]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/network/networkd-ndisc.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #20652 from OnkelUlla/fix_systemd.netdev_manpage
[thirdparty/systemd.git] / src / network / networkd-ndisc.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 /***
3 Copyright © 2014 Intel Corporation. All rights reserved.
4 ***/
5
6 #include <arpa/inet.h>
7 #include <netinet/icmp6.h>
8 #include <net/if_arp.h>
9 #include <linux/if.h>
10
11 #include "sd-ndisc.h"
12
13 #include "missing_network.h"
14 #include "networkd-address.h"
15 #include "networkd-dhcp6.h"
16 #include "networkd-manager.h"
17 #include "networkd-ndisc.h"
18 #include "networkd-queue.h"
19 #include "networkd-state-file.h"
20 #include "string-table.h"
21 #include "string-util.h"
22 #include "strv.h"
23
24 #define NDISC_DNSSL_MAX 64U
25 #define NDISC_RDNSS_MAX 64U
26
27 #define DAD_CONFLICTS_IDGEN_RETRIES_RFC7217 3
28
29 /* https://tools.ietf.org/html/rfc5453 */
30 /* https://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xml */
31
32 #define SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } })
33 #define SUBNET_ROUTER_ANYCAST_PREFIXLEN 8
34 #define RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x02, 0x00, 0x5E, 0xFF, 0xFE } })
35 #define RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN 5
36 #define RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291 ((struct in6_addr) { .s6_addr = { 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } })
37 #define RESERVED_SUBNET_ANYCAST_PREFIXLEN 7
38
39 #define NDISC_APP_ID SD_ID128_MAKE(13,ac,81,a7,d5,3f,49,78,92,79,5d,0c,29,3a,bc,7e)
40
41 typedef enum IPv6TokenAddressGeneration {
42 IPV6_TOKEN_ADDRESS_GENERATION_NONE,
43 IPV6_TOKEN_ADDRESS_GENERATION_STATIC,
44 IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE,
45 _IPV6_TOKEN_ADDRESS_GENERATION_MAX,
46 _IPV6_TOKEN_ADDRESS_GENERATION_INVALID = -EINVAL,
47 } IPv6TokenAddressGeneration;
48
49 typedef struct IPv6Token {
50 IPv6TokenAddressGeneration address_generation_type;
51
52 uint8_t dad_counter;
53 struct in6_addr prefix;
54 } IPv6Token;
55
56 bool link_ipv6_accept_ra_enabled(Link *link) {
57 assert(link);
58
59 if (!socket_ipv6_is_supported())
60 return false;
61
62 if (link->flags & IFF_LOOPBACK)
63 return false;
64
65 if (!link->network)
66 return false;
67
68 if (!link_ipv6ll_enabled(link))
69 return false;
70
71 assert(link->network->ipv6_accept_ra >= 0);
72 return link->network->ipv6_accept_ra;
73 }
74
75 void network_adjust_ipv6_accept_ra(Network *network) {
76 assert(network);
77
78 if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) {
79 if (network->ipv6_accept_ra > 0)
80 log_warning("%s: IPv6AcceptRA= is enabled but IPv6 link local addressing is disabled or not supported. "
81 "Disabling IPv6AcceptRA=.", network->filename);
82 network->ipv6_accept_ra = false;
83 }
84
85 if (network->ipv6_accept_ra < 0)
86 /* default to accept RA if ip_forward is disabled and ignore RA if ip_forward is enabled */
87 network->ipv6_accept_ra = !FLAGS_SET(network->ip_forward, ADDRESS_FAMILY_IPV6);
88
89 /* When RouterAllowList=, PrefixAllowList= or RouteAllowList= are specified, then
90 * RouterDenyList=, PrefixDenyList= or RouteDenyList= are ignored, respectively. */
91 if (!set_isempty(network->ndisc_allow_listed_router))
92 network->ndisc_deny_listed_router = set_free_free(network->ndisc_deny_listed_router);
93 if (!set_isempty(network->ndisc_allow_listed_prefix))
94 network->ndisc_deny_listed_prefix = set_free_free(network->ndisc_deny_listed_prefix);
95 if (!set_isempty(network->ndisc_allow_listed_route_prefix))
96 network->ndisc_deny_listed_route_prefix = set_free_free(network->ndisc_deny_listed_route_prefix);
97 }
98
99 static int ndisc_remove_old_one(Link *link, const struct in6_addr *router, bool force);
100
101 static int ndisc_address_callback(Address *address) {
102 struct in6_addr router = {};
103 NDiscAddress *n;
104
105 assert(address);
106 assert(address->link);
107 assert(address->family == AF_INET6);
108
109 SET_FOREACH(n, address->link->ndisc_addresses)
110 if (n->address == address) {
111 router = n->router;
112 break;
113 }
114
115 if (in6_addr_is_null(&router)) {
116 _cleanup_free_ char *buf = NULL;
117
118 (void) in6_addr_prefix_to_string(&address->in_addr.in6, address->prefixlen, &buf);
119 log_link_debug(address->link, "%s is called for %s, but it is already removed, ignoring.",
120 __func__, strna(buf));
121 return 0;
122 }
123
124 /* Make this called only once */
125 SET_FOREACH(n, address->link->ndisc_addresses)
126 if (in6_addr_equal(&n->router, &router))
127 n->address->callback = NULL;
128
129 return ndisc_remove_old_one(address->link, &router, true);
130 }
131
132 static int ndisc_remove_old_one(Link *link, const struct in6_addr *router, bool force) {
133 NDiscAddress *na;
134 NDiscRoute *nr;
135 NDiscDNSSL *dnssl;
136 NDiscRDNSS *rdnss;
137 int k, r = 0;
138 bool updated = false;
139
140 assert(link);
141 assert(router);
142
143 if (!force) {
144 bool set_callback = false;
145
146 SET_FOREACH(na, link->ndisc_addresses)
147 if (!na->marked && in6_addr_equal(&na->router, router)) {
148 set_callback = true;
149 break;
150 }
151
152 if (set_callback)
153 SET_FOREACH(na, link->ndisc_addresses)
154 if (!na->marked && address_is_ready(na->address)) {
155 set_callback = false;
156 break;
157 }
158
159 if (set_callback) {
160 SET_FOREACH(na, link->ndisc_addresses)
161 if (!na->marked && in6_addr_equal(&na->router, router))
162 na->address->callback = ndisc_address_callback;
163
164 if (DEBUG_LOGGING) {
165 _cleanup_free_ char *buf = NULL;
166
167 (void) in6_addr_to_string(router, &buf);
168 log_link_debug(link, "No SLAAC address obtained from %s is ready. "
169 "The old NDisc information will be removed later.",
170 strna(buf));
171 }
172 return 0;
173 }
174 }
175
176 if (DEBUG_LOGGING) {
177 _cleanup_free_ char *buf = NULL;
178
179 (void) in6_addr_to_string(router, &buf);
180 log_link_debug(link, "Removing old NDisc information obtained from %s.", strna(buf));
181 }
182
183 SET_FOREACH(na, link->ndisc_addresses)
