]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/network/networkd-address.c
projects / thirdparty / systemd.git / blob
? search:


848e9e1b8cf4896c8dee2b3c479f470a7ef11269
[thirdparty/systemd.git] / src / network / networkd-address.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <net/if.h>
4 #include <net/if_arp.h>
5
6 #include "alloc-util.h"
7 #include "firewall-util.h"
8 #include "logarithm.h"
9 #include "memory-util.h"
10 #include "netlink-util.h"
11 #include "networkd-address-pool.h"
12 #include "networkd-address.h"
13 #include "networkd-dhcp-server.h"
14 #include "networkd-ipv4acd.h"
15 #include "networkd-manager.h"
16 #include "networkd-netlabel.h"
17 #include "networkd-network.h"
18 #include "networkd-queue.h"
19 #include "networkd-route-util.h"
20 #include "networkd-route.h"
21 #include "parse-util.h"
22 #include "string-util.h"
23 #include "strv.h"
24 #include "strxcpyx.h"
25
26 #define ADDRESSES_PER_LINK_MAX 2048U
27 #define STATIC_ADDRESSES_PER_NETWORK_MAX 1024U
28
29 #define KNOWN_FLAGS \
30 (IFA_F_SECONDARY | \
31 IFA_F_NODAD | \
32 IFA_F_OPTIMISTIC | \
33 IFA_F_DADFAILED | \
34 IFA_F_HOMEADDRESS | \
35 IFA_F_DEPRECATED | \
36 IFA_F_TENTATIVE | \
37 IFA_F_PERMANENT | \
38 IFA_F_MANAGETEMPADDR | \
39 IFA_F_NOPREFIXROUTE | \
40 IFA_F_MCAUTOJOIN | \
41 IFA_F_STABLE_PRIVACY)
42
43 /* From net/ipv4/devinet.c */
44 #define IPV6ONLY_FLAGS \
45 (IFA_F_NODAD | \
46 IFA_F_OPTIMISTIC | \
47 IFA_F_DADFAILED | \
48 IFA_F_HOMEADDRESS | \
49 IFA_F_TENTATIVE | \
50 IFA_F_MANAGETEMPADDR | \
51 IFA_F_STABLE_PRIVACY)
52
53 /* We do not control the following flags. */
54 #define UNMANAGED_FLAGS \
55 (IFA_F_SECONDARY | \
56 IFA_F_DADFAILED | \
57 IFA_F_DEPRECATED | \
58 IFA_F_TENTATIVE | \
59 IFA_F_PERMANENT | \
60 IFA_F_STABLE_PRIVACY)
61
62 int address_flags_to_string_alloc(uint32_t flags, int family, char **ret) {
63 _cleanup_free_ char *str = NULL;
64 static const char* map[] = {
65 [LOG2U(IFA_F_SECONDARY)] = "secondary", /* This is also called "temporary" for ipv6. */
66 [LOG2U(IFA_F_NODAD)] = "nodad",
67 [LOG2U(IFA_F_OPTIMISTIC)] = "optimistic",
68 [LOG2U(IFA_F_DADFAILED)] = "dadfailed",
69 [LOG2U(IFA_F_HOMEADDRESS)] = "home-address",
70 [LOG2U(IFA_F_DEPRECATED)] = "deprecated",
71 [LOG2U(IFA_F_TENTATIVE)] = "tentative",
72 [LOG2U(IFA_F_PERMANENT)] = "permanent",
73 [LOG2U(IFA_F_MANAGETEMPADDR)] = "manage-temporary-address",
74 [LOG2U(IFA_F_NOPREFIXROUTE)] = "no-prefixroute",
75 [LOG2U(IFA_F_MCAUTOJOIN)] = "auto-join",
76 [LOG2U(IFA_F_STABLE_PRIVACY)] = "stable-privacy",
77 };
78
79 assert(IN_SET(family, AF_INET, AF_INET6));
80 assert(ret);
81
82 for (size_t i = 0; i < ELEMENTSOF(map); i++)
83 if (FLAGS_SET(flags, 1 << i) && map[i])
84 if (!strextend_with_separator(
85 &str, ",",
86 family == AF_INET6 && (1 << i) == IFA_F_SECONDARY ? "temporary" : map[i]))
87 return -ENOMEM;
88
89 *ret = TAKE_PTR(str);
90 return 0;
91 }
92
93 static LinkAddressState address_state_from_scope(uint8_t scope) {
94 if (scope < RT_SCOPE_SITE)
95 /* universally accessible addresses found */
96 return LINK_ADDRESS_STATE_ROUTABLE;
97
98 if (scope < RT_SCOPE_HOST)
99 /* only link or site local addresses found */
100 return LINK_ADDRESS_STATE_DEGRADED;
101
102 /* no useful addresses found */
103 return LINK_ADDRESS_STATE_OFF;
104 }
105
106 void link_get_address_states(
107 Link *link,
108 LinkAddressState *ret_ipv4,
109 LinkAddressState *ret_ipv6,
110 LinkAddressState *ret_all) {
111
112 uint8_t ipv4_scope = RT_SCOPE_NOWHERE, ipv6_scope = RT_SCOPE_NOWHERE;
113 Address *address;
114
115 assert(link);
116
117 SET_FOREACH(address, link->addresses) {
118 if (!address_is_ready(address))
119 continue;
120
121 if (address->family == AF_INET)
122 ipv4_scope = MIN(ipv4_scope, address->scope);
123
124 if (address->family == AF_INET6)
125 ipv6_scope = MIN(ipv6_scope, address->scope);
126 }
127
128 if (ret_ipv4)
129 *ret_ipv4 = address_state_from_scope(ipv4_scope);
130 if (ret_ipv6)
131 *ret_ipv6 = address_state_from_scope(ipv6_scope);
132 if (ret_all)
133 *ret_all = address_state_from_scope(MIN(ipv4_scope, ipv6_scope));
134 }
135
136 static void address_hash_func(const Address *a, struct siphash *state);
137 static int address_compare_func(const Address *a1, const Address *a2);
138 static void address_detach(Address *address);
139
140 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
141 address_hash_ops_detach,
142 Address,
143 address_hash_func,
144 address_compare_func,
145 address_detach);
146
147 DEFINE_HASH_OPS(
148 address_hash_ops,
149 Address,
150 address_hash_func,
151 address_compare_func);
152
153 DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
154 address_section_hash_ops,
155 ConfigSection,
156 config_section_hash_func,
157 config_section_compare_func,
158 Address,
159 address_detach);
160
161 int address_new(Address **ret) {
162 _cleanup_(address_unrefp) Address *address = NULL;
163
164 address = new(Address, 1);
165 if (!address)
166 return -ENOMEM;
167
168 *address = (Address) {
169 .n_ref = 1,
170 .family = AF_UNSPEC,
171 .scope = RT_SCOPE_UNIVERSE,
172 .lifetime_valid_usec = USEC_INFINITY,
173 .lifetime_preferred_usec = USEC_INFINITY,
174 .set_broadcast = -1,
175 };
176
177 *ret = TAKE_PTR(address);
178
179 return 0;
180 }
181
182 int address_new_static(Network *network, const char *filename, unsigned section_line, Address **ret) {
183 _cleanup_(config_section_freep) ConfigSection *n = NULL;
184 _cleanup_(address_unrefp) Address *address = NULL;
185 int r;
186
187 assert(network);
188 assert(ret);
189 assert(filename);
190 assert(section_line > 0);
191
192 r = config_section_new(filename, section_line, &n);
193 if (r < 0)
194 return r;
195
196 address = ordered_hashmap_get(network->addresses_by_section, n);
197 if (address) {
198 *ret = TAKE_PTR(address);
199 return 0;
200 }
201
202 if (ordered_hashmap_size(network->addresses_by_section) >= STATIC_ADDRESSES_PER_NETWORK_MAX)
203 return -E2BIG;
204
205 r = address_new(&address);
206 if (r < 0)
207 return r;
208
209 address->network = network;
210 address->section = TAKE_PTR(n);
211 address->source = NETWORK_CONFIG_SOURCE_STATIC;
212 /* This will be adjusted in address_section_verify(). */
213 address->duplicate_address_detection = _ADDRESS_FAMILY_INVALID;
214
215 r = ordered_hashmap_ensure_put(&network->addresses_by_section, &address_section_hash_ops, address->section, address);
216 if (r < 0)
217 return r;
218
219 *ret = TAKE_PTR(address);
220 return 0;
221 }
222
223 static Address* address_detach_impl(Address *address) {
224 assert(address);
225 assert(!address->link || !address->network);
226
227 if (address->network) {
228 assert(address->section);
229 ordered_hashmap_remove(address->network->addresses_by_section, address->section);
230
231 if (address->network->dhcp_server_address == address)
232 address->network->dhcp_server_address = NULL;
233
234 address->network = NULL;
235 return address;
236 }
237
238 if (address->link) {
239 set_remove(address->link->addresses, address);
240
241 address->link = NULL;
242 return address;
243 }
244
245 return NULL;
246 }
247
248 static void address_detach(Address *address) {
249 assert(address);
250
251 address_unref(address_detach_impl(address));
252 }
253
254 static Address* address_free(Address *address) {
255 if (!address)
256 return NULL;
257
258 address_detach_impl(address);
259
260 config_section_free(address->section);
261 free(address->label);
262 free(address->netlabel);
263 nft_set_context_clear(&address->nft_set_context);
264 return mfree(address);
265 }
266
267 DEFINE_TRIVIAL_REF_UNREF_FUNC(Address, address, address_free);
268
269 static bool address_lifetime_is_valid(const Address *a) {
270 assert(a);
271
272 return
273 a->lifetime_valid_usec == USEC_INFINITY ||
274 a->lifetime_valid_usec > now(CLOCK_BOOTTIME);
275 }
276
277 bool address_is_ready(const Address *a) {
278 assert(a);
279 assert(a->link);
280
281 if (!ipv4acd_bound(a->link, a))
282 return false;
283
284 if (FLAGS_SET(a->flags, IFA_F_TENTATIVE))
285 return false;
286
287 if (FLAGS_SET(a->state, NETWORK_CONFIG_STATE_REMOVING))
288 return false;
289
290 if (!FLAGS_SET(a->state, NETWORK_CONFIG_STATE_CONFIGURED))
291 return false;
292
293 return address_lifetime_is_valid(a);
294 }
295
296 bool link_check_addresses_ready(Link *link, NetworkConfigSource source) {
297 Address *a;
298 bool has = false;
299
300 assert(link);
301
302 /* Check if all addresses on the interface are ready. If there is no address, this will return false. */
303
304 SET_FOREACH(a, link->addresses) {
305 if (source >= 0 && a->source != source)
306 continue;
307 if (address_is_marked(a))
308 continue;
309 if (!address_exists(a))
310 continue;
311 if (!address_is_ready(a))
312 return false;
313 has = true;
314 }
315
316 return has;
317 }
318
319 void link_mark_addresses(Link *link, NetworkConfigSource source) {
320 Address *a;
321
322 assert(link);
323
324 SET_FOREACH(a, link->addresses) {
325 if (a->source != source)
326 continue;
327
328 address_mark(a);
329 }
330 }
331
332 static int address_get_broadcast(const Address *a, Link *link, struct in_addr *ret) {
333 struct in_addr b_addr = {};
334
335 assert(a);
336 assert(link);
337
338 /* Returns 0 when broadcast address is null, 1 when non-null broadcast address, -EAGAIN when the main
339 * address is null. */
340
341 /* broadcast is only for IPv4. */
342 if (a->family != AF_INET)
343 goto finalize;
344
345 /* broadcast address cannot be used when peer address is specified. */
346 if (in4_addr_is_set(&a->in_addr_peer.in))
347 goto finalize;
348
349 /* A /31 or /32 IPv4 address does not have a broadcast address.
