1/*	$KAME: rtsol.c,v 1.27 2003/10/05 00:09:36 itojun Exp $	*/
2
3/*-
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * Copyright (C) 2011 Hiroki Sato
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the project nor the names of its contributors
19 *    may be used to endorse or promote products derived from this software
20 *    without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $FreeBSD$
35 */
36
37#include <sys/param.h>
38#include <sys/capsicum.h>
39#include <sys/queue.h>
40#include <sys/socket.h>
41#include <sys/stat.h>
42#include <sys/uio.h>
43#include <sys/wait.h>
44
45#include <net/if.h>
46#include <net/route.h>
47#include <net/if_dl.h>
48
49#define	__BSD_VISIBLE	1	/* IN6ADDR_LINKLOCAL_ALLROUTERS_INIT */
50#include <netinet/in.h>
51#undef 	__BSD_VISIBLE
52#include <netinet/ip6.h>
53#include <netinet6/ip6_var.h>
54#include <netinet/icmp6.h>
55
56#include <arpa/inet.h>
57
58#include <capsicum_helpers.h>
59#include <netdb.h>
60#include <time.h>
61#include <fcntl.h>
62#include <unistd.h>
63#include <stdio.h>
64#include <time.h>
65#include <err.h>
66#include <errno.h>
67#include <string.h>
68#include <stdlib.h>
69#include <syslog.h>
70#include "rtsold.h"
71
72static char rsid[IFNAMSIZ + 1 + sizeof(DNSINFO_ORIGIN_LABEL) + 1 + NI_MAXHOST];
73struct ifinfo_head_t ifinfo_head = TAILQ_HEAD_INITIALIZER(ifinfo_head);
74
75static void call_script(const char *const *, struct script_msg_head_t *);
76static size_t dname_labeldec(char *, size_t, const char *);
77static struct ra_opt *find_raopt(struct rainfo *, int, void *, size_t);
78static int ra_opt_rdnss_dispatch(struct ifinfo *, struct rainfo *,
79    struct script_msg_head_t *, struct script_msg_head_t *);
80static char *make_rsid(const char *, const char *, struct rainfo *);
81
82#define	_ARGS_MANAGED	managedconf_script, ifi->ifname
83#define	_ARGS_OTHER	otherconf_script, ifi->ifname
84#define	_ARGS_RESADD	resolvconf_script, "-a", rsid
85#define	_ARGS_RESDEL	resolvconf_script, "-d", rsid
86
87#define	CALL_SCRIPT(name, sm_head) do {				\
88	const char *const sarg[] = { _ARGS_##name, NULL };	\
89	call_script(sarg, sm_head);				\
90} while (0)
91
92#define	ELM_MALLOC(p, error_action) do {			\
93	p = malloc(sizeof(*p));					\
94	if (p == NULL) {					\
95		warnmsg(LOG_ERR, __func__, "malloc failed: %s", \
96		    strerror(errno));				\
97		error_action;					\
98	}							\
99	memset(p, 0, sizeof(*p));				\
100} while (0)
101
102int
103recvsockopen(void)
104{
105	struct icmp6_filter filt;
106	cap_rights_t rights;
107	int on, sock;
108
109	if ((sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) < 0) {
110		warnmsg(LOG_ERR, __func__, "socket: %s", strerror(errno));
111		goto fail;
112	}
113
114	/* Provide info about the receiving interface. */
115	on = 1;
116	if (setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on,
117	    sizeof(on)) < 0) {
118		warnmsg(LOG_ERR, __func__, "setsockopt(IPV6_RECVPKTINFO): %s",
119		    strerror(errno));
120		goto fail;
121	}
122
123	/* Include the hop limit from the received header. */
124	on = 1;
125	if (setsockopt(sock, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &on,
126	    sizeof(on)) < 0) {
127		warnmsg(LOG_ERR, __func__, "setsockopt(IPV6_RECVHOPLIMIT): %s",
128		    strerror(errno));
