1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <net/if_arp.h>
6 #include "alloc-util.h"
7 #include "firewall-util.h"
9 #include "memory-util.h"
10 #include "netlink-util.h"
11 #include "networkd-address-pool.h"
12 #include "networkd-address.h"
13 #include "networkd-dhcp-server.h"
14 #include "networkd-ipv4acd.h"
15 #include "networkd-manager.h"
16 #include "networkd-netlabel.h"
17 #include "networkd-network.h"
18 #include "networkd-queue.h"
19 #include "networkd-route-util.h"
20 #include "networkd-route.h"
21 #include "parse-util.h"
22 #include "string-util.h"
26 #define ADDRESSES_PER_LINK_MAX 2048U
27 #define STATIC_ADDRESSES_PER_NETWORK_MAX 1024U
38 IFA_F_MANAGETEMPADDR | \
39 IFA_F_NOPREFIXROUTE | \
43 /* From net/ipv4/devinet.c */
44 #define IPV6ONLY_FLAGS \
50 IFA_F_MANAGETEMPADDR | \
53 /* We do not control the following flags. */
54 #define UNMANAGED_FLAGS \
62 int address_flags_to_string_alloc(uint32_t flags
, int family
, char **ret
) {
63 _cleanup_free_
char *str
= NULL
;
64 static const char* map
[] = {
65 [LOG2U(IFA_F_SECONDARY
)] = "secondary", /* This is also called "temporary" for ipv6. */
66 [LOG2U(IFA_F_NODAD
)] = "nodad",
67 [LOG2U(IFA_F_OPTIMISTIC
)] = "optimistic",
68 [LOG2U(IFA_F_DADFAILED
)] = "dadfailed",
69 [LOG2U(IFA_F_HOMEADDRESS
)] = "home-address",
70 [LOG2U(IFA_F_DEPRECATED
)] = "deprecated",
71 [LOG2U(IFA_F_TENTATIVE
)] = "tentative",
72 [LOG2U(IFA_F_PERMANENT
)] = "permanent",
73 [LOG2U(IFA_F_MANAGETEMPADDR
)] = "manage-temporary-address",
74 [LOG2U(IFA_F_NOPREFIXROUTE
)] = "no-prefixroute",
75 [LOG2U(IFA_F_MCAUTOJOIN
)] = "auto-join",
76 [LOG2U(IFA_F_STABLE_PRIVACY
)] = "stable-privacy",
79 assert(IN_SET(family
, AF_INET
, AF_INET6
));
82 for (size_t i
= 0; i
< ELEMENTSOF(map
); i
++)
83 if (FLAGS_SET(flags
, 1 << i
) && map
[i
])
84 if (!strextend_with_separator(
86 family
== AF_INET6
&& (1 << i
) == IFA_F_SECONDARY
? "temporary" : map
[i
]))
93 static LinkAddressState
address_state_from_scope(uint8_t scope
) {
94 if (scope
< RT_SCOPE_SITE
)
95 /* universally accessible addresses found */
96 return LINK_ADDRESS_STATE_ROUTABLE
;
98 if (scope
< RT_SCOPE_HOST
)
99 /* only link or site local addresses found */
100 return LINK_ADDRESS_STATE_DEGRADED
;
102 /* no useful addresses found */
103 return LINK_ADDRESS_STATE_OFF
;
106 void link_get_address_states(
108 LinkAddressState
*ret_ipv4
,
109 LinkAddressState
*ret_ipv6
,
110 LinkAddressState
*ret_all
) {
112 uint8_t ipv4_scope
= RT_SCOPE_NOWHERE
, ipv6_scope
= RT_SCOPE_NOWHERE
;
117 SET_FOREACH(address
, link
->addresses
) {
118 if (!address_is_ready(address
))
121 if (address
->family
== AF_INET
)
122 ipv4_scope
= MIN(ipv4_scope
, address
->scope
);
124 if (address
->family
== AF_INET6
)
125 ipv6_scope
= MIN(ipv6_scope
, address
->scope
);
129 *ret_ipv4
= address_state_from_scope(ipv4_scope
);
131 *ret_ipv6
= address_state_from_scope(ipv6_scope
);
133 *ret_all
= address_state_from_scope(MIN(ipv4_scope
, ipv6_scope
));
136 static void address_hash_func(const Address
*a
, struct siphash
*state
);
137 static int address_compare_func(const Address
*a1
, const Address
*a2
);
138 static void address_detach(Address
*address
);
140 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
141 address_hash_ops_detach
,
144 address_compare_func
,
151 address_compare_func
);
153 DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
154 address_section_hash_ops
,
156 config_section_hash_func
,
157 config_section_compare_func
,
161 int address_new(Address
**ret
) {
162 _cleanup_(address_unrefp
) Address
*address
= NULL
;
164 address
= new(Address
, 1);
168 *address
= (Address
) {
171 .scope
= RT_SCOPE_UNIVERSE
,
172 .lifetime_valid_usec
= USEC_INFINITY
,
173 .lifetime_preferred_usec
= USEC_INFINITY
,
177 *ret
= TAKE_PTR(address
);
182 int address_new_static(Network
*network
, const char *filename
, unsigned section_line
, Address
**ret
) {
183 _cleanup_(config_section_freep
) ConfigSection
*n
= NULL
;
184 _cleanup_(address_unrefp
) Address
*address
= NULL
;
190 assert(section_line
> 0);
192 r
= config_section_new(filename
, section_line
, &n
);
196 address
= ordered_hashmap_get(network
->addresses_by_section
, n
);
198 *ret
= TAKE_PTR(address
);
202 if (ordered_hashmap_size(network
->addresses_by_section
) >= STATIC_ADDRESSES_PER_NETWORK_MAX
)
205 r
= address_new(&address
);
209 address
->network
= network
;
210 address
->section
= TAKE_PTR(n
);
211 address
->source
= NETWORK_CONFIG_SOURCE_STATIC
;
212 /* This will be adjusted in address_section_verify(). */
213 address
->duplicate_address_detection
= _ADDRESS_FAMILY_INVALID
;
215 r
= ordered_hashmap_ensure_put(&network
->addresses_by_section
, &address_section_hash_ops
, address
->section
, address
);
219 *ret
= TAKE_PTR(address
);
223 static Address
* address_detach_impl(Address
*address
) {
225 assert(!address
->link
|| !address
->network
);
227 if (address
->network
) {
228 assert(address
->section
);
229 ordered_hashmap_remove(address
->network
->addresses_by_section
, address
->section
);
231 if (address
->network
->dhcp_server_address
== address
)
232 address
->network
->dhcp_server_address
= NULL
;
234 address
->network
= NULL
;
239 set_remove(address
->link
->addresses
, address
);
241 address
->link
= NULL
;
248 static void address_detach(Address
*address
) {
251 address_unref(address_detach_impl(address
));
254 static Address
* address_free(Address
*address
) {
258 address_detach_impl(address
);
260 config_section_free(address
->section
);
261 free(address
->label
);
262 free(address
->netlabel
);
263 nft_set_context_clear(&address
->nft_set_context
);
264 return mfree(address
);
267 DEFINE_TRIVIAL_REF_UNREF_FUNC(Address
, address
, address_free
);
269 static bool address_lifetime_is_valid(const Address
*a
) {
273 a
->lifetime_valid_usec
== USEC_INFINITY
||
274 a
->lifetime_valid_usec
> now(CLOCK_BOOTTIME
);
277 bool address_is_ready(const Address
*a
) {
281 if (!ipv4acd_bound(a
->link
, a
))
284 if (FLAGS_SET(a
->flags
, IFA_F_TENTATIVE
))
287 if (FLAGS_SET(a
->state
, NETWORK_CONFIG_STATE_REMOVING
))
290 if (!FLAGS_SET(a
->state
, NETWORK_CONFIG_STATE_CONFIGURED
))
293 return address_lifetime_is_valid(a
);
296 bool link_check_addresses_ready(Link
*link
, NetworkConfigSource source
) {
302 /* Check if all addresses on the interface are ready. If there is no address, this will return false. */
304 SET_FOREACH(a
, link
->addresses
) {
305 if (source
>= 0 && a
->source
!= source
)
307 if (address_is_marked(a
))
309 if (!address_exists(a
))
311 if (!address_is_ready(a
))
319 void link_mark_addresses(Link
*link
, NetworkConfigSource source
) {
324 SET_FOREACH(a
, link
->addresses
) {
325 if (a
->source
!= source
)
332 static int address_get_broadcast(const Address
*a
, Link
*link
, struct in_addr
*ret
) {
333 struct in_addr b_addr
= {};
338 /* Returns 0 when broadcast address is null, 1 when non-null broadcast address, -EAGAIN when the main
339 * address is null. */
341 /* broadcast is only for IPv4. */
342 if (a
->family
!= AF_INET
)
345 /* broadcast address cannot be used when peer address is specified. */
346 if (in4_addr_is_set(&a
->in_addr_peer
.in
))
349 /* A /31 or /32 IPv4 address does not have a broadcast address.
