1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 Copyright © 2014 Intel Corporation. All rights reserved.
7 #include <netinet/icmp6.h>
12 #include "missing_network.h"
13 #include "networkd-address-generation.h"
14 #include "networkd-address.h"
15 #include "networkd-dhcp6.h"
16 #include "networkd-manager.h"
17 #include "networkd-ndisc.h"
18 #include "networkd-queue.h"
19 #include "networkd-route.h"
20 #include "networkd-state-file.h"
21 #include "string-table.h"
22 #include "string-util.h"
25 #define NDISC_DNSSL_MAX 64U
26 #define NDISC_RDNSS_MAX 64U
28 bool link_ipv6_accept_ra_enabled(Link
*link
) {
31 if (!socket_ipv6_is_supported())
34 if (link
->flags
& IFF_LOOPBACK
)
40 if (!link_ipv6ll_enabled(link
))
43 assert(link
->network
->ipv6_accept_ra
>= 0);
44 return link
->network
->ipv6_accept_ra
;
47 void network_adjust_ipv6_accept_ra(Network
*network
) {
50 if (!FLAGS_SET(network
->link_local
, ADDRESS_FAMILY_IPV6
)) {
51 if (network
->ipv6_accept_ra
> 0)
52 log_warning("%s: IPv6AcceptRA= is enabled but IPv6 link local addressing is disabled or not supported. "
53 "Disabling IPv6AcceptRA=.", network
->filename
);
54 network
->ipv6_accept_ra
= false;
57 if (network
->ipv6_accept_ra
< 0)
58 /* default to accept RA if ip_forward is disabled and ignore RA if ip_forward is enabled */
59 network
->ipv6_accept_ra
= !FLAGS_SET(network
->ip_forward
, ADDRESS_FAMILY_IPV6
);
61 /* When RouterAllowList=, PrefixAllowList= or RouteAllowList= are specified, then
62 * RouterDenyList=, PrefixDenyList= or RouteDenyList= are ignored, respectively. */
63 if (!set_isempty(network
->ndisc_allow_listed_router
))
64 network
->ndisc_deny_listed_router
= set_free_free(network
->ndisc_deny_listed_router
);
65 if (!set_isempty(network
->ndisc_allow_listed_prefix
))
66 network
->ndisc_deny_listed_prefix
= set_free_free(network
->ndisc_deny_listed_prefix
);
67 if (!set_isempty(network
->ndisc_allow_listed_route_prefix
))
68 network
->ndisc_deny_listed_route_prefix
= set_free_free(network
->ndisc_deny_listed_route_prefix
);
71 static int ndisc_remove(Link
*link
, struct in6_addr
*router
) {
81 SET_FOREACH(route
, link
->routes
) {
82 if (route
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
84 if (!route_is_marked(route
))
86 if (router
&& !in6_addr_equal(router
, &route
->provider
.in6
))
89 k
= route_remove(route
);
93 route_cancel_request(route
);
96 SET_FOREACH(address
, link
->addresses
) {
97 if (address
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
99 if (!address_is_marked(address
))
101 if (router
&& !in6_addr_equal(router
, &address
->provider
.in6
))
104 k
= address_remove(address
);
108 address_cancel_request(address
);
111 SET_FOREACH(rdnss
, link
->ndisc_rdnss
) {
114 if (router
&& !in6_addr_equal(router
, &rdnss
->router
))
117 free(set_remove(link
->ndisc_rdnss
, rdnss
));
121 SET_FOREACH(dnssl
, link
->ndisc_dnssl
) {
124 if (router
&& !in6_addr_equal(router
, &dnssl
->router
))
127 free(set_remove(link
->ndisc_dnssl
, dnssl
));
137 static int ndisc_check_ready(Link
*link
);
139 static int ndisc_address_ready_callback(Address
*address
) {
143 assert(address
->link
);
145 SET_FOREACH(a
, address
->link
->addresses
)
146 if (a
->source
== NETWORK_CONFIG_SOURCE_NDISC
)
149 return ndisc_check_ready(address
->link
);
152 static int ndisc_check_ready(Link
*link
) {
153 bool found
= false, ready
= false;
159 if (link
->ndisc_messages
> 0) {
160 log_link_debug(link
, "%s(): SLAAC addresses and routes are not set.", __func__
);
164 SET_FOREACH(address
, link
->addresses
) {
165 if (address
