From 01bfec4c333d906ca4d2230c804dfe361779f42f Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Tue, 14 Jul 2015 17:56:38 +0200 Subject: [PATCH] Remove unsolicited unicast RAs, adjust intervals --- src/config.c | 5 +++++ src/ndp.c | 5 ----- src/odhcpd.c | 55 ---------------------------------------------- src/odhcpd.h | 5 +---- src/router.c | 61 +++++++++++++++++++++------------------------------- src/router.h | 6 ++---- 6 files changed, 33 insertions(+), 104 deletions(-) diff --git a/src/config.c b/src/config.c index f9ad3b8..7d870f1 100644 --- a/src/config.c +++ b/src/config.c @@ -40,6 +40,7 @@ enum { IFACE_ATTR_RA_OFFLINK, IFACE_ATTR_RA_PREFERENCE, IFACE_ATTR_RA_ADVROUTER, + IFACE_ATTR_RA_MAXINTERVAL, IFACE_ATTR_PD_MANAGER, IFACE_ATTR_PD_CER, IFACE_ATTR_NDPROXY_ROUTING, @@ -74,6 +75,7 @@ static const struct blobmsg_policy iface_attrs[IFACE_ATTR_MAX] = { [IFACE_ATTR_RA_OFFLINK] = { .name = "ra_offlink", .type = BLOBMSG_TYPE_BOOL }, [IFACE_ATTR_RA_PREFERENCE] = { .name = "ra_preference", .type = BLOBMSG_TYPE_STRING }, [IFACE_ATTR_RA_ADVROUTER] = { .name = "ra_advrouter", .type = BLOBMSG_TYPE_BOOL }, + [IFACE_ATTR_RA_MAXINTERVAL] = { .name = "ra_maxinterval", .type = BLOBMSG_TYPE_INT32 }, [IFACE_ATTR_NDPROXY_ROUTING] = { .name = "ndproxy_routing", .type = BLOBMSG_TYPE_BOOL }, [IFACE_ATTR_NDPROXY_SLAVE] = { .name = "ndproxy_slave", .type = BLOBMSG_TYPE_BOOL }, }; @@ -515,6 +517,9 @@ int config_parse_interface(void *data, size_t len, const char *name, bool overwr if ((c = tb[IFACE_ATTR_RA_ADVROUTER])) iface->ra_advrouter = blobmsg_get_bool(c); + if ((c = tb[IFACE_ATTR_RA_MAXINTERVAL])) + iface->ra_maxinterval = blobmsg_get_u32(c); + if ((c = tb[IFACE_ATTR_RA_PREFERENCE])) { const char *prio = blobmsg_get_string(c); diff --git a/src/ndp.c b/src/ndp.c index d5e9a39..d1683b9 100644 --- a/src/ndp.c +++ b/src/ndp.c @@ -324,11 +324,6 @@ static void handle_rtnetlink(_unused void *addr, void *data, size_t len, if (!iface) continue; - // Keep-alive neighbor entries for RA sending - if (nh->nlmsg_type == RTM_DELNEIGH && !(ndm->ndm_state & NUD_FAILED) && - addr && IN6_IS_ADDR_LINKLOCAL(addr) && iface->ra == RELAYD_SERVER) - ping6(addr, iface); - // Address not specified or unrelated if (!addr || IN6_IS_ADDR_LINKLOCAL(addr) || IN6_IS_ADDR_MULTICAST(addr)) diff --git a/src/odhcpd.c b/src/odhcpd.c index c411542..5774a4f 100644 --- a/src/odhcpd.c +++ b/src/odhcpd.c @@ -188,61 +188,6 @@ ssize_t odhcpd_send(int socket, struct sockaddr_in6 *dest, } -int odhcpd_iterate_interface_neighbors(const struct interface *iface, - void(*cb_neigh)(const struct in6_addr *addr, - const struct interface *iface, void *data), void *data) -{ - struct { - struct nlmsghdr nhm; - struct ndmsg ndm; - } req = {{sizeof(req), RTM_GETNEIGH, NLM_F_REQUEST | NLM_F_DUMP, - ++rtnl_seq, 0}, {AF_INET6, 0, 0, iface->ifindex, 0, 0, 0}}; - - if (send(rtnl_socket, &req, sizeof(req), 0) < (ssize_t)sizeof(req)) - return -1; - - uint8_t buf[8192]; - ssize_t len = 0; - - for (struct nlmsghdr *nhm = NULL; ; nhm = NLMSG_NEXT(nhm, len)) { - while (len < 0 || !NLMSG_OK(nhm, (size_t)len)) { - len = recv(rtnl_socket, buf, sizeof(buf), 0); - nhm = (struct nlmsghdr*)buf; - if (len < 0 || !NLMSG_OK(nhm, (size_t)len)) { - if (errno == EINTR) - continue; - else - return -1; - } - } - - if (nhm->nlmsg_type != RTM_NEWNEIGH) - break; - - struct ndmsg *ndm = NLMSG_DATA(nhm); - if (ndm->ndm_ifindex != iface->ifindex || - !