350 * See https://tools.ietf.org/html/rfc3021 */
351 if (a
->prefixlen
> 30)
354 /* If explicitly configured, use the address as is. */
355 if (in4_addr_is_set(&a
->broadcast
)) {
356 b_addr
= a
->broadcast
;
360 /* If explicitly disabled, then return null address. */
361 if (a
->set_broadcast
== 0)
364 /* For wireguard interfaces, broadcast is disabled by default. */
365 if (a
->set_broadcast
< 0 && streq_ptr(link
->kind
, "wireguard"))
368 /* If the main address is null, e.g. Address=0.0.0.0/24, the broadcast address will be automatically
369 * determined after an address is acquired. */
370 if (!in4_addr_is_set(&a
->in_addr
.in
))
373 /* Otherwise, generate a broadcast address from the main address and prefix length. */
374 b_addr
.s_addr
= a
->in_addr
.in
.s_addr
| htobe32(UINT32_C(0xffffffff) >> a
->prefixlen
);
380 return in4_addr_is_set(&b_addr
);
383 static void address_set_broadcast(Address
*a
, Link
*link
) {
385 assert_se(address_get_broadcast(a
, link
, &a
->broadcast
) >= 0);
388 static void address_set_cinfo(Manager
*m
, const Address
*a
, struct ifa_cacheinfo
*cinfo
) {
395 assert_se(sd_event_now(m
->event
, CLOCK_BOOTTIME
, &now_usec
) >= 0);
397 *cinfo
= (struct ifa_cacheinfo
) {
398 .ifa_valid
= usec_to_sec(a
->lifetime_valid_usec
, now_usec
),
399 .ifa_prefered
= usec_to_sec(a
->lifetime_preferred_usec
, now_usec
),
403 static void address_set_lifetime(Manager
*m
, Address
*a
, const struct ifa_cacheinfo
*cinfo
) {
410 assert_se(sd_event_now(m
->event
, CLOCK_BOOTTIME
, &now_usec
) >= 0);
412 a
->lifetime_valid_usec
= sec_to_usec(cinfo
->ifa_valid
, now_usec
);
413 a
->lifetime_preferred_usec
= sec_to_usec(cinfo
->ifa_prefered
, now_usec
);
416 static bool address_is_static_null(const Address
*address
) {
419 if (!address
->network
)
422 if (!address
->requested_as_null
)
425 assert(!in_addr_is_set(address
->family
, &address
->in_addr
));
429 static int address_ipv4_prefix(const Address
*a
, struct in_addr
*ret
) {
434 assert(a
->family
== AF_INET
);
437 p
= in4_addr_is_set(&a
->in_addr_peer
.in
) ? a
->in_addr_peer
.in
: a
->in_addr
.in
;
438 r
= in4_addr_mask(&p
, a
->prefixlen
);
446 static void address_hash_func(const Address
*a
, struct siphash
*state
) {
449 siphash24_compress_typesafe(a
->family
, state
);
453 struct in_addr prefix
;
455 siphash24_compress_typesafe(a
->prefixlen
, state
);
457 assert_se(address_ipv4_prefix(a
, &prefix
) >= 0);
458 siphash24_compress_typesafe(prefix
, state
);
460 siphash24_compress_typesafe(a
->in_addr
.in
, state
);
464 siphash24_compress_typesafe(a
->in_addr
.in6
, state
);
466 if (in6_addr_is_null(&a
->in_addr
.in6
))
467 siphash24_compress_typesafe(a
->prefixlen
, state
);
471 /* treat any other address family as AF_UNSPEC */
476 static int address_compare_func(const Address
*a1
, const Address
*a2
) {
479 r
= CMP(a1
->family
, a2
->family
);
483 switch (a1
->family
) {
485 struct in_addr p1
, p2
;
487 /* See kernel's find_matching_ifa() in net/ipv4/devinet.c */
488 r
= CMP(a1
->prefixlen
, a2
->prefixlen
);
492 assert_se(address_ipv4_prefix(a1
, &p1
) >= 0);
493 assert_se(address_ipv4_prefix(a2
, &p2
) >= 0);
494 r
= memcmp(&p1
, &p2
, sizeof(p1
));
498 return memcmp(&a1
->in_addr
.in
, &a2
->in_addr
.in
, sizeof(a1
->in_addr
.in
));
501 /* See kernel's ipv6_get_ifaddr() in net/ipv6/addrconf.c */
502 r
= memcmp(&a1
->in_addr
.in6
, &a2
->in_addr
.in6
, sizeof(a1
->in_addr
.in6
));
506 /* To distinguish IPv6 null addresses with different prefixlen, e.g. ::48 vs ::64, let's
507 * compare the prefix length. */
508 if (in6_addr_is_null(&a1
->in_addr
.in6
))
509 r
= CMP(a1
->prefixlen
, a2
->prefixlen
);
514 /* treat any other address family as AF_UNSPEC */
519 static bool address_can_update(const Address
*la
, const Address
*na
) {
526 * property | IPv4 | IPv6
527 * -----------------------------------------
529 * prefixlen | ✗ | ✗
530 * address | ✗ | ✗
533 * broadcast | ✗ | -
536 * lifetime | ✓ | ✓
537 * route metric | ✓ | ✓
538 * protocol | ✓ | ✓
540 * ✗ : cannot be changed
541 * ✓ : can be changed
544 * IPv4 : See inet_rtm_newaddr() in net/ipv4/devinet.c.
545 * IPv6 : See inet6_addr_modify() in net/ipv6/addrconf.c.
548 if (la
->family
!= na
->family
)
551 if (la
->prefixlen
!= na
->prefixlen
)
554 /* When a null address is requested, the address to be assigned/updated will be determined later. */
555 if (!address_is_static_null(na
) &&
556 in_addr_equal(la
->family
, &la
->in_addr
, &na
->in_addr
) <= 0)
559 switch (la
->family
) {
561 struct in_addr bcast
;
563 if (la
->scope
!= na
->scope
)
565 if (((la
->flags
^ na
->flags
) & KNOWN_FLAGS
& ~IPV6ONLY_FLAGS
& ~UNMANAGED_FLAGS
) != 0)
567 if (!streq_ptr(la
->label
, na
->label
))
569 if (!in4_addr_equal(&la
->in_addr_peer
.in
, &na
->in_addr_peer
.in
))
571 if (address_get_broadcast(na
, la
->link
, &bcast
) >= 0) {
572 /* If the broadcast address can be determined now, check if they match. */
573 if (!in4_addr_equal(&la
->broadcast
, &bcast
))
576 /* When a null address is requested, then the broadcast address will be
577 * automatically calculated from the acquired address, e.g.
578 * 192.168.0.10/24 -> 192.168.0.255
579 * So, here let's only check if the broadcast is the last address in the range, e.g.
