1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <net/if_arp.h>
6 #include "alloc-util.h"
7 #include "firewall-util.h"
9 #include "memory-util.h"
10 #include "netlink-util.h"
11 #include "networkd-address-pool.h"
12 #include "networkd-address.h"
13 #include "networkd-dhcp-server.h"
14 #include "networkd-ipv4acd.h"
15 #include "networkd-manager.h"
16 #include "networkd-netlabel.h"
17 #include "networkd-network.h"
18 #include "networkd-queue.h"
19 #include "networkd-route-util.h"
20 #include "networkd-route.h"
21 #include "parse-util.h"
22 #include "string-util.h"
26 #define ADDRESSES_PER_LINK_MAX 2048U
27 #define STATIC_ADDRESSES_PER_NETWORK_MAX 1024U
38 IFA_F_MANAGETEMPADDR | \
39 IFA_F_NOPREFIXROUTE | \
43 /* From net/ipv4/devinet.c */
44 #define IPV6ONLY_FLAGS \
50 IFA_F_MANAGETEMPADDR | \
53 /* We do not control the following flags. */
54 #define UNMANAGED_FLAGS \
62 int address_flags_to_string_alloc(uint32_t flags
, int family
, char **ret
) {
63 _cleanup_free_
char *str
= NULL
;
64 static const char* map
[] = {
65 [LOG2U(IFA_F_SECONDARY
)] = "secondary", /* This is also called "temporary" for ipv6. */
66 [LOG2U(IFA_F_NODAD
)] = "nodad",
67 [LOG2U(IFA_F_OPTIMISTIC
)] = "optimistic",
68 [LOG2U(IFA_F_DADFAILED
)] = "dadfailed",
69 [LOG2U(IFA_F_HOMEADDRESS
)] = "home-address",
70 [LOG2U(IFA_F_DEPRECATED
)] = "deprecated",
71 [LOG2U(IFA_F_TENTATIVE
)] = "tentative",
72 [LOG2U(IFA_F_PERMANENT
)] = "permanent",
73 [LOG2U(IFA_F_MANAGETEMPADDR
)] = "manage-temporary-address",
74 [LOG2U(IFA_F_NOPREFIXROUTE
)] = "no-prefixroute",
75 [LOG2U(IFA_F_MCAUTOJOIN
)] = "auto-join",
76 [LOG2U(IFA_F_STABLE_PRIVACY
)] = "stable-privacy",
79 assert(IN_SET(family
, AF_INET
, AF_INET6
));
82 for (size_t i
= 0; i
< ELEMENTSOF(map
); i
++)
83 if (FLAGS_SET(flags
, 1 << i
) && map
[i
])
84 if (!strextend_with_separator(
86 family
== AF_INET6
&& (1 << i
) == IFA_F_SECONDARY
? "temporary" : map
[i
]))
93 static LinkAddressState
address_state_from_scope(uint8_t scope
) {
94 if (scope
< RT_SCOPE_SITE
)
95 /* universally accessible addresses found */
96 return LINK_ADDRESS_STATE_ROUTABLE
;
98 if (scope
< RT_SCOPE_HOST
)
99 /* only link or site local addresses found */
100 return LINK_ADDRESS_STATE_DEGRADED
;
102 /* no useful addresses found */
103 return LINK_ADDRESS_STATE_OFF
;
106 void link_get_address_states(
108 LinkAddressState
*ret_ipv4
,
109 LinkAddressState
*ret_ipv6
,
110 LinkAddressState
*ret_all
) {
112 uint8_t ipv4_scope
= RT_SCOPE_NOWHERE
, ipv6_scope
= RT_SCOPE_NOWHERE
;
117 SET_FOREACH(address
, link
->addresses
) {
118 if (!address_is_ready(address
))
121 if (address
->family
== AF_INET
)
122 ipv4_scope
= MIN(ipv4_scope
, address
->scope
);
124 if (address
->family
== AF_INET6
)
125 ipv6_scope
= MIN(ipv6_scope
, address
->scope
);
129 *ret_ipv4
= address_state_from_scope(ipv4_scope
);
131 *ret_ipv6
= address_state_from_scope(ipv6_scope
);
133 *ret_all
= address_state_from_scope(MIN(ipv4_scope
, ipv6_scope
));
136 static void address_hash_func(const Address
*a
, struct siphash
*state
);
137 static int address_compare_func(const Address
*a1
, const Address
*a2
);
138 static void address_detach(Address
*address
);
140 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
141 address_hash_ops_detach
,
144 address_compare_func
,
151 address_compare_func
);
153 DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
154 address_section_hash_ops
,
156 config_section_hash_func
,
157 config_section_compare_func
,
161 int address_new(Address
**ret
) {
162 _cleanup_(address_unrefp
) Address
*address
= NULL
;
164 address
= new(Address
, 1);
168 *address
= (Address
) {
171 .scope
= RT_SCOPE_UNIVERSE
,
172 .lifetime_valid_usec
= USEC_INFINITY
,
173 .lifetime_preferred_usec
= USEC_INFINITY
,
177 *ret
= TAKE_PTR(address
);
182 int address_new_static(Network
*network
, const char *filename
, unsigned section_line
, Address
**ret
) {
183 _cleanup_(config_section_freep
) ConfigSection
*n
= NULL
;
184 _cleanup_(address_unrefp
) Address
*address
= NULL
;
190 assert(section_line
> 0);
192 r
= config_section_new(filename
, section_line
, &n
);
196 address
= ordered_hashmap_get(network
->addresses_by_section
, n
);
198 *ret
= TAKE_PTR(address
);
202 if (ordered_hashmap_size(network
->addresses_by_section
) >= STATIC_ADDRESSES_PER_NETWORK_MAX
)
205 r
= address_new(&address
);
209 address
->network
= network
;
210 address
->section
= TAKE_PTR(n
);
211 address
->source
= NETWORK_CONFIG_SOURCE_STATIC
;
212 /* This will be adjusted in address_section_verify(). */
213 address
->duplicate_address_detection
= _ADDRESS_FAMILY_INVALID
;
215 r
= ordered_hashmap_ensure_put(&network
->addresses_by_section
, &address_section_hash_ops
, address
->section
, address
);
219 *ret
= TAKE_PTR(address
);
223 static Address
* address_detach_impl(Address
*address
) {
225 assert(!address
->link
|| !address
->network
);
227 if (address
->network
) {
228 assert(address
->section
);
229 ordered_hashmap_remove(address
->network
->addresses_by_section
, address
->section
);
231 if (address
->network
->dhcp_server_address
== address
)
232 address
->network
->dhcp_server_address
= NULL
;
234 address
->network
= NULL
;
239 set_remove(address
->link
->addresses
, address
);
241 address
->link
= NULL
;
248 static void address_detach(Address
*address
) {
251 address_unref(address_detach_impl(address
));
254 static Address
* address_free(Address
*address
) {
258 address_detach_impl(address
);
260 config_section_free(address
->section
);
261 free(address
->label
);
262 free(address
->netlabel
);
263 nft_set_context_clear(&address
->nft_set_context
);
264 return mfree(address
);
267 DEFINE_TRIVIAL_REF_UNREF_FUNC(Address
, address
, address_free
);
269 static bool address_lifetime_is_valid(const Address
*a
) {
273 a
->lifetime_valid_usec
== USEC_INFINITY
||
274 a
->lifetime_valid_usec
> now(CLOCK_BOOTTIME
);
277 bool address_is_ready(const Address
*a
) {
281 if (!ipv4acd_bound(a
->link
, a
))
284 if (FLAGS_SET(a
->flags
, IFA_F_TENTATIVE
))
287 if (FLAGS_SET(a
->state
, NETWORK_CONFIG_STATE_REMOVING
))
290 if (!FLAGS_SET(a
->state
, NETWORK_CONFIG_STATE_CONFIGURED
))
293 return address_lifetime_is_valid(a
);
296 bool link_check_addresses_ready(Link
*link
, NetworkConfigSource source
) {
302 /* Check if all addresses on the interface are ready. If there is no address, this will return false. */
304 SET_FOREACH(a
, link
->addresses
) {
305 if (source
>= 0 && a
->source
!= source
)
307 if (address_is_marked(a
))
309 if (!address_exists(a
))
311 if (!address_is_ready(a
))
319 void link_mark_addresses(Link
*link
, NetworkConfigSource source
) {
324 SET_FOREACH(a
, link
->addresses
) {
325 if (a
->source
!= source
)
332 static int address_get_broadcast(const Address
*a
, Link
*link
, struct in_addr
*ret
) {
333 struct in_addr b_addr
= {};
338 /* Returns 0 when broadcast address is null, 1 when non-null broadcast address, -EAGAIN when the main
339 * address is null. */
341 /* broadcast is only for IPv4. */
342 if (a
->family
!= AF_INET
)
345 /* broadcast address cannot be used when peer address is specified. */
346 if (in4_addr_is_set(&a
->in_addr_peer
.in
))
349 /* A /31 or /32 IPv4 address does not have a broadcast address.
