1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 #include <netinet/in.h>
4 #include <linux/l2tp.h>
5 #include <linux/genetlink.h>
7 #include "conf-parser.h"
9 #include "l2tp-tunnel.h"
10 #include "netlink-util.h"
11 #include "networkd-address.h"
12 #include "networkd-manager.h"
13 #include "parse-util.h"
14 #include "socket-util.h"
15 #include "string-table.h"
16 #include "string-util.h"
19 static const char* const l2tp_l2spec_type_table
[_NETDEV_L2TP_L2SPECTYPE_MAX
] = {
20 [NETDEV_L2TP_L2SPECTYPE_NONE
] = "none",
21 [NETDEV_L2TP_L2SPECTYPE_DEFAULT
] = "default",
24 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_l2spec_type
, L2tpL2specType
);
26 static const char* const l2tp_encap_type_table
[_NETDEV_L2TP_ENCAPTYPE_MAX
] = {
27 [NETDEV_L2TP_ENCAPTYPE_UDP
] = "udp",
28 [NETDEV_L2TP_ENCAPTYPE_IP
] = "ip",
31 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_encap_type
, L2tpEncapType
);
32 DEFINE_CONFIG_PARSE_ENUM(config_parse_l2tp_encap_type
, l2tp_encap_type
, L2tpEncapType
, "Failed to parse L2TP Encapsulation Type");
34 static const char* const l2tp_local_address_type_table
[_NETDEV_L2TP_LOCAL_ADDRESS_MAX
] = {
35 [NETDEV_L2TP_LOCAL_ADDRESS_AUTO
] = "auto",
36 [NETDEV_L2TP_LOCAL_ADDRESS_STATIC
] = "static",
37 [NETDEV_L2TP_LOCAL_ADDRESS_DYNAMIC
] = "dynamic",
40 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_local_address_type
, L2tpLocalAddressType
);
42 static void l2tp_session_free(L2tpSession
*s
) {
46 if (s
->tunnel
&& s
->section
)
47 ordered_hashmap_remove(s
->tunnel
->sessions_by_section
, s
);
49 network_config_section_free(s
->section
);
56 DEFINE_NETWORK_SECTION_FUNCTIONS(L2tpSession
, l2tp_session_free
);
58 static int l2tp_session_new_static(L2tpTunnel
*t
, const char *filename
, unsigned section_line
, L2tpSession
**ret
) {
59 _cleanup_(network_config_section_freep
) NetworkConfigSection
*n
= NULL
;
60 _cleanup_(l2tp_session_freep
) L2tpSession
*s
= NULL
;
66 assert(section_line
> 0);
68 r
= network_config_section_new(filename
, section_line
, &n
);
72 s
= ordered_hashmap_get(t
->sessions_by_section
, n
);
78 s
= new(L2tpSession
, 1);
83 .l2tp_l2spec_type
= NETDEV_L2TP_L2SPECTYPE_DEFAULT
,
85 .section
= TAKE_PTR(n
),
88 r
= ordered_hashmap_ensure_allocated(&t
->sessions_by_section
, &network_config_hash_ops
);
92 r
= ordered_hashmap_put(t
->sessions_by_section
, s
->section
, s
);
100 static int netdev_l2tp_fill_message_tunnel(NetDev
*netdev
, union in_addr_union
*local_address
, sd_netlink_message
**ret
) {
101 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
107 assert(local_address
);
113 r
= sd_genl_message_new(netdev
->manager
->genl
, SD_GENL_L2TP
, L2TP_CMD_TUNNEL_CREATE
, &m
);
115 return log_netdev_error_errno(netdev
, r
, "Failed to create generic netlink message: %m");
117 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_CONN_ID
, t
->tunnel_id
);
119 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_CONN_ID attribute: %m");
121 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_CONN_ID
, t
->peer_tunnel_id
);
123 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_PEER_CONN_ID attribute: %m");
125 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_PROTO_VERSION
, 3);
127 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_PROTO_VERSION attribute: %m");
129 switch(t
->l2tp_encap_type
) {
130 case NETDEV_L2TP_ENCAPTYPE_IP
:
131 encap_type
= L2TP_ENCAPTYPE_IP
;
133 case NETDEV_L2TP_ENCAPTYPE_UDP
:
135 encap_type
= L2TP_ENCAPTYPE_UDP
;
139 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_ENCAP_TYPE
, encap_type
);
141 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_ENCAP_TYPE attribute: %m");
143 if (t
->family
== AF_INET
) {
144 r
= sd_netlink_message_append_in_addr(m
, L2TP_ATTR_IP_SADDR
, &local_address
->in
);
146 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_IP_SADDR attribute: %m");
148 r
= sd_netlink_message_append_in_addr(m
, L2TP_ATTR_IP_DADDR
, &t
->remote
.in
);
