]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
a13c50e7 | 2 | /*** |
810adae9 | 3 | Copyright © 2014 Intel Corporation. All rights reserved. |
a13c50e7 TG |
4 | ***/ |
5 | ||
23f53b99 | 6 | #include <arpa/inet.h> |
062c020f YW |
7 | #include <netinet/icmp6.h> |
8 | #include <linux/if.h> | |
f4ef1c19 | 9 | #include <linux/if_arp.h> |
a13c50e7 | 10 | |
a13c50e7 TG |
11 | #include "sd-ndisc.h" |
12 | ||
d909e4af | 13 | #include "missing_network.h" |
f09a4747 | 14 | #include "networkd-address-generation.h" |
093e3533 | 15 | #include "networkd-address.h" |
ca5ad760 | 16 | #include "networkd-dhcp6.h" |
73854ba1 | 17 | #include "networkd-manager.h" |
1e7a0e21 | 18 | #include "networkd-ndisc.h" |
76c5a0f2 | 19 | #include "networkd-queue.h" |
3b6a3bde | 20 | #include "networkd-route.h" |
3b5a4fc6 | 21 | #include "networkd-state-file.h" |
ac24e418 | 22 | #include "string-table.h" |
5f506a55 | 23 | #include "string-util.h" |
51517f9e | 24 | #include "strv.h" |
1e7a0e21 LP |
25 | |
26 | #define NDISC_DNSSL_MAX 64U | |
27 | #define NDISC_RDNSS_MAX 64U | |
fe307276 | 28 | |
062c020f YW |
29 | bool link_ipv6_accept_ra_enabled(Link *link) { |
30 | assert(link); | |
31 | ||
32 | if (!socket_ipv6_is_supported()) | |
33 | return false; | |
34 | ||
35 | if (link->flags & IFF_LOOPBACK) | |
36 | return false; | |
37 | ||
f4ef1c19 YW |
38 | if (link->iftype == ARPHRD_CAN) |
39 | return false; | |
40 | ||
062c020f YW |
41 | if (!link->network) |
42 | return false; | |
43 | ||
bd7e0a3f | 44 | if (!link_may_have_ipv6ll(link, /* check_multicast = */ true)) |
062c020f YW |
45 | return false; |
46 | ||
3773eb54 YW |
47 | assert(link->network->ipv6_accept_ra >= 0); |
48 | return link->network->ipv6_accept_ra; | |
49 | } | |
50 | ||
51 | void network_adjust_ipv6_accept_ra(Network *network) { | |
52 | assert(network); | |
53 | ||
54 | if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) { | |
55 | if (network->ipv6_accept_ra > 0) | |
f81ac115 | 56 | log_warning("%s: IPv6AcceptRA= is enabled but IPv6 link-local addressing is disabled or not supported. " |
3773eb54 YW |
57 | "Disabling IPv6AcceptRA=.", network->filename); |
58 | network->ipv6_accept_ra = false; | |
59 | } | |
60 | ||
61 | if (network->ipv6_accept_ra < 0) | |
062c020f | 62 | /* default to accept RA if ip_forward is disabled and ignore RA if ip_forward is enabled */ |
3773eb54 | 63 | network->ipv6_accept_ra = !FLAGS_SET(network->ip_forward, ADDRESS_FAMILY_IPV6); |
de6b6ff8 | 64 | |
75d26411 YW |
65 | /* When RouterAllowList=, PrefixAllowList= or RouteAllowList= are specified, then |
66 | * RouterDenyList=, PrefixDenyList= or RouteDenyList= are ignored, respectively. */ | |
67 | if (!set_isempty(network->ndisc_allow_listed_router)) | |
68 | network->ndisc_deny_listed_router = set_free_free(network->ndisc_deny_listed_router); | |
de6b6ff8 SS |
69 | if (!set_isempty(network->ndisc_allow_listed_prefix)) |
70 | network->ndisc_deny_listed_prefix = set_free_free(network->ndisc_deny_listed_prefix); | |
71 | if (!set_isempty(network->ndisc_allow_listed_route_prefix)) | |
72 | network->ndisc_deny_listed_route_prefix = set_free_free(network->ndisc_deny_listed_route_prefix); | |
062c020f YW |
73 | } |
74 | ||
3b6a3bde YW |
75 | static int ndisc_remove(Link *link, struct in6_addr *router) { |
76 | bool updated = false; | |
b0b97766 YW |
77 | NDiscDNSSL *dnssl; |
78 | NDiscRDNSS *rdnss; | |
3b6a3bde YW |
79 | Address *address; |
80 | Route *route; | |
69203fba YW |
81 | int k, r = 0; |
82 | ||
83 | assert(link); | |
84 | ||
3b6a3bde YW |
85 | SET_FOREACH(route, link->routes) { |
86 | if (route->source != NETWORK_CONFIG_SOURCE_NDISC) | |
87 | continue; | |
88 | if (!route_is_marked(route)) | |
89 | continue; | |
90 | if (router && !in6_addr_equal(router, &route->provider.in6)) | |
91 | continue; | |
69203fba | 92 | |
3b6a3bde YW |
93 | k = route_remove(route); |
94 | if (k < 0) | |
95 | r = k; | |
69203fba | 96 | |
95eb38c8 | 97 | route_cancel_request(route, link); |
3b6a3bde | 98 | } |
50550722 | 99 | |
3b6a3bde YW |
100 | SET_FOREACH(address, link->addresses) { |
101 | if (address->source != NETWORK_CONFIG_SOURCE_NDISC) | |
102 | continue; | |
103 | if (!address_is_marked(address)) | |
104 | continue; | |
105 | if (router && !in6_addr_equal(router, &address->provider.in6)) | |
106 | continue; | |
50550722 | 107 | |
3b6a3bde YW |
108 | k = address_remove(address); |
109 | if (k < 0) | |
110 | r = k; | |
50550722 | 111 | |
3b6a3bde | 112 | address_cancel_request(address); |
69203fba YW |
113 | } |
114 | ||
3b6a3bde YW |
115 | SET_FOREACH(rdnss, link->ndisc_rdnss) { |
116 | if (!rdnss->marked) | |
117 | continue; | |
118 | if (router && !in6_addr_equal(router, &rdnss->router)) | |
119 | continue; | |
50550722 | 120 | |
3b6a3bde YW |
121 | free(set_remove(link->ndisc_rdnss, rdnss)); |
122 | updated = true; | |
50550722 | 123 | } |
69203fba | 124 | |
3b6a3bde YW |
125 | SET_FOREACH(dnssl, link->ndisc_dnssl) { |
126 | if (!dnssl->marked) | |
127 | continue; | |
128 | if (router && !in6_addr_equal(router, &dnssl->router)) | |
129 | continue; | |
b0b97766 | 130 | |
3b6a3bde YW |
131 | free(set_remove(link->ndisc_dnssl, dnssl)); |
132 | updated = true; | |
133 | } | |
9092113d YW |
134 | |
135 | if (updated) | |
136 | link_dirty(link); | |
b0b97766 | 137 | |
69203fba YW |
138 | return r; |
139 | } | |
140 | ||
3b6a3bde | 141 | static int ndisc_check_ready(Link *link); |
50550722 | 142 | |
3b6a3bde YW |
143 | static int ndisc_address_ready_callback(Address *address) { |
144 | Address *a; | |
50550722 | 145 | |
3b6a3bde YW |
146 | assert(address); |
147 | assert(address->link); | |
50550722 | 148 | |
3b6a3bde YW |
149 | SET_FOREACH(a, address->link->addresses) |
150 | if (a->source == NETWORK_CONFIG_SOURCE_NDISC) | |
151 | a->callback = NULL; | |
50550722 | 152 | |
3b6a3bde YW |