350 * See https://tools.ietf.org/html/rfc3021 */
351 if (a
->prefixlen
> 30)
354 /* If explicitly configured, use the address as is. */
355 if (in4_addr_is_set(&a
->broadcast
)) {
356 b_addr
= a
->broadcast
;
360 /* If explicitly disabled, then return null address. */
361 if (a
->set_broadcast
== 0)
364 /* For wireguard interfaces, broadcast is disabled by default. */
365 if (a
->set_broadcast
< 0 && streq_ptr(link
->kind
, "wireguard"))
368 /* If the main address is null, e.g. Address=0.0.0.0/24, the broadcast address will be automatically
369 * determined after an address is acquired. */
370 if (!in4_addr_is_set(&a
->in_addr
.in
))
373 /* Otherwise, generate a broadcast address from the main address and prefix length. */
374 b_addr
.s_addr
= a
->in_addr
.in
.s_addr
| htobe32(UINT32_C(0xffffffff) >> a
->prefixlen
);
380 return in4_addr_is_set(&b_addr
);
383 static void address_set_broadcast(Address
*a
, Link
*link
) {
385 assert_se(address_get_broadcast(a
, link
, &a
->broadcast
) >= 0);
388 static void address_set_cinfo(Manager
*m
, const Address
*a
, struct ifa_cacheinfo
*cinfo
) {
395 assert_se(sd_event_now(m
->event
, CLOCK_BOOTTIME
, &now_usec
) >= 0);
397 *cinfo
= (struct ifa_cacheinfo
) {
398 .ifa_valid
= usec_to_sec(a
->lifetime_valid_usec
, now_usec
),
399 .ifa_prefered
= usec_to_sec(a
->lifetime_preferred_usec
, now_usec
),
403 static void address_set_lifetime(Manager
*m
, Address
*a
, const struct ifa_cacheinfo
*cinfo
) {
410 assert_se(sd_event_now(m
->event
, CLOCK_BOOTTIME
, &now_usec
) >= 0);
412 a
->lifetime_valid_usec
= sec_to_usec(cinfo
->ifa_valid
, now_usec
);
413 a
->lifetime_preferred_usec
= sec_to_usec(cinfo
->ifa_prefered
, now_usec
);
416 static bool address_is_static_null(const Address
*address
) {
419 if (!address
->network
)
422 if (!address
->requested_as_null
)
425 assert(!in_addr_is_set(address
->family
, &address
->in_addr
));
429 static int address_ipv4_prefix(const Address
*a
, struct in_addr
*ret
) {
434 assert(a
->family
== AF_INET
);
437 p
= in4_addr_is_set(&a
->in_addr_peer
.in
) ? a
->in_addr_peer
.in
: a
->in_addr
.in
;
438 r
= in4_addr_mask(&p
, a
->prefixlen
);
446 static void address_hash_func(const Address
*a
, struct siphash
*state
) {
449 siphash24_compress_typesafe(a
->family
, state
);
453 struct in_addr prefix
;
455 siphash24_compress_typesafe(a
->prefixlen
, state
);
457 assert_se(address_ipv4_prefix(a
, &prefix
) >= 0);
458 siphash24_compress_typesafe(prefix
, state
);
460 siphash24_compress_typesafe(a
->in_addr
.in
, state
);
464 siphash24_compress_typesafe(a
->in_addr
.in6
, state
);
466 if (in6_addr_is_null(&a
->in_addr
.in6
))
467 siphash24_compress_typesafe(a
->prefixlen
, state
);
471 /* treat any other address family as AF_UNSPEC */
476 static int address_compare_func(const Address
*a1
, const Address
*a2
) {
479 r
= CMP(a1
->family
, a2
->family
);
483 switch (a1
->family
) {
485 struct in_addr p1
, p2
;
487 /* See kernel's find_matching_ifa() in net/ipv4/devinet.c */
488 r
= CMP(a1
->prefixlen
, a2
->prefixlen
);
492 assert_se(address_ipv4_prefix(a1
, &p1
) >= 0);
493 assert_se(address_ipv4_prefix(a2
, &p2
) >= 0);
494 r
= memcmp(&p1
, &p2
, sizeof(p1
));
498 return memcmp(&a1
->in_addr
.in
, &a2
->in_addr
.in
, sizeof(a1
->in_addr
.in
));
501 /* See kernel's ipv6_get_ifaddr() in net/ipv6/addrconf.c */
502 r
= memcmp(&a1
->in_addr
.in6
, &a2
->in_addr
.in6
, sizeof(a1
->in_addr
.in6
));
506 /* To distinguish IPv6 null addresses with different prefixlen, e.g. ::48 vs ::64, let's
507 * compare the prefix length. */
508 if (in6_addr_is_null(&a1
->in_addr
.in6
))
509 r
= CMP(a1
->prefixlen
, a2
->prefixlen
);
514 /* treat any other address family as AF_UNSPEC */
519 bool address_can_update(const Address
*existing
, const Address
*requesting
) {
524 * property | IPv4 | IPv6
525 * -----------------------------------------
527 * prefixlen | ✗ | ✗
528 * address | ✗ | ✗
531 * broadcast | ✗ | -
534 * lifetime | ✓ | ✓
535 * route metric | ✓ | ✓
536 * protocol | ✓ | ✓
538 * ✗ : cannot be changed
539 * ✓ : can be changed
542 * IPv4 : See inet_rtm_newaddr() in net/ipv4/devinet.c.
543 * IPv6 : See inet6_addr_modify() in net/ipv6/addrconf.c.
546 if (existing
->family
!= requesting
->family
)
549 if (existing
->prefixlen
!= requesting
->prefixlen
)
552 /* When a null address is requested, the address to be assigned/updated will be determined later. */
553 if (!address_is_static_null(requesting
) &&
554 in_addr_equal(existing
->family
, &existing
->in_addr
, &requesting
->in_addr
) <= 0)
557 switch (existing
->family
) {
559 struct in_addr bcast
;
561 if (existing
->scope
!= requesting
->scope
)
563 if (((existing
->flags
^ requesting
->flags
) & KNOWN_FLAGS
& ~IPV6ONLY_FLAGS
& ~UNMANAGED_FLAGS
) != 0)
565 if (!streq_ptr(existing
->label
, requesting
->label
))
567 if (!in4_addr_equal(&existing
->in_addr_peer
.in
, &requesting
->in_addr_peer
.in
))
569 if (existing
->link
&& address_get_broadcast(requesting
, existing
->link
, &bcast
) >= 0) {
570 /* If the broadcast address can be determined now, check if they match. */
571 if (!in4_addr_equal(&existing
->broadcast
, &bcast
))
574 /* When a null address is requested, then the broadcast address will be
575 * automatically calculated from the acquired address, e.g.
576 * 192.168.0.10/24 -> 192.168.0.255
577 * So, here let's only check if the broadcast is the last address in the range, e.g.