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
170 if (address_is_ready(address
)) {
176 if (found
&& !ready
) {
177 SET_FOREACH(address
, link
->addresses
)
178 if (address
->source
== NETWORK_CONFIG_SOURCE_NDISC
)
179 address
->callback
= ndisc_address_ready_callback
;
181 log_link_debug(link
, "%s(): no SLAAC address is ready.", __func__
);
185 link
->ndisc_configured
= true;
186 log_link_debug(link
, "SLAAC addresses and routes set.");
188 r
= ndisc_remove(link
, NULL
);
192 link_check_ready(link
);
196 static int ndisc_route_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
) {
200 assert(link
->ndisc_messages
> 0);
202 link
->ndisc_messages
--;
204 r
= route_configure_handler_internal(rtnl
, m
, link
, "Could not set NDisc route");
208 r
= ndisc_check_ready(link
);
210 link_enter_failed(link
);
215 static int ndisc_request_route(Route
*in
, Link
*link
, sd_ndisc_router
*rt
) {
216 _cleanup_(route_freep
) Route
*route
= in
;
217 struct in6_addr router
;
225 r
= sd_ndisc_router_get_address(rt
, &router
);
229 route
->source
= NETWORK_CONFIG_SOURCE_NDISC
;
230 route
->provider
.in6
= router
;
231 if (!route
->table_set
)
232 route
->table
= link_get_ipv6_accept_ra_route_table(link
);
233 if (!route
->priority_set
)
234 route
->priority
= link
->network
->ipv6_accept_ra_route_metric
;
235 if (!route
->protocol_set
)
236 route
->protocol
= RTPROT_RA
;
238 if (route_get(NULL
, link
, route
, &existing
) < 0)
239 link
->ndisc_configured
= false;
241 route_unmark(existing
);
243 return link_request_route(link
, TAKE_PTR(route
), true, &link
->ndisc_messages
,
244 ndisc_route_handler
, NULL
);
247 static int ndisc_address_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
) {
251 assert(link
->ndisc_messages
> 0);
253 link
->ndisc_messages
--;
255 r
= address_configure_handler_internal(rtnl
, m
, link
, "Could not set NDisc address");
259 r
= ndisc_check_ready(link
);
261 link_enter_failed(link
);
266 static int ndisc_request_address(Address
*in
, Link
*link
, sd_ndisc_router
*rt
) {
267 _cleanup_(address_freep
) Address
*address
= in
;
268 struct in6_addr router
;
276 r
= sd_ndisc_router_get_address(rt
, &router
);
280 address
->source
= NETWORK_CONFIG_SOURCE_NDISC
;
281 address
->provider
.in6
= router
;
283 if (address_get(link
, address
, &existing
) < 0)
284 link
->ndisc_configured
= false;
286 address_unmark(existing
);
288 return link_request_address(link
, TAKE_PTR(address
), true, &link
->ndisc_messages
,
289 ndisc_address_handler
, NULL
);
292 static int ndisc_router_process_default(Link
*link
, sd_ndisc_router
*rt
) {
293 _cleanup_(route_freep
) Route
*route
= NULL
;
294 usec_t lifetime_usec
, timestamp_usec
;
295 struct in6_addr gateway
;
296 uint16_t lifetime_sec
;
304 r
= sd_ndisc_router_get_lifetime(rt
, &lifetime_sec
);
306 return log_link_error_errno(link
, r
, "Failed to get gateway lifetime from RA: %m");
308 if (lifetime_sec
== 0) /* not a default router */
311 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), ×tamp_usec
);
313 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
315 lifetime_usec
= usec_add(timestamp_usec
, lifetime_sec
* USEC_PER_SEC
);
317 r
= sd_ndisc_router_get_address(rt
, &gateway
);
319 return log_link_error_errno(link
, r
, "Failed to get gateway address from RA: %m");
321 if (link_get_ipv6_address(link
, &gateway
, NULL
) >= 0) {
323 _cleanup_free_
char *buffer
= NULL
;
325 (void) in6_addr_to_string(&gateway
, &buffer
);
326 log_link_debug(link
, "No NDisc route added, gateway %s matches local address",
332 r
