]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
a13c50e7 | 2 | /*** |
810adae9 | 3 | Copyright © 2014 Intel Corporation. All rights reserved. |
a13c50e7 TG |
4 | ***/ |
5 | ||
23f53b99 | 6 | #include <arpa/inet.h> |
062c020f | 7 | #include <netinet/icmp6.h> |
b8162cd2 | 8 | #include <net/if_arp.h> |
062c020f | 9 | #include <linux/if.h> |
a13c50e7 | 10 | |
a13c50e7 TG |
11 | #include "sd-ndisc.h" |
12 | ||
d909e4af | 13 | #include "missing_network.h" |
093e3533 | 14 | #include "networkd-address.h" |
ca5ad760 | 15 | #include "networkd-dhcp6.h" |
73854ba1 | 16 | #include "networkd-manager.h" |
1e7a0e21 | 17 | #include "networkd-ndisc.h" |
3b5a4fc6 | 18 | #include "networkd-state-file.h" |
ac24e418 | 19 | #include "string-table.h" |
5f506a55 | 20 | #include "string-util.h" |
51517f9e | 21 | #include "strv.h" |
1e7a0e21 LP |
22 | |
23 | #define NDISC_DNSSL_MAX 64U | |
24 | #define NDISC_RDNSS_MAX 64U | |
6554550f | 25 | #define NDISC_PREFIX_LFT_MIN 7200U |
fe307276 | 26 | |
5f506a55 SS |
27 | #define DAD_CONFLICTS_IDGEN_RETRIES_RFC7217 3 |
28 | ||
29 | /* https://tools.ietf.org/html/rfc5453 */ | |
30 | /* https://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xml */ | |
31 | ||
32 | #define SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }) | |
33 | #define SUBNET_ROUTER_ANYCAST_PREFIXLEN 8 | |
34 | #define RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x02, 0x00, 0x5E, 0xFF, 0xFE } }) | |
35 | #define RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN 5 | |
36 | #define RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291 ((struct in6_addr) { .s6_addr = { 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } }) | |
37 | #define RESERVED_SUBNET_ANYCAST_PREFIXLEN 7 | |
38 | ||
39 | #define NDISC_APP_ID SD_ID128_MAKE(13,ac,81,a7,d5,3f,49,78,92,79,5d,0c,29,3a,bc,7e) | |
40 | ||
062c020f YW |
41 | bool link_ipv6_accept_ra_enabled(Link *link) { |
42 | assert(link); | |
43 | ||
44 | if (!socket_ipv6_is_supported()) | |
45 | return false; | |
46 | ||
47 | if (link->flags & IFF_LOOPBACK) | |
48 | return false; | |
49 | ||
50 | if (!link->network) | |
51 | return false; | |
52 | ||
53 | if (!link_ipv6ll_enabled(link)) | |
54 | return false; | |
55 | ||
3773eb54 YW |
56 | assert(link->network->ipv6_accept_ra >= 0); |
57 | return link->network->ipv6_accept_ra; | |
58 | } | |
59 | ||
60 | void network_adjust_ipv6_accept_ra(Network *network) { | |
61 | assert(network); | |
62 | ||
63 | if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) { | |
64 | if (network->ipv6_accept_ra > 0) | |
65 | log_warning("%s: IPv6AcceptRA= is enabled but IPv6 link local addressing is disabled or not supported. " | |
66 | "Disabling IPv6AcceptRA=.", network->filename); | |
67 | network->ipv6_accept_ra = false; | |
68 | } | |
69 | ||
70 | if (network->ipv6_accept_ra < 0) | |
062c020f | 71 | /* default to accept RA if ip_forward is disabled and ignore RA if ip_forward is enabled */ |
3773eb54 | 72 | network->ipv6_accept_ra = !FLAGS_SET(network->ip_forward, ADDRESS_FAMILY_IPV6); |
de6b6ff8 | 73 | |
75d26411 YW |
74 | /* When RouterAllowList=, PrefixAllowList= or RouteAllowList= are specified, then |
75 | * RouterDenyList=, PrefixDenyList= or RouteDenyList= are ignored, respectively. */ | |
76 | if (!set_isempty(network->ndisc_allow_listed_router)) | |
77 | network->ndisc_deny_listed_router = set_free_free(network->ndisc_deny_listed_router); | |
de6b6ff8 SS |
78 | if (!set_isempty(network->ndisc_allow_listed_prefix)) |
79 | network->ndisc_deny_listed_prefix = set_free_free(network->ndisc_deny_listed_prefix); | |
80 | if (!set_isempty(network->ndisc_allow_listed_route_prefix)) | |
81 | network->ndisc_deny_listed_route_prefix = set_free_free(network->ndisc_deny_listed_route_prefix); | |
062c020f YW |
82 | } |
83 | ||
50550722 | 84 | static int ndisc_remove_old_one(Link *link, const struct in6_addr *router, bool force); |
69203fba YW |
85 | |
86 | static int ndisc_address_callback(Address *address) { | |
50550722 YW |
87 | struct in6_addr router = {}; |
88 | NDiscAddress *n; | |
69203fba YW |
89 | |
90 | assert(address); | |
91 | assert(address->link); | |
b8ce3b44 | 92 | assert(address->family == AF_INET6); |
69203fba | 93 | |
90e74a66 | 94 | SET_FOREACH(n, address->link->ndisc_addresses) |
50550722 YW |
95 | if (n->address == address) { |
96 | router = n->router; | |
97 | break; | |
98 | } | |
99 | ||
94876904 | 100 | if (in6_addr_is_null(&router)) { |
50550722 YW |
101 | _cleanup_free_ char *buf = NULL; |
102 | ||
b8ce3b44 | 103 | (void) in6_addr_prefix_to_string(&address->in_addr.in6, address->prefixlen, &buf); |
5380707a YW |
104 | log_link_debug(address->link, "%s is called for %s, but it is already removed, ignoring.", |
105 | __func__, strna(buf)); | |
50550722 YW |
106 | return 0; |
107 | } | |
108 | ||
69203fba | 109 | /* Make this called only once */ |
90e74a66 | 110 | SET_FOREACH(n, address->link->ndisc_addresses) |
b8ce3b44 | 111 | if (in6_addr_equal(&n->router, &router)) |
50550722 | 112 | n->address->callback = NULL; |
69203fba | 113 | |
50550722 | 114 | return ndisc_remove_old_one(address->link, &router, true); |
69203fba YW |
115 | } |
116 | ||
50550722 YW |
117 | static int ndisc_remove_old_one(Link *link, const struct in6_addr *router, bool force) { |
118 | NDiscAddress *na; | |
119 | NDiscRoute *nr; | |
b0b97766 YW |
120 | NDiscDNSSL *dnssl; |
121 | NDiscRDNSS *rdnss; | |
69203fba | 122 | int k, r = 0; |
9092113d | 123 | bool updated = false; |
69203fba YW |
124 | |
125 | assert(link); | |
50550722 | 126 | assert(router); |
69203fba YW |
127 | |
128 | if (!force) { | |
50550722 | 129 | bool set_callback = false; |
69203fba YW |
130 | |
131 | if (!link->ndisc_addresses_configured || !link->ndisc_routes_configured) | |
132 | return 0; | |
133 | ||
90e74a66 | 134 | SET_FOREACH(na, link->ndisc_addresses) |
b8ce3b44 | 135 | if (!na->marked && in6_addr_equal(&na->router, router)) { |
50550722 | 136 | set_callback = true; |
69203fba YW |
137 | break; |
138 | } | |
139 | ||
50550722 | 140 | if (set_callback) |
90e74a66 | 141 | SET_FOREACH(na, link->ndisc_addresses) |
50550722 YW |
142 | if (!na->marked && address_is_ready(na->address)) { |
143 | set_callback = false; | |
144 | break; | |
145 | } | |
146 | ||
69203fba | 147 | if (set_callback) { |
90e74a66 | 148 | SET_FOREACH(na, link->ndisc_addresses) |
b8ce3b44 | 149 | if (!na->marked && in6_addr_equal(&na->router, router)) |
50550722 YW |
150 | na->address->callback = ndisc_address_callback; |
151 | ||
152 | if (DEBUG_LOGGING) { | |
153 | _cleanup_free_ char *buf = NULL; | |
154 | ||
b8ce3b44 | 155 | (void) in6_addr_to_string(router, &buf); |
50550722 YW |
156 | log_link_debug(link, "No SLAAC address obtained from %s is ready. " |
157 | "The old NDisc information will be removed later.", | |
158 | strna(buf)); | |
159 | } | |
69203fba YW |
160 | return 0; |
161 | } | |
162 | } | |
163 | ||
50550722 YW |
164 | if (DEBUG_LOGGING) { |
165 | _cleanup_free_ char *buf = NULL; | |
166 | ||
b8ce3b44 | 167 | (void) in6_addr_to_string(router, &buf); |
50550722 YW |
168 | log_link_debug(link, "Removing old NDisc information obtained from %s.", strna(buf)); |
169 | } | |
69203fba | 170 | |
90e74a66 | 171 | SET_FOREACH(na, link->ndisc_addresses) |
b8ce3b44 | 172 | if (na->marked && in6_addr_equal(&na->router, router)) { |
50550722 YW |
173 | k = address_remove(na->address, link, NULL); |
174 | if (k < 0) | |
175 | r = k; | |
176 | } | |
69203fba | 177 | |
90e74a66 | 178 | SET_FOREACH(nr, link->ndisc_routes) |
b8ce3b44 | 179 | if (nr->marked && in6_addr_equal(&nr->router, router)) { |
ad208fac | 180 | k = route_remove(nr->route, NULL, link, NULL); |
50550722 YW |
181 | if (k < 0) |
182 | r = k; | |
183 | } | |
69203fba | 184 | |
90e74a66 | 185 | SET_FOREACH(rdnss, link->ndisc_rdnss) |
b8ce3b44 | 186 | if (rdnss->marked && in6_addr_equal(&rdnss->router, router)) { |