350 * See https://tools.ietf.org/html/rfc3021 */
351 if (a->prefixlen > 30)
352 goto finalize;
353
354 /* If explicitly configured, use the address as is. */
355 if (in4_addr_is_set(&a->broadcast)) {
356 b_addr = a->broadcast;
357 goto finalize;
358 }
359
360 /* If explicitly disabled, then return null address. */
361 if (a->set_broadcast == 0)
362 goto finalize;
363
364 /* For wireguard interfaces, broadcast is disabled by default. */
365 if (a->set_broadcast < 0 && streq_ptr(link->kind, "wireguard"))
366 goto finalize;
367
368 /* If the main address is null, e.g. Address=0.0.0.0/24, the broadcast address will be automatically
369 * determined after an address is acquired. */
370 if (!in4_addr_is_set(&a->in_addr.in))
371 return -EAGAIN;
372
373 /* Otherwise, generate a broadcast address from the main address and prefix length. */
374 b_addr.s_addr = a->in_addr.in.s_addr | htobe32(UINT32_C(0xffffffff) >> a->prefixlen);
375
376 finalize:
377 if (ret)
378 *ret = b_addr;
379
380 return in4_addr_is_set(&b_addr);
381 }
382
383 static void address_set_broadcast(Address *a, Link *link) {
384 assert(a);
385 assert_se(address_get_broadcast(a, link, &a->broadcast) >= 0);
386 }
387
388 static void address_set_cinfo(Manager *m, const Address *a, struct ifa_cacheinfo *cinfo) {
389 usec_t now_usec;
390
391 assert(m);
392 assert(a);
393 assert(cinfo);
394
395 assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0);
396
397 *cinfo = (struct ifa_cacheinfo) {
398 .ifa_valid = usec_to_sec(a->lifetime_valid_usec, now_usec),
399 .ifa_prefered = usec_to_sec(a->lifetime_preferred_usec, now_usec),
400 };
401 }
402
403 static void address_set_lifetime(Manager *m, Address *a, const struct ifa_cacheinfo *cinfo) {
404 usec_t now_usec;
405
406 assert(m);
407 assert(a);
408 assert(cinfo);
409
410 assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0);
411
412 a->lifetime_valid_usec = sec_to_usec(cinfo->ifa_valid, now_usec);
413 a->lifetime_preferred_usec = sec_to_usec(cinfo->ifa_prefered, now_usec);
414 }
415
416 static bool address_is_static_null(const Address *address) {
417 assert(address);
418
419 if (!address->network)
420 return false;
421
422 if (!address->requested_as_null)
423 return false;
424
425 assert(!in_addr_is_set(address->family, &address->in_addr));
426 return true;
427 }
428
429 static int address_ipv4_prefix(const Address *a, struct in_addr *ret) {
430 struct in_addr p;
431 int r;
432
433 assert(a);
434 assert(a->family == AF_INET);
435 assert(ret);
436
437 p = in4_addr_is_set(&a->in_addr_peer.in) ? a->in_addr_peer.in : a->in_addr.in;
438 r = in4_addr_mask(&p, a->prefixlen);
439 if (r < 0)
440 return r;
441
442 *ret = p;
443 return 0;
444 }
445
446 static void address_hash_func(const Address *a, struct siphash *state) {
447 assert(a);
448
449 siphash24_compress_typesafe(a->family, state);
450
451 switch (a->family) {
452 case AF_INET: {
453 struct in_addr prefix;
454
455 siphash24_compress_typesafe(a->prefixlen, state);
456
457 assert_se(address_ipv4_prefix(a, &prefix) >= 0);
458 siphash24_compress_typesafe(prefix, state);
459
460 siphash24_compress_typesafe(a->in_addr.in, state);
461 break;
462 }
463 case AF_INET6:
464 siphash24_compress_typesafe(a->in_addr.in6, state);
465
466 if (in6_addr_is_null(&a->in_addr.in6))
467 siphash24_compress_typesafe(a->prefixlen, state);
468 break;
469
470 default:
471 /* treat any other address family as AF_UNSPEC */
472 break;
473 }
474 }
475
476 static int address_compare_func(const Address *a1, const Address *a2) {
477 int r;
478
479 r = CMP(a1->family, a2->family);
480 if (r != 0)
481 return r;
482
483 switch (a1->family) {
484 case AF_INET: {
485 struct in_addr p1, p2;
486
487 /* See kernel's find_matching_ifa() in net/ipv4/devinet.c */
488 r = CMP(a1->prefixlen, a2->prefixlen);
489 if (r != 0)
490 return r;
491
492 assert_se(address_ipv4_prefix(a1, &p1) >= 0);
493 assert_se(address_ipv4_prefix(a2, &p2) >= 0);
494 r = memcmp(&p1, &p2, sizeof(p1));
495 if (r != 0)
496 return r;
497
498 return memcmp(&a1->in_addr.in, &a2->in_addr.in, sizeof(a1->in_addr.in));
499 }
500 case AF_INET6:
501 /* See kernel's ipv6_get_ifaddr() in net/ipv6/addrconf.c */
502 r = memcmp(&a1->in_addr.in6, &a2->in_addr.in6, sizeof(a1->in_addr.in6));
503 if (r != 0)
504 return r;
505
506 /* To distinguish IPv6 null addresses with different prefixlen, e.g. ::48 vs ::64, let's
507 * compare the prefix length. */
508 if (in6_addr_is_null(&a1->in_addr.in6))
509 r = CMP(a1->prefixlen, a2->prefixlen);
510
511 return r;
512
513 default:
514 /* treat any other address family as AF_UNSPEC */
515 return 0;
516 }
517 }
518
519 static bool address_can_update(const Address *la, const Address *na) {
520 assert(la);
521 assert(la->link);
522 assert(na);
523 assert(na->network);
524
525 /*
526 * property | IPv4 | IPv6
527 * -----------------------------------------
528 * family | ✗ | ✗
529 * prefixlen | ✗ | ✗
530 * address | ✗ | ✗
531 * scope | ✗ | -
532 * label | ✗ | -
533 * broadcast | ✗ | -
534 * peer | ✗ | ✓
535 * flags | ✗ | ✓
536 * lifetime | ✓ | ✓
537 * route metric | ✓ | ✓
538 * protocol | ✓ | ✓
539 *
540 * ✗ : cannot be changed
541 * ✓ : can be changed
542 * - : unused
543 *
544 * IPv4 : See inet_rtm_newaddr() in net/ipv4/devinet.c.
545 * IPv6 : See inet6_addr_modify() in net/ipv6/addrconf.c.
546 */
547
548 if (la->family != na->family)
549 return false;
550
551 if (la->prefixlen != na->prefixlen)
552 return false;
553
554 /* When a null address is requested, the address to be assigned/updated will be determined later. */
555 if (!address_is_static_null(na) &&
556 in_addr_equal(la->family, &la->in_addr, &na->in_addr) <= 0)
557 return false;
558
559 switch (la->family) {
560 case AF_INET: {
561 struct in_addr bcast;
562
563 if (la->scope != na->scope)
564 return false;
565 if (((la->flags ^ na->flags) & KNOWN_FLAGS & ~IPV6ONLY_FLAGS & ~UNMANAGED_FLAGS) != 0)
566 return false;
567 if (!streq_ptr(la->label, na->label))
568 return false;
569 if (!in4_addr_equal(&la->in_addr_peer.in, &na->in_addr_peer.in))
570 return false;
571 if (address_get_broadcast(na, la->link, &bcast) >= 0) {
572 /* If the broadcast address can be determined now, check if they match. */
573 if (!in4_addr_equal(&la->broadcast, &bcast))
574 return false;
575 } else {
576 /* When a null address is requested, then the broadcast address will be
577 * automatically calculated from the acquired address, e.g.
578 * 192.168.0.10/24 -> 192.168.0.255
579 * So, here let's only check if the broadcast is the last address in the range, e.g.