580 * 0.0.0.0/24 -> 0.0.0.255 */
581 if (!FLAGS_SET(la
->broadcast
.s_addr
, htobe32(UINT32_C(0xffffffff) >> la
->prefixlen
)))
590 assert_not_reached();
596 int address_dup(const Address
*src
, Address
**ret
) {
597 _cleanup_(address_unrefp
) Address
*dest
= NULL
;
603 dest
= newdup(Address
, src
, 1);
607 /* clear the reference counter and all pointers */
609 dest
->network
= NULL
;
610 dest
->section
= NULL
;
613 dest
->netlabel
= NULL
;
614 dest
->nft_set_context
.sets
= NULL
;
615 dest
->nft_set_context
.n_sets
= 0;
617 if (src
->family
== AF_INET
) {
618 r
= strdup_or_null(src
->label
, &dest
->label
);
623 r
= strdup_or_null(src
->netlabel
, &dest
->netlabel
);
627 r
= nft_set_context_dup(&src
->nft_set_context
, &dest
->nft_set_context
);
631 *ret
= TAKE_PTR(dest
);
635 static int address_set_masquerade(Address
*address
, bool add
) {
636 union in_addr_union masked
;
640 assert(address
->link
);
642 if (!address
->link
->network
)
645 if (address
->family
== AF_INET
&&
646 !FLAGS_SET(address
->link
->network
->ip_masquerade
, ADDRESS_FAMILY_IPV4
))
649 if (address
->family
== AF_INET6
&&
650 !FLAGS_SET(address
->link
->network
->ip_masquerade
, ADDRESS_FAMILY_IPV6
))
653 if (address
->scope
>= RT_SCOPE_LINK
)
656 if (address
->ip_masquerade_done
== add
)
659 masked
= address
->in_addr
;
660 r
= in_addr_mask(address
->family
, &masked
, address
->prefixlen
);
664 r
= fw_add_masquerade(&address
->link
->manager
->fw_ctx
, add
, address
->family
, &masked
, address
->prefixlen
);
668 address
->ip_masquerade_done
= add
;
673 static void address_modify_nft_set_context(Address
*address
, bool add
, NFTSetContext
*nft_set_context
) {
677 assert(address
->link
);
678 assert(address
->link
->manager
);
679 assert(nft_set_context
);
681 if (!address
->link
->manager
->fw_ctx
) {
682 r
= fw_ctx_new_full(&address
->link
->manager
->fw_ctx
, /* init_tables= */ false);
687 FOREACH_ARRAY(nft_set
, nft_set_context
->sets
, nft_set_context
->n_sets
) {
692 switch (nft_set
->source
) {
693 case NFT_SET_SOURCE_ADDRESS
:
694 r
= nft_set_element_modify_ip(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, address
->family
, nft_set
->table
, nft_set
->set
,
697 case NFT_SET_SOURCE_PREFIX
:
698 r
= nft_set_element_modify_iprange(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, address
->family
, nft_set
->table
, nft_set
->set
,
699 &address
->in_addr
, address
->prefixlen
);
701 case NFT_SET_SOURCE_IFINDEX
:
702 ifindex
= address
->link
->ifindex
;
703 r
= nft_set_element_modify_any(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, nft_set
->table
, nft_set
->set
,
704 &ifindex
, sizeof(ifindex
));
707 assert_not_reached();
711 log_warning_errno(r
, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m",
712 add
? "add" : "delete",
713 nfproto_to_string(nft_set
->nfproto
), nft_set
->table
, nft_set
->set
,
714 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
716 log_debug("%s NFT set: family %s, table %s, set %s, IP address %s",
717 add
? "Added" : "Deleted",
718 nfproto_to_string(nft_set
->nfproto
), nft_set
->table
, nft_set
->set
,
719 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
723 static void address_modify_nft_set(Address
*address
, bool add
) {
725 assert(address
->link
);
727 if (!IN_SET(address
->family
, AF_INET
, AF_INET6
))
730 if (!address
->link
->network
)
733 switch (address
->source
) {
734 case NETWORK_CONFIG_SOURCE_DHCP4
:
735 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp_nft_set_context
);
736 case NETWORK_CONFIG_SOURCE_DHCP6
:
737 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp6_nft_set_context
);
738 case NETWORK_CONFIG_SOURCE_DHCP_PD
:
739 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp_pd_nft_set_context
);
740 case NETWORK_CONFIG_SOURCE_NDISC
:
741 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->ndisc_nft_set_context
);
742 case NETWORK_CONFIG_SOURCE_STATIC
:
743 return address_modify_nft_set_context(address
, add
, &address
->nft_set_context
);
749 static int address_attach(Link
*link
, Address
*address
) {
754 assert(!address
->link
);
756 r
= set_ensure_put(&link
->addresses
, &address_hash_ops_detach
, address
);
762 address
->link
= link
;
763 address_ref(address
);
767 static int address_update(Address
*address
) {
768 Link
*link
= ASSERT_PTR(ASSERT_PTR(address
)->link
);
771 if (address_is_ready(address
) &&
772 address
->family
== AF_INET6
&&
773 in6_addr_is_link_local(&address
->in_addr
.in6
) &&
774 in6_addr_is_null(&link
->ipv6ll_address
)) {
776 link
->ipv6ll_address
= address
->in_addr
.in6
;
778 r
= link_ipv6ll_gained(link
);
783 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
786 r
= address_set_masquerade(address
, /* add = */ true);
788 return log_link_warning_errno(link
, r
, "Could not enable IP masquerading: %m");
790 address_add_netlabel(address
);
792 address_modify_nft_set(address
, /* add = */ true);
794 if (address_is_ready(address
) && address
->callback
) {
795 r
= address
->callback(address
);
800 link_update_operstate(link
, /* also_update_master = */ true);
801 link_check_ready(link
);
805 static int address_drop(Address
*address
) {
806 Link
*link
= ASSERT_PTR(ASSERT_PTR(address
)->link
);
809 r
= address_set_masquerade(address
, /* add = */ false);
811 log_link_warning_errno(link
, r
, "Failed to disable IP masquerading, ignoring: %m");
813 address_modify_nft_set(address
, /* add = */ false);
815 address_del_netlabel(address
);
817 /* FIXME: if the IPv6LL address is dropped, stop DHCPv6, NDISC, RADV. */
818 if (address
->family
== AF_INET6
&&
819 in6_addr_equal(&address
->in_addr
.in6
, &link
->ipv6ll_address
))
820 link
->ipv6ll_address
= (const struct in6_addr
) {};
822 ipv4acd_detach(link
, address
);
824 address_detach(address
);
826 link_update_operstate(link
, /* also_update_master = */ true);
827 link_check_ready(link
);
831 static bool address_match_null(const Address
*a
, const Address
*null_address
) {
833 assert(null_address
);
835 if (!a
->requested_as_null
)
838 /* Currently, null address is supported only by static addresses. Note that static
839 * address may be set as foreign during reconfiguring the interface. */
840 if (!IN_SET(a
->source
, NETWORK_CONFIG_SOURCE_FOREIGN
, NETWORK_CONFIG_SOURCE_STATIC
))
843 if (a
->family
!= null_address
->family
)
846 if (a
->prefixlen
!= null_address
->prefixlen
)
852 static int address_get_request(Link
*link
, const Address
*address
, Request
**ret
) {
856 assert(link
->manager
);
859 req
= ordered_set_get(
860 link
->manager
->request_queue
,
863 .type
= REQUEST_TYPE_ADDRESS
,
864 .userdata
= (void*) address
,
865 .hash_func
= (hash_func_t
) address_hash_func
,
866 .compare_func
= (compare_func_t
) address_compare_func
,
874 if (address_is_static_null(address
))
875 ORDERED_SET_FOREACH(req
, link
->manager
->request_queue
) {
876 if (req
->link
!= link
)
878 if (req
->type
!= REQUEST_TYPE_ADDRESS
)
881 if (!address_match_null(req
->userdata
, address
))
893 int address_get(Link
*link
, const Address
*in
, Address
**ret
) {
899 a
= set_get(link
->addresses
, in
);
906 /* Find matching address that originally requested as null address. */
907 if (address_is_static_null(in
))
908 SET_FOREACH(a
, link
->addresses
) {
909 if (!address_match_null(a
, in
))
920 int address_get_harder(Link
*link
, const Address
*in
, Address
**ret
) {
927 if (address_get(link
, in
, ret
) >= 0)
930 r
= address_get_request(link
, in
, &req
);
935 *ret
= ASSERT_PTR(req
->userdata
);
940 int link_get_address(Link
*link
, int family
, const union in_addr_union
*address
, unsigned char prefixlen
, Address
**ret
) {
945 assert(IN_SET(family
, AF_INET
, AF_INET6
));
948 /* This find an Address object on the link which matches the given address and prefix length
949 * and does not have peer address. When the prefixlen is zero, then an Address object with an
950 * arbitrary prefixlen will be returned. */
952 if (family
== AF_INET6
|| prefixlen
!= 0) {
953 _cleanup_(address_unrefp
) Address
*tmp
= NULL
;
955 /* In this case, we can use address_get(). */
957 r
= address_new(&tmp
);
961 tmp
->family
= family
;
962 tmp
->in_addr
= *address
;
963 tmp
->prefixlen
= prefixlen
;
965 r
= address_get(link
, tmp
, &a
);
969 if (family
== AF_INET6
) {
970 /* IPv6 addresses are managed without peer address and prefix length. Hence, we need
971 * to check them explicitly. */
972 if (in_addr_is_set(family
, &a
->in_addr_peer
))
974 if (prefixlen
!= 0 && a
->prefixlen
!= prefixlen
)
984 SET_FOREACH(a
, link
->addresses
) {
985 if (a
->family
!= family
)
988 if (!in_addr_equal(family
, &a
->in_addr
, address
))
991 if (in_addr_is_set(family
, &a
->in_addr_peer
))
1003 int manager_get_address(Manager
*manager
, int family
, const union in_addr_union
*address
, unsigned char prefixlen
, Address
**ret
) {
1007 assert(IN_SET(family
, AF_INET
, AF_INET6
));
1010 HASHMAP_FOREACH(link
, manager
->links_by_index
) {
1011 if (!IN_SET(link
->state
, LINK_STATE_CONFIGURING
, LINK_STATE_CONFIGURED
))
1014 if (link_get_address(link
, family
, address
, prefixlen
, ret
) >= 0)
1021 bool manager_has_address(Manager
*manager
, int family
, const union in_addr_union
*address
) {
1025 assert(IN_SET(family
, AF_INET
, AF_INET6
));
1028 if (manager_get_address(manager
, family
, address
, 0, &a
) < 0)
1031 return address_is_ready(a
);
1034 const char* format_lifetime(char *buf
, size_t l
, usec_t lifetime_usec
) {
1038 if (lifetime_usec
== USEC_INFINITY
)
1041 sprintf(buf
, "for ");
1042 /* format_timespan() never fails */
1043 assert_se(format_timespan(buf
+ 4, l
- 4, usec_sub_unsigned(lifetime_usec
, now(CLOCK_BOOTTIME
)), USEC_PER_SEC
));
1047 static void log_address_debug(const Address
*address
, const char *str
, const Link
*link
) {
1048 _cleanup_free_
char *state
= NULL
, *flags_str
= NULL
, *scope_str
= NULL
;
1057 (void) network_config_state_to_string_alloc(address
->state
, &state
);
1059 const char *peer
= in_addr_is_set(address
->family
, &address
->in_addr_peer
) ?
