src/6to4.c

   1 /*
   2  *
   3  *  Connection Manager
   4  *
   5  *  Copyright (C) 2011  Nokia Corporation. All rights reserved.
   6  *  Copyright (C) Alexey Kuznetsov et al. from iproute2 package.
   7  *
   8  *  This program is free software; you can redistribute it and/or modify
   9  *  it under the terms of the GNU General Public License version 2 as
  10  *  published by the Free Software Foundation.
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU General Public License
  18  *  along with this program; if not, write to the Free Software
  19  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  20  *
  21  */
  22
  23 #ifdef HAVE_CONFIG_H
  24 #include <config.h>
  25 #endif
  26
  27 #include <errno.h>
  28 #include <stdio.h>
  29 #include <stdlib.h>
  30 #include <string.h>
  31 #include <sys/socket.h>
  32 #include <netinet/in.h>
  33 #include <arpa/inet.h>
  34 #include <net/if.h>
  35 #include <linux/ip.h>
  36 #include <linux/if_tunnel.h>
  37 #include <linux/netlink.h>
  38 #include <linux/rtnetlink.h>
  39 #include <sys/ioctl.h>
  40 #include <unistd.h>
  41
  42 #include "connman.h"
  43 #include <connman/log.h>
  44 #include <connman/ipconfig.h>
  45 #include "gweb/gweb.h"
  46
  47 static int tunnel_created;
  48 static int tunnel_pending;
  49 static char *tunnel_ip_address;
  50 static GWeb *web;
  51 static guint web_request_id;
  52 static unsigned int newlink_watch;
  53 static unsigned int newlink_flags;
  54 static int newlink_timeout_id;
  55
  56 #define STATUS_URL "http://ipv6.connman.net/online/status.html"
  57
  58 #ifndef IP_DF
  59 #define IP_DF           0x4000          /* Flag: "Don't Fragment"       */
  60 #endif
  61
  62 static int tunnel_create(struct in_addr *addr)
  63 {
  64         struct ip_tunnel_parm p;
  65         struct ifreq ifr;
  66         int fd = -1;
  67         int ret;
  68
  69         /* ip tunnel add tun6to4 mode sit remote any local 1.2.3.4 ttl 64 */
  70
  71         memset(&p, 0, sizeof(struct ip_tunnel_parm));
  72         memset(&ifr, 0, sizeof(struct ifreq));
  73
  74         p.iph.version = 4;
  75         p.iph.ihl = 5;
  76         p.iph.frag_off = htons(IP_DF);
  77         p.iph.protocol = IPPROTO_IPV6;
  78         p.iph.saddr = addr->s_addr;
  79         p.iph.ttl = 64;
  80         strncpy(p.name, "tun6to4", sizeof(p.name) - 1);
  81
  82         strncpy(ifr.ifr_name, "sit0", sizeof(ifr.ifr_name) - 1);
  83         ifr.ifr_ifru.ifru_data = (void *)&p;
  84         fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
  85         if (fd < 0)
  86                 return -errno;
  87         ret = ioctl(fd, SIOCADDTUNNEL, &ifr);
  88         if (ret)
  89                 connman_error("add tunnel %s failed: %s", ifr.ifr_name,
  90                                                         strerror(errno));
  91         close(fd);
  92
  93         return -ret;
  94 }
  95
  96 static void tunnel_destroy(void)
  97 {
  98         struct ip_tunnel_parm p;
  99         struct ifreq ifr;
 100         int fd = -1;
 101         int ret;
 102
 103         if (tunnel_created == 0)
 104                 return;
 105
 106         /* ip tunnel del tun6to4 */
 107
 108         memset(&p, 0, sizeof(struct ip_tunnel_parm));
 109         memset(&ifr, 0, sizeof(struct ifreq));
 110
 111         p.iph.version = 4;
 112         p.iph.ihl = 5;
 113         p.iph.protocol = IPPROTO_IPV6;
 114         strncpy(p.name, "tun6to4", sizeof(p.name) - 1);
 115
 116         strncpy(ifr.ifr_name, "tun6to4", sizeof(ifr.ifr_name) - 1);
 117         ifr.ifr_ifru.ifru_data = (void *)&p;
 118         fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
 119         if (fd < 0) {
 120                 connman_error("socket failed: %s", strerror(errno));
 121                 return;
 122         }
 123
 124         ret = ioctl(fd, SIOCDELTUNNEL, &ifr);
 125         if (ret)
 126                 connman_error("del tunnel %s failed: %s", ifr.ifr_name,
 127                                                         strerror(errno));
 128         else
 129                 tunnel_created = 0;
 130
 131         tunnel_pending = 0;
 132         close(fd);
 133
