1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include <netinet/in.h>
4 #include <linux/l2tp.h>
5 #include <linux/genetlink.h>
7 #include "conf-parser.h"
9 #include "l2tp-tunnel.h"
10 #include "netlink-util.h"
11 #include "networkd-address.h"
12 #include "networkd-manager.h"
13 #include "parse-util.h"
14 #include "socket-util.h"
15 #include "string-table.h"
16 #include "string-util.h"
19 static const char* const l2tp_l2spec_type_table
[_NETDEV_L2TP_L2SPECTYPE_MAX
] = {
20 [NETDEV_L2TP_L2SPECTYPE_NONE
] = "none",
21 [NETDEV_L2TP_L2SPECTYPE_DEFAULT
] = "default",
24 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_l2spec_type
, L2tpL2specType
);
26 static const char* const l2tp_encap_type_table
[_NETDEV_L2TP_ENCAPTYPE_MAX
] = {
27 [NETDEV_L2TP_ENCAPTYPE_UDP
] = "udp",
28 [NETDEV_L2TP_ENCAPTYPE_IP
] = "ip",
31 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_encap_type
, L2tpEncapType
);
32 DEFINE_CONFIG_PARSE_ENUM(config_parse_l2tp_encap_type
, l2tp_encap_type
, L2tpEncapType
, "Failed to parse L2TP Encapsulation Type");
34 static const char* const l2tp_local_address_type_table
[_NETDEV_L2TP_LOCAL_ADDRESS_MAX
] = {
35 [NETDEV_L2TP_LOCAL_ADDRESS_AUTO
] = "auto",
36 [NETDEV_L2TP_LOCAL_ADDRESS_STATIC
] = "static",
37 [NETDEV_L2TP_LOCAL_ADDRESS_DYNAMIC
] = "dynamic",
40 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_local_address_type
, L2tpLocalAddressType
);
42 static L2tpSession
* l2tp_session_free(L2tpSession
*s
) {
46 if (s
->tunnel
&& s
->section
)
47 ordered_hashmap_remove(s
->tunnel
->sessions_by_section
, s
->section
);
49 config_section_free(s
->section
);
54 DEFINE_SECTION_CLEANUP_FUNCTIONS(L2tpSession
, l2tp_session_free
);
56 static int l2tp_session_new_static(L2tpTunnel
*t
, const char *filename
, unsigned section_line
, L2tpSession
**ret
) {
57 _cleanup_(config_section_freep
) ConfigSection
*n
= NULL
;
58 _cleanup_(l2tp_session_freep
) L2tpSession
*s
= NULL
;
64 assert(section_line
> 0);
66 r
= config_section_new(filename
, section_line
, &n
);
70 s
= ordered_hashmap_get(t
->sessions_by_section
, n
);
76 s
= new(L2tpSession
, 1);
81 .l2tp_l2spec_type
= NETDEV_L2TP_L2SPECTYPE_DEFAULT
,
83 .section
= TAKE_PTR(n
),
86 r
= ordered_hashmap_ensure_put(&t
->sessions_by_section
, &config_section_hash_ops
, s
->section
, s
);
94 static int netdev_l2tp_create_message_tunnel(NetDev
*netdev
, union in_addr_union
*local_address
, sd_netlink_message
**ret
) {
95 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
101 assert(local_address
);
102 assert_se(t
= L2TP(netdev
));
104 r
= sd_genl_message_new(netdev
->manager
->genl
, L2TP_GENL_NAME
, L2TP_CMD_TUNNEL_CREATE
, &m
);
108 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_CONN_ID
, t
->tunnel_id
);
112 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_CONN_ID
, t
->peer_tunnel_id
);
116 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_PROTO_VERSION
, 3);
120 switch(t
->l2tp_encap_type
) {
121 case NETDEV_L2TP_ENCAPTYPE_IP
:
122 encap_type
= L2TP_ENCAPTYPE_IP
;
124 case NETDEV_L2TP_ENCAPTYPE_UDP
:
126 encap_type
= L2TP_ENCAPTYPE_UDP
;
130 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_ENCAP_TYPE
, encap_type
);
134 if (t
->family
== AF_INET
) {
135 r
= sd_netlink_message_append_in_addr(m
, L2TP_ATTR_IP_SADDR
, &local_address
->in
);
139 r
= sd_netlink_message_append_in_addr(m
, L2TP_ATTR_IP_DADDR
, &t
->remote
.in
);
143 r
= sd_netlink_message_append_in6_addr(m
, L2TP_ATTR_IP6_SADDR
, &local_address
->in6
);
147 r
