blob: 552e9abfeb45bb4342cb8565edd157d1ca7de612 [file] [log] [blame]
xf.lif1aed282024-02-06 00:31:51 -08001/*
2 * Copyright 2011 Daniel Drown
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * config.c - configuration settings
17 */
18
19#include <string.h>
20#include <stdlib.h>
21#include <arpa/inet.h>
22#include <stdio.h>
23#include <limits.h>
24#include <errno.h>
25#include <unistd.h>
26
27//#include <cutils/config_utils.h>
28#include "ifc.h"
29#include "config_utils.h"
30
31#include "config.h"
32#include "dns64.h"
33#include "logging.h"
34#include "getaddr.h"
35#include "clatd.h"
36#include "checksum.h"
37
38void arc4random_buf(void *buf, size_t n);
39
40struct clat_config Global_Clatd_Config;
41
42/* function: config_item_str
43 * locates the config item and returns the pointer to a string, or NULL on failure. Caller frees pointer
44 * root - parsed configuration
45 * item_name - name of config item to locate
46 * defaultvar - value to use if config item isn't present
47 */
48char *config_item_str(cnode *root, const char *item_name, const char *defaultvar) {
49 const char *tmp;
50
51 if(!(tmp = config_str(root, item_name, defaultvar))) {
52 logmsg(ANDROID_LOG_FATAL,"%s config item needed",item_name);
53 return NULL;
54 }
55 return strdup(tmp);
56}
57
58/* function: config_item_int16_t
59 * locates the config item, parses the integer, and returns the pointer ret_val_ptr, or NULL on failure
60 * root - parsed configuration
61 * item_name - name of config item to locate
62 * defaultvar - value to use if config item isn't present
63 * ret_val_ptr - pointer for return value storage
64 */
65int16_t *config_item_int16_t(cnode *root, const char *item_name, const char *defaultvar, int16_t *ret_val_ptr) {
66 const char *tmp;
67 char *endptr;
68 long int conf_int;
69
70 if(!(tmp = config_str(root, item_name, defaultvar))) {
71 logmsg(ANDROID_LOG_FATAL,"%s config item needed",item_name);
72 return NULL;
73 }
74
75 errno = 0;
76 conf_int = strtol(tmp,&endptr,10);
77 if(errno > 0) {
78 logmsg(ANDROID_LOG_FATAL,"%s config item is not numeric: %s (error=%s)",item_name,tmp,strerror(errno));
79 return NULL;
80 }
81 if(endptr == tmp || *tmp == '\0') {
82 logmsg(ANDROID_LOG_FATAL,"%s config item is not numeric: %s",item_name,tmp);
83 return NULL;
84 }
85 if(*endptr != '\0') {
86 logmsg(ANDROID_LOG_FATAL,"%s config item contains non-numeric characters: %s",item_name,endptr);
87 return NULL;
88 }
89 if(conf_int > INT16_MAX || conf_int < INT16_MIN) {
90 logmsg(ANDROID_LOG_FATAL,"%s config item is too big/small: %d",item_name,conf_int);
91 return NULL;
92 }
93 *ret_val_ptr = conf_int;
94 return ret_val_ptr;
95}
96
97/* function: config_item_ip
98 * locates the config item, parses the ipv4 address, and returns the pointer ret_val_ptr, or NULL on failure
99 * root - parsed configuration
100 * item_name - name of config item to locate
101 * defaultvar - value to use if config item isn't present
102 * ret_val_ptr - pointer for return value storage
103 */
104struct in_addr *config_item_ip(cnode *root, const char *item_name, const char *defaultvar, struct in_addr *ret_val_ptr) {
105 const char *tmp;
106 int status;
107
108 if(!(tmp = config_str(root, item_name, defaultvar))) {
109 logmsg(ANDROID_LOG_FATAL,"%s config item needed",item_name);
110 return NULL;
111 }
112
113 status = inet_pton(AF_INET, tmp, ret_val_ptr);
114 if(status <= 0) {
115 logmsg(ANDROID_LOG_FATAL,"invalid IPv4 address specified for %s: %s", item_name, tmp);
116 return NULL;
117 }
118
119 return ret_val_ptr;
120}
121
122/* function: config_item_ip6
123 * locates the config item, parses the ipv6 address, and returns the pointer ret_val_ptr, or NULL on failure
124 * root - parsed configuration
125 * item_name - name of config item to locate
126 * defaultvar - value to use if config item isn't present
127 * ret_val_ptr - pointer for return value storage
128 */
129struct in6_addr *config_item_ip6(cnode *root, const char *item_name, const char *defaultvar, struct in6_addr *ret_val_ptr) {
130 const char *tmp;
131 int status;
132
133 if(!(tmp = config_str(root, item_name, defaultvar))) {
134 logmsg(ANDROID_LOG_FATAL,"%s config item needed",item_name);
135 return NULL;
136 }
137
138 status = inet_pton(AF_INET6, tmp, ret_val_ptr);
139 if(status <= 0) {
140 logmsg(ANDROID_LOG_FATAL,"invalid IPv6 address specified for %s: %s", item_name, tmp);
141 return NULL;
142 }
143
144 return ret_val_ptr;
145}
146
147/* function: free_config
148 * frees the memory used by the global config variable
149 */
150void free_config() {
151 if(Global_Clatd_Config.plat_from_dns64_hostname) {
152 free(Global_Clatd_Config.plat_from_dns64_hostname);
153 Global_Clatd_Config.plat_from_dns64_hostname = NULL;
154 }
155}
156
157/* function: ipv6_prefix_equal
158 * compares the prefixes two ipv6 addresses. assumes the prefix lengths are both /64.