 134         g_free(tunnel_ip_address);
 135         tunnel_ip_address = NULL;
 136 }
 137
 138 static int tunnel_add_route(void)
 139 {
 140         struct __connman_inet_rtnl_handle rth;
 141         struct in6_addr addr6;
 142         int index;
 143         int ret = 0;
 144
 145         /* ip -6 route add ::/0 via ::192.88.99.1 dev tun6to4 metric 1 */
 146
 147         index = if_nametoindex("tun6to4");
 148         if (index == 0) {
 149                 DBG("Can not find device tun6to4");
 150                 return -1;
 151         }
 152
 153         memset(&rth, 0, sizeof(rth));
 154
 155         rth.req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
 156         rth.req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL;
 157         rth.req.n.nlmsg_type = RTM_NEWROUTE;
 158         rth.req.u.r.rt.rtm_family = AF_INET6;
 159         rth.req.u.r.rt.rtm_table = RT_TABLE_MAIN;
 160         rth.req.u.r.rt.rtm_protocol = RTPROT_BOOT;
 161         rth.req.u.r.rt.rtm_scope = RT_SCOPE_UNIVERSE;
 162         rth.req.u.r.rt.rtm_type = RTN_UNICAST;
 163         rth.req.u.r.rt.rtm_dst_len = 0;
 164
 165         inet_pton(AF_INET6, "::192.88.99.1", &addr6);
 166
 167         __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), RTA_GATEWAY,
 168                                         &addr6.s6_addr, 16);
 169         __connman_inet_rtnl_addattr32(&rth.req.n, sizeof(rth.req), RTA_OIF,
 170                                         index);
 171         __connman_inet_rtnl_addattr32(&rth.req.n, sizeof(rth.req),
 172                                         RTA_PRIORITY, 1);
 173
 174         ret = __connman_inet_rtnl_open(&rth);
 175         if (ret < 0)
 176                 goto done;
 177
 178         ret = __connman_inet_rtnl_send(&rth, &rth.req.n);
 179
 180 done:
 181         __connman_inet_rtnl_close(&rth);
 182         return ret;
 183 }
 184
 185 static int tunnel_set_addr(unsigned int a, unsigned int b,
 186                         unsigned int c, unsigned int d)
 187 {
 188         struct __connman_inet_rtnl_handle rth;
 189         struct in6_addr addr6;
 190         char *ip6addr;
 191         int ret;
 192
 193         /* ip -6 addr add dev tun6to4 2002:0102:0304::1/64 */
 194
 195         memset(&rth, 0, sizeof(rth));
 196
 197         rth.req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
 198         rth.req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL;
 199         rth.req.n.nlmsg_type = RTM_NEWADDR;
 200         rth.req.u.i.ifa.ifa_family = AF_INET6;
 201         rth.req.u.i.ifa.ifa_prefixlen = 64;
 202         rth.req.u.i.ifa.ifa_index = if_nametoindex("tun6to4");
 203         if (rth.req.u.i.ifa.ifa_index == 0) {
 204                 connman_error("Can not find device tun6to4");
 205                 ret = -1;
 206                 goto done;
 207         }
 208
 209         ip6addr = g_strdup_printf("2002:%02x%02x:%02x%02x::1", a, b, c, d);
 210         inet_pton(AF_INET6, ip6addr, &addr6);
 211         DBG("ipv6 address %s", ip6addr);
 212         g_free(ip6addr);
 213
 214         __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), IFA_LOCAL,
 215                                         &addr6.s6_addr, 16);
 216         __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), IFA_ADDRESS,
 217                                         &addr6.s6_addr, 16);
 218
 219         ret = __connman_inet_rtnl_open(&rth);
 220         if (ret < 0)
 221                 goto done;
 222
 223         ret = __connman_inet_rtnl_send(&rth, &rth.req.n);
 224
 225 done:
 226         __connman_inet_rtnl_close(&rth);
 227         return ret;
 228 }
 229
 230 static gboolean unref_web(gpointer user_data)
 231 {
 232         g_web_unref(web);
 233         return FALSE;
 234 }
 235
 236 static bool web_result(GWebResult *result, gpointer user_data)
 237 {
 238         guint16 status;
 239
 240         if (web_request_id == 0)
 241                 return false;
 242
 243         status = g_web_result_get_status(result);
 244
 245         DBG("status %u", status);
 246
 247         if (status >= 400 && status < 500)
 248                 tunnel_destroy();
 249         else
 250                 tunnel_pending = 0;