b0b97766 | 187 | free(set_remove(link->ndisc_rdnss, rdnss)); |
9092113d YW |
188 | updated = true; |
189 | } | |
b0b97766 | 190 | |
90e74a66 | 191 | SET_FOREACH(dnssl, link->ndisc_dnssl) |
b8ce3b44 | 192 | if (dnssl->marked && in6_addr_equal(&dnssl->router, router)) { |
b0b97766 | 193 | free(set_remove(link->ndisc_dnssl, dnssl)); |
9092113d YW |
194 | updated = true; |
195 | } | |
196 | ||
197 | if (updated) | |
198 | link_dirty(link); | |
b0b97766 | 199 | |
69203fba YW |
200 | return r; |
201 | } | |
202 | ||
50550722 YW |
203 | static int ndisc_remove_old(Link *link) { |
204 | _cleanup_set_free_free_ Set *routers = NULL; | |
205 | _cleanup_free_ struct in6_addr *router = NULL; | |
206 | struct in6_addr *a; | |
207 | NDiscAddress *na; | |
208 | NDiscRoute *nr; | |
209 | NDiscDNSSL *dnssl; | |
210 | NDiscRDNSS *rdnss; | |
50550722 YW |
211 | int k, r; |
212 | ||
213 | assert(link); | |
214 | ||
215 | routers = set_new(&in6_addr_hash_ops); | |
216 | if (!routers) | |
217 | return -ENOMEM; | |
218 | ||
90e74a66 | 219 | SET_FOREACH(na, link->ndisc_addresses) |
50550722 YW |
220 | if (!set_contains(routers, &na->router)) { |
221 | router = newdup(struct in6_addr, &na->router, 1); | |
222 | if (!router) | |
223 | return -ENOMEM; | |
224 | ||
225 | r = set_put(routers, router); | |
226 | if (r < 0) | |
227 | return r; | |
228 | ||
229 | assert(r > 0); | |
230 | TAKE_PTR(router); | |
231 | } | |
232 | ||
90e74a66 | 233 | SET_FOREACH(nr, link->ndisc_routes) |
50550722 YW |
234 | if (!set_contains(routers, &nr->router)) { |
235 | router = newdup(struct in6_addr, &nr->router, 1); | |
236 | if (!router) | |
237 | return -ENOMEM; | |
238 | ||
239 | r = set_put(routers, router); | |
240 | if (r < 0) | |
241 | return r; | |
242 | ||
243 | assert(r > 0); | |
244 | TAKE_PTR(router); | |
245 | } | |
246 | ||
90e74a66 | 247 | SET_FOREACH(rdnss, link->ndisc_rdnss) |
50550722 YW |
248 | if (!set_contains(routers, &rdnss->router)) { |
249 | router = newdup(struct in6_addr, &rdnss->router, 1); | |
250 | if (!router) | |
251 | return -ENOMEM; | |
252 | ||
253 | r = set_put(routers, router); | |
254 | if (r < 0) | |
255 | return r; | |
256 | ||
257 | assert(r > 0); | |
258 | TAKE_PTR(router); | |
259 | } | |
260 | ||
90e74a66 | 261 | SET_FOREACH(dnssl, link->ndisc_dnssl) |
50550722 YW |
262 | if (!set_contains(routers, &dnssl->router)) { |
263 | router = newdup(struct in6_addr, &dnssl->router, 1); | |
264 | if (!router) | |
265 | return -ENOMEM; | |
266 | ||
267 | r = set_put(routers, router); | |
268 | if (r < 0) | |
269 | return r; | |
270 | ||
271 | assert(r > 0); | |
272 | TAKE_PTR(router); | |
273 | } | |
274 | ||
275 | r = 0; | |
90e74a66 | 276 | SET_FOREACH(a, routers) { |
50550722 YW |
277 | k = ndisc_remove_old_one(link, a, false); |
278 | if (k < 0) | |
279 | r = k; | |
280 | } | |
281 | ||
282 | return r; | |
283 | } | |
284 | ||
285 | static void ndisc_route_hash_func(const NDiscRoute *x, struct siphash *state) { | |
286 | route_hash_func(x->route, state); | |
287 | } | |
288 | ||
289 | static int ndisc_route_compare_func(const NDiscRoute *a, const NDiscRoute *b) { | |
290 | return route_compare_func(a->route, b->route); | |
291 | } | |
292 | ||
293 | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( | |
294 | ndisc_route_hash_ops, | |
295 | NDiscRoute, | |
296 | ndisc_route_hash_func, | |
297 | ndisc_route_compare_func, | |
298 | free); | |
299 | ||
d98c546d | 300 | static int ndisc_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { |
3b015d40 TG |
301 | int r; |
302 | ||
303 | assert(link); | |
d98c546d | 304 | assert(link->ndisc_routes_messages > 0); |
3b015d40 | 305 | |
d98c546d | 306 | link->ndisc_routes_messages--; |
3b015d40 | 307 | |
4ff296b0 YW |
308 | if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) |
309 | return 1; | |
310 | ||
3b015d40 | 311 | r = sd_netlink_message_get_errno(m); |
4ff296b0 | 312 | if (r < 0 && r != -EEXIST) { |
d98c546d | 313 | log_link_message_error_errno(link, m, r, "Could not set NDisc route"); |
4ff296b0 YW |
314 | link_enter_failed(link); |
315 | return 1; | |
316 | } | |
3b015d40 | 317 | |
d98c546d YW |
318 | if (link->ndisc_routes_messages == 0) { |
319 | log_link_debug(link, "NDisc routes set."); | |
320 | link->ndisc_routes_configured = true; | |
69203fba | 321 | |
50550722 | 322 | r = ndisc_remove_old(link); |
69203fba YW |
323 | if (r < 0) { |
324 | link_enter_failed(link); | |
325 | return 1; | |
326 | } | |
327 | ||
3b015d40 TG |
328 | link_check_ready(link); |
329 | } | |
330 | ||
331 | return 1; | |
332 | } | |
333 | ||
50550722 YW |
334 | static int ndisc_route_configure(Route *route, Link *link, sd_ndisc_router *rt) { |
335 | _cleanup_free_ NDiscRoute *nr = NULL; | |
336 | NDiscRoute *nr_exist; | |
337 | struct in6_addr router; | |
338 | Route *ret; | |
339 | int r; | |
340 | ||
341 | assert(route); | |
342 | assert(link); | |
343 | assert(rt); | |
344 | ||
345 | r = route_configure(route, link, ndisc_route_handler, &ret); | |
346 | if (r < 0) | |
347 | return log_link_error_errno(link, r, "Failed to set NDisc route: %m"); | |
24b445c2 YW |
348 | if (r > 0) |
349 | link->ndisc_routes_configured = false; | |
50550722 YW |
350 | |
351 | link->ndisc_routes_messages++; | |
352 | ||
353 | r = sd_ndisc_router_get_address(rt, &router); | |
354 | if (r < 0) | |
355 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); | |
356 | ||
357 | nr = new(NDiscRoute, 1); | |
358 | if (!nr) | |
359 | return log_oom(); | |
360 | ||
361 | *nr = (NDiscRoute) { | |
362 | .router = router, | |
363 | .route = ret, | |
364 | }; | |
365 | ||
366 | nr_exist = set_get(link->ndisc_routes, nr); | |
367 | if (nr_exist) { | |
368 | nr_exist->marked = false; | |
369 | nr_exist->router = router; | |
370 | return 0; | |
371 | } | |
372 | ||
373 | r = set_ensure_put(&link->ndisc_routes, &ndisc_route_hash_ops, nr); | |
374 | if (r < 0) | |
375 | return log_link_error_errno(link, r, "Failed to store NDisc SLAAC route: %m"); | |
376 | assert(r > 0); | |
377 | TAKE_PTR(nr); | |
378 | ||
379 | return 0; | |
380 | } | |
381 | ||
382 | static void ndisc_address_hash_func(const NDiscAddress *x, struct siphash *state) { | |
383 | address_hash_func(x->address, state); | |
384 | } | |
385 | ||
386 | static int ndisc_address_compare_func(const NDiscAddress *a, const NDiscAddress *b) { | |
387 | return address_compare_func(a->address, b->address); | |
388 | } | |
389 | ||
390 | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( | |
391 | ndisc_address_hash_ops, | |
392 | NDiscAddress, | |
393 | ndisc_address_hash_func, | |
394 | ndisc_address_compare_func, | |
395 | free); | |
396 | ||
d98c546d | 397 | static int ndisc_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { |
73854ba1 YW |
398 | int r; |
399 | ||
400 | assert(link); | |
d98c546d | 401 | assert(link->ndisc_addresses_messages > 0); |
73854ba1 | 402 | |
d98c546d | 403 | link->ndisc_addresses_messages--; |
73854ba1 | 404 | |
4ff296b0 YW |
405 | if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) |
406 | return 1; | |
407 | ||
73854ba1 | 408 | r = sd_netlink_message_get_errno(m); |
4ff296b0 | 409 | if (r < 0 && r != -EEXIST) { |
d98c546d | 410 | log_link_message_error_errno(link, m, r, "Could not set NDisc address"); |
4ff296b0 YW |
411 | link_enter_failed(link); |
412 | return 1; | |
413 | } else if (r >= 0) | |
414 | (void) manager_rtnl_process_address(rtnl, m, link->manager); | |
73854ba1 | 415 | |
d98c546d YW |
416 | if (link->ndisc_addresses_messages == 0) { |
417 | log_link_debug(link, "NDisc SLAAC addresses set."); | |
418 | link->ndisc_addresses_configured = true; | |
69203fba | 419 | |
50550722 | 420 | r = ndisc_remove_old(link); |
69203fba YW |
421 | if (r < 0) { |
422 | link_enter_failed(link); | |
423 | return 1; | |
424 | } | |
73854ba1 YW |
425 | } |
426 | ||
427 | return 1; | |
428 | } | |
429 | ||
50550722 YW |