= sd_netlink_message_append_in6_addr(m
, L2TP_ATTR_IP6_DADDR
, &t
->remote
.in6
);
152 if (encap_type
== L2TP_ENCAPTYPE_UDP
) {
153 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_UDP_SPORT
, t
->l2tp_udp_sport
);
157 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_UDP_DPORT
, t
->l2tp_udp_dport
);
162 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_UDP_CSUM
, t
->udp_csum
);
167 if (t
->udp6_csum_tx
) {
168 r
= sd_netlink_message_append_flag(m
, L2TP_ATTR_UDP_ZERO_CSUM6_TX
);
173 if (t
->udp6_csum_rx
) {
174 r
= sd_netlink_message_append_flag(m
, L2TP_ATTR_UDP_ZERO_CSUM6_RX
);
185 static int netdev_l2tp_create_message_session(NetDev
*netdev
, L2tpSession
*session
, sd_netlink_message
**ret
) {
186 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
187 uint16_t l2_spec_len
;
188 uint8_t l2_spec_type
;
193 assert(session
->tunnel
);
195 r
= sd_genl_message_new(netdev
->manager
->genl
, L2TP_GENL_NAME
, L2TP_CMD_SESSION_CREATE
, &m
);
199 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_CONN_ID
, session
->tunnel
->tunnel_id
);
203 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_CONN_ID
, session
->tunnel
->peer_tunnel_id
);
207 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_SESSION_ID
, session
->session_id
);
211 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_SESSION_ID
, session
->peer_session_id
);
215 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_PW_TYPE
, L2TP_PWTYPE_ETH
);
219 switch (session
->l2tp_l2spec_type
) {
220 case NETDEV_L2TP_L2SPECTYPE_NONE
:
221 l2_spec_type
= L2TP_L2SPECTYPE_NONE
;
224 case NETDEV_L2TP_L2SPECTYPE_DEFAULT
:
226 l2_spec_type
= L2TP_L2SPECTYPE_DEFAULT
;
231 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_L2SPEC_TYPE
, l2_spec_type
);
235 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_L2SPEC_LEN
, l2_spec_len
);
239 r
= sd_netlink_message_append_string(m
, L2TP_ATTR_IFNAME
, session
->name
);
248 static int l2tp_acquire_local_address_one(L2tpTunnel
*t
, Address
*a
, union in_addr_union
*ret
) {
249 if (a
->family
!= t
->family
)
252 if (in_addr_is_set(a
->family
, &a
->in_addr_peer
))
255 if (t
->local_address_type
== NETDEV_L2TP_LOCAL_ADDRESS_STATIC
&&
256 !FLAGS_SET(a
->flags
, IFA_F_PERMANENT
))
259 if (t
->local_address_type
== NETDEV_L2TP_LOCAL_ADDRESS_DYNAMIC
&&
260 FLAGS_SET(a
->flags
, IFA_F_PERMANENT
))
267 static int l2tp_acquire_local_address(L2tpTunnel
*t
, Link
*link
, union in_addr_union
*ret
) {
273 assert(IN_SET(t
->family
, AF_INET
, AF_INET6
));
275 if (in_addr_is_set(t
->family
, &t
->local
)) {
276 /* local address is explicitly specified. */
281 SET_FOREACH(a
, link
->addresses
)
282 if (l2tp_acquire_local_address_one(t
, a
, ret
) >= 0)
288 static void l2tp_session_destroy_callback(L2tpSession
*session
) {
292 netdev_unref(NETDEV(session
->tunnel
));
295 static int l2tp_create_session_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, L2tpSession
*session
) {
300 assert(session
->tunnel
);
302 netdev
= NETDEV(session
->tunnel
);
304 r
= sd_netlink_message_get_errno(m
);
306 log_netdev_info(netdev
, "L2TP session %s exists, using existing without changing its parameters",
309 log_netdev_warning_errno(netdev
, r
, "L2TP session %s could not be created: %m", session
->name
);
313 log_netdev_debug(netdev
, "L2TP session %s created", session
->name
);
317 static int l2tp_create_session(NetDev
*netdev
, L2tpSession
*session
) {
318 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*n
= NULL
;
321 r