1060 IN_ADDR_TO_STRING(address
->family
, &address
->in_addr_peer
) : NULL
;
1062 const char *broadcast
= (address
->family
== AF_INET
&& in4_addr_is_set(&address
->broadcast
)) ?
1063 IN4_ADDR_TO_STRING(&address
->broadcast
) : NULL
;
1065 (void) address_flags_to_string_alloc(address
->flags
, address
->family
, &flags_str
);
1066 (void) route_scope_to_string_alloc(address
->scope
, &scope_str
);
1068 log_link_debug(link
, "%s %s address (%s): %s%s%s/%u%s%s (valid %s, preferred %s), flags: %s, scope: %s%s%s",
1069 str
, strna(network_config_source_to_string(address
->source
)), strna(state
),
1070 IN_ADDR_TO_STRING(address
->family
, &address
->in_addr
),
1071 peer
? " peer " : "", strempty(peer
), address
->prefixlen
,
1072 broadcast
? " broadcast " : "", strempty(broadcast
),
1073 FORMAT_LIFETIME(address
->lifetime_valid_usec
),
1074 FORMAT_LIFETIME(address
->lifetime_preferred_usec
),
1075 strna(flags_str
), strna(scope_str
),
1076 address
->family
== AF_INET
? ", label: " : "",
1077 address
->family
== AF_INET
? strna(address
->label
) : "");
1080 static int address_set_netlink_message(const Address
*address
, sd_netlink_message
*m
, Link
*link
) {
1088 r
= sd_rtnl_message_addr_set_prefixlen(m
, address
->prefixlen
);
1092 /* On remove, only IFA_F_MANAGETEMPADDR flag for IPv6 addresses are used. But anyway, set all
1093 * flags except tentative flag here unconditionally. Without setting the flag, the template
1094 * addresses generated by kernel will not be removed automatically when the main address is
1096 flags
= address
->flags
& ~IFA_F_TENTATIVE
;
1097 r
= sd_rtnl_message_addr_set_flags(m
, flags
& 0xff);
1101 if ((flags
& ~0xff) != 0) {
1102 r
= sd_netlink_message_append_u32(m
, IFA_FLAGS
, flags
);
1107 r
= netlink_message_append_in_addr_union(m
, IFA_LOCAL
, address
->family
, &address
->in_addr
);
1114 static int address_remove_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, RemoveRequest
*rreq
) {
1120 Link
*link
= ASSERT_PTR(rreq
->link
);
1121 Address
*address
= ASSERT_PTR(rreq
->userdata
);
1123 if (link
->state
== LINK_STATE_LINGER
)
1126 r
= sd_netlink_message_get_errno(m
);
1128 log_link_message_full_errno(link
, m
,
1129 (r
== -EADDRNOTAVAIL
|| !address
->link
) ? LOG_DEBUG
: LOG_WARNING
,
1130 r
, "Could not drop address");
1132 if (address
->link
) {
1133 /* If the address cannot be removed, then assume the address is already removed. */
1134 log_address_debug(address
, "Forgetting", link
);
1137 if (address_get_request(link
, address
, &req
) >= 0)
1138 address_enter_removed(req
->userdata
);
1140 (void) address_drop(address
);
1147 int address_remove(Address
*address
, Link
*link
) {
1148 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
1152 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
1154 assert(link
->ifindex
> 0);
1155 assert(link
->manager
);
1156 assert(link
->manager
->rtnl
);
1158 log_address_debug(address
, "Removing", link
);
1160 r
= sd_rtnl_message_new_addr(link
->manager
->rtnl
, &m
, RTM_DELADDR
,
1161 link
->ifindex
, address
->family
);
1163 return log_link_warning_errno(link
, r
, "Could not allocate RTM_DELADDR message: %m");
1165 r
= address_set_netlink_message(address
, m
, link
);
1167 return log_link_warning_errno(link
, r
, "Could not set netlink attributes: %m");
1169 r
= link_remove_request_add(link
, address
, address
, link
->manager
->rtnl
, m
, address_remove_handler
);
1171 return log_link_warning_errno(link
, r
, "Could not queue rtnetlink message: %m");
1173 address_enter_removing(address
);
1175 /* The operational state is determined by address state and carrier state. Hence, if we remove
1176 * an address, the operational state may be changed. */
1177 link_update_operstate(link
, true);
1181 int address_remove_and_cancel(Address
*address
, Link
*link
) {
1182 bool waiting
= false;
1187 assert(link
->manager
);
1189 /* If the address is remembered by the link, then use the remembered object. */
1190 (void) address_get(link
, address
, &address
);
1192 /* Cancel the request for the address. If the request is already called but we have not received the
1193 * notification about the request, then explicitly remove the address. */
1194 if (address_get_request(link
, address
, &req
) >= 0) {
1195 waiting
= req
->waiting_reply
;
1196 request_detach(req
);
1197 address_cancel_requesting(address
);
1200 /* If we know the address will come or already exists, remove it. */
1201 if (waiting
|| (address
->link
&& address_exists(address
)))
1202 return address_remove(address
, link
);
1207 bool link_address_is_dynamic(const Link
*link
, const Address
*address
) {
1211 assert(link
->manager
);
1214 if (address
->lifetime_preferred_usec
!= USEC_INFINITY
)
1217 /* Even when the address is leased from a DHCP server, networkd assign the address
1218 * without lifetime when KeepConfiguration=dhcp. So, let's check that we have
1219 * corresponding routes with RTPROT_DHCP. */
1220 SET_FOREACH(route
, link
->manager
->routes
) {
1221 if (route
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
)
1224 /* The route is not assigned yet, or already removed. Ignoring. */
1225 if (!route_exists(route
))
1228 if (route
->protocol
!= RTPROT_DHCP
)
1231 if (route
->nexthop
.ifindex
!= link
->ifindex
)
1234 if (address
->family
!= route
->family
)
1237 if (in_addr_equal(address
->family
, &address
->in_addr
, &route
->prefsrc
))
1244 int link_drop_ipv6ll_addresses(Link
*link
) {
1245 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*req
= NULL
, *reply
= NULL
;
1249 assert(link
->manager
);
1250 assert(link
->manager
->rtnl
);
1252 /* IPv6LL address may be in the tentative state, and in that case networkd has not received it.
