
-// Filter ICMPv6 messages of type neighbor soliciation
+/* Filter ICMPv6 messages of type neighbor soliciation */
static struct sock_filter bpf[] = {
BPF_STMT(BPF_LD | BPF_B | BPF_ABS, offsetof(struct ip6_hdr, ip6_nxt)),
BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, IPPROTO_ICMPV6, 0, 3),
static const struct sock_fprog bpf_prog = {sizeof(bpf) / sizeof(*bpf), bpf};
static struct netevent_handler ndp_netevent_handler = { .cb = ndp_netevent_cb, };
-// Initialize NDP-proxy
+/* Initialize NDP-proxy */
int ndp_init(void)
{
- int val = 2;
+ struct icmp6_filter filt;
+ int val = 2, ret = 0;
- // Open ICMPv6 socket
+ /* Open ICMPv6 socket */
ping_socket = socket(AF_INET6, SOCK_RAW | SOCK_CLOEXEC, IPPROTO_ICMPV6);
if (ping_socket < 0) {
- syslog(LOG_ERR, "Unable to open raw socket: %m");
- return -1;
+ syslog(LOG_ERR, "socket(AF_INET6): %m");
+ ret = -1;
+ goto out;
}
- setsockopt(ping_socket, IPPROTO_RAW, IPV6_CHECKSUM, &val, sizeof(val));
+ if (setsockopt(ping_socket, IPPROTO_RAW, IPV6_CHECKSUM,
+ &val, sizeof(val)) < 0) {
+ syslog(LOG_ERR, "setsockopt(IPV6_CHECKSUM): %m");
+ ret = -1;
+ goto out;
+ }
- // This is required by RFC 4861
+ /* This is required by RFC 4861 */
val = 255;
- setsockopt(ping_socket, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &val, sizeof(val));
- setsockopt(ping_socket, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &val, sizeof(val));
+ if (setsockopt(ping_socket, IPPROTO_IPV6, IPV6_MULTICAST_HOPS,
+ &val, sizeof(val)) < 0) {
+ syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_HOPS): %m");
+ ret = -1;
+ goto out;
+ }
- // Filter all packages, we only want to send
- struct icmp6_filter filt;
+ if (setsockopt(ping_socket, IPPROTO_IPV6, IPV6_UNICAST_HOPS,
+ &val, sizeof(val)) < 0) {
+ syslog(LOG_ERR, "setsockopt(IPV6_UNICAST_HOPS): %m");
+ ret = -1;
+ goto out;
+ }
+
+ /* Filter all packages, we only want to send */
ICMP6_FILTER_SETBLOCKALL(&filt);
- setsockopt(ping_socket, IPPROTO_ICMPV6, ICMP6_FILTER, &filt, sizeof(filt));
+ if (setsockopt(ping_socket, IPPROTO_ICMPV6, ICMP6_FILTER,
+ &filt, sizeof(filt)) < 0) {
+ syslog(LOG_ERR, "setsockopt(ICMP6_FILTER): %m");
+ ret = -1;
+ goto out;
+ }
netlink_add_netevent_handler(&ndp_netevent_handler);
- return 0;
+out:
+ if (ret < 0 && ping_socket >= 0) {
+ close(ping_socket);
+ ping_socket = -1;
+ }
+
+ return ret;
}
int ndp_setup_interface(struct interface *iface, bool enable)
goto out;
}
- if (iface->ndp_event.uloop.fd > 0) {
+ if (iface->ndp_event.uloop.fd >= 0) {
uloop_fd_delete(&iface->ndp_event.uloop);
close(iface->ndp_event.uloop.fd);
iface->ndp_event.uloop.fd = -1;
}
if (enable && iface->ndp == MODE_RELAY) {
+ struct sockaddr_ll ll;
+ struct packet_mreq mreq;
