From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9DC42C678D4 for ; Thu, 2 Mar 2023 16:58:25 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C6EFB85C1A; Thu, 2 Mar 2023 17:58:22 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="dLeITejb"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A91C885C9F; Thu, 2 Mar 2023 17:58:21 +0100 (CET) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by phobos.denx.de (Postfix) with ESMTP id DA72185B4A for ; Thu, 2 Mar 2023 17:58:17 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=emohandesi@linux.microsoft.com Received: from linuxonhyperv3.guj3yctzbm1etfxqx2vob5hsef.xx.internal.cloudapp.net (linux.microsoft.com [13.77.154.182]) by linux.microsoft.com (Postfix) with ESMTPSA id 9B6F020B9C3D; Thu, 2 Mar 2023 08:58:16 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 9B6F020B9C3D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1677776296; bh=8o69S91n6WVmfyU8YXwzHttVM+gze9AG8o3RLlB6Dqk=; h=From:To:Cc:Subject:Date:From; b=dLeITejbjC6zmhzLaZRdXU6OI8X894KiWsl5n8MDjepJZigD94YLaHxf+/iyljOGp kaws3IckNlNWlv3Eu+5DW8vuXrdla6GeykKG4VmJO1VQ98Pq8s7JFPA9UX3jac+r9/ Vp/OslIzgc4P9H2Fat3pUUeA5svuS1/ISLNtDdGg= From: emohandesi@linux.microsoft.com To: u-boot@lists.denx.de Cc: joe.hershberger@ni.com, rfried.dev@gmail.com, sjg@chromium.org, xypron.glpk@gmx.de, ilias.apalodimas@linaro.org, masahisa.kojima@linaro.org, john@metanate.com, emohandesi@microsoft.com, v.v.mitrofanov@yadro.com, saproj@gmail.com, dphadke@linux.microsoft.com Subject: [PATCH] net: ipv6: Add support for default gateway discovery. Date: Thu, 2 Mar 2023 08:58:10 -0800 Message-Id: <1677776290-11067-1-git-send-email-emohandesi@linux.microsoft.com> X-Mailer: git-send-email 1.8.3.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean From: Ehsan Mohandesi In IPv6, the default gateway and prefix length are determined by receiving a router advertisement as defined in - https://www.rfc-editor.org/rfc/rfc4861. Add support for sending router solicitation (RS) and processing router advertisements (RA). If the RA has prefix info option and following conditions are met, then gatewayip6 and net_prefix_length of ip6addr env variables are initialized. These are later consumed by IPv6 code for non-local destination IP. - "Router Lifetime" != 0 - Prefix is NOT link-local prefix (0xfe80::/10) - L flag is 1 - "Valid Lifetime" != 0 Timing Parameters: - MAX_RTR_SOLICITATION_DELAY (0-1s) - RTR_SOLICITATION_INTERVAL (4s) (min retransmit delay) - MAX_RTR_SOLICITATIONS (3 RS transmissions) The functionality is enabled by CONFIG_IPV6_ROUTER_DISCOVERY and invoked automatically from net_init_loop(). Signed-off-by: Ehsan Mohandesi Conflicts: cmd/Kconfig include/net.h net/net.c --- cmd/Kconfig | 7 ++ include/ndisc.h | 23 ++++++ include/net.h | 2 +- include/net6.h | 40 ++++++++++ net/ndisc.c | 243 +++++++++++++++++++++++++++++++++++++++++++++++++++++--- net/net.c | 23 +++++- net/net6.c | 1 + 7 files changed, 327 insertions(+), 12 deletions(-) diff --git a/cmd/Kconfig b/cmd/Kconfig index 2caa4af..c46613e 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -1894,6 +1894,13 @@ config CMD_NCSI Normally this happens automatically before other network operations. +config IPV6_ROUTER_DISCOVERY + bool "Do router discovery" + depends on IPV6 + help + Will automatically perform router solicitation on first IPv6 + network operation + endif config CMD_ETHSW diff --git a/include/ndisc.h b/include/ndisc.h index f6f8eb6..362d707 100644 --- a/include/ndisc.h +++ b/include/ndisc.h @@ -19,6 +19,20 @@ struct nd_msg { __u8 opt[0]; }; +/* struct rs_msg - ICMPv6 Router Solicitation message format */ +struct rs_msg { + struct icmp6hdr icmph; + __u8 opt[0]; +}; + +/* struct ra_msg - ICMPv6 Router Advertisement message format */ +struct ra_msg { + struct icmp6hdr