History log of /freebsd-head/usr.sbin/rtsold/rtsol.c
Revision Date Author Comments
5944def9ab3bce3ac1362ffeb1a1d37f1c6eacdd 05-Jan-2019 markj <markj@FreeBSD.org> Capsicumize rtsol(8) and rtsold(8).

These programs parse ND6 Router Advertisement messages; rtsold(8) has
required an SA, SA-14:20.rtsold, for a bug in this code. Thus, they
are good candidates for sandboxing.

The approach taken is to run the main executable in capability mode
and use Casper services to provide functionality that cannot be
implemented within the sandbox. In particular, several custom services
were required.

- A Casper service is used to send Router Solicitation messages on a
raw ICMP6 socket. Initially I took the approach of creating a
socket for each interface upon startup, and connect(2)ing it to
the all-routers multicast group for the interface. This permits
the use of sendmsg(2) in capability mode, but only works if the
interface's link is up when rtsol(d) starts. So, instead, the
rtsold.sendmsg service is used to transmit RS messages on behalf
of the main process. One could alternately define a service
which simply creates and connects a socket for each destination
address, and returns the socket to the sandboxed process. However,
to implement rtsold's -m option we also need to read the ND6 default
router list, and this cannot be done in capability mode.
- rtsold may execute resolvconf(8) in response to RDNSS and DNSSL
options in received RA messages. A Casper service is used to
fork and exec resolvconf(8), and to reap the child process.
- A service is used to determine whether a given interface's
link-local address is useable (i.e., not duplicated or undergoing
DAD). This information is supplied by getifaddrs(3), which reads
a sysctl not available in capability mode. The SIOCGIFCONF socket
ioctl provides equivalent information and can be used in capability
mode, but I decided against it for now because of some limitations
of that interface.

In addition to these new services, cap_syslog(3) is used to send
messages to syslogd.

Reviewed by: oshogbo
Tested by: bz (previous versions)
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17572
9029874eaf917aa3c4de5bc27a93ff7eccbb0ba8 25-Oct-2018 markj <markj@FreeBSD.org> Minor style fixes around script execution.

MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
5711c34ef6a75c20a169e64176313f67b31e0d7b 20-Oct-2018 markj <markj@FreeBSD.org> Fix a dead store.

We would fail to clear DNS search list configuration if a router
stopped specifying the DNSSL RA option. I suspect that the bug
was mostly harmless, as the RDNSS and DNSSL options are typically used
together and omitting the RDNSS option would have the same effect.

CID: 1006219
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
872b698bd4a1bfc0bf008c09228e6fd238809c75 20-Nov-2017 pfg <pfg@FreeBSD.org> General further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
e3e51c190ed1781944b6ab21d84e6d4a8597623f 02-Oct-2016 markj <markj@FreeBSD.org> rtsold: Log messages about unexpected RAs at LOG_DEBUG.

Because rtsold listens for RAs on a raw socket, it may receive RAs from
interfaces that it does not manage. Such events can result in excessive

Submitted by: Franco Fichtner <franco@opnsense.org>
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D8108
00d578928eca75be320b36d37543a7e2a4f9fbdb 27-May-2016 grehan <grehan@FreeBSD.org> Create branch for bhyve graphics import.
86df2c268fe2029d1252ce4749276b08f63686d3 21-Oct-2014 delphij <delphij@FreeBSD.org> Fix rtsold(8) remote buffer overflow vulnerability. [SA-14:20]

Fix memory leak in sandboxed namei lookup. [SA-14:22]
a9647f4732da9b517eec6d174a7c1f2441443729 11-Oct-2014 hrs <hrs@FreeBSD.org> Fix buffer overrun.

MFC after: 1 day
eb1a5f8de9f7ea602c373a710f531abbf81141c4 21-Feb-2014 gjb <gjb@FreeBSD.org> Move ^/user/gjb/hacking/release-embedded up one directory, and remove
^/user/gjb/hacking since this is likely to be merged to head/ soon.