580 * 0.0.0.0/24 -> 0.0.0.255 */
581 if (!FLAGS_SET(la->broadcast.s_addr, htobe32(UINT32_C(0xffffffff) >> la->prefixlen)))
582 return false;
583 }
584 break;
585 }
586 case AF_INET6:
587 break;
588
589 default:
590 assert_not_reached();
591 }
592
593 return true;
594 }
595
596 int address_dup(const Address *src, Address **ret) {
597 _cleanup_(address_unrefp) Address *dest = NULL;
598 int r;
599
600 assert(src);
601 assert(ret);
602
603 dest = newdup(Address, src, 1);
604 if (!dest)
605 return -ENOMEM;
606
607 /* clear the reference counter and all pointers */
608 dest->n_ref = 1;
609 dest->network = NULL;
610 dest->section = NULL;
611 dest->link = NULL;
612 dest->label = NULL;
613 dest->netlabel = NULL;
614 dest->nft_set_context.sets = NULL;
615 dest->nft_set_context.n_sets = 0;
616
617 if (src->family == AF_INET) {
618 r = strdup_or_null(src->label, &dest->label);
619 if (r < 0)
620 return r;
621 }
622
623 r = strdup_or_null(src->netlabel, &dest->netlabel);
624 if (r < 0)
625 return r;
626
627 r = nft_set_context_dup(&src->nft_set_context, &dest->nft_set_context);
628 if (r < 0)
629 return r;
630
631 *ret = TAKE_PTR(dest);
632 return 0;
633 }
634
635 static int address_set_masquerade(Address *address, bool add) {
636 union in_addr_union masked;
637 int r;
638
639 assert(address);
640 assert(address->link);
641
642 if (!address->link->network)
643 return 0;
644
645 if (address->family == AF_INET &&
646 !FLAGS_SET(address->link->network->ip_masquerade, ADDRESS_FAMILY_IPV4))
647 return 0;
648
649 if (address->family == AF_INET6 &&
650 !FLAGS_SET(address->link->network->ip_masquerade, ADDRESS_FAMILY_IPV6))
651 return 0;
652
653 if (address->scope >= RT_SCOPE_LINK)
654 return 0;
655
656 if (address->ip_masquerade_done == add)
657 return 0;
658
659 masked = address->in_addr;
660 r = in_addr_mask(address->family, &masked, address->prefixlen);
661 if (r < 0)
662 return r;
663
664 r = fw_add_masquerade(&address->link->manager->fw_ctx, add, address->family, &masked, address->prefixlen);
665 if (r < 0)
666 return r;
667
668 address->ip_masquerade_done = add;
669
670 return 0;
671 }
672
673 static void address_modify_nft_set_context(Address *address, bool add, NFTSetContext *nft_set_context) {
674 int r;
675
676 assert(address);
677 assert(address->link);
678 assert(address->link->manager);
679 assert(nft_set_context);
680
681 if (!address->link->manager->fw_ctx) {
682 r = fw_ctx_new_full(&address->link->manager->fw_ctx, /* init_tables= */ false);
683 if (r < 0)
684 return;
685 }
686
687 FOREACH_ARRAY(nft_set, nft_set_context->sets, nft_set_context->n_sets) {
688 uint32_t ifindex;
689
690 assert(nft_set);
691
692 switch (nft_set->source) {
693 case NFT_SET_SOURCE_ADDRESS:
694 r = nft_set_element_modify_ip(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set,
695 &address->in_addr);
696 break;
697 case NFT_SET_SOURCE_PREFIX:
698 r = nft_set_element_modify_iprange(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set,
699 &address->in_addr, address->prefixlen);
700 break;
701 case NFT_SET_SOURCE_IFINDEX:
702 ifindex = address->link->ifindex;
703 r = nft_set_element_modify_any(address->link->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set,
704 &ifindex, sizeof(ifindex));
705 break;
706 default:
707 assert_not_reached();
708 }
709
710 if (r < 0)
711 log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m",
712 add ? "add" : "delete",
713 nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
714 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
715 else
716 log_debug("%s NFT set: family %s, table %s, set %s, IP address %s",
717 add ? "Added" : "Deleted",
718 nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
719 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
720 }
721 }
722
723 static void address_modify_nft_set(Address *address, bool add) {
724 assert(address);
725 assert(address->link);
726
727 if (!IN_SET(address->family, AF_INET, AF_INET6))
728 return;
729
730 if (!address->link->network)
731 return;
732
733 switch (address->source) {
734 case NETWORK_CONFIG_SOURCE_DHCP4:
735 return address_modify_nft_set_context(address, add, &address->link->network->dhcp_nft_set_context);
736 case NETWORK_CONFIG_SOURCE_DHCP6:
737 return address_modify_nft_set_context(address, add, &address->link->network->dhcp6_nft_set_context);
738 case NETWORK_CONFIG_SOURCE_DHCP_PD:
739 return address_modify_nft_set_context(address, add, &address->link->network->dhcp_pd_nft_set_context);
740 case NETWORK_CONFIG_SOURCE_NDISC:
741 return address_modify_nft_set_context(address, add, &address->link->network->ndisc_nft_set_context);
742 case NETWORK_CONFIG_SOURCE_STATIC:
743 return address_modify_nft_set_context(address, add, &address->nft_set_context);
744 default:
745 return;
746 }
747 }
748
749 static int address_attach(Link *link, Address *address) {
750 int r;
751
752 assert(link);
753 assert(address);
754 assert(!address->link);
755
756 r = set_ensure_put(&link->addresses, &address_hash_ops_detach, address);
757 if (r < 0)
758 return r;
759 if (r == 0)
760 return -EEXIST;
761
762 address->link = link;
763 address_ref(address);
764 return 0;
765 }
766
767 static int address_update(Address *address) {
768 Link *link = ASSERT_PTR(ASSERT_PTR(address)->link);
769 int r;
770
771 if (address_is_ready(address) &&
772 address->family == AF_INET6 &&
773 in6_addr_is_link_local(&address->in_addr.in6) &&
774 in6_addr_is_null(&link->ipv6ll_address)) {
775
776 link->ipv6ll_address = address->in_addr.in6;
777
778 r = link_ipv6ll_gained(link);
779 if (r < 0)
780 return r;
781 }
782
783 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
784 return 0;
785
786 r = address_set_masquerade(address, /* add = */ true);
787 if (r < 0)
788 return log_link_warning_errno(link, r, "Could not enable IP masquerading: %m");
789
790 address_add_netlabel(address);
791
792 address_modify_nft_set(address, /* add = */ true);
793
794 if (address_is_ready(address) && address->callback) {
795 r = address->callback(address);
796 if (r < 0)
797 return r;
798 }
799
800 link_update_operstate(link, /* also_update_master = */ true);
801 link_check_ready(link);
802 return 0;
803 }
804
805 static int address_drop(Address *address) {
806 Link *link = ASSERT_PTR(ASSERT_PTR(address)->link);
807 int r;
808
809 r = address_set_masquerade(address, /* add = */ false);
810 if (r < 0)
811 log_link_warning_errno(link, r, "Failed to disable IP masquerading, ignoring: %m");
812
813 address_modify_nft_set(address, /* add = */ false);
814
815 address_del_netlabel(address);
816
817 /* FIXME: if the IPv6LL address is dropped, stop DHCPv6, NDISC, RADV. */
818 if (address->family == AF_INET6 &&
819 in6_addr_equal(&address->in_addr.in6, &link->ipv6ll_address))
820 link->ipv6ll_address = (const struct in6_addr) {};
821
822 ipv4acd_detach(link, address);
823
824 address_detach(address);
825
826 link_update_operstate(link, /* also_update_master = */ true);
827 link_check_ready(link);
828 return 0;
829 }
830
831 static bool address_match_null(const Address *a, const Address *null_address) {
832 assert(a);
833 assert(null_address);
834
835 if (!a->requested_as_null)
836 return false;
837
838 /* Currently, null address is supported only by static addresses. Note that static
839 * address may be set as foreign during reconfiguring the interface. */
840 if (!IN_SET(a->source, NETWORK_CONFIG_SOURCE_FOREIGN, NETWORK_CONFIG_SOURCE_STATIC))
841 return false;
842
843 if (a->family != null_address->family)
844 return false;
845
846 if (a->prefixlen != null_address->prefixlen)
847 return false;
848
849 return true;
850 }
851
852 static int address_get_request(Link *link, const Address *address, Request **ret) {
853 Request *req;
854
855 assert(link);
856 assert(link->manager);
857 assert(address);
858
859 req = ordered_set_get(
860 link->manager->request_queue,
861 &(Request) {
862 .link = link,
863 .type = REQUEST_TYPE_ADDRESS,
864 .userdata = (void*) address,
865 .hash_func = (hash_func_t) address_hash_func,
866 .compare_func = (compare_func_t) address_compare_func,
867 });
868 if (req) {
869 if (ret)
870 *ret = req;
871 return 0;
872 }
873
874 if (address_is_static_null(address))
875 ORDERED_SET_FOREACH(req, link->manager->request_queue) {
876 if (req->link != link)
877 continue;
878 if (req->type != REQUEST_TYPE_ADDRESS)
879 continue;
880
881 if (!address_match_null(req->userdata, address))
882 continue;
883
884 if (ret)
885 *ret = req;
886
887 return 0;
888 }
889
890 return -ENOENT;
891 }
892
893 int address_get(Link *link, const Address *in, Address **ret) {
894 Address *a;
895
896 assert(link);
897 assert(in);
898
899 a = set_get(link->addresses, in);
900 if (a) {
901 if (ret)
902 *ret = a;
903 return 0;
904 }
905
906 /* Find matching address that originally requested as null address. */
907 if (address_is_static_null(in))
908 SET_FOREACH(a, link->addresses) {
909 if (!address_match_null(a, in))
910 continue;
911
912 if (ret)
913 *ret = a;
914 return 0;
915 }
916
917 return -ENOENT;
918 }
919
920 int address_get_harder(Link *link, const Address *in, Address **ret) {
921 Request *req;
922 int r;
923
924 assert(link);
925 assert(in);
926
927 if (address_get(link, in, ret) >= 0)
928 return 0;
929
930 r = address_get_request(link, in, &req);
931 if (r < 0)
932 return r;
933
934 if (ret)
935 *ret = ASSERT_PTR(req->userdata);
936
937 return 0;
938 }
939
940 int link_get_address(Link *link, int family, const union in_addr_union *address, unsigned char prefixlen, Address **ret) {
941 Address *a;
942 int r;
943
944 assert(link);
945 assert(IN_SET(family, AF_INET, AF_INET6));
946 assert(address);
947
948 /* This find an Address object on the link which matches the given address and prefix length
949 * and does not have peer address. When the prefixlen is zero, then an Address object with an
950 * arbitrary prefixlen will be returned. */
951
952 if (family == AF_INET6 || prefixlen != 0) {
953 _cleanup_(address_unrefp) Address *tmp = NULL;
954
955 /* In this case, we can use address_get(). */
956
957 r = address_new(&tmp);
958 if (r < 0)
959 return r;
960
961 tmp->family = family;
962 tmp->in_addr = *address;
963 tmp->prefixlen = prefixlen;
964
965 r = address_get(link, tmp, &a);
966 if (r < 0)
967 return r;
968
969 if (family == AF_INET6) {
970 /* IPv6 addresses are managed without peer address and prefix length. Hence, we need
971 * to check them explicitly. */
972 if (in_addr_is_set(family, &a->in_addr_peer))
973 return -ENOENT;
974 if (prefixlen != 0 && a->prefixlen != prefixlen)
975 return -ENOENT;
976 }
977
978 if (ret)
979 *ret = a;
980
981 return 0;
982 }
983
984 SET_FOREACH(a, link->addresses) {
985 if (a->family != family)
986 continue;
987
988 if (!in_addr_equal(family, &a->in_addr, address))
989 continue;
990
991 if (in_addr_is_set(family, &a->in_addr_peer))
992 continue;
993
994 if (ret)
995 *ret = a;
996
997 return 0;
998 }
999
1000 return -ENOENT;
1001 }
1002
1003 int manager_get_address(Manager *manager, int family, const union in_addr_union *address, unsigned char prefixlen, Address **ret) {
1004 Link *link;
1005
1006 assert(manager);
1007 assert(IN_SET(family, AF_INET, AF_INET6));
1008 assert(address);
1009
1010 HASHMAP_FOREACH(link, manager->links_by_index) {
1011 if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED))
1012 continue;
1013
1014 if (link_get_address(link, family, address, prefixlen, ret) >= 0)
1015 return 0;
1016 }
1017
1018 return -ENOENT;
1019 }
1020
1021 bool manager_has_address(Manager *manager, int family, const union in_addr_union *address) {
1022 Address *a;
1023
1024 assert(manager);
1025 assert(IN_SET(family, AF_INET, AF_INET6));
1026 assert(address);
1027
1028 if (manager_get_address(manager, family, address, 0, &a) < 0)
1029 return false;
1030
1031 return address_is_ready(a);
1032 }
1033
1034 const char* format_lifetime(char *buf, size_t l, usec_t lifetime_usec) {
1035 assert(buf);
1036 assert(l > 4);
1037
1038 if (lifetime_usec == USEC_INFINITY)
1039 return "forever";
1040
1041 sprintf(buf, "for ");
1042 /* format_timespan() never fails */
1043 assert_se(format_timespan(buf + 4, l - 4, usec_sub_unsigned(lifetime_usec, now(CLOCK_BOOTTIME)), USEC_PER_SEC));
1044 return buf;
1045 }
1046
1047 static void log_address_debug(const Address *address, const char *str, const Link *link) {
1048 _cleanup_free_ char *state = NULL, *flags_str = NULL, *scope_str = NULL;
1049
1050 assert(address);
1051 assert(str);
1052 assert(link);
1053
1054 if (!DEBUG_LOGGING)
1055 return;
1056
1057 (void) network_config_state_to_string_alloc(address->state, &state);
1058
1059 const char *peer = in_addr_is_set(address->family, &address->in_addr_peer) ?
