]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/network/networkd-address.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
src/partition: remove unnecessary uses of "make sure"
[thirdparty/systemd.git] / src / network / networkd-address.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <net/if.h>
4 #include <net/if_arp.h>
5
6 #include "alloc-util.h"
7 #include "firewall-util.h"
8 #include "logarithm.h"
9 #include "memory-util.h"
10 #include "netlink-util.h"
11 #include "networkd-address-pool.h"
12 #include "networkd-address.h"
13 #include "networkd-dhcp-server.h"
14 #include "networkd-ipv4acd.h"
15 #include "networkd-manager.h"
16 #include "networkd-netlabel.h"
17 #include "networkd-network.h"
18 #include "networkd-queue.h"
19 #include "networkd-route-util.h"
20 #include "networkd-route.h"
21 #include "parse-util.h"
22 #include "string-util.h"
23 #include "strv.h"
24 #include "strxcpyx.h"
25
26 #define ADDRESSES_PER_LINK_MAX 2048U
27 #define STATIC_ADDRESSES_PER_NETWORK_MAX 1024U
28
29 #define KNOWN_FLAGS \
30 (IFA_F_SECONDARY | \
31 IFA_F_NODAD | \
32 IFA_F_OPTIMISTIC | \
33 IFA_F_DADFAILED | \
34 IFA_F_HOMEADDRESS | \
35 IFA_F_DEPRECATED | \
36 IFA_F_TENTATIVE | \
37 IFA_F_PERMANENT | \
38 IFA_F_MANAGETEMPADDR | \
39 IFA_F_NOPREFIXROUTE | \
40 IFA_F_MCAUTOJOIN | \
41 IFA_F_STABLE_PRIVACY)
42
43 /* From net/ipv4/devinet.c */
44 #define IPV6ONLY_FLAGS \
45 (IFA_F_NODAD | \
46 IFA_F_OPTIMISTIC | \
47 IFA_F_DADFAILED | \
48 IFA_F_HOMEADDRESS | \
49 IFA_F_TENTATIVE | \
50 IFA_F_MANAGETEMPADDR | \
51 IFA_F_STABLE_PRIVACY)
52
53 /* We do not control the following flags. */
54 #define UNMANAGED_FLAGS \
55 (IFA_F_SECONDARY | \
56 IFA_F_DADFAILED | \
57 IFA_F_DEPRECATED | \
58 IFA_F_TENTATIVE | \
59 IFA_F_PERMANENT | \
60 IFA_F_STABLE_PRIVACY)
61
62 int address_flags_to_string_alloc(uint32_t flags, int family, char **ret) {
63 _cleanup_free_ char *str = NULL;
64 static const char* map[] = {
65 [LOG2U(IFA_F_SECONDARY)] = "secondary", /* This is also called "temporary" for ipv6. */
66 [LOG2U(IFA_F_NODAD)] = "nodad",
67 [LOG2U(IFA_F_OPTIMISTIC)] = "optimistic",
68 [LOG2U(IFA_F_DADFAILED)] = "dadfailed",
69 [LOG2U(IFA_F_HOMEADDRESS)] = "home-address",
70 [LOG2U(IFA_F_DEPRECATED)] = "deprecated",
71 [LOG2U(IFA_F_TENTATIVE)] = "tentative",
72 [LOG2U(IFA_F_PERMANENT)] = "permanent",
73 [LOG2U(IFA_F_MANAGETEMPADDR)] = "manage-temporary-address",
74 [LOG2U(IFA_F_NOPREFIXROUTE)] = "no-prefixroute",
75 [LOG2U(IFA_F_MCAUTOJOIN)] = "auto-join",
76 [LOG2U(IFA_F_STABLE_PRIVACY)] = "stable-privacy",
77 };
78
79 assert(IN_SET(family, AF_INET, AF_INET6));
80 assert(ret);
81
82 for (size_t i = 0; i < ELEMENTSOF(map); i++)
83 if (FLAGS_SET(flags, 1 << i) && map[i])
84 if (!strextend_with_separator(
85 &str, ",",
86 family == AF_INET6 && (1 << i) == IFA_F_SECONDARY ? "temporary" : map[i]))
87 return -ENOMEM;
88
89 *ret = TAKE_PTR(str);
90 return 0;
91 }
92
93 static LinkAddressState address_state_from_scope(uint8_t scope) {
94 if (scope < RT_SCOPE_SITE)
95 /* universally accessible addresses found */
96 return LINK_ADDRESS_STATE_ROUTABLE;
97
98 if (scope < RT_SCOPE_HOST)
99 /* only link or site local addresses found */
100 return LINK_ADDRESS_STATE_DEGRADED;
101
102 /* no useful addresses found */
103 return LINK_ADDRESS_STATE_OFF;
104 }
105
106 void link_get_address_states(
107 Link *link,
108 LinkAddressState *ret_ipv4,
109 LinkAddressState *ret_ipv6,
110 LinkAddressState *ret_all) {
111
112 uint8_t ipv4_scope = RT_SCOPE_NOWHERE, ipv6_scope = RT_SCOPE_NOWHERE;
113 Address *address;
114
115 assert(link);
116
117 SET_FOREACH(address, link->addresses) {
118 if (!address_is_ready(address))
119 continue;
120
121 if (address->family == AF_INET)
122 ipv4_scope = MIN(ipv4_scope, address->scope);
123
124 if (address->family == AF_INET6)
125 ipv6_scope = MIN(ipv6_scope, address->scope);
126 }
127
128 if (ret_ipv4)
129 *ret_ipv4 = address_state_from_scope(ipv4_scope);
130 if (ret_ipv6)
131 *ret_ipv6 = address_state_from_scope(ipv6_scope);
132 if (ret_all)
133 *ret_all = address_state_from_scope(MIN(ipv4_scope, ipv6_scope));
134 }
135
136 static void address_hash_func(const Address *a, struct siphash *state);
137 static int address_compare_func(const Address *a1, const Address *a2);
138 static void address_detach(Address *address);
139
140 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
141 address_hash_ops_detach,
142 Address,
143 address_hash_func,
144 address_compare_func,
145 address_detach);
146
147 DEFINE_HASH_OPS(
148 address_hash_ops,
149 Address,
150 address_hash_func,
151 address_compare_func);
152
153 DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
154 address_section_hash_ops,
155 ConfigSection,
156 config_section_hash_func,
157 config_section_compare_func,
158 Address,
159 address_detach);
160
161 int address_new(Address **ret) {
162 _cleanup_(address_unrefp) Address *address = NULL;
163
164 address = new(Address, 1);
165 if (!address)
166 return -ENOMEM;
167
168 *address = (Address) {
169 .n_ref = 1,
170 .family = AF_UNSPEC,
171 .scope = RT_SCOPE_UNIVERSE,
172 .lifetime_valid_usec = USEC_INFINITY,
173 .lifetime_preferred_usec = USEC_INFINITY,
174 .set_broadcast = -1,
175 };
176
177 *ret = TAKE_PTR(address);
178
179 return 0;
180 }
181
182 int address_new_static(Network *network, const char *filename, unsigned section_line, Address **ret) {
183 _cleanup_(config_section_freep) ConfigSection *n = NULL;
184 _cleanup_(address_unrefp) Address *address = NULL;
185 int r;
186
187 assert(network);
188 assert(ret);
189 assert(filename);
190 assert(section_line > 0);
191
192 r = config_section_new(filename, section_line, &n);
193 if (r < 0)
194 return r;
195
196 address = ordered_hashmap_get(network->addresses_by_section, n);
197 if (address) {
198 *ret = TAKE_PTR(address);
199 return 0;
200 }
201
202 if (ordered_hashmap_size(network->addresses_by_section) >= STATIC_ADDRESSES_PER_NETWORK_MAX)
203 return -E2BIG;
204
205 r = address_new(&address);
206 if (r < 0)
207 return r;
208
209 address->network = network;
210 address->section = TAKE_PTR(n);
211 address->source = NETWORK_CONFIG_SOURCE_STATIC;
212 /* This will be adjusted in address_section_verify(). */
213 address->duplicate_address_detection = _ADDRESS_FAMILY_INVALID;
214
215 r = ordered_hashmap_ensure_put(&network->addresses_by_section, &address_section_hash_ops, address->section, address);
216 if (r < 0)
217 return r;
218
219 *ret = TAKE_PTR(address);
220 return 0;
221 }
222
223 static Address* address_detach_impl(Address *address) {
224 assert(address);
225 assert(!address->link || !address->network);
226
227 if (address->network) {
228 assert(address->section);
229 ordered_hashmap_remove(address->network->addresses_by_section, address->section);
230
231 if (address->network->dhcp_server_address == address)
232 address->network->dhcp_server_address = NULL;
233
234 address->network = NULL;
235 return address;
236 }
237
238 if (address->link) {
239 set_remove(address->link->addresses, address);
240
241 address->link = NULL;
242 return address;
243 }
244
245 return NULL;
246 }
247
248 static void address_detach(Address *address) {
249 assert(address);
250
251 address_unref(address_detach_impl(address));
252 }
253
254 static Address* address_free(Address *address) {
255 if (!address)
256 return NULL;
257
258 address_detach_impl(address);
259
260 config_section_free(address->section);
261 free(address->label);
262 free(address->netlabel);
263 nft_set_context_clear(&address->nft_set_context);
264 return mfree(address);
265 }
266
267 DEFINE_TRIVIAL_REF_UNREF_FUNC(Address, address, address_free);
268
269 static bool address_lifetime_is_valid(const Address *a) {
270 assert(a);
271
272 return
273 a->lifetime_valid_usec == USEC_INFINITY ||
274 a->lifetime_valid_usec > now(CLOCK_BOOTTIME);
275 }
276
277 bool address_is_ready(const Address *a) {
278 assert(a);
279 assert(a->link);
280
281 if (!ipv4acd_bound(a->link, a))
282 return false;
283
284 if (FLAGS_SET(a->flags, IFA_F_TENTATIVE))
285 return false;
286
287 if (FLAGS_SET(a->state, NETWORK_CONFIG_STATE_REMOVING))
288 return false;
289
290 if (!FLAGS_SET(a->state, NETWORK_CONFIG_STATE_CONFIGURED))
291 return false;
292
293 return address_lifetime_is_valid(a);
294 }
295
296 bool link_check_addresses_ready(Link *link, NetworkConfigSource source) {
297 Address *a;
298 bool has = false;
299
300 assert(link);
301
302 /* Check if all addresses on the interface are ready. If there is no address, this will return false. */
303
304 SET_FOREACH(a, link->addresses) {
305 if (source >= 0 && a->source != source)
306 continue;
307 if (address_is_marked(a))
308 continue;
309 if (!address_exists(a))
310 continue;
311 if (!address_is_ready(a))
312 return false;
313 has = true;
314 }
315
316 return has;
317 }
318
319 void link_mark_addresses(Link *link, NetworkConfigSource source) {
320 Address *a;
321
322 assert(link);
323
324 SET_FOREACH(a, link->addresses) {
325 if (a->source != source)
326 continue;
327
328 address_mark(a);
329 }
330 }
331
332 static int address_get_broadcast(const Address *a, Link *link, struct in_addr *ret) {
333 struct in_addr b_addr = {};
334
335 assert(a);
336 assert(link);
337
338 /* Returns 0 when broadcast address is null, 1 when non-null broadcast address, -EAGAIN when the main
339 * address is null. */
340
341 /* broadcast is only for IPv4. */
342 if (a->family != AF_INET)
343 goto finalize;
344
345 /* broadcast address cannot be used when peer address is specified. */
346 if (in4_addr_is_set(&a->in_addr_peer.in))
347 goto finalize;
348
349 /* A /31 or /32 IPv4 address does not have a broadcast address.