Sponsored by: The FreeBSD Foundation
6b01bbf146ab195243a8e7d43bb11f8835c76af8 27-Dec-2013 gjb <gjb@FreeBSD.org> Copy head@r259933 -> user/gjb/hacking/release-embedded for initial
inclusion of (at least) arm builds with the release.

Sponsored by: The FreeBSD Foundation
a8298dcc377707c8e7f1295e9e503cad9057196e 17-Aug-2013 hrs <hrs@FreeBSD.org> - Remove struct ifinfo *iflist. It is no longer used.
- Suppress warnings about increase of alignment requirement.
13c1bcf2c1d5fbdca99cdddec726f822b68dddbc 05-Aug-2013 hrs <hrs@FreeBSD.org> - Use time_uptime instead of time_second in data structures for
PF_INET6 in kernel. This fixes various malfunction when the wall time
clock is changed. Bump __FreeBSD_version to 1000041.

- Use clock_gettime(CLOCK_MONOTONIC_FAST) in userland utilities.

MFC after: 1 month
1711e0f9b0dc635d3e07513f3455c9f89a57e1f9 16-Jul-2013 kevlo <kevlo@FreeBSD.org> Silent warnings.
06dd2030acf84db5a0d9e068e527ed1d2545df04 12-Sep-2011 hrs <hrs@FreeBSD.org> - Add ":origin" label to the interface id for resolvconf(8). (r223149)
- Add -u option to enable adding :[RA-source-address] to the interface id.
- s/INET6_ADDRSTRLEN/sizeof(ntopbuf)/ (r223149)
- Fix a bug that can prevent -D from being overridden by -d. (r223149)
- /-P pidfile/-p pidfile/ for consistency with rtadvd(8). (r223149)
- Fix -F flag handling to support receiving RAs even when ip6.forwarding=1.

Approved by: re (kib)
941fea0834d05ab32f6422648f2ce94a76e13a48 16-Jun-2011 hrs <hrs@FreeBSD.org> - Add ":origin" label to the interface id for resolvconf(8).
- Add -u option to enable adding :[RA-source-address] to the interface id.
- s/INET6_ADDRSTRLEN/sizeof(ntopbuf)/
- Fix a bug that can prevent -D from being overridden by -d.
- /-P pidfile/-p pidfile/ for consistency with rtadvd(8).
- Fix WARNS.

Discussed with: ume
c4a42ea4178788f3e04caa05908823b6641dcca5 08-Jun-2011 hrs <hrs@FreeBSD.org> Merge from HEAD@222861.
1eefc7ab06b30aec595b347e288fa4afd1535a39 08-Jun-2011 hrs <hrs@FreeBSD.org> - Accumulate RA options instead of replacing old ones when a new RA arrived.
RFC 4861 6.3.4 clearly defines handling multiple RAs in this way.

- RDNSS/DNSSL options from multiple RAs on a single link will be
gathered and sent to resolvconf(8).

- Call "resolvconf -d" only after at least one RDNSS or DNSSL option is
received and then all of them are expired.

- The rtsold.dump output now supports displaying a list of the RA options.

- Use more human-readable expression for logging values of struct timeval.

Discussed with: ume
e8152d9ab6630d75c99873893546db5d51f19309 08-Jun-2011 hrs <hrs@FreeBSD.org> - Disable "resolvconf -d" temporarily to avoid extra invocations of the script
under a certain condition.
- Fix argv handling.

Spotted by: ume
10df0af5a54c03a258caf94e9931b16eec080d79 06-Jun-2011 hrs <hrs@FreeBSD.org> - Implement RDNSS and DNSSL options (RFC 6106, IPv6 Router Advertisement
Options for DNS Configuration) into rtadvd(8) and rtsold(8). DNS
information received by rtsold(8) will go to resolv.conf(5) by
resolvconf(8) script. This is based on work by J.R. Oldroyd (kern/156259)
but revised extensively[1].