578 * 0.0.0.0/24 -> 0.0.0.255 */
579 if (!FLAGS_SET(existing
->broadcast
.s_addr
, htobe32(UINT32_C(0xffffffff) >> existing
->prefixlen
)))
588 assert_not_reached();
594 int address_dup(const Address
*src
, Address
**ret
) {
595 _cleanup_(address_unrefp
) Address
*dest
= NULL
;
601 dest
= newdup(Address
, src
, 1);
605 /* clear the reference counter and all pointers */
607 dest
->network
= NULL
;
608 dest
->section
= NULL
;
611 dest
->netlabel
= NULL
;
612 dest
->nft_set_context
.sets
= NULL
;
613 dest
->nft_set_context
.n_sets
= 0;
615 if (src
->family
== AF_INET
) {
616 r
= strdup_or_null(src
->label
, &dest
->label
);
621 r
= strdup_or_null(src
->netlabel
, &dest
->netlabel
);
625 r
= nft_set_context_dup(&src
->nft_set_context
, &dest
->nft_set_context
);
629 *ret
= TAKE_PTR(dest
);
633 static int address_set_masquerade(Address
*address
, bool add
) {
634 union in_addr_union masked
;
638 assert(address
->link
);
640 if (!address
->link
->network
)
643 if (address
->family
== AF_INET
&&
644 !FLAGS_SET(address
->link
->network
->ip_masquerade
, ADDRESS_FAMILY_IPV4
))
647 if (address
->family
== AF_INET6
&&
648 !FLAGS_SET(address
->link
->network
->ip_masquerade
, ADDRESS_FAMILY_IPV6
))
651 if (address
->scope
>= RT_SCOPE_LINK
)
654 if (address
->ip_masquerade_done
== add
)
657 masked
= address
->in_addr
;
658 r
= in_addr_mask(address
->family
, &masked
, address
->prefixlen
);
662 r
= fw_add_masquerade(&address
->link
->manager
->fw_ctx
, add
, address
->family
, &masked
, address
->prefixlen
);
666 address
->ip_masquerade_done
= add
;
671 static void address_modify_nft_set_context(Address
*address
, bool add
, NFTSetContext
*nft_set_context
) {
675 assert(address
->link
);
676 assert(address
->link
->manager
);
677 assert(nft_set_context
);
679 if (!address
->link
->manager
->fw_ctx
) {
680 r
= fw_ctx_new_full(&address
->link
->manager
->fw_ctx
, /* init_tables= */ false);
685 FOREACH_ARRAY(nft_set
, nft_set_context
->sets
, nft_set_context
->n_sets
) {
690 switch (nft_set
->source
) {
691 case NFT_SET_SOURCE_ADDRESS
:
692 r
= nft_set_element_modify_ip(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, address
->family
, nft_set
->table
, nft_set
->set
,
695 case NFT_SET_SOURCE_PREFIX
:
696 r
= nft_set_element_modify_iprange(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, address
->family
, nft_set
->table
, nft_set
->set
,
697 &address
->in_addr
, address
->prefixlen
);
699 case NFT_SET_SOURCE_IFINDEX
:
700 ifindex
= address
->link
->ifindex
;
701 r
= nft_set_element_modify_any(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, nft_set
->table
, nft_set
->set
,
702 &ifindex
, sizeof(ifindex
));
705 assert_not_reached();
709 log_warning_errno(r
, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m",
710 add
? "add" : "delete",
711 nfproto_to_string(nft_set
->nfproto
), nft_set
->table
, nft_set
->set
,
712 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
714 log_debug("%s NFT set: family %s, table %s, set %s, IP address %s",
715 add
? "Added" : "Deleted",
716 nfproto_to_string(nft_set
->nfproto
), nft_set
->table
, nft_set
->set
,
717 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
721 static void address_modify_nft_set(Address
*address
, bool add
) {
723 assert(address
->link
);
725 if (!IN_SET(address
->family
, AF_INET
, AF_INET6
))
728 if (!address
->link
->network
)
731 switch (address
->source
) {
732 case NETWORK_CONFIG_SOURCE_DHCP4
:
733 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp_nft_set_context
);
734 case NETWORK_CONFIG_SOURCE_DHCP6
:
735 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp6_nft_set_context
);
736 case NETWORK_CONFIG_SOURCE_DHCP_PD
:
737 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp_pd_nft_set_context
);
738 case NETWORK_CONFIG_SOURCE_NDISC
:
739 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->ndisc_nft_set_context
);
740 case NETWORK_CONFIG_SOURCE_STATIC
:
741 return address_modify_nft_set_context(address
, add
, &address
->nft_set_context
);
747 static int address_attach(Link
*link
, Address
*address
) {
752 assert(!address
->link
);
754 r
= set_ensure_put(&link
->addresses
, &address_hash_ops_detach
, address
);
760 address
->link
= link
;
761 address_ref(address
);
765 static int address_update(Address
*address
) {
766 Link
*link
= ASSERT_PTR(ASSERT_PTR(address
)->link
);
769 if (address_is_ready(address
) &&
770 address
->family
== AF_INET6
&&
771 in6_addr_is_link_local(&address
->in_addr
.in6
) &&
772 in6_addr_is_null(&link
->ipv6ll_address
)) {
774 link
->ipv6ll_address
= address
->in_addr
.in6
;
776 r
= link_ipv6ll_gained(link
);
781 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
784 r
= address_set_masquerade(address
, /* add = */ true);
786 return log_link_warning_errno(link
, r
, "Could not enable IP masquerading: %m");
788 address_add_netlabel(address
);
790 address_modify_nft_set(address
, /* add = */ true);
792 if (address_is_ready(address
) && address
->callback
) {
793 r
= address
->callback(address
);
798 link_update_operstate(link
, /* also_update_master = */ true);
799 link_check_ready(link
);
803 static int address_drop(Address
*address
) {
804 Link
*link
= ASSERT_PTR(ASSERT_PTR(address
)->link
);
807 r
= address_set_masquerade(address
, /* add = */ false);
809 log_link_warning_errno(link
, r
, "Failed to disable IP masquerading, ignoring: %m");
811 address_modify_nft_set(address
, /* add = */ false);
813 address_del_netlabel(address
);
815 /* FIXME: if the IPv6LL address is dropped, stop DHCPv6, NDISC, RADV. */
816 if (address
->family
== AF_INET6
&&
817 in6_addr_equal(&address
->in_addr
.in6
, &link
->ipv6ll_address
))
818 link
->ipv6ll_address
= (const struct in6_addr
) {};
820 ipv4acd_detach(link
, address
);
822 address_detach(address
);
824 link_update_operstate(link
, /* also_update_master = */ true);
825 link_check_ready(link
);
829 static bool address_match_null(const Address
*a
, const Address
*null_address
) {
831 assert(null_address
);
833 if (!a
->requested_as_null
)
836 /* Currently, null address is supported only by static addresses. Note that static
837 * address may be set as foreign during reconfiguring the interface. */
838 if (!IN_SET(a
->source
, NETWORK_CONFIG_SOURCE_FOREIGN
, NETWORK_CONFIG_SOURCE_STATIC
))
841 if (a
->family
!= null_address
->family
)
844 if (a
->prefixlen
!= null_address
->prefixlen
)
850 static int address_get_request(Link
*link
, const Address
*address
, Request
**ret
) {
854 assert(link
->manager
);
857 req
= ordered_set_get(
858 link
->manager
->request_queue
,
861 .type
= REQUEST_TYPE_ADDRESS
,
862 .userdata
= (void*) address
,
863 .hash_func
= (hash_func_t
) address_hash_func
,
864 .compare_func
= (compare_func_t
) address_compare_func
,
872 if (address_is_static_null(address
))
873 ORDERED_SET_FOREACH(req
, link
->manager
->request_queue
) {
874 if (req
->link
!= link
)
876 if (req
->type
!= REQUEST_TYPE_ADDRESS
)
879 if (!address_match_null(req
->userdata
, address
))
891 int address_get(Link
*link
, const Address
*in
, Address
**ret
) {
897 a
= set_get(link
->addresses
, in
);
904 /* Find matching address that originally requested as null address. */
905 if (address_is_static_null(in
))
906 SET_FOREACH(a
, link
->addresses
) {
907 if (!address_match_null(a
, in
))
918 int address_get_harder(Link
*link
, const Address
*in
, Address
**ret
) {
925 if (address_get(link
, in
, ret
) >= 0)
928 r
= address_get_request(link
, in
, &req
);
933 *ret
= ASSERT_PTR(req
->userdata
);
938 int link_get_address(Link
*link
, int family
, const union in_addr_union
*address
, unsigned char prefixlen
, Address
**ret
) {
943 assert(IN_SET(family
, AF_INET
, AF_INET6
));
946 /* This find an Address object on the link which matches the given address and prefix length
947 * and does not have peer address. When the prefixlen is zero, then an Address object with an
948 * arbitrary prefixlen will be returned. */
950 if (family
== AF_INET6
|| prefixlen
!= 0) {
951 _cleanup_(address_unrefp
) Address
*tmp
= NULL
;
953 /* In this case, we can use address_get(). */
955 r
= address_new(&tmp
);
959 tmp
->family
= family
;
960 tmp
->in_addr
= *address
;
961 tmp
->prefixlen
= prefixlen
;
963 r
= address_get(link
, tmp
, &a
);
967 if (family
== AF_INET6
) {
968 /* IPv6 addresses are managed without peer address and prefix length. Hence, we need
969 * to check them explicitly. */
970 if (in_addr_is_set(family
, &a
->in_addr_peer
))
972 if (prefixlen
!= 0 && a
->prefixlen
!= prefixlen
)
982 SET_FOREACH(a
, link
->addresses
) {
983 if (a
->family
!= family
)
986 if (!in_addr_equal(family
, &a
->in_addr
, address
))
989 if (in_addr_is_set(family
, &a
->in_addr_peer
))
1001 int manager_get_address(Manager
*manager
, int family
, const union in_addr_union
*address
, unsigned char prefixlen
, Address
**ret
) {
1005 assert(IN_SET(family
, AF_INET
, AF_INET6
));
1008 HASHMAP_FOREACH(link
, manager
->links_by_index
) {
1009 if (!IN_SET(link
->state
, LINK_STATE_CONFIGURING
, LINK_STATE_CONFIGURED
))
1012 if (link_get_address(link
, family
, address
, prefixlen
, ret
) >= 0)
1019 bool manager_has_address(Manager
*manager
, int family
, const union in_addr_union
*address
) {
1023 assert(IN_SET(family
, AF_INET
, AF_INET6
));
1026 if (manager_get_address(manager
, family
, address
, 0, &a
) < 0)
1029 return address_is_ready(a
);
1032 const char* format_lifetime(char *buf
, size_t l
, usec_t lifetime_usec
) {
1036 if (lifetime_usec
== USEC_INFINITY
)
1039 sprintf(buf
, "for ");
1040 /* format_timespan() never fails */
1041 assert_se(format_timespan(buf
+ 4, l
- 4, usec_sub_unsigned(lifetime_usec
, now(CLOCK_BOOTTIME
)), USEC_PER_SEC
));
1045 static void log_address_debug(const Address
*address
, const char *str
, const Link
*link
) {
1046 _cleanup_free_
char *state
= NULL
, *flags_str
= NULL
, *scope_str
= NULL
;
1055 (void) network_config_state_to_string_alloc(address
->state
, &state
);
1057 const char *peer
= in_addr_is_set(address
->family
, &address
->in_addr_peer
) ?