350 * See https://tools.ietf.org/html/rfc3021 */
351 if (a->prefixlen > 30)
352 goto finalize;
353
354 /* If explicitly configured, use the address as is. */
355 if (in4_addr_is_set(&a->broadcast)) {
356 b_addr = a->broadcast;
357 goto finalize;
358 }
359
360 /* If explicitly disabled, then return null address. */
361 if (a->set_broadcast == 0)
362 goto finalize;
363
364 /* For wireguard interfaces, broadcast is disabled by default. */
365 if (a->set_broadcast < 0 && streq_ptr(link->kind, "wireguard"))
366 goto finalize;
367
368 /* If the main address is null, e.g. Address=0.0.0.0/24, the broadcast address will be automatically
369 * determined after an address is acquired. */
370 if (!in4_addr_is_set(&a->in_addr.in))
371 return -EAGAIN;
372
373 /* Otherwise, generate a broadcast address from the main address and prefix length. */
374 b_addr.s_addr = a->in_addr.in.s_addr | htobe32(UINT32_C(0xffffffff) >> a->prefixlen);
375
376 finalize:
377 if (ret)
378 *ret = b_addr;
379
380 return in4_addr_is_set(&b_addr);
381 }
382
383 static void address_set_broadcast(Address *a, Link *link) {
384 assert(a);
385 assert_se(address_get_broadcast(a, link, &a->broadcast) >= 0);
386 }
387
388 static void address_set_cinfo(Manager *m, const Address *a, struct ifa_cacheinfo *cinfo) {
389 usec_t now_usec;
390
391 assert(m);
392 assert(a);
393 assert(cinfo);
394
395 assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0);
396
397 *cinfo = (struct ifa_cacheinfo) {
398 .ifa_valid = usec_to_sec(a->lifetime_valid_usec, now_usec),
399 .ifa_prefered = usec_to_sec(a->lifetime_preferred_usec, now_usec),
400 };
401 }
402
403 static void address_set_lifetime(Manager *m, Address *a, const struct ifa_cacheinfo *cinfo) {
404 usec_t now_usec;
405
406 assert(m);
407 assert(a);
408 assert(cinfo);
409
410 assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0);
411
412 a->lifetime_valid_usec = sec_to_usec(cinfo->ifa_valid, now_usec);
413 a->lifetime_preferred_usec = sec_to_usec(cinfo->ifa_prefered, now_usec);
414 }
415
416 static bool address_is_static_null(const Address *address) {
417 assert(address);
418
419 if (!address->network)
420 return false;
421
422 if (!address->requested_as_null)
423 return false;
424
425 assert(!in_addr_is_set(address->family, &address->in_addr));
426 return true;
427 }
428
429 static int address_ipv4_prefix(const Address *a, struct in_addr *ret) {
430 struct in_addr p;
431 int r;
432
433 assert(a);
434 assert(a->family == AF_INET);
435 assert(ret);
436
437 p = in4_addr_is_set(&a->in_addr_peer.in) ? a->in_addr_peer.in : a->in_addr.in;
438 r = in4_addr_mask(&p, a->prefixlen);
439 if (r < 0)
440 return r;
441
442 *ret = p;
443 return 0;
444 }
445
446 static void address_hash_func(const Address *a, struct siphash *state) {
447 assert(a);
448
449 siphash24_compress_typesafe(a->family, state);
450
451 switch (a->family) {
452 case AF_INET: {
453 struct in_addr prefix;
454
455 siphash24_compress_typesafe(a->prefixlen, state);
456
457 assert_se(address_ipv4_prefix(a, &prefix) >= 0);
458 siphash24_compress_typesafe(prefix, state);
459
460 siphash24_compress_typesafe(a->in_addr.in, state);
461 break;
462 }
463 case AF_INET6:
464 siphash24_compress_typesafe(a->in_addr.in6, state);
465
466 if (in6_addr_is_null(&a->in_addr.in6))
467 siphash24_compress_typesafe(a->prefixlen, state);
468 break;
469
470 default:
471 /* treat any other address family as AF_UNSPEC */
472 break;
473 }
474 }
475
476 static int address_compare_func(const Address *a1, const Address *a2) {
477 int r;
478
479 r = CMP(a1->family, a2->family);
480 if (r != 0)
481 return r;
482
483 switch (a1->family) {
484 case AF_INET: {
485 struct in_addr p1, p2;
486
487 /* See kernel's find_matching_ifa() in net/ipv4/devinet.c */
488 r = CMP(a1->prefixlen, a2->prefixlen);
489 if (r != 0)
490 return r;
491
492 assert_se(address_ipv4_prefix(a1, &p1) >= 0);
493 assert_se(address_ipv4_prefix(a2, &p2) >= 0);
494 r = memcmp(&p1, &p2, sizeof(p1));
495 if (r != 0)
496 return r;
497
498 return memcmp(&a1->in_addr.in, &a2->in_addr.in, sizeof(a1->in_addr.in));
499 }
500 case AF_INET6:
501 /* See kernel's ipv6_get_ifaddr() in net/ipv6/addrconf.c */
502 r = memcmp(&a1->in_addr.in6, &a2->in_addr.in6, sizeof(a1->in_addr.in6));
503 if (r != 0)
504 return r;
505
506 /* To distinguish IPv6 null addresses with different prefixlen, e.g. ::48 vs ::64, let's
507 * compare the prefix length. */
508 if (in6_addr_is_null(&a1->in_addr.in6))
509 r = CMP(a1->prefixlen, a2->prefixlen);
510
511 return r;
512
513 default:
514 /* treat any other address family as AF_UNSPEC */
515 return 0;
516 }
517 }
518
519 bool address_can_update(const Address *existing, const Address *requesting) {
520 assert(existing);
521 assert(requesting);
522
523 /*
524 * property | IPv4 | IPv6
525 * -----------------------------------------
526 * family | ✗ | ✗
527 * prefixlen | ✗ | ✗
528 * address | ✗ | ✗
529 * scope | ✗ | -
530 * label | ✗ | -
531 * broadcast | ✗ | -
532 * peer | ✗ | ✓
533 * flags | ✗ | ✓
534 * lifetime | ✓ | ✓
535 * route metric | ✓ | ✓
536 * protocol | ✓ | ✓
537 *
538 * ✗ : cannot be changed
539 * ✓ : can be changed
540 * - : unused
541 *
542 * IPv4 : See inet_rtm_newaddr() in net/ipv4/devinet.c.
543 * IPv6 : See inet6_addr_modify() in net/ipv6/addrconf.c.
544 */
545
546 if (existing->family != requesting->family)
547 return false;
548
549 if (existing->prefixlen != requesting->prefixlen)
550 return false;
551
552 /* When a null address is requested, the address to be assigned/updated will be determined later. */
553 if (!address_is_static_null(requesting) &&
554 in_addr_equal(existing->family, &existing->in_addr, &requesting->in_addr) <= 0)
555 return false;
556
557 switch (existing->family) {
558 case AF_INET: {
559 struct in_addr bcast;
560
561 if (existing->scope != requesting->scope)
562 return false;
563 if (((existing->flags ^ requesting->flags) & KNOWN_FLAGS & ~IPV6ONLY_FLAGS & ~UNMANAGED_FLAGS) != 0)
564 return false;
565 if (!streq_ptr(existing->label, requesting->label))
566 return false;
567 if (!in4_addr_equal(&existing->in_addr_peer.in, &requesting->in_addr_peer.in))
568 return false;
569 if (existing->link && address_get_broadcast(requesting, existing->link, &bcast) >= 0) {
570 /* If the broadcast address can be determined now, check if they match. */
571 if (!in4_addr_equal(&existing->broadcast, &bcast))
572 return false;
573 } else {
574 /* When a null address is requested, then the broadcast address will be
575 * automatically calculated from the acquired address, e.g.
576 * 192.168.0.10/24 -> 192.168.0.255
577 * So, here let's only check if the broadcast is the last address in the range, e.g.