= sd_ndisc_router_get_preference(rt
, &preference
);
334 return log_link_error_errno(link
, r
, "Failed to get default router preference from RA: %m");
336 if (link
->network
->ipv6_accept_ra_use_mtu
) {
337 r
= sd_ndisc_router_get_mtu(rt
, &mtu
);
338 if (r
< 0 && r
!= -ENODATA
)
339 return log_link_error_errno(link
, r
, "Failed to get default router MTU from RA: %m");
342 r
= route_new(&route
);
346 route
->family
= AF_INET6
;
347 route
->pref
= preference
;
348 route
->gw_family
= AF_INET6
;
349 route
->gw
.in6
= gateway
;
350 route
->lifetime_usec
= lifetime_usec
;
353 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
355 return log_link_error_errno(link
, r
, "Could not request default route: %m");
358 HASHMAP_FOREACH(route_gw
, link
->network
->routes_by_section
) {
359 if (!route_gw
->gateway_from_dhcp_or_ra
)
362 if (route_gw
->gw_family
!= AF_INET6
)
365 r
= route_dup(route_gw
, &route
);
369 route
->gw
.in6
= gateway
;
370 if (!route
->pref_set
)
371 route
->pref
= preference
;
372 route
->lifetime_usec
= lifetime_usec
;
376 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
378 return log_link_error_errno(link
, r
, "Could not request gateway: %m");
384 static int ndisc_router_process_autonomous_prefix(Link
*link
, sd_ndisc_router
*rt
) {
385 uint32_t lifetime_valid
, lifetime_preferred
;
386 _cleanup_set_free_ Set
*addresses
= NULL
;
387 struct in6_addr prefix
, *a
;
395 /* Do not use clock_boottime_or_monotonic() here, as the kernel internally manages cstamp and
396 * tstamp with jiffies, and it is not increased while the system is suspended. */
397 r
= sd_ndisc_router_get_timestamp(rt
, CLOCK_MONOTONIC
, &time_now
);
399 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
401 r
= sd_ndisc_router_prefix_get_address(rt
, &prefix
);
403 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
405 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
407 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
409 /* ndisc_generate_addresses() below requires the prefix length <= 64. */
410 if (prefixlen
> 64) {
411 _cleanup_free_
char *buf
= NULL
;
413 (void) in6_addr_prefix_to_string(&prefix
, prefixlen
, &buf
);
414 log_link_debug(link
, "Prefix is longer than 64, ignoring autonomous prefix %s.", strna(buf
));
418 r
= sd_ndisc_router_prefix_get_valid_lifetime(rt
, &lifetime_valid
);
420 return log_link_error_errno(link
, r
, "Failed to get prefix valid lifetime: %m");
422 if (lifetime_valid
== 0) {
423 log_link_debug(link
, "Ignoring prefix as its valid lifetime is zero.");
427 r
= sd_ndisc_router_prefix_get_preferred_lifetime(rt
, &lifetime_preferred
);
429 return log_link_error_errno(link
, r
, "Failed to get prefix preferred lifetime: %m");
431 /* The preferred lifetime is never greater than the valid lifetime */
432 if (lifetime_preferred
> lifetime_valid
)
435 r
= ndisc_generate_addresses(link
, &prefix
, prefixlen
, &addresses
);
437 return log_link_error_errno(link
, r
, "Failed to generate SLAAC addresses: %m");
439 SET_FOREACH(a
, addresses
) {
440 _cleanup_(address_freep
) Address
*address
= NULL
;
443 r
= address_new(&address
);
447 address
->family
= AF_INET6
;
448 address
->in_addr
.in6
= *a
;
449 address
->prefixlen
= prefixlen
;
450 address
->flags
= IFA_F_NOPREFIXROUTE
|IFA_F_MANAGETEMPADDR
;
451 address
->cinfo
.ifa_valid
= lifetime_valid
;
452 address
->cinfo
.ifa_prefered
= lifetime_preferred
;
454 /* See RFC4862, section 5.5.3.e. But the following logic is deviated from RFC4862 by
455 * honoring all valid lifetimes to improve the reaction of SLAAC to renumbering events.