184 if (na->marked && in6_addr_equal(&na->router, router)) {
185 k = address_remove(na->address, link);
186 if (k < 0)
187 r = k;
188 }
189
190 SET_FOREACH(nr, link->ndisc_routes)
191 if (nr->marked && in6_addr_equal(&nr->router, router)) {
192 k = route_remove(nr->route, NULL, link);
193 if (k < 0)
194 r = k;
195 }
196
197 SET_FOREACH(rdnss, link->ndisc_rdnss)
198 if (rdnss->marked && in6_addr_equal(&rdnss->router, router)) {
199 free(set_remove(link->ndisc_rdnss, rdnss));
200 updated = true;
201 }
202
203 SET_FOREACH(dnssl, link->ndisc_dnssl)
204 if (dnssl->marked && in6_addr_equal(&dnssl->router, router)) {
205 free(set_remove(link->ndisc_dnssl, dnssl));
206 updated = true;
207 }
208
209 if (updated)
210 link_dirty(link);
211
212 return r;
213 }
214
215 static int ndisc_remove_old(Link *link) {
216 _cleanup_set_free_free_ Set *routers = NULL;
217 _cleanup_free_ struct in6_addr *router = NULL;
218 struct in6_addr *a;
219 NDiscAddress *na;
220 NDiscRoute *nr;
221 NDiscDNSSL *dnssl;
222 NDiscRDNSS *rdnss;
223 int k, r;
224
225 assert(link);
226
227 if (link->ndisc_addresses_messages > 0 ||
228 link->ndisc_routes_messages > 0)
229 return 0;
230
231 routers = set_new(&in6_addr_hash_ops);
232 if (!routers)
233 return -ENOMEM;
234
235 SET_FOREACH(na, link->ndisc_addresses)
236 if (!set_contains(routers, &na->router)) {
237 router = newdup(struct in6_addr, &na->router, 1);
238 if (!router)
239 return -ENOMEM;
240
241 r = set_put(routers, router);
242 if (r < 0)
243 return r;
244
245 assert(r > 0);
246 TAKE_PTR(router);
247 }
248
249 SET_FOREACH(nr, link->ndisc_routes)
250 if (!set_contains(routers, &nr->router)) {
251 router = newdup(struct in6_addr, &nr->router, 1);
252 if (!router)
253 return -ENOMEM;
254
255 r = set_put(routers, router);
256 if (r < 0)
257 return r;
258
259 assert(r > 0);
260 TAKE_PTR(router);
261 }
262
263 SET_FOREACH(rdnss, link->ndisc_rdnss)
264 if (!set_contains(routers, &rdnss->router)) {
265 router = newdup(struct in6_addr, &rdnss->router, 1);
266 if (!router)
267 return -ENOMEM;
268
269 r = set_put(routers, router);
270 if (r < 0)
271 return r;
272
273 assert(r > 0);
274 TAKE_PTR(router);
275 }
276
277 SET_FOREACH(dnssl, link->ndisc_dnssl)
278 if (!set_contains(routers, &dnssl->router)) {
279 router = newdup(struct in6_addr, &dnssl->router, 1);
280 if (!router)
281 return -ENOMEM;
282
283 r = set_put(routers, router);
284 if (r < 0)
285 return r;
286
287 assert(r > 0);
288 TAKE_PTR(router);
289 }
290
291 r = 0;
292 SET_FOREACH(a, routers) {
293 k = ndisc_remove_old_one(link, a, false);
294 if (k < 0)
295 r = k;
296 }
297
298 return r;
299 }
300
301 static void ndisc_route_hash_func(const NDiscRoute *x, struct siphash *state) {
302 route_hash_func(x->route, state);
303 }
304
305 static int ndisc_route_compare_func(const NDiscRoute *a, const NDiscRoute *b) {
306 return route_compare_func(a->route, b->route);
307 }
308
309 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
310 ndisc_route_hash_ops,
311 NDiscRoute,
312 ndisc_route_hash_func,
313 ndisc_route_compare_func,
314 free);
315
316 static int ndisc_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
317 int r;
318
319 assert(link);
320 assert(link->ndisc_routes_messages > 0);
321
322 link->ndisc_routes_messages--;
323
324 r = route_configure_handler_internal(rtnl, m, link, "Could not set NDisc route");
325 if (r <= 0)
326 return r;
327
328 if (link->ndisc_routes_messages == 0) {
329 log_link_debug(link, "NDisc routes set.");
330 link->ndisc_routes_configured = true;
331
332 r = ndisc_remove_old(link);
333 if (r < 0) {
334 link_enter_failed(link);
335 return 1;
336 }
337
338 link_check_ready(link);
339 }
340
341 return 1;
342 }
343
344 static int ndisc_after_route_configure(Request *req, void *object) {
345 _cleanup_free_ NDiscRoute *nr = NULL;
346 NDiscRoute *nr_exist;
347 struct in6_addr router;
348 Route *route = object;
349 sd_ndisc_router *rt;
350 Link *link;
351 int r;
352
353 assert(req);
354 assert(req->link);
355 assert(req->type == REQUEST_TYPE_ROUTE);
356 assert(req->userdata);
357 assert(route);
358
359 link = req->link;
360 rt = req->userdata;
361
362 r = sd_ndisc_router_get_address(rt, &router);
363 if (r < 0)
364 return log_link_error_errno(link, r, "Failed to get router address from RA: %m");
365
366 nr = new(NDiscRoute, 1);
367 if (!nr)
368 return log_oom();
369
370 *nr = (NDiscRoute) {
371 .router = router,
372 .route = route,
373 };
374
375 nr_exist = set_get(link->ndisc_routes, nr);
376 if (nr_exist) {
377 nr_exist->marked = false;
378 nr_exist->router = router;
379 return 0;
380 }
381
382 r = set_ensure_put(&link->ndisc_routes, &ndisc_route_hash_ops, nr);
383 if (r < 0)
384 return log_link_error_errno(link, r, "Failed to store NDisc SLAAC route: %m");
385 assert(r > 0);
386 TAKE_PTR(nr);
387
388 return 0;
389 }
390
391 static void ndisc_request_on_free(Request *req) {
392 assert(req);
393
394 sd_ndisc_router_unref(req->userdata);
395 }
396
397 static int ndisc_request_route(Route *in, Link *link, sd_ndisc_router *rt) {
398 _cleanup_(route_freep) Route *route = in;
399 Request *req;
400 int r;
401
402 assert(route);
403 assert(link);
404 assert(rt);
405
406 if (!route->table_set)
407 route->table = link_get_ipv6_accept_ra_route_table(link);
408 if (!route->priority_set)
409 route->priority = link->network->ipv6_accept_ra_route_metric;
410 if (!route->protocol_set)
411 route->protocol = RTPROT_RA;
412
413 r = link_has_route(link, route);
414 if (r < 0)
415 return r;
416 if (r == 0)
417 link->ndisc_routes_configured = false;
418
419 r = link_request_route(link, TAKE_PTR(route), true, &link->ndisc_routes_messages,
420 ndisc_route_handler, &req);
421 if (r <= 0)
422 return r;
423
424 req->userdata = sd_ndisc_router_ref(rt);
425 req->after_configure = ndisc_after_route_configure;
426 req->on_free = ndisc_request_on_free;
427
428 return 0;
429 }
430
431 static void ndisc_address_hash_func(const NDiscAddress *x, struct siphash *state) {
432 address_hash_func(x->address, state);
433 }
434
435 static int ndisc_address_compare_func(const NDiscAddress *a, const NDiscAddress *b) {