129		goto fail;
130	}
131
132	/* Filter out everything except for Router Advertisements. */
133	ICMP6_FILTER_SETBLOCKALL(&filt);
134	ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filt);
135	if (setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &filt,
136	    sizeof(filt)) == -1) {
137		warnmsg(LOG_ERR, __func__, "setsockopt(ICMP6_FILTER): %s",
138		    strerror(errno));
139		goto fail;
140	}
141
142	cap_rights_init(&rights, CAP_EVENT, CAP_RECV);
143	if (caph_rights_limit(sock, &rights) < 0) {
144		warnmsg(LOG_ERR, __func__, "caph_rights_limit(): %s",
145		    strerror(errno));
146		goto fail;
147	}
148
149	return (sock);
150
151fail:
152	if (sock >= 0)
153		(void)close(sock);
154	return (-1);
155}
156
157void
158rtsol_input(int sock)
159{
160	uint8_t cmsg[CMSG_SPACE(sizeof(struct in6_pktinfo)) +
161	    CMSG_SPACE(sizeof(int))];
162	struct iovec iov;
163	struct msghdr hdr;
164	struct sockaddr_in6 from;
165	char answer[1500], ntopbuf[INET6_ADDRSTRLEN], ifnamebuf[IFNAMSIZ];
166	int l, ifindex = 0, *hlimp = NULL;
167	ssize_t msglen;
168	struct in6_pktinfo *pi = NULL;
169	struct ifinfo *ifi = NULL;
170	struct ra_opt *rao = NULL;
171	struct icmp6_hdr *icp;
172	struct nd_router_advert *nd_ra;
173	struct cmsghdr *cm;
174	struct rainfo *rai;
175	char *p, *raoptp;
176	struct in6_addr *addr;
177	struct nd_opt_hdr *ndo;
178	struct nd_opt_rdnss *rdnss;
179	struct nd_opt_dnssl *dnssl;
180	size_t len;
181	char nsbuf[INET6_ADDRSTRLEN + 1 + IFNAMSIZ + 1];
182	char dname[NI_MAXHOST];
183	struct timespec lifetime, now;
184	int newent_rai, newent_rao;
185
186	memset(&hdr, 0, sizeof(hdr));
187	hdr.msg_iov = &iov;
188	hdr.msg_iovlen = 1;
189	hdr.msg_name = &from;
190	hdr.msg_namelen = sizeof(from);
191	hdr.msg_control = cmsg;
192	hdr.msg_controllen = sizeof(cmsg);
193
194	iov.iov_base = (caddr_t)answer;
195	iov.iov_len = sizeof(answer);
196
197	if ((msglen = recvmsg(sock, &hdr, 0)) < 0) {
198		warnmsg(LOG_ERR, __func__, "recvmsg: %s", strerror(errno));
199		return;
200	}
201
202	/* Extract control message info. */
203	for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(&hdr); cm != NULL;
204	    cm = (struct cmsghdr *)CMSG_NXTHDR(&hdr, cm)) {
205		if (cm->cmsg_level == IPPROTO_IPV6 &&
206		    cm->cmsg_type == IPV6_PKTINFO &&
207		    cm->cmsg_len == CMSG_LEN(sizeof(struct in6_pktinfo))) {
208			pi = (struct in6_pktinfo *)(void *)(CMSG_DATA(cm));
209			ifindex = pi->ipi6_ifindex;
210		}
211		if (cm->cmsg_level == IPPROTO_IPV6 &&
212		    cm->cmsg_type == IPV6_HOPLIMIT &&
213		    cm->cmsg_len == CMSG_LEN(sizeof(int)))
214			hlimp = (int *)(void *)CMSG_DATA(cm);
215	}
216
217	if (ifindex == 0) {
218		warnmsg(LOG_ERR, __func__,
219		    "failed to get receiving interface");
220		return;
221	}
222	if (hlimp == NULL) {
223		warnmsg(LOG_ERR, __func__,
224		    "failed to get receiving hop limit");
225		return;
226	}
227
228	if ((size_t)msglen < sizeof(struct nd_router_advert)) {
229		warnmsg(LOG_INFO, __func__,
230		    "packet size(%zd) is too short", msglen);
231		return;
232	}
233
234	icp = (struct icmp6_hdr *)iov.iov_base;
235	if (icp->icmp6_type != ND_ROUTER_ADVERT) {
236		/*
237		 * this should not happen because we configured a filter
238		 * that only passes RAs on the receiving socket.