578 * 0.0.0.0/24 -> 0.0.0.255 */
579 if (!FLAGS_SET(existing->broadcast.s_addr, htobe32(UINT32_C(0xffffffff) >> existing->prefixlen)))
580 return false;
581 }
582 break;
583 }
584 case AF_INET6:
585 break;
586
587 default:
588 assert_not_reached();
589 }
590
591 return true;
592 }
593
594 int address_dup(const Address *src, Address **ret) {
595 _cleanup_(address_unrefp) Address *dest = NULL;
596 int r;
597
598 assert(src);
599 assert(ret);
600
601 dest = newdup(Address, src, 1);
602 if (!dest)
603 return -ENOMEM;
604
605 /* clear the reference counter and all pointers */
606 dest->n_ref = 1;
607 dest->network = NULL;
608 dest->section = NULL;
609 dest->link = NULL;
610 dest->label = NULL;
611 dest->netlabel = NULL;
612 dest->nft_set_context.sets = NULL;
613 dest->nft_set_context.n_sets = 0;
614
615 if (src->family == AF_INET) {
616 r = strdup_or_null(src->label, &dest->label);
617 if (r < 0)
618 return r;
619 }
620
621 r = strdup_or_null(src->netlabel, &dest->netlabel);
622 if (r < 0)
623 return r;
624
625 r = nft_set_context_dup(&src->nft_set_context, &dest->nft_set_context);
626 if (r < 0)
627 return r;
628
629 *ret = TAKE_PTR(dest);
630 return 0;
631 }
632
633 static int address_set_masquerade(Address *address, bool add) {
634 union in_addr_union masked;
635 int r;
636
637 assert(address);
638 assert(address->link);
639
640 if (!address->link->network)
641 return 0;
642
643 if (address->family == AF_INET &&
644 !FLAGS_SET(address->link->network->ip_masquerade, ADDRESS_FAMILY_IPV4))
645 return 0;
646
647 if (address->family == AF_INET6 &&
648 !FLAGS_SET(address->link->network->ip_masquerade, ADDRESS_FAMILY_IPV6))
649 return 0;
650
651 if (address->scope >= RT_SCOPE_LINK)
652 return 0;
653
654 if (address->ip_masquerade_done == add)
655 return 0;
656
657 masked = address->in_addr;
658 r = in_addr_mask(address->family, &masked, address->prefixlen);
659 if (r < 0)
660 return r;
661
662 r = fw_add_masquerade(&address->link->manager->fw_ctx, add, address->family, &masked, address->prefixlen);
663 if (r < 0)
664 return r;
665
666 address->ip_masquerade_done = add;
667
668 return 0;
669 }
670
671 static void address_modify_nft_set_context(Address *address, bool add, NFTSetContext *nft_set_context) {
672 int r;
673
674 assert(address);
675 assert(address->link);
676 assert(address->link->manager);
677 assert(nft_set_context);
678
679 if (!address->link->manager->fw_ctx) {
680 r = fw_ctx_new_full(&address->link->manager->fw_ctx, /* init_tables= */ false);
681 if (r < 0)
682 return;
683 }
684
685 FOREACH_ARRAY(nft_set, nft_set_context->sets, nft_set_context->n_sets) {
686 uint32_t ifindex;
687
688 assert(nft_set);
689
690 switch (nft_set->source) {
691 case NFT_SET_SOURCE_ADDRESS:
692 r = nft_set_element_modify_ip(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set,
693 &address->in_addr);
694 break;
695 case NFT_SET_SOURCE_PREFIX:
696 r = nft_set_element_modify_iprange(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set,
697 &address->in_addr, address->prefixlen);
698 break;
699 case NFT_SET_SOURCE_IFINDEX:
700 ifindex = address->link->ifindex;
701 r = nft_set_element_modify_any(address->link->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set,
702 &ifindex, sizeof(ifindex));
703 break;
704 default:
705 assert_not_reached();
706 }
707
708 if (r < 0)
709 log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m",
710 add ? "add" : "delete",
711 nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
712 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
713 else
714 log_debug("%s NFT set: family %s, table %s, set %s, IP address %s",
715 add ? "Added" : "Deleted",
716 nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
717 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
718 }
719 }
720
721 static void address_modify_nft_set(Address *address, bool add) {
722 assert(address);
723 assert(address->link);
724
725 if (!IN_SET(address->family, AF_INET, AF_INET6))
726 return;
727
728 if (!address->link->network)
729 return;
730
731 switch (address->source) {
732 case NETWORK_CONFIG_SOURCE_DHCP4:
733 return address_modify_nft_set_context(address, add, &address->link->network->dhcp_nft_set_context);
734 case NETWORK_CONFIG_SOURCE_DHCP6:
735 return address_modify_nft_set_context(address, add, &address->link->network->dhcp6_nft_set_context);
736 case NETWORK_CONFIG_SOURCE_DHCP_PD:
737 return address_modify_nft_set_context(address, add, &address->link->network->dhcp_pd_nft_set_context);
738 case NETWORK_CONFIG_SOURCE_NDISC:
739 return address_modify_nft_set_context(address, add, &address->link->network->ndisc_nft_set_context);
740 case NETWORK_CONFIG_SOURCE_STATIC:
741 return address_modify_nft_set_context(address, add, &address->nft_set_context);
742 default:
743 return;
744 }
745 }
746
747 static int address_attach(Link *link, Address *address) {
748 int r;
749
750 assert(link);
751 assert(address);
752 assert(!address->link);
753
754 r = set_ensure_put(&link->addresses, &address_hash_ops_detach, address);
755 if (r < 0)
756 return r;
757 if (r == 0)
758 return -EEXIST;
759
760 address->link = link;
761 address_ref(address);
762 return 0;
763 }
764
765 static int address_update(Address *address) {
766 Link *link = ASSERT_PTR(ASSERT_PTR(address)->link);
767 int r;
768
769 if (address_is_ready(address) &&
770 address->family == AF_INET6 &&
771 in6_addr_is_link_local(&address->in_addr.in6) &&
772 in6_addr_is_null(&link->ipv6ll_address)) {
773
774 link->ipv6ll_address = address->in_addr.in6;
775
776 r = link_ipv6ll_gained(link);
777 if (r < 0)
778 return r;
779 }
780
781 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
782 return 0;
783
784 r = address_set_masquerade(address, /* add = */ true);
785 if (r < 0)
786 return log_link_warning_errno(link, r, "Could not enable IP masquerading: %m");
787
788 address_add_netlabel(address);
789
790 address_modify_nft_set(address, /* add = */ true);
791
792 if (address_is_ready(address) && address->callback) {
793 r = address->callback(address);
794 if (r < 0)
795 return r;
796 }
797
798 link_update_operstate(link, /* also_update_master = */ true);
799 link_check_ready(link);
800 return 0;
801 }
802
803 static int address_drop(Address *address) {
804 Link *link = ASSERT_PTR(ASSERT_PTR(address)->link);
805 int r;
806
807 r = address_set_masquerade(address, /* add = */ false);
808 if (r < 0)
809 log_link_warning_errno(link, r, "Failed to disable IP masquerading, ignoring: %m");
810
811 address_modify_nft_set(address, /* add = */ false);
812
813 address_del_netlabel(address);
814
815 /* FIXME: if the IPv6LL address is dropped, stop DHCPv6, NDISC, RADV. */
816 if (address->family == AF_INET6 &&
817 in6_addr_equal(&address->in_addr.in6, &link->ipv6ll_address))
818 link->ipv6ll_address = (const struct in6_addr) {};
819
820 ipv4acd_detach(link, address);
821
822 address_detach(address);
823
824 link_update_operstate(link, /* also_update_master = */ true);
825 link_check_ready(link);
826 return 0;
827 }
828
829 static bool address_match_null(const Address *a, const Address *null_address) {
830 assert(a);
831 assert(null_address);
832
833 if (!a->requested_as_null)
834 return false;
835
836 /* Currently, null address is supported only by static addresses. Note that static
837 * address may be set as foreign during reconfiguring the interface. */
838 if (!IN_SET(a->source, NETWORK_CONFIG_SOURCE_FOREIGN, NETWORK_CONFIG_SOURCE_STATIC))
839 return false;
840
841 if (a->family != null_address->family)
842 return false;
843
844 if (a->prefixlen != null_address->prefixlen)
845 return false;
846
847 return true;
848 }
849
850 static int address_get_request(Link *link, const Address *address, Request **ret) {
851 Request *req;
852
853 assert(link);
854 assert(link->manager);
855 assert(address);
856
857 req = ordered_set_get(
858 link->manager->request_queue,
859 &(Request) {
860 .link = link,
861 .type = REQUEST_TYPE_ADDRESS,
862 .userdata = (void*) address,
863 .hash_func = (hash_func_t) address_hash_func,
864 .compare_func = (compare_func_t) address_compare_func,
865 });
866 if (req) {
867 if (ret)
868 *ret = req;
869 return 0;
870 }
871
872 if (address_is_static_null(address))
873 ORDERED_SET_FOREACH(req, link->manager->request_queue) {
874 if (req->link != link)
875 continue;
876 if (req->type != REQUEST_TYPE_ADDRESS)
877 continue;
878
879 if (!address_match_null(req->userdata, address))
880 continue;
881
882 if (ret)
883 *ret = req;
884
885 return 0;
886 }
887
888 return -ENOENT;
889 }
890
891 int address_get(Link *link, const Address *in, Address **ret) {
892 Address *a;
893
894 assert(link);
895 assert(in);
896
897 a = set_get(link->addresses, in);
898 if (a) {
899 if (ret)
900 *ret = a;
901 return 0;
902 }
903
904 /* Find matching address that originally requested as null address. */
905 if (address_is_static_null(in))
906 SET_FOREACH(a, link->addresses) {
907 if (!address_match_null(a, in))
908 continue;
909
910 if (ret)
911 *ret = a;
912 return 0;
913 }
914
915 return -ENOENT;
916 }
917
918 int address_get_harder(Link *link, const Address *in, Address **ret) {
919 Request *req;
920 int r;
921
922 assert(link);
923 assert(in);
924
925 if (address_get(link, in, ret) >= 0)
926 return 0;
927
928 r = address_get_request(link, in, &req);
929 if (r < 0)
930 return r;
931
932 if (ret)
933 *ret = ASSERT_PTR(req->userdata);
934
935 return 0;
936 }
937
938 int link_get_address(Link *link, int family, const union in_addr_union *address, unsigned char prefixlen, Address **ret) {
939 Address *a;
940 int r;
941
942 assert(link);
943 assert(IN_SET(family, AF_INET, AF_INET6));
944 assert(address);
945
946 /* This find an Address object on the link which matches the given address and prefix length
947 * and does not have peer address. When the prefixlen is zero, then an Address object with an
948 * arbitrary prefixlen will be returned. */
949
950 if (family == AF_INET6 || prefixlen != 0) {
951 _cleanup_(address_unrefp) Address *tmp = NULL;
952
953 /* In this case, we can use address_get(). */
954
955 r = address_new(&tmp);
956 if (r < 0)
957 return r;
958
959 tmp->family = family;
960 tmp->in_addr = *address;
961 tmp->prefixlen = prefixlen;
962
963 r = address_get(link, tmp, &a);
964 if (r < 0)
965 return r;
966
967 if (family == AF_INET6) {
968 /* IPv6 addresses are managed without peer address and prefix length. Hence, we need
969 * to check them explicitly. */
970 if (in_addr_is_set(family, &a->in_addr_peer))
971 return -ENOENT;
972 if (prefixlen != 0 && a->prefixlen != prefixlen)
973 return -ENOENT;
974 }
975
976 if (ret)
977 *ret = a;
978
979 return 0;
980 }
981
982 SET_FOREACH(a, link->addresses) {
983 if (a->family != family)
984 continue;
985
986 if (!in_addr_equal(family, &a->in_addr, address))
987 continue;
988
989 if (in_addr_is_set(family, &a->in_addr_peer))
990 continue;
991
992 if (ret)
993 *ret = a;
994
995 return 0;
996 }
997
998 return -ENOENT;
999 }
1000
1001 int manager_get_address(Manager *manager, int family, const union in_addr_union *address, unsigned char prefixlen, Address **ret) {
1002 Link *link;
1003
1004 assert(manager);
1005 assert(IN_SET(family, AF_INET, AF_INET6));
1006 assert(address);
1007
1008 HASHMAP_FOREACH(link, manager->links_by_index) {
1009 if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED))
1010 continue;
1011
1012 if (link_get_address(link, family, address, prefixlen, ret) >= 0)
1013 return 0;
1014 }
1015
1016 return -ENOENT;
1017 }
1018
1019 bool manager_has_address(Manager *manager, int family, const union in_addr_union *address) {
1020 Address *a;
1021
1022 assert(manager);
1023 assert(IN_SET(family, AF_INET, AF_INET6));
1024 assert(address);
1025
1026 if (manager_get_address(manager, family, address, 0, &a) < 0)
1027 return false;
1028
1029 return address_is_ready(a);
1030 }
1031
1032 const char* format_lifetime(char *buf, size_t l, usec_t lifetime_usec) {
1033 assert(buf);
1034 assert(l > 4);
1035
1036 if (lifetime_usec == USEC_INFINITY)
1037 return "forever";
1038
1039 sprintf(buf, "for ");
1040 /* format_timespan() never fails */
1041 assert_se(format_timespan(buf + 4, l - 4, usec_sub_unsigned(lifetime_usec, now(CLOCK_BOOTTIME)), USEC_PER_SEC));
1042 return buf;
1043 }
1044
1045 static void log_address_debug(const Address *address, const char *str, const Link *link) {
1046 _cleanup_free_ char *state = NULL, *flags_str = NULL, *scope_str = NULL;
1047
1048 assert(address);
1049 assert(str);
1050 assert(link);
1051
1052 if (!DEBUG_LOGGING)
1053 return;
1054
1055 (void) network_config_state_to_string_alloc(address->state, &state);
1056
1057 const char *peer = in_addr_is_set(address->family, &address->in_addr_peer) ?