icmph; + __u32 reachable_time; + __u32 retransmission_timer; + __u8 opt[0]; +}; + /* struct echo_msg - ICMPv6 echo request/reply message format */ struct echo_msg { struct icmp6hdr icmph; @@ -57,6 +71,11 @@ extern int net_nd_try; */ void ndisc_init(void); +/* + * ip6_send_rs() - Send IPv6 Router Solicitation Message + */ +void ip6_send_rs(void); + /** * ndisc_receive() - Handle ND packet * @@ -97,6 +116,10 @@ static inline int ndisc_timeout_check(void) { return 0; } + +void ip6_send_rs(void) +{ +} #endif #endif /* __NDISC_H__ */ diff --git a/include/net.h b/include/net.h index 399af5e..25c43b3 100644 --- a/include/net.h +++ b/include/net.h @@ -505,7 +505,7 @@ extern int net_restart_wrap; /* Tried all network devices */ enum proto_t { BOOTP, RARP, ARP, TFTPGET, DHCP, PING, PING6, DNS, NFS, CDP, NETCONS, - SNTP, TFTPSRV, TFTPPUT, LINKLOCAL, FASTBOOT, WOL, UDP, NCSI, WGET + SNTP, TFTPSRV, TFTPPUT, LINKLOCAL, FASTBOOT, WOL, UDP, NCSI, WGET, RS }; extern char net_boot_file_name[1024];/* Boot File name */ diff --git a/include/net6.h b/include/net6.h index 2d7c5a0..beafc05 100644 --- a/include/net6.h +++ b/include/net6.h @@ -81,8 +81,17 @@ struct udp_hdr { 0x00, 0x00, 0x00, 0x00, \ 0x00, 0x00, 0x00, 0x00, \ 0x00, 0x00, 0x00, 0x00 } } } +/* + * All-routers multicast address is the link-local scope address to reach all + * routers. + */ +#define ALL_ROUTERS_MULT_ADDR { { { 0xFF, 0x02, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x02 } } } #define IPV6_LINK_LOCAL_PREFIX 0xfe80 +#define IPV6_LINK_LOCAL_MASK 0xffb0 /* The first 10-bit of address mask. */ /* hop limit for neighbour discovery packets */ #define IPV6_NDISC_HOPLIMIT 255 @@ -166,6 +175,37 @@ struct icmp6hdr { #define icmp6_rt_lifetime icmp6_dataun.u_nd_ra.rt_lifetime } __packed; +/* + * struct icmp6_ra_prefix_info - Prefix Information option of the ICMPv6 message + * The Prefix Information option provides hosts with on-link prefixes and + * prefixes for Address Autoconfiguration. Refer to RFC 4861 for more info. + */ +struct icmp6_ra_prefix_info { + u8 type; /* Type is 3 for Prefix Information. */ + u8 len; /* Len is 4 for Prefix Information. */ + /* The number of leading bits in the Prefix that are valid. */ + u8 prefix_len; + u8 reserved1:6, /* MUST be ignored by the receiver. */ + aac:1, /* autonomous address-configuration flag */ + /* Indicates that this prefix can be used for on-link determination. */ + on_link:1; + /* + * The length of time in seconds that the prefix is valid for the + * purpose of on-link determination. + */ + __be32 valid_lifetime; + /* The length of time addresses remain preferred. */ + __be32 preferred_lifetime; + __be32 reserved2; /* MUST be ignored by the receiver. */ + /* + * Prefix is an IP address or a prefix of an IP address. The Prefix + * Length field contains the number of valid leading bits in the prefix. + * The bits in the prefix after the prefix length are reserved and MUST + * be initialized to zero by the sender and ignored by the receiver. + */ + struct in6_addr prefix; +}; + extern struct in6_addr const net_null_addr_ip6; /* NULL IPv6 address */ extern struct in6_addr net_gateway6; /* Our gateways IPv6 address */ extern struct in6_addr net_ip6; /* Our IPv6 addr (0 = unknown) */ diff --git a/net/ndisc.c b/net/ndisc.c index 367dae7..db76c4b 100644 --- a/net/ndisc.c +++ b/net/ndisc.c @@ -13,6 +13,8 @@ #include #include #include +#include +#include /* IPv6 destination address of packet waiting for ND */ struct in6_addr net_nd_sol_packet_ip6 = ZERO_IPV6_ADDR; @@ -29,31 +31,37 @@ int net_nd_tx_packet_size; ulong net_nd_timer_start; /* the number of requests we have sent so far */ int net_nd_try; +struct in6_addr all_routers = ALL_ROUTERS_MULT_ADDR; + +#define MAX_RTR_SOLICITATIONS 3 +/* The maximum time to delay sending the first