436 return address_compare_func(a->address, b->address);
437 }
438
439 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
440 ndisc_address_hash_ops,
441 NDiscAddress,
442 ndisc_address_hash_func,
443 ndisc_address_compare_func,
444 free);
445
446 static int ndisc_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
447 int r;
448
449 assert(link);
450 assert(link->ndisc_addresses_messages > 0);
451
452 link->ndisc_addresses_messages--;
453
454 r = address_configure_handler_internal(rtnl, m, link, "Could not set NDisc address");
455 if (r <= 0)
456 return r;
457
458 if (link->ndisc_addresses_messages == 0) {
459 log_link_debug(link, "NDisc SLAAC addresses set.");
460 link->ndisc_addresses_configured = true;
461
462 r = ndisc_remove_old(link);
463 if (r < 0) {
464 link_enter_failed(link);
465 return 1;
466 }
467 }
468
469 return 1;
470 }
471
472 static int ndisc_after_address_configure(Request *req, void *object) {
473 _cleanup_free_ NDiscAddress *na = NULL;
474 NDiscAddress *na_exist;
475 struct in6_addr router;
476 sd_ndisc_router *rt;
477 Address *address = object;
478 Link *link;
479 int r;
480
481 assert(req);
482 assert(req->link);
483 assert(req->type == REQUEST_TYPE_ADDRESS);
484 assert(req->userdata);
485 assert(address);
486
487 link = req->link;
488 rt = req->userdata;
489
490 r = sd_ndisc_router_get_address(rt, &router);
491 if (r < 0)
492 return log_link_error_errno(link, r, "Failed to get router address from RA: %m");
493
494 na = new(NDiscAddress, 1);
495 if (!na)
496 return log_oom();
497
498 *na = (NDiscAddress) {
499 .router = router,
500 .address = address,
501 };
502
503 na_exist = set_get(link->ndisc_addresses, na);
504 if (na_exist) {
505 na_exist->marked = false;
506 na_exist->router = router;
507 return 0;
508 }
509
510 r = set_ensure_put(&link->ndisc_addresses, &ndisc_address_hash_ops, na);
511 if (r < 0)
512 return log_link_error_errno(link, r, "Failed to store NDisc SLAAC address: %m");
513 assert(r > 0);
514 TAKE_PTR(na);
515
516 return 0;
517 }
518
519 static int ndisc_request_address(Address *in, Link *link, sd_ndisc_router *rt) {
520 _cleanup_(address_freep) Address *address = in;
521 Request *req;
522 int r;
523
524 assert(address);
525 assert(link);
526 assert(rt);
527
528 if (address_get(link, address, NULL) < 0)
529 link->ndisc_addresses_configured = false;
530
531 r = link_request_address(link, TAKE_PTR(address), true, &link->ndisc_addresses_messages,
532 ndisc_address_handler, &req);
533 if (r <= 0)
534 return r;
535
536 req->userdata = sd_ndisc_router_ref(rt);
537 req->after_configure = ndisc_after_address_configure;
538 req->on_free = ndisc_request_on_free;
539
540 return 0;
541 }
542
543 static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) {
544 _cleanup_(route_freep) Route *route = NULL;
545 struct in6_addr gateway;
546 uint32_t mtu = 0;
547 unsigned preference;
548 uint16_t lifetime;
549 usec_t time_now;
550 int r;
551
552 assert(link);
553 assert(rt);
554
555 r = sd_ndisc_router_get_lifetime(rt, &lifetime);
556 if (r < 0)
557 return log_link_error_errno(link, r, "Failed to get gateway lifetime from RA: %m");
558
559 if (lifetime == 0) /* not a default router */
560 return 0;
561
562 r = sd_ndisc_router_get_address(rt, &gateway);
563 if (r < 0)
564 return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m");
565
566 if (link_get_ipv6_address(link, &gateway, NULL) >= 0) {
567 if (DEBUG_LOGGING) {
568 _cleanup_free_ char *buffer = NULL;
569
570 (void) in6_addr_to_string(&gateway, &buffer);
571 log_link_debug(link, "No NDisc route added, gateway %s matches local address",
572 strna(buffer));
573 }
574 return 0;
575 }
576
577 r = sd_ndisc_router_get_preference(rt, &preference);
578 if (r < 0)
579 return log_link_error_errno(link, r, "Failed to get default router preference from RA: %m");
580
581 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
582 if (r < 0)
583 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
584
585 if (link->network->ipv6_accept_ra_use_mtu) {
586 r = sd_ndisc_router_get_mtu(rt, &mtu);
587 if (r < 0 && r != -ENODATA)
588 return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m");
589 }
590
591 r = route_new(&route);
592 if (r < 0)
593 return log_oom();
594
595 route->family = AF_INET6;
596 route->pref = preference;
597 route->gw_family = AF_INET6;
598 route->gw.in6 = gateway;
599 route->lifetime = usec_add(time_now, lifetime * USEC_PER_SEC);
600 route->mtu = mtu;
601
602 r = ndisc_request_route(TAKE_PTR(route), link, rt);
603 if (r < 0)
604 return log_link_error_errno(link, r, "Could not request default route: %m");
605
606 Route *route_gw;
607 HASHMAP_FOREACH(route_gw, link->network->routes_by_section) {
608 if (!route_gw->gateway_from_dhcp_or_ra)
609 continue;
610
611 if (route_gw->gw_family != AF_INET6)
612 continue;
613
614 r = route_dup(route_gw, &route);
615 if (r < 0)
616 return r;
617
618 route->gw.in6 = gateway;
619 if (!route->pref_set)
620 route->pref = preference;
621 route->lifetime = usec_add(time_now, lifetime * USEC_PER_SEC);
622 if (route->mtu == 0)
623 route->mtu = mtu;
624
625 r = ndisc_request_route(TAKE_PTR(route), link, rt);
626 if (r < 0)
627 return log_link_error_errno(link, r, "Could not request gateway: %m");
628 }
629
630 return 0;
631 }
632
633 static bool stable_private_address_is_valid(const struct in6_addr *addr) {
634 assert(addr);
635
636 /* According to rfc4291, generated address should not be in the following ranges. */
637
638 if (memcmp(addr, &SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291, SUBNET_ROUTER_ANYCAST_PREFIXLEN) == 0)
639 return false;
640
641 if (memcmp(addr, &RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291, RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN) == 0)
642 return false;
643
644 if (memcmp(addr, &RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291, RESERVED_SUBNET_ANYCAST_PREFIXLEN) == 0)
645 return false;
646
647 return true;
648 }
649
650 static int make_stable_private_address(Link *link, const struct in6_addr *prefix, uint8_t prefix_len, uint8_t dad_counter, struct in6_addr **ret) {