153 | return ndisc_check_ready(address->link); |
154 | } | |
50550722 | 155 | |
3b6a3bde YW |
156 | static int ndisc_check_ready(Link *link) { |
157 | bool found = false, ready = false; | |
158 | Address *address; | |
159 | int r; | |
50550722 | 160 | |
3b6a3bde | 161 | assert(link); |
50550722 | 162 | |
3b6a3bde YW |
163 | if (link->ndisc_messages > 0) { |
164 | log_link_debug(link, "%s(): SLAAC addresses and routes are not set.", __func__); | |
165 | return 0; | |
166 | } | |
50550722 | 167 | |
3b6a3bde YW |
168 | SET_FOREACH(address, link->addresses) { |
169 | if (address->source != NETWORK_CONFIG_SOURCE_NDISC) | |
170 | continue; | |
50550722 | 171 | |
3b6a3bde | 172 | found = true; |
50550722 | 173 | |
3b6a3bde YW |
174 | if (address_is_ready(address)) { |
175 | ready = true; | |
176 | break; | |
50550722 | 177 | } |
3b6a3bde | 178 | } |
50550722 | 179 | |
3b6a3bde YW |
180 | if (found && !ready) { |
181 | SET_FOREACH(address, link->addresses) | |
182 | if (address->source == NETWORK_CONFIG_SOURCE_NDISC) | |
183 | address->callback = ndisc_address_ready_callback; | |
50550722 | 184 | |
3b6a3bde YW |
185 | log_link_debug(link, "%s(): no SLAAC address is ready.", __func__); |
186 | return 0; | |
50550722 YW |
187 | } |
188 | ||
3b6a3bde YW |
189 | link->ndisc_configured = true; |
190 | log_link_debug(link, "SLAAC addresses and routes set."); | |
50550722 | 191 | |
3b6a3bde YW |
192 | r = ndisc_remove(link, NULL); |
193 | if (r < 0) | |
194 | return r; | |
50550722 | 195 | |
3b6a3bde YW |
196 | link_check_ready(link); |
197 | return 0; | |
50550722 YW |
198 | } |
199 | ||
80d62d4f | 200 | static int ndisc_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Route *route) { |
3b015d40 TG |
201 | int r; |
202 | ||
203 | assert(link); | |
3b015d40 | 204 | |
5a07fa9d YW |
205 | r = route_configure_handler_internal(rtnl, m, link, "Could not set NDisc route"); |
206 | if (r <= 0) | |
207 | return r; | |
3b015d40 | 208 | |
3b6a3bde | 209 | r = ndisc_check_ready(link); |
50550722 | 210 | if (r < 0) |
3b6a3bde | 211 | link_enter_failed(link); |
76c5a0f2 | 212 | |
3b6a3bde | 213 | return 1; |
76c5a0f2 YW |
214 | } |
215 | ||
216 | static int ndisc_request_route(Route *in, Link *link, sd_ndisc_router *rt) { | |
217 | _cleanup_(route_freep) Route *route = in; | |
3b6a3bde YW |
218 | struct in6_addr router; |
219 | Route *existing; | |
76c5a0f2 YW |
220 | int r; |
221 | ||
222 | assert(route); | |
223 | assert(link); | |
224 | assert(rt); | |
225 | ||
3b6a3bde YW |
226 | r = sd_ndisc_router_get_address(rt, &router); |
227 | if (r < 0) | |
228 | return r; | |
229 | ||
230 | route->source = NETWORK_CONFIG_SOURCE_NDISC; | |
231 | route->provider.in6 = router; | |
429dc05a YW |
232 | if (!route->table_set) |
233 | route->table = link_get_ipv6_accept_ra_route_table(link); | |
234 | if (!route->priority_set) | |
235 | route->priority = link->network->ipv6_accept_ra_route_metric; | |
236 | if (!route->protocol_set) | |
237 | route->protocol = RTPROT_RA; | |
238 | ||
3b6a3bde YW |
239 | if (route_get(NULL, link, route, &existing) < 0) |
240 | link->ndisc_configured = false; | |
241 | else | |
242 | route_unmark(existing); | |
50550722 | 243 | |
3b6a3bde YW |
244 | return link_request_route(link, TAKE_PTR(route), true, &link->ndisc_messages, |
245 | ndisc_route_handler, NULL); | |
50550722 YW |
246 | } |
247 | ||
80d62d4f | 248 | static int ndisc_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Address *address) { |
73854ba1 YW |
249 | int r; |
250 | ||
251 | assert(link); | |
73854ba1 | 252 | |
5a07fa9d YW |
253 | r = address_configure_handler_internal(rtnl, m, link, "Could not set NDisc address"); |
254 | if (r <= 0) | |
255 | return r; | |
73854ba1 | 256 | |
3b6a3bde | 257 | r = ndisc_check_ready(link); |
50550722 | 258 | if (r < 0) |
3b6a3bde | 259 | link_enter_failed(link); |
69203fba | 260 | |
3b6a3bde | 261 | return 1; |
69203fba YW |
262 | } |
263 | ||
76c5a0f2 YW |
264 | static int ndisc_request_address(Address *in, Link *link, sd_ndisc_router *rt) { |
265 | _cleanup_(address_freep) Address *address = in; | |
3b6a3bde YW |
266 | struct in6_addr router; |
267 | Address *existing; | |
76c5a0f2 YW |
268 | int r; |
269 | ||
270 | assert(address); | |
271 | assert(link); | |
272 | assert(rt); | |
273 | ||
3b6a3bde YW |
274 | r = sd_ndisc_router_get_address(rt, &router); |
275 | if (r < 0) | |
76c5a0f2 YW |
276 | return r; |
277 | ||
3b6a3bde YW |
278 | address->source = NETWORK_CONFIG_SOURCE_NDISC; |
279 | address->provider.in6 = router; | |
76c5a0f2 | 280 | |
4b3590c3 TM |
281 | r = free_and_strdup_warn(&address->netlabel, link->network->ndisc_netlabel); |
282 | if (r < 0) | |
283 | return r; | |
284 | ||
3b6a3bde YW |
285 | if (address_get(link, address, &existing) < 0) |
286 | link->ndisc_configured = false; | |
287 | else | |
288 | address_unmark(existing); | |
289 | ||
290 | return link_request_address(link, TAKE_PTR(address), true, &link->ndisc_messages, | |
291 | ndisc_address_handler, NULL); | |
76c5a0f2 YW |
292 | } |
293 | ||
d5017c84 | 294 | static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { |
91fc5135 | 295 | usec_t lifetime_usec, timestamp_usec; |
b8ce3b44 | 296 | struct in6_addr gateway; |
91fc5135 | 297 | uint16_t lifetime_sec; |
1e7a0e21 | 298 | unsigned preference; |
91fc5135 | 299 | uint32_t mtu = 0; |
13e8a49a | 300 | int r; |
3b015d40 | 301 | |
3b015d40 | 302 | assert(link); |
610c0db1 | 303 | assert(link->network); |
1e7a0e21 | 304 | assert(rt); |
3b015d40 | 305 | |
610c0db1 YW |
306 | if (!link->network->ipv6_accept_ra_use_gateway && |
307 | hashmap_isempty(link->network->routes_by_section)) | |
308 | return 0; | |
309 | ||
91fc5135 | 310 | r = sd_ndisc_router_get_lifetime(rt, &lifetime_sec); |
d5017c84 | 311 | if (r < 0) |
13e8a49a | 312 | return log_link_error_errno(link, r, "Failed to get gateway lifetime from RA: %m"); |