1058 IN_ADDR_TO_STRING(address
->family
, &address
->in_addr_peer
) : NULL
;
1060 const char *broadcast
= (address
->family
== AF_INET
&& in4_addr_is_set(&address
->broadcast
)) ?
1061 IN4_ADDR_TO_STRING(&address
->broadcast
) : NULL
;
1063 (void) address_flags_to_string_alloc(address
->flags
, address
->family
, &flags_str
);
1064 (void) route_scope_to_string_alloc(address
->scope
, &scope_str
);
1066 log_link_debug(link
, "%s %s address (%s): %s%s%s/%u%s%s (valid %s, preferred %s), flags: %s, scope: %s%s%s",
1067 str
, strna(network_config_source_to_string(address
->source
)), strna(state
),
1068 IN_ADDR_TO_STRING(address
->family
, &address
->in_addr
),
1069 peer
? " peer " : "", strempty(peer
), address
->prefixlen
,
1070 broadcast
? " broadcast " : "", strempty(broadcast
),
1071 FORMAT_LIFETIME(address
->lifetime_valid_usec
),
1072 FORMAT_LIFETIME(address
->lifetime_preferred_usec
),
1073 strna(flags_str
), strna(scope_str
),
1074 address
->family
== AF_INET
? ", label: " : "",
1075 address
->family
== AF_INET
? strna(address
->label
) : "");
1078 static int address_set_netlink_message(const Address
*address
, sd_netlink_message
*m
, Link
*link
) {
1086 r
= sd_rtnl_message_addr_set_prefixlen(m
, address
->prefixlen
);
1090 /* On remove, only IFA_F_MANAGETEMPADDR flag for IPv6 addresses are used. But anyway, set all
1091 * flags except tentative flag here unconditionally. Without setting the flag, the template
1092 * addresses generated by kernel will not be removed automatically when the main address is
1094 flags
= address
->flags
& ~IFA_F_TENTATIVE
;
1095 r
= sd_rtnl_message_addr_set_flags(m
, flags
& 0xff);
1099 if ((flags
& ~0xff) != 0) {
1100 r
= sd_netlink_message_append_u32(m
, IFA_FLAGS
, flags
);
1105 r
= netlink_message_append_in_addr_union(m
, IFA_LOCAL
, address
->family
, &address
->in_addr
);
1112 static int address_remove_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, RemoveRequest
*rreq
) {
1118 Link
*link
= ASSERT_PTR(rreq
->link
);
1119 Address
*address
= ASSERT_PTR(rreq
->userdata
);
1121 if (link
->state
== LINK_STATE_LINGER
)
1124 r
= sd_netlink_message_get_errno(m
);
1126 log_link_message_full_errno(link
, m
,
1127 (r
== -EADDRNOTAVAIL
|| !address
->link
) ? LOG_DEBUG
: LOG_WARNING
,
1128 r
, "Could not drop address");
1130 if (address
->link
) {
1131 /* If the address cannot be removed, then assume the address is already removed. */
1132 log_address_debug(address
, "Forgetting", link
);
1135 if (address_get_request(link
, address
, &req
) >= 0)
1136 address_enter_removed(req
->userdata
);
1138 (void) address_drop(address
);
1145 int address_remove(Address
*address
, Link
*link
) {
1146 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
1150 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
1152 assert(link
->ifindex
> 0);
1153 assert(link
->manager
);
1154 assert(link
->manager
->rtnl
);
1156 /* If the address is remembered, use the remembered object. */
1157 (void) address_get(link
, address
, &address
);
1159 log_address_debug(address
, "Removing", link
);
1161 r
= sd_rtnl_message_new_addr(link
->manager
->rtnl
, &m
, RTM_DELADDR
,
1162 link
->ifindex
, address
->family
);
1164 return log_link_warning_errno(link
, r
, "Could not allocate RTM_DELADDR message: %m");
1166 r
= address_set_netlink_message(address
, m
, link
);
1168 return log_link_warning_errno(link
, r
, "Could not set netlink attributes: %m");
1170 r
= link_remove_request_add(link
, address
, address
, link
->manager
->rtnl
, m
, address_remove_handler
);
1172 return log_link_warning_errno(link
, r
, "Could not queue rtnetlink message: %m");
1174 address_enter_removing(address
);
1176 /* The operational state is determined by address state and carrier state. Hence, if we remove
1177 * an address, the operational state may be changed. */
1178 link_update_operstate(link
, true);
1182 int address_remove_and_cancel(Address
*address
, Link
*link
) {
1183 _cleanup_(request_unrefp
) Request
*req
= NULL
;
1184 bool waiting
= false;
1188 assert(link
->manager
);
1190 /* If the address is remembered by the link, then use the remembered object. */
1191 (void) address_get(link
, address
, &address
);
1193 /* Cancel the request for the address. If the request is already called but we have not received the
1194 * notification about the request, then explicitly remove the address. */
1195 if (address_get_request(link
, address
, &req
) >= 0) {
1196 request_ref(req
); /* avoid the request freed by request_detach() */
1197 waiting
= req
->waiting_reply
;
1198 request_detach(req
);
1199 address_cancel_requesting(address
);
1202 /* If we know the address will come or already exists, remove it. */
1203 if (waiting
|| (address
->link
&& address_exists(address
)))
1204 return address_remove(address
, link
);
1209 bool link_address_is_dynamic(const Link
*link
, const Address
*address
) {
1213 assert(link
->manager
);
1216 if (address
->lifetime_preferred_usec
!= USEC_INFINITY
)
1219 /* Even when the address is leased from a DHCP server, networkd assign the address
1220 * without lifetime when KeepConfiguration=dhcp. So, let's check that we have
1221 * corresponding routes with RTPROT_DHCP. */
1222 SET_FOREACH(route
, link
->manager
->routes
) {
1223 if (route
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
)
1226 /* The route is not assigned yet, or already removed. Ignoring. */
1227 if (!route_exists(route
))
1230 if (route
->protocol
!= RTPROT_DHCP
)
1233 if (route
->nexthop
.ifindex
!= link
->ifindex
)
1236 if (address
->family
!= route
->family
)
1239 if (in_addr_equal(address
->family
, &address
->in_addr
, &route
->prefsrc
))
1246 int link_drop_ipv6ll_addresses(Link
*link
) {
1247 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*req
= NULL
, *reply
= NULL
;
1251 assert(link
->manager
);
1252 assert(link
->manager
->rtnl
);
1254 /* IPv6LL address may be in the tentative state, and in that case networkd has not received it.