150 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_IP_DADDR attribute: %m");
152 r
= sd_netlink_message_append_in6_addr(m
, L2TP_ATTR_IP6_SADDR
, &local_address
->in6
);
154 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_IP6_SADDR attribute: %m");
156 r
= sd_netlink_message_append_in6_addr(m
, L2TP_ATTR_IP6_DADDR
, &t
->remote
.in6
);
158 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_IP6_DADDR attribute: %m");
161 if (encap_type
== L2TP_ENCAPTYPE_UDP
) {
162 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_UDP_SPORT
, t
->l2tp_udp_sport
);
164 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_UDP_SPORT, attribute: %m");
166 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_UDP_DPORT
, t
->l2tp_udp_dport
);
168 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_UDP_DPORT attribute: %m");
171 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_UDP_CSUM
, t
->udp_csum
);
173 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_UDP_CSUM attribute: %m");
176 if (t
->udp6_csum_tx
) {
177 r
= sd_netlink_message_append_flag(m
, L2TP_ATTR_UDP_ZERO_CSUM6_TX
);
179 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_UDP_ZERO_CSUM6_TX attribute: %m");
182 if (t
->udp6_csum_rx
) {
183 r
= sd_netlink_message_append_flag(m
, L2TP_ATTR_UDP_ZERO_CSUM6_RX
);
185 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_UDP_ZERO_CSUM6_RX attribute: %m");
194 static int netdev_l2tp_fill_message_session(NetDev
*netdev
, L2tpSession
*session
, sd_netlink_message
**ret
) {
195 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
196 uint16_t l2_spec_len
;
197 uint8_t l2_spec_type
;
202 assert(session
->tunnel
);
204 r
= sd_genl_message_new(netdev
->manager
->genl
, SD_GENL_L2TP
, L2TP_CMD_SESSION_CREATE
, &m
);
206 return log_netdev_error_errno(netdev
, r
, "Failed to create generic netlink message: %m");
208 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_CONN_ID
, session
->tunnel
->tunnel_id
);
210 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_CONN_ID attribute: %m");
212 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_CONN_ID
, session
->tunnel
->peer_tunnel_id
);
214 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_PEER_CONN_ID attribute: %m");
216 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_SESSION_ID
, session
->session_id
);
218 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_SESSION_ID attribute: %m");
220 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_SESSION_ID
, session
->peer_session_id
);
222 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_PEER_SESSION_ID attribute: %m");
224 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_PW_TYPE
, L2TP_PWTYPE_ETH
);
226 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_PW_TYPE attribute: %m");
228 switch (session
->l2tp_l2spec_type
) {
229 case NETDEV_L2TP_L2SPECTYPE_NONE
:
230 l2_spec_type
= L2TP_L2SPECTYPE_NONE
;
233 case NETDEV_L2TP_L2SPECTYPE_DEFAULT
:
235 l2_spec_type
= L2TP_L2SPECTYPE_DEFAULT
;
240 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_L2SPEC_TYPE
, l2_spec_type
);
242 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_L2SPEC_TYPE attribute: %m");
244 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_L2SPEC_LEN
, l2_spec_len
);
246 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_L2SPEC_LEN attribute: %m");
248 r
= sd_netlink_message_append_string(m
, L2TP_ATTR_IFNAME
, session
->name
);
250 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_IFNAME attribute: %m");
257 static int l2tp_acquire_local_address_one(L2tpTunnel
*t
, Address
*a
, union in_addr_union
*ret
) {
258 if (a
->family
!= t
->family
)
261 if (in_addr_is_null(a
->family
, &a
->in_addr_peer
) <= 0)
264 if (t
->local_address_type
== NETDEV_L2TP_LOCAL_ADDRESS_STATIC
&&
265 !FLAGS_SET(a
->flags
, IFA_F_PERMANENT
))
268 if (t
->local_address_type
== NETDEV_L2TP_LOCAL_ADDRESS_DYNAMIC
&&
269 FLAGS_SET(a
->flags
, IFA_F_PERMANENT
))
276 static int l2tp_acquire_local_address(L2tpTunnel
*t
, Link