(ndm->ndm_state & (NUD_STALE | NUD_REACHABLE | NUD_PERMANENT))) - continue; - - struct rtattr *rta = (struct rtattr*)&ndm[1]; - size_t alen = NLMSG_PAYLOAD(nhm, sizeof(*ndm)); - - while (RTA_OK(rta, alen)) { - if (rta->rta_type == NDA_DST && - RTA_PAYLOAD(rta) == sizeof(struct in6_addr)) { - cb_neigh(RTA_DATA(rta), iface, data); - break; - } else { - rta = RTA_NEXT(rta, alen); - } - } - - } - - return 0; -} - - // Detect an IPV6-address currently assigned to the given interface ssize_t odhcpd_get_interface_addresses(int ifindex, struct odhcpd_ipaddr *addrs, size_t cnt) diff --git a/src/odhcpd.h b/src/odhcpd.h index 729b629..ab24674 100644 --- a/src/odhcpd.h +++ b/src/odhcpd.h @@ -143,6 +143,7 @@ struct interface { int default_router; int managed; int route_preference; + int ra_maxinterval; // DHCPv4 struct in_addr dhcpv4_start; @@ -203,10 +204,6 @@ void odhcpd_hexlify(char *dst, const uint8_t *src, size_t len); int odhcpd_bmemcmp(const void *av, const void *bv, size_t bits); void odhcpd_bmemcpy(void *av, const void *bv, size_t bits); -int odhcpd_iterate_interface_neighbors(const struct interface *iface, - void(*cb_neigh)(const struct in6_addr *addr, - const struct interface *iface, void *data), void *data); - int config_parse_interface(void *data, size_t len, const char *iname, bool overwrite); #ifdef WITH_UBUS diff --git a/src/router.c b/src/router.c index a66f65f..e3a9aa9 100644 --- a/src/router.c +++ b/src/router.c @@ -206,20 +206,6 @@ static bool parse_routes(struct odhcpd_ipaddr *n, ssize_t len) return found_default; } -// Unicsat RAs -static void send_neigh_ra(const struct in6_addr *addr, - const struct interface *iface, void *data) -{ - struct sockaddr_in6 dest = { - .sin6_family = AF_INET6, - .sin6_addr = *addr, - .sin6_scope_id = iface->ifindex, - }; - if (IN6_IS_ADDR_LINKLOCAL(addr)) - odhcpd_send(router_event.uloop.fd, &dest, data, RA_IOV_LEN, iface); -} - - // Router Advert server mode static uint64_t send_router_advert(struct interface *iface, const struct in6_addr *from) { @@ -258,7 +244,8 @@ static uint64_t send_router_advert(struct interface *iface, const struct in6_add // If not currently shutting down struct odhcpd_ipaddr addrs[RELAYD_MAX_PREFIXES]; ssize_t ipcnt = 0; - uint64_t maxpreferred = 0; + uint64_t minvalid = UINT64_MAX; + uint64_t maxvalid = 0; // If not shutdown if (iface->timer_rs.cb) { @@ -267,12 +254,10 @@ static uint64_t send_router_advert(struct interface *iface, const struct in6_add // Check default route if (parse_routes(addrs, ipcnt) || iface->default_router > 1) - adv.h.nd_ra_router_lifetime = - htons(3 * MaxRtrAdvInterval); + adv.h.nd_ra_router_lifetime = 1; } // Construct Prefix Information options - bool have_public = false; size_t cnt = 0; struct in6_addr dns_pref = IN6ADDR_ANY_INIT, *dns_addr = &dns_pref; @@ -284,8 +269,8 @@ static uint64_t send_router_advert(struct interface *iface, const struct in6_add if (addr->prefix > 96) continue; // Address not suitable - if (addr->preferred > MaxPreferredTime) - addr->preferred = MaxPreferredTime; + if (addr->preferred > MaxValidTime) + addr->preferred = MaxValidTime; if (addr->valid > MaxValidTime) addr->valid = MaxValidTime; @@ -305,13 +290,16 @@ static uint64_t send_router_advert(struct interface *iface, const struct in6_add p = &adv.prefix[cnt++]; } - if ((addr->addr.s6_addr[0] & 0xfe) != 0xfc && addr->preferred > 0) { - have_public = true; + if (addr->preferred > 0) { + if (minvalid > 1000ULL * addr->valid) + minvalid = 1000ULL * addr->valid; - if (maxpreferred < 1000 * addr->preferred) - maxpreferred = 1000 * addr->preferred; + if (maxvalid < 1000ULL * addr->valid && (iface->default_router || + (addr->addr.s6_addr[0] & 0xfe) != 0xfc)) + maxvalid = 1000ULL * addr->valid; } + odhcpd_bmemcpy(&p->nd_opt_pi_prefix, &addr->addr, (iface->ra_advrouter) ? 128 : addr->prefix); p->nd_opt_pi_type = ND_OPT_PREFIX_INFORMATION; @@ -333,7 +321,7 @@ static uint64_t send_router_advert(struct interface *iface, const struct in6_add } } - if (!have_public && !iface->default_router && adv.h.nd_ra_router_lifetime) { + if (maxvalid && !iface->default_router && adv.h.nd_ra_router_lifetime) { syslog(LOG_WARNING, "A default route is present but there is no public prefix " "on %s thus we don't announce a default route!", iface->ifname); adv.h.nd_ra_router_lifetime = 0; @@ -434,20 +422,23 @@ static uint64_t send_router_advert(struct interface *iface, const struct in6_add // Calculate periodic transmit int msecs = 0; - uint32_t maxival = MaxRtrAdvInterval * 1000; - uint32_t minival = MinRtrAdvInterval * 1000; + uint32_t maxival = iface->ra_maxinterval * 1000; + uint32_t minival; + + if (maxival < 4000 || maxival > MaxRtrAdvInterval * 1000) + maxival = MaxRtrAdvInterval * 1000; + + if (minvalid < maxival / 3) { + maxival = minvalid / 3; - if (maxpreferred > 0 && maxival > maxpreferred / 2) { - maxival = maxpreferred / 2; if (maxival < 4000) maxival = 4000; - - if (maxival >= 9000) - minival = maxival / 3; - else - minival = (maxival * 3) / 4; } + minival = (maxival * 3) / 4; + if (adv.h.nd_ra_router_lifetime) + adv.h.nd_ra_router_lifetime = htons(maxvalid); + odhcpd_urandom(&msecs, sizeof(msecs)); msecs = (labs(msecs) % (maxival - minival)) + minival; @@ -468,8 +459,6 @@ static uint64_t send_router_advert(struct interface *iface, const struct in6_add if (from && !IN6_IS_ADDR_UNSPECIFIED(from)) dest.sin6_addr = *from; - else - odhcpd_iterate_interface_neighbors(iface, send_neigh_ra, iov); odhcpd_send(router_event.uloop.fd, &dest, iov, ARRAY_SIZE(iov), iface); diff --git a/src/router.h b/src/router.h index 1e8649c..db8ab9d 100644 --- a/src/router.h +++ b/src/router.h @@ -30,10 +30,8 @@ struct icmpv6_opt { (void*)(opt + opt->len) <= (void*)(end); opt += opt->len) -#define MaxRtrAdvInterval 600 -#define MinRtrAdvInterval (MaxRtrAdvInterval / 3) -#define MaxValidTime 7200 -#define MaxPreferredTime (3 * MaxRtrAdvInterval) +#define MaxRtrAdvInterval 1800 +#define MaxValidTime 65535 #define ND_RA_FLAG_PROXY 0x4 #define ND_RA_PREF_HIGH (1 << 3) -- 2.25.1