456 * See draft-ietf-6man-slaac-renum-02, section 4.2. */
457 r
= address_get(link
, address
, &e
);
459 /* If the address is already assigned, but not valid anymore, then refuse to
460 * update the address, and it will be removed. */
461 if (e
->cinfo
.ifa_valid
!= CACHE_INFO_INFINITY_LIFE_TIME
&&
462 usec_add(e
->cinfo
.tstamp
/ 100 * USEC_PER_SEC
,
463 e
->cinfo
.ifa_valid
* USEC_PER_SEC
) < time_now
)
467 r
= ndisc_request_address(TAKE_PTR(address
), link
, rt
);
469 return log_link_error_errno(link
, r
, "Could not request SLAAC address: %m");
475 static int ndisc_router_process_onlink_prefix(Link
*link
, sd_ndisc_router
*rt
) {
476 _cleanup_(route_freep
) Route
*route
= NULL
;
477 usec_t timestamp_usec
;
478 uint32_t lifetime_sec
;
485 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), ×tamp_usec
);
487 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
489 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
491 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
493 r
= sd_ndisc_router_prefix_get_valid_lifetime(rt
, &lifetime_sec
);
495 return log_link_error_errno(link
, r
, "Failed to get prefix lifetime: %m");
497 r
= route_new(&route
);
501 route
->family
= AF_INET6
;
502 route
->flags
= RTM_F_PREFIX
;
503 route
->dst_prefixlen
= prefixlen
;
504 route
->lifetime_usec
= usec_add(timestamp_usec
, lifetime_sec
* USEC_PER_SEC
);
506 r
= sd_ndisc_router_prefix_get_address(rt
, &route
->dst
.in6
);
508 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
510 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
512 return log_link_error_errno(link
, r
, "Could not request prefix route: %m");;
517 static int ndisc_router_process_route(Link
*link
, sd_ndisc_router
*rt
) {
518 _cleanup_(route_freep
) Route
*route
= NULL
;
519 unsigned preference
, prefixlen
;
520 struct in6_addr gateway
, dst
;
521 uint32_t lifetime_sec
;
522 usec_t timestamp_usec
;
527 r
= sd_ndisc_router_route_get_lifetime(rt
, &lifetime_sec
);
529 return log_link_error_errno(link
, r
, "Failed to get route lifetime from RA: %m");
531 if (lifetime_sec
== 0)
534 r
= sd_ndisc_router_route_get_address(rt
, &dst
);
536 return log_link_error_errno(link
, r
, "Failed to get route destination address: %m");
538 r
= sd_ndisc_router_route_get_prefixlen(rt
, &prefixlen
);
540 return log_link_error_errno(link
, r
, "Failed to get route prefix length: %m");
542 if (in6_prefix_is_filtered(&dst
, prefixlen
, link
->network
->ndisc_allow_listed_route_prefix
, link
->network
->ndisc_deny_listed_route_prefix
)) {
544 _cleanup_free_
char *buf
= NULL
;
546 (void) in6_addr_prefix_to_string(&dst
, prefixlen
, &buf
);
547 if (!set_isempty(link
->network
->ndisc_allow_listed_route_prefix
))
548 log_link_debug(link
, "Route prefix '%s' is not in allow list, ignoring", strna(buf
));
550 log_link_debug(link
, "Route prefix '%s' is in deny list, ignoring", strna(buf
));
555 r
= sd_ndisc_router_get_address(rt
, &gateway
);
557 return log_link_error_errno(link
, r
, "Failed to get gateway address from RA: %m");
559 if (link_get_ipv6_address(link
, &gateway
, NULL
) >= 0) {
561 _cleanup_free_
char *buf
= NULL
;
563 (void) in6_addr_to_string(&gateway
, &buf
);
564 log_link_debug(link
, "Advertised route gateway %s is local to the link, ignoring route", strna(buf
));
569 r
= sd_ndisc_router_route_get_preference(rt
, &preference
);
571 return log_link_error_errno(link
, r
, "Failed to get default router preference from RA: %m");
573 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), ×tamp_usec
);
575 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
577 r
= route_new(&route
);
581 route
->family
= AF_INET6
;
582 route
->pref
= preference
;
583 route
->gw
.in6
= gateway
;
584 route
->gw_family
= AF_INET6
;
585 route
->dst
.in6
= dst
;
586 route
->dst_prefixlen
= prefixlen
;
587 route
->lifetime_usec
= usec_add(timestamp_usec
, lifetime_sec
* USEC_PER_SEC