*link
, union in_addr_union
*ret
) {
283 assert(IN_SET(t
->family
, AF_INET
, AF_INET6
));
285 if (!in_addr_is_null(t
->family
, &t
->local
)) {
286 /* local address is explicitly specified. */
291 SET_FOREACH(a
, link
->addresses
, i
)
292 if (l2tp_acquire_local_address_one(t
, a
, ret
) >= 0)
295 SET_FOREACH(a
, link
->addresses_foreign
, i
)
296 if (l2tp_acquire_local_address_one(t
, a
, ret
) >= 0)
302 static void l2tp_session_destroy_callback(L2tpSession
*session
) {
306 netdev_unref(NETDEV(session
->tunnel
));
309 static int l2tp_create_session_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, L2tpSession
*session
) {
314 assert(session
->tunnel
);
316 netdev
= NETDEV(session
->tunnel
);
318 r
= sd_netlink_message_get_errno(m
);
320 log_netdev_info(netdev
, "L2TP session %s exists, using existing without changing its parameters",
323 log_netdev_warning_errno(netdev
, r
, "L2TP session %s could not be created: %m", session
->name
);
327 log_netdev_debug(netdev
, "L2TP session %s created", session
->name
);
331 static int l2tp_create_session(NetDev
*netdev
, L2tpSession
*session
) {
332 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*n
= NULL
;
335 r
= netdev_l2tp_fill_message_session(netdev
, session
, &n
);
339 r
= netlink_call_async(netdev
->manager
->genl
, NULL
, n
, l2tp_create_session_handler
,
340 l2tp_session_destroy_callback
, session
);
342 return log_netdev_error_errno(netdev
, r
, "Failed to create L2TP session %s: %m", session
->name
);
348 static int l2tp_create_tunnel_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, NetDev
*netdev
) {
349 L2tpSession
*session
;
355 assert(netdev
->state
!= _NETDEV_STATE_INVALID
);
361 r
= sd_netlink_message_get_errno(m
);
363 log_netdev_info(netdev
, "netdev exists, using existing without changing its parameters");
365 log_netdev_warning_errno(netdev
, r
, "netdev could not be created: %m");
371 log_netdev_debug(netdev
, "L2TP tunnel is created");
373 ORDERED_HASHMAP_FOREACH(session
, t
->sessions_by_section
, i
)
374 (void) l2tp_create_session(netdev
, session
);
379 static int l2tp_create_tunnel(NetDev
*netdev
, Link
*link
) {
380 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
381 union in_addr_union local_address
;
391 r
= l2tp_acquire_local_address(t
, link
, &local_address
);
393 return log_netdev_error_errno(netdev
, r
, "Could not find local address.");
395 if (r
> 0 && DEBUG_LOGGING
) {
396 _cleanup_free_
char *str
= NULL
;
398 (void) in_addr_to_string(t
->family
, &local_address
, &str
);
399 log_netdev_debug(netdev
, "Local address %s acquired.", strna(str
));
402 r
= netdev_l2tp_fill_message_tunnel(netdev
, &local_address
, &m
);
406 r
= netlink_call_async(netdev
->manager
->genl
, NULL
, m
, l2tp_create_tunnel_handler
,
407 netdev_destroy_callback
, netdev
);
409 return log_netdev_error_errno(netdev
, r
, "Failed to create L2TP tunnel: %m");
416 int config_parse_l2tp_tunnel_address(
418 const char *filename
,
421 unsigned section_line
,
428 L2tpTunnel
*t
= userdata
;
429 union in_addr_union
*addr
= data
;
437 if (streq(lvalue
, "Local")) {
438 L2tpLocalAddressType addr_type
;
441 addr_type
= NETDEV_L2TP_LOCAL_ADDRESS_AUTO
;
443 addr_type
= l2tp_local_address_type_from_string(rvalue
);
445 if (addr_type
>= 0) {
446 if (in_addr_is_null(t
->family
, &t
->remote
) != 0)
447 /* If Remote= is not specified yet, then also clear family. */
448 t
->family
= AF_UNSPEC
;
450 t
->local
= IN_ADDR_NULL
;
451 t
->local_address_type
= addr_type
;
457 if (t
->family
== AF_UNSPEC
)
458 r
= in_addr_from_string_auto(rvalue
, &t
->family
, addr
);
460 r
= in_addr_from_string(t
->family
, rvalue
, addr
);
462 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
463 "Invalid L2TP Tunnel address specified in %s='%s', ignoring assignment: %m", lvalue
, rvalue
);
470 int config_parse_l2tp_tunnel_id(
472 const char *filename
,
475 unsigned section_line
,
482 uint32_t *id
= data
, k
;
490 r
= safe_atou32(rvalue
, &k
);