 251
 252         web_request_id = 0;
 253
 254         g_timeout_add_seconds(1, unref_web, NULL);
 255
 256         return false;
 257 }
 258
 259 static void web_debug(const char *str, void *data)
 260 {
 261         connman_info("%s: %s\n", (const char *) data, str);
 262 }
 263
 264 static gboolean newlink_timeout(gpointer user_data)
 265 {
 266         /*
 267          * Stop if the timeout has been cancelled already by tun_newlink()
 268          */
 269         if (newlink_timeout_id == 0)
 270                 return FALSE;
 271
 272         DBG("");
 273
 274         if (newlink_watch != 0) {
 275                 connman_rtnl_remove_watch(newlink_watch);
 276                 newlink_watch = 0;
 277         }
 278
 279         newlink_flags = 0;
 280
 281         if (web_request_id == 0)
 282                 tunnel_destroy();
 283
 284         newlink_timeout_id = 0;
 285
 286         return FALSE;
 287 }
 288
 289 static void tun_newlink(unsigned flags, unsigned change, void *user_data)
 290 {
 291         int index = GPOINTER_TO_INT(user_data);
 292
 293         if ((newlink_flags & IFF_UP) == (flags & IFF_UP)) {
 294                 newlink_flags = flags;
 295                 return;
 296         }
 297
 298         if (flags & IFF_UP) {
 299                 /*
 300                  * We try to verify that connectivity through tunnel works ok.
 301                  */
 302                 if (newlink_timeout_id > 0) {
 303                         g_source_remove(newlink_timeout_id);
 304                         newlink_timeout_id = 0;
 305                 }
 306
 307                 web = g_web_new(index);
 308                 if (!web) {
 309                         tunnel_destroy();
 310                         return;
 311                 }
 312
 313                 g_web_set_accept(web, NULL);
 314                 g_web_set_user_agent(web, "ConnMan/%s", VERSION);
 315                 g_web_set_close_connection(web, TRUE);
 316
 317                 if (getenv("CONNMAN_WEB_DEBUG"))
 318                         g_web_set_debug(web, web_debug, "6to4");
 319
 320                 web_request_id = g_web_request_get(web, STATUS_URL,
 321                                 web_result, NULL,  NULL);
 322
 323                 newlink_timeout(NULL);
 324         }
 325
 326         newlink_flags = flags;
 327 }
 328
 329 static int init_6to4(struct in_addr *ip4addr)
 330 {
 331         unsigned int a, b, c, d;
 332         int ret, if_index;
 333         in_addr_t addr;
 334
 335         DBG("");
 336
 337         addr = ntohl(ip4addr->s_addr);
 338
 339         a = (addr & 0xff000000) >> 24;
 340         b = (addr & 0x00ff0000) >> 16;
 341         c = (addr & 0x0000ff00) >> 8;
 342         d = addr & 0x000000ff;
 343
 344         ret = tunnel_create(ip4addr);
 345         if (ret)
 346                 return -1;
 347
 348         tunnel_created = 1;
 349
 350         ret = connman_inet_setup_tunnel("tun6to4", 1472);
 351         if (ret)
 352                 goto error;
 353
 354         ret = tunnel_set_addr(a, b, c, d);
 355         if (ret)
 356                 goto error;
 357
 358         ret = tunnel_add_route();
 359         if (ret)
 360                 goto error;
 361
 362         if_index = connman_inet_ifindex("tun6to4");
 363         if (if_index < 0)
 364                 goto error;
 365
 366         newlink_watch = connman_rtnl_add_newlink_watch(if_index,
 367                                 tun_newlink, GINT_TO_POINTER(if_index));
 368
 369         newlink_timeout_id = g_timeout_add_seconds(1, newlink_timeout, NULL);
 370
 371         return 0;
 372
 373 error:
 374         tunnel_destroy();
 375         return -1;
 376 }
 377
 378 static void receive_rs_reply(struct nd_router_advert *reply,
 379                         unsigned int length, void *user_data)
 380 {
 381         char *address = user_data;
 382         struct in_addr ip4addr;
 383
 384         DBG("reply %p len %d address %s", reply, length, address);
 385
 386         /* We try to create tunnel if autoconfiguration did not work i.e.,
 387          * we did not receive any reply to router solicitation message.