1060 IN_ADDR_TO_STRING(address->family, &address->in_addr_peer) : NULL;
1061
1062 const char *broadcast = (address->family == AF_INET && in4_addr_is_set(&address->broadcast)) ?
1063 IN4_ADDR_TO_STRING(&address->broadcast) : NULL;
1064
1065 (void) address_flags_to_string_alloc(address->flags, address->family, &flags_str);
1066 (void) route_scope_to_string_alloc(address->scope, &scope_str);
1067
1068 log_link_debug(link, "%s %s address (%s): %s%s%s/%u%s%s (valid %s, preferred %s), flags: %s, scope: %s%s%s",
1069 str, strna(network_config_source_to_string(address->source)), strna(state),
1070 IN_ADDR_TO_STRING(address->family, &address->in_addr),
1071 peer ? " peer " : "", strempty(peer), address->prefixlen,
1072 broadcast ? " broadcast " : "", strempty(broadcast),
1073 FORMAT_LIFETIME(address->lifetime_valid_usec),
1074 FORMAT_LIFETIME(address->lifetime_preferred_usec),
1075 strna(flags_str), strna(scope_str),
1076 address->family == AF_INET ? ", label: " : "",
1077 address->family == AF_INET ? strna(address->label) : "");
1078 }
1079
1080 static int address_set_netlink_message(const Address *address, sd_netlink_message *m, Link *link) {
1081 uint32_t flags;
1082 int r;
1083
1084 assert(address);
1085 assert(m);
1086 assert(link);
1087
1088 r = sd_rtnl_message_addr_set_prefixlen(m, address->prefixlen);
1089 if (r < 0)
1090 return r;
1091
1092 /* On remove, only IFA_F_MANAGETEMPADDR flag for IPv6 addresses are used. But anyway, set all
1093 * flags except tentative flag here unconditionally. Without setting the flag, the template
1094 * addresses generated by kernel will not be removed automatically when the main address is
1095 * removed. */
1096 flags = address->flags & ~IFA_F_TENTATIVE;
1097 r = sd_rtnl_message_addr_set_flags(m, flags & 0xff);
1098 if (r < 0)
1099 return r;
1100
1101 if ((flags & ~0xff) != 0) {
1102 r = sd_netlink_message_append_u32(m, IFA_FLAGS, flags);
1103 if (r < 0)
1104 return r;
1105 }
1106
1107 r = netlink_message_append_in_addr_union(m, IFA_LOCAL, address->family, &address->in_addr);
1108 if (r < 0)
1109 return r;
1110
1111 return 0;
1112 }
1113
1114 static int address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, RemoveRequest *rreq) {
1115 int r;
1116
1117 assert(m);
1118 assert(rreq);
1119
1120 Link *link = ASSERT_PTR(rreq->link);
1121 Address *address = ASSERT_PTR(rreq->userdata);
1122
1123 if (link->state == LINK_STATE_LINGER)
1124 return 0;
1125
1126 r = sd_netlink_message_get_errno(m);
1127 if (r < 0) {
1128 log_link_message_full_errno(link, m,
1129 (r == -EADDRNOTAVAIL || !address->link) ? LOG_DEBUG : LOG_WARNING,
1130 r, "Could not drop address");
1131
1132 if (address->link) {
1133 /* If the address cannot be removed, then assume the address is already removed. */
1134 log_address_debug(address, "Forgetting", link);
1135
1136 Request *req;
1137 if (address_get_request(link, address, &req) >= 0)
1138 address_enter_removed(req->userdata);
1139
1140 (void) address_drop(address);
1141 }
1142 }
1143
1144 return 1;
1145 }
1146
1147 int address_remove(Address *address, Link *link) {
1148 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
1149 int r;
1150
1151 assert(address);
1152 assert(IN_SET(address->family, AF_INET, AF_INET6));
1153 assert(link);
1154 assert(link->ifindex > 0);
1155 assert(link->manager);
1156 assert(link->manager->rtnl);
1157
1158 log_address_debug(address, "Removing", link);
1159
1160 r = sd_rtnl_message_new_addr(link->manager->rtnl, &m, RTM_DELADDR,
1161 link->ifindex, address->family);
1162 if (r < 0)
1163 return log_link_warning_errno(link, r, "Could not allocate RTM_DELADDR message: %m");
1164
1165 r = address_set_netlink_message(address, m, link);
1166 if (r < 0)
1167 return log_link_warning_errno(link, r, "Could not set netlink attributes: %m");
1168
1169 r = link_remove_request_add(link, address, address, link->manager->rtnl, m, address_remove_handler);
1170 if (r < 0)
1171 return log_link_warning_errno(link, r, "Could not queue rtnetlink message: %m");
1172
1173 address_enter_removing(address);
1174
1175 /* The operational state is determined by address state and carrier state. Hence, if we remove
1176 * an address, the operational state may be changed. */
1177 link_update_operstate(link, true);
1178 return 0;
1179 }
1180
1181 int address_remove_and_cancel(Address *address, Link *link) {
1182 bool waiting = false;
1183 Request *req;
1184
1185 assert(address);
1186 assert(link);
1187 assert(link->manager);
1188
1189 /* If the address is remembered by the link, then use the remembered object. */
1190 (void) address_get(link, address, &address);
1191
1192 /* Cancel the request for the address. If the request is already called but we have not received the
1193 * notification about the request, then explicitly remove the address. */
1194 if (address_get_request(link, address, &req) >= 0) {
1195 waiting = req->waiting_reply;
1196 request_detach(req);
1197 address_cancel_requesting(address);
1198 }
1199
1200 /* If we know the address will come or already exists, remove it. */
1201 if (waiting || (address->link && address_exists(address)))
1202 return address_remove(address, link);
1203
1204 return 0;
1205 }
1206
1207 bool link_address_is_dynamic(const Link *link, const Address *address) {
1208 Route *route;
1209
1210 assert(link);
1211 assert(link->manager);
1212 assert(address);
1213
1214 if (address->lifetime_preferred_usec != USEC_INFINITY)
1215 return true;
1216
1217 /* Even when the address is leased from a DHCP server, networkd assign the address
1218 * without lifetime when KeepConfiguration=dhcp. So, let's check that we have
1219 * corresponding routes with RTPROT_DHCP. */
1220 SET_FOREACH(route, link->manager->routes) {
1221 if (route->source != NETWORK_CONFIG_SOURCE_FOREIGN)
1222 continue;
1223
1224 /* The route is not assigned yet, or already removed. Ignoring. */
1225 if (!route_exists(route))
1226 continue;
1227
1228 if (route->protocol != RTPROT_DHCP)
1229 continue;
1230
1231 if (route->nexthop.ifindex != link->ifindex)
1232 continue;
1233
1234 if (address->family != route->family)
1235 continue;
1236
1237 if (in_addr_equal(address->family, &address->in_addr, &route->prefsrc))
1238 return true;
1239 }
1240
1241 return false;
1242 }
1243
1244 int link_drop_ipv6ll_addresses(Link *link) {
1245 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
1246 int r;
1247
1248 assert(link);
1249 assert(link->manager);
1250 assert(link->manager->rtnl);
1251
1252 /* IPv6LL address may be in the tentative state, and in that case networkd has not received it.