d5017c84 | 313 | |
91fc5135 | 314 | if (lifetime_sec == 0) /* not a default router */ |
d5017c84 | 315 | return 0; |
1e7a0e21 | 316 | |
ba4e0427 | 317 | r = sd_ndisc_router_get_timestamp(rt, CLOCK_BOOTTIME, ×tamp_usec); |
91fc5135 YW |
318 | if (r < 0) |
319 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); | |
320 | ||
5235d739 | 321 | lifetime_usec = sec16_to_usec(lifetime_sec, timestamp_usec); |
91fc5135 | 322 | |
b8ce3b44 | 323 | r = sd_ndisc_router_get_address(rt, &gateway); |
d5017c84 | 324 | if (r < 0) |
13e8a49a | 325 | return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m"); |
1e7a0e21 | 326 | |
5d003031 | 327 | if (link_get_ipv6_address(link, &gateway, 0, NULL) >= 0) { |
84dbb3fd | 328 | if (DEBUG_LOGGING) |
5eec0a08 | 329 | log_link_debug(link, "No NDisc route added, gateway %s matches local address", |
84dbb3fd | 330 | IN6_ADDR_TO_STRING(&gateway)); |
5eec0a08 | 331 | return 0; |
ce2ea782 | 332 | } |
6d7c7615 | 333 | |
1e7a0e21 | 334 | r = sd_ndisc_router_get_preference(rt, &preference); |
d5017c84 | 335 | if (r < 0) |
13e8a49a | 336 | return log_link_error_errno(link, r, "Failed to get default router preference from RA: %m"); |
1e7a0e21 | 337 | |
7d93b92f YW |
338 | if (link->network->ipv6_accept_ra_use_mtu) { |
339 | r = sd_ndisc_router_get_mtu(rt, &mtu); | |
340 | if (r < 0 && r != -ENODATA) | |
341 | return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m"); | |
342 | } | |
d6fceaf1 | 343 | |
610c0db1 YW |
344 | if (link->network->ipv6_accept_ra_use_gateway) { |
345 | _cleanup_(route_freep) Route *route = NULL; | |
1e7a0e21 | 346 | |
610c0db1 YW |
347 | r = route_new(&route); |
348 | if (r < 0) | |
349 | return log_oom(); | |
1e7a0e21 | 350 | |
610c0db1 YW |
351 | route->family = AF_INET6; |
352 | route->pref = preference; | |
353 | route->gw_family = AF_INET6; | |
354 | route->gw.in6 = gateway; | |
355 | route->lifetime_usec = lifetime_usec; | |
356 | route->mtu = mtu; | |
357 | ||
358 | r = ndisc_request_route(TAKE_PTR(route), link, rt); | |
359 | if (r < 0) | |
360 | return log_link_error_errno(link, r, "Could not request default route: %m"); | |
361 | } | |
d5017c84 | 362 | |
1985c54f | 363 | Route *route_gw; |
2a54a044 | 364 | HASHMAP_FOREACH(route_gw, link->network->routes_by_section) { |
610c0db1 YW |
365 | _cleanup_(route_freep) Route *route = NULL; |
366 | ||
1a3a6309 | 367 | if (!route_gw->gateway_from_dhcp_or_ra) |
1985c54f YW |
368 | continue; |
369 | ||
5bb80a46 | 370 | if (route_gw->gw_family != AF_INET6) |
1985c54f YW |
371 | continue; |
372 | ||
76c5a0f2 YW |
373 | r = route_dup(route_gw, &route); |
374 | if (r < 0) | |
375 | return r; | |
376 | ||
377 | route->gw.in6 = gateway; | |
76c5a0f2 YW |
378 | if (!route->pref_set) |
379 | route->pref = preference; | |
91fc5135 | 380 | route->lifetime_usec = lifetime_usec; |
76c5a0f2 YW |
381 | if (route->mtu == 0) |
382 | route->mtu = mtu; | |
383 | ||
384 | r = ndisc_request_route(TAKE_PTR(route), link, rt); | |
13e8a49a | 385 | if (r < 0) |
76c5a0f2 | 386 | return log_link_error_errno(link, r, "Could not request gateway: %m"); |
1985c54f YW |
387 | } |
388 | ||
d5017c84 | 389 | return 0; |
1e7a0e21 LP |
390 | } |
391 | ||
d5017c84 | 392 | static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) { |
16bc8635 YW |
393 | uint32_t lifetime_valid_sec, lifetime_preferred_sec; |
394 | usec_t lifetime_valid_usec, lifetime_preferred_usec, timestamp_usec; | |
d207581f | 395 | _cleanup_set_free_ Set *addresses = NULL; |
151b8ea3 | 396 | struct in6_addr prefix, *a; |
1e7a0e21 LP |
397 | unsigned prefixlen; |
398 | int r; | |
399 | ||
400 | assert(link); | |
fbdda4bb | 401 | assert(link->network); |
1e7a0e21 LP |
402 | assert(rt); |
403 | ||
fbdda4bb YW |
404 | if (!link->network->ipv6_accept_ra_use_autonomous_prefix) |
405 | return 0; | |
406 | ||
ba4e0427 | 407 | r = sd_ndisc_router_get_timestamp(rt, CLOCK_BOOTTIME, ×tamp_usec); |
d5017c84 | 408 | if (r < 0) |
13e8a49a | 409 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
6554550f | 410 | |
151b8ea3 YW |
411 | r = sd_ndisc_router_prefix_get_address(rt, &prefix); |
412 | if (r < 0) | |
413 | return log_link_error_errno(link, r, "Failed to get prefix address: %m"); | |
414 | ||
1e7a0e21 | 415 | r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen); |
d5017c84 YW |
416 | if (r < 0) |
417 | return log_link_error_errno(link, r, "Failed to get prefix length: %m"); | |
1e7a0e21 | 418 | |
868bd1aa | 419 | /* ndisc_generate_addresses() below requires the prefix length <= 64. */ |
151b8ea3 | 420 | if (prefixlen > 64) { |
c71384a9 ZJS |
421 | log_link_debug(link, "Prefix is longer than 64, ignoring autonomous prefix %s.", |
422 | IN6_ADDR_PREFIX_TO_STRING(&prefix, prefixlen)); | |
151b8ea3 YW |
423 | return 0; |
424 | } | |
425 | ||
16bc8635 | 426 | r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid_sec); |
d5017c84 YW |
427 | if (r < 0) |
428 | return log_link_error_errno(link, r, "Failed to get prefix valid lifetime: %m"); | |
1e7a0e21 | 429 | |
16bc8635 | 430 | if (lifetime_valid_sec == 0) { |
25db3aea YW |
431 | log_link_debug(link, "Ignoring prefix as its valid lifetime is zero."); |
432 | return 0; | |
433 | } | |
434 | ||
16bc8635 | 435 | r = sd_ndisc_router_prefix_get_preferred_lifetime(rt, &lifetime_preferred_sec); |
d5017c84 YW |
436 | if (r < 0) |
437 | return log_link_error_errno(link, r, "Failed to get prefix preferred lifetime: %m"); | |
3b015d40 | 438 | |
92bdc3ff | 439 | /* The preferred lifetime is never greater than the valid lifetime */ |
16bc8635 | 440 | if (lifetime_preferred_sec > lifetime_valid_sec) |
d5017c84 | 441 | return 0; |
92bdc3ff | 442 | |
5235d739 YW |
443 | lifetime_valid_usec = sec_to_usec(lifetime_valid_sec, timestamp_usec); |
444 | lifetime_preferred_usec = sec_to_usec(lifetime_preferred_sec, timestamp_usec); | |