1058 IN_ADDR_TO_STRING(address->family, &address->in_addr_peer) : NULL;
1059
1060 const char *broadcast = (address->family == AF_INET && in4_addr_is_set(&address->broadcast)) ?
1061 IN4_ADDR_TO_STRING(&address->broadcast) : NULL;
1062
1063 (void) address_flags_to_string_alloc(address->flags, address->family, &flags_str);
1064 (void) route_scope_to_string_alloc(address->scope, &scope_str);
1065
1066 log_link_debug(link, "%s %s address (%s): %s%s%s/%u%s%s (valid %s, preferred %s), flags: %s, scope: %s%s%s",
1067 str, strna(network_config_source_to_string(address->source)), strna(state),
1068 IN_ADDR_TO_STRING(address->family, &address->in_addr),
1069 peer ? " peer " : "", strempty(peer), address->prefixlen,
1070 broadcast ? " broadcast " : "", strempty(broadcast),
1071 FORMAT_LIFETIME(address->lifetime_valid_usec),
1072 FORMAT_LIFETIME(address->lifetime_preferred_usec),
1073 strna(flags_str), strna(scope_str),
1074 address->family == AF_INET ? ", label: " : "",
1075 address->family == AF_INET ? strna(address->label) : "");
1076 }
1077
1078 static int address_set_netlink_message(const Address *address, sd_netlink_message *m, Link *link) {
1079 uint32_t flags;
1080 int r;
1081
1082 assert(address);
1083 assert(m);
1084 assert(link);
1085
1086 r = sd_rtnl_message_addr_set_prefixlen(m, address->prefixlen);
1087 if (r < 0)
1088 return r;
1089
1090 /* On remove, only IFA_F_MANAGETEMPADDR flag for IPv6 addresses are used. But anyway, set all
1091 * flags except tentative flag here unconditionally. Without setting the flag, the template
1092 * addresses generated by kernel will not be removed automatically when the main address is
1093 * removed. */
1094 flags = address->flags & ~IFA_F_TENTATIVE;
1095 r = sd_rtnl_message_addr_set_flags(m, flags & 0xff);
1096 if (r < 0)
1097 return r;
1098
1099 if ((flags & ~0xff) != 0) {
1100 r = sd_netlink_message_append_u32(m, IFA_FLAGS, flags);
1101 if (r < 0)
1102 return r;
1103 }
1104
1105 r = netlink_message_append_in_addr_union(m, IFA_LOCAL, address->family, &address->in_addr);
1106 if (r < 0)
1107 return r;
1108
1109 return 0;
1110 }
1111
1112 static int address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, RemoveRequest *rreq) {
1113 int r;
1114
1115 assert(m);
1116 assert(rreq);
1117
1118 Link *link = ASSERT_PTR(rreq->link);
1119 Address *address = ASSERT_PTR(rreq->userdata);
1120
1121 if (link->state == LINK_STATE_LINGER)
1122 return 0;
1123
1124 r = sd_netlink_message_get_errno(m);
1125 if (r < 0) {
1126 log_link_message_full_errno(link, m,
1127 (r == -EADDRNOTAVAIL || !address->link) ? LOG_DEBUG : LOG_WARNING,
1128 r, "Could not drop address");
1129
1130 if (address->link) {
1131 /* If the address cannot be removed, then assume the address is already removed. */
1132 log_address_debug(address, "Forgetting", link);
1133
1134 Request *req;
1135 if (address_get_request(link, address, &req) >= 0)
1136 address_enter_removed(req->userdata);
1137
1138 (void) address_drop(address);
1139 }
1140 }
1141
1142 return 1;
1143 }
1144
1145 int address_remove(Address *address, Link *link) {
1146 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
1147 int r;
1148
1149 assert(address);
1150 assert(IN_SET(address->family, AF_INET, AF_INET6));
1151 assert(link);
1152 assert(link->ifindex > 0);
1153 assert(link->manager);
1154 assert(link->manager->rtnl);
1155
1156 /* If the address is remembered, use the remembered object. */
1157 (void) address_get(link, address, &address);
1158
1159 log_address_debug(address, "Removing", link);
1160
1161 r = sd_rtnl_message_new_addr(link->manager->rtnl, &m, RTM_DELADDR,
1162 link->ifindex, address->family);
1163 if (r < 0)
1164 return log_link_warning_errno(link, r, "Could not allocate RTM_DELADDR message: %m");
1165
1166 r = address_set_netlink_message(address, m, link);
1167 if (r < 0)
1168 return log_link_warning_errno(link, r, "Could not set netlink attributes: %m");
1169
1170 r = link_remove_request_add(link, address, address, link->manager->rtnl, m, address_remove_handler);
1171 if (r < 0)
1172 return log_link_warning_errno(link, r, "Could not queue rtnetlink message: %m");
1173
1174 address_enter_removing(address);
1175
1176 /* The operational state is determined by address state and carrier state. Hence, if we remove
1177 * an address, the operational state may be changed. */
1178 link_update_operstate(link, true);
1179 return 0;
1180 }
1181
1182 int address_remove_and_cancel(Address *address, Link *link) {
1183 _cleanup_(request_unrefp) Request *req = NULL;
1184 bool waiting = false;
1185
1186 assert(address);
1187 assert(link);
1188 assert(link->manager);
1189
1190 /* If the address is remembered by the link, then use the remembered object. */
1191 (void) address_get(link, address, &address);
1192
1193 /* Cancel the request for the address. If the request is already called but we have not received the
1194 * notification about the request, then explicitly remove the address. */
1195 if (address_get_request(link, address, &req) >= 0) {
1196 request_ref(req); /* avoid the request freed by request_detach() */
1197 waiting = req->waiting_reply;
1198 request_detach(req);
1199 address_cancel_requesting(address);
1200 }
1201
1202 /* If we know the address will come or already exists, remove it. */
1203 if (waiting || (address->link && address_exists(address)))
1204 return address_remove(address, link);
1205
1206 return 0;
1207 }
1208
1209 bool link_address_is_dynamic(const Link *link, const Address *address) {
1210 Route *route;
1211
1212 assert(link);
1213 assert(link->manager);
1214 assert(address);
1215
1216 if (address->lifetime_preferred_usec != USEC_INFINITY)
1217 return true;
1218
1219 /* Even when the address is leased from a DHCP server, networkd assign the address
1220 * without lifetime when KeepConfiguration=dhcp. So, let's check that we have
1221 * corresponding routes with RTPROT_DHCP. */
1222 SET_FOREACH(route, link->manager->routes) {
1223 if (route->source != NETWORK_CONFIG_SOURCE_FOREIGN)
1224 continue;
1225
1226 /* The route is not assigned yet, or already removed. Ignoring. */
1227 if (!route_exists(route))
1228 continue;
1229
1230 if (route->protocol != RTPROT_DHCP)
1231 continue;
1232
1233 if (route->nexthop.ifindex != link->ifindex)
1234 continue;
1235
1236 if (address->family != route->family)
1237 continue;
1238
1239 if (in_addr_equal(address->family, &address->in_addr, &route->prefsrc))
1240 return true;
1241 }
1242
1243 return false;
1244 }
1245
1246 int link_drop_ipv6ll_addresses(Link *link) {
1247 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
1248 int r;
1249
1250 assert(link);
1251 assert(link->manager);
1252 assert(link->manager->rtnl);
1253
1254 /* IPv6LL address may be in the tentative state, and in that case networkd has not received it.