651 _cleanup_free_ struct in6_addr *addr = NULL;
652 sd_id128_t secret_key;
653 struct siphash state;
654 uint64_t rid;
655 size_t l;
656 int r;
657
658 /* According to rfc7217 section 5.1
659 * RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) */
660
661 r = sd_id128_get_machine_app_specific(NDISC_APP_ID, &secret_key);
662 if (r < 0)
663 return log_link_warning_errno(link, r, "Failed to generate key for IPv6 stable private address: %m");
664
665 siphash24_init(&state, secret_key.bytes);
666
667 l = MAX(DIV_ROUND_UP(prefix_len, 8), 8);
668 siphash24_compress(prefix, l, &state);
669 siphash24_compress_string(link->ifname, &state);
670 /* Only last 8 bytes of IB MAC are stable */
671 if (link->iftype == ARPHRD_INFINIBAND)
672 siphash24_compress(&link->hw_addr.infiniband[12], 8, &state);
673 else
674 siphash24_compress(link->hw_addr.bytes, link->hw_addr.length, &state);
675 siphash24_compress(&dad_counter, sizeof(uint8_t), &state);
676
677 rid = htole64(siphash24_finalize(&state));
678
679 addr = new(struct in6_addr, 1);
680 if (!addr)
681 return log_oom();
682
683 memcpy(addr->s6_addr, prefix->s6_addr, l);
684 memcpy(addr->s6_addr + l, &rid, 16 - l);
685
686 if (!stable_private_address_is_valid(addr)) {
687 *ret = NULL;
688 return 0;
689 }
690
691 *ret = TAKE_PTR(addr);
692 return 1;
693 }
694
695 static int ndisc_router_generate_addresses(Link *link, struct in6_addr *address, uint8_t prefixlen, Set **ret) {
696 _cleanup_set_free_free_ Set *addresses = NULL;
697 IPv6Token *j;
698 int r;
699
700 assert(link);
701 assert(address);
702 assert(ret);
703
704 addresses = set_new(&in6_addr_hash_ops);
705 if (!addresses)
706 return log_oom();
707
708 ORDERED_SET_FOREACH(j, link->network->ipv6_tokens) {
709 _cleanup_free_ struct in6_addr *new_address = NULL;
710
711 if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE
712 && (in6_addr_is_null(&j->prefix) || in6_addr_equal(&j->prefix, address))) {
713 /* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop
714 * does not actually attempt Duplicate Address Detection; the counter will be incremented
715 * only when the address generation algorithm produces an invalid address, and the loop
716 * may exit with an address which ends up being unusable due to duplication on the link. */
717 for (; j->dad_counter < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; j->dad_counter++) {
718 r = make_stable_private_address(link, address, prefixlen, j->dad_counter, &new_address);
719 if (r < 0)
720 return r;
721 if (r > 0)
722 break;
723 }
724 } else if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC) {
725 new_address = new(struct in6_addr, 1);
726 if (!new_address)
727 return log_oom();
728
729 memcpy(new_address->s6_addr, address->s6_addr, 8);
730 memcpy(new_address->s6_addr + 8, j->prefix.s6_addr + 8, 8);
731 }
732
733 if (new_address) {
734 r = set_put(addresses, new_address);
735 if (r < 0)
736 return log_link_error_errno(link, r, "Failed to store SLAAC address: %m");
737 else if (r == 0)
738 log_link_debug_errno(link, r, "Generated SLAAC address is duplicated, ignoring.");
739 else
740 TAKE_PTR(new_address);
741 }
742 }
743
744 /* fall back to EUI-64 if no tokens provided addresses */
745 if (set_isempty(addresses)) {
746 _cleanup_free_ struct in6_addr *new_address = NULL;
747
748 new_address = newdup(struct in6_addr, address, 1);
749 if (!new_address)
750 return log_oom();
751
752 r = generate_ipv6_eui_64_address(link, new_address);
753 if (r < 0)
754 return log_link_error_errno(link, r, "Failed to generate EUI64 address: %m");
755
756 r = set_put(addresses, new_address);
757 if (r < 0)
758 return log_link_error_errno(link, r, "Failed to store SLAAC address: %m");
759
760 TAKE_PTR(new_address);
761 }
762
763 *ret = TAKE_PTR(addresses);
764
765 return 0;
766 }
767
768 static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) {
769 uint32_t lifetime_valid, lifetime_preferred;
770 _cleanup_set_free_free_ Set *addresses = NULL;
771 struct in6_addr addr, *a;
772 unsigned prefixlen;
773 usec_t time_now;
774 int r;
775
776 assert(link);
777 assert(rt);
778
779 /* Do not use clock_boottime_or_monotonic() here, as the kernel internally manages cstamp and
780 * tstamp with jiffies, and it is not increased while the system is suspended. */
781 r = sd_ndisc_router_get_timestamp(rt, CLOCK_MONOTONIC, &time_now);
782 if (r < 0)
783 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
784
785 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
786 if (r < 0)
787 return log_link_error_errno(link, r, "Failed to get prefix length: %m");
788
789 r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid);
790 if (r < 0)
791 return log_link_error_errno(link, r, "Failed to get prefix valid lifetime: %m");
792
793 if (lifetime_valid == 0) {
794 log_link_debug(link, "Ignoring prefix as its valid lifetime is zero.");
795 return 0;
796 }
797
798 r = sd_ndisc_router_prefix_get_preferred_lifetime(rt, &lifetime_preferred);
799 if (r < 0)
800 return log_link_error_errno(link, r, "Failed to get prefix preferred lifetime: %m");
801
802 /* The preferred lifetime is never greater than the valid lifetime */
803 if (lifetime_preferred > lifetime_valid)
804 return 0;
805
806 r = sd_ndisc_router_prefix_get_address(rt, &addr);
807 if (r < 0)
808 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
809
810 r = ndisc_router_generate_addresses(link, &addr, prefixlen, &addresses);
811 if (r < 0)
812 return r;
813
814 SET_FOREACH(a, addresses) {
815 _cleanup_(address_freep) Address *address = NULL;
816 Address *e;
817
818 r = address_new(&address);
819 if (r < 0)
820 return log_oom();
821
822 address->family = AF_INET6;
823 address->in_addr.in6 = *a;
824 address->prefixlen = prefixlen;
825 address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
826 address->cinfo.ifa_valid = lifetime_valid;
827 address->cinfo.ifa_prefered = lifetime_preferred;
828
829 /* See RFC4862, section 5.5.3.e. But the following logic is deviated from RFC4862 by
830 * honoring all valid lifetimes to improve the reaction of SLAAC to renumbering events.