16bc8635 | 445 | |
868bd1aa | 446 | r = ndisc_generate_addresses(link, &prefix, prefixlen, &addresses); |
5f506a55 | 447 | if (r < 0) |
d207581f | 448 | return log_link_error_errno(link, r, "Failed to generate SLAAC addresses: %m"); |
c24c83dc | 449 | |
90e74a66 | 450 | SET_FOREACH(a, addresses) { |
76c5a0f2 | 451 | _cleanup_(address_freep) Address *address = NULL; |
25db3aea | 452 | Address *e; |
13e8a49a | 453 | |
76c5a0f2 YW |
454 | r = address_new(&address); |
455 | if (r < 0) | |
456 | return log_oom(); | |
457 | ||
458 | address->family = AF_INET6; | |
25db3aea | 459 | address->in_addr.in6 = *a; |
76c5a0f2 YW |
460 | address->prefixlen = prefixlen; |
461 | address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR; | |
16bc8635 YW |
462 | address->lifetime_valid_usec = lifetime_valid_usec; |
463 | address->lifetime_preferred_usec = lifetime_preferred_usec; | |
fe841414 | 464 | |
25db3aea YW |
465 | /* See RFC4862, section 5.5.3.e. But the following logic is deviated from RFC4862 by |
466 | * honoring all valid lifetimes to improve the reaction of SLAAC to renumbering events. | |
467 | * See draft-ietf-6man-slaac-renum-02, section 4.2. */ | |
468 | r = address_get(link, address, &e); | |
c24c83dc | 469 | if (r > 0) { |
25db3aea | 470 | /* If the address is already assigned, but not valid anymore, then refuse to |
899034ba | 471 | * update the address, and it will be removed. */ |
16bc8635 | 472 | if (e->lifetime_valid_usec < timestamp_usec) |
25db3aea YW |
473 | continue; |
474 | } | |
3b015d40 | 475 | |
76c5a0f2 | 476 | r = ndisc_request_address(TAKE_PTR(address), link, rt); |
13e8a49a | 477 | if (r < 0) |
76c5a0f2 | 478 | return log_link_error_errno(link, r, "Could not request SLAAC address: %m"); |
3b015d40 | 479 | } |
d5017c84 YW |
480 | |
481 | return 0; | |
3b015d40 TG |
482 | } |
483 | ||
d5017c84 | 484 | static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) { |
8e766630 | 485 | _cleanup_(route_freep) Route *route = NULL; |
91fc5135 YW |
486 | usec_t timestamp_usec; |
487 | uint32_t lifetime_sec; | |
1e7a0e21 | 488 | unsigned prefixlen; |
3b015d40 TG |
489 | int r; |
490 | ||
3b015d40 | 491 | assert(link); |
fbdda4bb | 492 | assert(link->network); |
1e7a0e21 | 493 | assert(rt); |
3b015d40 | 494 | |
fbdda4bb YW |
495 | if (!link->network->ipv6_accept_ra_use_onlink_prefix) |
496 | return 0; | |
497 | ||
09845af5 YW |
498 | r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_sec); |
499 | if (r < 0) | |
500 | return log_link_error_errno(link, r, "Failed to get prefix lifetime: %m"); | |
501 | ||
502 | if (lifetime_sec == 0) | |
503 | return 0; | |
504 | ||
ba4e0427 | 505 | r = sd_ndisc_router_get_timestamp(rt, CLOCK_BOOTTIME, ×tamp_usec); |
d5017c84 | 506 | if (r < 0) |
13e8a49a | 507 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
1e7a0e21 LP |
508 | |
509 | r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen); | |
d5017c84 YW |
510 | if (r < 0) |
511 | return log_link_error_errno(link, r, "Failed to get prefix length: %m"); | |
1e7a0e21 | 512 | |
3b015d40 | 513 | r = route_new(&route); |
d5017c84 | 514 | if (r < 0) |
13e8a49a | 515 | return log_oom(); |
3b015d40 | 516 | |
3b015d40 | 517 | route->family = AF_INET6; |
3b015d40 | 518 | route->flags = RTM_F_PREFIX; |
3b015d40 | 519 | route->dst_prefixlen = prefixlen; |
5235d739 | 520 | route->lifetime_usec = sec_to_usec(lifetime_sec, timestamp_usec); |
3b015d40 | 521 | |
1e7a0e21 | 522 | r = sd_ndisc_router_prefix_get_address(rt, &route->dst.in6); |
d5017c84 YW |
523 | if (r < 0) |
524 | return log_link_error_errno(link, r, "Failed to get prefix address: %m"); | |
1e7a0e21 | 525 | |
76c5a0f2 | 526 | r = ndisc_request_route(TAKE_PTR(route), link, rt); |
13e8a49a | 527 | if (r < 0) |
891fc28b | 528 | return log_link_error_errno(link, r, "Could not request prefix route: %m"); |
d5017c84 YW |
529 | |
530 | return 0; | |
3b015d40 TG |
531 | } |
532 | ||
fbdda4bb YW |
533 | static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt) { |
534 | unsigned prefixlen; | |
535 | struct in6_addr a; | |
536 | uint8_t flags; | |
537 | int r; | |
538 | ||
539 | assert(link); | |
540 | assert(link->network); | |
541 | assert(rt); | |
542 | ||
543 | r = sd_ndisc_router_prefix_get_address(rt, &a); | |
544 | if (r < 0) | |
545 | return log_link_error_errno(link, r, "Failed to get prefix address: %m"); | |
546 | ||
547 | r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen); | |
548 | if (r < 0) | |
549 | return log_link_error_errno(link, r, "Failed to get prefix length: %m"); | |
550 | ||
551 | if (in6_prefix_is_filtered(&a, prefixlen, link->network->ndisc_allow_listed_prefix, link->network->ndisc_deny_listed_prefix)) { | |
c71384a9 ZJS |
552 | if (DEBUG_LOGGING) |
553 | log_link_debug(link, "Prefix '%s' is %s, ignoring", | |
554 | !set_isempty(link->network->ndisc_allow_listed_prefix) ? "not in allow list" | |
555 | : "in deny list", | |
556 | IN6_ADDR_PREFIX_TO_STRING(&a, prefixlen)); | |
fbdda4bb YW |
557 | return 0; |
558 | } | |
559 | ||
560 | r = sd_ndisc_router_prefix_get_flags(rt, &flags); | |
561 | if (r < 0) | |
562 | return log_link_error_errno(link, r, "Failed to get RA prefix flags: %m"); | |
563 | ||
564 | if (FLAGS_SET(flags, ND_OPT_PI_FLAG_ONLINK)) { | |
565 | r = ndisc_router_process_onlink_prefix(link, rt); | |
566 | if (r < 0) | |
567 | return r; | |
568 | } | |
569 | ||
570 | if (FLAGS_SET(flags, ND_OPT_PI_FLAG_AUTO)) { | |
571 | r = ndisc_router_process_autonomous_prefix(link, rt); | |
572 | if (r < 0) | |
573 | return r; | |
574 | } | |
575 | ||
576 | return 0; | |
577 | } | |
578 | ||
d5017c84 | 579 | static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) { |
8e766630 | 580 | _cleanup_(route_freep) Route *route = NULL; |
1e7a0e21 | 581 | unsigned preference, prefixlen; |
91fc5135 YW |
582 | struct in6_addr gateway, dst; |