1253 * So, we need to dump all IPv6 addresses. */
1254
1255 if (link_may_have_ipv6ll(link, /* check_multicast = */ false))
1256 return 0;
1257
1258 r = sd_rtnl_message_new_addr(link->manager->rtnl, &req, RTM_GETADDR, link->ifindex, AF_INET6);
1259 if (r < 0)
1260 return r;
1261
1262 r = sd_netlink_message_set_request_dump(req, true);
1263 if (r < 0)
1264 return r;
1265
1266 r = sd_netlink_call(link->manager->rtnl, req, 0, &reply);
1267 if (r < 0)
1268 return r;
1269
1270 for (sd_netlink_message *addr = reply; addr; addr = sd_netlink_message_next(addr)) {
1271 _cleanup_(address_unrefp) Address *a = NULL;
1272 unsigned char flags, prefixlen;
1273 struct in6_addr address;
1274 int ifindex;
1275
1276 /* NETLINK_GET_STRICT_CHK socket option is supported since kernel 4.20. To support
1277 * older kernels, we need to check ifindex here. */
1278 r = sd_rtnl_message_addr_get_ifindex(addr, &ifindex);
1279 if (r < 0) {
1280 log_link_debug_errno(link, r, "rtnl: received address message without valid ifindex, ignoring: %m");
1281 continue;
1282 } else if (link->ifindex != ifindex)
1283 continue;
1284
1285 r = sd_rtnl_message_addr_get_flags(addr, &flags);
1286 if (r < 0) {
1287 log_link_debug_errno(link, r, "rtnl: received address message without valid flags, ignoring: %m");
1288 continue;
1289 }
1290
1291 r = sd_rtnl_message_addr_get_prefixlen(addr, &prefixlen);
1292 if (r < 0) {
1293 log_link_debug_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m");
1294 continue;
1295 }
1296
1297 if (sd_netlink_message_read_in6_addr(addr, IFA_LOCAL, NULL) >= 0)
1298 /* address with peer, ignoring. */
1299 continue;
1300
1301 r = sd_netlink_message_read_in6_addr(addr, IFA_ADDRESS, &address);
1302 if (r < 0) {
1303 log_link_debug_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1304 continue;
1305 }
1306
1307 if (!in6_addr_is_link_local(&address))
1308 continue;
1309
1310 r = address_new(&a);
1311 if (r < 0)
1312 return -ENOMEM;
1313
1314 a->family = AF_INET6;
1315 a->in_addr.in6 = address;
1316 a->prefixlen = prefixlen;
1317 a->flags = flags;
1318
1319 r = address_remove(a, link);
1320 if (r < 0)
1321 return r;
1322 }
1323
1324 return 0;
1325 }
1326
1327 int link_drop_foreign_addresses(Link *link) {
1328 Address *address;
1329 int r = 0;
1330
1331 assert(link);
1332 assert(link->network);
1333
1334 /* First, mark all addresses. */
1335 SET_FOREACH(address, link->addresses) {
1336 /* We consider IPv6LL addresses to be managed by the kernel, or dropped in link_drop_ipv6ll_addresses() */
1337 if (address->family == AF_INET6 && in6_addr_is_link_local(&address->in_addr.in6))
1338 continue;
1339
1340 /* Do not remove localhost address (127.0.0.1 and ::1) */
1341 if (link->flags & IFF_LOOPBACK && in_addr_is_localhost_one(address->family, &address->in_addr) > 0)
1342 continue;
1343
1344 /* Ignore addresses we configured. */
1345 if (address->source != NETWORK_CONFIG_SOURCE_FOREIGN)
1346 continue;
1347
1348 /* Ignore addresses not assigned yet or already removing. */
1349 if (!address_exists(address))
1350 continue;
1351
1352 /* link_address_is_dynamic() is slightly heavy. Let's call the function only when KeepConfiguration= is set. */
1353 if (IN_SET(link->network->keep_configuration, KEEP_CONFIGURATION_DHCP, KEEP_CONFIGURATION_STATIC) &&
1354 link_address_is_dynamic(link, address) == (link->network->keep_configuration == KEEP_CONFIGURATION_DHCP))
1355 continue;
1356
1357 address_mark(address);
1358 }
1359
1360 /* Then, unmark requested addresses. */
1361 ORDERED_HASHMAP_FOREACH(address, link->network->addresses_by_section) {
1362 Address *existing;
1363
1364 if (address_get(link, address, &existing) < 0)
1365 continue;
1366
1367 if (!address_can_update(existing, address))
1368 continue;
1369
1370 /* Found matching static configuration. Keep the existing address. */
1371 address_unmark(existing);
1372 }
1373
1374 /* Finally, remove all marked addresses. */
1375 SET_FOREACH(address, link->addresses) {
1376 if (!address_is_marked(address))
1377 continue;
1378
1379 RET_GATHER(r, address_remove(address, link));
1380 }
1381
1382 return r;
1383 }
1384
1385 int link_drop_managed_addresses(Link *link) {
1386 Address *address;
1387 int r = 0;
1388
1389 assert(link);
1390
1391 SET_FOREACH(address, link->addresses) {
1392 /* Do not touch addresses managed by kernel or other tools. */
1393 if (address->source == NETWORK_CONFIG_SOURCE_FOREIGN)
1394 continue;
1395
1396 /* Ignore addresses not assigned yet or already removing. */
1397 if (!address_exists(address))
1398 continue;
1399
1400 RET_GATHER(r, address_remove(address, link));
1401 }
1402
1403 return r;
1404 }
1405
1406 void link_foreignize_addresses(Link *link) {
1407 Address *address;
1408
1409 assert(link);
1410
1411 SET_FOREACH(address, link->addresses)
1412 address->source = NETWORK_CONFIG_SOURCE_FOREIGN;
1413 }
1414
1415 static int address_acquire(Link *link, const Address *original, Address **ret) {
1416 _cleanup_(address_unrefp) Address *na = NULL;
1417 union in_addr_union in_addr;
1418 int r;
1419
1420 assert(link);
1421 assert(original);
1422 assert(ret);
1423
1424 /* Something useful was configured? just use it */
1425 if (in_addr_is_set(original->family, &original->in_addr))
1426 return address_dup(original, ret);
1427
1428 /* The address is configured to be 0.0.0.0 or [::] by the user?
1429 * Then let's acquire something more useful from the pool. */
1430 r = address_pool_acquire(link->manager, original->family, original->prefixlen, &in_addr);
1431 if (r < 0)
1432 return r;
1433 if (r == 0)
1434 return -EBUSY;
1435
1436 /* Pick first address in range for ourselves. */
1437 if (original->family == AF_INET)
1438 in_addr.in.s_addr = in_addr.in.s_addr | htobe32(1);
1439 else if (original->family == AF_INET6)
1440 in_addr.in6.s6_addr[15] |= 1;
1441
1442 r = address_dup(original, &na);
1443 if (r < 0)
1444 return r;
1445
1446 na->in_addr = in_addr;
1447
1448 *ret = TAKE_PTR(na);
1449 return 0;
1450 }
1451
1452 int address_configure_handler_internal(sd_netlink *rtnl, sd_netlink_message *m, Link *link, const char *error_msg) {
1453 int r;
1454
1455 assert(rtnl);
1456 assert(m);
1457 assert(link);
1458 assert(error_msg);
1459
1460 r = sd_netlink_message_get_errno(m);
1461 if (r < 0 && r != -EEXIST) {
1462 log_link_message_warning_errno(link, m, r, error_msg);
1463 link_enter_failed(link);
1464 return 0;
1465 }
1466
1467 return 1;
1468 }
1469
1470 static int address_configure(const Address *address, const struct ifa_cacheinfo *c, Link *link, Request *req) {
1471 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
1472 int r;
1473
1474 assert(address);
1475 assert(IN_SET(address->family, AF_INET, AF_INET6));
1476 assert(c);
1477 assert(link);
1478 assert(link->ifindex > 0);
1479 assert(link->manager);
1480 assert(link->manager->rtnl);
1481 assert(req);
1482
1483 log_address_debug(address, "Configuring", link);
1484
1485 r = sd_rtnl_message_new_addr_update(link->manager->rtnl, &m, link->ifindex, address->family);
1486 if (r < 0)
1487 return r;
1488
1489 r = address_set_netlink_message(address, m, link);
1490 if (r < 0)
1491 return r;
1492
1493 r = sd_rtnl_message_addr_set_scope(m, address->scope);
1494 if (r < 0)
1495 return r;
1496
1497 if (address->family == AF_INET6 || in_addr_is_set(address->family, &address->in_addr_peer)) {
1498 r = netlink_message_append_in_addr_union(m, IFA_ADDRESS, address->family, &address->in_addr_peer);
1499 if (r < 0)
1500 return r;
1501 } else if (in4_addr_is_set(&address->broadcast)) {
1502 r = sd_netlink_message_append_in_addr(m, IFA_BROADCAST, &address->broadcast);
1503 if (r < 0)
1504 return r;
1505 }
1506
1507 if (address->family == AF_INET && address->label) {
1508 r = sd_netlink_message_append_string(m, IFA_LABEL, address->label);
1509 if (r < 0)
1510 return r;
1511 }
1512
1513 r = sd_netlink_message_append_cache_info(m, IFA_CACHEINFO, c);
1514 if (r < 0)
1515 return r;
1516
1517 r = sd_netlink_message_append_u32(m, IFA_RT_PRIORITY, address->route_metric);
1518 if (r < 0)
1519 return r;
1520
1521 return request_call_netlink_async(link->manager->rtnl, m, req);
1522 }
1523
1524 static bool address_is_ready_to_configure(Link *link, const Address *address) {
1525 assert(link);
1526 assert(address);
1527
1528 if (!link_is_ready_to_configure(link, false))
1529 return false;
1530
1531 if (!ipv4acd_bound(link, address))
1532 return false;
1533
1534 /* Refuse adding more than the limit */
1535 if (set_size(link->addresses) >= ADDRESSES_PER_LINK_MAX)
1536 return false;
1537
1538 return true;
1539 }
1540
1541 static int address_process_request(Request *req, Link *link, Address *address) {
1542 Address *existing;
1543 struct ifa_cacheinfo c;
1544 int r;
1545
1546 assert(req);
1547 assert(link);
1548 assert(address);
1549
1550 if (!address_is_ready_to_configure(link, address))
1551 return 0;
1552
1553 address_set_cinfo(link->manager, address, &c);
1554 if (c.ifa_valid == 0) {
1555 log_link_debug(link, "Refuse to configure %s address %s, as its valid lifetime is zero.",
1556 network_config_source_to_string(address->source),
1557 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
1558
1559 address_cancel_requesting(address);
1560 if (address_get(link, address, &existing) >= 0)
1561 address_cancel_requesting(existing);
1562 return 1;
1563 }
1564
1565 r = address_configure(address, &c, link, req);
1566 if (r < 0)
1567 return log_link_warning_errno(link, r, "Failed to configure address: %m");
1568
1569 address_enter_configuring(address);
1570 if (address_get(link, address, &existing) >= 0)
1571 address_enter_configuring(existing);
1572
1573 return 1;
1574 }
1575
1576 int link_request_address(
1577 Link *link,
1578 const Address *address,
1579 unsigned *message_counter,
1580 address_netlink_handler_t netlink_handler,
1581 Request **ret) {
1582
1583 _cleanup_(address_unrefp) Address *tmp = NULL;
1584 Address *existing = NULL;
1585 int r;
1586
1587 assert(link);
1588 assert(address);
1589 assert(address->source != NETWORK_CONFIG_SOURCE_FOREIGN);
1590
1591 if (address->lifetime_valid_usec == 0)
1592 /* The requested address is outdated. Let's ignore the request. */
1593 return 0;
1594
1595 if (address_get(link, address, &existing) < 0) {
1596 if (address_get_request(link, address, NULL) >= 0)
