1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 Copyright © 2014 Intel Corporation. All rights reserved.
7 #include <netinet/icmp6.h>
12 #include "missing_network.h"
13 #include "networkd-address-generation.h"
14 #include "networkd-address.h"
15 #include "networkd-dhcp6.h"
16 #include "networkd-manager.h"
17 #include "networkd-ndisc.h"
18 #include "networkd-queue.h"
19 #include "networkd-route.h"
20 #include "networkd-state-file.h"
21 #include "string-table.h"
22 #include "string-util.h"
25 #define NDISC_DNSSL_MAX 64U
26 #define NDISC_RDNSS_MAX 64U
28 bool link_ipv6_accept_ra_enabled(Link
*link
) {
31 if (!socket_ipv6_is_supported())
34 if (link
->flags
& IFF_LOOPBACK
)
40 if (!link_ipv6ll_enabled(link
))
43 assert(link
->network
->ipv6_accept_ra
>= 0);
44 return link
->network
->ipv6_accept_ra
;
47 void network_adjust_ipv6_accept_ra(Network
*network
) {
50 if (!FLAGS_SET(network
->link_local
, ADDRESS_FAMILY_IPV6
)) {
51 if (network
->ipv6_accept_ra
> 0)
52 log_warning("%s: IPv6AcceptRA= is enabled but IPv6 link local addressing is disabled or not supported. "
53 "Disabling IPv6AcceptRA=.", network
->filename
);
54 network
->ipv6_accept_ra
= false;
57 if (network
->ipv6_accept_ra
< 0)
58 /* default to accept RA if ip_forward is disabled and ignore RA if ip_forward is enabled */
59 network
->ipv6_accept_ra
= !FLAGS_SET(network
->ip_forward
, ADDRESS_FAMILY_IPV6
);
61 /* When RouterAllowList=, PrefixAllowList= or RouteAllowList= are specified, then
62 * RouterDenyList=, PrefixDenyList= or RouteDenyList= are ignored, respectively. */
63 if (!set_isempty(network
->ndisc_allow_listed_router
))
64 network
->ndisc_deny_listed_router
= set_free_free(network
->ndisc_deny_listed_router
);
65 if (!set_isempty(network
->ndisc_allow_listed_prefix
))
66 network
->ndisc_deny_listed_prefix
= set_free_free(network
->ndisc_deny_listed_prefix
);
67 if (!set_isempty(network
->ndisc_allow_listed_route_prefix
))
68 network
->ndisc_deny_listed_route_prefix
= set_free_free(network
->ndisc_deny_listed_route_prefix
);
71 static int ndisc_remove(Link
*link
, struct in6_addr
*router
) {
81 SET_FOREACH(route
, link
->routes
) {
82 if (route
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
84 if (!route_is_marked(route
))
86 if (router
&& !in6_addr_equal(router
, &route
->provider
.in6
))
89 k
= route_remove(route
);
93 route_cancel_request(route
);
96 SET_FOREACH(address
, link
->addresses
) {
97 if (address
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
99 if (!address_is_marked(address
))
101 if (router
&& !in6_addr_equal(router
, &address
->provider
.in6
))
104 k
= address_remove(address
);
108 address_cancel_request(address
);
111 SET_FOREACH(rdnss
, link
->ndisc_rdnss
) {
114 if (router
&& !in6_addr_equal(router
, &rdnss
->router
))
117 free(set_remove(link
->ndisc_rdnss
, rdnss
));
121 SET_FOREACH(dnssl
, link
->ndisc_dnssl
) {
124 if (router
&& !in6_addr_equal(router
, &dnssl
->router
))
127 free(set_remove(link
->ndisc_dnssl
, dnssl
));
137 static int ndisc_check_ready(Link
*link
);
139 static int ndisc_address_ready_callback(Address
*address
) {
143 assert(address
->link
);
145 SET_FOREACH(a
, address
->link
->addresses
)
146 if (a
->source
== NETWORK_CONFIG_SOURCE_NDISC
)
149 return ndisc_check_ready(address
->link
);
152 static int ndisc_check_ready(Link
*link
) {
153 bool found
= false, ready
= false;
159 if (link
->ndisc_messages
> 0) {
160 log_link_debug(link
, "%s(): SLAAC addresses and routes are not set.", __func__
);
164 SET_FOREACH(address
, link