430 | static int ndisc_address_configure(Address *address, Link *link, sd_ndisc_router *rt) { |
431 | _cleanup_free_ NDiscAddress *na = NULL; | |
432 | NDiscAddress *na_exist; | |
433 | struct in6_addr router; | |
69203fba YW |
434 | Address *ret; |
435 | int r; | |
436 | ||
437 | assert(address); | |
438 | assert(link); | |
50550722 | 439 | assert(rt); |
69203fba | 440 | |
37c0b601 | 441 | r = address_configure(address, link, ndisc_address_handler, &ret); |
69203fba YW |
442 | if (r < 0) |
443 | return log_link_error_errno(link, r, "Failed to set NDisc SLAAC address: %m"); | |
24b445c2 YW |
444 | if (r > 0) |
445 | link->ndisc_addresses_configured = false; | |
69203fba YW |
446 | |
447 | link->ndisc_addresses_messages++; | |
448 | ||
50550722 | 449 | r = sd_ndisc_router_get_address(rt, &router); |
69203fba | 450 | if (r < 0) |
50550722 YW |
451 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); |
452 | ||
453 | na = new(NDiscAddress, 1); | |
454 | if (!na) | |
455 | return log_oom(); | |
69203fba | 456 | |
50550722 YW |
457 | *na = (NDiscAddress) { |
458 | .router = router, | |
459 | .address = ret, | |
460 | }; | |
461 | ||
462 | na_exist = set_get(link->ndisc_addresses, na); | |
463 | if (na_exist) { | |
464 | na_exist->marked = false; | |
465 | na_exist->router = router; | |
466 | return 0; | |
467 | } | |
468 | ||
469 | r = set_ensure_put(&link->ndisc_addresses, &ndisc_address_hash_ops, na); | |
470 | if (r < 0) | |
471 | return log_link_error_errno(link, r, "Failed to store NDisc SLAAC address: %m"); | |
472 | assert(r > 0); | |
473 | TAKE_PTR(na); | |
69203fba YW |
474 | |
475 | return 0; | |
476 | } | |
477 | ||
d5017c84 | 478 | static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { |
8e766630 | 479 | _cleanup_(route_freep) Route *route = NULL; |
b8ce3b44 | 480 | struct in6_addr gateway; |
1e7a0e21 LP |
481 | uint16_t lifetime; |
482 | unsigned preference; | |
c27abcf4 | 483 | uint32_t table, mtu; |
3b015d40 | 484 | usec_t time_now; |
13e8a49a | 485 | int r; |
3b015d40 | 486 | |
3b015d40 | 487 | assert(link); |
1e7a0e21 | 488 | assert(rt); |
3b015d40 | 489 | |
1e7a0e21 | 490 | r = sd_ndisc_router_get_lifetime(rt, &lifetime); |
d5017c84 | 491 | if (r < 0) |
13e8a49a | 492 | return log_link_error_errno(link, r, "Failed to get gateway lifetime from RA: %m"); |
d5017c84 | 493 | |
1e7a0e21 | 494 | if (lifetime == 0) /* not a default router */ |
d5017c84 | 495 | return 0; |
1e7a0e21 | 496 | |
b8ce3b44 | 497 | r = sd_ndisc_router_get_address(rt, &gateway); |
d5017c84 | 498 | if (r < 0) |
13e8a49a | 499 | return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m"); |
1e7a0e21 | 500 | |
b8ce3b44 | 501 | if (link_has_ipv6_address(link, &gateway) > 0) { |
5eec0a08 YW |
502 | if (DEBUG_LOGGING) { |
503 | _cleanup_free_ char *buffer = NULL; | |
6d7c7615 | 504 | |
b8ce3b44 | 505 | (void) in6_addr_to_string(&gateway, &buffer); |
5eec0a08 | 506 | log_link_debug(link, "No NDisc route added, gateway %s matches local address", |
b8ce3b44 | 507 | strna(buffer)); |
6d7c7615 | 508 | } |
5eec0a08 | 509 | return 0; |
ce2ea782 | 510 | } |
6d7c7615 | 511 | |
1e7a0e21 | 512 | r = sd_ndisc_router_get_preference(rt, &preference); |
d5017c84 | 513 | if (r < 0) |
13e8a49a | 514 | return log_link_error_errno(link, r, "Failed to get default router preference from RA: %m"); |
1e7a0e21 LP |
515 | |
516 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); | |
d5017c84 | 517 | if (r < 0) |
13e8a49a | 518 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
1e7a0e21 | 519 | |
d6fceaf1 | 520 | r = sd_ndisc_router_get_mtu(rt, &mtu); |
29b5ad08 JT |
521 | if (r == -ENODATA) |
522 | mtu = 0; | |
d5017c84 | 523 | else if (r < 0) |
13e8a49a | 524 | return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m"); |
d6fceaf1 | 525 | |
c27abcf4 YW |
526 | table = link_get_ipv6_accept_ra_route_table(link); |
527 | ||
1e7a0e21 | 528 | r = route_new(&route); |
d5017c84 | 529 | if (r < 0) |
13e8a49a | 530 | return log_oom(); |
1e7a0e21 LP |
531 | |
532 | route->family = AF_INET6; | |
c27abcf4 | 533 | route->table = table; |
8ebafba9 | 534 | route->priority = link->network->ipv6_accept_ra_route_metric; |
1e7a0e21 LP |
535 | route->protocol = RTPROT_RA; |
536 | route->pref = preference; | |
6dd53981 | 537 | route->gw_family = AF_INET6; |
b8ce3b44 | 538 | route->gw.in6 = gateway; |
496db330 | 539 | route->lifetime = usec_add(time_now, lifetime * USEC_PER_SEC); |
d6fceaf1 | 540 | route->mtu = mtu; |
1e7a0e21 | 541 | |
50550722 | 542 | r = ndisc_route_configure(route, link, rt); |
13e8a49a YW |
543 | if (r < 0) |
544 | return log_link_error_errno(link, r, "Could not set default route: %m"); | |
d5017c84 | 545 | |
1985c54f | 546 | Route *route_gw; |
2a54a044 | 547 | HASHMAP_FOREACH(route_gw, link->network->routes_by_section) { |
1a3a6309 | 548 | if (!route_gw->gateway_from_dhcp_or_ra) |
1985c54f YW |
549 | continue; |
550 | ||
5bb80a46 | 551 | if (route_gw->gw_family != AF_INET6) |
1985c54f YW |
552 | continue; |
553 | ||
b8ce3b44 | 554 | route_gw->gw.in6 = gateway; |
c27abcf4 YW |
555 | if (!route_gw->table_set) |
556 | route_gw->table = table; | |
557 | if (!route_gw->priority_set) | |
8ebafba9 | 558 | route_gw->priority = link->network->ipv6_accept_ra_route_metric; |
c27abcf4 YW |
559 | if (!route_gw->protocol_set) |
560 | route_gw->protocol = RTPROT_RA; | |
561 | if (!route_gw->pref_set) | |
086a351a | 562 | route_gw->pref = preference; |
496db330 | 563 | route_gw->lifetime = usec_add(time_now, lifetime * USEC_PER_SEC); |
c27abcf4 YW |
564 | if (route_gw->mtu == 0) |
565 | route_gw->mtu = mtu; | |
1985c54f | 566 | |
50550722 | 567 | r = ndisc_route_configure(route_gw, link, rt); |
13e8a49a YW |
568 | if (r < 0) |
569 | return log_link_error_errno(link, r, "Could not set gateway: %m"); | |
1985c54f YW |
570 | } |
571 | ||
d5017c84 | 572 | return 0; |
1e7a0e21 LP |
573 | } |
574 | ||
92ee90af YW |
575 | static bool stableprivate_address_is_valid(const struct in6_addr *addr) { |
576 | assert(addr); | |
577 | ||
578 | /* According to rfc4291, generated address should not be in the following ranges. */ | |
579 | ||
580 | if (memcmp(addr, &SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291, SUBNET_ROUTER_ANYCAST_PREFIXLEN) == 0) | |
581 | return false; | |
582 | ||
583 | if (memcmp(addr, &RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291, RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN) == 0) | |
584 | return false; | |
585 | ||
586 | if (memcmp(addr, &RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291, RESERVED_SUBNET_ANYCAST_PREFIXLEN) == 0) | |
587 | return false; | |
588 | ||
589 | return true; | |
590 | } | |
591 | ||
592 | static int make_stableprivate_address(Link *link, const struct in6_addr *prefix, uint8_t prefix_len, uint8_t dad_counter, struct in6_addr **ret) { | |
593 | _cleanup_free_ struct in6_addr *addr = NULL; | |
594 | sd_id128_t secret_key; | |
595 | struct siphash state; | |
596 | uint64_t rid; | |
597 | size_t l; | |
598 | int r; | |
599 | ||
600 | /* According to rfc7217 section 5.1 | |
601 | * RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) */ | |
602 | ||
603 | r = sd_id128_get_machine_app_specific(NDISC_APP_ID, &secret_key); | |
604 | if (r < 0) | |
605 | return log_error_errno(r, "Failed to generate key: %m"); | |
606 | ||
607 | siphash24_init(&state, secret_key.bytes); | |
608 | ||
609 | l = MAX(DIV_ROUND_UP(prefix_len, 8), 8); | |
610 | siphash24_compress(prefix, l, &state); | |
611 | siphash24_compress_string(link->ifname, &state); | |
b8162cd2 TR |
612 | /* Only last 8 bytes of IB MAC are stable */ |
613 | if (link->iftype == ARPHRD_INFINIBAND) | |
614 | siphash24_compress(&link->hw_addr.addr.infiniband[12], 8, &state); | |
615 | else | |
616 | siphash24_compress(link->hw_addr.addr.bytes, link->hw_addr.length, &state); | |
92ee90af YW |
