1 /* 2 * Copyright 2011 Daniel Drown 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 * 16 * config.c - configuration settings 17 */ 18 19 #include <arpa/inet.h> 20 #include <errno.h> 21 #include <limits.h> 22 #include <stdio.h> 23 #include <stdlib.h> 24 #include <string.h> 25 #include <unistd.h> 26 27 #include <cutils/config_utils.h> 28 #include <netutils/checksum.h> 29 #include <netutils/ifc.h> 30 31 #include "clatd.h" 32 #include "config.h" 33 #include "dns64.h" 34 #include "getaddr.h" 35 #include "logging.h" 36 37 struct clat_config Global_Clatd_Config; 38 39 /* function: config_item_str 40 * locates the config item and returns the pointer to a string, or NULL on failure. Caller frees 41 * pointer 42 * root - parsed configuration 43 * item_name - name of config item to locate 44 * defaultvar - value to use if config item isn't present 45 */ 46 char *config_item_str(cnode *root, const char *item_name, const char *defaultvar) { 47 const char *tmp; 48 49 if (!(tmp = config_str(root, item_name, defaultvar))) { 50 logmsg(ANDROID_LOG_FATAL, "%s config item needed", item_name); 51 return NULL; 52 } 53 return strdup(tmp); 54 } 55 56 /* function: config_item_int16_t 57 * locates the config item, parses the integer, and returns the pointer ret_val_ptr, or NULL on 58 * failure 59 * root - parsed configuration 60 * item_name - name of config item to locate 61 * defaultvar - value to use if config item isn't present 62 * ret_val_ptr - pointer for return value storage 63 */ 64 int16_t *config_item_int16_t(cnode *root, const char *item_name, const char *defaultvar, 65 int16_t *ret_val_ptr) { 66 const char *tmp; 67 char *endptr; 68 long int conf_int; 69 70 if (!(tmp = config_str(root, item_name, defaultvar))) { 71 logmsg(ANDROID_LOG_FATAL, "%s config item needed", item_name); 72 return NULL; 73 } 74 75 errno = 0; 76 conf_int = strtol(tmp, &endptr, 10); 77 if (errno > 0) { 78 logmsg(ANDROID_LOG_FATAL, "%s config item is not numeric: %s (error=%s)", item_name, tmp, 79 strerror(errno)); 80 return NULL; 81 } 82 if (endptr == tmp || *tmp == '\0') { 83 logmsg(ANDROID_LOG_FATAL, "%s config item is not numeric: %s", item_name, tmp); 84 return NULL; 85 } 86 if (*endptr != '\0') { 87 logmsg(ANDROID_LOG_FATAL, "%s config item contains non-numeric characters: %s", item_name, 88 endptr); 89 return NULL; 90 } 91 if (conf_int > INT16_MAX || conf_int < INT16_MIN) { 92 logmsg(ANDROID_LOG_FATAL, "%s config item is too big/small: %d", item_name, conf_int); 93 return NULL; 94 } 95 *ret_val_ptr = conf_int; 96 return ret_val_ptr; 97 } 98 99 /* function: config_item_ip 100 * locates the config item, parses the ipv4 address, and returns the pointer ret_val_ptr, or NULL on 101 * failure 102 * root - parsed configuration 103 * item_name - name of config item to locate 104 * defaultvar - value to use if config item isn't present 105 * ret_val_ptr - pointer for return value storage 106 */ 107 struct in_addr *config_item_ip(cnode *root, const char *item_name, const char *defaultvar, 108 struct in_addr *ret_val_ptr) { 109 const char *tmp; 110 int status; 111 112 if (!(tmp = config_str(root, item_name, defaultvar))) { 113 logmsg(ANDROID_LOG_FATAL, "%s config item needed", item_name); 114 return NULL; 115 } 116 117 status = inet_pton(AF_INET, tmp, ret_val_ptr); 118 if (status <= 0) { 119 logmsg(ANDROID_LOG_FATAL, "invalid IPv4 address specified for %s: %s", item_name, tmp); 120 return NULL; 121 } 122 123 return ret_val_ptr; 124 } 125 126 /* function: config_item_ip6 127 * locates the config item, parses the ipv6 address, and returns the pointer ret_val_ptr, or NULL on 128 * failure 129 * root - parsed configuration 130 * item_name - name of config item to locate 131 * defaultvar - value to use if config item isn't present 132 * ret_val_ptr - pointer for return value storage 133 */ 134 struct in6_addr *config_item_ip6(cnode *root, const char *item_name, const char *defaultvar, 135 struct in6_addr *ret_val_ptr) { 136 const char *tmp; 137 int status; 138 139 if (!