1255 * So, we need to dump all IPv6 addresses. */
1256
1257 if (link_may_have_ipv6ll(link, /* check_multicast = */ false))
1258 return 0;
1259
1260 r = sd_rtnl_message_new_addr(link->manager->rtnl, &req, RTM_GETADDR, link->ifindex, AF_INET6);
1261 if (r < 0)
1262 return r;
1263
1264 r = sd_netlink_message_set_request_dump(req, true);
1265 if (r < 0)
1266 return r;
1267
1268 r = sd_netlink_call(link->manager->rtnl, req, 0, &reply);
1269 if (r < 0)
1270 return r;
1271
1272 for (sd_netlink_message *addr = reply; addr; addr = sd_netlink_message_next(addr)) {
1273 _cleanup_(address_unrefp) Address *a = NULL;
1274 unsigned char flags, prefixlen;
1275 struct in6_addr address;
1276 int ifindex;
1277
1278 /* NETLINK_GET_STRICT_CHK socket option is supported since kernel 4.20. To support
1279 * older kernels, we need to check ifindex here. */
1280 r = sd_rtnl_message_addr_get_ifindex(addr, &ifindex);
1281 if (r < 0) {
1282 log_link_debug_errno(link, r, "rtnl: received address message without valid ifindex, ignoring: %m");
1283 continue;
1284 } else if (link->ifindex != ifindex)
1285 continue;
1286
1287 r = sd_rtnl_message_addr_get_flags(addr, &flags);
1288 if (r < 0) {
1289 log_link_debug_errno(link, r, "rtnl: received address message without valid flags, ignoring: %m");
1290 continue;
1291 }
1292
1293 r = sd_rtnl_message_addr_get_prefixlen(addr, &prefixlen);
1294 if (r < 0) {
1295 log_link_debug_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m");
1296 continue;
1297 }
1298
1299 if (sd_netlink_message_read_in6_addr(addr, IFA_LOCAL, NULL) >= 0)
1300 /* address with peer, ignoring. */
1301 continue;
1302
1303 r = sd_netlink_message_read_in6_addr(addr, IFA_ADDRESS, &address);
1304 if (r < 0) {
1305 log_link_debug_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1306 continue;
1307 }
1308
1309 if (!in6_addr_is_link_local(&address))
1310 continue;
1311
1312 r = address_new(&a);
1313 if (r < 0)
1314 return -ENOMEM;
1315
1316 a->family = AF_INET6;
1317 a->in_addr.in6 = address;
1318 a->prefixlen = prefixlen;
1319 a->flags = flags;
1320
1321 r = address_remove(a, link);
1322 if (r < 0)
1323 return r;
1324 }
1325
1326 return 0;
1327 }
1328
1329 int link_drop_foreign_addresses(Link *link) {
1330 Address *address;
1331 int r = 0;
1332
1333 assert(link);
1334 assert(link->network);
1335
1336 /* First, mark all addresses. */
1337 SET_FOREACH(address, link->addresses) {
1338 /* We consider IPv6LL addresses to be managed by the kernel, or dropped in link_drop_ipv6ll_addresses() */
1339 if (address->family == AF_INET6 && in6_addr_is_link_local(&address->in_addr.in6))
1340 continue;
1341
1342 /* Do not remove localhost address (127.0.0.1 and ::1) */
1343 if (link->flags & IFF_LOOPBACK && in_addr_is_localhost_one(address->family, &address->in_addr) > 0)
1344 continue;
1345
1346 /* Ignore addresses we configured. */
1347 if (address->source != NETWORK_CONFIG_SOURCE_FOREIGN)
1348 continue;
1349
1350 /* Ignore addresses not assigned yet or already removing. */
1351 if (!address_exists(address))
1352 continue;
1353
1354 /* link_address_is_dynamic() is slightly heavy. Let's call the function only when KeepConfiguration= is set. */
1355 if (IN_SET(link->network->keep_configuration, KEEP_CONFIGURATION_DHCP, KEEP_CONFIGURATION_STATIC) &&
1356 link_address_is_dynamic(link, address) == (link->network->keep_configuration == KEEP_CONFIGURATION_DHCP))
1357 continue;
1358
1359 address_mark(address);
1360 }
1361
1362 /* Then, unmark requested addresses. */
1363 ORDERED_HASHMAP_FOREACH(address, link->network->addresses_by_section) {
1364 Address *existing;
1365
1366 if (address_get(link, address, &existing) < 0)
1367 continue;
1368
1369 if (!address_can_update(existing, address))
1370 continue;
1371
1372 /* Found matching static configuration. Keep the existing address. */
1373 address_unmark(existing);
1374 }
1375
1376 /* Finally, remove all marked addresses. */
1377 SET_FOREACH(address, link->addresses) {
1378 if (!address_is_marked(address))
1379 continue;
1380
1381 RET_GATHER(r, address_remove(address, link));
1382 }
1383
1384 return r;
1385 }
1386
1387 int link_drop_static_addresses(Link *link) {
1388 Address *address;
1389 int r = 0;
1390
1391 assert(link);
1392
1393 SET_FOREACH(address, link->addresses) {
1394 /* Remove only static addresses here. Dynamic addresses will be removed e.g. on lease
1395 * expiration or stopping the DHCP client. */
1396 if (address->source != NETWORK_CONFIG_SOURCE_STATIC)
1397 continue;
1398
1399 /* Ignore addresses not assigned yet or already removing. */
1400 if (!address_exists(address))
1401 continue;
1402
1403 RET_GATHER(r, address_remove(address, link));
1404 }
1405
1406 return r;
1407 }
1408
1409 void link_foreignize_addresses(Link *link) {
1410 Address *address;
1411
1412 assert(link);
1413
1414 SET_FOREACH(address, link->addresses)
1415 address->source = NETWORK_CONFIG_SOURCE_FOREIGN;
1416 }
1417
1418 static int address_acquire(Link *link, const Address *original, Address **ret) {
1419 _cleanup_(address_unrefp) Address *na = NULL;
1420 union in_addr_union in_addr;
1421 int r;
1422
1423 assert(link);
1424 assert(original);
1425 assert(ret);
1426
1427 /* Something useful was configured? just use it */
1428 if (in_addr_is_set(original->family, &original->in_addr))
1429 return address_dup(original, ret);
1430
1431 /* The address is configured to be 0.0.0.0 or [::] by the user?
1432 * Then let's acquire something more useful from the pool. */
1433 r = address_pool_acquire(link->manager, original->family, original->prefixlen, &in_addr);
1434 if (r < 0)
1435 return r;
1436 if (r == 0)
1437 return -EBUSY;
1438
1439 /* Pick first address in range for ourselves. */
1440 if (original->family == AF_INET)
1441 in_addr.in.s_addr = in_addr.in.s_addr | htobe32(1);
1442 else if (original->family == AF_INET6)
1443 in_addr.in6.s6_addr[15] |= 1;
1444
1445 r = address_dup(original, &na);
1446 if (r < 0)
1447 return r;
1448
1449 na->in_addr = in_addr;
1450
1451 *ret = TAKE_PTR(na);
1452 return 0;
1453 }
1454
1455 int address_configure_handler_internal(sd_netlink *rtnl, sd_netlink_message *m, Link *link, const char *error_msg) {
1456 int r;
1457
1458 assert(rtnl);
1459 assert(m);
1460 assert(link);
1461 assert(error_msg);
1462
1463 r = sd_netlink_message_get_errno(m);
1464 if (r < 0 && r != -EEXIST) {
1465 log_link_message_warning_errno(link, m, r, error_msg);
1466 link_enter_failed(link);
1467 return 0;
1468 }
1469
1470 return 1;
1471 }
1472
1473 static int address_configure(const Address *address, const struct ifa_cacheinfo *c, Link *link, Request *req) {
1474 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
1475 int r;
1476
1477 assert(address);
1478 assert(IN_SET(address->family, AF_INET, AF_INET6));
1479 assert(c);
1480 assert(link);
1481 assert(link->ifindex > 0);
1482 assert(link->manager);
1483 assert(link->manager->rtnl);
1484 assert(req);
1485
1486 log_address_debug(address, "Configuring", link);
1487
1488 r = sd_rtnl_message_new_addr_update(link->manager->rtnl, &m, link->ifindex, address->family);
1489 if (r < 0)
1490 return r;
1491
1492 r = address_set_netlink_message(address, m, link);
1493 if (r < 0)
1494 return r;
1495
1496 r = sd_rtnl_message_addr_set_scope(m, address->scope);
1497 if (r < 0)
1498 return r;
1499
1500 if (address->family == AF_INET6 || in_addr_is_set(address->family, &address->in_addr_peer)) {
1501 r = netlink_message_append_in_addr_union(m, IFA_ADDRESS, address->family, &address->in_addr_peer);
1502 if (r < 0)
1503 return r;
1504 } else if (in4_addr_is_set(&address->broadcast)) {
1505 r = sd_netlink_message_append_in_addr(m, IFA_BROADCAST, &address->broadcast);
1506 if (r < 0)
1507 return r;
1508 }
1509
1510 if (address->family == AF_INET && address->label) {
1511 r = sd_netlink_message_append_string(m, IFA_LABEL, address->label);
1512 if (r < 0)
1513 return r;
1514 }
1515
1516 r = sd_netlink_message_append_cache_info(m, IFA_CACHEINFO, c);
1517 if (r < 0)
1518 return r;
1519
1520 r = sd_netlink_message_append_u32(m, IFA_RT_PRIORITY, address->route_metric);
1521 if (r < 0)
1522 return r;
1523
1524 return request_call_netlink_async(link->manager->rtnl, m, req);
1525 }
1526
1527 static bool address_is_ready_to_configure(Link *link, const Address *address) {
1528 assert(link);
1529 assert(address);
1530
1531 if (!link_is_ready_to_configure(link, false))
1532 return false;
1533
1534 if (!ipv4acd_bound(link, address))
1535 return false;
1536
1537 /* Refuse adding more than the limit */
1538 if (set_size(link->addresses) >= ADDRESSES_PER_LINK_MAX)
1539 return false;
1540
1541 return true;
1542 }
1543
1544 static int address_process_request(Request *req, Link *link, Address *address) {
1545 Address *existing;
1546 struct ifa_cacheinfo c;
1547 int r;
1548
1549 assert(req);
1550 assert(link);
1551 assert(address);
1552
1553 if (!address_is_ready_to_configure(link, address))
1554 return 0;
1555
1556 address_set_cinfo(link->manager, address, &c);
1557 if (c.ifa_valid == 0) {
1558 log_link_debug(link, "Refuse to configure %s address %s, as its valid lifetime is zero.",
1559 network_config_source_to_string(address->source),
1560 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
1561
1562 address_cancel_requesting(address);
1563 if (address_get(link, address, &existing) >= 0)
1564 address_cancel_requesting(existing);
1565 return 1;
1566 }
1567
1568 r = address_configure(address, &c, link, req);
1569 if (r < 0)
1570 return log_link_warning_errno(link, r, "Failed to configure address: %m");
1571
1572 address_enter_configuring(address);
1573 if (address_get(link, address, &existing) >= 0)
1574 address_enter_configuring(existing);
1575
1576 return 1;
1577 }
1578
1579 int link_request_address(
1580 Link *link,
1581 const Address *address,
1582 unsigned *message_counter,
1583 address_netlink_handler_t netlink_handler,
1584 Request **ret) {
1585
1586 _cleanup_(address_unrefp) Address *tmp = NULL;
1587 Address *existing = NULL;
1588 int r;
1589
1590 assert(link);
1591 assert(address);
1592 assert(address->source != NETWORK_CONFIG_SOURCE_FOREIGN);
1593
1594 if (address->lifetime_valid_usec == 0)
1595 /* The requested address is outdated. Let's ignore the request. */
1596 return 0;
1597
1598 if (address_get(link, address, &existing) < 0) {