= netdev_l2tp_create_message_session(netdev
, session
, &n
);
323 return log_netdev_error_errno(netdev
, r
, "Failed to create netlink message: %m");
325 r
= netlink_call_async(netdev
->manager
->genl
, NULL
, n
, l2tp_create_session_handler
,
326 l2tp_session_destroy_callback
, session
);
328 return log_netdev_error_errno(netdev
, r
, "Failed to create L2TP session %s: %m", session
->name
);
334 static int l2tp_create_tunnel_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, NetDev
*netdev
) {
335 L2tpSession
*session
;
340 assert(netdev
->state
!= _NETDEV_STATE_INVALID
);
346 r
= sd_netlink_message_get_errno(m
);
348 log_netdev_info(netdev
, "netdev exists, using existing without changing its parameters");
350 log_netdev_warning_errno(netdev
, r
, "netdev could not be created: %m");
351 netdev_enter_failed(netdev
);
356 log_netdev_debug(netdev
, "L2TP tunnel is created");
358 ORDERED_HASHMAP_FOREACH(session
, t
->sessions_by_section
)
359 (void) l2tp_create_session(netdev
, session
);
364 static int l2tp_create_tunnel(NetDev
*netdev
, Link
*link
) {
365 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
366 union in_addr_union local_address
;
371 assert_se(t
= L2TP(netdev
));
373 r
= l2tp_acquire_local_address(t
, link
, &local_address
);
375 return log_netdev_error_errno(netdev
, r
, "Could not find local address.");
377 if (r
> 0 && DEBUG_LOGGING
) {
378 _cleanup_free_
char *str
= NULL
;
380 (void) in_addr_to_string(t
->family
, &local_address
, &str
);
381 log_netdev_debug(netdev
, "Local address %s acquired.", strna(str
));
384 r
= netdev_l2tp_create_message_tunnel(netdev
, &local_address
, &m
);
386 return log_netdev_error_errno(netdev
, r
, "Failed to create netlink message: %m");
388 r
= netlink_call_async(netdev
->manager
->genl
, NULL
, m
, l2tp_create_tunnel_handler
,
389 netdev_destroy_callback
, netdev
);
391 return log_netdev_error_errno(netdev
, r
, "Failed to create L2TP tunnel: %m");
398 int config_parse_l2tp_tunnel_address(
400 const char *filename
,
403 unsigned section_line
,
410 L2tpTunnel
*t
= userdata
;
411 union in_addr_union
*addr
= data
;
419 if (streq(lvalue
, "Local")) {
420 L2tpLocalAddressType addr_type
;
423 addr_type
= NETDEV_L2TP_LOCAL_ADDRESS_AUTO
;
425 addr_type
= l2tp_local_address_type_from_string(rvalue
);
427 if (addr_type
>= 0) {
428 if (!in_addr_is_set(t
->family
, &t
->remote
))
429 /* If Remote= is not specified yet, then also clear family. */
430 t
->family
= AF_UNSPEC
;
432 t
->local
= IN_ADDR_NULL
;
433 t
->local_address_type
= addr_type
;
439 if (t
->family
== AF_UNSPEC
)
440 r
= in_addr_from_string_auto(rvalue
, &t
->family
, addr
);
442 r
= in_addr_from_string(t
->family
, rvalue
, addr
);
444 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
445 "Invalid L2TP Tunnel address specified in %s='%s', ignoring assignment: %m", lvalue
, rvalue
);
452 int config_parse_l2tp_tunnel_id(
454 const char *filename
,
457 unsigned section_line
,
464 uint32_t *id
= data
, k
;
472 r
= safe_atou32(rvalue
, &k
);
474 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
475 "Failed to parse L2TP tunnel id. Ignoring assignment: %s", rvalue
);
480 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
481 "Invalid L2TP tunnel id. Ignoring assignment: %s", rvalue
);
490 int config_parse_l2tp_session_id(
492 const char *filename
,
495 unsigned section_line
,
502 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
503 L2tpTunnel
*t
= userdata
;
513 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
517 r