831 * See draft-ietf-6man-slaac-renum-02, section 4.2. */
832 r = address_get(link, address, &e);
833 if (r > 0) {
834 /* If the address is already assigned, but not valid anymore, then refuse to
835 * update the address, and it will be removed. */
836 if (e->cinfo.ifa_valid != CACHE_INFO_INFINITY_LIFE_TIME &&
837 usec_add(e->cinfo.tstamp / 100 * USEC_PER_SEC,
838 e->cinfo.ifa_valid * USEC_PER_SEC) < time_now)
839 continue;
840 }
841
842 r = ndisc_request_address(TAKE_PTR(address), link, rt);
843 if (r < 0)
844 return log_link_error_errno(link, r, "Could not request SLAAC address: %m");
845 }
846
847 return 0;
848 }
849
850 static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
851 _cleanup_(route_freep) Route *route = NULL;
852 usec_t time_now;
853 uint32_t lifetime;
854 unsigned prefixlen;
855 int r;
856
857 assert(link);
858 assert(rt);
859
860 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
861 if (r < 0)
862 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
863
864 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
865 if (r < 0)
866 return log_link_error_errno(link, r, "Failed to get prefix length: %m");
867
868 r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime);
869 if (r < 0)
870 return log_link_error_errno(link, r, "Failed to get prefix lifetime: %m");
871
872 r = route_new(&route);
873 if (r < 0)
874 return log_oom();
875
876 route->family = AF_INET6;
877 route->flags = RTM_F_PREFIX;
878 route->dst_prefixlen = prefixlen;
879 route->lifetime = usec_add(time_now, lifetime * USEC_PER_SEC);
880
881 r = sd_ndisc_router_prefix_get_address(rt, &route->dst.in6);
882 if (r < 0)
883 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
884
885 r = ndisc_request_route(TAKE_PTR(route), link, rt);
886 if (r < 0)
887 return log_link_error_errno(link, r, "Could not request prefix route: %m");;
888
889 return 0;
890 }
891
892 static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
893 _cleanup_(route_freep) Route *route = NULL;
894 struct in6_addr gateway, dst;
895 uint32_t lifetime;
896 unsigned preference, prefixlen;
897 usec_t time_now;
898 int r;
899
900 assert(link);
901
902 r = sd_ndisc_router_route_get_lifetime(rt, &lifetime);
903 if (r < 0)
904 return log_link_error_errno(link, r, "Failed to get route lifetime from RA: %m");
905
906 if (lifetime == 0)
907 return 0;
908
909 r = sd_ndisc_router_route_get_address(rt, &dst);
910 if (r < 0)
911 return log_link_error_errno(link, r, "Failed to get route destination address: %m");
912
913 r = sd_ndisc_router_route_get_prefixlen(rt, &prefixlen);
914 if (r < 0)
915 return log_link_error_errno(link, r, "Failed to get route prefix length: %m");
916
917 if (in6_prefix_is_filtered(&dst, prefixlen, link->network->ndisc_allow_listed_route_prefix, link->network->ndisc_deny_listed_route_prefix)) {
918 if (DEBUG_LOGGING) {
919 _cleanup_free_ char *buf = NULL;
920
921 (void) in6_addr_prefix_to_string(&dst, prefixlen, &buf);
922 if (!set_isempty(link->network->ndisc_allow_listed_route_prefix))
923 log_link_debug(link, "Route prefix '%s' is not in allow list, ignoring", strna(buf));
924 else
925 log_link_debug(link, "Route prefix '%s' is in deny list, ignoring", strna(buf));
926 }
927 return 0;
928 }
929
930 r = sd_ndisc_router_get_address(rt, &gateway);
931 if (r < 0)
932 return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m");
933
934 if (link_get_ipv6_address(link, &gateway, NULL) >= 0) {
935 if (DEBUG_LOGGING) {
936 _cleanup_free_ char *buf = NULL;
937
938 (void) in6_addr_to_string(&gateway, &buf);
939 log_link_debug(link, "Advertised route gateway %s is local to the link, ignoring route", strna(buf));
940 }
941 return 0;
942 }
943
944 r = sd_ndisc_router_route_get_preference(rt, &preference);
945 if (r < 0)
946 return log_link_error_errno(link, r, "Failed to get default router preference from RA: %m");
947
948 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
949 if (r < 0)
950 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
951
952 r = route_new(&route);
953 if (r < 0)
954 return log_oom();
955
956 route->family = AF_INET6;
957 route->pref = preference;
958 route->gw.in6 = gateway;
959 route->gw_family = AF_INET6;
960 route->dst.in6 = dst;
961 route->dst_prefixlen = prefixlen;
962 route->lifetime = usec_add(time_now, lifetime * USEC_PER_SEC);
963
964 r = ndisc_request_route(TAKE_PTR(route), link, rt);
965 if (r < 0)
966 return log_link_error_errno(link, r, "Could not request additional route: %m");
967
968 return 0;
969 }
970
971 static void ndisc_rdnss_hash_func(const NDiscRDNSS *x, struct siphash *state) {
972 siphash24_compress(&x->address, sizeof(x->address), state);
973 }
974
975 static int ndisc_rdnss_compare_func(const NDiscRDNSS *a, const NDiscRDNSS *b) {
976 return memcmp(&a->address, &b->address, sizeof(a->address));
977 }
978
979 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
980 ndisc_rdnss_hash_ops,
981 NDiscRDNSS,
982 ndisc_rdnss_hash_func,
983 ndisc_rdnss_compare_func,
984 free);
985
986 static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) {
987 uint32_t lifetime;
988 const struct in6_addr *a;
989 struct in6_addr router;
990 NDiscRDNSS *rdnss;
991 usec_t time_now;
992 bool updated = false;
993 int n, r;
994
995 assert(link);
996 assert(rt);
997
998 r = sd_ndisc_router_get_address(rt, &router);
999 if (r < 0)
1000 return log_link_error_errno(link, r, "Failed to get router address from RA: %m");
1001
1002 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
1003 if (r < 0)
1004 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