239		 */
240		warnmsg(LOG_ERR, __func__,
241		    "invalid icmp type(%d) from %s on %s", icp->icmp6_type,
242		    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
243			sizeof(ntopbuf)),
244		    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
245		return;
246	}
247
248	if (icp->icmp6_code != 0) {
249		warnmsg(LOG_INFO, __func__,
250		    "invalid icmp code(%d) from %s on %s", icp->icmp6_code,
251		    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
252			sizeof(ntopbuf)),
253		    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
254		return;
255	}
256
257	if (*hlimp != 255) {
258		warnmsg(LOG_INFO, __func__,
259		    "invalid RA with hop limit(%d) from %s on %s",
260		    *hlimp,
261		    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
262			sizeof(ntopbuf)),
263		    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
264		return;
265	}
266
267	if (pi && !IN6_IS_ADDR_LINKLOCAL(&from.sin6_addr)) {
268		warnmsg(LOG_INFO, __func__,
269		    "invalid RA with non link-local source from %s on %s",
270		    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
271			sizeof(ntopbuf)),
272		    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
273		return;
274	}
275
276	/* xxx: more validation? */
277
278	if ((ifi = find_ifinfo(pi->ipi6_ifindex)) == NULL) {
279		warnmsg(LOG_DEBUG, __func__,
280		    "received RA from %s on an unexpected IF(%s)",
281		    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf,
282			sizeof(ntopbuf)),
283		    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
284		return;
285	}
286
287	warnmsg(LOG_DEBUG, __func__,
288	    "received RA from %s on %s, state is %d",
289	    inet_ntop(AF_INET6, &from.sin6_addr, ntopbuf, sizeof(ntopbuf)),
290	    ifi->ifname, ifi->state);
291
292	nd_ra = (struct nd_router_advert *)icp;
293
294	/*
295	 * Process the "M bit."
296	 * If the value of ManagedConfigFlag changes from FALSE to TRUE, the
297	 * host should invoke the stateful autoconfiguration protocol,
298	 * requesting information.
299	 * [RFC 4861 Section 4.2]
300	 * XXX ??? [draft-ietf-v6ops-dhcpv6-slaac-problem-07]
301	 */
302	if (((nd_ra->nd_ra_flags_reserved) & ND_RA_FLAG_MANAGED) &&
303	    !ifi->managedconfig) {
304		warnmsg(LOG_DEBUG, __func__,
305		    "ManagedConfigFlag on %s is turned on", ifi->ifname);
306		ifi->managedconfig = 1;
307		CALL_SCRIPT(MANAGED, NULL);
308	}
309
310	/*
311	 * Process the "O bit."
312	 * If the value of OtherConfigFlag changes from FALSE to TRUE, the
313	 * host should invoke the stateful autoconfiguration protocol,
314	 * requesting information unless the "M bit" was set as well in
315	 * which case the "O bit" is redundant.
316	 * [RFC 4861 Section 4.2]
317	 */
318	if (((nd_ra->nd_ra_flags_reserved) & ND_RA_FLAG_OTHER) &&
319	    !ifi->otherconfig) {
320		warnmsg(LOG_DEBUG, __func__,
321		    "OtherConfigFlag on %s is turned on", ifi->ifname);
322		ifi->otherconfig = 1;
323		if (!ifi->managedconfig)
324			CALL_SCRIPT(OTHER, NULL);
325	}
326	clock_gettime(CLOCK_MONOTONIC_FAST, &now);
327	newent_rai = 0;
328	rai = find_rainfo(ifi, &from);
329	if (rai == NULL) {
330		ELM_MALLOC(rai, exit(1));
331		rai->rai_ifinfo = ifi;
332		TAILQ_INIT(&rai->rai_ra_opt);
333		rai->rai_saddr.sin6_family = AF_INET6;
334		rai->rai_saddr.sin6_len = sizeof(rai->rai_saddr);
335		memcpy(&rai->rai_saddr.sin6_addr, &from.sin6_addr,
336		    sizeof(rai->rai_saddr.sin6_addr));
337		newent_rai = 1;
338	}
339