159 * a1 - first address
160 * a2 - second address
161 * returns: 0 if the subnets are different, 1 if they are the same.
162 */
163int ipv6_prefix_equal(struct in6_addr *a1, struct in6_addr *a2) {
164 return !memcmp(a1, a2, 8);
165}
166
167/* function: dns64_detection
168 * does dns lookups to set the plat subnet or exits on failure, waits forever for a dns response with a query backoff timer
169 * net_id - (optional) netId to use, NETID_UNSET indicates use of default network
170 */
171void dns64_detection(unsigned net_id) {
172 int backoff_sleep, status;
173 struct in6_addr tmp_ptr;
174
175 backoff_sleep = 1;
176
177 while(1) {
178 status = plat_prefix(Global_Clatd_Config.plat_from_dns64_hostname,net_id,&tmp_ptr);
179 if(status > 0) {
180 memcpy(&Global_Clatd_Config.plat_subnet, &tmp_ptr, sizeof(struct in6_addr));
181 return;
182 }
183 logmsg(ANDROID_LOG_WARN, "dns64_detection -- error, sleeping for %d seconds", backoff_sleep);
184 sleep(backoff_sleep);
185 backoff_sleep *= 2;
186 if(backoff_sleep >= 1800) {
187 // Scale down to one DNS query per half hour. Unnecessary DNS queries waste power, and the
188 // benefit is minimal (basically, only limited to the case where a network goes from IPv6-only
189 // to IPv6 with NAT64).
190 backoff_sleep = 1800;
191 }
192 }
193}
194
195/* function: gen_random_iid
196 * picks a random interface ID that is checksum neutral with the IPv4 address and the NAT64 prefix
197 * myaddr - IPv6 address to write to
198 * ipv4_local_subnet - clat IPv4 address
199 * plat_subnet - NAT64 prefix
200 */
201void gen_random_iid(struct in6_addr *myaddr, struct in_addr *ipv4_local_subnet,
202 struct in6_addr *plat_subnet) {
203 // Fill last 8 bytes of IPv6 address with random bits.
204 arc4random_buf(&myaddr->s6_addr[8], 8);
205 //arc4random_addrandom(&myaddr->s6_addr[8], 8);
206
207 // Make the IID checksum-neutral. That is, make it so that:
208 // checksum(Local IPv4 | Remote IPv4) = checksum(Local IPv6 | Remote IPv6)
209 // in other words (because remote IPv6 = NAT64 prefix | Remote IPv4):
210 // checksum(Local IPv4) = checksum(Local IPv6 | NAT64 prefix)
211 // Do this by adjusting the two bytes in the middle of the IID.
212
213 uint16_t middlebytes = (myaddr->s6_addr[11] << 8) + myaddr->s6_addr[12];
214
215 uint32_t c1 = ip_checksum_add(0, ipv4_local_subnet, sizeof(*ipv4_local_subnet));
216 uint32_t c2 = ip_checksum_add(0, plat_subnet, sizeof(*plat_subnet)) +
217 ip_checksum_add(0, myaddr, sizeof(*myaddr));
218
219 uint16_t delta = ip_checksum_adjust(middlebytes, c1, c2);
220 myaddr->s6_addr[11] = delta >> 8;
221 myaddr->s6_addr[12] = delta & 0xff;
222}
223
224// Factored out to a separate function for testability.