1005
1006 r = sd_ndisc_router_rdnss_get_lifetime(rt, &lifetime);
1007 if (r < 0)
1008 return log_link_error_errno(link, r, "Failed to get RDNSS lifetime: %m");
1009
1010 n = sd_ndisc_router_rdnss_get_addresses(rt, &a);
1011 if (n < 0)
1012 return log_link_error_errno(link, n, "Failed to get RDNSS addresses: %m");
1013
1014 SET_FOREACH(rdnss, link->ndisc_rdnss)
1015 if (in6_addr_equal(&rdnss->router, &router))
1016 rdnss->marked = true;
1017
1018 if (lifetime == 0)
1019 return 0;
1020
1021 if (n >= (int) NDISC_RDNSS_MAX) {
1022 log_link_warning(link, "Too many RDNSS records per link. Only first %i records will be used.", NDISC_RDNSS_MAX);
1023 n = NDISC_RDNSS_MAX;
1024 }
1025
1026 for (int j = 0; j < n; j++) {
1027 _cleanup_free_ NDiscRDNSS *x = NULL;
1028 NDiscRDNSS d = {
1029 .address = a[j],
1030 };
1031
1032 rdnss = set_get(link->ndisc_rdnss, &d);
1033 if (rdnss) {
1034 rdnss->marked = false;
1035 rdnss->router = router;
1036 rdnss->valid_until = usec_add(time_now, lifetime * USEC_PER_SEC);
1037 continue;
1038 }
1039
1040 x = new(NDiscRDNSS, 1);
1041 if (!x)
1042 return log_oom();
1043
1044 *x = (NDiscRDNSS) {
1045 .address = a[j],
1046 .router = router,
1047 .valid_until = usec_add(time_now, lifetime * USEC_PER_SEC),
1048 };
1049
1050 r = set_ensure_consume(&link->ndisc_rdnss, &ndisc_rdnss_hash_ops, TAKE_PTR(x));
1051 if (r < 0)
1052 return log_oom();
1053 assert(r > 0);
1054
1055 updated = true;
1056 }
1057
1058 if (updated)
1059 link_dirty(link);
1060
1061 return 0;
1062 }
1063
1064 static void ndisc_dnssl_hash_func(const NDiscDNSSL *x, struct siphash *state) {
1065 siphash24_compress_string(NDISC_DNSSL_DOMAIN(x), state);
1066 }
1067
1068 static int ndisc_dnssl_compare_func(const NDiscDNSSL *a, const NDiscDNSSL *b) {
1069 return strcmp(NDISC_DNSSL_DOMAIN(a), NDISC_DNSSL_DOMAIN(b));
1070 }
1071
1072 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
1073 ndisc_dnssl_hash_ops,
1074 NDiscDNSSL,
1075 ndisc_dnssl_hash_func,
1076 ndisc_dnssl_compare_func,
1077 free);
1078
1079 static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) {
1080 _cleanup_strv_free_ char **l = NULL;
1081 struct in6_addr router;
1082 uint32_t lifetime;
1083 usec_t time_now;
1084 NDiscDNSSL *dnssl;
1085 bool updated = false;
1086 char **j;
1087 int r;
1088
1089 assert(link);
1090 assert(rt);
1091
1092 r = sd_ndisc_router_get_address(rt, &router);
1093 if (r < 0)
1094 return log_link_error_errno(link, r, "Failed to get router address from RA: %m");
1095
1096 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
1097 if (r < 0)
1098 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
1099
1100 r = sd_ndisc_router_dnssl_get_lifetime(rt, &lifetime);
1101 if (r < 0)
1102 return log_link_error_errno(link, r, "Failed to get DNSSL lifetime: %m");
1103
1104 r = sd_ndisc_router_dnssl_get_domains(rt, &l);
1105 if (r < 0)
1106 return log_link_error_errno(link, r, "Failed to get DNSSL addresses: %m");
1107
1108 SET_FOREACH(dnssl, link->ndisc_dnssl)
1109 if (in6_addr_equal(&dnssl->router, &router))
1110 dnssl->marked = true;
1111
1112 if (lifetime == 0)
1113 return 0;
1114
1115 if (strv_length(l) >= NDISC_DNSSL_MAX) {
1116 log_link_warning(link, "Too many DNSSL records per link. Only first %i records will be used.", NDISC_DNSSL_MAX);
1117 STRV_FOREACH(j, l + NDISC_DNSSL_MAX)
1118 *j = mfree(*j);
1119 }
1120
1121 STRV_FOREACH(j, l) {
1122 _cleanup_free_ NDiscDNSSL *s = NULL;
1123
1124 s = malloc0(ALIGN(sizeof(NDiscDNSSL)) + strlen(*j) + 1);
1125 if (!s)
1126 return log_oom();
1127
1128 strcpy(NDISC_DNSSL_DOMAIN(s), *j);
1129
1130 dnssl = set_get(link->ndisc_dnssl, s);
1131 if (dnssl) {
1132 dnssl->marked = false;
1133 dnssl->router = router;
1134 dnssl->valid_until = usec_add(time_now, lifetime * USEC_PER_SEC);
1135 continue;
1136 }
1137
1138 s->router = router;
1139 s->valid_until = usec_add(time_now, lifetime * USEC_PER_SEC);
1140
1141 r = set_ensure_consume(&link->ndisc_dnssl, &ndisc_dnssl_hash_ops, TAKE_PTR(s));
1142 if (r < 0)
1143 return log_oom();
1144 assert(r > 0);
1145
1146 updated = true;
1147 }
1148
1149 if (updated)
1150 link_dirty(link);
1151
1152 return 0;
1153 }
1154
1155 static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
1156 assert(link);
1157 assert(link->network);
1158 assert(rt);
1159
1160 for (int r = sd_ndisc_router_option_rewind(rt); ; r = sd_ndisc_router_option_next(rt)) {
1161 uint8_t type;
1162
1163 if (r < 0)
1164 return log_link_error_errno(link, r, "Failed to iterate through options: %m");
1165 if (r == 0) /* EOF */
1166 return 0;
1167
1168 r = sd_ndisc_router_option_get_type(rt, &type);
1169 if (r < 0)
1170 return log_link_error_errno(link, r, "Failed to get RA option type: %m");
1171
1172 switch (type) {
1173
1174 case SD_NDISC_OPTION_PREFIX_INFORMATION: {
1175 unsigned prefixlen;
1176 struct in6_addr a;
1177 uint8_t flags;
1178
1179 r = sd_ndisc_router_prefix_get_address(rt, &a);
1180 if (r < 0)
1181 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
1182
1183 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
1184 if (r < 0)
1185 return log_link_error_errno(link, r, "Failed to get prefix length: %m");
1186
1187 if (in6_prefix_is_filtered(&a, prefixlen, link->network->ndisc_allow_listed_prefix, link->network->ndisc_deny_listed_prefix)) {
1188 if (DEBUG_LOGGING) {
1189 _cleanup_free_ char *b = NULL;
1190
1191 (void) in6_addr_prefix_to_string(&a, prefixlen, &b);
1192 if (!set_isempty(link->network->ndisc_allow_listed_prefix))
1193 log_link_debug(link, "Prefix '%s' is not in allow list, ignoring", strna(b));