617 | siphash24_compress(&dad_counter, sizeof(uint8_t), &state); |
618 | ||
619 | rid = htole64(siphash24_finalize(&state)); | |
620 | ||
621 | addr = new(struct in6_addr, 1); | |
622 | if (!addr) | |
623 | return log_oom(); | |
624 | ||
625 | memcpy(addr->s6_addr, prefix->s6_addr, l); | |
626 | memcpy(addr->s6_addr + l, &rid, 16 - l); | |
627 | ||
628 | if (!stableprivate_address_is_valid(addr)) { | |
629 | *ret = NULL; | |
630 | return 0; | |
631 | } | |
632 | ||
633 | *ret = TAKE_PTR(addr); | |
634 | return 1; | |
635 | } | |
636 | ||
637 | static int ndisc_router_generate_addresses(Link *link, struct in6_addr *address, uint8_t prefixlen, Set **ret) { | |
c24c83dc | 638 | _cleanup_set_free_free_ Set *addresses = NULL; |
5f506a55 | 639 | IPv6Token *j; |
5f506a55 SS |
640 | int r; |
641 | ||
5f506a55 | 642 | assert(link); |
c24c83dc KF |
643 | assert(address); |
644 | assert(ret); | |
645 | ||
92ee90af | 646 | addresses = set_new(&in6_addr_hash_ops); |
c24c83dc KF |
647 | if (!addresses) |
648 | return log_oom(); | |
5f506a55 | 649 | |
90e74a66 | 650 | ORDERED_SET_FOREACH(j, link->network->ipv6_tokens) { |
92ee90af | 651 | _cleanup_free_ struct in6_addr *new_address = NULL; |
c24c83dc | 652 | |
5f506a55 | 653 | if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE |
b8ce3b44 | 654 | && (in6_addr_is_null(&j->prefix) || in6_addr_equal(&j->prefix, address))) { |
0ddad04e | 655 | /* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop |
94876904 YW |
656 | * does not actually attempt Duplicate Address Detection; the counter will be incremented |
657 | * only when the address generation algorithm produces an invalid address, and the loop | |
658 | * may exit with an address which ends up being unusable due to duplication on the link. */ | |
5f506a55 | 659 | for (; j->dad_counter < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; j->dad_counter++) { |
b27caa34 | 660 | r = make_stableprivate_address(link, address, prefixlen, j->dad_counter, &new_address); |
5f506a55 | 661 | if (r < 0) |
92ee90af YW |
662 | return r; |
663 | if (r > 0) | |
c24c83dc | 664 | break; |
5f506a55 | 665 | } |
e2c4070e | 666 | } else if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC) { |
92ee90af YW |
667 | new_address = new(struct in6_addr, 1); |
668 | if (!new_address) | |
669 | return log_oom(); | |
5f506a55 | 670 | |
92ee90af YW |
671 | memcpy(new_address->s6_addr, address->s6_addr, 8); |
672 | memcpy(new_address->s6_addr + 8, j->prefix.s6_addr + 8, 8); | |
673 | } | |
c24c83dc | 674 | |
92ee90af | 675 | if (new_address) { |
c24c83dc KF |
676 | r = set_put(addresses, new_address); |
677 | if (r < 0) | |
13e8a49a | 678 | return log_link_error_errno(link, r, "Failed to store SLAAC address: %m"); |
92ee90af YW |
679 | else if (r == 0) |
680 | log_link_debug_errno(link, r, "Generated SLAAC address is duplicated, ignoring."); | |
681 | else | |
682 | TAKE_PTR(new_address); | |
c24c83dc KF |
683 | } |
684 | } | |
685 | ||
686 | /* fall back to EUI-64 if no tokens provided addresses */ | |
687 | if (set_isempty(addresses)) { | |
92ee90af | 688 | _cleanup_free_ struct in6_addr *new_address = NULL; |
c24c83dc | 689 | |
92ee90af YW |
690 | new_address = newdup(struct in6_addr, address, 1); |
691 | if (!new_address) | |
c24c83dc KF |
692 | return log_oom(); |
693 | ||
92ee90af | 694 | r = generate_ipv6_eui_64_address(link, new_address); |
a781ddef SS |
695 | if (r < 0) |
696 | return log_link_error_errno(link, r, "Failed to generate EUI64 address: %m"); | |
697 | ||
c24c83dc KF |
698 | r = set_put(addresses, new_address); |
699 | if (r < 0) | |
13e8a49a | 700 | return log_link_error_errno(link, r, "Failed to store SLAAC address: %m"); |
92ee90af | 701 | |
c24c83dc | 702 | TAKE_PTR(new_address); |
5f506a55 SS |
703 | } |
704 | ||
c24c83dc | 705 | *ret = TAKE_PTR(addresses); |
5f506a55 SS |
706 | |
707 | return 0; | |
708 | } | |
c24c83dc | 709 | |
d5017c84 | 710 | static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) { |
5f506a55 | 711 | uint32_t lifetime_valid, lifetime_preferred, lifetime_remaining; |
c24c83dc | 712 | _cleanup_set_free_free_ Set *addresses = NULL; |
8e766630 | 713 | _cleanup_(address_freep) Address *address = NULL; |
92ee90af | 714 | struct in6_addr addr, *a; |
1e7a0e21 | 715 | unsigned prefixlen; |
5f506a55 | 716 | usec_t time_now; |
1e7a0e21 LP |
717 | int r; |
718 | ||
719 | assert(link); | |
720 | assert(rt); | |
721 | ||
6554550f | 722 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); |
d5017c84 | 723 | if (r < 0) |
13e8a49a | 724 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
6554550f | 725 | |
1e7a0e21 | 726 | r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen); |
d5017c84 YW |
727 | if (r < 0) |
728 | return log_link_error_errno(link, r, "Failed to get prefix length: %m"); | |
1e7a0e21 LP |
729 | |
730 | r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid); | |
d5017c84 YW |
731 | if (r < 0) |
732 | return log_link_error_errno(link, r, "Failed to get prefix valid lifetime: %m"); | |
1e7a0e21 LP |
733 | |
734 | r = sd_ndisc_router_prefix_get_preferred_lifetime(rt, &lifetime_preferred); | |
d5017c84 YW |
735 | if (r < 0) |
736 | return log_link_error_errno(link, r, "Failed to get prefix preferred lifetime: %m"); | |
3b015d40 | 737 | |
92bdc3ff SS |
738 | /* The preferred lifetime is never greater than the valid lifetime */ |
739 | if (lifetime_preferred > lifetime_valid) | |
d5017c84 | 740 | return 0; |
92bdc3ff | 741 | |
92ee90af | 742 | r = sd_ndisc_router_prefix_get_address(rt, &addr); |
d5017c84 YW |
743 | if (r < 0) |
744 | return log_link_error_errno(link, r, "Failed to get prefix address: %m"); | |
1e7a0e21 | 745 | |
92ee90af | 746 | r = ndisc_router_generate_addresses(link, &addr, prefixlen, &addresses); |
5f506a55 | 747 | if (r < 0) |
13e8a49a | 748 | return r; |
c24c83dc | 749 | |
92ee90af YW |
750 | r = address_new(&address); |
751 | if (r < 0) | |
752 | return log_oom(); | |
753 | ||
754 | address->family = AF_INET6; | |
755 | address->prefixlen = prefixlen; | |
756 | address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR; | |
757 | address->cinfo.ifa_prefered = lifetime_preferred; | |
758 | ||
90e74a66 | 759 | SET_FOREACH(a, addresses) { |
13e8a49a YW |
760 | Address *existing_address; |
761 | ||
fe841414 YW |
762 | address->in_addr.in6 = *a; |
763 | ||
c24c83dc | 764 | /* see RFC4862 section 5.5.3.e */ |
fe841414 | 765 | r = address_get(link, address, &existing_address); |
c24c83dc KF |
766 | if (r > 0) { |
767 | lifetime_remaining = existing_address->cinfo.tstamp / 100 + existing_address->cinfo.ifa_valid - time_now / USEC_PER_SEC; | |
768 | if (lifetime_valid > NDISC_PREFIX_LFT_MIN || lifetime_valid > lifetime_remaining) | |
92ee90af | 769 | address->cinfo.ifa_valid = lifetime_valid; |
c24c83dc | 770 | else if (lifetime_remaining <= NDISC_PREFIX_LFT_MIN) |
92ee90af | 771 | address->cinfo.ifa_valid = lifetime_remaining; |
c24c83dc | 772 | else |
92ee90af | 773 | address->cinfo.ifa_valid = NDISC_PREFIX_LFT_MIN; |
c24c83dc | 774 | } else if (lifetime_valid > 0) |
92ee90af | 775 | address->cinfo.ifa_valid = lifetime_valid; |
6554550f | 776 | else |
01c344bd | 777 | continue; /* see RFC4862 section 5.5.3.d */ |
6554550f | 778 | |
92ee90af | 779 | if (address->cinfo.ifa_valid == 0) |
c24c83dc | 780 | continue; |
3b015d40 | 781 | |
50550722 | 782 | r = ndisc_address_configure(address, link, rt); |
13e8a49a YW |
783 | if (r < 0) |
784 | return log_link_error_errno(link, r, "Could not set SLAAC address: %m"); | |
3b015d40 | 785 | } |
d5017c84 YW |
786 | |
787 | return 0; | |
3b015d40 TG |
788 | } |
789 | ||
d5017c84 | 790 | static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) { |
8e766630 | 791 | _cleanup_(route_freep) Route *route = NULL; |
3b015d40 | 792 | usec_t time_now; |
1e7a0e21 LP |
793 | uint32_t lifetime; |
794 | unsigned prefixlen; | |
3b015d40 TG |
795 | int r; |