340#define	RA_OPT_NEXT_HDR(x)	(struct nd_opt_hdr *)((char *)x + \
341				(((struct nd_opt_hdr *)x)->nd_opt_len * 8))
342	/* Process RA options. */
343	warnmsg(LOG_DEBUG, __func__, "Processing RA");
344	raoptp = (char *)icp + sizeof(struct nd_router_advert);
345	while (raoptp < (char *)icp + msglen) {
346		ndo = (struct nd_opt_hdr *)raoptp;
347		warnmsg(LOG_DEBUG, __func__, "ndo = %p", raoptp);
348		warnmsg(LOG_DEBUG, __func__, "ndo->nd_opt_type = %d",
349		    ndo->nd_opt_type);
350		warnmsg(LOG_DEBUG, __func__, "ndo->nd_opt_len = %d",
351		    ndo->nd_opt_len);
352
353		switch (ndo->nd_opt_type) {
354		case ND_OPT_RDNSS:
355			rdnss = (struct nd_opt_rdnss *)raoptp;
356
357			/* Optlen sanity check (Section 5.3.1 in RFC 6106) */
358			if (rdnss->nd_opt_rdnss_len < 3) {
359				warnmsg(LOG_INFO, __func__,
360		    			"too short RDNSS option"
361					"in RA from %s was ignored.",
362					inet_ntop(AF_INET6, &from.sin6_addr,
363					    ntopbuf, sizeof(ntopbuf)));
364				break;
365			}
366
367			addr = (struct in6_addr *)(void *)(raoptp + sizeof(*rdnss));
368			while ((char *)addr < (char *)RA_OPT_NEXT_HDR(raoptp)) {
369				if (inet_ntop(AF_INET6, addr, ntopbuf,
370					sizeof(ntopbuf)) == NULL) {
371					warnmsg(LOG_INFO, __func__,
372		    			    "an invalid address in RDNSS option"
373					    " in RA from %s was ignored.",
374					    inet_ntop(AF_INET6, &from.sin6_addr,
375						ntopbuf, sizeof(ntopbuf)));
376					addr++;
377					continue;
378				}
379				if (IN6_IS_ADDR_LINKLOCAL(addr))
380					/* XXX: % has to be escaped here */
381					l = snprintf(nsbuf, sizeof(nsbuf),
382					    "%s%c%s", ntopbuf,
383					    SCOPE_DELIMITER,
384					    ifi->ifname);
385				else
386					l = snprintf(nsbuf, sizeof(nsbuf),
387					    "%s", ntopbuf);
388				if (l < 0 || (size_t)l >= sizeof(nsbuf)) {
389					warnmsg(LOG_ERR, __func__,
390					    "address copying error in "
391					    "RDNSS option: %d.", l);
392					addr++;
393					continue;
394				}
395				warnmsg(LOG_DEBUG, __func__, "nsbuf = %s",
396				    nsbuf);
397
398				newent_rao = 0;
399				rao = find_raopt(rai, ndo->nd_opt_type, nsbuf,
400				    strlen(nsbuf));
401				if (rao == NULL) {
402					ELM_MALLOC(rao, break);
403					rao->rao_type = ndo->nd_opt_type;
404					rao->rao_len = strlen(nsbuf);
405					rao->rao_msg = strdup(nsbuf);
406					if (rao->rao_msg == NULL) {
407						warnmsg(LOG_ERR, __func__,
408						    "strdup failed: %s",
409						    strerror(errno));
410						free(rao);
411						addr++;
412						continue;
413					}
414					newent_rao = 1;
415				}
416				/* Set expiration timer */
417				memset(&rao->rao_expire, 0,
418				    sizeof(rao->rao_expire));
419				memset(&lifetime, 0, sizeof(lifetime));
420				lifetime.tv_sec =
421				    ntohl(rdnss->nd_opt_rdnss_lifetime);
422				TS_ADD(&now, &lifetime, &rao->rao_expire);
423
424				if (newent_rao)
425					TAILQ_INSERT_TAIL(&rai->rai_ra_opt,
426					    rao, rao_next);
427				addr++;
428			}
429			break;
430		case ND_OPT_DNSSL:
431			dnssl = (struct nd_opt_dnssl *)raoptp;
432
433			/* Optlen sanity check (Section 5.3.1 in RFC 6106) */
434			if (dnssl->nd_opt_dnssl_len < 2) {
435				warnmsg(LOG_INFO, __func__,
436		    			"too short DNSSL option"
437					"in RA from %s was ignored.",
438					inet_ntop(AF_INET6, &from.sin6_addr,
439					    ntopbuf, sizeof(ntopbuf)));
440				break;
441			}
442
443			/*
444			 * Ensure NUL-termination in DNSSL in case of
445			 * malformed field.
