• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * iptoken.c    "ip token"
3  *
4  *              This program is free software; you can redistribute it and/or
5  *              modify it under the terms of the GNU General Public License
6  *              as published by the Free Software Foundation; either version
7  *              2 of the License, or (at your option) any later version.
8  *
9  * Authors:     Daniel Borkmann, <borkmann@redhat.com>
10  */
11 
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <stdbool.h>
15 #include <unistd.h>
16 #include <syslog.h>
17 #include <fcntl.h>
18 #include <string.h>
19 #include <sys/socket.h>
20 #include <netinet/in.h>
21 #include <netinet/ip.h>
22 #include <arpa/inet.h>
23 #include <linux/types.h>
24 #include <linux/if.h>
25 
26 #include "rt_names.h"
27 #include "utils.h"
28 #include "ip_common.h"
29 
30 extern struct rtnl_handle rth;
31 
32 struct rtnl_dump_args {
33 	FILE *fp;
34 	int ifindex;
35 };
36 
37 static void usage(void) __attribute__((noreturn));
38 
usage(void)39 static void usage(void)
40 {
41 	fprintf(stderr, "Usage: ip token [ list | set | del | get ] [ TOKEN ] [ dev DEV ]\n");
42 	exit(-1);
43 }
44 
print_token(const struct sockaddr_nl * who,struct nlmsghdr * n,void * arg)45 static int print_token(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
46 {
47 	struct rtnl_dump_args *args = arg;
48 	FILE *fp = args->fp;
49 	int ifindex = args->ifindex;
50 	struct ifinfomsg *ifi = NLMSG_DATA(n);
51 	int len = n->nlmsg_len;
52 	struct rtattr *tb[IFLA_MAX + 1];
53 	struct rtattr *ltb[IFLA_INET6_MAX + 1];
54 
55 	if (n->nlmsg_type != RTM_NEWLINK)
56 		return -1;
57 
58 	len -= NLMSG_LENGTH(sizeof(*ifi));
59 	if (len < 0)
60 		return -1;
61 
62 	if (ifi->ifi_family != AF_INET6)
63 		return -1;
64 	if (ifi->ifi_index == 0)
65 		return -1;
66 	if (ifindex > 0 && ifi->ifi_index != ifindex)
67 		return 0;
68 	if (ifi->ifi_flags & (IFF_LOOPBACK | IFF_NOARP))
69 		return 0;
70 
71 	parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), len);
72 	if (!tb[IFLA_PROTINFO])
73 		return -1;
74 
75 	parse_rtattr_nested(ltb, IFLA_INET6_MAX, tb[IFLA_PROTINFO]);
76 	if (!ltb[IFLA_INET6_TOKEN]) {
77 		fprintf(stderr, "Seems there's no support for IPv6 token!\n");
78 		return -1;
79 	}
80 
81 	fprintf(fp, "token %s dev %s\n",
82 	        format_host_rta(ifi->ifi_family, ltb[IFLA_INET6_TOKEN]),
83 	        ll_index_to_name(ifi->ifi_index));
84 	fflush(fp);
85 
86 	return 0;
87 }
88 
iptoken_list(int argc,char ** argv)89 static int iptoken_list(int argc, char **argv)
90 {
91 	int af = AF_INET6;
92 	struct rtnl_dump_args da = { .fp = stdout };
93 
94 	while (argc > 0) {
95 		if (strcmp(*argv, "dev") == 0) {
96 			NEXT_ARG();
97 			if ((da.ifindex = ll_name_to_index(*argv)) == 0)
98 				invarg("dev is invalid\n", *argv);
99 			break;
100 		}
101 		argc--; argv++;
102 	}
103 
104 	if (rtnl_wilddump_request(&rth, af, RTM_GETLINK) < 0) {
105 		perror("Cannot send dump request");
106 		return -1;
107 	}
108 
109 	if (rtnl_dump_filter(&rth, print_token, &da) < 0) {
110 		fprintf(stderr, "Dump terminated\n");
111 		return -1;
112 	}
113 
114 	return 0;
115 }
116 
iptoken_set(int argc,char ** argv,bool delete)117 static int iptoken_set(int argc, char **argv, bool delete)
118 {
119 	struct {
120 		struct nlmsghdr n;
121 		struct ifinfomsg ifi;
122 		char buf[512];
123 	} req = {
124 		.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
125 		.n.nlmsg_flags = NLM_F_REQUEST,
126 		.n.nlmsg_type = RTM_SETLINK,
127 		.ifi.ifi_family = AF_INET6,
128 	};
129 	struct rtattr *afs, *afs6;
130 	bool have_token = delete, have_dev = false;
131 	inet_prefix addr = { .bytelen = 16, };
132 
133 	while (argc > 0) {
134 		if (strcmp(*argv, "dev") == 0) {
135 			NEXT_ARG();
136 			if (!have_dev) {
137 				if ((req.ifi.ifi_index =
138 				     ll_name_to_index(*argv)) == 0)
139 					invarg("dev is invalid\n", *argv);
140 				have_dev = true;
141 			}
142 		} else {
143 			if (matches(*argv, "help") == 0)
144 				usage();
145 			if (!have_token) {
146 				get_prefix(&addr, *argv, req.ifi.ifi_family);
147 				have_token = true;
148 			}
149 		}
150 		argc--; argv++;
151 	}
152 
153 	if (!have_token) {
154 		fprintf(stderr, "Not enough information: token is required.\n");
155 		return -1;
156 	}
157 	if (!have_dev) {
158 		fprintf(stderr, "Not enough information: \"dev\" argument is required.\n");
159 		return -1;
160 	}
161 
162 	afs = addattr_nest(&req.n, sizeof(req), IFLA_AF_SPEC);
163 	afs6 = addattr_nest(&req.n, sizeof(req), AF_INET6);
164 	addattr_l(&req.n, sizeof(req), IFLA_INET6_TOKEN,
165 		  &addr.data, addr.bytelen);
166 	addattr_nest_end(&req.n, afs6);
167 	addattr_nest_end(&req.n, afs);
168 
169 	if (rtnl_talk(&rth, &req.n, NULL, 0) < 0)
170 		return -2;
171 
172 	return 0;
173 }
174 
do_iptoken(int argc,char ** argv)175 int do_iptoken(int argc, char **argv)
176 {
177 	ll_init_map(&rth);
178 
179 	if (argc < 1) {
180 		return iptoken_list(0, NULL);
181 	} else if (matches(argv[0], "list") == 0 ||
182 		   matches(argv[0], "lst") == 0 ||
183 		   matches(argv[0], "show") == 0) {
184 		return iptoken_list(argc - 1, argv + 1);
185 	} else if (matches(argv[0], "set") == 0 ||
186 		   matches(argv[0], "add") == 0) {
187 		return iptoken_set(argc - 1, argv + 1, false);
188 	} else if (matches(argv[0], "delete") == 0) {
189 		return iptoken_set(argc - 1, argv + 1, true);
190 	} else if (matches(argv[0], "get") == 0) {
191 		return iptoken_list(argc - 1, argv + 1);
192 	} else if (matches(argv[0], "help") == 0)
193 		usage();
194 
195 	fprintf(stderr, "Command \"%s\" is unknown, try \"ip token help\".\n", *argv);
196 	exit(-1);
197 }
198