(tmp = config_str(root, item_name, defaultvar))) { 140 logmsg(ANDROID_LOG_FATAL, "%s config item needed", item_name); 141 return NULL; 142 } 143 144 status = inet_pton(AF_INET6, tmp, ret_val_ptr); 145 if (status <= 0) { 146 logmsg(ANDROID_LOG_FATAL, "invalid IPv6 address specified for %s: %s", item_name, tmp); 147 return NULL; 148 } 149 150 return ret_val_ptr; 151 } 152 153 /* function: free_config 154 * frees the memory used by the global config variable 155 */ 156 void free_config() { 157 if (Global_Clatd_Config.plat_from_dns64_hostname) { 158 free(Global_Clatd_Config.plat_from_dns64_hostname); 159 Global_Clatd_Config.plat_from_dns64_hostname = NULL; 160 } 161 } 162 163 /* function: ipv6_prefix_equal 164 * compares the prefixes two ipv6 addresses. assumes the prefix lengths are both /64. 165 * a1 - first address 166 * a2 - second address 167 * returns: 0 if the subnets are different, 1 if they are the same. 168 */ 169 int ipv6_prefix_equal(struct in6_addr *a1, struct in6_addr *a2) { return !memcmp(a1, a2, 8); } 170 171 /* function: dns64_detection 172 * does dns lookups to set the plat subnet or exits on failure, waits forever for a dns response 173 * with a query backoff timer 174 * net_id - (optional) netId to use, NETID_UNSET indicates use of default network 175 */ 176 void dns64_detection(unsigned net_id) { 177 int backoff_sleep, status; 178 struct in6_addr tmp_ptr; 179 180 backoff_sleep = 1; 181 182 while (1) { 183 status = plat_prefix(Global_Clatd_Config.plat_from_dns64_hostname, net_id, &tmp_ptr); 184 if (status > 0) { 185 memcpy(&Global_Clatd_Config.plat_subnet, &tmp_ptr, sizeof(struct in6_addr)); 186 return; 187 } 188 logmsg(ANDROID_LOG_WARN, "dns64_detection -- error, sleeping for %d seconds", backoff_sleep); 189 sleep(backoff_sleep); 190 backoff_sleep *= 2; 191 if (backoff_sleep >= 1800) { 192 // Scale down to one DNS query per half hour. Unnecessary DNS queries waste power, and the 193 // benefit is minimal (basically, only limited to the case where a network goes from IPv6-only 194 // to IPv6 with NAT64). 195 backoff_sleep = 1800; 196 } 197 } 198 } 199 200 /* function: gen_random_iid 201 * picks a random interface ID that is checksum neutral with the IPv4 address and the NAT64 prefix 202 * myaddr - IPv6 address to write to 203 * ipv4_local_subnet - clat IPv4 address 204 * plat_subnet - NAT64 prefix 205 */ 206 void gen_random_iid(struct in6_addr *myaddr, struct in_addr *ipv4_local_subnet, 207 struct in6_addr *plat_subnet) { 208 // Fill last 8 bytes of IPv6 address with random bits. 209 arc4random_buf(&myaddr->s6_addr[8], 8); 210 211 // Make the IID checksum-neutral. That is, make it so that: 212 // checksum(Local IPv4 | Remote IPv4) = checksum(Local IPv6 | Remote IPv6) 213 // in other words (because remote IPv6 = NAT64 prefix | Remote IPv4): 214 // checksum(Local IPv4) = checksum(Local IPv6 | NAT64 prefix) 215 // Do this by adjusting the two bytes in the middle of the IID. 216 217 uint16_t middlebytes = (myaddr->s6_addr[11] << 8) + myaddr->s6_addr[12]; 218 219 uint32_t c1 = ip_checksum_add(0, ipv4_local_subnet, sizeof(*ipv4_local_subnet)); 220 uint32_t c2 = ip_checksum_add(0, plat_subnet, sizeof(*plat_subnet)) + 221 ip_checksum_add(0, myaddr, sizeof(*myaddr)); 222 223 uint16_t delta = ip_checksum_adjust(middlebytes, c1, c2); 224 myaddr->s6_addr[11] = delta >> 8; 225 myaddr->s6_addr[12] = delta & 0xff; 226 } 227 228 // Factored out to a separate function for testability. 