->addresses
) {
165 if (address
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
170 if (address_is_ready(address
)) {
176 if (found
&& !ready
) {
177 SET_FOREACH(address
, link
->addresses
)
178 if (address
->source
== NETWORK_CONFIG_SOURCE_NDISC
)
179 address
->callback
= ndisc_address_ready_callback
;
181 log_link_debug(link
, "%s(): no SLAAC address is ready.", __func__
);
185 link
->ndisc_configured
= true;
186 log_link_debug(link
, "SLAAC addresses and routes set.");
188 r
= ndisc_remove(link
, NULL
);
192 link_check_ready(link
);
196 static int ndisc_route_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
) {
200 assert(link
->ndisc_messages
> 0);
202 link
->ndisc_messages
--;
204 r
= route_configure_handler_internal(rtnl
, m
, link
, "Could not set NDisc route");
208 r
= ndisc_check_ready(link
);
210 link_enter_failed(link
);
215 static int ndisc_request_route(Route
*in
, Link
*link
, sd_ndisc_router
*rt
) {
216 _cleanup_(route_freep
) Route
*route
= in
;
217 struct in6_addr router
;
225 r
= sd_ndisc_router_get_address(rt
, &router
);
229 route
->source
= NETWORK_CONFIG_SOURCE_NDISC
;
230 route
->provider
.in6
= router
;
231 if (!route
->table_set
)
232 route
->table
= link_get_ipv6_accept_ra_route_table(link
);
233 if (!route
->priority_set
)
234 route
->priority
= link
->network
->ipv6_accept_ra_route_metric
;
235 if (!route
->protocol_set
)
236 route
->protocol
= RTPROT_RA
;
238 if (route_get(NULL
, link
, route
, &existing
) < 0)
239 link
->ndisc_configured
= false;
241 route_unmark(existing
);
243 return link_request_route(link
, TAKE_PTR(route
), true, &link
->ndisc_messages
,
244 ndisc_route_handler
, NULL
);
247 static int ndisc_address_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
) {
251 assert(link
->ndisc_messages
> 0);
253 link
->ndisc_messages
--;
255 r
= address_configure_handler_internal(rtnl
, m
, link
, "Could not set NDisc address");
259 r
= ndisc_check_ready(link
);
261 link_enter_failed(link
);
266 static int ndisc_request_address(Address
*in
, Link
*link
, sd_ndisc_router
*rt
) {
267 _cleanup_(address_freep
) Address
*address
= in
;
268 struct in6_addr router
;
276 r
= sd_ndisc_router_get_address(rt
, &router
);
280 address
->source
= NETWORK_CONFIG_SOURCE_NDISC
;
281 address
->provider
.in6
= router
;
283 if (address_get(link
, address
, &existing
) < 0)
284 link
->ndisc_configured
= false;
286 address_unmark(existing
);
288 return link_request_address(link
, TAKE_PTR(address
), true, &link
->ndisc_messages
,
289 ndisc_address_handler
, NULL
);
292 static int ndisc_router_process_default(Link
*link
, sd_ndisc_router
*rt
) {
293 _cleanup_(route_freep
) Route
*route
= NULL
;
294 struct in6_addr gateway
;
304 r
= sd_ndisc_router_get_lifetime(rt
, &lifetime
);
306 return log_link_error_errno(link
, r
, "Failed to get gateway lifetime from RA: %m");
308 if (lifetime
== 0) /* not a default router */
311 r
= sd_ndisc_router_get_address(rt
, &gateway
);
313 return log_link_error_errno(link
, r
, "Failed to get gateway address from RA: %m");
315 if (link_get_ipv6_address(link
, &gateway
, NULL
) >= 0) {
317 _cleanup_free_
char *buffer
= NULL
;
319 (void) in6_addr_to_string(&gateway
, &buffer
);
320 log_link_debug(link
, "No NDisc route added, gateway %s matches local address",
326 r
= sd_ndisc_router_get_preference(rt
, &preference
);
328 return log_link_error_errno(link
, r
, "Failed to get default router preference from RA: %m");
330 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), &time_now
);