1255 * So, we need to dump all IPv6 addresses. */
1257 if (link_may_have_ipv6ll(link
, /* check_multicast = */ false))
1260 r
= sd_rtnl_message_new_addr(link
->manager
->rtnl
, &req
, RTM_GETADDR
, link
->ifindex
, AF_INET6
);
1264 r
= sd_netlink_message_set_request_dump(req
, true);
1268 r
= sd_netlink_call(link
->manager
->rtnl
, req
, 0, &reply
);
1272 for (sd_netlink_message
*addr
= reply
; addr
; addr
= sd_netlink_message_next(addr
)) {
1273 _cleanup_(address_unrefp
) Address
*a
= NULL
;
1274 unsigned char flags
, prefixlen
;
1275 struct in6_addr address
;
1278 /* NETLINK_GET_STRICT_CHK socket option is supported since kernel 4.20. To support
1279 * older kernels, we need to check ifindex here. */
1280 r
= sd_rtnl_message_addr_get_ifindex(addr
, &ifindex
);
1282 log_link_debug_errno(link
, r
, "rtnl: received address message without valid ifindex, ignoring: %m");
1284 } else if (link
->ifindex
!= ifindex
)
1287 r
= sd_rtnl_message_addr_get_flags(addr
, &flags
);
1289 log_link_debug_errno(link
, r
, "rtnl: received address message without valid flags, ignoring: %m");
1293 r
= sd_rtnl_message_addr_get_prefixlen(addr
, &prefixlen
);
1295 log_link_debug_errno(link
, r
, "rtnl: received address message without prefixlen, ignoring: %m");
1299 if (sd_netlink_message_read_in6_addr(addr
, IFA_LOCAL
, NULL
) >= 0)
1300 /* address with peer, ignoring. */
1303 r
= sd_netlink_message_read_in6_addr(addr
, IFA_ADDRESS
, &address
);
1305 log_link_debug_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1309 if (!in6_addr_is_link_local(&address
))
1312 r
= address_new(&a
);
1316 a
->family
= AF_INET6
;
1317 a
->in_addr
.in6
= address
;
1318 a
->prefixlen
= prefixlen
;
1321 r
= address_remove(a
, link
);
1329 int link_drop_foreign_addresses(Link
*link
) {
1334 assert(link
->network
);
1336 /* First, mark all addresses. */
1337 SET_FOREACH(address
, link
->addresses
) {
1338 /* We consider IPv6LL addresses to be managed by the kernel, or dropped in link_drop_ipv6ll_addresses() */
1339 if (address
->family
== AF_INET6
&& in6_addr_is_link_local(&address
->in_addr
.in6
))
1342 /* Do not remove localhost address (127.0.0.1 and ::1) */
1343 if (link
->flags
& IFF_LOOPBACK
&& in_addr_is_localhost_one(address
->family
, &address
->in_addr
) > 0)
1346 /* Ignore addresses we configured. */
1347 if (address
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
)
1350 /* Ignore addresses not assigned yet or already removing. */
1351 if (!address_exists(address
))
1354 /* link_address_is_dynamic() is slightly heavy. Let's call the function only when KeepConfiguration= is set. */
1355 if (IN_SET(link
->network
->keep_configuration
, KEEP_CONFIGURATION_DHCP
, KEEP_CONFIGURATION_STATIC
) &&
1356 link_address_is_dynamic(link
, address
) == (link
->network
->keep_configuration
== KEEP_CONFIGURATION_DHCP
))
1359 address_mark(address
);
1362 /* Then, unmark requested addresses. */
1363 ORDERED_HASHMAP_FOREACH(address
, link
->network
->addresses_by_section
) {
1366 if (address_get(link
, address
, &existing
) < 0)
1369 if (!address_can_update(existing
, address
))
1372 /* Found matching static configuration. Keep the existing address. */
1373 address_unmark(existing
);
1376 /* Finally, remove all marked addresses. */
1377 SET_FOREACH(address
, link
->addresses
) {
1378 if (!address_is_marked(address
))
1381 RET_GATHER(r
, address_remove(address
, link
));
1387 int link_drop_static_addresses(Link
*link
) {
1393 SET_FOREACH(address
, link
->addresses
) {
1394 /* Remove only static addresses here. Dynamic addresses will be removed e.g. on lease
1395 * expiration or stopping the DHCP client. */
1396 if (address
->source
!= NETWORK_CONFIG_SOURCE_STATIC
)
1399 /* Ignore addresses not assigned yet or already removing. */
1400 if (!address_exists(address
))
1403 RET_GATHER(r
, address_remove(address
, link
));
1409 void link_foreignize_addresses(Link
*link
) {
1414 SET_FOREACH(address
, link
->addresses
)
1415 address
->source
= NETWORK_CONFIG_SOURCE_FOREIGN
;
1418 static int address_acquire(Link
*link
, const Address
*original
, Address
**ret
) {
1419 _cleanup_(address_unrefp
) Address
*na
= NULL
;
1420 union in_addr_union in_addr
;
1427 /* Something useful was configured? just use it */
1428 if (in_addr_is_set(original
->family
, &original
->in_addr
))
1429 return address_dup(original
, ret
);
1431 /* The address is configured to be 0.0.0.0 or [::] by the user?
1432 * Then let's acquire something more useful from the pool. */
1433 r
= address_pool_acquire(link
->manager
, original
->family
, original
->prefixlen
, &in_addr
);
1439 /* Pick first address in range for ourselves. */
1440 if (original
->family
== AF_INET
)
1441 in_addr
.in
.s_addr
= in_addr
.in
.s_addr
| htobe32(1);
1442 else if (original
->family
== AF_INET6
)
1443 in_addr
.in6
.s6_addr
[15] |= 1;
1445 r
= address_dup(original
, &na
);
1449 na
->in_addr
= in_addr
;
1451 *ret
= TAKE_PTR(na
);
1455 int address_configure_handler_internal(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
, const char *error_msg
) {
1463 r
= sd_netlink_message_get_errno(m
);
1464 if (r
< 0 && r
!= -EEXIST
) {
1465 log_link_message_warning_errno(link
, m
, r
, error_msg
);
1466 link_enter_failed(link
);
1473 static int address_configure(const Address
*address
, const struct ifa_cacheinfo
*c
, Link
*link
, Request
*req
) {
1474 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
1478 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
1481 assert(link
->ifindex
> 0);
1482 assert(link
->manager
);
1483 assert(link
->manager
->rtnl
);
1486 log_address_debug(address
, "Configuring", link
);
1488 r
= sd_rtnl_message_new_addr_update(link
->manager
->rtnl
, &m
, link
->ifindex
, address
->family
);
1492 r
= address_set_netlink_message(address
, m
, link
);
1496 r
= sd_rtnl_message_addr_set_scope(m
, address
->scope
);
1500 if (address
->family
== AF_INET6
|| in_addr_is_set(address
->family
, &address
->in_addr_peer
)) {
1501 r
= netlink_message_append_in_addr_union(m
, IFA_ADDRESS
, address
->family
, &address
->in_addr_peer
);
1504 } else if (in4_addr_is_set(&address
->broadcast
)) {
1505 r
= sd_netlink_message_append_in_addr(m
, IFA_BROADCAST
, &address
->broadcast
);
1510 if (address
->family
== AF_INET
&& address
->label
) {
1511 r
= sd_netlink_message_append_string(m
, IFA_LABEL
, address
->label
);
1516 r
= sd_netlink_message_append_cache_info(m
, IFA_CACHEINFO
, c
);
1520 r
= sd_netlink_message_append_u32(m
, IFA_RT_PRIORITY
, address
->route_metric
);
1524 return request_call_netlink_async(link
->manager
->rtnl
, m
, req
);
1527 static bool address_is_ready_to_configure(Link
*link
, const Address
*address
) {
1531 if (!link_is_ready_to_configure(link
, false))
1534 if (!ipv4acd_bound(link
, address
))
1537 /* Refuse adding more than the limit */
1538 if (set_size(link
->addresses
) >= ADDRESSES_PER_LINK_MAX
)
1544 static int address_process_request(Request
*req
, Link
*link
, Address
*address
) {
1546 struct ifa_cacheinfo c
;
1553 if (!address_is_ready_to_configure(link
, address
))
1556 address_set_cinfo(link
->manager
, address
, &c
);
1557 if (c
.ifa_valid
== 0) {
1558 log_link_debug(link
, "Refuse to configure %s address %s, as its valid lifetime is zero.",
1559 network_config_source_to_string(address
->source
),
1560 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
1562 address_cancel_requesting(address
);
1563 if (address_get(link
, address
, &existing
) >= 0)
1564 address_cancel_requesting(existing
);
1568 r
= address_configure(address
, &c
, link
, req
);
1570 return log_link_warning_errno(link
, r
, "Failed to configure address: %m");
1572 address_enter_configuring(address
);
1573 if (address_get(link
, address
, &existing
) >= 0)
1574 address_enter_configuring(existing
);
1579 int link_request_address(
1581 const Address
*address
,
1582 unsigned *message_counter
,
1583 address_netlink_handler_t netlink_handler
,
1586 _cleanup_(address_unrefp
) Address
*tmp
= NULL
;
1587 Address
*existing
= NULL
;
1592 assert(address