446			 */
447			p = (char *)RA_OPT_NEXT_HDR(raoptp);
448			*(p - 1) = '\0';
449
450			p = raoptp + sizeof(*dnssl);
451			while (1 < (len = dname_labeldec(dname, sizeof(dname),
452			    p))) {
453				/* length == 1 means empty string */
454				warnmsg(LOG_DEBUG, __func__, "dname = %s",
455				    dname);
456
457				newent_rao = 0;
458				rao = find_raopt(rai, ndo->nd_opt_type, dname,
459				    strlen(dname));
460				if (rao == NULL) {
461					ELM_MALLOC(rao, break);
462					rao->rao_type = ndo->nd_opt_type;
463					rao->rao_len = strlen(dname);
464					rao->rao_msg = strdup(dname);
465					if (rao->rao_msg == NULL) {
466						warnmsg(LOG_ERR, __func__,
467						    "strdup failed: %s",
468						    strerror(errno));
469						free(rao);
470						addr++;
471						continue;
472					}
473					newent_rao = 1;
474				}
475				/* Set expiration timer */
476				memset(&rao->rao_expire, 0,
477				    sizeof(rao->rao_expire));
478				memset(&lifetime, 0, sizeof(lifetime));
479				lifetime.tv_sec =
480				    ntohl(dnssl->nd_opt_dnssl_lifetime);
481				TS_ADD(&now, &lifetime, &rao->rao_expire);
482
483				if (newent_rao)
484					TAILQ_INSERT_TAIL(&rai->rai_ra_opt,
485					    rao, rao_next);
486				p += len;
487			}
488			break;
489		default:
490			/* nothing to do for other options */
491			break;
492		}
493		raoptp = (char *)RA_OPT_NEXT_HDR(raoptp);
494	}
495	if (newent_rai)
496		TAILQ_INSERT_TAIL(&ifi->ifi_rainfo, rai, rai_next);
497
498	ra_opt_handler(ifi);
499	ifi->racnt++;
500
501	switch (ifi->state) {
502	case IFS_IDLE:		/* should be ignored */
503	case IFS_DELAY:		/* right? */
504		break;
505	case IFS_PROBE:
506		ifi->state = IFS_IDLE;
507		ifi->probes = 0;
508		rtsol_timer_update(ifi);
509		break;
510	}
511}
512
513static char resstr_ns_prefix[] = "nameserver ";
514static char resstr_sh_prefix[] = "search ";
515static char resstr_nl[] = "\n";
516static char resstr_sp[] = " ";
517
518int
519ra_opt_handler(struct ifinfo *ifi)
520{
521	struct ra_opt *rao;
522	struct rainfo *rai;
523	struct script_msg *smp1, *smp2, *smp3;
524	struct timespec now;
525	struct script_msg_head_t sm_rdnss_head =
526	    TAILQ_HEAD_INITIALIZER(sm_rdnss_head);
527	struct script_msg_head_t sm_dnssl_head =
528	    TAILQ_HEAD_INITIALIZER(sm_dnssl_head);
529
530	int dcount, dlen;
531
532	dcount = 0;
533	dlen = strlen(resstr_sh_prefix) + strlen(resstr_nl);
534	clock_gettime(CLOCK_MONOTONIC_FAST, &now);
535
536	/*
537	 * All options from multiple RAs with the same or different
538	 * source addresses on a single interface will be gathered and
539	 * handled, not overridden.  [RFC 4861 6.3.4]
540	 */
541	TAILQ_FOREACH(rai, &ifi->ifi_rainfo, rai_next) {
542		TAILQ_FOREACH(rao, &rai->rai_ra_opt, rao_next) {
543			switch (rao->rao_type) {
544			case ND_OPT_RDNSS:
545				if (TS_CMP(&now, &rao->rao_expire, >)) {
546					warnmsg(LOG_INFO, __func__,
547					    "expired rdnss entry: %s",
548					    (char *)rao->rao_msg);
549					break;
550				}
551				ELM_MALLOC(smp1, continue);
552				ELM_MALLOC(smp2, goto free1);
553				ELM_MALLOC(smp3, goto free2);
554				smp1->sm_msg = resstr_ns_prefix;
555				TAILQ_INSERT_TAIL(&sm_rdnss_head, smp1,
556				    sm_next);
557				smp2->sm_msg = rao->rao_msg;