1253 * So, we need to dump all IPv6 addresses. */
1255 if (link_may_have_ipv6ll(link
, /* check_multicast = */ false))
1258 r
= sd_rtnl_message_new_addr(link
->manager
->rtnl
, &req
, RTM_GETADDR
, link
->ifindex
, AF_INET6
);
1262 r
= sd_netlink_message_set_request_dump(req
, true);
1266 r
= sd_netlink_call(link
->manager
->rtnl
, req
, 0, &reply
);
1270 for (sd_netlink_message
*addr
= reply
; addr
; addr
= sd_netlink_message_next(addr
)) {
1271 _cleanup_(address_unrefp
) Address
*a
= NULL
;
1272 unsigned char flags
, prefixlen
;
1273 struct in6_addr address
;
1276 /* NETLINK_GET_STRICT_CHK socket option is supported since kernel 4.20. To support
1277 * older kernels, we need to check ifindex here. */
1278 r
= sd_rtnl_message_addr_get_ifindex(addr
, &ifindex
);
1280 log_link_debug_errno(link
, r
, "rtnl: received address message without valid ifindex, ignoring: %m");
1282 } else if (link
->ifindex
!= ifindex
)
1285 r
= sd_rtnl_message_addr_get_flags(addr
, &flags
);
1287 log_link_debug_errno(link
, r
, "rtnl: received address message without valid flags, ignoring: %m");
1291 r
= sd_rtnl_message_addr_get_prefixlen(addr
, &prefixlen
);
1293 log_link_debug_errno(link
, r
, "rtnl: received address message without prefixlen, ignoring: %m");
1297 if (sd_netlink_message_read_in6_addr(addr
, IFA_LOCAL
, NULL
) >= 0)
1298 /* address with peer, ignoring. */
1301 r
= sd_netlink_message_read_in6_addr(addr
, IFA_ADDRESS
, &address
);
1303 log_link_debug_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1307 if (!in6_addr_is_link_local(&address
))
1310 r
= address_new(&a
);
1314 a
->family
= AF_INET6
;
1315 a
->in_addr
.in6
= address
;
1316 a
->prefixlen
= prefixlen
;
1319 r
= address_remove(a
, link
);
1327 int link_drop_foreign_addresses(Link
*link
) {
1332 assert(link
->network
);
1334 /* First, mark all addresses. */
1335 SET_FOREACH(address
, link
->addresses
) {
1336 /* We consider IPv6LL addresses to be managed by the kernel, or dropped in link_drop_ipv6ll_addresses() */
1337 if (address
->family
== AF_INET6
&& in6_addr_is_link_local(&address
->in_addr
.in6
))
1340 /* Do not remove localhost address (127.0.0.1 and ::1) */
1341 if (link
->flags
& IFF_LOOPBACK
&& in_addr_is_localhost_one(address
->family
, &address
->in_addr
) > 0)
1344 /* Ignore addresses we configured. */
1345 if (address
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
)
1348 /* Ignore addresses not assigned yet or already removing. */
1349 if (!address_exists(address
))
1352 /* link_address_is_dynamic() is slightly heavy. Let's call the function only when KeepConfiguration= is set. */
1353 if (IN_SET(link
->network
->keep_configuration
, KEEP_CONFIGURATION_DHCP
, KEEP_CONFIGURATION_STATIC
) &&
1354 link_address_is_dynamic(link
, address
) == (link
->network
->keep_configuration
== KEEP_CONFIGURATION_DHCP
))
1357 address_mark(address
);
1360 /* Then, unmark requested addresses. */
1361 ORDERED_HASHMAP_FOREACH(address
, link
->network
->addresses_by_section
) {
1364 if (address_get(link
, address
, &existing
) < 0)
1367 if (!address_can_update(existing
, address
))
1370 /* Found matching static configuration. Keep the existing address. */
1371 address_unmark(existing
);
1374 /* Finally, remove all marked addresses. */
1375 SET_FOREACH(address
, link
->addresses
) {
1376 if (!address_is_marked(address
))
1379 RET_GATHER(r
, address_remove(address
, link
));
1385 int link_drop_managed_addresses(Link
*link
) {
1391 SET_FOREACH(address
, link
->addresses
) {
1392 /* Do not touch addresses managed by kernel or other tools. */
1393 if (address
->source
== NETWORK_CONFIG_SOURCE_FOREIGN
)
1396 /* Ignore addresses not assigned yet or already removing. */
1397 if (!address_exists(address
))
1400 RET_GATHER(r
, address_remove(address
, link
));
1406 void link_foreignize_addresses(Link
*link
) {
1411 SET_FOREACH(address
, link
->addresses
)
1412 address
->source
= NETWORK_CONFIG_SOURCE_FOREIGN
;
1415 static int address_acquire(Link
*link
, const Address
*original
, Address
**ret
) {
1416 _cleanup_(address_unrefp
) Address
*na
= NULL
;
1417 union in_addr_union in_addr
;
1424 /* Something useful was configured? just use it */
1425 if (in_addr_is_set(original
->family
, &original
->in_addr
))
1426 return address_dup(original
, ret
);
1428 /* The address is configured to be 0.0.0.0 or [::] by the user?
1429 * Then let's acquire something more useful from the pool. */
1430 r
= address_pool_acquire(link
->manager
, original
->family
, original
->prefixlen
, &in_addr
);
1436 /* Pick first address in range for ourselves. */
1437 if (original
->family
== AF_INET
)
1438 in_addr
.in
.s_addr
= in_addr
.in
.s_addr
| htobe32(1);
1439 else if (original
->family
== AF_INET6
)
1440 in_addr
.in6
.s6_addr
[15] |= 1;
1442 r
= address_dup(original
, &na
);
1446 na
->in_addr
= in_addr
;
1448 *ret
= TAKE_PTR(na
);
1452 int address_configure_handler_internal(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
, const char *error_msg
) {
1460 r
= sd_netlink_message_get_errno(m
);
1461 if (r
< 0 && r
!= -EEXIST
) {
1462 log_link_message_warning_errno(link
, m
, r
, error_msg
);
1463 link_enter_failed(link
);
1470 static int address_configure(const Address
*address
, const struct ifa_cacheinfo
*c
, Link
*link
, Request
*req
) {
1471 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
1475 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
1478 assert(link
->ifindex
> 0);
1479 assert(link
->manager
);
1480 assert(link
->manager
->rtnl
);
1483 log_address_debug(address
, "Configuring", link
);
1485 r
= sd_rtnl_message_new_addr_update(link
->manager
->rtnl
, &m
, link
->ifindex
, address
->family
);
1489 r
= address_set_netlink_message(address
, m
, link
);
1493 r
= sd_rtnl_message_addr_set_scope(m
, address
->scope
);
1497 if (address
->family
== AF_INET6
|| in_addr_is_set(address
->family
, &address
->in_addr_peer
)) {
1498 r
= netlink_message_append_in_addr_union(m
, IFA_ADDRESS
, address
->family
, &address
->in_addr_peer
);
1501 } else if (in4_addr_is_set(&address
->broadcast
)) {
1502 r
= sd_netlink_message_append_in_addr(m
, IFA_BROADCAST
, &address
->broadcast
);
1507 if (address
->family
== AF_INET
&& address
->label
) {
1508 r
= sd_netlink_message_append_string(m
, IFA_LABEL
, address
->label
);
1513 r
= sd_netlink_message_append_cache_info(m
, IFA_CACHEINFO
, c
);
1517 r
= sd_netlink_message_append_u32(m
, IFA_RT_PRIORITY
, address
->route_metric
);
1521 return request_call_netlink_async(link
->manager
->rtnl
, m
, req
);
1524 static bool address_is_ready_to_configure(Link
*link
, const Address
*address
) {
1528 if (!link_is_ready_to_configure(link
, false))
1531 if (!ipv4acd_bound(link
, address
))
1534 /* Refuse adding more than the limit */
1535 if (set_size(link
->addresses
) >= ADDRESSES_PER_LINK_MAX
)
1541 static int address_process_request(Request
*req
, Link
*link
, Address
*address
) {
1543 struct ifa_cacheinfo c
;
1550 if (!address_is_ready_to_configure(link
, address
))
1553 address_set_cinfo(link
->manager
, address
, &c
);
1554 if (c
.ifa_valid
== 0) {
1555 log_link_debug(link
, "Refuse to configure %s address %s, as its valid lifetime is zero.",
1556 network_config_source_to_string(address
->source
),
1557 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
1559 address_cancel_requesting(address
);
1560 if (address_get(link
, address
, &existing
) >= 0)
1561 address_cancel_requesting(existing
);
1565 r
= address_configure(address
, &c
, link
, req
);
1567 return log_link_warning_errno(link
, r
, "Failed to configure address: %m");
1569 address_enter_configuring(address
);
1570 if (address_get(link
, address
, &existing
) >= 0)
1571 address_enter_configuring(existing
);
1576 int link_request_address(
1578 const Address
*address
,
1579 unsigned *message_counter
,
1580 address_netlink_handler_t netlink_handler
,
1583 _cleanup_(address_unrefp
) Address
*tmp
= NULL
;
1584 Address
*existing
= NULL
;
1589 assert(address
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
);
1591 if (address