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
);
1594 if (address
->lifetime_valid_usec
== 0)
1595 /* The requested address is outdated. Let's ignore the request. */
1598 if (address_get(link
, address
, &existing
) < 0) {
1599 if (address_get_request(link
, address
, NULL
) >= 0)
1600 return 0; /* already requested, skipping. */
1602 r
= address_acquire(link
, address
, &tmp
);
1604 return log_link_warning_errno(link
, r
, "Failed to acquire an address from pool: %m");
1607 r
= address_dup(address
, &tmp
);
1611 /* Copy already assigned address when it is requested as a null address. */
1612 if (address_is_static_null(address
))
1613 tmp
->in_addr
= existing
->in_addr
;
1615 /* Copy state for logging below. */
1616 tmp
->state
= existing
->state
;
1619 address_set_broadcast(tmp
, link
);
1621 r
= ipv4acd_configure(link
, tmp
);
1625 log_address_debug(tmp
, "Requesting", link
);
1626 r
= link_queue_request_safe(link
, REQUEST_TYPE_ADDRESS
,
1630 address_compare_func
,
1631 address_process_request
,
1632 message_counter
, netlink_handler
, ret
);
1634 return log_link_warning_errno(link
, r
, "Failed to request address: %m");
1638 address_enter_requesting(tmp
);
1640 address_enter_requesting(existing
);
1646 static int static_address_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Request
*req
, Link
*link
, Address
*address
) {
1651 r
= address_configure_handler_internal(rtnl
, m
, link
, "Failed to set static address");
1655 if (link
->static_address_messages
== 0) {
1656 log_link_debug(link
, "Addresses set");
1657 link
->static_addresses_configured
= true;
1658 link_check_ready(link
);
1664 int link_request_static_address(Link
*link
, const Address
*address
) {
1667 assert(address
->source
== NETWORK_CONFIG_SOURCE_STATIC
);
1669 return link_request_address(link
, address
, &link
->static_address_messages
,
1670 static_address_handler
, NULL
);
1673 int link_request_static_addresses(Link
*link
) {
1678 assert(link
->network
);
1680 link
->static_addresses_configured
= false;
1682 ORDERED_HASHMAP_FOREACH(a
, link
->network
->addresses_by_section
) {
1683 r
= link_request_static_address(link
, a
);
1688 r
= link_request_radv_addresses(link
);
1692 if (link
->static_address_messages
== 0) {
1693 link
->static_addresses_configured
= true;
1694 link_check_ready(link
);
1696 log_link_debug(link
, "Setting addresses");
1697 link_set_state(link
, LINK_STATE_CONFIGURING
);
1703 int manager_rtnl_process_address(sd_netlink
*rtnl
, sd_netlink_message
*message
, Manager
*m
) {
1704 _cleanup_(address_unrefp
) Address
*tmp
= NULL
;
1705 struct ifa_cacheinfo cinfo
;
1708 Address
*address
= NULL
;
1709 Request
*req
= NULL
;
1710 bool is_new
= false, update_dhcp4
;
1717 if (sd_netlink_message_is_error(message
)) {
1718 r
= sd_netlink_message_get_errno(message
);
1720 log_message_warning_errno(message
, r
, "rtnl: failed to receive address message, ignoring");
1725 r
= sd_netlink_message_get_type(message
, &type
);
1727 log_warning_errno(r
, "rtnl: could not get message type, ignoring: %m");
1729 } else if (!IN_SET(type
, RTM_NEWADDR
, RTM_DELADDR
)) {
1730 log_warning("rtnl: received unexpected message type %u when processing address, ignoring.", type
);
1734 r
= sd_rtnl_message_addr_get_ifindex(message
, &ifindex
);
1736 log_warning_errno(r
, "rtnl: could not get ifindex from message, ignoring: %m");
1738 } else if (ifindex
<= 0) {
1739 log_warning("rtnl: received address message with invalid ifindex %d, ignoring.", ifindex
);
1743 r
= link_get_by_index(m
, ifindex
, &link
);
1745 /* when enumerating we might be out of sync, but we will get the address again, so just
1747 if (!m
->enumerating
)
1748 log_warning("rtnl: received address for link '%d' we don't know about, ignoring.", ifindex
);
1752 r
= address_new(&tmp
);
1756 /* First, read minimal information to make address_get() work below. */
1758 r
= sd_rtnl_message_addr_get_family(message
, &tmp
->family
);
1760 log_link_warning(link
, "rtnl: received address message without family, ignoring.");
1762 } else if (!IN_SET(tmp
->family
, AF_INET
, AF_INET6
)) {
1763 log_link_debug(link
, "rtnl: received address message with invalid family '%i', ignoring.", tmp
->family
);
1767 r
= sd_rtnl_message_addr_get_prefixlen(message
, &tmp
->prefixlen
);
1769 log_link_warning_errno(link
, r
, "rtnl: received address message without prefixlen, ignoring: %m");
1773 switch (tmp
->family
) {
1775 r
= sd_netlink_message_read_in_addr(message
, IFA_LOCAL
, &tmp
->in_addr
.in
);
1777 log_link_warning_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1781 r
= sd_netlink_message_read_in_addr(message
, IFA_ADDRESS
, &tmp
->in_addr_peer
.in
);
1782 if (r
< 0 && r
!= -ENODATA
) {
1783 log_link_warning_errno(link
, r
, "rtnl: could not get peer address from address message, ignoring: %m");
1785 } else if (r
>= 0) {
1786 if (in4_addr_equal(&tmp
->in_addr
.in
, &tmp
->in_addr_peer
.in
))
1787 tmp
->in_addr_peer
= IN_ADDR_NULL
;
1793 r
= sd_netlink_message_read_in6_addr(message
, IFA_LOCAL
, &tmp
->in_addr
.in6
);
1795 /* Have peer address. */
1796 r
= sd_netlink_message_read_in6_addr(message
, IFA_ADDRESS
, &tmp
->in_addr_peer
.in6
);
1798 log_link_warning_errno(link
, r
, "rtnl: could not get peer address from address message, ignoring: %m");
1801 } else if (r
== -ENODATA
) {
1802 /* Does not have peer address. */
1803 r
= sd_netlink_message_read_in6_addr(message
, IFA_ADDRESS
, &tmp
->in_addr
.in6
);
1805 log_link_warning_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1809 log_link_warning_errno(link
, r
, "rtnl: could not get local address from address message, ignoring: %m");
1816 assert_not_reached();
1819 update_dhcp4
= tmp
->family
== AF_INET6
;
1821 /* Then, find the managed Address and Request objects corresponding to the received address. */
1822 (void) address_get(link
, tmp
, &address
);
1823 (void) address_get_request(link
, tmp
, &req
);
1825 if (type
== RTM_DELADDR
) {
1827 address_enter_removed(address
);
1828 log_address_debug(address
, "Forgetting removed", link
);
1829 (void) address_drop(address
);
1831 log_address_debug(tmp
, "Kernel removed unknown", link
);
1834 address_enter_removed(req
->userdata
);
1840 /* If we did not know the address, then save it. */
1841 r
= address_attach(link
, tmp
);
1843 log_link_warning_errno(link
, r
, "Failed to save received address %s, ignoring: %m",
1844 IN_ADDR_PREFIX_TO_STRING(tmp
->family
, &tmp
->in_addr
, tmp
->prefixlen
));
1852 /* Otherwise, update the managed Address object with the netlink notification. */
1853 address
->prefixlen
= tmp
->prefixlen
;
1854 address
->in_addr_peer
= tmp
->in_addr_peer
;
1857 /* Also update information that cannot be obtained through netlink notification. */
1858 if (req
&& req
->waiting_reply
) {
1859 Address
*a
= ASSERT_PTR(req
->userdata
);
1861 address
->source
= a
->source
;
1862 address
->provider
= a
->provider
;
1863 (void) free_and_strdup_warn(&address
->netlabel
, a
->netlabel
);
1864 nft_set_context_clear(&address
->nft_set_context
);
1865 (void) nft_set_context_dup(&a
->nft_set_context
, &address
->nft_set_context
);
1866 address
->requested_as_null
= a
->requested_as_null
;
1867 address
->callback
= a
->callback
;
1870 /* Then, update miscellaneous info. */
1871 r
= sd_rtnl_message_addr_get_scope(message
, &address
->scope
);
1873 log_link_debug_errno(link
, r
, "rtnl: received address message without scope, ignoring: %m");
1875 if (address
->family
== AF_INET
) {
1876 _cleanup_free_
char *label
= NULL
;
1878 r
= sd_netlink_message_read_string_strdup(message
, IFA_LABEL
, &label
);
1880 if (!streq_ptr(label
, link
->ifname
))
1881 free_and_replace(address
->label
, label
);
1882 } else if (r
!= -ENODATA
)
1883 log_link_debug_errno(link
, r
, "rtnl: could not get label from address message, ignoring: %m");
1885 r
= sd_netlink_message_read_in_addr(message
, IFA_BROADCAST
, &address
->broadcast
);
1886 if (r
< 0 && r
!= -ENODATA
)
1887 log_link_debug_errno(link
, r
, "rtnl: could not get broadcast from address message, ignoring: %m");