- rtadvd(8) now supports "noifprefix" to disable gathering on-link prefixes
from interfaces when no "addr" is specified[2]. An entry in rtadvd.conf
with "noifprefix" + no "addr" generates an RA message with no prefix
information option.

- rtadvd(8) now supports RTM_IFANNOUNCE message to fix crashes when an
interface is added or removed.

- Correct bogus ND_OPT_ROUTE_INFO value to one in RFC 4191.

Reviewed by: bz[1]
PR: kern/156259 [1]
PR: bin/152458 [2]
414167aef9f91f9b70350d9b86f0381d619b091b 04-Jun-2011 hrs <hrs@FreeBSD.org> - Add another length check for DNSSL option. A malformed ICMP message can have
no '\0' in the search list and/or invalid length field.

- NI_MAXHOST is defined including \0.
7e254a82b1514ddec8ea068d512fa233afcc4ec7 03-Jun-2011 hrs <hrs@FreeBSD.org> Fix label encoding/decoding function for RFC 1035 Section 3.1 encoding.
Each label can have 63 octets at most, and the length of whole domain name
is limited to NI_MAXHOST.
3de0851e497b4e51b595a4ffb3481cdc801d85a7 03-Jun-2011 hrs <hrs@FreeBSD.org> - style(9) fixes.
- Add length check for RDNSS and DNSSL option strings.
- Add check for resolv.conf(5) restriction (maximum number of entries).

Submitted by: bz
44b307b34139603f9baa4ad13e4eae27fe63922c 31-May-2011 hrs <hrs@FreeBSD.org> - Implement RA option expiration based on the lifetime field.
- Add option length check described in RFC 6106 Section 5.3.1.
3644d505b2da182f8f50471889aa0d3ade50cfff 30-May-2011 hrs <hrs@FreeBSD.org> - Add initial support for expiration timer for RNDSS and DNSSL options.
- Use queue(3) for the interface list.
- Separate a list to one for RA options and another for resolvconf(8) string.
- Remove SCOPE_DELIM hack. resolvconf(8) has to be corrected.
512c7bb8e59bf37585e63f3600f8ebf483a04ccd 30-May-2011 hrs <hrs@FreeBSD.org> Fixes for WARN=6 and style(9).
899c512586bde69d2180107599e7139fe257c357 30-May-2011 hrs <hrs@FreeBSD.org> Fix a missing TAILQ_INSERT_TAIL().
fd7e38fffccde0c416b15246c4d16e08574e6cd6 29-May-2011 hrs <hrs@FreeBSD.org> Implemnt RDNSS and DNSSL options (RFC 6106, IPv6 Router Advertisement
Options for DNS Configuration) into rtadvd(8) and rtsold(8). DNS
information received by rtsold(8) will go to resolv.conf(5) by
resolvconf(8) script. Lifetime handling is not supported at this

Note: when receiving a link-local scope address rtsold(8) adds a scope
id into addresses in the script arguments based on the received
interface in a representation defined in RFC 4007 (e.g. fe80::1%bge0).
However, there are some shell scripts using printf(1) (including
resolvconf(8)) cannot process it properly because printf(1) can
recognize the character % as special.

Based on work by: J.R. Oldroyd
PR: kern/156259
09f9c897d33c41618ada06fbbcf1a9b3812dee53 19-Oct-2010 jamie <jamie@FreeBSD.org> A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.
f1216d1f0ade038907195fc114b7e630623b402c 19-Mar-2010 delphij <delphij@FreeBSD.org> Create a custom branch where I will be able to do the merge.
1d0c38de11a9e419918921345b87c673b09e2115 27-Feb-2010 uqs <uqs@FreeBSD.org> rtsol(8)/rtsold(8): make WARNS=3 clean

It is actually WARNS=6 clean for non-strict alignment archs.