332 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
334 if (link
->network
->ipv6_accept_ra_use_mtu
) {
335 r
= sd_ndisc_router_get_mtu(rt
, &mtu
);
336 if (r
< 0 && r
!= -ENODATA
)
337 return log_link_error_errno(link
, r
, "Failed to get default router MTU from RA: %m");
340 r
= route_new(&route
);
344 route
->family
= AF_INET6
;
345 route
->pref
= preference
;
346 route
->gw_family
= AF_INET6
;
347 route
->gw
.in6
= gateway
;
348 route
->lifetime
= usec_add(time_now
, lifetime
* USEC_PER_SEC
);
351 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
353 return log_link_error_errno(link
, r
, "Could not request default route: %m");
356 HASHMAP_FOREACH(route_gw
, link
->network
->routes_by_section
) {
357 if (!route_gw
->gateway_from_dhcp_or_ra
)
360 if (route_gw
->gw_family
!= AF_INET6
)
363 r
= route_dup(route_gw
, &route
);
367 route
->gw
.in6
= gateway
;
368 if (!route
->pref_set
)
369 route
->pref
= preference
;
370 route
->lifetime
= usec_add(time_now
, lifetime
* USEC_PER_SEC
);
374 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
376 return log_link_error_errno(link
, r
, "Could not request gateway: %m");
382 static int ndisc_router_process_autonomous_prefix(Link
*link
, sd_ndisc_router
*rt
) {
383 uint32_t lifetime_valid
, lifetime_preferred
;
384 _cleanup_set_free_ Set
*addresses
= NULL
;
385 struct in6_addr prefix
, *a
;
393 /* Do not use clock_boottime_or_monotonic() here, as the kernel internally manages cstamp and
394 * tstamp with jiffies, and it is not increased while the system is suspended. */
395 r
= sd_ndisc_router_get_timestamp(rt
, CLOCK_MONOTONIC
, &time_now
);
397 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
399 r
= sd_ndisc_router_prefix_get_address(rt
, &prefix
);
401 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
403 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
405 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
407 /* ndisc_generate_addresses() below requires the prefix length <= 64. */
408 if (prefixlen
> 64) {
409 _cleanup_free_
char *buf
= NULL
;
411 (void) in6_addr_prefix_to_string(&prefix
, prefixlen
, &buf
);
412 log_link_debug(link
, "Prefix is longer than 64, ignoring autonomous prefix %s.", strna(buf
));
416 r
= sd_ndisc_router_prefix_get_valid_lifetime(rt
, &lifetime_valid
);
418 return log_link_error_errno(link
, r
, "Failed to get prefix valid lifetime: %m");
420 if (lifetime_valid
== 0) {
421 log_link_debug(link
, "Ignoring prefix as its valid lifetime is zero.");
425 r
= sd_ndisc_router_prefix_get_preferred_lifetime(rt
, &lifetime_preferred
);
427 return log_link_error_errno(link
, r
, "Failed to get prefix preferred lifetime: %m");
429 /* The preferred lifetime is never greater than the valid lifetime */
430 if (lifetime_preferred
> lifetime_valid
)
433 r
= ndisc_generate_addresses(link
, &prefix
, prefixlen
, &addresses
);
435 return log_link_error_errno(link
, r
, "Failed to generate SLAAC addresses: %m");
437 SET_FOREACH(a
, addresses
) {
438 _cleanup_(address_freep
) Address
*address
= NULL
;
441 r
= address_new(&address
);
445 address
->family
= AF_INET6
;
446 address
->in_addr
.in6
= *a
;
447 address
->prefixlen
= prefixlen
;
448 address
->flags
= IFA_F_NOPREFIXROUTE
|IFA_F_MANAGETEMPADDR
;
449 address
->cinfo
.ifa_valid
= lifetime_valid
;
450 address
->cinfo
.ifa_prefered
= lifetime_preferred
;
452 /* See RFC4862, section 5.5.3.e. But the following logic is deviated from RFC4862 by
453 * honoring all valid lifetimes to improve the reaction of SLAAC to renumbering events.