1890 r
= sd_netlink_message_read_u32(message
, IFA_FLAGS
, &address
->flags
);
1891 if (r
== -ENODATA
) {
1892 unsigned char flags
;
1894 /* For old kernels. */
1895 r
= sd_rtnl_message_addr_get_flags(message
, &flags
);
1897 address
->flags
= flags
;
1899 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m");
1901 r
= sd_netlink_message_read_cache_info(message
, IFA_CACHEINFO
, &cinfo
);
1903 address_set_lifetime(m
, address
, &cinfo
);
1904 else if (r
!= -ENODATA
)
1905 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_CACHEINFO attribute, ignoring: %m");
1907 r
= sd_netlink_message_read_u32(message
, IFA_RT_PRIORITY
, &address
->route_metric
);
1908 if (r
< 0 && r
!= -ENODATA
)
1909 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_RT_PRIORITY attribute, ignoring: %m");
1911 address_enter_configured(address
);
1913 address_enter_configured(req
->userdata
);
1915 log_address_debug(address
, is_new
? "Received new": "Received updated", link
);
1917 /* address_update() logs internally, so we don't need to here. */
1918 r
= address_update(address
);
1920 link_enter_failed(link
);
1924 r
= dhcp4_update_ipv6_connectivity(link
);
1926 log_link_warning_errno(link
, r
, "Failed to notify IPv6 connectivity to DHCPv4 client: %m");
1927 link_enter_failed(link
);
1934 int config_parse_broadcast(
1936 const char *filename
,
1938 const char *section
,
1939 unsigned section_line
,
1946 Network
*network
= userdata
;
1947 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
1948 union in_addr_union u
;
1957 r
= address_new_static(network
, filename
, section_line
, &n
);
1961 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1962 "Failed to allocate new address, ignoring assignment: %m");
1966 if (isempty(rvalue
)) {
1967 /* The broadcast address will be calculated based on Address=, and set if the link is
1968 * not a wireguard interface. Here, we do not check or set n->family. */
1969 n
->broadcast
= (struct in_addr
) {};
1970 n
->set_broadcast
= -1;
1975 r
= parse_boolean(rvalue
);
1977 /* The broadcast address will be calculated based on Address=. Here, we do not check or
1979 n
->broadcast
= (struct in_addr
) {};
1980 n
->set_broadcast
= r
;
1985 if (n
->family
== AF_INET6
) {
1986 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1987 "Broadcast is not valid for IPv6 addresses, ignoring assignment: %s", rvalue
);
1991 r
= in_addr_from_string(AF_INET
, rvalue
, &u
);
1993 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1994 "Broadcast is invalid, ignoring assignment: %s", rvalue
);
1997 if (in4_addr_is_null(&u
.in
)) {
1998 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1999 "Broadcast cannot be ANY address, ignoring assignment: %s", rvalue
);
2003 n
->broadcast
= u
.in
;
2004 n
->set_broadcast
= true;
2005 n
->family
= AF_INET
;
2011 int config_parse_address(
2013 const char *filename
,
2015 const char *section
,
2016 unsigned section_line
,
2023 Network
*network
= userdata
;
2024 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2025 union in_addr_union buffer
;
2026 unsigned char prefixlen
;
2035 if (streq(section
, "Network")) {
2036 if (isempty(rvalue
)) {
2037 /* If an empty string specified in [Network] section, clear previously assigned addresses. */
2038 network
->addresses_by_section
= ordered_hashmap_free(network
->addresses_by_section
);
2042 /* we are not in an Address section, so use line number instead. */
2043 r
= address_new_static(network
, filename
, line
, &n
);
2045 r
= address_new_static(network
, filename
, section_line
, &n
);
2049 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2050 "Failed to allocate new address, ignoring assignment: %m");
2054 /* Address=address/prefixlen */
2055 r
= in_addr_prefix_from_string_auto_internal(rvalue
, PREFIXLEN_REFUSE
, &f
, &buffer
, &prefixlen
);
2057 r
= in_addr_prefix_from_string_auto(rvalue
, &f
, &buffer
, &prefixlen
);
2059 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2060 "Address '%s' is specified without prefix length. Assuming the prefix length is %u. "
2061 "Please specify the prefix length explicitly.", rvalue
, prefixlen
);
2064 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid address '%s', ignoring assignment: %m", rvalue
);
2068 if (n
->family
!= AF_UNSPEC
&& f
!= n
->family
) {
2069 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Address is incompatible, ignoring assignment: %s", rvalue
);
2073 if (in_addr_is_null(f
, &buffer
)) {
2074 /* Will use address from address pool. Note that for ipv6 case, prefix of the address
2075 * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So,
2076 * let's limit the prefix length to 64 or larger. See RFC4193. */
2077 if ((f
== AF_INET
&& prefixlen
< 8) ||
2078 (f
== AF_INET6
&& prefixlen
< 64)) {
2079 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2080 "Null address with invalid prefixlen='%u', ignoring assignment: %s",
2087 n
->prefixlen
= prefixlen
;
2089 if (streq(lvalue
, "Address")) {
2090 n
->in_addr
= buffer
;
2091 n
->requested_as_null
= !in_addr_is_set(n
->family
, &n
->in_addr
);
2093 n
->in_addr_peer
= buffer
;
2099 int config_parse_label(
2101 const char *filename
,
2103 const char *section
,
2104 unsigned section_line
,
2111 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2112 Network
*network
= userdata
;
2121 r
= address_new_static(network
, filename
, section_line
, &n
);
2125 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2126 "Failed to allocate new address, ignoring assignment: %m");
2130 if (isempty(rvalue
)) {
2131 n
->label
= mfree(n
->label
);
2136 if (!address_label_valid(rvalue
)) {
2137 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2138 "Interface label is too long or invalid, ignoring assignment: %s", rvalue
);
2142 r
= free_and_strdup(&n
->label
, rvalue
);
2150 int config_parse_lifetime(
2152 const char *filename
,
2154 const char *section
,
2155 unsigned section_line
,
2162 Network
*network
= userdata
;
2163 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2173 r
= address_new_static(network
, filename
, section_line
, &n
);
2177 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2178 "Failed to allocate new address, ignoring assignment: %m");
2182 /* We accept only "forever", "infinity", empty, or "0". */
2183 if (STR_IN_SET(rvalue
, "forever", "infinity", ""))
2185 else if (streq(rvalue
, "0"))
2188 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2189 "Invalid PreferredLifetime= value, ignoring: %s", rvalue
);
2193 n
->lifetime_preferred_usec
= k
;
2199 int config_parse_address_flags(
2201 const char *filename
,
2203 const char *section
,
2204 unsigned section_line
,
2211 Network
*network
= userdata
;
2212 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2221 r
= address_new_static(network
, filename
, section_line
, &n
);
2225 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2226 "Failed to allocate new address, ignoring assignment: %m");
2230 r
= parse_boolean(rvalue
);
2232 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2233 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
2237 if (streq(lvalue
, "AddPrefixRoute"))
2240 SET_FLAG(n
->flags
, ltype
, r
);
2246 int config_parse_address_scope(
2248 const char *filename
,
2250 const char *section
,
2251 unsigned section_line
,
2258 Network
*network
= userdata
;
2259 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2268 r
= address_new_static(network
, filename
, section_line
, &n
);
2272 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2273 "Failed to allocate new address, ignoring assignment: %m");
2277 r
= route_scope_from_string(rvalue
);
2279 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2280 "Could not parse address scope \"%s\", ignoring assignment: %m", rvalue
);
2285 n
->scope_set
= true;
2290 int config_parse_address_route_metric(
2292 const char *filename
,
2294 const char *section
,
2295 unsigned section_line
,
2302 Network
*network
= userdata
;
2303 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2312 r
= address_new_static(network
, filename