1597 return 0; /* already requested, skipping. */
1598
1599 r = address_acquire(link, address, &tmp);
1600 if (r < 0)
1601 return log_link_warning_errno(link, r, "Failed to acquire an address from pool: %m");
1602
1603 } else {
1604 r = address_dup(address, &tmp);
1605 if (r < 0)
1606 return log_oom();
1607
1608 /* Copy already assigned address when it is requested as a null address. */
1609 if (address_is_static_null(address))
1610 tmp->in_addr = existing->in_addr;
1611
1612 /* Copy state for logging below. */
1613 tmp->state = existing->state;
1614 }
1615
1616 address_set_broadcast(tmp, link);
1617
1618 r = ipv4acd_configure(link, tmp);
1619 if (r < 0)
1620 return r;
1621
1622 log_address_debug(tmp, "Requesting", link);
1623 r = link_queue_request_safe(link, REQUEST_TYPE_ADDRESS,
1624 tmp,
1625 address_unref,
1626 address_hash_func,
1627 address_compare_func,
1628 address_process_request,
1629 message_counter, netlink_handler, ret);
1630 if (r < 0)
1631 return log_link_warning_errno(link, r, "Failed to request address: %m");
1632 if (r == 0)
1633 return 0;
1634
1635 address_enter_requesting(tmp);
1636 if (existing)
1637 address_enter_requesting(existing);
1638
1639 TAKE_PTR(tmp);
1640 return 1;
1641 }
1642
1643 static int static_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Address *address) {
1644 int r;
1645
1646 assert(link);
1647
1648 r = address_configure_handler_internal(rtnl, m, link, "Failed to set static address");
1649 if (r <= 0)
1650 return r;
1651
1652 if (link->static_address_messages == 0) {
1653 log_link_debug(link, "Addresses set");
1654 link->static_addresses_configured = true;
1655 link_check_ready(link);
1656 }
1657
1658 return 1;
1659 }
1660
1661 int link_request_static_address(Link *link, const Address *address) {
1662 assert(link);
1663 assert(address);
1664 assert(address->source == NETWORK_CONFIG_SOURCE_STATIC);
1665
1666 return link_request_address(link, address, &link->static_address_messages,
1667 static_address_handler, NULL);
1668 }
1669
1670 int link_request_static_addresses(Link *link) {
1671 Address *a;
1672 int r;
1673
1674 assert(link);
1675 assert(link->network);
1676
1677 link->static_addresses_configured = false;
1678
1679 ORDERED_HASHMAP_FOREACH(a, link->network->addresses_by_section) {
1680 r = link_request_static_address(link, a);
1681 if (r < 0)
1682 return r;
1683 }
1684
1685 r = link_request_radv_addresses(link);
1686 if (r < 0)
1687 return r;
1688
1689 if (link->static_address_messages == 0) {
1690 link->static_addresses_configured = true;
1691 link_check_ready(link);
1692 } else {
1693 log_link_debug(link, "Setting addresses");
1694 link_set_state(link, LINK_STATE_CONFIGURING);
1695 }
1696
1697 return 0;
1698 }
1699
1700 int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) {
1701 _cleanup_(address_unrefp) Address *tmp = NULL;
1702 struct ifa_cacheinfo cinfo;
1703 Link *link;
1704 uint16_t type;
1705 Address *address = NULL;
1706 Request *req = NULL;
1707 bool is_new = false, update_dhcp4;
1708 int ifindex, r;
1709
1710 assert(rtnl);
1711 assert(message);
1712 assert(m);
1713
1714 if (sd_netlink_message_is_error(message)) {
1715 r = sd_netlink_message_get_errno(message);
1716 if (r < 0)
1717 log_message_warning_errno(message, r, "rtnl: failed to receive address message, ignoring");
1718
1719 return 0;
1720 }
1721
1722 r = sd_netlink_message_get_type(message, &type);
1723 if (r < 0) {
1724 log_warning_errno(r, "rtnl: could not get message type, ignoring: %m");
1725 return 0;
1726 } else if (!IN_SET(type, RTM_NEWADDR, RTM_DELADDR)) {
1727 log_warning("rtnl: received unexpected message type %u when processing address, ignoring.", type);
1728 return 0;
1729 }
1730
1731 r = sd_rtnl_message_addr_get_ifindex(message, &ifindex);
1732 if (r < 0) {
1733 log_warning_errno(r, "rtnl: could not get ifindex from message, ignoring: %m");
1734 return 0;
1735 } else if (ifindex <= 0) {
1736 log_warning("rtnl: received address message with invalid ifindex %d, ignoring.", ifindex);
1737 return 0;
1738 }
1739
1740 r = link_get_by_index(m, ifindex, &link);
1741 if (r < 0) {
1742 /* when enumerating we might be out of sync, but we will get the address again, so just
1743 * ignore it */
1744 if (!m->enumerating)
1745 log_warning("rtnl: received address for link '%d' we don't know about, ignoring.", ifindex);
1746 return 0;
1747 }
1748
1749 r = address_new(&tmp);
1750 if (r < 0)
1751 return log_oom();
1752
1753 /* First, read minimal information to make address_get() work below. */
1754
1755 r = sd_rtnl_message_addr_get_family(message, &tmp->family);
1756 if (r < 0) {
1757 log_link_warning(link, "rtnl: received address message without family, ignoring.");
1758 return 0;
1759 } else if (!IN_SET(tmp->family, AF_INET, AF_INET6)) {
1760 log_link_debug(link, "rtnl: received address message with invalid family '%i', ignoring.", tmp->family);
1761 return 0;
1762 }
1763
1764 r = sd_rtnl_message_addr_get_prefixlen(message, &tmp->prefixlen);
1765 if (r < 0) {
1766 log_link_warning_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m");
1767 return 0;
1768 }
1769
1770 switch (tmp->family) {
1771 case AF_INET:
1772 r = sd_netlink_message_read_in_addr(message, IFA_LOCAL, &tmp->in_addr.in);
1773 if (r < 0) {
1774 log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1775 return 0;
1776 }
1777
1778 r = sd_netlink_message_read_in_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in);
1779 if (r < 0 && r != -ENODATA) {
1780 log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m");
1781 return 0;
1782 } else if (r >= 0) {
1783 if (in4_addr_equal(&tmp->in_addr.in, &tmp->in_addr_peer.in))
1784 tmp->in_addr_peer = IN_ADDR_NULL;
1785 }
1786
1787 break;
1788
1789 case AF_INET6:
1790 r = sd_netlink_message_read_in6_addr(message, IFA_LOCAL, &tmp->in_addr.in6);
1791 if (r >= 0) {
1792 /* Have peer address. */
1793 r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in6);
1794 if (r < 0) {
1795 log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m");
1796 return 0;
1797 }
1798 } else if (r == -ENODATA) {
1799 /* Does not have peer address. */
1800 r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr.in6);
1801 if (r < 0) {
1802 log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1803 return 0;
1804 }
1805 } else {
1806 log_link_warning_errno(link, r, "rtnl: could not get local address from address message, ignoring: %m");
1807 return 0;
1808 }
1809
1810 break;
1811
1812 default:
1813 assert_not_reached();
1814 }
1815
1816 update_dhcp4 = tmp->family == AF_INET6;
1817
1818 /* Then, find the managed Address and Request objects corresponding to the received address. */
1819 (void) address_get(link, tmp, &address);
1820 (void) address_get_request(link, tmp, &req);
1821
1822 if (type == RTM_DELADDR) {
1823 if (address) {
1824 address_enter_removed(address);
1825 log_address_debug(address, "Forgetting removed", link);
1826 (void) address_drop(address);
1827 } else
1828 log_address_debug(tmp, "Kernel removed unknown", link);
1829
1830 if (req)
1831 address_enter_removed(req->userdata);
1832
1833 goto finalize;
1834 }
1835
1836 if (!address) {
1837 /* If we did not know the address, then save it. */
1838 r = address_attach(link, tmp);
1839 if (r < 0) {
1840 log_link_warning_errno(link, r, "Failed to save received address %s, ignoring: %m",
1841 IN_ADDR_PREFIX_TO_STRING(tmp->family, &tmp->in_addr, tmp->prefixlen));
1842 return 0;
1843 }
1844 address = tmp;
1845
1846 is_new = true;
1847
1848 } else {
1849 /* Otherwise, update the managed Address object with the netlink notification. */
1850 address->prefixlen = tmp->prefixlen;
1851 address->in_addr_peer = tmp->in_addr_peer;
1852 }
1853
1854 /* Also update information that cannot be obtained through netlink notification. */
1855 if (req && req->waiting_reply) {
1856 Address *a = ASSERT_PTR(req->userdata);
1857
1858 address->source = a->source;
1859 address->provider = a->provider;
1860 (void) free_and_strdup_warn(&address->netlabel, a->netlabel);
1861 nft_set_context_clear(&address->nft_set_context);
1862 (void) nft_set_context_dup(&a->nft_set_context, &address->nft_set_context);
1863 address->requested_as_null = a->requested_as_null;
1864 address->callback = a->callback;
1865 }
1866
1867 /* Then, update miscellaneous info. */
1868 r = sd_rtnl_message_addr_get_scope(message, &address->scope);
1869 if (r < 0)
1870 log_link_debug_errno(link, r, "rtnl: received address message without scope, ignoring: %m");
1871
1872 if (address->family == AF_INET) {
1873 _cleanup_free_ char *label = NULL;
1874
1875 r = sd_netlink_message_read_string_strdup(message, IFA_LABEL, &label);
1876 if (r >= 0) {
1877 if (!streq_ptr(label, link->ifname))
1878 free_and_replace(address->label, label);
1879 } else if (r != -ENODATA)
1880 log_link_debug_errno(link, r, "rtnl: could not get label from address message, ignoring: %m");
1881
1882 r = sd_netlink_message_read_in_addr(message, IFA_BROADCAST, &address->broadcast);
1883 if (r < 0 && r != -ENODATA)
1884 log_link_debug_errno(link, r, "rtnl: could not get broadcast from address message, ignoring: %m");
1885 }
1886
1887 r = sd_netlink_message_read_u32(message, IFA_FLAGS, &address->flags);
1888 if (r == -ENODATA) {
1889 unsigned char flags;
1890
1891 /* For old kernels. */
1892 r = sd_rtnl_message_addr_get_flags(message, &flags);
1893 if (r >= 0)
1894 address->flags = flags;
1895 } else if (r < 0)
1896 log_link_debug_errno(link, r, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m");
1897
1898 r = sd_netlink_message_read_cache_info(message, IFA_CACHEINFO, &cinfo);
1899 if (r >= 0)
1900 address_set_lifetime(m, address, &cinfo);
1901 else if (r != -ENODATA)
1902 log_link_debug_errno(link, r, "rtnl: failed to read IFA_CACHEINFO attribute, ignoring: %m");
1903
1904 r = sd_netlink_message_read_u32(message, IFA_RT_PRIORITY, &address->route_metric);
1905 if (r < 0 && r != -ENODATA)
1906 log_link_debug_errno(link, r, "rtnl: failed to read IFA_RT_PRIORITY attribute, ignoring: %m");
1907
1908 address_enter_configured(address);
1909 if (req)
1910 address_enter_configured(req->userdata);
1911
1912 log_address_debug(address, is_new ? "Received new": "Received updated", link);
1913
1914 /* address_update() logs internally, so we don't need to here. */
1915 r = address_update(address);