Approved by: ed (co-mentor)
19b6af98ec71398e77874582eb84ec5310c7156f 22-Nov-2008 dfr <dfr@FreeBSD.org> Clone Kip's Xen on stable/6 tree so that I can work on improving FreeBSD/amd64
performance in Xen's HVM mode.
cf5320822f93810742e3d4a1ac8202db8482e633 19-Oct-2008 lulf <lulf@FreeBSD.org> - Import the HEAD csup code which is the basis for the cvsmode work.
fa3791e1a7df72dae386c39862c6dad9fb7a5304 07-Nov-2007 kevlo <kevlo@FreeBSD.org> Cleanup of userland __P use
ab3e3db491512f6183cc555d21572b96c642da08 14-Jan-2004 ume <ume@FreeBSD.org> ansify.

Obtained from: KAME
e63e485957ca75728d14f0f841a255c547024105 17-Aug-2003 ume <ume@FreeBSD.org> - improved the -a option. it can probe a interface automatically when
the interface wake up. it can be started anytime even when there is
no network interface on the list of intarfaces in the kernel.
- get a correct link ID for each interface at initialization
(using scope libraries if HAVE_SCOPELIB is defined).
- fill in sin6_scope_id correctly before sendmsg().

Obtained from: KAME
MFC after: 1 week
30892cac87d9df43868e7472d8dfc5aac4cd25b4 14-Aug-2003 ume <ume@FreeBSD.org> decreased too-strong log levels.

Obtained from: KAME
MFC after: 1 week
958362f6a8e61ad6b4a95057c871838e4d4de29a 08-Aug-2003 ume <ume@FreeBSD.org> KNF, correct typos and cleanup spaces.

Obtained from: KAME
MFC after: 1 week
02ba92cc973152efd707c7e8e1c3b17091ddb26e 08-Aug-2003 ume <ume@FreeBSD.org> Process the "O bit."
If the value of OtherConfigFlag changes from FALSE to TRUE, the
host should invoke the stateful autoconfiguration protocol,
requesting information.
[RFC 2462 Section 5.5.3]

Obtained from: KAME
MFC after: 1 week
52b4a696e076a7e2fb7dd05bd2f6feec997189cd 08-Aug-2003 ume <ume@FreeBSD.org> __FUNCTION__ --> __func__

Obtained from: KAME
MFC after: 1 week
4c640a08b8558363003a530a69697146c3274834 19-Apr-2002 suz <suz@FreeBSD.org> Explicitly specifies sin6_family & sin6_len of sockaddr_in6 for raw socket
(Currently lack of their specification does not lead to any problem, because
kernel does not check the consistency between actual address and its
address family / length on raw socket.

However kernel should always check their consistency and stop sending packets
if there is a contradiction. Considering backward compatibility of
programs, I just fixed rtsol now; I'd like to fix the kernel behavior later.)

Reviewed by: ume
MFC after: 3 days
832f8d224926758a9ae0b23a6b45353e44fbc87a 11-Jun-2001 ume <ume@FreeBSD.org> Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.

Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
44c3d480b472d6936e2fdf0b16c99e14a757266b 06-Oct-2000 kris <kris@FreeBSD.org> Sync with KAME. Format string auditing, and add -a flag to autoprobe

Obtained from: KAME
e041633352d9b2beac4692186d590f04c5d371ae 05-Jul-2000 kris <kris@FreeBSD.org> Sync with latest KAME.

Obtained from: KAME
b42951578188c5aab5c9f8cbcde4a743f8092cdc 02-Apr-2000 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'ALSA'.
8c2ccb59caf882ac518eda1f570ea731d4466216 28-Dec-1999 shin <shin@FreeBSD.org> Getaddrinfo(), getnameinfo(), and etc support in libc/net.
Several udp and raw apps IPv6 support.

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project