 388          */
 389         if (!reply && inet_aton(address, &ip4addr) != 0)
 390                 init_6to4(&ip4addr);
 391
 392         g_free(address);
 393 }
 394
 395 int __connman_6to4_probe(struct connman_service *service)
 396 {
 397         struct connman_ipconfig *ip4config, *ip6config;
 398         enum connman_ipconfig_method method;
 399         unsigned int a, b;
 400         struct in_addr ip4addr;
 401         in_addr_t addr;
 402         const char *address;
 403         char *ip_address;
 404         int index;
 405
 406         DBG("service %p", service);
 407
 408         if (tunnel_created || tunnel_pending)
 409                 return 0;
 410
 411         if (!service)
 412                 return -1;
 413
 414         ip4config = __connman_service_get_ip4config(service);
 415         if (!ip4config)
 416                 return -1;
 417
 418         ip6config = __connman_service_get_ip6config(service);
 419         if (!ip6config)
 420                 return -1;
 421
 422         method = __connman_ipconfig_get_method(ip6config);
 423         if (method != CONNMAN_IPCONFIG_METHOD_AUTO)
 424                 return -1;
 425
 426         address = __connman_ipconfig_get_local(ip4config);
 427         if (!address)
 428                 return -1;
 429
 430         if (inet_aton(address, &ip4addr) == 0)
 431                 return -1;
 432
 433         addr = ntohl(ip4addr.s_addr);
 434
 435         a = (addr & 0xff000000) >> 24;
 436         b = (addr & 0x00ff0000) >> 16;
 437
 438         /* 6to4 tunnel is only usable if we have a public IPv4 address */
 439         if (a == 10 || (a == 192 && b == 168) ||
 440                                         (a == 172 && (b >= 16 && b <= 31)))
 441                 return -1;
 442
 443         index = __connman_ipconfig_get_index(ip4config);
 444         ip_address = g_strdup(address);
 445         tunnel_pending = 1;
 446
 447         g_free(tunnel_ip_address);
 448         tunnel_ip_address = g_strdup(address);
 449
 450         return __connman_inet_ipv6_send_rs(index, 2, receive_rs_reply,
 451                                                         ip_address);
 452 }
 453
 454 void __connman_6to4_remove(struct connman_ipconfig *ip4config)
 455 {
 456         const char *address;
 457
 458         DBG("tunnel ip address %s", tunnel_ip_address);
 459
 460         if (!ip4config)
 461                 return;
 462
 463         address = __connman_ipconfig_get_local(ip4config);
 464         if (!address)
 465                 return;
 466
 467         if (g_strcmp0(address, tunnel_ip_address) != 0)
 468                 return;
 469
 470         if (tunnel_created)
 471                 tunnel_destroy();
 472 }
 473
 474 int __connman_6to4_check(struct connman_ipconfig *ip4config)
 475 {
 476         const char *address;
 477
 478         if (!ip4config || tunnel_created == 0 ||
 479                                         tunnel_pending == 1)
 480                 return -1;
 481
 482         DBG("tunnel ip address %s", tunnel_ip_address);
 483
 484         address = __connman_ipconfig_get_local(ip4config);
 485         if (!address)
 486                 return -1;
 487
 488         if (g_strcmp0(address, tunnel_ip_address) == 0)
 489                 return 1;
 490
 491         return 0;
 492 }