router solicitation message. */ +#define MAX_SOLICITATION_DELAY 1 // 1 second +/* The time to wait before sending the next router solicitation message. */ +#define RTR_SOLICITATION_INTERVAL 4000 // 4 seconds #define IP6_NDISC_OPT_SPACE(len) (((len) + 2 + 7) & ~7) /** * ndisc_insert_option() - Insert an option into a neighbor discovery packet * - * @ndisc: pointer to ND packet + * @opt: pointer to the option element of the neighbor discovery packet * @type: option type to insert * @data: option data to insert * @len: data length * Return: the number of bytes inserted (which may be >= len) */ -static int -ndisc_insert_option(struct nd_msg *ndisc, int type, u8 *data, int len) +static int ndisc_insert_option(__u8 *opt, int type, u8 *data, int len) { int space = IP6_NDISC_OPT_SPACE(len); - ndisc->opt[0] = type; - ndisc->opt[1] = space >> 3; - memcpy(&ndisc->opt[2], data, len); + opt[0] = type; + opt[1] = space >> 3; + memcpy(&opt[2], data, len); len += 2; /* fill the remainder with 0 */ if (space - len > 0) - memset(&ndisc->opt[len], '\0', space - len); + memset(&opt[len], '\0', space - len); return space; } @@ -123,7 +131,7 @@ static void ip6_send_ns(struct in6_addr *neigh_addr) /* Set the target address and llsaddr option */ net_copy_ip6(&msg->target, neigh_addr); - ndisc_insert_option(msg, ND_OPT_SOURCE_LL_ADDR, net_ethaddr, + ndisc_insert_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, net_ethaddr, INETHADDRSZ); /* checksum */ @@ -137,6 +145,76 @@ static void ip6_send_ns(struct in6_addr *neigh_addr) net_send_packet(net_tx_packet, (pkt - net_tx_packet)); } +/* + * ip6_send_rs() - Send IPv6 Router Solicitation Message. + * + * A router solicitation is sent to discover a router. RS message creation is + * based on RFC 4861 section 4.1. Router Solicitation Message Format. + */ +void ip6_send_rs(void) +{ + unsigned char enetaddr[6]; + struct rs_msg *msg; + __u16 icmp_len; + uchar *pkt; + unsigned short csum; + unsigned int pcsum; + static unsigned int retry_count; + + if (!ip6_is_unspecified_addr(&net_gateway6) && + net_prefix_length != 0) { + net_set_state(NETLOOP_SUCCESS); + return; + } else if (retry_count >= MAX_RTR_SOLICITATIONS) { + net_set_state(NETLOOP_FAIL); + net_set_timeout_handler(0, 0); + retry_count = 0; + return; + } + + printf("ROUTER SOLICITATION %d\n", retry_count + 1); + + ip6_make_mult_ethdstaddr(enetaddr, &all_routers); + /* + * ICMP length is the size of ICMP header (8) + one option (8) = 16. + * The option is 2 bytes of type and length + 6 bytes for MAC. + */ + icmp_len = sizeof(struct icmp6hdr) + IP6_NDISC_OPT_SPACE(INETHADDRSZ); + + pkt = (uchar *)net_tx_packet; + pkt += net_set_ether(pkt, enetaddr, PROT_IP6); + pkt += ip6_add_hdr(pkt, &net_link_local_ip6, &all_routers, PROT_ICMPV6, + IPV6_NDISC_HOPLIMIT, icmp_len); + + /* ICMPv6 - RS */ + msg = (struct rs_msg *)pkt; + msg->icmph.icmp6_type = IPV6_NDISC_ROUTER_SOLICITATION; + msg->icmph.icmp6_code = 0; + memset(&msg->icmph.icmp6_cksum, 0, sizeof(__be16)); + memset(&msg->icmph.icmp6_unused, 0, sizeof(__be32)); + + /* Set the llsaddr option */ + ndisc_insert_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, net_ethaddr, + INETHADDRSZ); + + /* checksum */ + pcsum = csum_partial((__u8 *)msg, icmp_len, 0); + csum = csum_ipv6_magic(&net_link_local_ip6, &all_routers, + icmp_len, PROT_ICMPV6, pcsum); + msg->icmph.icmp6_cksum = csum; + pkt += icmp_len; + + /* Wait up to 1 second if it is the first try to get the RA */ + if (retry_count == 0) + udelay(((unsigned int)rand() % 1000000) * MAX_SOLICITATION_DELAY); + + /* send it! */ + net_send_packet(net_tx_packet, (pkt - net_tx_packet)); + + retry_count++; + net_set_timeout_handler(RTR_SOLICITATION_INTERVAL, ip6_send_rs); +} + static void ip6_send_na(uchar *eth_dst_addr, struct in6_addr *neigh_addr, struct