+
if (write(procfd, "1\n", 2) < 0) {}
- int sock = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, htons(ETH_P_IPV6));
- if (sock < 0) {
- syslog(LOG_ERR, "Unable to open packet socket: %m");
+ iface->ndp_event.uloop.fd = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, htons(ETH_P_IPV6));
+ if (iface->ndp_event.uloop.fd < 0) {
+ syslog(LOG_ERR, "socket(AF_PACKET): %m");
ret = -1;
goto out;
}
#ifdef PACKET_RECV_TYPE
int pktt = 1 << PACKET_MULTICAST;
- setsockopt(sock, SOL_PACKET, PACKET_RECV_TYPE, &pktt, sizeof(pktt));
+ if (setsockopt(iface->ndp_event.uloop.fd, SOL_PACKET, PACKET_RECV_TYPE,
+ &pktt, sizeof(pktt)) < 0) {
+ syslog(LOG_ERR, "setsockopt(PACKET_RECV_TYPE): %m");
+ ret = -1;
+ goto out;
+ }
#endif
- if (setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER,
+ if (setsockopt(iface->ndp_event.uloop.fd, SOL_SOCKET, SO_ATTACH_FILTER,
&bpf_prog, sizeof(bpf_prog))) {
- syslog(LOG_ERR, "Failed to set BPF: %m");
+ syslog(LOG_ERR, "setsockopt(SO_ATTACH_FILTER): %m");
+ ret = -1;
+ goto out;
+ }
+
+ memset(&ll, 0, sizeof(ll));
+ ll.sll_family = AF_PACKET;
+ ll.sll_ifindex = iface->ifindex;
+ ll.sll_protocol = htons(ETH_P_IPV6);
+
+ if (bind(iface->ndp_event.uloop.fd, (struct sockaddr*)&ll, sizeof(ll)) < 0) {
+ syslog(LOG_ERR, "bind(): %m");
+ ret = -1;
+ goto out;
+ }
+
+ memset(&mreq, 0, sizeof(mreq));
+ mreq.mr_ifindex = iface->ifindex;
+ mreq.mr_type = PACKET_MR_ALLMULTI;
+ mreq.mr_alen = ETH_ALEN;
+
+ if (setsockopt(iface->ndp_event.uloop.fd, SOL_PACKET, PACKET_ADD_MEMBERSHIP,
+ &mreq, sizeof(mreq)) < 0) {
+ syslog(LOG_ERR, "setsockopt(PACKET_ADD_MEMBERSHIP): %m");
ret = -1;
goto out;
}
- struct sockaddr_ll ll = {
- .sll_family = AF_PACKET,
- .sll_ifindex = iface->ifindex,
- .sll_protocol = htons(ETH_P_IPV6),
- .sll_hatype = 0,
- .sll_pkttype = 0,
- .sll_halen = 0,
- .sll_addr = {0},
- };
- bind(sock, (struct sockaddr*)&ll, sizeof(ll));
-
- struct packet_mreq mreq = {iface->ifindex, PACKET_MR_ALLMULTI, ETH_ALEN, {0}};
- setsockopt(sock, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
-
- iface->ndp_event.uloop.fd = sock;
iface->ndp_event.handle_dgram = handle_solicit;
odhcpd_register(&iface->ndp_event);
- // If we already were enabled dump is unnecessary, if not do dump
+ /* If we already were enabled dump is unnecessary, if not do dump */
if (!dump_neigh)
netlink_dump_neigh_table(false);
else
if (dump_neigh)
netlink_dump_neigh_table(true);
-out:
+ out:
+ if (ret < 0 && iface->ndp_event.uloop.fd >= 0) {
+ close(iface->ndp_event.uloop.fd);
+ iface->ndp_event.uloop.fd = -1;
+ }
+
if (procfd >= 0)
close(procfd);
}
}
-// Send an ICMP-ECHO. This is less for actually pinging but for the
-// neighbor cache to be kept up-to-date.