1599 if (address_get_request(link, address, NULL) >= 0)
1600 return 0; /* already requested, skipping. */
1601
1602 r = address_acquire(link, address, &tmp);
1603 if (r < 0)
1604 return log_link_warning_errno(link, r, "Failed to acquire an address from pool: %m");
1605
1606 } else {
1607 r = address_dup(address, &tmp);
1608 if (r < 0)
1609 return log_oom();
1610
1611 /* Copy already assigned address when it is requested as a null address. */
1612 if (address_is_static_null(address))
1613 tmp->in_addr = existing->in_addr;
1614
1615 /* Copy state for logging below. */
1616 tmp->state = existing->state;
1617 }
1618
1619 address_set_broadcast(tmp, link);
1620
1621 r = ipv4acd_configure(link, tmp);
1622 if (r < 0)
1623 return r;
1624
1625 log_address_debug(tmp, "Requesting", link);
1626 r = link_queue_request_safe(link, REQUEST_TYPE_ADDRESS,
1627 tmp,
1628 address_unref,
1629 address_hash_func,
1630 address_compare_func,
1631 address_process_request,
1632 message_counter, netlink_handler, ret);
1633 if (r < 0)
1634 return log_link_warning_errno(link, r, "Failed to request address: %m");
1635 if (r == 0)
1636 return 0;
1637
1638 address_enter_requesting(tmp);
1639 if (existing)
1640 address_enter_requesting(existing);
1641
1642 TAKE_PTR(tmp);
1643 return 1;
1644 }
1645
1646 static int static_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Address *address) {
1647 int r;
1648
1649 assert(link);
1650
1651 r = address_configure_handler_internal(rtnl, m, link, "Failed to set static address");
1652 if (r <= 0)
1653 return r;
1654
1655 if (link->static_address_messages == 0) {
1656 log_link_debug(link, "Addresses set");
1657 link->static_addresses_configured = true;
1658 link_check_ready(link);
1659 }
1660
1661 return 1;
1662 }
1663
1664 int link_request_static_address(Link *link, const Address *address) {
1665 assert(link);
1666 assert(address);
1667 assert(address->source == NETWORK_CONFIG_SOURCE_STATIC);
1668
1669 return link_request_address(link, address, &link->static_address_messages,
1670 static_address_handler, NULL);
1671 }
1672
1673 int link_request_static_addresses(Link *link) {
1674 Address *a;
1675 int r;
1676
1677 assert(link);
1678 assert(link->network);
1679
1680 link->static_addresses_configured = false;
1681
1682 ORDERED_HASHMAP_FOREACH(a, link->network->addresses_by_section) {
1683 r = link_request_static_address(link, a);
1684 if (r < 0)
1685 return r;
1686 }
1687
1688 r = link_request_radv_addresses(link);
1689 if (r < 0)
1690 return r;
1691
1692 if (link->static_address_messages == 0) {
1693 link->static_addresses_configured = true;
1694 link_check_ready(link);
1695 } else {
1696 log_link_debug(link, "Setting addresses");
1697 link_set_state(link, LINK_STATE_CONFIGURING);
1698 }
1699
1700 return 0;
1701 }
1702
1703 int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) {
1704 _cleanup_(address_unrefp) Address *tmp = NULL;
1705 struct ifa_cacheinfo cinfo;
1706 Link *link;
1707 uint16_t type;
1708 Address *address = NULL;
1709 Request *req = NULL;
1710 bool is_new = false, update_dhcp4;
1711 int ifindex, r;
1712
1713 assert(rtnl);
1714 assert(message);
1715 assert(m);
1716
1717 if (sd_netlink_message_is_error(message)) {
1718 r = sd_netlink_message_get_errno(message);
1719 if (r < 0)
1720 log_message_warning_errno(message, r, "rtnl: failed to receive address message, ignoring");
1721
1722 return 0;
1723 }
1724
1725 r = sd_netlink_message_get_type(message, &type);
1726 if (r < 0) {
1727 log_warning_errno(r, "rtnl: could not get message type, ignoring: %m");
1728 return 0;
1729 } else if (!IN_SET(type, RTM_NEWADDR, RTM_DELADDR)) {
1730 log_warning("rtnl: received unexpected message type %u when processing address, ignoring.", type);
1731 return 0;
1732 }
1733
1734 r = sd_rtnl_message_addr_get_ifindex(message, &ifindex);
1735 if (r < 0) {
1736 log_warning_errno(r, "rtnl: could not get ifindex from message, ignoring: %m");
1737 return 0;
1738 } else if (ifindex <= 0) {
1739 log_warning("rtnl: received address message with invalid ifindex %d, ignoring.", ifindex);
1740 return 0;
1741 }
1742
1743 r = link_get_by_index(m, ifindex, &link);
1744 if (r < 0) {
1745 /* when enumerating we might be out of sync, but we will get the address again, so just
1746 * ignore it */
1747 if (!m->enumerating)
1748 log_warning("rtnl: received address for link '%d' we don't know about, ignoring.", ifindex);
1749 return 0;
1750 }
1751
1752 r = address_new(&tmp);
1753 if (r < 0)
1754 return log_oom();
1755
1756 /* First, read minimal information to make address_get() work below. */
1757
1758 r = sd_rtnl_message_addr_get_family(message, &tmp->family);
1759 if (r < 0) {
1760 log_link_warning(link, "rtnl: received address message without family, ignoring.");
1761 return 0;
1762 } else if (!IN_SET(tmp->family, AF_INET, AF_INET6)) {
1763 log_link_debug(link, "rtnl: received address message with invalid family '%i', ignoring.", tmp->family);
1764 return 0;
1765 }
1766
1767 r = sd_rtnl_message_addr_get_prefixlen(message, &tmp->prefixlen);
1768 if (r < 0) {
1769 log_link_warning_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m");
1770 return 0;
1771 }
1772
1773 switch (tmp->family) {
1774 case AF_INET:
1775 r = sd_netlink_message_read_in_addr(message, IFA_LOCAL, &tmp->in_addr.in);
1776 if (r < 0) {
1777 log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1778 return 0;
1779 }
1780
1781 r = sd_netlink_message_read_in_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in);
1782 if (r < 0 && r != -ENODATA) {
1783 log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m");
1784 return 0;
1785 } else if (r >= 0) {
1786 if (in4_addr_equal(&tmp->in_addr.in, &tmp->in_addr_peer.in))
1787 tmp->in_addr_peer = IN_ADDR_NULL;
1788 }
1789
1790 break;
1791
1792 case AF_INET6:
1793 r = sd_netlink_message_read_in6_addr(message, IFA_LOCAL, &tmp->in_addr.in6);
1794 if (r >= 0) {
1795 /* Have peer address. */
1796 r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in6);
1797 if (r < 0) {
1798 log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m");
1799 return 0;
1800 }
1801 } else if (r == -ENODATA) {
1802 /* Does not have peer address. */
1803 r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr.in6);
1804 if (r < 0) {
1805 log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1806 return 0;
1807 }
1808 } else {
1809 log_link_warning_errno(link, r, "rtnl: could not get local address from address message, ignoring: %m");
1810 return 0;
1811 }
1812
1813 break;
1814
1815 default:
1816 assert_not_reached();
1817 }
1818
1819 update_dhcp4 = tmp->family == AF_INET6;
1820
1821 /* Then, find the managed Address and Request objects corresponding to the received address. */
1822 (void) address_get(link, tmp, &address);
1823 (void) address_get_request(link, tmp, &req);
1824
1825 if (type == RTM_DELADDR) {
1826 if (address) {
1827 address_enter_removed(address);
1828 log_address_debug(address, "Forgetting removed", link);
1829 (void) address_drop(address);
1830 } else
1831 log_address_debug(tmp, "Kernel removed unknown", link);
1832
1833 if (req)
1834 address_enter_removed(req->userdata);
1835
1836 goto finalize;
1837 }
1838
1839 if (!address) {
1840 /* If we did not know the address, then save it. */
1841 r = address_attach(link, tmp);
1842 if (r < 0) {
1843 log_link_warning_errno(link, r, "Failed to save received address %s, ignoring: %m",
1844 IN_ADDR_PREFIX_TO_STRING(tmp->family, &tmp->in_addr, tmp->prefixlen));
1845 return 0;
1846 }
1847 address = tmp;
1848
1849 is_new = true;
1850
1851 } else {
1852 /* Otherwise, update the managed Address object with the netlink notification. */
1853 address->prefixlen = tmp->prefixlen;
1854 address->in_addr_peer = tmp->in_addr_peer;
1855 }
1856
1857 /* Also update information that cannot be obtained through netlink notification. */
1858 if (req && req->waiting_reply) {
1859 Address *a = ASSERT_PTR(req->userdata);
1860
1861 address->source = a->source;
1862 address->provider = a->provider;
1863 (void) free_and_strdup_warn(&address->netlabel, a->netlabel);
1864 nft_set_context_clear(&address->nft_set_context);
1865 (void) nft_set_context_dup(&a->nft_set_context, &address->nft_set_context);
1866 address->requested_as_null = a->requested_as_null;
1867 address->callback = a->callback;
1868 }
1869
1870 /* Then, update miscellaneous info. */
1871 r = sd_rtnl_message_addr_get_scope(message, &address->scope);
1872 if (r < 0)
1873 log_link_debug_errno(link, r, "rtnl: received address message without scope, ignoring: %m");
1874
1875 if (address->family == AF_INET) {
1876 _cleanup_free_ char *label = NULL;
1877
1878 r = sd_netlink_message_read_string_strdup(message, IFA_LABEL, &label);
1879 if (r >= 0) {
1880 if (!streq_ptr(label, link->ifname))
1881 free_and_replace(address->label, label);
1882 } else if (r != -ENODATA)
1883 log_link_debug_errno(link, r, "rtnl: could not get label from address message, ignoring: %m");
1884
1885 r = sd_netlink_message_read_in_addr(message, IFA_BROADCAST, &address->broadcast);
1886 if (r < 0 && r != -ENODATA)
1887 log_link_debug_errno(link, r, "rtnl: could not get broadcast from address message, ignoring: %m");
1888 }
1889
1890 r = sd_netlink_message_read_u32(message, IFA_FLAGS, &address->flags);
1891 if (r == -ENODATA) {
1892 unsigned char flags;
1893
1894 /* For old kernels. */
1895 r = sd_rtnl_message_addr_get_flags(message, &flags);
1896 if (r >= 0)
1897 address->flags = flags;
1898 } else if (r < 0)
1899 log_link_debug_errno(link, r, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m");
1900
1901 r = sd_netlink_message_read_cache_info(message, IFA_CACHEINFO, &cinfo);
1902 if (r >= 0)
1903 address_set_lifetime(m, address, &cinfo);
1904 else if (r != -ENODATA)
1905 log_link_debug_errno(link, r, "rtnl: failed to read IFA_CACHEINFO attribute, ignoring: %m");
1906
1907 r = sd_netlink_message_read_u32(message, IFA_RT_PRIORITY, &address->route_metric);
1908 if (r < 0 && r != -ENODATA)
1909 log_link_debug_errno(link, r, "rtnl: failed to read IFA_RT_PRIORITY attribute, ignoring: %m");
1910
1911 address_enter_configured(address);
1912 if (req)
1913 address_enter_configured(req->userdata);
1914
1915 log_address_debug(address, is_new ? "Received new": "Received updated", link);
1916
1917 /* address_update() logs internally, so we don't need to here. */