454 * See draft-ietf-6man-slaac-renum-02, section 4.2. */
455 r
= address_get(link
, address
, &e
);
457 /* If the address is already assigned, but not valid anymore, then refuse to
458 * update the address, and it will be removed. */
459 if (e
->cinfo
.ifa_valid
!= CACHE_INFO_INFINITY_LIFE_TIME
&&
460 usec_add(e
->cinfo
.tstamp
/ 100 * USEC_PER_SEC
,
461 e
->cinfo
.ifa_valid
* USEC_PER_SEC
) < time_now
)
465 r
= ndisc_request_address(TAKE_PTR(address
), link
, rt
);
467 return log_link_error_errno(link
, r
, "Could not request SLAAC address: %m");
473 static int ndisc_router_process_onlink_prefix(Link
*link
, sd_ndisc_router
*rt
) {
474 _cleanup_(route_freep
) Route
*route
= NULL
;
483 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), &time_now
);
485 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
487 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
489 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
491 r
= sd_ndisc_router_prefix_get_valid_lifetime(rt
, &lifetime
);
493 return log_link_error_errno(link
, r
, "Failed to get prefix lifetime: %m");
495 r
= route_new(&route
);
499 route
->family
= AF_INET6
;
500 route
->flags
= RTM_F_PREFIX
;
501 route
->dst_prefixlen
= prefixlen
;
502 route
->lifetime
= usec_add(time_now
, lifetime
* USEC_PER_SEC
);
504 r
= sd_ndisc_router_prefix_get_address(rt
, &route
->dst
.in6
);
506 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
508 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
510 return log_link_error_errno(link
, r
, "Could not request prefix route: %m");;
515 static int ndisc_router_process_route(Link
*link
, sd_ndisc_router
*rt
) {
516 _cleanup_(route_freep
) Route
*route
= NULL
;
517 struct in6_addr gateway
, dst
;
519 unsigned preference
, prefixlen
;
525 r
= sd_ndisc_router_route_get_lifetime(rt
, &lifetime
);
527 return log_link_error_errno(link
, r
, "Failed to get route lifetime from RA: %m");
532 r
= sd_ndisc_router_route_get_address(rt
, &dst
);
534 return log_link_error_errno(link
, r
, "Failed to get route destination address: %m");
536 r
= sd_ndisc_router_route_get_prefixlen(rt
, &prefixlen
);
538 return log_link_error_errno(link
, r
, "Failed to get route prefix length: %m");
540 if (in6_prefix_is_filtered(&dst
, prefixlen
, link
->network
->ndisc_allow_listed_route_prefix
, link
->network
->ndisc_deny_listed_route_prefix
)) {
542 _cleanup_free_
char *buf
= NULL
;
544 (void) in6_addr_prefix_to_string(&dst
, prefixlen
, &buf
);
545 if (!set_isempty(link
->network
->ndisc_allow_listed_route_prefix
))
546 log_link_debug(link
, "Route prefix '%s' is not in allow list, ignoring", strna(buf
));
548 log_link_debug(link
, "Route prefix '%s' is in deny list, ignoring", strna(buf
));
553 r
= sd_ndisc_router_get_address(rt
, &gateway
);
555 return log_link_error_errno(link
, r
, "Failed to get gateway address from RA: %m");
557 if (link_get_ipv6_address(link
, &gateway
, NULL
) >= 0) {
559 _cleanup_free_
char *buf
= NULL
;
561 (void) in6_addr_to_string(&gateway
, &buf
);
562 log_link_debug(link
, "Advertised route gateway %s is local to the link, ignoring route", strna(buf
));
567 r
= sd_ndisc_router_route_get_preference(rt
, &preference
);
569 return log_link_error_errno(link
, r
, "Failed to get default router preference from RA: %m");
571 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), &time_now
);
573 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
575 r
= route_new(&route
);
579 route
->family
= AF_INET6
;
580 route
->pref
= preference
;
581 route
->gw
.in6
= gateway
;
582 route
->gw_family
= AF_INET6
;
583 route
->dst
.in6
= dst
;
584 route
->dst_prefixlen
= prefixlen
;
585 route
->lifetime
= usec_add(time_now
, lifetime
* USEC_PER_SEC
);