);
589 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
591 return log_link_error_errno(link
, r
, "Could not request additional route: %m");
596 static void ndisc_rdnss_hash_func(const NDiscRDNSS
*x
, struct siphash
*state
) {
597 siphash24_compress(&x
->address
, sizeof(x
->address
), state
);
600 static int ndisc_rdnss_compare_func(const NDiscRDNSS
*a
, const NDiscRDNSS
*b
) {
601 return memcmp(&a
->address
, &b
->address
, sizeof(a
->address
));
604 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
605 ndisc_rdnss_hash_ops
,
607 ndisc_rdnss_hash_func
,
608 ndisc_rdnss_compare_func
,
611 static int ndisc_router_process_rdnss(Link
*link
, sd_ndisc_router
*rt
) {
613 const struct in6_addr
*a
;
614 struct in6_addr router
;
616 bool updated
= false;
622 r
= sd_ndisc_router_get_address(rt
, &router
);
624 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
626 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), &time_now
);
628 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
630 r
= sd_ndisc_router_rdnss_get_lifetime(rt
, &lifetime
);
632 return log_link_error_errno(link
, r
, "Failed to get RDNSS lifetime: %m");
634 n
= sd_ndisc_router_rdnss_get_addresses(rt
, &a
);
636 return log_link_error_errno(link
, n
, "Failed to get RDNSS addresses: %m");
641 if (n
>= (int) NDISC_RDNSS_MAX
) {
642 log_link_warning(link
, "Too many RDNSS records per link. Only first %i records will be used.", NDISC_RDNSS_MAX
);
646 for (int j
= 0; j
< n
; j
++) {
647 _cleanup_free_ NDiscRDNSS
*x
= NULL
;
648 NDiscRDNSS
*rdnss
, d
= {
652 rdnss
= set_get(link
->ndisc_rdnss
, &d
);
654 rdnss
->marked
= false;
655 rdnss
->router
= router
;
656 rdnss
->valid_until
= usec_add(time_now
, lifetime
* USEC_PER_SEC
);
660 x
= new(NDiscRDNSS
, 1);
667 .valid_until
= usec_add(time_now
, lifetime
* USEC_PER_SEC
),
670 r
= set_ensure_consume(&link
->ndisc_rdnss
, &ndisc_rdnss_hash_ops
, TAKE_PTR(x
));
684 static void ndisc_dnssl_hash_func(const NDiscDNSSL
*x
, struct siphash
*state
) {
685 siphash24_compress_string(NDISC_DNSSL_DOMAIN(x
), state
);
688 static int ndisc_dnssl_compare_func(const NDiscDNSSL
*a
, const NDiscDNSSL
*b
) {
689 return strcmp(NDISC_DNSSL_DOMAIN(a
), NDISC_DNSSL_DOMAIN(b
));
692 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
693 ndisc_dnssl_hash_ops
,
695 ndisc_dnssl_hash_func
,
696 ndisc_dnssl_compare_func
,
699 static int ndisc_router_process_dnssl(Link
*link
, sd_ndisc_router
*rt
) {
700 _cleanup_strv_free_
char **l
= NULL
;
701 struct in6_addr router
;
704 bool updated
= false;
711 r
= sd_ndisc_router_get_address(rt
, &router
);
713 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
715 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), &time_now
);
717 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
719 r
= sd_ndisc_router_dnssl_get_lifetime(rt
, &lifetime
);
721 return log_link_error_errno(link
, r
, "Failed to get DNSSL lifetime: %m");
723 r
= sd_ndisc_router_dnssl_get_domains(rt
, &l
);
725 return log_link_error_errno(link
, r
, "Failed to get DNSSL addresses: %m");
730 if (strv_length(l
) >= NDISC_DNSSL_MAX
) {
731 log_link_warning(link
, "Too many DNSSL records per link. Only first %i records will be used.", NDISC_DNSSL_MAX
);
732 STRV_FOREACH(j
, l
+ NDISC_DNSSL_MAX
)
737 _cleanup_free_ NDiscDNSSL
*s
= NULL
;
740 s
= malloc0(ALIGN(sizeof(NDiscDNSSL
)) + strlen(*j
) + 1);
744 strcpy(NDISC_DNSSL_DOMAIN(s
), *j
);
746 dnssl
= set_get(link
->ndisc_dnssl
, s
);
748 dnssl
->marked
= false;
749 dnssl
->router
= router
;
750 dnssl
->valid_until
= usec_add(time_now
, lifetime
* USEC_PER_SEC
);
755 s
->valid_until
= usec_add(time_now
, lifetime
* USEC_PER_SEC
);
757 r
= set_ensure_consume(&link
->ndisc_dnssl
, &ndisc_dnssl_hash_ops
, TAKE_PTR(s
));
771 static int ndisc_router_process_options(Link
*link
, sd_ndisc_router
*rt
) {
773 assert(link
->network
);
776 for (int r
= sd_ndisc_router_option_rewind(rt