->lifetime_valid_usec
== 0)
1592 /* The requested address is outdated. Let's ignore the request. */
1595 if (address_get(link
, address
, &existing
) < 0) {
1596 if (address_get_request(link
, address
, NULL
) >= 0)
1597 return 0; /* already requested, skipping. */
1599 r
= address_acquire(link
, address
, &tmp
);
1601 return log_link_warning_errno(link
, r
, "Failed to acquire an address from pool: %m");
1604 r
= address_dup(address
, &tmp
);
1608 /* Copy already assigned address when it is requested as a null address. */
1609 if (address_is_static_null(address
))
1610 tmp
->in_addr
= existing
->in_addr
;
1612 /* Copy state for logging below. */
1613 tmp
->state
= existing
->state
;
1616 address_set_broadcast(tmp
, link
);
1618 r
= ipv4acd_configure(link
, tmp
);
1622 log_address_debug(tmp
, "Requesting", link
);
1623 r
= link_queue_request_safe(link
, REQUEST_TYPE_ADDRESS
,
1627 address_compare_func
,
1628 address_process_request
,
1629 message_counter
, netlink_handler
, ret
);
1631 return log_link_warning_errno(link
, r
, "Failed to request address: %m");
1635 address_enter_requesting(tmp
);
1637 address_enter_requesting(existing
);
1643 static int static_address_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Request
*req
, Link
*link
, Address
*address
) {
1648 r
= address_configure_handler_internal(rtnl
, m
, link
, "Failed to set static address");
1652 if (link
->static_address_messages
== 0) {
1653 log_link_debug(link
, "Addresses set");
1654 link
->static_addresses_configured
= true;
1655 link_check_ready(link
);
1661 int link_request_static_address(Link
*link
, const Address
*address
) {
1664 assert(address
->source
== NETWORK_CONFIG_SOURCE_STATIC
);
1666 return link_request_address(link
, address
, &link
->static_address_messages
,
1667 static_address_handler
, NULL
);
1670 int link_request_static_addresses(Link
*link
) {
1675 assert(link
->network
);
1677 link
->static_addresses_configured
= false;
1679 ORDERED_HASHMAP_FOREACH(a
, link
->network
->addresses_by_section
) {
1680 r
= link_request_static_address(link
, a
);
1685 r
= link_request_radv_addresses(link
);
1689 if (link
->static_address_messages
== 0) {
1690 link
->static_addresses_configured
= true;
1691 link_check_ready(link
);
1693 log_link_debug(link
, "Setting addresses");
1694 link_set_state(link
, LINK_STATE_CONFIGURING
);
1700 int manager_rtnl_process_address(sd_netlink
*rtnl
, sd_netlink_message
*message
, Manager
*m
) {
1701 _cleanup_(address_unrefp
) Address
*tmp
= NULL
;
1702 struct ifa_cacheinfo cinfo
;
1705 Address
*address
= NULL
;
1706 Request
*req
= NULL
;
1707 bool is_new
= false, update_dhcp4
;
1714 if (sd_netlink_message_is_error(message
)) {
1715 r
= sd_netlink_message_get_errno(message
);
1717 log_message_warning_errno(message
, r
, "rtnl: failed to receive address message, ignoring");
1722 r
= sd_netlink_message_get_type(message
, &type
);
1724 log_warning_errno(r
, "rtnl: could not get message type, ignoring: %m");
1726 } else if (!IN_SET(type
, RTM_NEWADDR
, RTM_DELADDR
)) {
1727 log_warning("rtnl: received unexpected message type %u when processing address, ignoring.", type
);
1731 r
= sd_rtnl_message_addr_get_ifindex(message
, &ifindex
);
1733 log_warning_errno(r
, "rtnl: could not get ifindex from message, ignoring: %m");
1735 } else if (ifindex
<= 0) {
1736 log_warning("rtnl: received address message with invalid ifindex %d, ignoring.", ifindex
);
1740 r
= link_get_by_index(m
, ifindex
, &link
);
1742 /* when enumerating we might be out of sync, but we will get the address again, so just
1744 if (!m
->enumerating
)
1745 log_warning("rtnl: received address for link '%d' we don't know about, ignoring.", ifindex
);
1749 r
= address_new(&tmp
);
1753 /* First, read minimal information to make address_get() work below. */
1755 r
= sd_rtnl_message_addr_get_family(message
, &tmp
->family
);
1757 log_link_warning(link
, "rtnl: received address message without family, ignoring.");
1759 } else if (!IN_SET(tmp
->family
, AF_INET
, AF_INET6
)) {
1760 log_link_debug(link
, "rtnl: received address message with invalid family '%i', ignoring.", tmp
->family
);
1764 r
= sd_rtnl_message_addr_get_prefixlen(message
, &tmp
->prefixlen
);
1766 log_link_warning_errno(link
, r
, "rtnl: received address message without prefixlen, ignoring: %m");
1770 switch (tmp
->family
) {
1772 r
= sd_netlink_message_read_in_addr(message
, IFA_LOCAL
, &tmp
->in_addr
.in
);
1774 log_link_warning_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1778 r
= sd_netlink_message_read_in_addr(message
, IFA_ADDRESS
, &tmp
->in_addr_peer
.in
);
1779 if (r
< 0 && r
!= -ENODATA
) {
1780 log_link_warning_errno(link
, r
, "rtnl: could not get peer address from address message, ignoring: %m");
1782 } else if (r
>= 0) {
1783 if (in4_addr_equal(&tmp
->in_addr
.in
, &tmp
->in_addr_peer
.in
))
1784 tmp
->in_addr_peer
= IN_ADDR_NULL
;
1790 r
= sd_netlink_message_read_in6_addr(message
, IFA_LOCAL
, &tmp
->in_addr
.in6
);
1792 /* Have peer address. */
1793 r
= sd_netlink_message_read_in6_addr(message
, IFA_ADDRESS
, &tmp
->in_addr_peer
.in6
);
1795 log_link_warning_errno(link
, r
, "rtnl: could not get peer address from address message, ignoring: %m");
1798 } else if (r
== -ENODATA
) {
1799 /* Does not have peer address. */
1800 r
= sd_netlink_message_read_in6_addr(message
, IFA_ADDRESS
, &tmp
->in_addr
.in6
);
1802 log_link_warning_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1806 log_link_warning_errno(link
, r
, "rtnl: could not get local address from address message, ignoring: %m");
1813 assert_not_reached();
1816 update_dhcp4
= tmp
->family
== AF_INET6
;
1818 /* Then, find the managed Address and Request objects corresponding to the received address. */
1819 (void) address_get(link
, tmp
, &address
);
1820 (void) address_get_request(link
, tmp
, &req
);
1822 if (type
== RTM_DELADDR
) {
1824 address_enter_removed(address
);
1825 log_address_debug(address
, "Forgetting removed", link
);
1826 (void) address_drop(address
);
1828 log_address_debug(tmp
, "Kernel removed unknown", link
);
1831 address_enter_removed(req
->userdata
);
1837 /* If we did not know the address, then save it. */
1838 r
= address_attach(link
, tmp
);
1840 log_link_warning_errno(link
, r
, "Failed to save received address %s, ignoring: %m",
1841 IN_ADDR_PREFIX_TO_STRING(tmp
->family
, &tmp
->in_addr
, tmp
->prefixlen
));
1849 /* Otherwise, update the managed Address object with the netlink notification. */
1850 address
->prefixlen
= tmp
->prefixlen
;
1851 address
->in_addr_peer
= tmp
->in_addr_peer
;
1854 /* Also update information that cannot be obtained through netlink notification. */
1855 if (req
&& req
->waiting_reply
) {
1856 Address
*a
= ASSERT_PTR(req
->userdata
);
1858 address
->source
= a
->source
;
1859 address
->provider
= a
->provider
;
1860 (void) free_and_strdup_warn(&address
->netlabel
, a
->netlabel
);
1861 nft_set_context_clear(&address
->nft_set_context
);
1862 (void) nft_set_context_dup(&a
->nft_set_context
, &address
->nft_set_context
);
1863 address
->requested_as_null
= a
->requested_as_null
;
1864 address
->callback
= a
->callback
;
1867 /* Then, update miscellaneous info. */
1868 r
= sd_rtnl_message_addr_get_scope(message
, &address
->scope
);
1870 log_link_debug_errno(link
, r
, "rtnl: received address message without scope, ignoring: %m");
1872 if (address
->family
== AF_INET
) {
1873 _cleanup_free_
char *label
= NULL
;
1875 r
= sd_netlink_message_read_string_strdup(message
, IFA_LABEL
, &label
);
1877 if (!streq_ptr(label
, link
->ifname
))
1878 free_and_replace(address
->label
, label
);
1879 } else if (r
!= -ENODATA
)
1880 log_link_debug_errno(link
, r
, "rtnl: could not get label from address message, ignoring: %m");
1882 r
= sd_netlink_message_read_in_addr(message
, IFA_BROADCAST
, &address
->broadcast
);
1883 if (r
< 0 && r
!= -ENODATA
)
1884 log_link_debug_errno(link
, r
, "rtnl: could not get broadcast from address message, ignoring: %m");
1887 r
= sd_netlink_message_read_u32(message