583 | uint32_t lifetime_sec; | |
584 | usec_t timestamp_usec; | |
7a695d8e | 585 | int r; |
a13c50e7 TG |
586 | |
587 | assert(link); | |
a13c50e7 | 588 | |
610c0db1 YW |
589 | if (!link->network->ipv6_accept_ra_use_route_prefix) |
590 | return 0; | |
591 | ||
91fc5135 | 592 | r = sd_ndisc_router_route_get_lifetime(rt, &lifetime_sec); |
d5017c84 | 593 | if (r < 0) |
a19b1ac7 | 594 | return log_link_error_errno(link, r, "Failed to get route lifetime from RA: %m"); |
d5017c84 | 595 | |
91fc5135 | 596 | if (lifetime_sec == 0) |
d5017c84 | 597 | return 0; |
a13c50e7 | 598 | |
b8ce3b44 | 599 | r = sd_ndisc_router_route_get_address(rt, &dst); |
d5017c84 | 600 | if (r < 0) |
a19b1ac7 | 601 | return log_link_error_errno(link, r, "Failed to get route destination address: %m"); |
3b015d40 | 602 | |
c995fa02 YW |
603 | r = sd_ndisc_router_route_get_prefixlen(rt, &prefixlen); |
604 | if (r < 0) | |
605 | return log_link_error_errno(link, r, "Failed to get route prefix length: %m"); | |
606 | ||
80bfc3b9 YW |
607 | if (in6_addr_is_null(&dst) && prefixlen == 0) { |
608 | log_link_debug(link, "Route prefix is ::/0, ignoring"); | |
609 | return 0; | |
610 | } | |
611 | ||
c71384a9 ZJS |
612 | if (in6_prefix_is_filtered(&dst, prefixlen, |
613 | link->network->ndisc_allow_listed_route_prefix, | |
614 | link->network->ndisc_deny_listed_route_prefix)) { | |
16c89e64 | 615 | |
c71384a9 ZJS |
616 | if (DEBUG_LOGGING) |
617 | log_link_debug(link, "Route prefix %s is %s, ignoring", | |
618 | !set_isempty(link->network->ndisc_allow_listed_route_prefix) ? "not in allow list" | |
619 | : "in deny list", | |
620 | IN6_ADDR_PREFIX_TO_STRING(&dst, prefixlen)); | |
16c89e64 DP |
621 | return 0; |
622 | } | |
623 | ||
b8ce3b44 | 624 | r = sd_ndisc_router_get_address(rt, &gateway); |
19e334bd YW |
625 | if (r < 0) |
626 | return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m"); | |
627 | ||
5d003031 | 628 | if (link_get_ipv6_address(link, &gateway, 0, NULL) >= 0) { |
84dbb3fd ZJS |
629 | if (DEBUG_LOGGING) |
630 | log_link_debug(link, "Advertised route gateway %s is local to the link, ignoring route", | |
631 | IN6_ADDR_TO_STRING(&gateway)); | |
22101916 DP |
632 | return 0; |
633 | } | |
634 | ||
1e7a0e21 | 635 | r = sd_ndisc_router_route_get_preference(rt, &preference); |
d5017c84 | 636 | if (r < 0) |
13e8a49a | 637 | return log_link_error_errno(link, r, "Failed to get default router preference from RA: %m"); |
1e7a0e21 | 638 | |
ba4e0427 | 639 | r = sd_ndisc_router_get_timestamp(rt, CLOCK_BOOTTIME, ×tamp_usec); |
d5017c84 | 640 | if (r < 0) |
13e8a49a | 641 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
3b015d40 TG |
642 | |
643 | r = route_new(&route); | |
d5017c84 | 644 | if (r < 0) |
13e8a49a | 645 | return log_oom(); |
3b015d40 | 646 | |
3b015d40 | 647 | route->family = AF_INET6; |
1e7a0e21 | 648 | route->pref = preference; |
b8ce3b44 | 649 | route->gw.in6 = gateway; |
6dd53981 | 650 | route->gw_family = AF_INET6; |
b8ce3b44 | 651 | route->dst.in6 = dst; |
1e7a0e21 | 652 | route->dst_prefixlen = prefixlen; |
5235d739 | 653 | route->lifetime_usec = sec_to_usec(lifetime_sec, timestamp_usec); |
3b015d40 | 654 | |
76c5a0f2 | 655 | r = ndisc_request_route(TAKE_PTR(route), link, rt); |
13e8a49a | 656 | if (r < 0) |
76c5a0f2 | 657 | return log_link_error_errno(link, r, "Could not request additional route: %m"); |
d5017c84 YW |
658 | |
659 | return 0; | |
9d96e6c3 | 660 | } |
a13c50e7 | 661 | |
7a08d314 | 662 | static void ndisc_rdnss_hash_func(const NDiscRDNSS *x, struct siphash *state) { |
1e7a0e21 LP |
663 | siphash24_compress(&x->address, sizeof(x->address), state); |
664 | } | |
665 | ||
7a08d314 | 666 | static int ndisc_rdnss_compare_func(const NDiscRDNSS *a, const NDiscRDNSS *b) { |
1e7a0e21 LP |
667 | return memcmp(&a->address, &b->address, sizeof(a->address)); |
668 | } | |
669 | ||
b0b97766 YW |
670 | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( |
671 | ndisc_rdnss_hash_ops, | |
672 | NDiscRDNSS, | |
673 | ndisc_rdnss_hash_func, | |
674 | ndisc_rdnss_compare_func, | |
675 | free); | |
1e7a0e21 | 676 | |
d5017c84 | 677 | static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) { |
03ccc4b4 YW |
678 | usec_t lifetime_usec, timestamp_usec; |
679 | uint32_t lifetime_sec; | |
1e7a0e21 | 680 | const struct in6_addr *a; |
50550722 | 681 | struct in6_addr router; |
9092113d | 682 | bool updated = false; |
13e8a49a | 683 | int n, r; |
1e7a0e21 LP |
684 | |
685 | assert(link); | |
ad0b2df6 | 686 | assert(link->network); |
1e7a0e21 LP |
687 | assert(rt); |
688 | ||
ad0b2df6 YW |
689 | if (!link->network->ipv6_accept_ra_use_dns) |
690 | return 0; | |
691 | ||
50550722 YW |
692 | r = sd_ndisc_router_get_address(rt, &router); |
693 | if (r < 0) | |
694 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); | |
695 | ||
ba4e0427 | 696 | r = sd_ndisc_router_get_timestamp(rt, CLOCK_BOOTTIME, ×tamp_usec); |
d5017c84 | 697 | if (r < 0) |
13e8a49a | 698 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
1e7a0e21 | 699 | |
03ccc4b4 | 700 | r = sd_ndisc_router_rdnss_get_lifetime(rt, &lifetime_sec); |
d5017c84 | 701 | if (r < 0) |
13e8a49a | 702 | return log_link_error_errno(link, r, "Failed to get RDNSS lifetime: %m"); |
1e7a0e21 | 703 | |
03ccc4b4 YW |
704 | if (lifetime_sec == 0) |
705 | return 0; | |
706 | ||
5235d739 | 707 | lifetime_usec = sec_to_usec(lifetime_sec, timestamp_usec); |
03ccc4b4 | 708 | |
1e7a0e21 | 709 | n = sd_ndisc_router_rdnss_get_addresses(rt, &a); |
d5017c84 | 710 | if (n < 0) |
13e8a49a | 711 | return log_link_error_errno(link, n, "Failed to get RDNSS addresses: %m"); |
1e7a0e21 | 712 | |
b0b97766 | 713 | if (n >= (int) NDISC_RDNSS_MAX) { |
c0f86d66 | 714 | log_link_warning(link, "Too many RDNSS records per link. Only first %u records will be used.", NDISC_RDNSS_MAX); |
b0b97766 YW |
715 | n = NDISC_RDNSS_MAX; |