1916 if (r < 0)
1917 link_enter_failed(link);
1918
1919 finalize:
1920 if (update_dhcp4) {
1921 r = dhcp4_update_ipv6_connectivity(link);
1922 if (r < 0) {
1923 log_link_warning_errno(link, r, "Failed to notify IPv6 connectivity to DHCPv4 client: %m");
1924 link_enter_failed(link);
1925 }
1926 }
1927
1928 return 1;
1929 }
1930
1931 int config_parse_broadcast(
1932 const char *unit,
1933 const char *filename,
1934 unsigned line,
1935 const char *section,
1936 unsigned section_line,
1937 const char *lvalue,
1938 int ltype,
1939 const char *rvalue,
1940 void *data,
1941 void *userdata) {
1942
1943 Network *network = userdata;
1944 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
1945 union in_addr_union u;
1946 int r;
1947
1948 assert(filename);
1949 assert(section);
1950 assert(lvalue);
1951 assert(rvalue);
1952 assert(data);
1953
1954 r = address_new_static(network, filename, section_line, &n);
1955 if (r == -ENOMEM)
1956 return log_oom();
1957 if (r < 0) {
1958 log_syntax(unit, LOG_WARNING, filename, line, r,
1959 "Failed to allocate new address, ignoring assignment: %m");
1960 return 0;
1961 }
1962
1963 if (isempty(rvalue)) {
1964 /* The broadcast address will be calculated based on Address=, and set if the link is
1965 * not a wireguard interface. Here, we do not check or set n->family. */
1966 n->broadcast = (struct in_addr) {};
1967 n->set_broadcast = -1;
1968 TAKE_PTR(n);
1969 return 0;
1970 }
1971
1972 r = parse_boolean(rvalue);
1973 if (r >= 0) {
1974 /* The broadcast address will be calculated based on Address=. Here, we do not check or
1975 * set n->family. */
1976 n->broadcast = (struct in_addr) {};
1977 n->set_broadcast = r;
1978 TAKE_PTR(n);
1979 return 0;
1980 }
1981
1982 if (n->family == AF_INET6) {
1983 log_syntax(unit, LOG_WARNING, filename, line, 0,
1984 "Broadcast is not valid for IPv6 addresses, ignoring assignment: %s", rvalue);
1985 return 0;
1986 }
1987
1988 r = in_addr_from_string(AF_INET, rvalue, &u);
1989 if (r < 0) {
1990 log_syntax(unit, LOG_WARNING, filename, line, r,
1991 "Broadcast is invalid, ignoring assignment: %s", rvalue);
1992 return 0;
1993 }
1994 if (in4_addr_is_null(&u.in)) {
1995 log_syntax(unit, LOG_WARNING, filename, line, 0,
1996 "Broadcast cannot be ANY address, ignoring assignment: %s", rvalue);
1997 return 0;
1998 }
1999
2000 n->broadcast = u.in;
2001 n->set_broadcast = true;
2002 n->family = AF_INET;
2003 TAKE_PTR(n);
2004
2005 return 0;
2006 }
2007
2008 int config_parse_address(
2009 const char *unit,
2010 const char *filename,
2011 unsigned line,
2012 const char *section,
2013 unsigned section_line,
2014 const char *lvalue,
2015 int ltype,
2016 const char *rvalue,
2017 void *data,
2018 void *userdata) {
2019
2020 Network *network = userdata;
2021 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2022 union in_addr_union buffer;
2023 unsigned char prefixlen;
2024 int r, f;
2025
2026 assert(filename);
2027 assert(section);
2028 assert(lvalue);
2029 assert(rvalue);
2030 assert(data);
2031
2032 if (streq(section, "Network")) {
2033 if (isempty(rvalue)) {
2034 /* If an empty string specified in [Network] section, clear previously assigned addresses. */
2035 network->addresses_by_section = ordered_hashmap_free(network->addresses_by_section);
2036 return 0;
2037 }
2038
2039 /* we are not in an Address section, so use line number instead. */
2040 r = address_new_static(network, filename, line, &n);
2041 } else
2042 r = address_new_static(network, filename, section_line, &n);
2043 if (r == -ENOMEM)
2044 return log_oom();
2045 if (r < 0) {
2046 log_syntax(unit, LOG_WARNING, filename, line, r,
2047 "Failed to allocate new address, ignoring assignment: %m");
2048 return 0;
2049 }
2050
2051 /* Address=address/prefixlen */
2052 r = in_addr_prefix_from_string_auto_internal(rvalue, PREFIXLEN_REFUSE, &f, &buffer, &prefixlen);
2053 if (r == -ENOANO) {
2054 r = in_addr_prefix_from_string_auto(rvalue, &f, &buffer, &prefixlen);
2055 if (r >= 0)
2056 log_syntax(unit, LOG_WARNING, filename, line, r,
2057 "Address '%s' is specified without prefix length. Assuming the prefix length is %u. "
2058 "Please specify the prefix length explicitly.", rvalue, prefixlen);
2059 }
2060 if (r < 0) {
2061 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid address '%s', ignoring assignment: %m", rvalue);
2062 return 0;
2063 }
2064
2065 if (n->family != AF_UNSPEC && f != n->family) {
2066 log_syntax(unit, LOG_WARNING, filename, line, 0, "Address is incompatible, ignoring assignment: %s", rvalue);
2067 return 0;
2068 }
2069
2070 if (in_addr_is_null(f, &buffer)) {
2071 /* Will use address from address pool. Note that for ipv6 case, prefix of the address
2072 * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So,
2073 * let's limit the prefix length to 64 or larger. See RFC4193. */
2074 if ((f == AF_INET && prefixlen < 8) ||
2075 (f == AF_INET6 && prefixlen < 64)) {
2076 log_syntax(unit, LOG_WARNING, filename, line, 0,
2077 "Null address with invalid prefixlen='%u', ignoring assignment: %s",
2078 prefixlen, rvalue);
2079 return 0;
2080 }
2081 }
2082
2083 n->family = f;
2084 n->prefixlen = prefixlen;
2085
2086 if (streq(lvalue, "Address")) {
2087 n->in_addr = buffer;
2088 n->requested_as_null = !in_addr_is_set(n->family, &n->in_addr);
2089 } else
2090 n->in_addr_peer = buffer;
2091
2092 TAKE_PTR(n);
2093 return 0;
2094 }
2095
2096 int config_parse_label(
2097 const char *unit,
2098 const char *filename,
2099 unsigned line,
2100 const char *section,
2101 unsigned section_line,
2102 const char *lvalue,
2103 int ltype,
2104 const char *rvalue,
2105 void *data,
2106 void *userdata) {
2107
2108 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2109 Network *network = userdata;
2110 int r;
2111
2112 assert(filename);
2113 assert(section);
2114 assert(lvalue);
2115 assert(rvalue);
2116 assert(data);
2117
2118 r = address_new_static(network, filename, section_line, &n);
2119 if (r == -ENOMEM)
2120 return log_oom();
2121 if (r < 0) {
2122 log_syntax(unit, LOG_WARNING, filename, line, r,
2123 "Failed to allocate new address, ignoring assignment: %m");
2124 return 0;
2125 }
2126
2127 if (isempty(rvalue)) {
2128 n->label = mfree(n->label);
2129 TAKE_PTR(n);
2130 return 0;
2131 }
2132
2133 if (!address_label_valid(rvalue)) {
2134 log_syntax(unit, LOG_WARNING, filename, line, 0,
2135 "Interface label is too long or invalid, ignoring assignment: %s", rvalue);
2136 return 0;
2137 }
2138
2139 r = free_and_strdup(&n->label, rvalue);
2140 if (r < 0)
2141 return log_oom();
2142
2143 TAKE_PTR(n);
2144 return 0;
2145 }
2146
2147 int config_parse_lifetime(
2148 const char *unit,
2149 const char *filename,
2150 unsigned line,
2151 const char *section,
2152 unsigned section_line,
2153 const char *lvalue,
2154 int ltype,
2155 const char *rvalue,
2156 void *data,
2157 void *userdata) {
2158
2159 Network *network = userdata;
2160 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2161 usec_t k;
2162 int r;
2163
2164 assert(filename);
2165 assert(section);
2166 assert(lvalue);
2167 assert(rvalue);
2168 assert(data);
2169
2170 r = address_new_static(network, filename, section_line, &n);
2171 if (r == -ENOMEM)
2172 return log_oom();
2173 if (r < 0) {
2174 log_syntax(unit, LOG_WARNING, filename, line, r,
2175 "Failed to allocate new address, ignoring assignment: %m");
2176 return 0;
2177 }
2178
2179 /* We accept only "forever", "infinity", empty, or "0". */
2180 if (STR_IN_SET(rvalue, "forever", "infinity", ""))
2181 k = USEC_INFINITY;
2182 else if (streq(rvalue, "0"))
2183 k = 0;
2184 else {
2185 log_syntax(unit, LOG_WARNING, filename, line, 0,
2186 "Invalid PreferredLifetime= value, ignoring: %s", rvalue);
2187 return 0;
2188 }
2189
2190 n->lifetime_preferred_usec = k;
2191 TAKE_PTR(n);
2192
2193 return 0;
2194 }
2195
2196 int config_parse_address_flags(
2197 const char *unit,
2198 const char *filename,
2199 unsigned line,
2200 const char *section,
2201 unsigned section_line,
2202 const char *lvalue,
2203 int ltype,
2204 const char *rvalue,
2205 void *data,
2206 void *userdata) {
2207
2208 Network *network = userdata;
2209 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2210 int r;
2211
2212 assert(filename);
2213 assert(section);
2214 assert(lvalue);
2215 assert(rvalue);
2216 assert(data);
2217
2218 r = address_new_static(network, filename, section_line, &n);
2219 if (r == -ENOMEM)
2220 return log_oom();
2221 if (r < 0) {
2222 log_syntax(unit, LOG_WARNING, filename, line, r,
2223 "Failed to allocate new address, ignoring assignment: %m");
2224 return 0;
2225 }
2226
2227 r = parse_boolean(rvalue);
2228 if (r < 0) {
2229 log_syntax(unit, LOG_WARNING, filename, line, r,
2230 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
2231 return 0;
2232 }
2233
2234 if (streq(lvalue, "AddPrefixRoute"))
2235 r = !r;
2236
2237 SET_FLAG(n->flags, ltype, r);
2238
2239 TAKE_PTR(n);
2240 return 0;
2241 }
2242
2243 int config_parse_address_scope(
2244 const char *unit,
2245 const char *filename,
2246 unsigned line,
2247 const char *section,
2248 unsigned section_line,
2249 const char *lvalue,
2250 int ltype,
2251 const char *rvalue,
2252 void *data,
2253 void *userdata) {
2254
2255 Network *network = userdata;
2256 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2257 int r;
2258
2259 assert(filename);
2260 assert(section);
2261 assert(lvalue);
2262 assert(rvalue);
2263 assert(data);
2264
2265 r = address_new_static(network, filename, section_line, &n);
2266 if (r == -ENOMEM)
2267 return log_oom();
2268 if (r < 0) {
2269 log_syntax(unit, LOG_WARNING, filename, line, r,
2270 "Failed to allocate new address, ignoring assignment: %m");
2271 return 0;
2272 }
2273
2274 r = route_scope_from_string(rvalue);
2275 if (r < 0) {
2276 log_syntax(unit, LOG_WARNING, filename, line, r,
2277 "Could not parse address scope \"%s\", ignoring assignment: %m", rvalue);
2278 return 0;
2279 }
2280
2281 n->scope = r;
2282 n->scope_set = true;
2283 TAKE_PTR(n);
2284 return 0;
2285 }
2286
2287 int config_parse_address_route_metric(
2288 const char *unit,
2289 const char *filename,
2290 unsigned line,
2291 const char *section,
2292 unsigned section_line,
2293 const char *lvalue,
2294 int ltype,
2295 const char *rvalue,
2296 void *data,
2297 void *userdata) {
2298