1918 r = address_update(address);
1919 if (r < 0)
1920 link_enter_failed(link);
1921
1922 finalize:
1923 if (update_dhcp4) {
1924 r = dhcp4_update_ipv6_connectivity(link);
1925 if (r < 0) {
1926 log_link_warning_errno(link, r, "Failed to notify IPv6 connectivity to DHCPv4 client: %m");
1927 link_enter_failed(link);
1928 }
1929 }
1930
1931 return 1;
1932 }
1933
1934 int config_parse_broadcast(
1935 const char *unit,
1936 const char *filename,
1937 unsigned line,
1938 const char *section,
1939 unsigned section_line,
1940 const char *lvalue,
1941 int ltype,
1942 const char *rvalue,
1943 void *data,
1944 void *userdata) {
1945
1946 Network *network = userdata;
1947 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
1948 union in_addr_union u;
1949 int r;
1950
1951 assert(filename);
1952 assert(section);
1953 assert(lvalue);
1954 assert(rvalue);
1955 assert(data);
1956
1957 r = address_new_static(network, filename, section_line, &n);
1958 if (r == -ENOMEM)
1959 return log_oom();
1960 if (r < 0) {
1961 log_syntax(unit, LOG_WARNING, filename, line, r,
1962 "Failed to allocate new address, ignoring assignment: %m");
1963 return 0;
1964 }
1965
1966 if (isempty(rvalue)) {
1967 /* The broadcast address will be calculated based on Address=, and set if the link is
1968 * not a wireguard interface. Here, we do not check or set n->family. */
1969 n->broadcast = (struct in_addr) {};
1970 n->set_broadcast = -1;
1971 TAKE_PTR(n);
1972 return 0;
1973 }
1974
1975 r = parse_boolean(rvalue);
1976 if (r >= 0) {
1977 /* The broadcast address will be calculated based on Address=. Here, we do not check or
1978 * set n->family. */
1979 n->broadcast = (struct in_addr) {};
1980 n->set_broadcast = r;
1981 TAKE_PTR(n);
1982 return 0;
1983 }
1984
1985 if (n->family == AF_INET6) {
1986 log_syntax(unit, LOG_WARNING, filename, line, 0,
1987 "Broadcast is not valid for IPv6 addresses, ignoring assignment: %s", rvalue);
1988 return 0;
1989 }
1990
1991 r = in_addr_from_string(AF_INET, rvalue, &u);
1992 if (r < 0) {
1993 log_syntax(unit, LOG_WARNING, filename, line, r,
1994 "Broadcast is invalid, ignoring assignment: %s", rvalue);
1995 return 0;
1996 }
1997 if (in4_addr_is_null(&u.in)) {
1998 log_syntax(unit, LOG_WARNING, filename, line, 0,
1999 "Broadcast cannot be ANY address, ignoring assignment: %s", rvalue);
2000 return 0;
2001 }
2002
2003 n->broadcast = u.in;
2004 n->set_broadcast = true;
2005 n->family = AF_INET;
2006 TAKE_PTR(n);
2007
2008 return 0;
2009 }
2010
2011 int config_parse_address(
2012 const char *unit,
2013 const char *filename,
2014 unsigned line,
2015 const char *section,
2016 unsigned section_line,
2017 const char *lvalue,
2018 int ltype,
2019 const char *rvalue,
2020 void *data,
2021 void *userdata) {
2022
2023 Network *network = userdata;
2024 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2025 union in_addr_union buffer;
2026 unsigned char prefixlen;
2027 int r, f;
2028
2029 assert(filename);
2030 assert(section);
2031 assert(lvalue);
2032 assert(rvalue);
2033 assert(data);
2034
2035 if (streq(section, "Network")) {
2036 if (isempty(rvalue)) {
2037 /* If an empty string specified in [Network] section, clear previously assigned addresses. */
2038 network->addresses_by_section = ordered_hashmap_free(network->addresses_by_section);
2039 return 0;
2040 }
2041
2042 /* we are not in an Address section, so use line number instead. */
2043 r = address_new_static(network, filename, line, &n);
2044 } else
2045 r = address_new_static(network, filename, section_line, &n);
2046 if (r == -ENOMEM)
2047 return log_oom();
2048 if (r < 0) {
2049 log_syntax(unit, LOG_WARNING, filename, line, r,
2050 "Failed to allocate new address, ignoring assignment: %m");
2051 return 0;
2052 }
2053
2054 /* Address=address/prefixlen */
2055 r = in_addr_prefix_from_string_auto_internal(rvalue, PREFIXLEN_REFUSE, &f, &buffer, &prefixlen);
2056 if (r == -ENOANO) {
2057 r = in_addr_prefix_from_string_auto(rvalue, &f, &buffer, &prefixlen);
2058 if (r >= 0)
2059 log_syntax(unit, LOG_WARNING, filename, line, r,
2060 "Address '%s' is specified without prefix length. Assuming the prefix length is %u. "
2061 "Please specify the prefix length explicitly.", rvalue, prefixlen);
2062 }
2063 if (r < 0) {
2064 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid address '%s', ignoring assignment: %m", rvalue);
2065 return 0;
2066 }
2067
2068 if (n->family != AF_UNSPEC && f != n->family) {
2069 log_syntax(unit, LOG_WARNING, filename, line, 0, "Address is incompatible, ignoring assignment: %s", rvalue);
2070 return 0;
2071 }
2072
2073 if (in_addr_is_null(f, &buffer)) {
2074 /* Will use address from address pool. Note that for ipv6 case, prefix of the address
2075 * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So,
2076 * let's limit the prefix length to 64 or larger. See RFC4193. */
2077 if ((f == AF_INET && prefixlen < 8) ||
2078 (f == AF_INET6 && prefixlen < 64)) {
2079 log_syntax(unit, LOG_WARNING, filename, line, 0,
2080 "Null address with invalid prefixlen='%u', ignoring assignment: %s",
2081 prefixlen, rvalue);
2082 return 0;
2083 }
2084 }
2085
2086 n->family = f;
2087 n->prefixlen = prefixlen;
2088
2089 if (streq(lvalue, "Address")) {
2090 n->in_addr = buffer;
2091 n->requested_as_null = !in_addr_is_set(n->family, &n->in_addr);
2092 } else
2093 n->in_addr_peer = buffer;
2094
2095 TAKE_PTR(n);
2096 return 0;
2097 }
2098
2099 int config_parse_label(
2100 const char *unit,
2101 const char *filename,
2102 unsigned line,
2103 const char *section,
2104 unsigned section_line,
2105 const char *lvalue,
2106 int ltype,
2107 const char *rvalue,
2108 void *data,
2109 void *userdata) {
2110
2111 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2112 Network *network = userdata;
2113 int r;
2114
2115 assert(filename);
2116 assert(section);
2117 assert(lvalue);
2118 assert(rvalue);
2119 assert(data);
2120
2121 r = address_new_static(network, filename, section_line, &n);
2122 if (r == -ENOMEM)
2123 return log_oom();
2124 if (r < 0) {
2125 log_syntax(unit, LOG_WARNING, filename, line, r,
2126 "Failed to allocate new address, ignoring assignment: %m");
2127 return 0;
2128 }
2129
2130 if (isempty(rvalue)) {
2131 n->label = mfree(n->label);
2132 TAKE_PTR(n);
2133 return 0;
2134 }
2135
2136 if (!address_label_valid(rvalue)) {
2137 log_syntax(unit, LOG_WARNING, filename, line, 0,
2138 "Interface label is too long or invalid, ignoring assignment: %s", rvalue);
2139 return 0;
2140 }
2141
2142 r = free_and_strdup(&n->label, rvalue);
2143 if (r < 0)
2144 return log_oom();
2145
2146 TAKE_PTR(n);
2147 return 0;
2148 }
2149
2150 int config_parse_lifetime(
2151 const char *unit,
2152 const char *filename,
2153 unsigned line,
2154 const char *section,
2155 unsigned section_line,
2156 const char *lvalue,
2157 int ltype,
2158 const char *rvalue,
2159 void *data,
2160 void *userdata) {
2161
2162 Network *network = userdata;
2163 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2164 usec_t k;
2165 int r;
2166
2167 assert(filename);
2168 assert(section);
2169 assert(lvalue);
2170 assert(rvalue);
2171 assert(data);
2172
2173 r = address_new_static(network, filename, section_line, &n);
2174 if (r == -ENOMEM)
2175 return log_oom();
2176 if (r < 0) {
2177 log_syntax(unit, LOG_WARNING, filename, line, r,
2178 "Failed to allocate new address, ignoring assignment: %m");
2179 return 0;
2180 }
2181
2182 /* We accept only "forever", "infinity", empty, or "0". */
2183 if (STR_IN_SET(rvalue, "forever", "infinity", ""))
2184 k = USEC_INFINITY;
2185 else if (streq(rvalue, "0"))
2186 k = 0;
2187 else {
2188 log_syntax(unit, LOG_WARNING, filename, line, 0,
2189 "Invalid PreferredLifetime= value, ignoring: %s", rvalue);
2190 return 0;
2191 }
2192
2193 n->lifetime_preferred_usec = k;
2194 TAKE_PTR(n);
2195
2196 return 0;
2197 }
2198
2199 int config_parse_address_flags(
2200 const char *unit,
2201 const char *filename,
2202 unsigned line,
2203 const char *section,
2204 unsigned section_line,
2205 const char *lvalue,
2206 int ltype,
2207 const char *rvalue,
2208 void *data,
2209 void *userdata) {
2210
2211 Network *network = userdata;
2212 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2213 int r;
2214
2215 assert(filename);
2216 assert(section);
2217 assert(lvalue);
2218 assert(rvalue);
2219 assert(data);
2220
2221 r = address_new_static(network, filename, section_line, &n);
2222 if (r == -ENOMEM)
2223 return log_oom();
2224 if (r < 0) {
2225 log_syntax(unit, LOG_WARNING, filename, line, r,
2226 "Failed to allocate new address, ignoring assignment: %m");
2227 return 0;
2228 }
2229
2230 r = parse_boolean(rvalue);
2231 if (r < 0) {
2232 log_syntax(unit, LOG_WARNING, filename, line, r,
2233 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
2234 return 0;
2235 }
2236
2237 if (streq(lvalue, "AddPrefixRoute"))
2238 r = !r;
2239
2240 SET_FLAG(n->flags, ltype, r);
2241
2242 TAKE_PTR(n);
2243 return 0;
2244 }
2245
2246 int config_parse_address_scope(
2247 const char *unit,
2248 const char *filename,
2249 unsigned line,
2250 const char *section,
2251 unsigned section_line,
2252 const char *lvalue,
2253 int ltype,
2254 const char *rvalue,
2255 void *data,
2256 void *userdata) {
2257
2258 Network *network = userdata;
2259 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2260 int r;
2261
2262 assert(filename);
2263 assert(section);
2264 assert(lvalue);
2265 assert(rvalue);
2266 assert(data);
2267
2268 r = address_new_static(network, filename, section_line, &n);
2269 if (r == -ENOMEM)
2270 return log_oom();
2271 if (r < 0) {
2272 log_syntax(unit, LOG_WARNING, filename, line, r,
2273 "Failed to allocate new address, ignoring assignment: %m");
2274 return 0;
2275 }
2276
2277 r = route_scope_from_string(rvalue);
2278 if (r < 0) {
2279 log_syntax(unit, LOG_WARNING, filename, line, r,
2280 "Could not parse address scope \"%s\", ignoring assignment: %m", rvalue);
2281 return 0;
2282 }
2283
2284 n->scope = r;
2285 n->scope_set = true;
2286 TAKE_PTR(n);
2287 return 0;
2288 }
2289
2290 int config_parse_address_route_metric(
2291 const char *unit,
2292 const char *filename,
2293 unsigned line,
2294 const char *section,
2295 unsigned section_line,
2296 const char *lvalue,
2297 int ltype,
2298 const char *rvalue,
2299 void *data,
2300 void *userdata) {