= safe_atou32(rvalue
, &k
);
519 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
520 "Failed to parse L2TP session id. Ignoring assignment: %s", rvalue
);
525 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
526 "Invalid L2TP session id. Ignoring assignment: %s", rvalue
);
530 if (streq(lvalue
, "SessionId"))
531 session
->session_id
= k
;
533 session
->peer_session_id
= k
;
539 int config_parse_l2tp_session_l2spec(
541 const char *filename
,
544 unsigned section_line
,
551 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
552 L2tpTunnel
*t
= userdata
;
562 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
566 spec
= l2tp_l2spec_type_from_string(rvalue
);
568 log_syntax(unit
, LOG_WARNING
, filename
, line
, spec
,
569 "Failed to parse layer2 specific header type. Ignoring assignment: %s", rvalue
);
573 session
->l2tp_l2spec_type
= spec
;
579 int config_parse_l2tp_session_name(
581 const char *filename
,
584 unsigned section_line
,
591 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
592 L2tpTunnel
*t
= userdata
;
601 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
605 if (!ifname_valid(rvalue
)) {
606 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
607 "Failed to parse L2TP tunnel session name. Ignoring assignment: %s", rvalue
);
611 r
= free_and_strdup(&session
->name
, rvalue
);
619 static void l2tp_tunnel_init(NetDev
*netdev
) {
628 t
->l2tp_encap_type
= NETDEV_L2TP_ENCAPTYPE_UDP
;
629 t
->udp6_csum_rx
= true;
630 t
->udp6_csum_tx
= true;
633 static int l2tp_session_verify(L2tpSession
*session
) {
637 assert(session
->tunnel
);
639 netdev
= NETDEV(session
->tunnel
);
641 if (section_is_invalid(session
->section
))
645 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
646 "%s: L2TP session without name configured. "
647 "Ignoring [L2TPSession] section from line %u",
648 session
->section
->filename
, session
->section
->line
);
650 if (session
->session_id
== 0 || session
->peer_session_id
== 0)
651 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
652 "%s: L2TP session without session IDs configured. "
653 "Ignoring [L2TPSession] section from line %u",
654 session
->section
->filename
, session
->section
->line
);
659 static int netdev_l2tp_tunnel_verify(NetDev
*netdev
, const char *filename
) {
661 L2tpSession
*session
;
670 if (!IN_SET(t
->family
, AF_INET
, AF_INET6
))
671 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
672 "%s: L2TP tunnel with invalid address family configured. Ignoring",
675 if (!in_addr_is_set(t
->family
, &t
->remote
))
676 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
677 "%s: L2TP tunnel without a remote address configured. Ignoring",
680 if (t
->tunnel_id
== 0 || t
->peer_tunnel_id
== 0)
681 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
682 "%s: L2TP tunnel without tunnel IDs configured. Ignoring",
685 ORDERED_HASHMAP_FOREACH(session
, t
->sessions_by_section
)
686 if (l2tp_session_verify(session
) < 0)
687 l2tp_session_free(session
);
692 static void l2tp_tunnel_done(NetDev
*netdev
) {
701 ordered_hashmap_free_with_destructor(t
->sessions_by_section
, l2tp_session_free
);
704 const NetDevVTable l2tptnl_vtable
= {
705 .object_size
= sizeof(L2tpTunnel
),
706 .init
= l2tp_tunnel_init
,
707 .sections
= NETDEV_COMMON_SECTIONS
"L2TP\0L2TPSession\0",
708 .create_after_configured
= l2tp_create_tunnel
,
709 .done
= l2tp_tunnel_done
,
710 .create_type
= NETDEV_CREATE_AFTER_CONFIGURED
,
711 .config_verify
= netdev_l2tp_tunnel_verify
,