, section_line
, &n
);
2316 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2317 "Failed to allocate new address, ignoring assignment: %m");
2321 r
= safe_atou32(rvalue
, &n
->route_metric
);
2323 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2324 "Could not parse %s=, ignoring assignment: %s", lvalue
, rvalue
);
2332 int config_parse_duplicate_address_detection(
2334 const char *filename
,
2336 const char *section
,
2337 unsigned section_line
,
2344 Network
*network
= userdata
;
2345 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2354 r
= address_new_static(network
, filename
, section_line
, &n
);
2358 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2359 "Failed to allocate new address, ignoring assignment: %m");
2363 r
= parse_boolean(rvalue
);
2365 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2366 "For historical reasons, %s=%s means %s=%s. "
2367 "Please use 'both', 'ipv4', 'ipv6' or 'none' instead.",
2368 lvalue
, rvalue
, lvalue
, r
? "none" : "both");
2369 n
->duplicate_address_detection
= r
? ADDRESS_FAMILY_NO
: ADDRESS_FAMILY_YES
;
2374 AddressFamily a
= duplicate_address_detection_address_family_from_string(rvalue
);
2376 log_syntax(unit
, LOG_WARNING
, filename
, line
, a
,
2377 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
2380 n
->duplicate_address_detection
= a
;
2386 int config_parse_address_netlabel(
2388 const char *filename
,
2390 const char *section
,
2391 unsigned section_line
,
2398 Network
*network
= userdata
;
2399 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2409 r
= address_new_static(network
, filename
, section_line
, &n
);
2413 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2414 "Failed to allocate new address, ignoring assignment: %m");
2418 r
= config_parse_string(unit
, filename
, line
, section
, section_line
,
2419 lvalue
, CONFIG_PARSE_STRING_SAFE
, rvalue
, &n
->netlabel
, network
);
2427 static void address_section_adjust_broadcast(Address
*address
) {
2429 assert(address
->section
);
2431 if (!in4_addr_is_set(&address
->broadcast
))
2434 if (address
->family
== AF_INET6
)
2435 log_warning("%s: broadcast address is set for an IPv6 address. "
2436 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2437 address
->section
->filename
, address
->section
->line
);
2438 else if (address
->prefixlen
> 30)
2439 log_warning("%s: broadcast address is set for an IPv4 address with prefix length larger than 30. "
2440 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2441 address
->section
->filename
, address
->section
->line
);
2442 else if (in4_addr_is_set(&address
->in_addr_peer
.in
))
2443 log_warning("%s: broadcast address is set for an IPv4 address with peer address. "
2444 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2445 address
->section
->filename
, address
->section
->line
);
2446 else if (!in4_addr_is_set(&address
->in_addr
.in
))
2447 log_warning("%s: broadcast address is set for an IPv4 address with null address. "
2448 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2449 address
->section
->filename
, address
->section
->line
);
2451 /* Otherwise, keep the specified broadcast address. */
2454 address
->broadcast
.s_addr
= 0;
2457 int address_section_verify(Address
*address
) {
2458 if (section_is_invalid(address
->section
))
2461 if (address
->family
== AF_UNSPEC
) {
2462 assert(address
->section
);
2464 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2465 "%s: Address section without Address= field was configured. "
2466 "Ignoring [Address] section from line %u.",
2467 address
->section
->filename
, address
->section
->line
);
2470 if (address
->family
== AF_INET6
&& !socket_ipv6_is_supported())
2471 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2472 "%s: an IPv6 address was configured, but the kernel does not support IPv6. "
2473 "Ignoring [Address] section from line %u.",
2474 address
->section
->filename
, address
->section
->line
);
2476 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
2478 address_section_adjust_broadcast(address
);
2480 if (address
->family
== AF_INET6
&& address
->label
) {
2481 log_warning("%s: address label is set for IPv6 address in the [Address] section from line %u. "
2482 "Ignoring Label= setting.",
2483 address
->section
->filename
, address
->section
->line
);
2485 address
->label
= mfree(address
->label
);
2488 if (!address
->scope_set
) {
2489 if (in_addr_is_localhost(address
->family
, &address
->in_addr
) > 0)
2490 address
->scope
= RT_SCOPE_HOST
;
2491 else if (in_addr_is_link_local(address
->family
, &address
->in_addr
) > 0)
2492 address
->scope
= RT_SCOPE_LINK
;
2495 if (address
->duplicate_address_detection
< 0) {
2496 if (address
->family
== AF_INET6
)
2497 address
->duplicate_address_detection
= ADDRESS_FAMILY_IPV6
;
2498 else if (in4_addr_is_link_local(&address
->in_addr
.in
))
2499 address
->duplicate_address_detection
= ADDRESS_FAMILY_IPV4
;
2501 address
->duplicate_address_detection
= ADDRESS_FAMILY_NO
;
2502 } else if (address
->duplicate_address_detection
== ADDRESS_FAMILY_IPV6
&& address
->family
== AF_INET
)
2503 log_warning("%s: DuplicateAddressDetection=ipv6 is specified for IPv4 address, ignoring.",
2504 address
->section
->filename
);
2505 else if (address
->duplicate_address_detection
== ADDRESS_FAMILY_IPV4
&& address
->family
== AF_INET6
)
2506 log_warning("%s: DuplicateAddressDetection=ipv4 is specified for IPv6 address, ignoring.",
2507 address
->section
->filename
);
2509 if (address
->family
== AF_INET6
&&
2510 !FLAGS_SET(address
->duplicate_address_detection
, ADDRESS_FAMILY_IPV6
))
2511 address
->flags
|= IFA_F_NODAD
;
2513 uint32_t filtered_flags
= address
->family
== AF_INET
?
2514 address
->flags
& KNOWN_FLAGS
& ~UNMANAGED_FLAGS
& ~IPV6ONLY_FLAGS
:
2515 address
->flags
& KNOWN_FLAGS
& ~UNMANAGED_FLAGS
;
2516 if (address
->flags
!= filtered_flags
) {
2517 _cleanup_free_
char *str
= NULL
;
2519 (void) address_flags_to_string_alloc(address
->flags
^ filtered_flags
, address
->family
, &str
);
2520 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2521 "%s: unexpected address flags \"%s\" were configured. "
2522 "Ignoring [Address] section from line %u.",
2523 address
->section
->filename
, strna(str
), address
->section
->line
);
2529 int network_drop_invalid_addresses(Network
*network
) {
2530 _cleanup_set_free_ Set
*addresses
= NULL
;
2536 ORDERED_HASHMAP_FOREACH(address
, network
->addresses_by_section
) {
2539 if (address_section_verify(address
) < 0) {
2540 /* Drop invalid [Address] sections or Address= settings in [Network].
2541 * Note that address_detach() will drop the address from addresses_by_section. */
2542 address_detach(address
);
2546 /* Always use the setting specified later. So, remove the previously assigned setting. */
2547 dup
= set_remove(addresses
, address
);
2549 log_warning("%s: Duplicated address %s is specified at line %u and %u, "
2550 "dropping the address setting specified at line %u.",
2551 dup
->section
->filename
,
2552 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
),
2553 address
->section
->line
,
2554 dup
->section
->line
, dup
->section
->line
);
2556 /* address_detach() will drop the address from addresses_by_section. */
2557 address_detach(dup
);
2560 /* Use address_hash_ops, instead of address_hash_ops_detach. Otherwise, the Address objects
2561 * will be detached. */
2562 r
= set_ensure_put(&addresses
, &address_hash_ops
, address
);
2568 r
= network_adjust_dhcp_server(network
, &addresses
);
2575 int config_parse_address_ip_nft_set(
2577 const char *filename
,
2579 const char *section
,
2580 unsigned section_line
,
2587 Network
*network
= userdata
;
2588 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2596 r
= address_new_static(network
, filename
, section_line
, &n
);
2600 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2601 "Failed to allocate a new address, ignoring assignment: %m");
2605 r
= config_parse_nft_set(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, &n
->nft_set_context
, network
);