587 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
589 return log_link_error_errno(link
, r
, "Could not request additional route: %m");
594 static void ndisc_rdnss_hash_func(const NDiscRDNSS
*x
, struct siphash
*state
) {
595 siphash24_compress(&x
->address
, sizeof(x
->address
), state
);
598 static int ndisc_rdnss_compare_func(const NDiscRDNSS
*a
, const NDiscRDNSS
*b
) {
599 return memcmp(&a
->address
, &b
->address
, sizeof(a
->address
));
602 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
603 ndisc_rdnss_hash_ops
,
605 ndisc_rdnss_hash_func
,
606 ndisc_rdnss_compare_func
,
609 static int ndisc_router_process_rdnss(Link
*link
, sd_ndisc_router
*rt
) {
611 const struct in6_addr
*a
;
612 struct in6_addr router
;
614 bool updated
= false;
620 r
= sd_ndisc_router_get_address(rt
, &router
);
622 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
624 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), &time_now
);
626 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
628 r
= sd_ndisc_router_rdnss_get_lifetime(rt
, &lifetime
);
630 return log_link_error_errno(link
, r
, "Failed to get RDNSS lifetime: %m");
632 n
= sd_ndisc_router_rdnss_get_addresses(rt
, &a
);
634 return log_link_error_errno(link
, n
, "Failed to get RDNSS addresses: %m");
639 if (n
>= (int) NDISC_RDNSS_MAX
) {
640 log_link_warning(link
, "Too many RDNSS records per link. Only first %i records will be used.", NDISC_RDNSS_MAX
);
644 for (int j
= 0; j
< n
; j
++) {
645 _cleanup_free_ NDiscRDNSS
*x
= NULL
;
646 NDiscRDNSS
*rdnss
, d
= {
650 rdnss
= set_get(link
->ndisc_rdnss
, &d
);
652 rdnss
->marked
= false;
653 rdnss
->router
= router
;
654 rdnss
->valid_until
= usec_add(time_now
, lifetime
* USEC_PER_SEC
);
658 x
= new(NDiscRDNSS
, 1);
665 .valid_until
= usec_add(time_now
, lifetime
* USEC_PER_SEC
),
668 r
= set_ensure_consume(&link
->ndisc_rdnss
, &ndisc_rdnss_hash_ops
, TAKE_PTR(x
));
682 static void ndisc_dnssl_hash_func(const NDiscDNSSL
*x
, struct siphash
*state
) {
683 siphash24_compress_string(NDISC_DNSSL_DOMAIN(x
), state
);
686 static int ndisc_dnssl_compare_func(const NDiscDNSSL
*a
, const NDiscDNSSL
*b
) {
687 return strcmp(NDISC_DNSSL_DOMAIN(a
), NDISC_DNSSL_DOMAIN(b
));
690 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
691 ndisc_dnssl_hash_ops
,
693 ndisc_dnssl_hash_func
,
694 ndisc_dnssl_compare_func
,
697 static int ndisc_router_process_dnssl(Link
*link
, sd_ndisc_router
*rt
) {
698 _cleanup_strv_free_
char **l
= NULL
;
699 struct in6_addr router
;
702 bool updated
= false;
709 r
= sd_ndisc_router_get_address(rt
, &router
);
711 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
713 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), &time_now
);
715 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
717 r
= sd_ndisc_router_dnssl_get_lifetime(rt
, &lifetime
);
719 return log_link_error_errno(link
, r
, "Failed to get DNSSL lifetime: %m");
721 r
= sd_ndisc_router_dnssl_get_domains(rt
, &l
);
723 return log_link_error_errno(link
, r
, "Failed to get DNSSL addresses: %m");
728 if (strv_length(l
) >= NDISC_DNSSL_MAX
) {
729 log_link_warning(link
, "Too many DNSSL records per link. Only first %i records will be used.", NDISC_DNSSL_MAX
);
730 STRV_FOREACH(j
, l
+ NDISC_DNSSL_MAX
)
735 _cleanup_free_ NDiscDNSSL
*s
= NULL
;
738 s
= malloc0(ALIGN(sizeof(NDiscDNSSL
)) + strlen(*j
) + 1);
742 strcpy(NDISC_DNSSL_DOMAIN(s
), *j
);
744 dnssl
= set_get(link
->ndisc_dnssl
, s
);
746 dnssl
->marked
= false;
747 dnssl
->router
= router
;
748 dnssl
->valid_until
= usec_add(time_now
, lifetime
* USEC_PER_SEC
);
753 s
->valid_until
= usec_add(time_now
, lifetime
* USEC_PER_SEC
);
755 r
= set_ensure_consume(&link
->ndisc_dnssl
, &ndisc_dnssl_hash_ops
