diff options
author | Peter Hessler <phessler@cvs.openbsd.org> | 2012-07-08 10:46:01 +0000 |
---|---|---|
committer | Peter Hessler <phessler@cvs.openbsd.org> | 2012-07-08 10:46:01 +0000 |
commit | 17fa738432936ad818f1c5f3a9ffb3f8ce1469f5 (patch) | |
tree | f3f609d5a2c30008802f036a763b943ac707588b /usr.sbin | |
parent | 65dbabae5e7ce8992e221b17756d79049c3bed88 (diff) |
Add support for advertising dns servers and search paths in router
advertisements, according to RFC 6106.
original diff from Stephane A. Sezer on tech@, many thanks!
OK phessler@, todd@
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/rtadvd/config.c | 179 | ||||
-rw-r--r-- | usr.sbin/rtadvd/config.h | 6 | ||||
-rw-r--r-- | usr.sbin/rtadvd/dump.c | 28 | ||||
-rw-r--r-- | usr.sbin/rtadvd/rtadvd.c | 40 | ||||
-rw-r--r-- | usr.sbin/rtadvd/rtadvd.conf | 5 | ||||
-rw-r--r-- | usr.sbin/rtadvd/rtadvd.conf.5 | 38 | ||||
-rw-r--r-- | usr.sbin/rtadvd/rtadvd.h | 27 |
7 files changed, 302 insertions, 21 deletions
diff --git a/usr.sbin/rtadvd/config.c b/usr.sbin/rtadvd/config.c index 374bb929928..581c4a4de20 100644 --- a/usr.sbin/rtadvd/config.c +++ b/usr.sbin/rtadvd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.27 2012/07/08 09:30:03 phessler Exp $ */ +/* $OpenBSD: config.c,v 1.28 2012/07/08 10:46:00 phessler Exp $ */ /* $KAME: config.c,v 1.62 2002/05/29 10:13:10 itojun Exp $ */ /* @@ -109,6 +109,8 @@ getconfig(intface) fatal("malloc"); TAILQ_INIT(&tmp->prefixes); + TAILQ_INIT(&tmp->rdnsss); + TAILQ_INIT(&tmp->dnssls); SLIST_INIT(&tmp->soliciters); /* check if we are allowed to forward packets (if not determined) */ @@ -323,6 +325,106 @@ getconfig(intface) if (tmp->pfxs == 0 && !agetflag("noifprefix")) get_prefix(tmp); + tmp->rdnsscnt = 0; + for (i = -1; i < MAXRDNSS; ++i) { + struct rdnss *rds; + char entbuf[256]; + char *tmpaddr; + + makeentry(entbuf, sizeof(entbuf), i, "rdnss"); + addr = agetstr(entbuf, &bp); + if (addr == NULL) + continue; + + /* servers are separated by commas in the config file */ + val = 1; + tmpaddr = addr; + while (*tmpaddr++) + if (*tmpaddr == ',') + ++val; + + rds = malloc(sizeof(struct rdnss) + val * sizeof(struct in6_addr)); + if (rds == NULL) + fatal("malloc"); + + TAILQ_INSERT_TAIL(&tmp->rdnsss, rds, entry); + tmp->rdnsscnt++; + + rds->servercnt = val; + + makeentry(entbuf, sizeof(entbuf), i, "rdnssltime"); + MAYHAVE(val, entbuf, (tmp->maxinterval * 3) / 2); + if (val < tmp->maxinterval || val > tmp->maxinterval * 2) { + log_warnx("%s (%ld) on %s is invalid " + "(should be between %d and %d)", + entbuf, val, intface, tmp->maxinterval, + tmp->maxinterval * 2); + } + rds->lifetime = val; + + val = 0; + while ((tmpaddr = strsep(&addr, ","))) { + if (inet_pton(AF_INET6, tmpaddr, &rds->servers[val]) != 1) { + log_warn("inet_pton failed for %s", tmpaddr); + exit(1); + } + val++; + } + } + + tmp->dnsslcnt = 0; + for (i = -1; i < MAXDNSSL; ++i) { + struct dnssl *dsl; + char entbuf[256]; + char *tmpsl; + + makeentry(entbuf, sizeof(entbuf), i, "dnssl"); + addr = agetstr(entbuf, &bp); + if (addr == NULL) + continue; + + dsl = malloc(sizeof(struct dnssl)); + if (dsl == NULL) + fatal("malloc"); + + TAILQ_INIT(&dsl->dnssldoms); + + while ((tmpsl = strsep(&addr, ","))) { + struct dnssldom *dnsd; + ssize_t len; + + len = strlen(tmpsl); + + /* if the domain is not "dot-terminated", add it */ + if (tmpsl[len - 1] != '.') + len += 1; + + dnsd = malloc(sizeof(struct dnssldom) + len + 1); + if (dnsd == NULL) + fatal("malloc"); + + dnsd->length = len; + strlcpy(dnsd->domain, tmpsl, len + 1); + dnsd->domain[len - 1] = '.'; + dnsd->domain[len] = '\0'; + + TAILQ_INSERT_TAIL(&dsl->dnssldoms, dnsd, entry); + } + + TAILQ_INSERT_TAIL(&tmp->dnssls, dsl, entry); + tmp->dnsslcnt++; + + makeentry(entbuf, sizeof(entbuf), i, "dnsslltime"); + MAYHAVE(val, entbuf, (tmp->maxinterval * 3) / 2); + if (val < tmp->maxinterval || val > tmp->maxinterval * 2) { + log_warnx("%s (%ld) on %s is invalid " + "(should be between %d and %d)", + entbuf, val, intface, tmp->maxinterval, + tmp->maxinterval * 2); + } + dsl->lifetime = val; + } + MAYHAVE(val, "mtu", 0); if (val < 0 || val > 0xffffffff) { log_warnx("mtu (%ld) on %s out of range", val, intface); @@ -596,7 +698,12 @@ make_packet(struct rainfo *rainfo) struct nd_router_advert *ra; struct nd_opt_prefix_info *ndopt_pi; struct nd_opt_mtu *ndopt_mtu; + struct nd_opt_rdnss *ndopt_rdnss; + struct nd_opt_dnssl *ndopt_dnssl; struct prefix *pfx; + struct rdnss *rds; + struct dnssl *dsl; + struct dnssldom *dnsd; /* calculate total length */ packlen = sizeof(struct nd_router_advert); @@ -613,6 +720,20 @@ make_packet(struct rainfo *rainfo) packlen += sizeof(struct nd_opt_prefix_info) * rainfo->pfxs; if (rainfo->linkmtu) packlen += sizeof(struct nd_opt_mtu); + TAILQ_FOREACH(rds, &rainfo->rdnsss, entry) + packlen += sizeof(struct nd_opt_rdnss) + 16 * rds->servercnt; + TAILQ_FOREACH(dsl, &rainfo->dnssls, entry) { + size_t domains_size = 0; + + packlen += sizeof(struct nd_opt_dnssl); + + TAILQ_FOREACH(dnsd, &dsl->dnssldoms, entry) + domains_size += dnsd->length; + + domains_size = (domains_size + 7) & ~7; + + packlen += domains_size; + } /* allocate memory for the packet */ if ((buf = malloc(packlen)) == NULL) @@ -707,6 +828,62 @@ make_packet(struct rainfo *rainfo) buf += sizeof(struct nd_opt_prefix_info); } + TAILQ_FOREACH(rds, &rainfo->rdnsss, entry) { + ndopt_rdnss = (struct nd_opt_rdnss *)buf; + ndopt_rdnss->nd_opt_rdnss_type = ND_OPT_RDNSS; + ndopt_rdnss->nd_opt_rdnss_len = 1 + rds->servercnt * 2; + ndopt_rdnss->nd_opt_rdnss_reserved = 0; + ndopt_rdnss->nd_opt_rdnss_lifetime = htonl(rds->lifetime); + + buf += sizeof(struct nd_opt_rdnss); + + memcpy(buf, rds->servers, rds->servercnt * 16); + buf += rds->servercnt * 16; + } + + TAILQ_FOREACH(dsl, &rainfo->dnssls, entry) { + u_int32_t size; + char *curlabel_begin; + char *curlabel_end; + + ndopt_dnssl = (struct nd_opt_dnssl *)buf; + ndopt_dnssl->nd_opt_dnssl_type = ND_OPT_DNSSL; + ndopt_dnssl->nd_opt_dnssl_reserved = 0; + ndopt_dnssl->nd_opt_dnssl_lifetime = htonl(dsl->lifetime); + + size = 0; + TAILQ_FOREACH(dnsd, &dsl->dnssldoms, entry) + size += dnsd->length; + /* align size on the next 8 byte boundary */ + size = (size + 7) & ~7; + ndopt_dnssl->nd_opt_dnssl_len = 1 + size / 8; + + buf += sizeof(struct nd_opt_dnssl); + + TAILQ_FOREACH(dnsd, &dsl->dnssldoms, entry) { + curlabel_begin = dnsd->domain; + while ((curlabel_end = strchr(curlabel_begin, '.')) && + (curlabel_end - curlabel_begin) > 1) + { + size_t curlabel_size; + + curlabel_size = curlabel_end - curlabel_begin; + *buf = curlabel_size; + ++buf; + strncpy(buf, curlabel_begin, curlabel_size); + buf += curlabel_size; + curlabel_begin = curlabel_end + 1; + } + + /* null-terminate the current domain */ + *buf++ = '\0'; + } + + /* zero out the end of the current option */ + while ((int)buf % 8 != 0) + *buf++ = '\0'; + } + return; } diff --git a/usr.sbin/rtadvd/config.h b/usr.sbin/rtadvd/config.h index fa63c115cfe..53b97bc3406 100644 --- a/usr.sbin/rtadvd/config.h +++ b/usr.sbin/rtadvd/config.h @@ -1,4 +1,4 @@ -/* $OpenBSD: config.h,v 1.6 2003/06/18 02:26:58 itojun Exp $ */ +/* $OpenBSD: config.h,v 1.7 2012/07/08 10:46:00 phessler Exp $ */ /* $KAME: config.h,v 1.3 2000/05/16 13:34:13 itojun Exp $ */ /* @@ -38,7 +38,9 @@ extern void get_prefix __P((struct rainfo *)); /* - * it is highly unlikely to have 100 prefix information options, + * it is highly unlikely to have 100 prefix, rdnss or dnssl information options, * so it should be okay to limit it */ #define MAXPREFIX 100 +#define MAXRDNSS 100 +#define MAXDNSSL 100 diff --git a/usr.sbin/rtadvd/dump.c b/usr.sbin/rtadvd/dump.c index f96fb8b9e3e..5dec0e6f37a 100644 --- a/usr.sbin/rtadvd/dump.c +++ b/usr.sbin/rtadvd/dump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dump.c,v 1.10 2008/07/21 19:14:15 rainer Exp $ */ +/* $OpenBSD: dump.c,v 1.11 2012/07/08 10:46:00 phessler Exp $ */ /* $KAME: dump.c,v 1.27 2002/05/29 14:23:55 itojun Exp $ */ /* @@ -103,6 +103,9 @@ rtadvd_dump() { struct rainfo *rai; struct prefix *pfx; + struct rdnss *rds; + struct dnssl *dsl; + struct dnssldom *dnsd; char prefixbuf[INET6_ADDRSTRLEN]; int first; struct