229 int connect_is_ipv4_address_free(in_addr_t addr) { 230 int s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); 231 if (s == -1) { 232 return 0; 233 } 234 235 // Attempt to connect to the address. If the connection succeeds and getsockname returns the same 236 // the address then the address is already assigned to the system and we can't use it. 237 struct sockaddr_in sin = { .sin_family = AF_INET, .sin_addr = { addr }, .sin_port = 53 }; 238 socklen_t len = sizeof(sin); 239 int inuse = connect(s, (struct sockaddr *)&sin, sizeof(sin)) == 0 && 240 getsockname(s, (struct sockaddr *)&sin, &len) == 0 && (size_t)len >= sizeof(sin) && 241 sin.sin_addr.s_addr == addr; 242 243 close(s); 244 return !inuse; 245 } 246 247 addr_free_func config_is_ipv4_address_free = connect_is_ipv4_address_free; 248 249 /* function: config_select_ipv4_address 250 * picks a free IPv4 address, starting from ip and trying all addresses in the prefix in order 251 * ip - the IP address from the configuration file 252 * prefixlen - the length of the prefix from which addresses may be selected. 253 * returns: the IPv4 address, or INADDR_NONE if no addresses were available 254 */ 255 in_addr_t config_select_ipv4_address(const struct in_addr *ip, int16_t prefixlen) { 256 in_addr_t chosen = INADDR_NONE; 257 258 // Don't accept prefixes that are too large because we scan addresses one by one. 259 if (prefixlen < 16 || prefixlen > 32) { 260 return chosen; 261 } 262 263 // All these are in host byte order. 264 in_addr_t mask = 0xffffffff >> (32 - prefixlen) << (32 - prefixlen); 265 in_addr_t ipv4 = ntohl(ip->s_addr); 266 in_addr_t first_ipv4 = ipv4; 267 in_addr_t prefix = ipv4 & mask; 268 269 // Pick the first IPv4 address in the pool, wrapping around if necessary. 270 // So, for example, 192.0.0.4 -> 192.0.0.5 -> 192.0.0.6 -> 192.0.0.7 -> 192.0.0.0. 271 do { 272 if (config_is_ipv4_address_free(htonl(ipv4))) { 273 chosen = htonl(ipv4); 274 break; 275 } 276 ipv4 = prefix | ((ipv4 + 1) & ~mask); 277 } while (ipv4 != first_ipv4); 278 279 return chosen; 280 } 281 282 /* function: config_generate_local_ipv6_subnet 283 * generates the local ipv6 subnet when given the interface ip requires config.ipv6_host_id 284 * interface_ip - in: interface ip, out: local ipv6 host address 285 */ 286 void config_generate_local_ipv6_subnet(struct in6_addr *interface_ip) { 287 int i; 288 289 if (Global_Clatd_Config.use_dynamic_iid) { 290 /* Generate a random interface ID. */ 291 gen_random_iid(interface_ip, &Global_Clatd_Config.ipv4_local_subnet, 292 &Global_Clatd_Config.plat_subnet); 293 } else { 294 /* Use the specified interface ID. */ 295 for (i = 2; i < 4; i++) { 296 interface_ip->s6_addr32[i] = Global_Clatd_Config.ipv6_host_id.s6_addr32[i]; 297 } 298 } 299 } 300 301 /* function: read_config 302 * reads the config file and parses it into the global variable Global_Clatd_Config. returns 0 on 303 * failure, 1 on success 304 * file - filename to parse 305 * uplink_interface - interface to use to reach the internet and supplier of address space 306 * plat_prefix - (optional) plat prefix to use, otherwise follow config file 307 * net_id - (optional) netId to use, NETID_UNSET indicates use of default network 308 */ 309 int read_config(const char *file, const char *uplink_interface, const char *plat_prefix, 310 unsigned net_id) { 