, TAKE_PTR(s
));
769 static int ndisc_router_process_options(Link
*link
, sd_ndisc_router
*rt
) {
771 assert(link
->network
);
774 for (int r
= sd_ndisc_router_option_rewind(rt
); ; r
= sd_ndisc_router_option_next(rt
)) {
778 return log_link_error_errno(link
, r
, "Failed to iterate through options: %m");
779 if (r
== 0) /* EOF */
782 r
= sd_ndisc_router_option_get_type(rt
, &type
);
784 return log_link_error_errno(link
, r
, "Failed to get RA option type: %m");
788 case SD_NDISC_OPTION_PREFIX_INFORMATION
: {
793 r
= sd_ndisc_router_prefix_get_address(rt
, &a
);
795 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
797 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
799 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
801 if (in6_prefix_is_filtered(&a
, prefixlen
, link
->network
->ndisc_allow_listed_prefix
, link
->network
->ndisc_deny_listed_prefix
)) {
803 _cleanup_free_
char *b
= NULL
;
805 (void) in6_addr_prefix_to_string(&a
, prefixlen
, &b
);
806 if (!set_isempty(link
->network
->ndisc_allow_listed_prefix
))
807 log_link_debug(link
, "Prefix '%s' is not in allow list, ignoring", strna(b
));
809 log_link_debug(link
, "Prefix '%s' is in deny list, ignoring", strna(b
));
814 r
= sd_ndisc_router_prefix_get_flags(rt
, &flags
);
816 return log_link_error_errno(link
, r
, "Failed to get RA prefix flags: %m");
818 if (link
->network
->ipv6_accept_ra_use_onlink_prefix
&&
819 FLAGS_SET(flags
, ND_OPT_PI_FLAG_ONLINK
)) {
820 r
= ndisc_router_process_onlink_prefix(link
, rt
);
825 if (link
->network
->ipv6_accept_ra_use_autonomous_prefix
&&
826 FLAGS_SET(flags
, ND_OPT_PI_FLAG_AUTO
)) {
827 r
= ndisc_router_process_autonomous_prefix(link
, rt
);
834 case SD_NDISC_OPTION_ROUTE_INFORMATION
:
835 r
= ndisc_router_process_route(link
, rt
);
840 case SD_NDISC_OPTION_RDNSS
:
841 if (link
->network
->ipv6_accept_ra_use_dns
) {
842 r
= ndisc_router_process_rdnss(link
, rt
);
848 case SD_NDISC_OPTION_DNSSL
:
849 if (link
->network
->ipv6_accept_ra_use_dns
) {
850 r
= ndisc_router_process_dnssl(link
, rt
);
859 static void ndisc_mark(Link
*link
, const struct in6_addr
*router
) {
866 link_mark_addresses(link
, NETWORK_CONFIG_SOURCE_NDISC
, router
);
867 link_mark_routes(link
, NETWORK_CONFIG_SOURCE_NDISC
, router
);
869 SET_FOREACH(rdnss
, link
->ndisc_rdnss
)
870 if (in6_addr_equal(&rdnss
->router
, router
))
871 rdnss
->marked
= true;
873 SET_FOREACH(dnssl
, link
->ndisc_dnssl
)
874 if (in6_addr_equal(&dnssl
->router
, router
))
875 dnssl
->marked
= true;
878 static int ndisc_router_handler(Link
*link
, sd_ndisc_router
*rt
) {
879 struct in6_addr router
;
884 assert(link
->network
);
885 assert(link
->manager
);
888 r
= sd_ndisc_router_get_address(rt
, &router
);
890 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
892 if (in6_prefix_is_filtered(&router
, 128, link
->network
->ndisc_allow_listed_router
, link
->network
->ndisc_deny_listed_router
)) {
894 _cleanup_free_
char *buf
= NULL
;
896 (void) in6_addr_to_string(&router
, &buf
);
897 if (!set_isempty(link
->network
->ndisc_allow_listed_router
))
898 log_link_debug(link
, "Router '%s' is not in allow list, ignoring", strna(buf
));
900 log_link_debug(link
, "Router '%s' is in deny list, ignoring", strna(buf
));
905 ndisc_mark(link
, &router
);
907 r
= sd_ndisc_router_get_flags(rt
, &flags
);
909 return log_link_error_errno(link
, r
, "Failed to get RA flags: %m");
911 if ((flags
& (ND_RA_FLAG_MANAGED
| ND_RA_FLAG_OTHER
) &&
912 link
->network
->ipv6_accept_ra_start_dhcp6_client
!= IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO
) ||
913 link
->network
->ipv6_accept_ra_start_dhcp6_client
== IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS
) {
915 if (flags