2301
2302 Network *network = userdata;
2303 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2304 int r;
2305
2306 assert(filename);
2307 assert(section);
2308 assert(lvalue);
2309 assert(rvalue);
2310 assert(data);
2311
2312 r = address_new_static(network, filename, section_line, &n);
2313 if (r == -ENOMEM)
2314 return log_oom();
2315 if (r < 0) {
2316 log_syntax(unit, LOG_WARNING, filename, line, r,
2317 "Failed to allocate new address, ignoring assignment: %m");
2318 return 0;
2319 }
2320
2321 r = safe_atou32(rvalue, &n->route_metric);
2322 if (r < 0) {
2323 log_syntax(unit, LOG_WARNING, filename, line, r,
2324 "Could not parse %s=, ignoring assignment: %s", lvalue, rvalue);
2325 return 0;
2326 }
2327
2328 TAKE_PTR(n);
2329 return 0;
2330 }
2331
2332 int config_parse_duplicate_address_detection(
2333 const char *unit,
2334 const char *filename,
2335 unsigned line,
2336 const char *section,
2337 unsigned section_line,
2338 const char *lvalue,
2339 int ltype,
2340 const char *rvalue,
2341 void *data,
2342 void *userdata) {
2343
2344 Network *network = userdata;
2345 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2346 int r;
2347
2348 assert(filename);
2349 assert(section);
2350 assert(lvalue);
2351 assert(rvalue);
2352 assert(data);
2353
2354 r = address_new_static(network, filename, section_line, &n);
2355 if (r == -ENOMEM)
2356 return log_oom();
2357 if (r < 0) {
2358 log_syntax(unit, LOG_WARNING, filename, line, r,
2359 "Failed to allocate new address, ignoring assignment: %m");
2360 return 0;
2361 }
2362
2363 r = parse_boolean(rvalue);
2364 if (r >= 0) {
2365 log_syntax(unit, LOG_WARNING, filename, line, 0,
2366 "For historical reasons, %s=%s means %s=%s. "
2367 "Please use 'both', 'ipv4', 'ipv6' or 'none' instead.",
2368 lvalue, rvalue, lvalue, r ? "none" : "both");
2369 n->duplicate_address_detection = r ? ADDRESS_FAMILY_NO : ADDRESS_FAMILY_YES;
2370 n = NULL;
2371 return 0;
2372 }
2373
2374 AddressFamily a = duplicate_address_detection_address_family_from_string(rvalue);
2375 if (a < 0) {
2376 log_syntax(unit, LOG_WARNING, filename, line, a,
2377 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
2378 return 0;
2379 }
2380 n->duplicate_address_detection = a;
2381
2382 TAKE_PTR(n);
2383 return 0;
2384 }
2385
2386 int config_parse_address_netlabel(
2387 const char *unit,
2388 const char *filename,
2389 unsigned line,
2390 const char *section,
2391 unsigned section_line,
2392 const char *lvalue,
2393 int ltype,
2394 const char *rvalue,
2395 void *data,
2396 void *userdata) {
2397
2398 Network *network = userdata;
2399 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2400 int r;
2401
2402 assert(filename);
2403 assert(section);
2404 assert(lvalue);
2405 assert(rvalue);
2406 assert(data);
2407 assert(network);
2408
2409 r = address_new_static(network, filename, section_line, &n);
2410 if (r == -ENOMEM)
2411 return log_oom();
2412 if (r < 0) {
2413 log_syntax(unit, LOG_WARNING, filename, line, r,
2414 "Failed to allocate new address, ignoring assignment: %m");
2415 return 0;
2416 }
2417
2418 r = config_parse_string(unit, filename, line, section, section_line,
2419 lvalue, CONFIG_PARSE_STRING_SAFE, rvalue, &n->netlabel, network);
2420 if (r < 0)
2421 return r;
2422
2423 TAKE_PTR(n);
2424 return 0;
2425 }
2426
2427 static void address_section_adjust_broadcast(Address *address) {
2428 assert(address);
2429 assert(address->section);
2430
2431 if (!in4_addr_is_set(&address->broadcast))
2432 return;
2433
2434 if (address->family == AF_INET6)
2435 log_warning("%s: broadcast address is set for an IPv6 address. "
2436 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2437 address->section->filename, address->section->line);
2438 else if (address->prefixlen > 30)
2439 log_warning("%s: broadcast address is set for an IPv4 address with prefix length larger than 30. "
2440 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2441 address->section->filename, address->section->line);
2442 else if (in4_addr_is_set(&address->in_addr_peer.in))
2443 log_warning("%s: broadcast address is set for an IPv4 address with peer address. "
2444 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2445 address->section->filename, address->section->line);
2446 else if (!in4_addr_is_set(&address->in_addr.in))
2447 log_warning("%s: broadcast address is set for an IPv4 address with null address. "
2448 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2449 address->section->filename, address->section->line);
2450 else
2451 /* Otherwise, keep the specified broadcast address. */
2452 return;
2453
2454 address->broadcast.s_addr = 0;
2455 }
2456
2457 int address_section_verify(Address *address) {
2458 if (section_is_invalid(address->section))
2459 return -EINVAL;
2460
2461 if (address->family == AF_UNSPEC) {
2462 assert(address->section);
2463
2464 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
2465 "%s: Address section without Address= field was configured. "
2466 "Ignoring [Address] section from line %u.",
2467 address->section->filename, address->section->line);
2468 }
2469
2470 if (address->family == AF_INET6 && !socket_ipv6_is_supported())
2471 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
2472 "%s: an IPv6 address was configured, but the kernel does not support IPv6. "
2473 "Ignoring [Address] section from line %u.",
2474 address->section->filename, address->section->line);
2475
2476 assert(IN_SET(address->family, AF_INET, AF_INET6));
2477
2478 address_section_adjust_broadcast(address);
2479
2480 if (address->family == AF_INET6 && address->label) {
2481 log_warning("%s: address label is set for IPv6 address in the [Address] section from line %u. "
2482 "Ignoring Label= setting.",
2483 address->section->filename, address->section->line);
2484
2485 address->label = mfree(address->label);
2486 }
2487
2488 if (!address->scope_set) {
2489 if (in_addr_is_localhost(address->family, &address->in_addr) > 0)
2490 address->scope = RT_SCOPE_HOST;
2491 else if (in_addr_is_link_local(address->family, &address->in_addr) > 0)
2492 address->scope = RT_SCOPE_LINK;
2493 }
2494
2495 if (address->duplicate_address_detection < 0) {
2496 if (address->family == AF_INET6)
2497 address->duplicate_address_detection = ADDRESS_FAMILY_IPV6;
2498 else if (in4_addr_is_link_local(&address->in_addr.in))
2499 address->duplicate_address_detection = ADDRESS_FAMILY_IPV4;
2500 else
2501 address->duplicate_address_detection = ADDRESS_FAMILY_NO;
2502 } else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV6 && address->family == AF_INET)
2503 log_warning("%s: DuplicateAddressDetection=ipv6 is specified for IPv4 address, ignoring.",
2504 address->section->filename);
2505 else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV4 && address->family == AF_INET6)
2506 log_warning("%s: DuplicateAddressDetection=ipv4 is specified for IPv6 address, ignoring.",
2507 address->section->filename);
2508
2509 if (address->family == AF_INET6 &&
2510 !FLAGS_SET(address->duplicate_address_detection, ADDRESS_FAMILY_IPV6))
2511 address->flags |= IFA_F_NODAD;
2512
2513 uint32_t filtered_flags = address->family == AF_INET ?
2514 address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS & ~IPV6ONLY_FLAGS :
2515 address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS;
2516 if (address->flags != filtered_flags) {
2517 _cleanup_free_ char *str = NULL;
2518
2519 (void) address_flags_to_string_alloc(address->flags ^ filtered_flags, address->family, &str);
2520 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
2521 "%s: unexpected address flags \"%s\" were configured. "
2522 "Ignoring [Address] section from line %u.",
2523 address->section->filename, strna(str), address->section->line);
2524 }
2525
2526 return 0;
2527 }
2528
2529 int network_drop_invalid_addresses(Network *network) {
2530 _cleanup_set_free_ Set *addresses = NULL;
2531 Address *address;
2532 int r;
2533
2534 assert(network);
2535
2536 ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) {
2537 Address *dup;
2538
2539 if (address_section_verify(address) < 0) {
2540 /* Drop invalid [Address] sections or Address= settings in [Network].
2541 * Note that address_detach() will drop the address from addresses_by_section. */
2542 address_detach(address);
2543 continue;
2544 }
2545
2546 /* Always use the setting specified later. So, remove the previously assigned setting. */
2547 dup = set_remove(addresses, address);
2548 if (dup) {
2549 log_warning("%s: Duplicated address %s is specified at line %u and %u, "
2550 "dropping the address setting specified at line %u.",
2551 dup->section->filename,
2552 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen),
2553 address->section->line,
2554 dup->section->line, dup->section->line);
2555
2556 /* address_detach() will drop the address from addresses_by_section. */
2557 address_detach(dup);
2558 }
2559
2560 /* Use address_hash_ops, instead of address_hash_ops_detach. Otherwise, the Address objects
2561 * will be detached. */
2562 r = set_ensure_put(&addresses, &address_hash_ops, address);
2563 if (r < 0)
2564 return log_oom();
2565 assert(r > 0);
2566 }
2567
2568 r = network_adjust_dhcp_server(network, &addresses);
2569 if (r < 0)
2570 return r;
2571
2572 return 0;
2573 }
2574
2575 int config_parse_address_ip_nft_set(
2576 const char *unit,
2577 const char *filename,
2578 unsigned line,
2579 const char *section,
2580 unsigned section_line,
2581 const char *lvalue,
2582 int ltype,
2583 const char *rvalue,
2584 void *data,
2585 void *userdata) {
2586
2587 Network *network = userdata;
2588 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2589 int r;
2590
2591 assert(filename);
2592 assert(lvalue);
2593 assert(rvalue);
2594 assert(network);
2595
2596 r = address_new_static(network, filename, section_line, &n);
2597 if (r == -ENOMEM)
2598 return log_oom();
2599 if (r < 0) {
2600 log_syntax(unit, LOG_WARNING, filename, line, r,
2601 "Failed to allocate a new address, ignoring assignment: %m");
2602 return 0;
2603 }
2604
2605 r = config_parse_nft_set(unit, filename, line, section, section_line, lvalue, ltype, rvalue, &n->nft_set_context, network);
2606 if (r < 0)
2607 return r;
2608
2609 TAKE_PTR(n);
2610 return 0;
2611 }
Unnamed repository; edit this file 'description' to name the repository.