796 | ||
3b015d40 | 797 | assert(link); |
1e7a0e21 | 798 | assert(rt); |
3b015d40 | 799 | |
1e7a0e21 | 800 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); |
d5017c84 | 801 | if (r < 0) |
13e8a49a | 802 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
1e7a0e21 LP |
803 | |
804 | r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen); | |
d5017c84 YW |
805 | if (r < 0) |
806 | return log_link_error_errno(link, r, "Failed to get prefix length: %m"); | |
1e7a0e21 LP |
807 | |
808 | r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime); | |
d5017c84 YW |
809 | if (r < 0) |
810 | return log_link_error_errno(link, r, "Failed to get prefix lifetime: %m"); | |
3b015d40 TG |
811 | |
812 | r = route_new(&route); | |
d5017c84 | 813 | if (r < 0) |
13e8a49a | 814 | return log_oom(); |
3b015d40 | 815 | |
3b015d40 | 816 | route->family = AF_INET6; |
bdb9f580 | 817 | route->table = link_get_ipv6_accept_ra_route_table(link); |
8ebafba9 | 818 | route->priority = link->network->ipv6_accept_ra_route_metric; |
3b015d40 TG |
819 | route->protocol = RTPROT_RA; |
820 | route->flags = RTM_F_PREFIX; | |
3b015d40 | 821 | route->dst_prefixlen = prefixlen; |
496db330 | 822 | route->lifetime = usec_add(time_now, lifetime * USEC_PER_SEC); |
3b015d40 | 823 | |
1e7a0e21 | 824 | r = sd_ndisc_router_prefix_get_address(rt, &route->dst.in6); |
d5017c84 YW |
825 | if (r < 0) |
826 | return log_link_error_errno(link, r, "Failed to get prefix address: %m"); | |
1e7a0e21 | 827 | |
50550722 | 828 | r = ndisc_route_configure(route, link, rt); |
13e8a49a YW |
829 | if (r < 0) |
830 | return log_link_error_errno(link, r, "Could not set prefix route: %m");; | |
d5017c84 YW |
831 | |
832 | return 0; | |
3b015d40 TG |
833 | } |
834 | ||
d5017c84 | 835 | static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) { |
8e766630 | 836 | _cleanup_(route_freep) Route *route = NULL; |
b8ce3b44 | 837 | struct in6_addr gateway, dst; |
1e7a0e21 LP |
838 | uint32_t lifetime; |
839 | unsigned preference, prefixlen; | |
fe307276 | 840 | usec_t time_now; |
7a695d8e | 841 | int r; |
a13c50e7 TG |
842 | |
843 | assert(link); | |
a13c50e7 | 844 | |
1e7a0e21 | 845 | r = sd_ndisc_router_route_get_lifetime(rt, &lifetime); |
d5017c84 | 846 | if (r < 0) |
13e8a49a | 847 | return log_link_error_errno(link, r, "Failed to get gateway lifetime from RA: %m"); |
d5017c84 | 848 | |
1e7a0e21 | 849 | if (lifetime == 0) |
d5017c84 | 850 | return 0; |
a13c50e7 | 851 | |
b8ce3b44 | 852 | r = sd_ndisc_router_route_get_address(rt, &dst); |
d5017c84 | 853 | if (r < 0) |
19e334bd | 854 | return log_link_error_errno(link, r, "Failed to get route address: %m"); |
3b015d40 | 855 | |
de6b6ff8 | 856 | if ((!set_isempty(link->network->ndisc_allow_listed_route_prefix) && |
b8ce3b44 YW |
857 | !set_contains(link->network->ndisc_allow_listed_route_prefix, &dst)) || |
858 | set_contains(link->network->ndisc_deny_listed_route_prefix, &dst)) { | |
16c89e64 DP |
859 | if (DEBUG_LOGGING) { |
860 | _cleanup_free_ char *buf = NULL; | |
861 | ||
b8ce3b44 | 862 | (void) in6_addr_to_string(&dst, &buf); |
de6b6ff8 | 863 | if (!set_isempty(link->network->ndisc_allow_listed_route_prefix)) |
b8ce3b44 | 864 | log_link_debug(link, "Route prefix '%s' is not in allow list, ignoring", strna(buf)); |
de6b6ff8 | 865 | else |
b8ce3b44 | 866 | log_link_debug(link, "Route prefix '%s' is in deny list, ignoring", strna(buf)); |
16c89e64 DP |
867 | } |
868 | return 0; | |
869 | } | |
870 | ||
b8ce3b44 | 871 | r = sd_ndisc_router_get_address(rt, &gateway); |
19e334bd YW |
872 | if (r < 0) |
873 | return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m"); | |
874 | ||
b8ce3b44 | 875 | if (link_has_ipv6_address(link, &gateway) > 0) { |
22101916 | 876 | if (DEBUG_LOGGING) { |
517fdd61 YW |
877 | _cleanup_free_ char *buf = NULL; |
878 | ||
b8ce3b44 YW |
879 | (void) in6_addr_to_string(&gateway, &buf); |
880 | log_link_debug(link, "Advertised route gateway %s is local to the link, ignoring route", strna(buf)); | |
22101916 DP |
881 | } |
882 | return 0; | |
883 | } | |
884 | ||
1e7a0e21 | 885 | r = sd_ndisc_router_route_get_prefixlen(rt, &prefixlen); |
d5017c84 | 886 | if (r < 0) |
13e8a49a | 887 | return log_link_error_errno(link, r, "Failed to get route prefix length: %m"); |
1e7a0e21 LP |
888 | |
889 | r = sd_ndisc_router_route_get_preference(rt, &preference); | |
d5017c84 | 890 | if (r < 0) |
13e8a49a | 891 | return log_link_error_errno(link, r, "Failed to get default router preference from RA: %m"); |
1e7a0e21 LP |
892 | |
893 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); | |
d5017c84 | 894 | if (r < 0) |
13e8a49a | 895 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
3b015d40 TG |
896 | |
897 | r = route_new(&route); | |
d5017c84 | 898 | if (r < 0) |
13e8a49a | 899 | return log_oom(); |
3b015d40 | 900 | |
3b015d40 | 901 | route->family = AF_INET6; |
bdb9f580 | 902 | route->table = link_get_ipv6_accept_ra_route_table(link); |
8ebafba9 | 903 | route->priority = link->network->ipv6_accept_ra_route_metric; |
3b015d40 | 904 | route->protocol = RTPROT_RA; |
1e7a0e21 | 905 | route->pref = preference; |
b8ce3b44 | 906 | route->gw.in6 = gateway; |
6dd53981 | 907 | route->gw_family = AF_INET6; |
b8ce3b44 | 908 | route->dst.in6 = dst; |
1e7a0e21 | 909 | route->dst_prefixlen = prefixlen; |
496db330 | 910 | route->lifetime = usec_add(time_now, lifetime * USEC_PER_SEC); |
3b015d40 | 911 | |
50550722 | 912 | r = ndisc_route_configure(route, link, rt); |
13e8a49a YW |
913 | if (r < 0) |
914 | return log_link_error_errno(link, r, "Could not set additional route: %m"); | |
d5017c84 YW |
915 | |
916 | return 0; | |
9d96e6c3 | 917 | } |
a13c50e7 | 918 | |
7a08d314 | 919 | static void ndisc_rdnss_hash_func(const NDiscRDNSS *x, struct siphash *state) { |
1e7a0e21 LP |
920 | siphash24_compress(&x->address, sizeof(x->address), state); |
921 | } | |
922 | ||
7a08d314 | 923 | static int ndisc_rdnss_compare_func(const NDiscRDNSS *a, const NDiscRDNSS *b) { |
1e7a0e21 LP |
924 | return memcmp(&a->address, &b->address, sizeof(a->address)); |
925 | } | |
926 | ||
b0b97766 YW |
927 | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( |
928 | ndisc_rdnss_hash_ops, | |
929 | NDiscRDNSS, | |
930 | ndisc_rdnss_hash_func, | |
931 | ndisc_rdnss_compare_func, | |
932 | free); | |
1e7a0e21 | 933 | |
d5017c84 | 934 | static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) { |
1e7a0e21 LP |
935 | uint32_t lifetime; |
936 | const struct in6_addr *a; | |
50550722 | 937 | struct in6_addr router; |
b0b97766 | 938 | NDiscRDNSS *rdnss; |
1e7a0e21 | 939 | usec_t time_now; |
9092113d | 940 | bool updated = false; |
13e8a49a | 941 | int n, r; |
1e7a0e21 LP |
942 | |
943 | assert(link); | |
944 | assert(rt); | |
945 | ||
50550722 YW |
946 | r = sd_ndisc_router_get_address(rt, &router); |
947 | if (r < 0) | |
948 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); | |
949 | ||
1e7a0e21 | 950 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); |
d5017c84 | 951 | if (r < 0) |
13e8a49a | 952 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
1e7a0e21 LP |
953 | |
954 | r = sd_ndisc_router_rdnss_get_lifetime(rt, &lifetime); | |
d5017c84 | 955 | if (r < 0) |
13e8a49a | 956 | return log_link_error_errno(link, r, "Failed to get RDNSS lifetime: %m"); |
1e7a0e21 LP |
957 | |
958 | n = sd_ndisc_router_rdnss_get_addresses(rt, &a); | |
d5017c84 | 959 | if (n < 0) |
13e8a49a | 960 | return log_link_error_errno(link, n, "Failed to get RDNSS addresses: %m"); |
1e7a0e21 | 961 | |
90e74a66 | 962 | SET_FOREACH(rdnss, link->ndisc_rdnss) |
b8ce3b44 | 963 | if (in6_addr_equal(&rdnss->router, &router)) |
50550722 | 964 | rdnss->marked = true; |
1e7a0e21 | 965 | |
b0b97766 YW |
966 | if (lifetime == 0) |
967 | return 0; | |
1e7a0e21 | 968 | |
b0b97766 YW |
969 | if (n >= (int) NDISC_RDNSS_MAX) { |