& (ND_RA_FLAG_MANAGED
| ND_RA_FLAG_OTHER
))
916 /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags */
917 r
= dhcp6_request_information(link
, !(flags
& ND_RA_FLAG_MANAGED
));
919 /* When IPv6AcceptRA.DHCPv6Client=always, start dhcp6 client in managed mode
920 * even if router does not have M or O flag. */
921 r
= dhcp6_request_information(link
, false);
922 if (r
< 0 && r
!= -EBUSY
)
923 return log_link_error_errno(link
, r
, "Could not acquire DHCPv6 lease on NDisc request: %m");
925 log_link_debug(link
, "Acquiring DHCPv6 lease on NDisc request");
928 r
= ndisc_router_process_default(link
, rt
);
931 r
= ndisc_router_process_options(link
, rt
);
935 if (link
->ndisc_messages
== 0) {
936 link
->ndisc_configured
= true;
938 r
= ndisc_remove(link
, &router
);
942 log_link_debug(link
, "Setting SLAAC addresses and router.");
944 if (!link
->ndisc_configured
)
945 link_set_state(link
, LINK_STATE_CONFIGURING
);
947 link_check_ready(link
);
951 static void ndisc_handler(sd_ndisc
*nd
, sd_ndisc_event_t event
, sd_ndisc_router
*rt
, void *userdata
) {
952 Link
*link
= userdata
;
957 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
962 case SD_NDISC_EVENT_ROUTER
:
963 r
= ndisc_router_handler(link
, rt
);
965 link_enter_failed(link
);
970 case SD_NDISC_EVENT_TIMEOUT
:
971 log_link_debug(link
, "NDisc handler get timeout event");
972 if (link
->ndisc_messages
== 0) {
973 link
->ndisc_configured
= true;
974 link_check_ready(link
);
978 assert_not_reached();
982 int ndisc_configure(Link
*link
) {
987 if (!link_ipv6_accept_ra_enabled(link
))
991 return -EBUSY
; /* Already configured. */
993 r
= sd_ndisc_new(&link
->ndisc
);
997 r
= sd_ndisc_attach_event(link
->ndisc
, link
->manager
->event
, 0);
1001 r
= sd_ndisc_set_mac(link
->ndisc
, &link
->hw_addr
.ether
);
1005 r
= sd_ndisc_set_ifindex(link
->ndisc
, link
->ifindex
);
1009 r
= sd_ndisc_set_callback(link
->ndisc
, ndisc_handler
, link
);
1016 int ndisc_start(Link
*link
) {
1019 if (!link
->ndisc
|| !link
->dhcp6_client
)
1022 if (!link_has_carrier(link
))
1025 if (in6_addr_is_null(&link
->ipv6ll_address
))
1028 log_link_debug(link
, "Discovering IPv6 routers");
1030 return sd_ndisc_start(link
->ndisc
);
1033 void ndisc_vacuum(Link
*link
) {
1040 /* Removes all RDNSS and DNSSL entries whose validity time has passed */
1042 time_now
= now(clock_boottime_or_monotonic());
1044 SET_FOREACH(r
, link
->ndisc_rdnss
)
1045 if (r
->valid_until
< time_now
)
1046 free(set_remove(link
->ndisc_rdnss
, r
));
1048 SET_FOREACH(d
, link
->ndisc_dnssl
)
1049 if (d
->valid_until
< time_now
)
1050 free(set_remove(link
->ndisc_dnssl
, d
));
1053 void ndisc_flush(Link
*link
) {
1056 /* Removes all RDNSS and DNSSL entries, without exception */
1058 link
->ndisc_rdnss
= set_free(link
->ndisc_rdnss
);
1059 link
->ndisc_dnssl
= set_free(link
->ndisc_dnssl
);
1062 static const char* const ipv6_accept_ra_start_dhcp6_client_table
[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX
] = {
1063 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO
] = "no",
1064 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS
] = "always",
1065 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES
] = "yes",
1068 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(ipv6_accept_ra_start_dhcp6_client
, IPv6AcceptRAStartDHCP6Client
, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES
);
1070 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_use_domains
, dhcp_use_domains
, DHCPUseDomains
,
1071 "Failed to parse UseDomains= setting");
1072 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_start_dhcp6_client
, ipv6_accept_ra_start_dhcp6_client
, IPv6AcceptRAStartDHCP6Client
,
1073 "Failed to parse DHCPv6Client= setting");