, IFA_FLAGS
, &address
->flags
);
1888 if (r
== -ENODATA
) {
1889 unsigned char flags
;
1891 /* For old kernels. */
1892 r
= sd_rtnl_message_addr_get_flags(message
, &flags
);
1894 address
->flags
= flags
;
1896 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m");
1898 r
= sd_netlink_message_read_cache_info(message
, IFA_CACHEINFO
, &cinfo
);
1900 address_set_lifetime(m
, address
, &cinfo
);
1901 else if (r
!= -ENODATA
)
1902 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_CACHEINFO attribute, ignoring: %m");
1904 r
= sd_netlink_message_read_u32(message
, IFA_RT_PRIORITY
, &address
->route_metric
);
1905 if (r
< 0 && r
!= -ENODATA
)
1906 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_RT_PRIORITY attribute, ignoring: %m");
1908 address_enter_configured(address
);
1910 address_enter_configured(req
->userdata
);
1912 log_address_debug(address
, is_new
? "Received new": "Received updated", link
);
1914 /* address_update() logs internally, so we don't need to here. */
1915 r
= address_update(address
);
1917 link_enter_failed(link
);
1921 r
= dhcp4_update_ipv6_connectivity(link
);
1923 log_link_warning_errno(link
, r
, "Failed to notify IPv6 connectivity to DHCPv4 client: %m");
1924 link_enter_failed(link
);
1931 int config_parse_broadcast(
1933 const char *filename
,
1935 const char *section
,
1936 unsigned section_line
,
1943 Network
*network
= userdata
;
1944 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
1945 union in_addr_union u
;
1954 r
= address_new_static(network
, filename
, section_line
, &n
);
1958 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1959 "Failed to allocate new address, ignoring assignment: %m");
1963 if (isempty(rvalue
)) {
1964 /* The broadcast address will be calculated based on Address=, and set if the link is
1965 * not a wireguard interface. Here, we do not check or set n->family. */
1966 n
->broadcast
= (struct in_addr
) {};
1967 n
->set_broadcast
= -1;
1972 r
= parse_boolean(rvalue
);
1974 /* The broadcast address will be calculated based on Address=. Here, we do not check or
1976 n
->broadcast
= (struct in_addr
) {};
1977 n
->set_broadcast
= r
;
1982 if (n
->family
== AF_INET6
) {
1983 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1984 "Broadcast is not valid for IPv6 addresses, ignoring assignment: %s", rvalue
);
1988 r
= in_addr_from_string(AF_INET
, rvalue
, &u
);
1990 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1991 "Broadcast is invalid, ignoring assignment: %s", rvalue
);
1994 if (in4_addr_is_null(&u
.in
)) {
1995 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1996 "Broadcast cannot be ANY address, ignoring assignment: %s", rvalue
);
2000 n
->broadcast
= u
.in
;
2001 n
->set_broadcast
= true;
2002 n
->family
= AF_INET
;
2008 int config_parse_address(
2010 const char *filename
,
2012 const char *section
,
2013 unsigned section_line
,
2020 Network
*network
= userdata
;
2021 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2022 union in_addr_union buffer
;
2023 unsigned char prefixlen
;
2032 if (streq(section
, "Network")) {
2033 if (isempty(rvalue
)) {
2034 /* If an empty string specified in [Network] section, clear previously assigned addresses. */
2035 network
->addresses_by_section
= ordered_hashmap_free(network
->addresses_by_section
);
2039 /* we are not in an Address section, so use line number instead. */
2040 r
= address_new_static(network
, filename
, line
, &n
);
2042 r
= address_new_static(network
, filename
, section_line
, &n
);
2046 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2047 "Failed to allocate new address, ignoring assignment: %m");
2051 /* Address=address/prefixlen */
2052 r
= in_addr_prefix_from_string_auto_internal(rvalue
, PREFIXLEN_REFUSE
, &f
, &buffer
, &prefixlen
);
2054 r
= in_addr_prefix_from_string_auto(rvalue
, &f
, &buffer
, &prefixlen
);
2056 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2057 "Address '%s' is specified without prefix length. Assuming the prefix length is %u. "
2058 "Please specify the prefix length explicitly.", rvalue
, prefixlen
);
2061 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid address '%s', ignoring assignment: %m", rvalue
);
2065 if (n
->family
!= AF_UNSPEC
&& f
!= n
->family
) {
2066 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Address is incompatible, ignoring assignment: %s", rvalue
);
2070 if (in_addr_is_null(f
, &buffer
)) {
2071 /* Will use address from address pool. Note that for ipv6 case, prefix of the address
2072 * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So,
2073 * let's limit the prefix length to 64 or larger. See RFC4193. */
2074 if ((f
== AF_INET
&& prefixlen
< 8) ||
2075 (f
== AF_INET6
&& prefixlen
< 64)) {
2076 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2077 "Null address with invalid prefixlen='%u', ignoring assignment: %s",
2084 n
->prefixlen
= prefixlen
;
2086 if (streq(lvalue
, "Address")) {
2087 n
->in_addr
= buffer
;
2088 n
->requested_as_null
= !in_addr_is_set(n
->family
, &n
->in_addr
);
2090 n
->in_addr_peer
= buffer
;
2096 int config_parse_label(
2098 const char *filename
,
2100 const char *section
,
2101 unsigned section_line
,
2108 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2109 Network
*network
= userdata
;
2118 r
= address_new_static(network
, filename
, section_line
, &n
);
2122 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2123 "Failed to allocate new address, ignoring assignment: %m");
2127 if (isempty(rvalue
)) {
2128 n
->label
= mfree(n
->label
);
2133 if (!address_label_valid(rvalue
)) {
2134 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2135 "Interface label is too long or invalid, ignoring assignment: %s", rvalue
);
2139 r
= free_and_strdup(&n
->label
, rvalue
);
2147 int config_parse_lifetime(
2149 const char *filename
,
2151 const char *section
,
2152 unsigned section_line
,
2159 Network
*network
= userdata
;
2160 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2170 r
= address_new_static(network
, filename
, section_line
, &n
);
2174 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2175 "Failed to allocate new address, ignoring assignment: %m");
2179 /* We accept only "forever", "infinity", empty, or "0". */
2180 if (STR_IN_SET(rvalue
, "forever", "infinity", ""))
2182 else if (streq(rvalue
, "0"))
2185 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2186 "Invalid PreferredLifetime= value, ignoring: %s", rvalue
);
2190 n
->lifetime_preferred_usec
= k
;
2196 int config_parse_address_flags(
2198 const char *filename
,
2200 const char *section
,
2201 unsigned section_line
,
2208 Network
*network
= userdata
;
2209 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2218 r
= address_new_static(network
, filename
, section_line
, &n
);
2222 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2223 "Failed to allocate new address, ignoring assignment: %m");
2227 r
= parse_boolean(rvalue
);
2229 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2230 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
2234 if (streq(lvalue
, "AddPrefixRoute"))
2237 SET_FLAG(n
->flags
, ltype
, r
);
2243 int config_parse_address_scope(
2245 const char *filename
,
2247 const char *section
,
2248 unsigned section_line
,
2255 Network
*network
= userdata
;
2256 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2265 r
= address_new_static(network
, filename
, section_line
, &n
);
2269 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2270 "Failed to allocate new address, ignoring assignment: %m");
2274 r
= route_scope_from_string(rvalue
);
2276 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2277 "Could not parse address scope \"%s\", ignoring assignment: %m", rvalue
);
2282 n
->scope_set
= true;
2287 int config_parse_address_route_metric(
2289 const char *filename
,
2291 const char *section
,
2292 unsigned section_line
,
2299 Network
*network
= userdata
;
2300 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2309 r
= address_new_static(network
, filename
, section_line