+/* Send an ICMP-ECHO. This is less for actually pinging but for the
+ * neighbor cache to be kept up-to-date. */
static void ping6(struct in6_addr *addr,
const struct interface *iface)
{
char ipbuf[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6, addr, ipbuf, sizeof(ipbuf));
- syslog(LOG_NOTICE, "Pinging for %s%%%s", ipbuf, iface->ifname);
+ syslog(LOG_NOTICE, "Pinging for %s on %s", ipbuf, iface->name);
netlink_setup_route(addr, 128, iface->ifindex, NULL, 128, true);
odhcpd_send(ping_socket, &dest, &iov, 1, iface);
netlink_setup_route(addr, 128, iface->ifindex, NULL, 128, false);
}
-// Handle solicitations
+/* Handle solicitations */
static void handle_solicit(void *addr, void *data, size_t len,
struct interface *iface, _unused void *dest)
{
struct ip6_hdr *ip6 = data;
struct nd_neighbor_solicit *req = (struct nd_neighbor_solicit*)&ip6[1];
struct sockaddr_ll *ll = addr;
+ struct interface *c;
char ipbuf[INET6_ADDRSTRLEN];
uint8_t mac[6];
- // Solicitation is for duplicate address detection
+ /* Solicitation is for duplicate address detection */
bool ns_is_dad = IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src);
- // Don't process solicit messages on non relay interfaces
- // Don't forward any non-DAD solicitation for external ifaces
- // TODO: check if we should even forward DADs for them
+ /* Don't process solicit messages on non relay interfaces
+ * Don't forward any non-DAD solicitation for external ifaces
+ * TODO: check if we should even forward DADs for them */
if (iface->ndp != MODE_RELAY || (iface->external && !ns_is_dad))
return;
if (IN6_IS_ADDR_LINKLOCAL(&req->nd_ns_target) ||
IN6_IS_ADDR_LOOPBACK(&req->nd_ns_target) ||
IN6_IS_ADDR_MULTICAST(&req->nd_ns_target))
- return; // Invalid target
+ return; /* Invalid target */
inet_ntop(AF_INET6, &req->nd_ns_target, ipbuf, sizeof(ipbuf));
- syslog(LOG_DEBUG, "Got a NS for %s%%%s", ipbuf, iface->ifname);
+ syslog(LOG_DEBUG, "Got a NS for %s on %s", ipbuf, iface->name);
odhcpd_get_mac(iface, mac);
if (!memcmp(ll->sll_addr, mac, sizeof(mac)))
- return; // Looped back
+ return; /* Looped back */
- struct interface *c;
- list_for_each_entry(c, &interfaces, head)
+ avl_for_each_element(&interfaces, c, avl) {
if (iface != c && c->ndp == MODE_RELAY &&
(ns_is_dad || !c->external))
ping6(&req->nd_ns_target, c);
+ }
}
-// Use rtnetlink to modify kernel routes
+/* Use rtnetlink to modify kernel routes */
static void setup_route(struct in6_addr *addr, struct interface *iface, bool add)
{
char ipbuf[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6, addr, ipbuf, sizeof(ipbuf));
- syslog(LOG_NOTICE, "%s about %s%s%%%s",
+ syslog(LOG_NOTICE, "%s about %s%s on %s",
(add) ? "Learning" : "Forgetting",
iface->learn_routes ? "proxy routing for " : "",
- ipbuf, iface->ifname);
+ ipbuf, iface->name);
if (iface->learn_routes)
netlink_setup_route(addr, 128, iface->ifindex, NULL, 1024, add);
inet_ntop(AF_INET6, addr, ipbuf, sizeof(ipbuf));
- list_for_each_entry(c, &interfaces, head) {
- if (iface == c || (c->ndp != MODE_RELAY && !add))
+ avl_for_each_element(&interfaces, c, avl) {
+ if (iface == c || c->ndp != MODE_RELAY)
continue;
- bool neigh_add = (c->ndp == MODE_RELAY ? add : false);
-
- if (netlink_setup_proxy_neigh(addr, c->ifindex, neigh_add))
- syslog(LOG_DEBUG, "Failed to %s proxy neighbour entry %s%%%s",
- neigh_add ? "add" : "delete", ipbuf, c->ifname);
+ if (netlink_setup_proxy_neigh(addr, c->ifindex, add))
+ syslog(LOG_DEBUG, "Failed to %s proxy neighbour entry %s on %s",
+ add ? "add" : "delete", ipbuf, c->name);
else
- syslog(LOG_DEBUG, "%s proxy neighbour entry %s%%%s",
- neigh_add ? "Added" : "Deleted", ipbuf, c->ifname);
+ syslog(LOG_DEBUG, "%s proxy neighbour entry %s on %s",
+ add ? "Added" : "Deleted", ipbuf, c->name);
}
}