970 | log_link_warning(link, "Too many RDNSS records per link. Only first %i records will be used.", NDISC_RDNSS_MAX); | |
971 | n = NDISC_RDNSS_MAX; | |
972 | } | |
1e7a0e21 | 973 | |
b0b97766 YW |
974 | for (int j = 0; j < n; j++) { |
975 | _cleanup_free_ NDiscRDNSS *x = NULL; | |
976 | NDiscRDNSS d = { | |
977 | .address = a[j], | |
978 | }; | |
1e7a0e21 | 979 | |
b0b97766 YW |
980 | rdnss = set_get(link->ndisc_rdnss, &d); |
981 | if (rdnss) { | |
982 | rdnss->marked = false; | |
50550722 | 983 | rdnss->router = router; |
b0b97766 | 984 | rdnss->valid_until = time_now + lifetime * USEC_PER_SEC; |
1e7a0e21 LP |
985 | continue; |
986 | } | |
987 | ||
d5017c84 YW |
988 | x = new(NDiscRDNSS, 1); |
989 | if (!x) | |
990 | return log_oom(); | |
1e7a0e21 | 991 | |
d5017c84 | 992 | *x = (NDiscRDNSS) { |
b0b97766 | 993 | .address = a[j], |
50550722 | 994 | .router = router, |
d5017c84 YW |
995 | .valid_until = time_now + lifetime * USEC_PER_SEC, |
996 | }; | |
1e7a0e21 | 997 | |
35e601d4 | 998 | r = set_ensure_consume(&link->ndisc_rdnss, &ndisc_rdnss_hash_ops, TAKE_PTR(x)); |
d5017c84 YW |
999 | if (r < 0) |
1000 | return log_oom(); | |
1e7a0e21 | 1001 | assert(r > 0); |
9092113d YW |
1002 | |
1003 | updated = true; | |
1e7a0e21 | 1004 | } |
d5017c84 | 1005 | |
9092113d YW |
1006 | if (updated) |
1007 | link_dirty(link); | |
1008 | ||
d5017c84 | 1009 | return 0; |
1e7a0e21 LP |
1010 | } |
1011 | ||
7a08d314 | 1012 | static void ndisc_dnssl_hash_func(const NDiscDNSSL *x, struct siphash *state) { |
f281fc1e | 1013 | siphash24_compress_string(NDISC_DNSSL_DOMAIN(x), state); |
1e7a0e21 LP |
1014 | } |
1015 | ||
7a08d314 | 1016 | static int ndisc_dnssl_compare_func(const NDiscDNSSL *a, const NDiscDNSSL *b) { |
1e7a0e21 LP |
1017 | return strcmp(NDISC_DNSSL_DOMAIN(a), NDISC_DNSSL_DOMAIN(b)); |
1018 | } | |
1019 | ||
b0b97766 YW |
1020 | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( |
1021 | ndisc_dnssl_hash_ops, | |
1022 | NDiscDNSSL, | |
1023 | ndisc_dnssl_hash_func, | |
1024 | ndisc_dnssl_compare_func, | |
1025 | free); | |
1e7a0e21 | 1026 | |
13e8a49a | 1027 | static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) { |
1e7a0e21 | 1028 | _cleanup_strv_free_ char **l = NULL; |
50550722 | 1029 | struct in6_addr router; |
1e7a0e21 LP |
1030 | uint32_t lifetime; |
1031 | usec_t time_now; | |
b0b97766 | 1032 | NDiscDNSSL *dnssl; |
9092113d | 1033 | bool updated = false; |
b0b97766 | 1034 | char **j; |
1e7a0e21 LP |
1035 | int r; |
1036 | ||
1037 | assert(link); | |
1038 | assert(rt); | |
1039 | ||
50550722 YW |
1040 | r = sd_ndisc_router_get_address(rt, &router); |
1041 | if (r < 0) | |
1042 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); | |
1043 | ||
1e7a0e21 | 1044 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); |
13e8a49a YW |
1045 | if (r < 0) |
1046 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); | |
1e7a0e21 LP |
1047 | |
1048 | r = sd_ndisc_router_dnssl_get_lifetime(rt, &lifetime); | |
13e8a49a YW |
1049 | if (r < 0) |
1050 | return log_link_error_errno(link, r, "Failed to get DNSSL lifetime: %m"); | |
1e7a0e21 LP |
1051 | |
1052 | r = sd_ndisc_router_dnssl_get_domains(rt, &l); | |
13e8a49a YW |
1053 | if (r < 0) |
1054 | return log_link_error_errno(link, r, "Failed to get DNSSL addresses: %m"); | |
1e7a0e21 | 1055 | |
90e74a66 | 1056 | SET_FOREACH(dnssl, link->ndisc_dnssl) |
b8ce3b44 | 1057 | if (in6_addr_equal(&dnssl->router, &router)) |
50550722 | 1058 | dnssl->marked = true; |
1e7a0e21 | 1059 | |
b0b97766 YW |
1060 | if (lifetime == 0) |
1061 | return 0; | |
a34349e7 | 1062 | |
b0b97766 YW |
1063 | if (strv_length(l) >= NDISC_DNSSL_MAX) { |
1064 | log_link_warning(link, "Too many DNSSL records per link. Only first %i records will be used.", NDISC_DNSSL_MAX); | |
1065 | STRV_FOREACH(j, l + NDISC_DNSSL_MAX) | |
1066 | *j = mfree(*j); | |
1067 | } | |
1e7a0e21 | 1068 | |
b0b97766 YW |
1069 | STRV_FOREACH(j, l) { |
1070 | _cleanup_free_ NDiscDNSSL *s = NULL; | |
1e7a0e21 | 1071 | |
b0b97766 YW |
1072 | s = malloc0(ALIGN(sizeof(NDiscDNSSL)) + strlen(*j) + 1); |
1073 | if (!s) | |
1074 | return log_oom(); | |
1e7a0e21 | 1075 | |
b0b97766 | 1076 | strcpy(NDISC_DNSSL_DOMAIN(s), *j); |
1e7a0e21 | 1077 | |
b0b97766 YW |
1078 | dnssl = set_get(link->ndisc_dnssl, s); |
1079 | if (dnssl) { | |
1080 | dnssl->marked = false; | |
50550722 | 1081 | dnssl->router = router; |
b0b97766 | 1082 | dnssl->valid_until = time_now + lifetime * USEC_PER_SEC; |
1e7a0e21 LP |
1083 | continue; |
1084 | } | |
1085 | ||
50550722 | 1086 | s->router = router; |
a34349e7 | 1087 | s->valid_until = time_now + lifetime * USEC_PER_SEC; |
1e7a0e21 | 1088 | |
35e601d4 | 1089 | r = set_ensure_consume(&link->ndisc_dnssl, &ndisc_dnssl_hash_ops, TAKE_PTR(s)); |
13e8a49a YW |
1090 | if (r < 0) |
1091 | return log_oom(); | |
1e7a0e21 | 1092 | assert(r > 0); |
9092113d YW |
1093 | |
1094 | updated = true; | |
1e7a0e21 | 1095 | } |
13e8a49a | 1096 | |
9092113d YW |
1097 | if (updated) |
1098 | link_dirty(link); | |
1099 | ||
13e8a49a | 1100 | return 0; |
1e7a0e21 LP |
1101 | } |
1102 | ||
e8c9b5b0 | 1103 | static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) { |
1e7a0e21 | 1104 | assert(link); |
55d3fdcf | 1105 | assert(link->network); |
1e7a0e21 LP |
1106 | assert(rt); |
1107 | ||
13e8a49a | 1108 | for (int r = sd_ndisc_router_option_rewind(rt); ; r = sd_ndisc_router_option_next(rt)) { |
1e7a0e21 LP |
1109 | uint8_t type; |
1110 | ||
e8c9b5b0 | 1111 | if (r < 0) |
13e8a49a | 1112 | return log_link_error_errno(link, r, "Failed to iterate through options: %m"); |
1e7a0e21 | 1113 | if (r == 0) /* EOF */ |
13e8a49a | 1114 | return 0; |
1e7a0e21 LP |
1115 | |
1116 | r = sd_ndisc_router_option_get_type(rt, &type); | |
e8c9b5b0 | 1117 | if (r < 0) |
13e8a49a | 1118 | return log_link_error_errno(link, r, "Failed to get RA option type: %m"); |
1e7a0e21 LP |
1119 | |
1120 | switch (type) { | |
1121 | ||
1122 | case SD_NDISC_OPTION_PREFIX_INFORMATION: { | |
b8ce3b44 | 1123 | struct in6_addr a; |
1e7a0e21 LP |
1124 | uint8_t flags; |
1125 | ||
b8ce3b44 | 1126 | r = sd_ndisc_router_prefix_get_address(rt, &a); |
55d3fdcf YW |
1127 | if (r < 0) |
1128 | return log_link_error_errno(link, r, "Failed to get prefix address: %m"); | |
1129 | ||
de6b6ff8 | 1130 | if ((!set_isempty(link->network->ndisc_allow_listed_prefix) && |
b8ce3b44 YW |
1131 | !set_contains(link->network->ndisc_allow_listed_prefix, &a)) || |
1132 | set_contains(link->network->ndisc_deny_listed_prefix, &a)) { | |
55d3fdcf YW |
1133 | if (DEBUG_LOGGING) { |
1134 | _cleanup_free_ char *b = NULL; | |
1135 | ||
b8ce3b44 | 1136 | (void) in6_addr_to_string(&a, &b); |
de6b6ff8 SS |
1137 | if (!set_isempty(link->network->ndisc_allow_listed_prefix)) |
1138 | log_link_debug(link, "Prefix '%s' is not in allow list, ignoring", strna(b)); | |
1139 | else | |
1140 | log_link_debug(link, "Prefix '%s' is in deny list, ignoring", strna(b)); | |
55d3fdcf | 1141 | } |
55d3fdcf YW |
1142 | break; |
1143 | } | |
1144 | ||
1e7a0e21 | 1145 | r = sd_ndisc_router_prefix_get_flags(rt, &flags); |
e8c9b5b0 | 1146 | if (r < 0) |
13e8a49a | 1147 | return log_link_error_errno(link, r, "Failed to get RA prefix flags: %m"); |
1e7a0e21 | 1148 | |
87d8a4de | 1149 | if (link->network->ipv6_accept_ra_use_onlink_prefix && |
13e8a49a YW |
1150 | FLAGS_SET(flags, ND_OPT_PI_FLAG_ONLINK)) { |
1151 | r = ndisc_router_process_onlink_prefix(link, rt); | |
1152 | if (r < 0) | |
1153 | return r; | |
1154 | } | |
062c2eea | 1155 | |
87d8a4de | 1156 | if (link->network->ipv6_accept_ra_use_autonomous_prefix && |
13e8a49a YW |
1157 | FLAGS_SET(flags, ND_OPT_PI_FLAG_AUTO)) { |
1158 | r = ndisc_router_process_autonomous_prefix(link, rt); | |
1159 | if (r < 0) | |
1160 | return r; | |
1161 | } | |
1e7a0e21 LP |
1162 | break; |
1163 | } | |
1164 | ||
1165 | case SD_NDISC_OPTION_ROUTE_INFORMATION: | |
13e8a49a YW |
1166 | r = ndisc_router_process_route(link, rt); |