492 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
493 "Failed to parse L2TP tunnel id. Ignoring assignment: %s", rvalue
);
498 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
499 "Invalid L2TP tunnel id. Ignoring assignment: %s", rvalue
);
508 int config_parse_l2tp_session_id(
510 const char *filename
,
513 unsigned section_line
,
520 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
521 L2tpTunnel
*t
= userdata
;
531 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
535 r
= safe_atou32(rvalue
, &k
);
537 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
538 "Failed to parse L2TP session id. Ignoring assignment: %s", rvalue
);
543 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
544 "Invalid L2TP session id. Ignoring assignment: %s", rvalue
);
548 if (streq(lvalue
, "SessionId"))
549 session
->session_id
= k
;
551 session
->peer_session_id
= k
;
557 int config_parse_l2tp_session_l2spec(
559 const char *filename
,
562 unsigned section_line
,
569 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
570 L2tpTunnel
*t
= userdata
;
580 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
584 spec
= l2tp_l2spec_type_from_string(rvalue
);
586 log_syntax(unit
, LOG_ERR
, filename
, line
, 0,
587 "Failed to parse layer2 specific header type. Ignoring assignment: %s", rvalue
);
591 session
->l2tp_l2spec_type
= spec
;
597 int config_parse_l2tp_session_name(
599 const char *filename
,
602 unsigned section_line
,
609 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
610 L2tpTunnel
*t
= userdata
;
619 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
623 if (!ifname_valid(rvalue
)) {
624 log_syntax(unit
, LOG_ERR
, filename
, line
, 0,
625 "Failed to parse L2TP tunnel session name. Ignoring assignment: %s", rvalue
);
629 r
= free_and_strdup(&session
->name
, rvalue
);
637 static void l2tp_tunnel_init(NetDev
*netdev
) {
646 t
->l2tp_encap_type
= NETDEV_L2TP_ENCAPTYPE_UDP
;
647 t
->udp6_csum_rx
= true;
648 t
->udp6_csum_tx
= true;
651 static int l2tp_session_verify(L2tpSession
*session
) {
655 assert(session
->tunnel
);
657 netdev
= NETDEV(session
->tunnel
);
659 if (section_is_invalid(session
->section
))
663 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
664 "%s: L2TP session without name configured. "
665 "Ignoring [L2TPSession] section from line %u",
666 session
->section
->filename
, session
->section
->line
);
668 if (session
->session_id
== 0 || session
->peer_session_id
== 0)
669 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
670 "%s: L2TP session without session IDs configured. "
671 "Ignoring [L2TPSession] section from line %u",
672 session
->section
->filename
, session
->section
->line
);
677 static int netdev_l2tp_tunnel_verify(NetDev
*netdev
, const char *filename
) {
679 L2tpSession
*session
;
689 if (!IN_SET(t
->family
, AF_INET
, AF_INET6
))
690 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
691 "%s: L2TP tunnel with invalid address family configured. Ignoring",
694 if (in_addr_is_null(t
->family
, &t
->remote
))
695 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
696 "%s: L2TP tunnel without a remote address configured. Ignoring",
699 if (t
->tunnel_id
== 0 || t
->peer_tunnel_id
== 0)
700 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
701 "%s: L2TP tunnel without tunnel IDs configured. Ignoring",
704 ORDERED_HASHMAP_FOREACH(session
, t
->sessions_by_section
, i
)
705 if (l2tp_session_verify(session
) < 0)
706 l2tp_session_free(session
);
711 static void l2tp_tunnel_done(NetDev
*netdev
) {
720 ordered_hashmap_free_with_destructor(t
->sessions_by_section
, l2tp_session_free
);
723 const NetDevVTable l2tptnl_vtable
= {
724 .object_size
= sizeof(L2tpTunnel
),
725 .init
= l2tp_tunnel_init
,
726 .sections
= NETDEV_COMMON_SECTIONS
"L2TP\0L2TPSession\0",
727 .create_after_configured
= l2tp_create_tunnel
,
728 .done
= l2tp_tunnel_done
,
729 .create_type
= NETDEV_CREATE_AFTER_CONFIGURED
,
730 .config_verify
= netdev_l2tp_tunnel_verify
,