558				TAILQ_INSERT_TAIL(&sm_rdnss_head, smp2,
559				    sm_next);
560				smp3->sm_msg = resstr_nl;
561				TAILQ_INSERT_TAIL(&sm_rdnss_head, smp3,
562				    sm_next);
563				ifi->ifi_rdnss = IFI_DNSOPT_STATE_RECEIVED;
564				break;
565			case ND_OPT_DNSSL:
566				if (TS_CMP(&now, &rao->rao_expire, >)) {
567					warnmsg(LOG_INFO, __func__,
568					    "expired dnssl entry: %s",
569					    (char *)rao->rao_msg);
570					break;
571				}
572				dcount++;
573				/* Check resolv.conf(5) restrictions. */
574				if (dcount > 6) {
575					warnmsg(LOG_INFO, __func__,
576					    "dnssl entry exceeding maximum count (%d>6)"
577					    ": %s", dcount, (char *)rao->rao_msg);
578					break;
579				}
580				if (256 < dlen + strlen(rao->rao_msg) +
581				    strlen(resstr_sp)) {
582					warnmsg(LOG_INFO, __func__,
583					    "dnssl entry exceeding maximum length "
584					    "(>256): %s", (char *)rao->rao_msg);
585					break;
586				}
587				ELM_MALLOC(smp1, continue);
588				ELM_MALLOC(smp2, goto free1);
589				if (TAILQ_EMPTY(&sm_dnssl_head)) {
590					ELM_MALLOC(smp3, goto free2);
591					smp3->sm_msg = resstr_sh_prefix;
592					TAILQ_INSERT_TAIL(&sm_dnssl_head, smp3,
593					    sm_next);
594				}
595				smp1->sm_msg = rao->rao_msg;
596				TAILQ_INSERT_TAIL(&sm_dnssl_head, smp1,
597				    sm_next);
598				smp2->sm_msg = resstr_sp;
599				TAILQ_INSERT_TAIL(&sm_dnssl_head, smp2,
600				    sm_next);
601				dlen += strlen(rao->rao_msg) +
602				    strlen(resstr_sp);
603				ifi->ifi_dnssl = IFI_DNSOPT_STATE_RECEIVED;
604				break;
605			}
606			continue;
607free2:
608			free(smp2);
609free1:
610			free(smp1);
611		}
612		/* Call the script for each information source. */
613		if (uflag)
614			ra_opt_rdnss_dispatch(ifi, rai, &sm_rdnss_head,
615			    &sm_dnssl_head);
616	}
617	/* Call the script for each interface. */
618	if (!uflag)
619		ra_opt_rdnss_dispatch(ifi, NULL, &sm_rdnss_head,
620		    &sm_dnssl_head);
621	return (0);
622}
623
624char *
625make_rsid(const char *ifname, const char *origin, struct rainfo *rai)
626{
627	char hbuf[NI_MAXHOST];
628
629	if (rai == NULL)
630		sprintf(rsid, "%s:%s", ifname, origin);
631	else {
632		if (!IN6_IS_ADDR_LINKLOCAL(&rai->rai_saddr.sin6_addr))
633			return (NULL);
634		if (getnameinfo((struct sockaddr *)&rai->rai_saddr,
635			rai->rai_saddr.sin6_len, hbuf, sizeof(hbuf), NULL, 0,
636			NI_NUMERICHOST) != 0)
637			return (NULL);
638		sprintf(rsid, "%s:%s:[%s]", ifname, origin, hbuf);
639	}
640	warnmsg(LOG_DEBUG, __func__, "rsid = [%s]", rsid);
641	return (rsid);
642}
643
644int
645ra_opt_rdnss_dispatch(struct ifinfo *ifi, struct rainfo *rai,
646    struct script_msg_head_t *sm_rdnss_head,
647    struct script_msg_head_t *sm_dnssl_head)
648{
649	struct script_msg *smp1;
650	const char *r;
651	int error;
652
653	error = 0;
654	/* Add \n for DNSSL list. */
655	if (!TAILQ_EMPTY(sm_dnssl_head)) {
656		ELM_MALLOC(smp1, goto ra_opt_rdnss_freeit);
657		smp1->sm_msg = resstr_nl;
658		TAILQ_INSERT_TAIL(sm_dnssl_head, smp1, sm_next);
659	}
660	TAILQ_CONCAT(sm_rdnss_head, sm_dnssl_head, sm_next);
661
662	r = make_rsid(ifi->ifname, DNSINFO_ORIGIN_LABEL, uflag ? rai : NULL);
663	if (r == NULL) {
664		warnmsg(LOG_ERR, __func__, "make_rsid() failed.  "