1167 | if (r < 0) | |
1168 | return r; | |
1e7a0e21 LP |
1169 | break; |
1170 | ||
1171 | case SD_NDISC_OPTION_RDNSS: | |
13e8a49a YW |
1172 | if (link->network->ipv6_accept_ra_use_dns) { |
1173 | r = ndisc_router_process_rdnss(link, rt); | |
1174 | if (r < 0) | |
1175 | return r; | |
1176 | } | |
1e7a0e21 LP |
1177 | break; |
1178 | ||
1179 | case SD_NDISC_OPTION_DNSSL: | |
13e8a49a YW |
1180 | if (link->network->ipv6_accept_ra_use_dns) { |
1181 | r = ndisc_router_process_dnssl(link, rt); | |
1182 | if (r < 0) | |
1183 | return r; | |
1184 | } | |
1e7a0e21 LP |
1185 | break; |
1186 | } | |
1e7a0e21 LP |
1187 | } |
1188 | } | |
1189 | ||
d5017c84 | 1190 | static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) { |
b8ce3b44 | 1191 | struct in6_addr router; |
1e7a0e21 | 1192 | uint64_t flags; |
50550722 YW |
1193 | NDiscAddress *na; |
1194 | NDiscRoute *nr; | |
86e2be7b | 1195 | int r; |
1e7a0e21 LP |
1196 | |
1197 | assert(link); | |
1198 | assert(link->network); | |
1199 | assert(link->manager); | |
1200 | assert(rt); | |
1201 | ||
b8ce3b44 | 1202 | r = sd_ndisc_router_get_address(rt, &router); |
75d26411 YW |
1203 | if (r < 0) |
1204 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); | |
1205 | ||
1206 | if ((!set_isempty(link->network->ndisc_allow_listed_router) && | |
b8ce3b44 YW |
1207 | !set_contains(link->network->ndisc_allow_listed_router, &router)) || |
1208 | set_contains(link->network->ndisc_deny_listed_router, &router)) { | |
75d26411 YW |
1209 | if (DEBUG_LOGGING) { |
1210 | _cleanup_free_ char *buf = NULL; | |
1211 | ||
b8ce3b44 | 1212 | (void) in6_addr_to_string(&router, &buf); |
75d26411 YW |
1213 | if (!set_isempty(link->network->ndisc_allow_listed_router)) |
1214 | log_link_debug(link, "Router '%s' is not in allow list, ignoring", strna(buf)); | |
1215 | else | |
1216 | log_link_debug(link, "Router '%s' is in deny list, ignoring", strna(buf)); | |
1217 | } | |
1218 | return 0; | |
1219 | } | |
1220 | ||
90e74a66 | 1221 | SET_FOREACH(na, link->ndisc_addresses) |
b8ce3b44 | 1222 | if (in6_addr_equal(&na->router, &router)) |
50550722 YW |
1223 | na->marked = true; |
1224 | ||
90e74a66 | 1225 | SET_FOREACH(nr, link->ndisc_routes) |
b8ce3b44 | 1226 | if (in6_addr_equal(&nr->router, &router)) |
50550722 | 1227 | nr->marked = true; |
69203fba | 1228 | |
1e7a0e21 | 1229 | r = sd_ndisc_router_get_flags(rt, &flags); |
d5017c84 | 1230 | if (r < 0) |
13e8a49a | 1231 | return log_link_error_errno(link, r, "Failed to get RA flags: %m"); |
1e7a0e21 | 1232 | |
0e686fea YW |
1233 | if ((flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER) && |
1234 | link->network->ipv6_accept_ra_start_dhcp6_client != IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO) || | |
1235 | link->network->ipv6_accept_ra_start_dhcp6_client == IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS) { | |
ac24e418 | 1236 | |
0e686fea | 1237 | if (flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER)) |
ac24e418 SS |
1238 | /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags */ |
1239 | r = dhcp6_request_address(link, !(flags & ND_RA_FLAG_MANAGED)); | |
0e686fea YW |
1240 | else |
1241 | /* When IPv6AcceptRA.DHCPv6Client=always, start dhcp6 client in managed mode | |
1242 | * even if router does not have M or O flag. */ | |
1243 | r = dhcp6_request_address(link, false); | |
1e7a0e21 | 1244 | if (r < 0 && r != -EBUSY) |
13e8a49a | 1245 | return log_link_error_errno(link, r, "Could not acquire DHCPv6 lease on NDisc request: %m"); |
69203fba | 1246 | else |
1e7a0e21 LP |
1247 | log_link_debug(link, "Acquiring DHCPv6 lease on NDisc request"); |
1248 | } | |
1249 | ||
13e8a49a YW |
1250 | r = ndisc_router_process_default(link, rt); |
1251 | if (r < 0) | |
1252 | return r; | |
1253 | r = ndisc_router_process_options(link, rt); | |
1254 | if (r < 0) | |
1255 | return r; | |
d5017c84 | 1256 | |
69203fba YW |
1257 | if (link->ndisc_addresses_messages == 0) |
1258 | link->ndisc_addresses_configured = true; | |
92395e0e | 1259 | else |
69203fba YW |
1260 | log_link_debug(link, "Setting SLAAC addresses."); |
1261 | ||
69203fba YW |
1262 | if (link->ndisc_routes_messages == 0) |
1263 | link->ndisc_routes_configured = true; | |
1264 | else | |
1265 | log_link_debug(link, "Setting NDisc routes."); | |
1266 | ||
50550722 | 1267 | r = ndisc_remove_old(link); |
69203fba YW |
1268 | if (r < 0) |
1269 | return r; | |
1270 | ||
1271 | if (link->ndisc_addresses_configured && link->ndisc_routes_configured) | |
1272 | link_check_ready(link); | |
1273 | else | |
1274 | link_set_state(link, LINK_STATE_CONFIGURING); | |
1275 | ||
1276 | return 0; | |
1e7a0e21 LP |
1277 | } |
1278 | ||
2324fd3a | 1279 | static void ndisc_handler(sd_ndisc *nd, sd_ndisc_event_t event, sd_ndisc_router *rt, void *userdata) { |
9d96e6c3 | 1280 | Link *link = userdata; |
13e8a49a | 1281 | int r; |
a13c50e7 | 1282 | |
9d96e6c3 | 1283 | assert(link); |
a13c50e7 | 1284 | |
9d96e6c3 TG |
1285 | if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) |
1286 | return; | |
a13c50e7 | 1287 | |
9d96e6c3 | 1288 | switch (event) { |
1e7a0e21 LP |
1289 | |
1290 | case SD_NDISC_EVENT_ROUTER: | |
13e8a49a YW |
1291 | r = ndisc_router_handler(link, rt); |
1292 | if (r < 0) { | |
1293 | link_enter_failed(link); | |
1294 | return; | |
1295 | } | |
1e7a0e21 LP |
1296 | break; |
1297 | ||
9d96e6c3 | 1298 | case SD_NDISC_EVENT_TIMEOUT: |
a8c10331 | 1299 | log_link_debug(link, "NDisc handler get timeout event"); |
3336e946 YW |
1300 | if (link->ndisc_addresses_messages == 0 && link->ndisc_routes_messages == 0) { |
1301 | link->ndisc_addresses_configured = true; | |
1302 | link->ndisc_routes_configured = true; | |
1303 | link_check_ready(link); | |
1304 | } | |
9d96e6c3 TG |
1305 | break; |
1306 | default: | |
a8c10331 | 1307 | assert_not_reached("Unknown NDisc event"); |
a13c50e7 TG |
1308 | } |
1309 | } | |
1310 | ||
1311 | int ndisc_configure(Link *link) { | |
1312 | int r; | |
1313 | ||
1e7a0e21 LP |
1314 | assert(link); |
1315 | ||
2ffd6d73 YW |
1316 | if (!link_ipv6_accept_ra_enabled(link)) |
1317 | return 0; | |
a13c50e7 | 1318 | |
5c078687 | 1319 | if (link->ndisc) |
bc9e40c9 | 1320 | return -EBUSY; /* Already configured. */ |
2ffd6d73 | 1321 | |
5c078687 YW |
1322 | r = sd_ndisc_new(&link->ndisc); |
1323 | if (r < 0) | |
1324 | return r; | |
1325 | ||
1326 | r = sd_ndisc_attach_event(link->ndisc, link->manager->event, 0); | |
1327 | if (r < 0) | |
1328 | return r; | |
a13c50e7 | 1329 | |
b8162cd2 | 1330 | r = sd_ndisc_set_mac(link->ndisc, &link->hw_addr.addr.ether); |
a13c50e7 TG |
1331 | if (r < 0) |
1332 | return r; | |
1333 | ||
1e7a0e21 | 1334 | r = sd_ndisc_set_ifindex(link->ndisc, link->ifindex); |
a13c50e7 TG |
1335 | if (r < 0) |
1336 | return r; | |
1337 | ||
1e7a0e21 | 1338 | r = sd_ndisc_set_callback(link->ndisc, ndisc_handler, link); |
a13c50e7 TG |
1339 | if (r < 0) |
1340 | return r; | |
1341 | ||
1e7a0e21 LP |
1342 | return 0; |
1343 | } | |
1344 | ||
294f129b YW |
1345 | int ndisc_start(Link *link) { |
1346 | assert(link); | |
1347 | ||
1348 | if (!link->ndisc || !link->dhcp6_client) | |
1349 | return 0; | |
1350 | ||
1351 | log_link_debug(link, "Discovering IPv6 routers"); | |
1352 | ||
1353 | return sd_ndisc_start(link->ndisc); | |
1354 | } | |
1355 | ||
1e7a0e21 LP |
1356 | void ndisc_vacuum(Link *link) { |
1357 | NDiscRDNSS *r; | |
1358 | NDiscDNSSL *d; | |
1e7a0e21 LP |
1359 | usec_t time_now; |
1360 | ||
1361 | assert(link); | |
1362 | ||
1363 | /* Removes all RDNSS and DNSSL entries whose validity time has passed */ | |
1364 | ||
1365 | time_now = now(clock_boottime_or_monotonic()); | |
1366 | ||
90e74a66 | 1367 | SET_FOREACH(r, link->ndisc_rdnss) |
9092113d | 1368 | if (r->valid_until < time_now) |
02affb4e | 1369 | free(set_remove(link->ndisc_rdnss, r)); |
a13c50e7 | 1370 | |
90e74a66 | 1371 | SET_FOREACH(d, link->ndisc_dnssl) |
