src/libsystemd-network/icmp6-util.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

/* SPDX-License-Identifier: LGPL-2.1-or-later */
/***
  Copyright © 2014 Intel Corporation. All rights reserved.
***/

/* Make sure the net/if.h header is included before any linux/ one */
#include <net/if.h>
#include <errno.h>
#include <linux/if_packet.h>
#include <netinet/icmp6.h>
#include <netinet/in.h>
#include <netinet/ip6.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>

#include "fd-util.h"
#include "icmp6-util.h"
#include "in-addr-util.h"
#include "iovec-util.h"
#include "network-common.h"
#include "socket-util.h"

int icmp6_bind(int ifindex, bool is_router) {
        struct icmp6_filter filter = {};
        struct ipv6_mreq mreq;
        _cleanup_close_ int s = -EBADF;
        int r;

        assert(ifindex > 0);

        ICMP6_FILTER_SETBLOCKALL(&filter);
        if (is_router) {
                mreq = (struct ipv6_mreq) {
                        .ipv6mr_multiaddr = IN6_ADDR_ALL_ROUTERS_MULTICAST,
                        .ipv6mr_interface = ifindex,
                };
                ICMP6_FILTER_SETPASS(ND_ROUTER_SOLICIT, &filter);
        } else {
                mreq = (struct ipv6_mreq) {
                        .ipv6mr_multiaddr = IN6_ADDR_ALL_NODES_MULTICAST,
                        .ipv6mr_interface = ifindex,
                };
                ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filter);
                ICMP6_FILTER_SETPASS(ND_NEIGHBOR_ADVERT, &filter);
                ICMP6_FILTER_SETPASS(ND_REDIRECT, &filter);
        }

        s = socket(AF_INET6, SOCK_RAW | SOCK_CLOEXEC | SOCK_NONBLOCK, IPPROTO_ICMPV6);
        if (s < 0)
                return -errno;

        if (setsockopt(s, IPPROTO_ICMPV6, ICMP6_FILTER, &filter, sizeof(filter)) < 0)
                return -errno;

        if (setsockopt(s, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0)
                return -errno;

        /* RFC 3315, section 6.7, bullet point 2 may indicate that an IPV6_PKTINFO socket option also applies
         * for ICMPv6 multicast. Empirical experiments indicates otherwise and therefore an IPV6_MULTICAST_IF
         * socket option is used here instead. */
        r = setsockopt_int(s, IPPROTO_IPV6, IPV6_MULTICAST_IF, ifindex);
        if (r < 0)
                return r;

        r = setsockopt_int(s, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, false);
        if (r < 0)
                return r;

        r = setsockopt_int(s, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, 255);
        if (r < 0)
                return r;

        r = setsockopt_int(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, 255);
        if (r < 0)
                return r;

        r = setsockopt_int(s, SOL_IPV6, IPV6_RECVHOPLIMIT, true);
        if (r < 0)
                return r;

        r = setsockopt_int(s, SOL_SOCKET, SO_TIMESTAMP, true);
        if (r < 0)
                return r;

        r = socket_bind_to_ifindex(s, ifindex);
        if (r < 0)
                return r;

        return TAKE_FD(s);
}

int icmp6_send(int fd, const struct in6_addr *dst, const struct iovec *iov, size_t n_iov) {
        struct sockaddr_in6 sa = {
                .sin6_family = AF_INET6,
                .sin6_addr = *ASSERT_PTR(dst),
        };
        struct msghdr msg = {
                .msg_name = &sa,
                .msg_namelen = sizeof(struct sockaddr_in6),
                .msg_iov = (struct iovec*) iov,
                .msg_iovlen = n_iov,
        };

        assert(fd >= 0);

        if (sendmsg(fd, &msg, 0) < 0)
                return -errno;

        return 0;
}

int icmp6_receive(
                int fd,
                void *buffer,
                size_t size,
                struct in6_addr *ret_sender,
                triple_timestamp *ret_timestamp) {

        /* This needs to be initialized with zero. See #20741. */
        CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int)) + /* ttl */
                         CMSG_SPACE_TIMEVAL) control = {};
        struct iovec iov = { buffer, size };
        union sockaddr_union sa = {};
        struct msghdr msg = {
                .msg_name = &sa.sa,
                .msg_namelen = sizeof(sa),
                .msg_iov = &iov,
                .msg_iovlen = 1,
                .msg_control = &control,
                .msg_controllen = sizeof(control),
        };
        ssize_t len;

        len = recvmsg_safe(fd, &msg, MSG_DONTWAIT);
        if (len < 0)
                return (int) len;

        if ((size_t) len != size)
                return -EINVAL;

        if (msg.msg_namelen != sizeof(struct sockaddr_in6) || sa.in6.sin6_family != AF_INET6)
                return -EPFNOSUPPORT;

        if (!in6_addr_is_link_local(&sa.in6.sin6_addr) && !in6_addr_is_null(&sa.in6.sin6_addr))
                return -EADDRNOTAVAIL;

        assert(!(msg.msg_flags & MSG_TRUNC));

        int *hops = CMSG_FIND_DATA(&msg, SOL_IPV6, IPV6_HOPLIMIT, int);
        if (hops && *hops != 255)
                return -EMULTIHOP;

        if (ret_timestamp)
                triple_timestamp_from_cmsg(ret_timestamp, &msg);
        if (ret_sender)
                *ret_sender = sa.in6.sin6_addr;
        return 0;
}