1194 else
1195 log_link_debug(link, "Prefix '%s' is in deny list, ignoring", strna(b));
1196 }
1197 break;
1198 }
1199
1200 r = sd_ndisc_router_prefix_get_flags(rt, &flags);
1201 if (r < 0)
1202 return log_link_error_errno(link, r, "Failed to get RA prefix flags: %m");
1203
1204 if (link->network->ipv6_accept_ra_use_onlink_prefix &&
1205 FLAGS_SET(flags, ND_OPT_PI_FLAG_ONLINK)) {
1206 r = ndisc_router_process_onlink_prefix(link, rt);
1207 if (r < 0)
1208 return r;
1209 }
1210
1211 if (link->network->ipv6_accept_ra_use_autonomous_prefix &&
1212 FLAGS_SET(flags, ND_OPT_PI_FLAG_AUTO)) {
1213 r = ndisc_router_process_autonomous_prefix(link, rt);
1214 if (r < 0)
1215 return r;
1216 }
1217 break;
1218 }
1219
1220 case SD_NDISC_OPTION_ROUTE_INFORMATION:
1221 r = ndisc_router_process_route(link, rt);
1222 if (r < 0)
1223 return r;
1224 break;
1225
1226 case SD_NDISC_OPTION_RDNSS:
1227 if (link->network->ipv6_accept_ra_use_dns) {
1228 r = ndisc_router_process_rdnss(link, rt);
1229 if (r < 0)
1230 return r;
1231 }
1232 break;
1233
1234 case SD_NDISC_OPTION_DNSSL:
1235 if (link->network->ipv6_accept_ra_use_dns) {
1236 r = ndisc_router_process_dnssl(link, rt);
1237 if (r < 0)
1238 return r;
1239 }
1240 break;
1241 }
1242 }
1243 }
1244
1245 static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
1246 struct in6_addr router;
1247 uint64_t flags;
1248 NDiscAddress *na;
1249 NDiscRoute *nr;
1250 int r;
1251
1252 assert(link);
1253 assert(link->network);
1254 assert(link->manager);
1255 assert(rt);
1256
1257 r = sd_ndisc_router_get_address(rt, &router);
1258 if (r < 0)
1259 return log_link_error_errno(link, r, "Failed to get router address from RA: %m");
1260
1261 if (in6_prefix_is_filtered(&router, 128, link->network->ndisc_allow_listed_router, link->network->ndisc_deny_listed_router)) {
1262 if (DEBUG_LOGGING) {
1263 _cleanup_free_ char *buf = NULL;
1264
1265 (void) in6_addr_to_string(&router, &buf);
1266 if (!set_isempty(link->network->ndisc_allow_listed_router))
1267 log_link_debug(link, "Router '%s' is not in allow list, ignoring", strna(buf));
1268 else
1269 log_link_debug(link, "Router '%s' is in deny list, ignoring", strna(buf));
1270 }
1271 return 0;
1272 }
1273
1274 SET_FOREACH(na, link->ndisc_addresses)
1275 if (in6_addr_equal(&na->router, &router))
1276 na->marked = true;
1277
1278 SET_FOREACH(nr, link->ndisc_routes)
1279 if (in6_addr_equal(&nr->router, &router))
1280 nr->marked = true;
1281
1282 r = sd_ndisc_router_get_flags(rt, &flags);
1283 if (r < 0)
1284 return log_link_error_errno(link, r, "Failed to get RA flags: %m");
1285
1286 if ((flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER) &&
1287 link->network->ipv6_accept_ra_start_dhcp6_client != IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO) ||
1288 link->network->ipv6_accept_ra_start_dhcp6_client == IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS) {
1289
1290 if (flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER))
1291 /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags */
1292 r = dhcp6_request_information(link, !(flags & ND_RA_FLAG_MANAGED));
1293 else
1294 /* When IPv6AcceptRA.DHCPv6Client=always, start dhcp6 client in managed mode
1295 * even if router does not have M or O flag. */
1296 r = dhcp6_request_information(link, false);
1297 if (r < 0 && r != -EBUSY)
1298 return log_link_error_errno(link, r, "Could not acquire DHCPv6 lease on NDisc request: %m");
1299 else
1300 log_link_debug(link, "Acquiring DHCPv6 lease on NDisc request");
1301 }
1302
1303 r = ndisc_router_process_default(link, rt);
1304 if (r < 0)
1305 return r;
1306 r = ndisc_router_process_options(link, rt);
1307 if (r < 0)
1308 return r;
1309
1310 if (link->ndisc_addresses_messages == 0)
1311 link->ndisc_addresses_configured = true;
1312 else
1313 log_link_debug(link, "Setting SLAAC addresses.");
1314
1315 if (link->ndisc_routes_messages == 0)
1316 link->ndisc_routes_configured = true;
1317 else
1318 log_link_debug(link, "Setting NDisc routes.");
1319
1320 r = ndisc_remove_old(link);
1321 if (r < 0)
1322 return r;
1323
1324 if (!link->ndisc_addresses_configured || !link->ndisc_routes_configured)
1325 link_set_state(link, LINK_STATE_CONFIGURING);
1326
1327 link_check_ready(link);
1328 return 0;
1329 }
1330
1331 static void ndisc_handler(sd_ndisc *nd, sd_ndisc_event_t event, sd_ndisc_router *rt, void *userdata) {
1332 Link *link = userdata;
1333 int r;
1334
1335 assert(link);
1336
1337 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
1338 return;
1339
1340 switch (event) {
1341
1342 case SD_NDISC_EVENT_ROUTER:
1343 r = ndisc_router_handler(link, rt);
1344 if (r < 0) {
1345 link_enter_failed(link);
1346 return;
1347 }
1348 break;
1349
1350 case SD_NDISC_EVENT_TIMEOUT:
1351 log_link_debug(link, "NDisc handler get timeout event");
1352 if (link->ndisc_addresses_messages == 0 && link->ndisc_routes_messages == 0) {
1353 link->ndisc_addresses_configured = true;
1354 link->ndisc_routes_configured = true;
1355 link_check_ready(link);
1356 }
1357 break;
1358 default:
1359 assert_not_reached();
1360 }
1361 }
1362
1363 int ndisc_configure(Link *link) {
1364 int r;
1365
1366 assert(link);
1367
1368 if (!link_ipv6_accept_ra_enabled(link))
1369 return 0;
1370
1371 if (link->ndisc)
1372 return -EBUSY; /* Already configured. */
1373
1374 r = sd_ndisc_new(&link->ndisc);
1375 if (r < 0)
1376 return r;
1377
1378 r = sd_ndisc_attach_event(link->ndisc, link->manager->event, 0);
1379 if (r < 0)
1380 return r;
1381