665		    "Script was not invoked.");
666		error = 1;
667		goto ra_opt_rdnss_freeit;
668	}
669	if (!TAILQ_EMPTY(sm_rdnss_head))
670		CALL_SCRIPT(RESADD, sm_rdnss_head);
671	else if (ifi->ifi_rdnss == IFI_DNSOPT_STATE_RECEIVED ||
672	    ifi->ifi_dnssl == IFI_DNSOPT_STATE_RECEIVED) {
673		CALL_SCRIPT(RESDEL, NULL);
674		ifi->ifi_rdnss = IFI_DNSOPT_STATE_NOINFO;
675		ifi->ifi_dnssl = IFI_DNSOPT_STATE_NOINFO;
676	}
677
678ra_opt_rdnss_freeit:
679	/* Clear script message queue. */
680	if (!TAILQ_EMPTY(sm_rdnss_head)) {
681		while ((smp1 = TAILQ_FIRST(sm_rdnss_head)) != NULL) {
682			TAILQ_REMOVE(sm_rdnss_head, smp1, sm_next);
683			free(smp1);
684		}
685	}
686	if (!TAILQ_EMPTY(sm_dnssl_head)) {
687		while ((smp1 = TAILQ_FIRST(sm_dnssl_head)) != NULL) {
688			TAILQ_REMOVE(sm_dnssl_head, smp1, sm_next);
689			free(smp1);
690		}
691	}
692	return (error);
693}
694
695static struct ra_opt *
696find_raopt(struct rainfo *rai, int type, void *msg, size_t len)
697{
698	struct ra_opt *rao;
699
700	TAILQ_FOREACH(rao, &rai->rai_ra_opt, rao_next) {
701		if (rao->rao_type == type &&
702		    rao->rao_len == strlen(msg) &&
703		    memcmp(rao->rao_msg, msg, len) == 0)
704			break;
705	}
706
707	return (rao);
708}
709
710static void
711call_script(const char *const argv[], struct script_msg_head_t *sm_head)
712{
713	struct script_msg *smp;
714	ssize_t len;
715	int status, wfd;
716
717	if (argv[0] == NULL)
718		return;
719
720	wfd = cap_script_run(capscript, argv);
721	if (wfd == -1) {
722		warnmsg(LOG_ERR, __func__,
723		    "failed to run %s: %s", argv[0], strerror(errno));
724		return;
725	}
726
727	if (sm_head != NULL) {
728		TAILQ_FOREACH(smp, sm_head, sm_next) {
729			len = strlen(smp->sm_msg);
730			warnmsg(LOG_DEBUG, __func__, "write to child = %s(%zd)",
731			    smp->sm_msg, len);
732			if (write(wfd, smp->sm_msg, len) != len) {
733				warnmsg(LOG_ERR, __func__,
734				    "write to child failed: %s",
735				    strerror(errno));
736				break;
737			}
738		}
739	}
740
741	(void)close(wfd);
742
743	if (cap_script_wait(capscript, &status) != 0)
744		warnmsg(LOG_ERR, __func__, "wait(): %s", strerror(errno));
745	else
746		warnmsg(LOG_DEBUG, __func__, "script \"%s\" status %d",
747		    argv[0], status);
748}
749
750/* Decode domain name label encoding in RFC 1035 Section 3.1 */
751static size_t
752dname_labeldec(char *dst, size_t dlen, const char *src)
753{
754	size_t len;
755	const char *src_origin;
756	const char *src_last;
757	const char *dst_origin;
758
759	src_origin = src;
760	src_last = strchr(src, '\0');
761	dst_origin = dst;
762	memset(dst, '\0', dlen);
763	while (src && (len = (uint8_t)(*src++) & 0x3f) &&
764	    (src + len) <= src_last &&
765	    (dst - dst_origin < (ssize_t)dlen)) {
766		if (dst != dst_origin)
767			*dst++ = '.';
768		warnmsg(LOG_DEBUG, __func__, "labellen = %zd", len);
769		memcpy(dst, src, len);
770		src += len;
771		dst += len;
772	}
773	*dst = '\0';
774
775	/*
776	 * XXX validate that domain name only contains valid characters
777	 * for two reasons: 1) correctness, 2) we do not want to pass
778	 * possible malicious, unescaped characters like `` to a script
779	 * or program that could be exploited that way.
780	 */
781
782	return (src - src_origin);
783}
784