2299 Network *network = userdata;
2300 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2301 int r;
2302
2303 assert(filename);
2304 assert(section);
2305 assert(lvalue);
2306 assert(rvalue);
2307 assert(data);
2308
2309 r = address_new_static(network, filename, section_line, &n);
2310 if (r == -ENOMEM)
2311 return log_oom();
2312 if (r < 0) {
2313 log_syntax(unit, LOG_WARNING, filename, line, r,
2314 "Failed to allocate new address, ignoring assignment: %m");
2315 return 0;
2316 }
2317
2318 r = safe_atou32(rvalue, &n->route_metric);
2319 if (r < 0) {
2320 log_syntax(unit, LOG_WARNING, filename, line, r,
2321 "Could not parse %s=, ignoring assignment: %s", lvalue, rvalue);
2322 return 0;
2323 }
2324
2325 TAKE_PTR(n);
2326 return 0;
2327 }
2328
2329 int config_parse_duplicate_address_detection(
2330 const char *unit,
2331 const char *filename,
2332 unsigned line,
2333 const char *section,
2334 unsigned section_line,
2335 const char *lvalue,
2336 int ltype,
2337 const char *rvalue,
2338 void *data,
2339 void *userdata) {
2340
2341 Network *network = userdata;
2342 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2343 int r;
2344
2345 assert(filename);
2346 assert(section);
2347 assert(lvalue);
2348 assert(rvalue);
2349 assert(data);
2350
2351 r = address_new_static(network, filename, section_line, &n);
2352 if (r == -ENOMEM)
2353 return log_oom();
2354 if (r < 0) {
2355 log_syntax(unit, LOG_WARNING, filename, line, r,
2356 "Failed to allocate new address, ignoring assignment: %m");
2357 return 0;
2358 }
2359
2360 r = parse_boolean(rvalue);
2361 if (r >= 0) {
2362 log_syntax(unit, LOG_WARNING, filename, line, 0,
2363 "For historical reasons, %s=%s means %s=%s. "
2364 "Please use 'both', 'ipv4', 'ipv6' or 'none' instead.",
2365 lvalue, rvalue, lvalue, r ? "none" : "both");
2366 n->duplicate_address_detection = r ? ADDRESS_FAMILY_NO : ADDRESS_FAMILY_YES;
2367 n = NULL;
2368 return 0;
2369 }
2370
2371 AddressFamily a = duplicate_address_detection_address_family_from_string(rvalue);
2372 if (a < 0) {
2373 log_syntax(unit, LOG_WARNING, filename, line, a,
2374 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
2375 return 0;
2376 }
2377 n->duplicate_address_detection = a;
2378
2379 TAKE_PTR(n);
2380 return 0;
2381 }
2382
2383 int config_parse_address_netlabel(
2384 const char *unit,
2385 const char *filename,
2386 unsigned line,
2387 const char *section,
2388 unsigned section_line,
2389 const char *lvalue,
2390 int ltype,
2391 const char *rvalue,
2392 void *data,
2393 void *userdata) {
2394
2395 Network *network = userdata;
2396 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2397 int r;
2398
2399 assert(filename);
2400 assert(section);
2401 assert(lvalue);
2402 assert(rvalue);
2403 assert(data);
2404 assert(network);
2405
2406 r = address_new_static(network, filename, section_line, &n);
2407 if (r == -ENOMEM)
2408 return log_oom();
2409 if (r < 0) {
2410 log_syntax(unit, LOG_WARNING, filename, line, r,
2411 "Failed to allocate new address, ignoring assignment: %m");
2412 return 0;
2413 }
2414
2415 r = config_parse_string(unit, filename, line, section, section_line,
2416 lvalue, CONFIG_PARSE_STRING_SAFE, rvalue, &n->netlabel, network);
2417 if (r < 0)
2418 return r;
2419
2420 TAKE_PTR(n);
2421 return 0;
2422 }
2423
2424 static void address_section_adjust_broadcast(Address *address) {
2425 assert(address);
2426 assert(address->section);
2427
2428 if (!in4_addr_is_set(&address->broadcast))
2429 return;
2430
2431 if (address->family == AF_INET6)
2432 log_warning("%s: broadcast address is set for an IPv6 address. "
2433 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2434 address->section->filename, address->section->line);
2435 else if (address->prefixlen > 30)
2436 log_warning("%s: broadcast address is set for an IPv4 address with prefix length larger than 30. "
2437 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2438 address->section->filename, address->section->line);
2439 else if (in4_addr_is_set(&address->in_addr_peer.in))
2440 log_warning("%s: broadcast address is set for an IPv4 address with peer address. "
2441 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2442 address->section->filename, address->section->line);
2443 else if (!in4_addr_is_set(&address->in_addr.in))
2444 log_warning("%s: broadcast address is set for an IPv4 address with null address. "
2445 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2446 address->section->filename, address->section->line);
2447 else
2448 /* Otherwise, keep the specified broadcast address. */
2449 return;
2450
2451 address->broadcast.s_addr = 0;
2452 }
2453
2454 int address_section_verify(Address *address) {
2455 if (section_is_invalid(address->section))
2456 return -EINVAL;
2457
2458 if (address->family == AF_UNSPEC) {
2459 assert(address->section);
2460
2461 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
2462 "%s: Address section without Address= field was configured. "
2463 "Ignoring [Address] section from line %u.",
2464 address->section->filename, address->section->line);
2465 }
2466
2467 if (address->family == AF_INET6 && !socket_ipv6_is_supported())
2468 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
2469 "%s: an IPv6 address was configured, but the kernel does not support IPv6. "
2470 "Ignoring [Address] section from line %u.",
2471 address->section->filename, address->section->line);
2472
2473 assert(IN_SET(address->family, AF_INET, AF_INET6));
2474
2475 address_section_adjust_broadcast(address);
2476
2477 if (address->family == AF_INET6 && address->label) {
2478 log_warning("%s: address label is set for IPv6 address in the [Address] section from line %u. "
2479 "Ignoring Label= setting.",
2480 address->section->filename, address->section->line);
2481
2482 address->label = mfree(address->label);
2483 }
2484
2485 if (!address->scope_set) {
2486 if (in_addr_is_localhost(address->family, &address->in_addr) > 0)
2487 address->scope = RT_SCOPE_HOST;
2488 else if (in_addr_is_link_local(address->family, &address->in_addr) > 0)
2489 address->scope = RT_SCOPE_LINK;
2490 }
2491
2492 if (address->duplicate_address_detection < 0) {
2493 if (address->family == AF_INET6)
2494 address->duplicate_address_detection = ADDRESS_FAMILY_IPV6;
2495 else if (in4_addr_is_link_local(&address->in_addr.in))
2496 address->duplicate_address_detection = ADDRESS_FAMILY_IPV4;
2497 else
2498 address->duplicate_address_detection = ADDRESS_FAMILY_NO;
2499 } else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV6 && address->family == AF_INET)
2500 log_warning("%s: DuplicateAddressDetection=ipv6 is specified for IPv4 address, ignoring.",
2501 address->section->filename);
2502 else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV4 && address->family == AF_INET6)
2503 log_warning("%s: DuplicateAddressDetection=ipv4 is specified for IPv6 address, ignoring.",
2504 address->section->filename);
2505
2506 if (address->family == AF_INET6 &&
2507 !FLAGS_SET(address->duplicate_address_detection, ADDRESS_FAMILY_IPV6))
2508 address->flags |= IFA_F_NODAD;
2509
2510 uint32_t filtered_flags = address->family == AF_INET ?
2511 address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS & ~IPV6ONLY_FLAGS :
2512 address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS;
2513 if (address->flags != filtered_flags) {
2514 _cleanup_free_ char *str = NULL;
2515
2516 (void) address_flags_to_string_alloc(address->flags ^ filtered_flags, address->family, &str);
2517 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
2518 "%s: unexpected address flags \"%s\" were configured. "
2519 "Ignoring [Address] section from line %u.",
2520 address->section->filename, strna(str), address->section->line);
2521 }
2522
2523 return 0;
2524 }
2525
2526 int network_drop_invalid_addresses(Network *network) {
2527 _cleanup_set_free_ Set *addresses = NULL;
2528 Address *address;
2529 int r;
2530
2531 assert(network);
2532
2533 ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) {
2534 Address *dup;
2535
2536 if (address_section_verify(address) < 0) {
2537 /* Drop invalid [Address] sections or Address= settings in [Network].
2538 * Note that address_detach() will drop the address from addresses_by_section. */
2539 address_detach(address);
2540 continue;
2541 }
2542
2543 /* Always use the setting specified later. So, remove the previously assigned setting. */
2544 dup = set_remove(addresses, address);
2545 if (dup) {
2546 log_warning("%s: Duplicated address %s is specified at line %u and %u, "
2547 "dropping the address setting specified at line %u.",
2548 dup->section->filename,
2549 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen),
2550 address->section->line,
2551 dup->section->line, dup->section->line);
2552
2553 /* address_detach() will drop the address from addresses_by_section. */
2554 address_detach(dup);
2555 }
2556
2557 /* Use address_hash_ops, instead of address_hash_ops_detach. Otherwise, the Address objects
2558 * will be detached. */
2559 r = set_ensure_put(&addresses, &address_hash_ops, address);
2560 if (r < 0)
2561 return log_oom();
2562 assert(r > 0);
2563 }
2564
2565 r = network_adjust_dhcp_server(network, &addresses);
2566 if (r < 0)
2567 return r;
2568
2569 return 0;
2570 }
2571
2572 int config_parse_address_ip_nft_set(
2573 const char *unit,
2574 const char *filename,
2575 unsigned line,
2576 const char *section,
2577 unsigned section_line,
2578 const char *lvalue,
2579 int ltype,
2580 const char *rvalue,
2581 void *data,
2582 void *userdata) {
2583
2584 Network *network = userdata;
2585 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2586 int r;
2587
2588 assert(filename);
2589 assert(lvalue);
2590 assert(rvalue);
2591 assert(network);
2592
2593 r = address_new_static(network, filename, section_line, &n);
2594 if (r == -ENOMEM)
2595 return log_oom();
2596 if (r < 0) {
2597 log_syntax(unit, LOG_WARNING, filename, line, r,
2598 "Failed to allocate a new address, ignoring assignment: %m");
2599 return 0;
2600 }
2601
2602 r = config_parse_nft_set(unit, filename, line, section, section_line, lvalue, ltype, rvalue, &n->nft_set_context, network);
2603 if (r < 0)
2604 return r;
2605
2606 TAKE_PTR(n);
2607 return 0;
2608 }
Unnamed repository; edit this file 'description' to name the repository.