1382 r = sd_ndisc_set_mac(link->ndisc, &link->hw_addr.ether);
1383 if (r < 0)
1384 return r;
1385
1386 r = sd_ndisc_set_ifindex(link->ndisc, link->ifindex);
1387 if (r < 0)
1388 return r;
1389
1390 r = sd_ndisc_set_callback(link->ndisc, ndisc_handler, link);
1391 if (r < 0)
1392 return r;
1393
1394 return 0;
1395 }
1396
1397 int ndisc_start(Link *link) {
1398 assert(link);
1399
1400 if (!link->ndisc || !link->dhcp6_client)
1401 return 0;
1402
1403 if (!link_has_carrier(link))
1404 return 0;
1405
1406 log_link_debug(link, "Discovering IPv6 routers");
1407
1408 return sd_ndisc_start(link->ndisc);
1409 }
1410
1411 void ndisc_vacuum(Link *link) {
1412 NDiscRDNSS *r;
1413 NDiscDNSSL *d;
1414 usec_t time_now;
1415
1416 assert(link);
1417
1418 /* Removes all RDNSS and DNSSL entries whose validity time has passed */
1419
1420 time_now = now(clock_boottime_or_monotonic());
1421
1422 SET_FOREACH(r, link->ndisc_rdnss)
1423 if (r->valid_until < time_now)
1424 free(set_remove(link->ndisc_rdnss, r));
1425
1426 SET_FOREACH(d, link->ndisc_dnssl)
1427 if (d->valid_until < time_now)
1428 free(set_remove(link->ndisc_dnssl, d));
1429 }
1430
1431 void ndisc_flush(Link *link) {
1432 assert(link);
1433
1434 /* Removes all RDNSS and DNSSL entries, without exception */
1435
1436 link->ndisc_rdnss = set_free(link->ndisc_rdnss);
1437 link->ndisc_dnssl = set_free(link->ndisc_dnssl);
1438 }
1439
1440 static int ipv6token_new(IPv6Token **ret) {
1441 IPv6Token *p;
1442
1443 p = new(IPv6Token, 1);
1444 if (!p)
1445 return -ENOMEM;
1446
1447 *p = (IPv6Token) {
1448 .address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_NONE,
1449 };
1450
1451 *ret = TAKE_PTR(p);
1452
1453 return 0;
1454 }
1455
1456 static void ipv6_token_hash_func(const IPv6Token *p, struct siphash *state) {
1457 siphash24_compress(&p->address_generation_type, sizeof(p->address_generation_type), state);
1458 siphash24_compress(&p->prefix, sizeof(p->prefix), state);
1459 }
1460
1461 static int ipv6_token_compare_func(const IPv6Token *a, const IPv6Token *b) {
1462 int r;
1463
1464 r = CMP(a->address_generation_type, b->address_generation_type);
1465 if (r != 0)
1466 return r;
1467
1468 return memcmp(&a->prefix, &b->prefix, sizeof(struct in6_addr));
1469 }
1470
1471 DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(
1472 ipv6_token_hash_ops,
1473 IPv6Token,
1474 ipv6_token_hash_func,
1475 ipv6_token_compare_func,
1476 free);
1477
1478 int config_parse_address_generation_type(
1479 const char *unit,
1480 const char *filename,
1481 unsigned line,
1482 const char *section,
1483 unsigned section_line,
1484 const char *lvalue,
1485 int ltype,
1486 const char *rvalue,
1487 void *data,
1488 void *userdata) {
1489
1490 _cleanup_free_ IPv6Token *token = NULL;
1491 union in_addr_union buffer;
1492 Network *network = data;
1493 const char *p;
1494 int r;
1495
1496 assert(filename);
1497 assert(lvalue);
1498 assert(rvalue);
1499 assert(data);
1500
1501 if (isempty(rvalue)) {
1502 network->ipv6_tokens = ordered_set_free(network->ipv6_tokens);
1503 return 0;
1504 }
1505
1506 r = ipv6token_new(&token);
1507 if (r < 0)
1508 return log_oom();
1509
1510 if ((p = startswith(rvalue, "prefixstable"))) {
1511 token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE;
1512 if (*p == ':')
1513 p++;
1514 else if (*p == '\0')
1515 p = NULL;
1516 else {
1517 log_syntax(unit, LOG_WARNING, filename, line, 0,
1518 "Invalid IPv6 token mode in %s=, ignoring assignment: %s",
1519 lvalue, rvalue);
1520 return 0;
1521 }
1522 } else {
1523 token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_STATIC;
1524 p = startswith(rvalue, "static:");
1525 if (!p)
1526 p = rvalue;
1527 }
1528
1529 if (p) {
1530 r = in_addr_from_string(AF_INET6, p, &buffer);
1531 if (r < 0) {
1532 log_syntax(unit, LOG_WARNING, filename, line, r,
1533 "Failed to parse IP address in %s=, ignoring assignment: %s",
1534 lvalue, rvalue);
1535 return 0;
1536 }
1537 if (token->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC &&
1538 in_addr_is_null(AF_INET6, &buffer)) {
1539 log_syntax(unit, LOG_WARNING, filename, line, 0,
1540 "IPv6 address in %s= cannot be the ANY address, ignoring assignment: %s",
1541 lvalue, rvalue);
1542 return 0;
1543 }
1544 token->prefix = buffer.in6;
1545 }
1546
1547 r = ordered_set_ensure_put(&network->ipv6_tokens, &ipv6_token_hash_ops, token);
1548 if (r == -ENOMEM)
1549 return log_oom();
1550 if (r == -EEXIST)
1551 log_syntax(unit, LOG_DEBUG, filename, line, r,
1552 "IPv6 token '%s' is duplicated, ignoring: %m", rvalue);
1553 else if (r < 0)
1554 log_syntax(unit, LOG_WARNING, filename, line, r,
1555 "Failed to store IPv6 token '%s', ignoring: %m", rvalue);
1556 else
1557 TAKE_PTR(token);
1558
1559 return 0;
1560 }
1561
1562 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_use_domains, dhcp_use_domains, DHCPUseDomains,
1563 "Failed to parse UseDomains= setting");
1564 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_start_dhcp6_client, ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client,
1565 "Failed to parse DHCPv6Client= setting");
1566 static const char* const ipv6_accept_ra_start_dhcp6_client_table[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX] = {
1567 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO] = "no",
1568 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS] = "always",
1569 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES] = "yes",
1570 };
1571
1572 DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES);
Unnamed repository; edit this file 'description' to name the repository.