, &n
);
2313 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2314 "Failed to allocate new address, ignoring assignment: %m");
2318 r
= safe_atou32(rvalue
, &n
->route_metric
);
2320 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2321 "Could not parse %s=, ignoring assignment: %s", lvalue
, rvalue
);
2329 int config_parse_duplicate_address_detection(
2331 const char *filename
,
2333 const char *section
,
2334 unsigned section_line
,
2341 Network
*network
= userdata
;
2342 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2351 r
= address_new_static(network
, filename
, section_line
, &n
);
2355 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2356 "Failed to allocate new address, ignoring assignment: %m");
2360 r
= parse_boolean(rvalue
);
2362 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2363 "For historical reasons, %s=%s means %s=%s. "
2364 "Please use 'both', 'ipv4', 'ipv6' or 'none' instead.",
2365 lvalue
, rvalue
, lvalue
, r
? "none" : "both");
2366 n
->duplicate_address_detection
= r
? ADDRESS_FAMILY_NO
: ADDRESS_FAMILY_YES
;
2371 AddressFamily a
= duplicate_address_detection_address_family_from_string(rvalue
);
2373 log_syntax(unit
, LOG_WARNING
, filename
, line
, a
,
2374 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
2377 n
->duplicate_address_detection
= a
;
2383 int config_parse_address_netlabel(
2385 const char *filename
,
2387 const char *section
,
2388 unsigned section_line
,
2395 Network
*network
= userdata
;
2396 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2406 r
= address_new_static(network
, filename
, section_line
, &n
);
2410 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2411 "Failed to allocate new address, ignoring assignment: %m");
2415 r
= config_parse_string(unit
, filename
, line
, section
, section_line
,
2416 lvalue
, CONFIG_PARSE_STRING_SAFE
, rvalue
, &n
->netlabel
, network
);
2424 static void address_section_adjust_broadcast(Address
*address
) {
2426 assert(address
->section
);
2428 if (!in4_addr_is_set(&address
->broadcast
))
2431 if (address
->family
== AF_INET6
)
2432 log_warning("%s: broadcast address is set for an IPv6 address. "
2433 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2434 address
->section
->filename
, address
->section
->line
);
2435 else if (address
->prefixlen
> 30)
2436 log_warning("%s: broadcast address is set for an IPv4 address with prefix length larger than 30. "
2437 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2438 address
->section
->filename
, address
->section
->line
);
2439 else if (in4_addr_is_set(&address
->in_addr_peer
.in
))
2440 log_warning("%s: broadcast address is set for an IPv4 address with peer address. "
2441 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2442 address
->section
->filename
, address
->section
->line
);
2443 else if (!in4_addr_is_set(&address
->in_addr
.in
))
2444 log_warning("%s: broadcast address is set for an IPv4 address with null address. "
2445 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2446 address
->section
->filename
, address
->section
->line
);
2448 /* Otherwise, keep the specified broadcast address. */
2451 address
->broadcast
.s_addr
= 0;
2454 int address_section_verify(Address
*address
) {
2455 if (section_is_invalid(address
->section
))
2458 if (address
->family
== AF_UNSPEC
) {
2459 assert(address
->section
);
2461 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2462 "%s: Address section without Address= field was configured. "
2463 "Ignoring [Address] section from line %u.",
2464 address
->section
->filename
, address
->section
->line
);
2467 if (address
->family
== AF_INET6
&& !socket_ipv6_is_supported())
2468 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2469 "%s: an IPv6 address was configured, but the kernel does not support IPv6. "
2470 "Ignoring [Address] section from line %u.",
2471 address
->section
->filename
, address
->section
->line
);
2473 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
2475 address_section_adjust_broadcast(address
);
2477 if (address
->family
== AF_INET6
&& address
->label
) {
2478 log_warning("%s: address label is set for IPv6 address in the [Address] section from line %u. "
2479 "Ignoring Label= setting.",
2480 address
->section
->filename
, address
->section
->line
);
2482 address
->label
= mfree(address
->label
);
2485 if (!address
->scope_set
) {
2486 if (in_addr_is_localhost(address
->family
, &address
->in_addr
) > 0)
2487 address
->scope
= RT_SCOPE_HOST
;
2488 else if (in_addr_is_link_local(address
->family
, &address
->in_addr
) > 0)
2489 address
->scope
= RT_SCOPE_LINK
;
2492 if (address
->duplicate_address_detection
< 0) {
2493 if (address
->family
== AF_INET6
)
2494 address
->duplicate_address_detection
= ADDRESS_FAMILY_IPV6
;
2495 else if (in4_addr_is_link_local(&address
->in_addr
.in
))
2496 address
->duplicate_address_detection
= ADDRESS_FAMILY_IPV4
;
2498 address
->duplicate_address_detection
= ADDRESS_FAMILY_NO
;
2499 } else if (address
->duplicate_address_detection
== ADDRESS_FAMILY_IPV6
&& address
->family
== AF_INET
)
2500 log_warning("%s: DuplicateAddressDetection=ipv6 is specified for IPv4 address, ignoring.",
2501 address
->section
->filename
);
2502 else if (address
->duplicate_address_detection
== ADDRESS_FAMILY_IPV4
&& address
->family
== AF_INET6
)
2503 log_warning("%s: DuplicateAddressDetection=ipv4 is specified for IPv6 address, ignoring.",
2504 address
->section
->filename
);
2506 if (address
->family
== AF_INET6
&&
2507 !FLAGS_SET(address
->duplicate_address_detection
, ADDRESS_FAMILY_IPV6
))
2508 address
->flags
|= IFA_F_NODAD
;
2510 uint32_t filtered_flags
= address
->family
== AF_INET
?
2511 address
->flags
& KNOWN_FLAGS
& ~UNMANAGED_FLAGS
& ~IPV6ONLY_FLAGS
:
2512 address
->flags
& KNOWN_FLAGS
& ~UNMANAGED_FLAGS
;
2513 if (address
->flags
!= filtered_flags
) {
2514 _cleanup_free_
char *str
= NULL
;
2516 (void) address_flags_to_string_alloc(address
->flags
^ filtered_flags
, address
->family
, &str
);
2517 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2518 "%s: unexpected address flags \"%s\" were configured. "
2519 "Ignoring [Address] section from line %u.",
2520 address
->section
->filename
, strna(str
), address
->section
->line
);
2526 int network_drop_invalid_addresses(Network
*network
) {
2527 _cleanup_set_free_ Set
*addresses
= NULL
;
2533 ORDERED_HASHMAP_FOREACH(address
, network
->addresses_by_section
) {
2536 if (address_section_verify(address
) < 0) {
2537 /* Drop invalid [Address] sections or Address= settings in [Network].
2538 * Note that address_detach() will drop the address from addresses_by_section. */
2539 address_detach(address
);
2543 /* Always use the setting specified later. So, remove the previously assigned setting. */
2544 dup
= set_remove(addresses
, address
);
2546 log_warning("%s: Duplicated address %s is specified at line %u and %u, "
2547 "dropping the address setting specified at line %u.",
2548 dup
->section
->filename
,
2549 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
),
2550 address
->section
->line
,
2551 dup
->section
->line
, dup
->section
->line
);
2553 /* address_detach() will drop the address from addresses_by_section. */
2554 address_detach(dup
);
2557 /* Use address_hash_ops, instead of address_hash_ops_detach. Otherwise, the Address objects
2558 * will be detached. */
2559 r
= set_ensure_put(&addresses
, &address_hash_ops
, address
);
2565 r
= network_adjust_dhcp_server(network
, &addresses
);
2572 int config_parse_address_ip_nft_set(
2574 const char *filename
,
2576 const char *section
,
2577 unsigned section_line
,
2584 Network
*network
= userdata
;
2585 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2593 r
= address_new_static(network
, filename
, section_line
, &n
);
2597 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2598 "Failed to allocate a new address, ignoring assignment: %m");
2602 r
= config_parse_nft_set(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, &n
->nft_set_context
, network
);