716 | } | |
1e7a0e21 | 717 | |
b0b97766 YW |
718 | for (int j = 0; j < n; j++) { |
719 | _cleanup_free_ NDiscRDNSS *x = NULL; | |
3b6a3bde | 720 | NDiscRDNSS *rdnss, d = { |
b0b97766 YW |
721 | .address = a[j], |
722 | }; | |
1e7a0e21 | 723 | |
b0b97766 YW |
724 | rdnss = set_get(link->ndisc_rdnss, &d); |
725 | if (rdnss) { | |
726 | rdnss->marked = false; | |
50550722 | 727 | rdnss->router = router; |
03ccc4b4 | 728 | rdnss->lifetime_usec = lifetime_usec; |
1e7a0e21 LP |
729 | continue; |
730 | } | |
731 | ||
d5017c84 YW |
732 | x = new(NDiscRDNSS, 1); |
733 | if (!x) | |
734 | return log_oom(); | |
1e7a0e21 | 735 | |
d5017c84 | 736 | *x = (NDiscRDNSS) { |
b0b97766 | 737 | .address = a[j], |
50550722 | 738 | .router = router, |
03ccc4b4 | 739 | .lifetime_usec = lifetime_usec, |
d5017c84 | 740 | }; |
1e7a0e21 | 741 | |
35e601d4 | 742 | r = set_ensure_consume(&link->ndisc_rdnss, &ndisc_rdnss_hash_ops, TAKE_PTR(x)); |
d5017c84 YW |
743 | if (r < 0) |
744 | return log_oom(); | |
1e7a0e21 | 745 | assert(r > 0); |
9092113d YW |
746 | |
747 | updated = true; | |
1e7a0e21 | 748 | } |
d5017c84 | 749 | |
9092113d YW |
750 | if (updated) |
751 | link_dirty(link); | |
752 | ||
d5017c84 | 753 | return 0; |
1e7a0e21 LP |
754 | } |
755 | ||
7a08d314 | 756 | static void ndisc_dnssl_hash_func(const NDiscDNSSL *x, struct siphash *state) { |
f281fc1e | 757 | siphash24_compress_string(NDISC_DNSSL_DOMAIN(x), state); |
1e7a0e21 LP |
758 | } |
759 | ||
7a08d314 | 760 | static int ndisc_dnssl_compare_func(const NDiscDNSSL *a, const NDiscDNSSL *b) { |
1e7a0e21 LP |
761 | return strcmp(NDISC_DNSSL_DOMAIN(a), NDISC_DNSSL_DOMAIN(b)); |
762 | } | |
763 | ||
b0b97766 YW |
764 | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( |
765 | ndisc_dnssl_hash_ops, | |
766 | NDiscDNSSL, | |
767 | ndisc_dnssl_hash_func, | |
768 | ndisc_dnssl_compare_func, | |
769 | free); | |
1e7a0e21 | 770 | |
13e8a49a | 771 | static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) { |
1e7a0e21 | 772 | _cleanup_strv_free_ char **l = NULL; |
03ccc4b4 | 773 | usec_t lifetime_usec, timestamp_usec; |
50550722 | 774 | struct in6_addr router; |
03ccc4b4 | 775 | uint32_t lifetime_sec; |
9092113d | 776 | bool updated = false; |
1e7a0e21 LP |
777 | int r; |
778 | ||
779 | assert(link); | |
ad0b2df6 | 780 | assert(link->network); |
1e7a0e21 LP |
781 | assert(rt); |
782 | ||
ad0b2df6 YW |
783 | if (link->network->ipv6_accept_ra_use_domains == DHCP_USE_DOMAINS_NO) |
784 | return 0; | |
785 | ||
50550722 YW |
786 | r = sd_ndisc_router_get_address(rt, &router); |
787 | if (r < 0) | |
788 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); | |
789 | ||
ba4e0427 | 790 | r = sd_ndisc_router_get_timestamp(rt, CLOCK_BOOTTIME, ×tamp_usec); |
13e8a49a YW |
791 | if (r < 0) |
792 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); | |
1e7a0e21 | 793 | |
03ccc4b4 | 794 | r = sd_ndisc_router_dnssl_get_lifetime(rt, &lifetime_sec); |
13e8a49a YW |
795 | if (r < 0) |
796 | return log_link_error_errno(link, r, "Failed to get DNSSL lifetime: %m"); | |
1e7a0e21 | 797 | |
03ccc4b4 YW |
798 | if (lifetime_sec == 0) |
799 | return 0; | |
800 | ||
5235d739 | 801 | lifetime_usec = sec_to_usec(lifetime_sec, timestamp_usec); |
03ccc4b4 | 802 | |
1e7a0e21 | 803 | r = sd_ndisc_router_dnssl_get_domains(rt, &l); |
13e8a49a YW |
804 | if (r < 0) |
805 | return log_link_error_errno(link, r, "Failed to get DNSSL addresses: %m"); | |
1e7a0e21 | 806 | |
b0b97766 | 807 | if (strv_length(l) >= NDISC_DNSSL_MAX) { |
c0f86d66 | 808 | log_link_warning(link, "Too many DNSSL records per link. Only first %u records will be used.", NDISC_DNSSL_MAX); |
b0b97766 YW |
809 | STRV_FOREACH(j, l + NDISC_DNSSL_MAX) |
810 | *j = mfree(*j); | |
811 | } | |
1e7a0e21 | 812 | |
b0b97766 YW |
813 | STRV_FOREACH(j, l) { |
814 | _cleanup_free_ NDiscDNSSL *s = NULL; | |
3b6a3bde | 815 | NDiscDNSSL *dnssl; |
1e7a0e21 | 816 | |
b0b97766 YW |
817 | s = malloc0(ALIGN(sizeof(NDiscDNSSL)) + strlen(*j) + 1); |
818 | if (!s) | |
819 | return log_oom(); | |
1e7a0e21 | 820 | |
b0b97766 | 821 | strcpy(NDISC_DNSSL_DOMAIN(s), *j); |
1e7a0e21 | 822 | |
b0b97766 YW |
823 | dnssl = set_get(link->ndisc_dnssl, s); |
824 | if (dnssl) { | |
825 | dnssl->marked = false; | |
50550722 | 826 | dnssl->router = router; |
03ccc4b4 | 827 | dnssl->lifetime_usec = lifetime_usec; |
1e7a0e21 LP |
828 | continue; |
829 | } | |
830 | ||
50550722 | 831 | s->router = router; |
03ccc4b4 | 832 | s->lifetime_usec = lifetime_usec; |
1e7a0e21 | 833 | |
35e601d4 | 834 | r = set_ensure_consume(&link->ndisc_dnssl, &ndisc_dnssl_hash_ops, TAKE_PTR(s)); |
13e8a49a YW |
835 | if (r < 0) |
836 | return log_oom(); | |
1e7a0e21 | 837 | assert(r > 0); |
9092113d YW |
838 | |
839 | updated = true; | |
1e7a0e21 | 840 | } |
13e8a49a | 841 | |
9092113d YW |
842 | if (updated) |
843 | link_dirty(link); | |
844 | ||
13e8a49a | 845 | return 0; |
1e7a0e21 LP |
846 | } |
847 | ||
e8c9b5b0 | 848 | static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) { |
fbdda4bb YW |
849 | int r; |
850 | ||
1e7a0e21 | 851 | assert(link); |
55d3fdcf | 852 | assert(link->network); |
1e7a0e21 LP |
853 | assert(rt); |
854 | ||
fbdda4bb | 855 | for (r = sd_ndisc_router_option_rewind(rt); ; r = sd_ndisc_router_option_next(rt)) { |
1e7a0e21 LP |
856 | uint8_t type; |
857 | ||
e8c9b5b0 | 858 | if (r < 0) |
13e8a49a | 859 | return log_link_error_errno(link, r, "Failed to iterate through options: %m"); |
1e7a0e21 | 860 | if (r == 0) /* EOF */ |
13e8a49a | 861 | return 0; |
1e7a0e21 LP |
862 | |
863 | r = sd_ndisc_router_option_get_type(rt, &type); | |
e8c9b5b0 | 864 | if (r < 0) |
13e8a49a | 865 | return log_link_error_errno(link, r, "Failed to get RA option type: %m"); |
1e7a0e21 LP |
866 | |
867 | switch (type) { | |
868 | ||
fbdda4bb YW |
869 | case SD_NDISC_OPTION_PREFIX_INFORMATION: |