in6_addr *target) @@ -167,7 +245,7 @@ ip6_send_na(uchar *eth_dst_addr, struct in6_addr *neigh_addr, msg->icmph.icmp6_dataun.u_nd_advt.override = 1; /* Set the target address and lltargetaddr option */ net_copy_ip6(&msg->target, target); - ndisc_insert_option(msg, ND_OPT_TARGET_LL_ADDR, net_ethaddr, + ndisc_insert_option(msg->opt, ND_OPT_TARGET_LL_ADDR, net_ethaddr, INETHADDRSZ); /* checksum */ @@ -223,6 +301,10 @@ int ndisc_timeout_check(void) return 1; } +/* + * ndisc_init() - Make initial steps for ND state machine. + * Usually move variables into initial state. + */ void ndisc_init(void) { net_nd_packet_mac = NULL; @@ -234,12 +316,125 @@ void ndisc_init(void) net_nd_tx_packet -= (ulong)net_nd_tx_packet % PKTALIGN; } +/* + * validate_ra() - Validate the router advertisement message. + * + * @ip6: Pointer to the router advertisement packet + * @len: Length of the router advertisement packet + * + * Check if the router advertisement message is valid. Conditions are + * according to RFC 4861 section 6.1.2. Validation of Router Advertisement + * Messages. + * + * Return: true if the message is valid and false if it is invalid. + */ +static bool validate_ra(struct ip6_hdr *ip6, int len) +{ + struct icmp6hdr *icmp = (struct icmp6hdr *)(ip6 + 1); + + /* ICMP length (derived from the IP length) should be 16 or more octets. */ + if (ip6->payload_len < 16) + return false; + + /* Source IP Address should be a valid link-local address. */ + if ((ntohs(ip6->saddr.s6_addr16[0]) & IPV6_LINK_LOCAL_MASK) != + IPV6_LINK_LOCAL_PREFIX) + return false; + + /* + * The IP Hop Limit field should have a value of 255, i.e., the packet + * could not possibly have been forwarded by a router. + */ + if (ip6->hop_limit != 255) + return false; + + /* ICMP checksum has already been checked in net_ip6_handler. */ + + if (icmp->icmp6_code != 0) + return false; + + return true; +} + +/* + * process_ra() - Process the router advertisement packet. + * + * @ip6: Pointer to the router advertisement packet + * @len: Length of the router advertisement packet + * + * Process the received router advertisement message. + * Although RFC 4861 requires retaining at least two router addresses, we only + * keep one because of the U-Boot limitations and its goal of lightweight code. + * + * Return: 0 - RA is a default router and contains valid prefix information. + * Non-zero - RA options are invalid or do not indicate it is a default router + * or do not contain valid prefix information. + */ +static int process_ra(struct ip6_hdr *ip6, int len) +{ + /* Pointer to the ICMP section of the packet */ + struct icmp6hdr *icmp = (struct icmp6hdr *)(ip6 + 1); + struct ra_msg *msg = (struct ra_msg *)icmp; + int remaining_option_len = len - IP6_HDR_SIZE - sizeof(struct ra_msg); + unsigned short int option_len; /* Length of each option */ + /* Pointer to the ICMPv6 message options */ + unsigned char *option = NULL; + /* 8-bit identifier of the type of ICMPv6 option */ + unsigned char type = 0; + struct icmp6_ra_prefix_info *prefix = NULL; + + /* Ignore the packet if router lifetime is 0. */ + if (!icmp->icmp6_rt_lifetime) + return -EOPNOTSUPP; + + /* Processing the options */ + option = msg->opt; + while (remaining_option_len > 0) { + /* The 2nd byte of the option is its length. */ + option_len = option[1]; + /* All included options should have a positive length. */ + if (option_len == 0) + return -EINVAL; + + type = option[0]; + /* All option types except Prefix Information are ignored. */ + switch (type) { + case ND_OPT_SOURCE_LL_ADDR: + case ND_OPT_TARGET_LL_ADDR: + case ND_OPT_REDIRECT_HDR: + case ND_OPT_MTU: + break; + case ND_OPT_PREFIX_INFO: + prefix = (struct icmp6_ra_prefix_info *)option; + /* The link-local prefix 0xfe80::/10 is ignored. */ + if ((ntohs(prefix->prefix.s6_addr16[0]) & + IPV6_LINK_LOCAL_MASK) == IPV6_LINK_LOCAL_PREFIX) + break; + if (prefix->on_link && ntohl(prefix->valid_lifetime)) { + net_prefix_length = prefix->prefix_len; + net_gateway6 = ip6->saddr; + return 0; + } + break; + default: + debug("Unknown IPv6 Neighbor Discovery Option 0x%x\n", + type); + } + + option_len <<= 3; /* Option length is a multiple of 8. */ + remaining_option_len -= option_len; + option += option_len; + } + return -EADDRNOTAVAIL; +} + int ndisc_receive(struct ethernet_hdr *et, struct ip6_hdr *ip6, int len) { struct icmp6hdr *icmp = (struct icmp6hdr *)(((uchar *)ip6) + IP6_HDR_SIZE); struct nd_msg *ndisc = (struct nd_msg *)icmp; uchar neigh_eth_addr[6]; + int err = 0; // The error code returned calling functions. switch (icmp->icmp6_type) { case IPV6_NDISC_NEIGHBOUR_SOLICITATION: @@ -280,6 +475,36 @@ int ndisc_receive(struct ethernet_hdr *et, struct ip6_hdr *ip6, int len) net_nd_packet_mac = NULL; } break; + case IPV6_NDISC_ROUTER_SOLICITATION: + break; + case IPV6_NDISC_ROUTER_ADVERTISEMENT: + debug("Received router advertisement for %pI6c from %pI6c\n", + &ip6->daddr, &ip6->saddr); + /* + * If gateway and prefix are set, the RA packet is ignored. The + * reason is that the U-Boot code is supposed to be as compact + * as possible and does not need to take care of multiple + * routers. In addition to that, U-Boot does not want to handle + * scenarios like a router setting its lifetime to zero to + * indicate it is not routing anymore. U-Boot program has a + * short life when the system boots up and does not need such + * sophistication. + */ + if (!ip6_is_unspecified_addr(&net_gateway6) && + net_prefix_length != 0) { + break; + } + if (!validate_ra(ip6, len)) { + debug("Invalid router advertisement message.\n"); + break; + } + err = process_ra(ip6, len); + if (err) + debug("Ignored router advertisement. Error: %d\n", err); + else + printf("Set gatewayip6: %pI6c, prefix_length: %d\n", + &net_gateway6, net_prefix_length); + break; default: debug("Unexpected ICMPv6 type 0x%x\n", icmp->icmp6_type); return -1; diff --git a/net/net.c b/net/net.c index c9a749f..39f0b81 100644 --- a/net/net.c +++ b/net/net.c @@ -24,7 +24,7 @@ * - name of bootfile * Next step: ARP * - * LINK_LOCAL: + * LINKLOCAL: * * Prerequisites: - own ethernet address * We want: - own IP address @@ -122,6 +122,7 @@ #endif #include #include +#include "net_rand.h" /** BOOTP EXTENTIONS **/ @@ -346,6 +347,8 @@ void net_auto_load(void) static int net_init_loop(void) { + static bool first_call = true; + if (eth_get_dev()) { memcpy(net_ethaddr, eth_get_ethaddr(), 6); @@ -365,6 +368,12 @@ static int net_init_loop(void) */ return -ENONET; + if (IS_ENABLED(CONFIG_IPV6_ROUTER_DISCOVERY)) + if (first_call && use_ip6) { + first_call = false; + srand_mac(); /* This is for rand used in ip6_send_rs. */ + net_loop(RS); + } return 0; } @@ -574,6 +583,10 @@ restart: ncsi_probe_packages(); break; #endif + case RS: + if (IS_ENABLED(CONFIG_IPV6_ROUTER_DISCOVERY)) + ip6_send_rs(); + break; default: break; } @@ -671,7 +684,13 @@ restart: x = time_handler; time_handler = (thand_f *)0; (*x)(); - } + } else if (IS_ENABLED(CONFIG_IPV6_ROUTER_DISCOVERY)) + if (time_handler && protocol == RS) + if (!ip6_is_unspecified_addr(&net_gateway6) && + net_prefix_length != 0) { + net_set_state(NETLOOP_SUCCESS); + net_set_timeout_handler(0, 0); + } if (net_state == NETLOOP_FAIL) ret = net_start_again(); diff --git a/net/net6.c b/net/net6.c index 75577bc..2dd64c0 100644 --- a/net/net6.c +++ b/net/net6.c @@ -413,6 +413,7 @@ int net_ip6_handler(struct ethernet_hdr *et, struct ip6_hdr *ip6, int len) break; case IPV6_NDISC_NEIGHBOUR_SOLICITATION: case IPV6_NDISC_NEIGHBOUR_ADVERTISEMENT: + case IPV6_NDISC_ROUTER_ADVERTISEMENT: ndisc_receive(et, ip6, len); break; default: -- 1.8.3.1