timeval now; @@ -213,5 +216,28 @@ rtadvd_dump() free(pltime); free(flags); } + + if (!TAILQ_EMPTY(&rai->rdnsss)) + log_info(" Recursive DNS servers:"); + TAILQ_FOREACH(rds, &rai->rdnsss, entry) { + log_info(" Servers:"); + for (first = 0; first < rds->servercnt; ++first) { + inet_ntop(AF_INET6, &rds->servers[first], + prefixbuf, sizeof(prefixbuf)); + log_info(" %s", prefixbuf); + } + log_info(" Lifetime: %u", rds->lifetime); + } + + if (!TAILQ_EMPTY(&rai->dnssls)) + log_info(" DNS search lists:"); + TAILQ_FOREACH(dsl, &rai->dnssls, entry) { + log_info(" Domains:"); + + TAILQ_FOREACH(dnsd, &dsl->dnssldoms, entry) + log_info(" %s", dnsd->domain); + + log_info(" Lifetime: %u", dsl->lifetime); + } } } diff --git a/usr.sbin/rtadvd/rtadvd.c b/usr.sbin/rtadvd/rtadvd.c index e6268b2e66d..37757b4e8ab 100644 --- a/usr.sbin/rtadvd/rtadvd.c +++ b/usr.sbin/rtadvd/rtadvd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtadvd.c,v 1.39 2011/03/02 17:30:48 bluhm Exp $ */ +/* $OpenBSD: rtadvd.c,v 1.40 2012/07/08 10:46:00 phessler Exp $ */ /* $KAME: rtadvd.c,v 1.66 2002/05/29 14:18:36 itojun Exp $ */ /* @@ -114,15 +114,22 @@ union nd_opts { #define nd_opts_mtu nd_opt_each.mtu #define nd_opts_list nd_opt_each.list -#define NDOPT_FLAG_SRCLINKADDR 0x1 -#define NDOPT_FLAG_TGTLINKADDR 0x2 -#define NDOPT_FLAG_PREFIXINFO 0x4 -#define NDOPT_FLAG_RDHDR 0x8 -#define NDOPT_FLAG_MTU 0x10 +#define NDOPT_FLAG_SRCLINKADDR (1 << 0) +#define NDOPT_FLAG_TGTLINKADDR (1 << 1) +#define NDOPT_FLAG_PREFIXINFO (1 << 2) +#define NDOPT_FLAG_RDHDR (1 << 3) +#define NDOPT_FLAG_MTU (1 << 4) +#define NDOPT_FLAG_RDNSS (1 << 5) +#define NDOPT_FLAG_DNSSL (1 << 6) u_int32_t ndopt_flags[] = { - 0, NDOPT_FLAG_SRCLINKADDR, NDOPT_FLAG_TGTLINKADDR, - NDOPT_FLAG_PREFIXINFO, NDOPT_FLAG_RDHDR, NDOPT_FLAG_MTU, + [ND_OPT_SOURCE_LINKADDR] = NDOPT_FLAG_SRCLINKADDR, + [ND_OPT_TARGET_LINKADDR] = NDOPT_FLAG_TGTLINKADDR, + [ND_OPT_PREFIX_INFORMATION] = NDOPT_FLAG_PREFIXINFO, + [ND_OPT_REDIRECTED_HEADER] = NDOPT_FLAG_RDHDR, + [ND_OPT_MTU] = NDOPT_FLAG_MTU, + [ND_OPT_RDNSS] = NDOPT_FLAG_RDNSS, + [ND_OPT_DNSSL] = NDOPT_FLAG_DNSSL, }; int main(int, char *[]); @@ -804,8 +811,8 @@ ra_input(int len, struct nd_router_advert *ra, SLIST_INIT(&ndopts.nd_opts_list); if (nd6_options((struct nd_opt_hdr *)(ra + 1), len - sizeof(struct nd_router_advert), - &ndopts, NDOPT_FLAG_SRCLINKADDR | - NDOPT_FLAG_PREFIXINFO | NDOPT_FLAG_MTU)) { + &ndopts, NDOPT_FLAG_SRCLINKADDR | NDOPT_FLAG_PREFIXINFO + | NDOPT_FLAG_MTU | NDOPT_FLAG_RDNSS | NDOPT_FLAG_DNSSL)) { log_warnx("ND option check failed for an RA from %s on %s", inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf, INET6_ADDRSTRLEN), @@ -1104,7 +1111,9 @@ nd6_options(struct nd_opt_hdr *hdr, int limit, goto bad; } - if (hdr->nd_opt_type > ND_OPT_MTU) + if (hdr->nd_opt_type > ND_OPT_MTU && + hdr->nd_opt_type != ND_OPT_RDNSS && + hdr->nd_opt_type != ND_OPT_DNSSL) { log_info("unknown ND option(type %d)", hdr->nd_opt_type); @@ -1121,7 +1130,10 @@ nd6_options(struct nd_opt_hdr *hdr, int limit, * Option length check. Do it here for all fixed-length * options. */ - if ((hdr->nd_opt_type == ND_OPT_MTU && + if ((hdr->nd_opt_type == ND_OPT_RDNSS && (optlen < 24 || + ((optlen - sizeof(struct nd_opt_rdnss)) % 16 != 0))) || + (hdr->nd_opt_type == ND_OPT_DNSSL && optlen < 16) || + (hdr->nd_opt_type == ND_OPT_MTU && (optlen != sizeof(struct nd_opt_mtu))) || ((hdr->nd_opt_type == ND_OPT_PREFIX_INFORMATION && optlen != sizeof(struct nd_opt_prefix_info)))) { @@ -1133,6 +1145,8 @@ nd6_options(struct nd_opt_hdr *hdr, int limit, case ND_OPT_SOURCE_LINKADDR: case ND_OPT_TARGET_LINKADDR: case ND_OPT_REDIRECTED_HEADER: + case ND_OPT_RDNSS: + case ND_OPT_DNSSL: break; /* we don't care about these options */ case ND_OPT_MTU: if (ndopts->nd_opt_array[hdr->nd_opt_type]) { @@ -1154,7 +1168,7 @@ nd6_options(struct nd_opt_hdr *hdr, int limit, log_warn("malloc"); goto bad; } - + pfx->opt = hdr; SLIST_INSERT_HEAD(&ndopts->nd_opts_list, pfx, entry); diff --git a/usr.sbin/rtadvd/rtadvd.conf b/usr.sbin/rtadvd/rtadvd.conf index 07f7bc369b0..04725a4df34 100644 --- a/usr.sbin/rtadvd/rtadvd.conf +++ b/usr.sbin/rtadvd/rtadvd.conf @@ -1,4 +1,4 @@ -# $OpenBSD: rtadvd.conf,v 1.6 2008/07/19 10:35:31 reyk Exp $ +# $OpenBSD: rtadvd.conf,v 1.7 2012/07/08 10:46:00 phessler Exp $ # $KAME: rtadvd.conf,v 1.12 2001/01/21 14:56:38 itojun Exp $ # # Note: All of the following parameters have default values defined @@ -18,4 +18,5 @@ # this part by hand, and then invoke rtadvd with the -s option. #ef0:\ -# :addr="2001:db8:ffff:1000::":prefixlen#64: +# :addr="2001:db8:ffff:1000::":prefixlen#64:\ +# :rdnss="2001:db8:ffff:1000::1":dnssl="example.com": diff --git a/usr.sbin/rtadvd/rtadvd.conf.5 b/usr.sbin/rtadvd/rtadvd.conf.5 index c447b1b5f9c..5712be0e8b0 100644 --- a/usr.sbin/rtadvd/rtadvd.conf.5 +++ b/usr.sbin/rtadvd/rtadvd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rtadvd.conf.5,v 1.27 2012/07/08 10:22:55 jmc Exp $ +.\" $OpenBSD: rtadvd.conf.5,v 1.28 2012/07/08 10:46:00 phessler Exp $ .\" $KAME: rtadvd.conf.5,v 1.46 2003/06/17 08:26:35 itojun Exp $ .\" .