225int connect_is_ipv4_address_free(in_addr_t addr) {
226 int s = socket(AF_INET, SOCK_DGRAM, 0);
227 if (s == -1) {
228 return 0;
229 }
230
231 // Attempt to connect to the address. If the connection succeeds and getsockname returns the same
232 // the address then the address is already assigned to the system and we can't use it.
233 struct sockaddr_in sin = { .sin_family = AF_INET, .sin_addr = { addr }, .sin_port = 53 };
234 socklen_t len = sizeof(sin);
235 int inuse = connect(s, (struct sockaddr *) &sin, sizeof(sin)) == 0 &&
236 getsockname(s, (struct sockaddr *) &sin, &len) == 0 &&
237 (size_t) len >= sizeof(sin) &&
238 sin.sin_addr.s_addr == addr;
239
240 close(s);
241 return !inuse;
242}
243
244addr_free_func config_is_ipv4_address_free = connect_is_ipv4_address_free;
245
246/* function: config_select_ipv4_address
247 * picks a free IPv4 address, starting from ip and trying all addresses in the prefix in order
248 * ip - the IP address from the configuration file
249 * prefixlen - the length of the prefix from which addresses may be selected.
250 * returns: the IPv4 address, or INADDR_NONE if no addresses were available
251 */
252in_addr_t config_select_ipv4_address(const struct in_addr *ip, int16_t prefixlen) {
253 in_addr_t chosen = INADDR_NONE;
254
255 // Don't accept prefixes that are too large because we scan addresses one by one.
256 if (prefixlen < 16 || prefixlen > 32) {
257 return chosen;
258 }
259
260 // All these are in host byte order.
261 in_addr_t mask = 0xffffffff >> (32 - prefixlen) << (32 - prefixlen);
262 in_addr_t ipv4 = ntohl(ip->s_addr);
263 in_addr_t first_ipv4 = ipv4;
264 in_addr_t prefix = ipv4 & mask;
265
266 // Pick the first IPv4 address in the pool, wrapping around if necessary.
267 // So, for example, 192.0.0.4 -> 192.0.0.5 -> 192.0.0.6 -> 192.0.0.7 -> 192.0.0.0.
268 do {
269 if (config_is_ipv4_address_free(htonl(ipv4))) {
270 chosen = htonl(ipv4);
271 break;
272 }
273 ipv4 = prefix | ((ipv4 + 1) & ~mask);
274 } while (ipv4 != first_ipv4);
275
276 return chosen;
277}
278
279/* function: config_generate_local_ipv6_subnet
280 * generates the local ipv6 subnet when given the interface ip
281 * requires config.ipv6_host_id
282 * interface_ip - in: interface ip, out: local ipv6 host address
283 */
284void config_generate_local_ipv6_subnet(struct in6_addr *interface_ip) {
285 int i;
286
287 if (Global_Clatd_Config.use_dynamic_iid) {
288 /* Generate a random interface ID. */
289 gen_random_iid(interface_ip,
290 &Global_Clatd_Config.ipv4_local_subnet,
291 &Global_Clatd_Config.plat_subnet);
292 } else {
293 /* Use the specified interface ID. */
294 for(i = 2; i < 4; i++) {
295 interface_ip->s6_addr32[i] = Global_Clatd_Config.ipv6_host_id.s6_addr32[i];
296 }
297 }
298}
299
300/* function: read_config
301 * reads the config file and parses it into the global variable Global_Clatd_Config. returns 0 on failure, 1 on success
302 * file - filename to parse
303 * uplink_interface - interface to use to reach the internet and supplier of address space
304 * plat_prefix - (optional) plat prefix to use, otherwise follow config file
305 * net_id - (optional) netId to use, NETID_UNSET indicates use of default network
306 */
307int read_config(const char *file, const char *uplink_interface, const char *plat_prefix,
308 unsigned net_id) {
309 cnode *root = config_node("", "");
310 void *tmp_ptr = NULL;
311 unsigned flags;
312
313 if(!root) {