9092113d | 1372 | if (d->valid_until < time_now) |
02affb4e | 1373 | free(set_remove(link->ndisc_dnssl, d)); |
a13c50e7 | 1374 | } |
c69305ff LP |
1375 | |
1376 | void ndisc_flush(Link *link) { | |
1377 | assert(link); | |
1378 | ||
1379 | /* Removes all RDNSS and DNSSL entries, without exception */ | |
1380 | ||
b0b97766 YW |
1381 | link->ndisc_rdnss = set_free(link->ndisc_rdnss); |
1382 | link->ndisc_dnssl = set_free(link->ndisc_dnssl); | |
c69305ff | 1383 | } |
e520ce64 | 1384 | |
5f506a55 SS |
1385 | int ipv6token_new(IPv6Token **ret) { |
1386 | IPv6Token *p; | |
1387 | ||
1388 | p = new(IPv6Token, 1); | |
1389 | if (!p) | |
1390 | return -ENOMEM; | |
1391 | ||
1392 | *p = (IPv6Token) { | |
1393 | .address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_NONE, | |
1394 | }; | |
1395 | ||
1396 | *ret = TAKE_PTR(p); | |
1397 | ||
1398 | return 0; | |
1399 | } | |
1400 | ||
2c621495 YW |
1401 | static void ipv6_token_hash_func(const IPv6Token *p, struct siphash *state) { |
1402 | siphash24_compress(&p->address_generation_type, sizeof(p->address_generation_type), state); | |
1403 | siphash24_compress(&p->prefix, sizeof(p->prefix), state); | |
1404 | } | |
1405 | ||
1406 | static int ipv6_token_compare_func(const IPv6Token *a, const IPv6Token *b) { | |
1407 | int r; | |
1408 | ||
1409 | r = CMP(a->address_generation_type, b->address_generation_type); | |
1410 | if (r != 0) | |
1411 | return r; | |
1412 | ||
1413 | return memcmp(&a->prefix, &b->prefix, sizeof(struct in6_addr)); | |
1414 | } | |
1415 | ||
1416 | DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR( | |
5f506a55 | 1417 | ipv6_token_hash_ops, |
5f506a55 | 1418 | IPv6Token, |
2c621495 YW |
1419 | ipv6_token_hash_func, |
1420 | ipv6_token_compare_func, | |
5f506a55 SS |
1421 | free); |
1422 | ||
de6b6ff8 | 1423 | int config_parse_ndisc_address_filter( |
e520ce64 SS |
1424 | const char *unit, |
1425 | const char *filename, | |
1426 | unsigned line, | |
1427 | const char *section, | |
1428 | unsigned section_line, | |
1429 | const char *lvalue, | |
1430 | int ltype, | |
1431 | const char *rvalue, | |
1432 | void *data, | |
1433 | void *userdata) { | |
1434 | ||
16c89e64 | 1435 | Set **list = data; |
e520ce64 SS |
1436 | int r; |
1437 | ||
1438 | assert(filename); | |
1439 | assert(lvalue); | |
1440 | assert(rvalue); | |
1441 | assert(data); | |
1442 | ||
1443 | if (isempty(rvalue)) { | |
16c89e64 | 1444 | *list = set_free_free(*list); |
e520ce64 SS |
1445 | return 0; |
1446 | } | |
1447 | ||
16c89e64 | 1448 | for (const char *p = rvalue;;) { |
e520ce64 SS |
1449 | _cleanup_free_ char *n = NULL; |
1450 | _cleanup_free_ struct in6_addr *a = NULL; | |
1451 | union in_addr_union ip; | |
1452 | ||
1453 | r = extract_first_word(&p, &n, NULL, 0); | |
d96edb2c YW |
1454 | if (r == -ENOMEM) |
1455 | return log_oom(); | |
e520ce64 | 1456 | if (r < 0) { |
d96edb2c | 1457 | log_syntax(unit, LOG_WARNING, filename, line, r, |
de6b6ff8 SS |
1458 | "Failed to parse NDisc %s=, ignoring assignment: %s", |
1459 | lvalue, rvalue); | |
e520ce64 SS |
1460 | return 0; |
1461 | } | |
1462 | if (r == 0) | |
1463 | return 0; | |
1464 | ||
1465 | r = in_addr_from_string(AF_INET6, n, &ip); | |
1466 | if (r < 0) { | |
d96edb2c | 1467 | log_syntax(unit, LOG_WARNING, filename, line, r, |
de6b6ff8 SS |
1468 | "NDisc %s= entry is invalid, ignoring assignment: %s", |
1469 | lvalue, n); | |
e520ce64 SS |
1470 | continue; |
1471 | } | |
1472 | ||
e520ce64 SS |
1473 | a = newdup(struct in6_addr, &ip.in6, 1); |
1474 | if (!a) | |
1475 | return log_oom(); | |
1476 | ||
16c89e64 | 1477 | r = set_ensure_consume(list, &in6_addr_hash_ops, TAKE_PTR(a)); |
35e601d4 ZJS |
1478 | if (r < 0) |
1479 | return log_oom(); | |
16c89e64 DP |
1480 | if (r == 0) |
1481 | log_syntax(unit, LOG_WARNING, filename, line, 0, | |
de6b6ff8 SS |
1482 | "NDisc %s= entry is duplicated, ignoring assignment: %s", |
1483 | lvalue, n); | |
e520ce64 | 1484 | } |
e520ce64 | 1485 | } |
5f506a55 SS |
1486 | |
1487 | int config_parse_address_generation_type( | |
1488 | const char *unit, | |
1489 | const char *filename, | |
1490 | unsigned line, | |
1491 | const char *section, | |
1492 | unsigned section_line, | |
1493 | const char *lvalue, | |
1494 | int ltype, | |
1495 | const char *rvalue, | |
1496 | void *data, | |
1497 | void *userdata) { | |
1498 | ||
1499 | _cleanup_free_ IPv6Token *token = NULL; | |
5f506a55 SS |
1500 | union in_addr_union buffer; |
1501 | Network *network = data; | |
1502 | const char *p; | |
1503 | int r; | |
1504 | ||
1505 | assert(filename); | |
1506 | assert(lvalue); | |
1507 | assert(rvalue); | |
1508 | assert(data); | |
1509 | ||
1510 | if (isempty(rvalue)) { | |
2c621495 | 1511 | network->ipv6_tokens = ordered_set_free(network->ipv6_tokens); |
5f506a55 SS |
1512 | return 0; |
1513 | } | |
1514 | ||
5f506a55 SS |
1515 | r = ipv6token_new(&token); |
1516 | if (r < 0) | |
1517 | return log_oom(); | |
1518 | ||
b27caa34 | 1519 | if ((p = startswith(rvalue, "prefixstable"))) { |
5f506a55 | 1520 | token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE; |
b27caa34 YW |
1521 | if (*p == ':') |
1522 | p++; | |
1523 | else if (*p == '\0') | |
1524 | p = NULL; | |
1525 | else { | |
1526 | log_syntax(unit, LOG_WARNING, filename, line, 0, | |
1527 | "Invalid IPv6 token mode in %s=, ignoring assignment: %s", | |
1528 | lvalue, rvalue); | |
1529 | return 0; | |
1530 | } | |
1531 | } else { | |
e2c4070e | 1532 | token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_STATIC; |
b27caa34 YW |
1533 | p = startswith(rvalue, "static:"); |
1534 | if (!p) | |
1535 | p = rvalue; | |
f0c1ad30 YW |
1536 | } |
1537 | ||
b27caa34 YW |
1538 | if (p) { |
1539 | r = in_addr_from_string(AF_INET6, p, &buffer); | |
1540 | if (r < 0) { | |
1541 | log_syntax(unit, LOG_WARNING, filename, line, r, | |
1542 | "Failed to parse IP address in %s=, ignoring assignment: %s", | |
1543 | lvalue, rvalue); | |
1544 | return 0; | |
1545 | } | |
1546 | if (token->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC && | |
1547 | in_addr_is_null(AF_INET6, &buffer)) { | |
1548 | log_syntax(unit, LOG_WARNING, filename, line, 0, | |
1549 | "IPv6 address in %s= cannot be the ANY address, ignoring assignment: %s", | |
1550 | lvalue, rvalue); | |
1551 | return 0; | |
1552 | } | |
1553 | token->prefix = buffer.in6; | |
5f506a55 SS |
1554 | } |
1555 | ||
9b1fd1f5 SS |
1556 | r = ordered_set_ensure_put(&network->ipv6_tokens, &ipv6_token_hash_ops, token); |
1557 | if (r == -ENOMEM) | |
5f506a55 | 1558 | return log_oom(); |
2c621495 YW |
1559 | if (r == -EEXIST) |
1560 | log_syntax(unit, LOG_DEBUG, filename, line, r, | |
1561 | "IPv6 token '%s' is duplicated, ignoring: %m", rvalue); | |
1562 | else if (r < 0) | |
d96edb2c | 1563 | log_syntax(unit, LOG_WARNING, filename, line, r, |
2c621495 YW |
1564 | "Failed to store IPv6 token '%s', ignoring: %m", rvalue); |
1565 | else | |
1566 | TAKE_PTR(token); | |
5f506a55 SS |
1567 | |
1568 | return 0; | |
1569 | } | |
ac24e418 | 1570 | |
f225a338 YW |
1571 | DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_use_domains, dhcp_use_domains, DHCPUseDomains, |
1572 | "Failed to parse UseDomains= setting"); | |
ac24e418 | 1573 | DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_start_dhcp6_client, ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client, |
f225a338 | 1574 | "Failed to parse DHCPv6Client= setting"); |
ac24e418 SS |
1575 | static const char* const ipv6_accept_ra_start_dhcp6_client_table[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX] = { |
1576 | [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO] = "no", | |
1577 | [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS] = "always", | |
1578 | [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES] = "yes", | |
1579 | }; | |
1580 | ||
1581 | DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES); |