870 | r = ndisc_router_process_prefix(link, rt); | |
c995fa02 | 871 | if (r < 0) |
fbdda4bb | 872 | return r; |
1e7a0e21 | 873 | break; |
1e7a0e21 LP |
874 | |
875 | case SD_NDISC_OPTION_ROUTE_INFORMATION: | |
13e8a49a YW |
876 | r = ndisc_router_process_route(link, rt); |
877 | if (r < 0) | |
878 | return r; | |
1e7a0e21 LP |
879 | break; |
880 | ||
881 | case SD_NDISC_OPTION_RDNSS: | |
ad0b2df6 YW |
882 | r = ndisc_router_process_rdnss(link, rt); |
883 | if (r < 0) | |
884 | return r; | |
1e7a0e21 LP |
885 | break; |
886 | ||
887 | case SD_NDISC_OPTION_DNSSL: | |
ad0b2df6 YW |
888 | r = ndisc_router_process_dnssl(link, rt); |
889 | if (r < 0) | |
890 | return r; | |
1e7a0e21 LP |
891 | break; |
892 | } | |
1e7a0e21 LP |
893 | } |
894 | } | |
895 | ||
3b6a3bde YW |
896 | static void ndisc_mark(Link *link, const struct in6_addr *router) { |
897 | NDiscRDNSS *rdnss; | |
898 | NDiscDNSSL *dnssl; | |
899 | ||
900 | assert(link); | |
901 | assert(router); | |
902 | ||
903 | link_mark_addresses(link, NETWORK_CONFIG_SOURCE_NDISC, router); | |
904 | link_mark_routes(link, NETWORK_CONFIG_SOURCE_NDISC, router); | |
905 | ||
906 | SET_FOREACH(rdnss, link->ndisc_rdnss) | |
907 | if (in6_addr_equal(&rdnss->router, router)) | |
908 | rdnss->marked = true; | |
909 | ||
910 | SET_FOREACH(dnssl, link->ndisc_dnssl) | |
911 | if (in6_addr_equal(&dnssl->router, router)) | |
912 | dnssl->marked = true; | |
913 | } | |
914 | ||
928112a4 YW |
915 | static int ndisc_start_dhcp6_client(Link *link, sd_ndisc_router *rt) { |
916 | int r; | |
917 | ||
918 | assert(link); | |
919 | assert(link->network); | |
920 | ||
921 | switch (link->network->ipv6_accept_ra_start_dhcp6_client) { | |
922 | case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO: | |
923 | return 0; | |
924 | ||
925 | case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES: { | |
926 | uint64_t flags; | |
927 | ||
928 | r = sd_ndisc_router_get_flags(rt, &flags); | |
929 | if (r < 0) | |
930 | return log_link_warning_errno(link, r, "Failed to get RA flags: %m"); | |
931 | ||
932 | if ((flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER)) == 0) | |
933 | return 0; | |
934 | ||
935 | /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags. | |
0bcc6557 AH |
936 | * Note, if both "managed" and "other configuration" bits are set, then ignore |
937 | * "other configuration" bit. See RFC 4861. */ | |
fac19a21 | 938 | r = dhcp6_start_on_ra(link, !(flags & ND_RA_FLAG_MANAGED)); |
928112a4 YW |
939 | break; |
940 | } | |
941 | case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS: | |
0bcc6557 | 942 | /* When IPv6AcceptRA.DHCPv6Client=always, start dhcp6 client in solicit mode |
928112a4 | 943 | * even if the router flags have neither M nor O flags. */ |
fac19a21 | 944 | r = dhcp6_start_on_ra(link, /* information_request = */ false); |
928112a4 YW |
945 | break; |
946 | ||
947 | default: | |
948 | assert_not_reached(); | |
949 | } | |
950 | ||
951 | if (r < 0) | |
952 | return log_link_error_errno(link, r, "Could not acquire DHCPv6 lease on NDisc request: %m"); | |
953 | ||
954 | log_link_debug(link, "Acquiring DHCPv6 lease on NDisc request"); | |
955 | return 0; | |
956 | } | |
957 | ||
d5017c84 | 958 | static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) { |
b8ce3b44 | 959 | struct in6_addr router; |
86e2be7b | 960 | int r; |
1e7a0e21 LP |
961 | |
962 | assert(link); | |
963 | assert(link->network); | |
964 | assert(link->manager); | |
965 | assert(rt); | |
966 | ||
b8ce3b44 | 967 | r = sd_ndisc_router_get_address(rt, &router); |
75d26411 YW |
968 | if (r < 0) |
969 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); | |
970 | ||
c995fa02 | 971 | if (in6_prefix_is_filtered(&router, 128, link->network->ndisc_allow_listed_router, link->network->ndisc_deny_listed_router)) { |
75d26411 | 972 | if (DEBUG_LOGGING) { |
75d26411 | 973 | if (!set_isempty(link->network->ndisc_allow_listed_router)) |
84dbb3fd | 974 | log_link_debug(link, "Router %s is not in allow list, ignoring.", IN6_ADDR_TO_STRING(&router)); |
75d26411 | 975 | else |
84dbb3fd | 976 | log_link_debug(link, "Router %s is in deny list, ignoring.", IN6_ADDR_TO_STRING(&router)); |
75d26411 YW |
977 | } |
978 | return 0; | |
979 | } | |
980 | ||
3b6a3bde | 981 | ndisc_mark(link, &router); |
69203fba | 982 | |
928112a4 YW |
983 | r = ndisc_start_dhcp6_client(link, rt); |
984 | if (r < 0) | |
985 | return r; | |
1e7a0e21 | 986 | |
13e8a49a YW |
987 | r = ndisc_router_process_default(link, rt); |
988 | if (r < 0) | |
989 | return r; | |
fbdda4bb | 990 | |
13e8a49a YW |
991 | r = ndisc_router_process_options(link, rt); |
992 | if (r < 0) | |
993 | return r; | |
d5017c84 | 994 | |
3b6a3bde YW |
995 | if (link->ndisc_messages == 0) { |
996 | link->ndisc_configured = true; | |
69203fba | 997 | |
3b6a3bde YW |
998 | r = ndisc_remove(link, &router); |
999 | if (r < 0) | |
1000 | return r; | |
1001 | } else | |
1002 | log_link_debug(link, "Setting SLAAC addresses and router."); | |
69203fba | 1003 | |
3b6a3bde | 1004 | if (!link->ndisc_configured) |
69203fba YW |
1005 | link_set_state(link, LINK_STATE_CONFIGURING); |
1006 | ||
76c5a0f2 | 1007 | link_check_ready(link); |
69203fba | 1008 | return 0; |
1e7a0e21 LP |
1009 | } |
1010 | ||
2324fd3a | 1011 | static void ndisc_handler(sd_ndisc *nd, sd_ndisc_event_t event, sd_ndisc_router *rt, void *userdata) { |
99534007 | 1012 | Link *link = ASSERT_PTR(userdata); |
13e8a49a | 1013 | int r; |
a13c50e7 | 1014 | |
9d96e6c3 TG |
1015 | if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) |
1016 | return; | |
a13c50e7 | 1017 | |
9d96e6c3 | 1018 | switch (event) { |
1e7a0e21 LP |
1019 | |
1020 | case SD_NDISC_EVENT_ROUTER: | |
13e8a49a YW |
1021 | r = ndisc_router_handler(link, rt); |
1022 | if (r < 0) { | |
1023 | link_enter_failed(link); | |
1024 | return; | |
1025 | } | |