314 logmsg(ANDROID_LOG_FATAL,"out of memory");
315 return 0;
316 }
317
318 memset(&Global_Clatd_Config, '\0', sizeof(Global_Clatd_Config));
319
320 config_load_file(root, file);
321 if(root->first_child == NULL) {
322 logmsg(ANDROID_LOG_FATAL,"Could not read config file %s", file);
323 goto failed;
324 }
325
326 Global_Clatd_Config.default_pdp_interface = strdup(uplink_interface);
327 if (!Global_Clatd_Config.default_pdp_interface)
328 goto failed;
329
330 if(!config_item_int16_t(root, "mtu", "-1", &Global_Clatd_Config.mtu))
331 goto failed;
332
333 if(!config_item_int16_t(root, "ipv4mtu", "-1", &Global_Clatd_Config.ipv4mtu))
334 goto failed;
335
336 if(!config_item_ip(root, "ipv4_local_subnet", DEFAULT_IPV4_LOCAL_SUBNET,
337 &Global_Clatd_Config.ipv4_local_subnet))
338 goto failed;
339
340 if(!config_item_int16_t(root, "ipv4_local_prefixlen", DEFAULT_IPV4_LOCAL_PREFIXLEN,
341 &Global_Clatd_Config.ipv4_local_prefixlen))
342 goto failed;
343
344 if(plat_prefix) { // plat subnet is coming from the command line
345 if(inet_pton(AF_INET6, plat_prefix, &Global_Clatd_Config.plat_subnet) <= 0) {
346 logmsg(ANDROID_LOG_FATAL,"invalid IPv6 address specified for plat prefix: %s", plat_prefix);
347 goto failed;
348 }
349 } else {
350 tmp_ptr = (void *)config_item_str(root, "plat_from_dns64", "yes");
351 if(!tmp_ptr || strcmp(tmp_ptr, "no") == 0) {
352 free(tmp_ptr);
353
354 if(!config_item_ip6(root, "plat_subnet", NULL, &Global_Clatd_Config.plat_subnet)) {
355 logmsg(ANDROID_LOG_FATAL, "plat_from_dns64 disabled, but no plat_subnet specified");
356 goto failed;
357 }
358 } else {
359 free(tmp_ptr);
360
361 if(!(Global_Clatd_Config.plat_from_dns64_hostname = config_item_str(root, "plat_from_dns64_hostname", DEFAULT_DNS64_DETECTION_HOSTNAME)))
362 goto failed;
363 dns64_detection(net_id);
364 }
365 }
366
367 if (!config_item_ip6(root, "ipv6_host_id", "::", &Global_Clatd_Config.ipv6_host_id))
368 goto failed;
369
370 /* In order to prevent multiple devices attempting to use the same clat address, never use a
371 statically-configured interface ID on a broadcast interface such as wifi. */
372 if (!IN6_IS_ADDR_UNSPECIFIED(&Global_Clatd_Config.ipv6_host_id)) {
373 ifc_init();
374 ifc_get_info(Global_Clatd_Config.default_pdp_interface, NULL, NULL, &flags);
375 ifc_close();
376 Global_Clatd_Config.use_dynamic_iid = (flags & IFF_BROADCAST) != 0;
377 } else {
378 Global_Clatd_Config.use_dynamic_iid = 1;
379 }
380
381 return 1;
382
383failed:
384 free(root);
385 free_config();
386 return 0;
387}
388
389/* function; dump_config
390 * prints the current config
391 */
392void dump_config() {
393 char charbuffer[INET6_ADDRSTRLEN];
394
395 logmsg(ANDROID_LOG_DEBUG,"mtu = %d",Global_Clatd_Config.mtu);
396 logmsg(ANDROID_LOG_DEBUG,"ipv4mtu = %d",Global_Clatd_Config.ipv4mtu);
397 logmsg(ANDROID_LOG_DEBUG,"ipv6_local_subnet = %s",inet_ntop(AF_INET6, &Global_Clatd_Config.ipv6_local_subnet, charbuffer, sizeof(charbuffer)));
398 logmsg(ANDROID_LOG_DEBUG,"ipv4_local_subnet = %s",inet_ntop(AF_INET, &Global_Clatd_Config.ipv4_local_subnet, charbuffer, sizeof(charbuffer)));
399 logmsg(ANDROID_LOG_DEBUG,"ipv4_local_prefixlen = %d", Global_Clatd_Config.ipv4_local_prefixlen);
400 logmsg(ANDROID_LOG_DEBUG,"plat_subnet = %s",inet_ntop(AF_INET6, &Global_Clatd_Config.plat_subnet, charbuffer, sizeof(charbuffer)));
401 logmsg(ANDROID_LOG_DEBUG,"default_pdp_interface = %s",Global_Clatd_Config.default_pdp_interface);
402}