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -231,6 +231,30 @@ is specified for this item, MTU option will be included and its value will be set to the interface MTU automatically. .El .Pp +The following items are for ICMPv6 RDNSS option, used to give a list of +recursive DNS servers to hosts. +If this item is omitted, no information about DNS servers will be advertised. +.Bl -tag -width indent +.It Cm \&rdnss +(str) The list of advertised recursive DNS servers, separated by commas. +.It Cm \&rdnssltime +(num) Validity of the list of DNS servers +.Pq unit: seconds . +The default value is 1.5 * the value of maxinterval. +.El +.Pp +The following items are used for ICMPv6 DNSSL option which specifies a +list of DNS suffixes advertised to hosts. +If this option is not specified, no DNS suffix will be sent to hosts. +.Bl -tag -width indent +.It Cm \&dnssl +(str) The list of advertised DNS suffixes, separated by commas. +.It Cm \&dnsslltime +(num) Validity of the list of DNS suffixes +.Pq unit: seconds . +The default value is 1.5 * the value of maxinterval. +.El +.Pp The following item controls ICMPv6 source link-layer address option, which will be attached to router advertisement header. As noted above, you can just omit the item, then @@ -289,6 +313,18 @@ ef0:\e :addr="2001:db8:ffff:1000::":prefixlen#64: .Ed .Pp +The following example configures two recursive DNS servers for the +.Li em0 +interface and sets the DNS search suffix to +.Do +example.com +.Dc . +.Bd -literal -offset indent +em0:\e + :rdnss="2001:db8:ffff:1000::1,2001:db8:ffff:1000::2":\e + :dnssl="example.com": +.Ed +.Pp The following example presents the default values in an explicit manner. The configuration is provided just for reference purposes; YOU DO NOT NEED TO HAVE IT AT ALL. diff --git a/usr.sbin/rtadvd/rtadvd.h b/usr.sbin/rtadvd/rtadvd.h index 50ce76d9346..320b90b7104 100644 --- a/usr.sbin/rtadvd/rtadvd.h +++ b/usr.sbin/rtadvd/rtadvd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rtadvd.h,v 1.11 2008/06/09 22:53:24 rainer Exp $ */ +/* $OpenBSD: rtadvd.h,v 1.12 2012/07/08 10:46:00 phessler Exp $ */ /* $KAME: rtadvd.h,v 1.20 2002/05/29 10:13:10 itojun Exp $ */ /* @@ -82,6 +82,27 @@ struct prefix { struct in6_addr prefix; }; +struct rdnss { + TAILQ_ENTRY(rdnss) entry; + + u_int32_t lifetime; + int servercnt; + struct in6_addr servers[]; +}; + +struct dnssldom { + TAILQ_ENTRY(dnssldom) entry; + + u_int32_t length; + char domain[]; +}; + +struct dnssl { + TAILQ_ENTRY(dnssl) entry; + + u_int32_t lifetime; + TAILQ_HEAD(dnssldomlist, dnssldom) dnssldoms; +}; struct soliciter { SLIST_ENTRY(soliciter) entry; @@ -118,6 +139,10 @@ struct rainfo { u_int hoplimit; /* AdvCurHopLimit */ TAILQ_HEAD(prefixlist, prefix) prefixes; /* AdvPrefixList(link head) */ int pfxs; /* number of prefixes */ + TAILQ_HEAD(rdnsslist, rdnss) rdnsss; /* advertised recursive dns servers */ + int rdnsscnt; /* number of rdnss entries */ + TAILQ_HEAD(dnssllist, dnssl) dnssls; + int dnsslcnt; long clockskew; /* used for consisitency check of lifetimes */ |