1e7a0e21 LP |
1026 | break; |
1027 | ||
9d96e6c3 | 1028 | case SD_NDISC_EVENT_TIMEOUT: |
a8c10331 | 1029 | log_link_debug(link, "NDisc handler get timeout event"); |
3b6a3bde YW |
1030 | if (link->ndisc_messages == 0) { |
1031 | link->ndisc_configured = true; | |
3336e946 YW |
1032 | link_check_ready(link); |
1033 | } | |
9d96e6c3 TG |
1034 | break; |
1035 | default: | |
04499a70 | 1036 | assert_not_reached(); |
a13c50e7 TG |
1037 | } |
1038 | } | |
1039 | ||
ba4c7184 | 1040 | static int ndisc_configure(Link *link) { |
a13c50e7 TG |
1041 | int r; |
1042 | ||
1e7a0e21 LP |
1043 | assert(link); |
1044 | ||
2ffd6d73 YW |
1045 | if (!link_ipv6_accept_ra_enabled(link)) |
1046 | return 0; | |
a13c50e7 | 1047 | |
5c078687 | 1048 | if (link->ndisc) |
bc9e40c9 | 1049 | return -EBUSY; /* Already configured. */ |
2ffd6d73 | 1050 | |
5c078687 YW |
1051 | r = sd_ndisc_new(&link->ndisc); |
1052 | if (r < 0) | |
1053 | return r; | |
1054 | ||
1055 | r = sd_ndisc_attach_event(link->ndisc, link->manager->event, 0); | |
1056 | if (r < 0) | |
1057 | return r; | |
a13c50e7 | 1058 | |
3be64aa4 YW |
1059 | if (link->hw_addr.length == ETH_ALEN) { |
1060 | r = sd_ndisc_set_mac(link->ndisc, &link->hw_addr.ether); | |
1061 | if (r < 0) | |
1062 | return r; | |
1063 | } | |
a13c50e7 | 1064 | |
1e7a0e21 | 1065 | r = sd_ndisc_set_ifindex(link->ndisc, link->ifindex); |
a13c50e7 TG |
1066 | if (r < 0) |
1067 | return r; | |
1068 | ||
1e7a0e21 | 1069 | r = sd_ndisc_set_callback(link->ndisc, ndisc_handler, link); |
a13c50e7 TG |
1070 | if (r < 0) |
1071 | return r; | |
1072 | ||
1e7a0e21 LP |
1073 | return 0; |
1074 | } | |
1075 | ||
294f129b | 1076 | int ndisc_start(Link *link) { |
ba4c7184 YW |
1077 | int r; |
1078 | ||
294f129b YW |
1079 | assert(link); |
1080 | ||
1081 | if (!link->ndisc || !link->dhcp6_client) | |
1082 | return 0; | |
1083 | ||
ccffa166 YW |
1084 | if (!link_has_carrier(link)) |
1085 | return 0; | |
1086 | ||
3b6a3bde YW |
1087 | if (in6_addr_is_null(&link->ipv6ll_address)) |
1088 | return 0; | |
1089 | ||
294f129b YW |
1090 | log_link_debug(link, "Discovering IPv6 routers"); |
1091 | ||
ba4c7184 YW |
1092 | r = sd_ndisc_start(link->ndisc); |
1093 | if (r < 0) | |
1094 | return r; | |
1095 | ||
1096 | return 1; | |
1097 | } | |
1098 | ||
09d09207 | 1099 | static int ndisc_process_request(Request *req, Link *link, void *userdata) { |
ba4c7184 YW |
1100 | int r; |
1101 | ||
ff51134c | 1102 | assert(link); |
ba4c7184 | 1103 | |
4b482e8b | 1104 | if (!link_is_ready_to_configure(link, /* allow_unmanaged = */ false)) |
ba4c7184 YW |
1105 | return 0; |
1106 | ||
ba4c7184 YW |
1107 | r = ndisc_configure(link); |
1108 | if (r < 0) | |
1109 | return log_link_warning_errno(link, r, "Failed to configure IPv6 Router Discovery: %m"); | |
1110 | ||
1111 | r = ndisc_start(link); | |
1112 | if (r < 0) | |
1113 | return log_link_warning_errno(link, r, "Failed to start IPv6 Router Discovery: %m"); | |
1114 | ||
1115 | log_link_debug(link, "IPv6 Router Discovery is configured%s.", | |
1116 | r > 0 ? " and started" : ""); | |
ba4c7184 YW |
1117 | return 1; |
1118 | } | |
1119 | ||
1120 | int link_request_ndisc(Link *link) { | |
1121 | int r; | |
1122 | ||
1123 | assert(link); | |
1124 | ||
1125 | if (!link_ipv6_accept_ra_enabled(link)) | |
1126 | return 0; | |
1127 | ||
1128 | if (link->ndisc) | |
1129 | return 0; | |
1130 | ||
09d09207 | 1131 | r = link_queue_request(link, REQUEST_TYPE_NDISC, ndisc_process_request, NULL); |
ba4c7184 YW |
1132 | if (r < 0) |
1133 | return log_link_warning_errno(link, r, "Failed to request configuring of the IPv6 Router Discovery: %m"); | |
1134 | ||
1135 | log_link_debug(link, "Requested configuring of the IPv6 Router Discovery."); | |
1136 | return 0; | |
294f129b YW |
1137 | } |
1138 | ||
1e7a0e21 LP |
1139 | void ndisc_vacuum(Link *link) { |
1140 | NDiscRDNSS *r; | |
1141 | NDiscDNSSL *d; | |
def4741b | 1142 | usec_t now_usec; |
1e7a0e21 LP |
1143 | |
1144 | assert(link); | |
def4741b | 1145 | assert(link->manager); |
1e7a0e21 LP |
1146 | |
1147 | /* Removes all RDNSS and DNSSL entries whose validity time has passed */ | |
1148 | ||
def4741b | 1149 | assert_se(sd_event_now(link->manager->event, CLOCK_BOOTTIME, &now_usec) >= 0); |
1e7a0e21 | 1150 | |
90e74a66 | 1151 | SET_FOREACH(r, link->ndisc_rdnss) |
def4741b | 1152 | if (r->lifetime_usec < now_usec) |
02affb4e | 1153 | free(set_remove(link->ndisc_rdnss, r)); |
a13c50e7 | 1154 | |
90e74a66 | 1155 | SET_FOREACH(d, link->ndisc_dnssl) |
def4741b | 1156 | if (d->lifetime_usec < now_usec) |
02affb4e | 1157 | free(set_remove(link->ndisc_dnssl, d)); |
a13c50e7 | 1158 | } |
c69305ff LP |
1159 | |
1160 | void ndisc_flush(Link *link) { | |
1161 | assert(link); | |
1162 | ||
1163 | /* Removes all RDNSS and DNSSL entries, without exception */ | |
1164 | ||
b0b97766 YW |
1165 | link->ndisc_rdnss = set_free(link->ndisc_rdnss); |
1166 | link->ndisc_dnssl = set_free(link->ndisc_dnssl); | |
c69305ff | 1167 | } |
e520ce64 | 1168 | |
ac24e418 SS |
1169 | static const char* const ipv6_accept_ra_start_dhcp6_client_table[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX] = { |
1170 | [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO] = "no", | |
1171 | [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS] = "always", | |
1172 | [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES] = "yes", | |
1173 | }; | |
1174 | ||
3b6a3bde YW |
1175 | DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES); |
1176 | ||
1177 | DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_use_domains, dhcp_use_domains, DHCPUseDomains, | |
1178 | "Failed to parse UseDomains= setting"); | |
1179 | DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_start_dhcp6_client, ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client, | |
1180 | "Failed to parse DHCPv6Client= setting"); |