311 cnode *root = config_node("", ""); 312 void *tmp_ptr = NULL; 313 unsigned flags; 314 315 if (!root) { 316 logmsg(ANDROID_LOG_FATAL, "out of memory"); 317 return 0; 318 } 319 320 memset(&Global_Clatd_Config, '\0', sizeof(Global_Clatd_Config)); 321 322 config_load_file(root, file); 323 if (root->first_child == NULL) { 324 logmsg(ANDROID_LOG_FATAL, "Could not read config file %s", file); 325 goto failed; 326 } 327 328 Global_Clatd_Config.default_pdp_interface = strdup(uplink_interface); 329 if (!Global_Clatd_Config.default_pdp_interface) goto failed; 330 331 if (!config_item_int16_t(root, "mtu", "-1", &Global_Clatd_Config.mtu)) goto failed; 332 333 if (!config_item_int16_t(root, "ipv4mtu", "-1", &Global_Clatd_Config.ipv4mtu)) goto failed; 334 335 if (!config_item_ip(root, "ipv4_local_subnet", DEFAULT_IPV4_LOCAL_SUBNET, 336 &Global_Clatd_Config.ipv4_local_subnet)) 337 goto failed; 338 339 if (!config_item_int16_t(root, "ipv4_local_prefixlen", DEFAULT_IPV4_LOCAL_PREFIXLEN, 340 &Global_Clatd_Config.ipv4_local_prefixlen)) 341 goto failed; 342 343 if (plat_prefix) { // plat subnet is coming from the command line 344 if (inet_pton(AF_INET6, plat_prefix, &Global_Clatd_Config.plat_subnet) <= 0) { 345 logmsg(ANDROID_LOG_FATAL, "invalid IPv6 address specified for plat prefix: %s", plat_prefix); 346 goto failed; 347 } 348 } else { 349 tmp_ptr = (void *)config_item_str(root, "plat_from_dns64", "yes"); 350 if (!tmp_ptr || strcmp(tmp_ptr, "no") == 0) { 351 free(tmp_ptr); 352 353 if (!config_item_ip6(root, "plat_subnet", NULL, &Global_Clatd_Config.plat_subnet)) { 354 logmsg(ANDROID_LOG_FATAL, "plat_from_dns64 disabled, but no plat_subnet specified"); 355 goto failed; 356 } 357 } else { 358 free(tmp_ptr); 359 360 if (!(Global_Clatd_Config.plat_from_dns64_hostname = 361 config_item_str(root, "plat_from_dns64_hostname", DEFAULT_DNS64_DETECTION_HOSTNAME))) 362 goto failed; 363 dns64_detection(net_id); 364 } 365 } 366 367 if (!config_item_ip6(root, "ipv6_host_id", "::", &Global_Clatd_Config.ipv6_host_id)) goto failed; 368 369 /* In order to prevent multiple devices attempting to use the same clat address, never use a 370 statically-configured interface ID on a broadcast interface such as wifi. */ 371 if (!IN6_IS_ADDR_UNSPECIFIED(&Global_Clatd_Config.ipv6_host_id)) { 372 ifc_init(); 373 ifc_get_info(Global_Clatd_Config.default_pdp_interface, NULL, NULL, &flags); 374 ifc_close(); 375 Global_Clatd_Config.use_dynamic_iid = (flags & IFF_BROADCAST) != 0; 376 } else { 377 Global_Clatd_Config.use_dynamic_iid = 1; 378 } 379 380 return 1; 381 382 failed: 383 free(root); 384 free_config(); 385 return 0; 386 } 387 388 /* function; dump_config 389 * prints the current config 390 */ 391 void dump_config() { 392 char charbuffer[INET6_ADDRSTRLEN]; 393 394 logmsg(ANDROID_LOG_DEBUG, "mtu = %d", Global_Clatd_Config.mtu); 395 logmsg(ANDROID_LOG_DEBUG, "ipv4mtu = %d", Global_Clatd_Config.ipv4mtu); 396 logmsg( 397 ANDROID_LOG_DEBUG, "ipv6_local_subnet = %s", 398 inet_ntop(AF_INET6, &Global_Clatd_Config.ipv6_local_subnet, charbuffer, sizeof(charbuffer))); 399 logmsg( 400 ANDROID_LOG_DEBUG, "ipv4_local_subnet = %s", 401 inet_ntop(AF_INET, &Global_Clatd_Config.ipv4_local_subnet, charbuffer, sizeof(charbuffer))); 402 logmsg(ANDROID_LOG_DEBUG, "ipv4_local_prefixlen = %d", Global_Clatd_Config.ipv4_local_prefixlen); 403 logmsg(ANDROID_LOG_DEBUG, "plat_subnet = %s", 404 inet_ntop(AF_INET6, &Global_Clatd_Config.plat_subnet, charbuffer, sizeof(charbuffer))); 405 logmsg(ANDROID_LOG_DEBUG, "default_pdp_interface = %s", 406 Global_Clatd_Config.default_pdp_interface); 407 } 408