); ; r
= sd_ndisc_router_option_next(rt
)) {
780 return log_link_error_errno(link
, r
, "Failed to iterate through options: %m");
781 if (r
== 0) /* EOF */
784 r
= sd_ndisc_router_option_get_type(rt
, &type
);
786 return log_link_error_errno(link
, r
, "Failed to get RA option type: %m");
790 case SD_NDISC_OPTION_PREFIX_INFORMATION
: {
795 r
= sd_ndisc_router_prefix_get_address(rt
, &a
);
797 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
799 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
801 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
803 if (in6_prefix_is_filtered(&a
, prefixlen
, link
->network
->ndisc_allow_listed_prefix
, link
->network
->ndisc_deny_listed_prefix
)) {
805 _cleanup_free_
char *b
= NULL
;
807 (void) in6_addr_prefix_to_string(&a
, prefixlen
, &b
);
808 if (!set_isempty(link
->network
->ndisc_allow_listed_prefix
))
809 log_link_debug(link
, "Prefix '%s' is not in allow list, ignoring", strna(b
));
811 log_link_debug(link
, "Prefix '%s' is in deny list, ignoring", strna(b
));
816 r
= sd_ndisc_router_prefix_get_flags(rt
, &flags
);
818 return log_link_error_errno(link
, r
, "Failed to get RA prefix flags: %m");
820 if (link
->network
->ipv6_accept_ra_use_onlink_prefix
&&
821 FLAGS_SET(flags
, ND_OPT_PI_FLAG_ONLINK
)) {
822 r
= ndisc_router_process_onlink_prefix(link
, rt
);
827 if (link
->network
->ipv6_accept_ra_use_autonomous_prefix
&&
828 FLAGS_SET(flags
, ND_OPT_PI_FLAG_AUTO
)) {
829 r
= ndisc_router_process_autonomous_prefix(link
, rt
);
836 case SD_NDISC_OPTION_ROUTE_INFORMATION
:
837 r
= ndisc_router_process_route(link
, rt
);
842 case SD_NDISC_OPTION_RDNSS
:
843 if (link
->network
->ipv6_accept_ra_use_dns
) {
844 r
= ndisc_router_process_rdnss(link
, rt
);
850 case SD_NDISC_OPTION_DNSSL
:
851 if (link
->network
->ipv6_accept_ra_use_dns
) {
852 r
= ndisc_router_process_dnssl(link
, rt
);
861 static void ndisc_mark(Link
*link
, const struct in6_addr
*router
) {
868 link_mark_addresses(link
, NETWORK_CONFIG_SOURCE_NDISC
, router
);
869 link_mark_routes(link
, NETWORK_CONFIG_SOURCE_NDISC
, router
);
871 SET_FOREACH(rdnss
, link
->ndisc_rdnss
)
872 if (in6_addr_equal(&rdnss
->router
, router
))
873 rdnss
->marked
= true;
875 SET_FOREACH(dnssl
, link
->ndisc_dnssl
)
876 if (in6_addr_equal(&dnssl
->router
, router
))
877 dnssl
->marked
= true;
880 static int ndisc_router_handler(Link
*link
, sd_ndisc_router
*rt
) {
881 struct in6_addr router
;
886 assert(link
->network
);
887 assert(link
->manager
);
890 r
= sd_ndisc_router_get_address(rt
, &router
);
892 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
894 if (in6_prefix_is_filtered(&router
, 128, link
->network
->ndisc_allow_listed_router
, link
->network
->ndisc_deny_listed_router
)) {
896 _cleanup_free_
char *buf
= NULL
;
898 (void) in6_addr_to_string(&router
, &buf
);
899 if (!set_isempty(link
->network
->ndisc_allow_listed_router
))
900 log_link_debug(link
, "Router '%s' is not in allow list, ignoring", strna(buf
));
902 log_link_debug(link
, "Router '%s' is in deny list, ignoring", strna(buf
));
907 ndisc_mark(link
, &router
);
909 r
= sd_ndisc_router_get_flags(rt
, &flags
);
911 return log_link_error_errno(link
, r
, "Failed to get RA flags: %m");
913 if ((flags
& (ND_RA_FLAG_MANAGED
| ND_RA_FLAG_OTHER
) &&
914 link
->network
->ipv6_accept_ra_start_dhcp6_client
!= IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO
) ||
915 link
->network
->ipv6_accept_ra_start_dhcp6_client
== IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS
) {
917 if (flags
& (ND_RA_FLAG_MANAGED
| ND_RA_FLAG_OTHER
))
918 /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags */
919 r
= dhcp6_request_information(link
, !(flags
& ND_RA_FLAG_MANAGED
));
921 /* When IPv6AcceptRA.DHCPv6Client=always, start dhcp6 client in managed mode
922 * even if router does not have M or O flag. */
923 r
= dhcp6_request_information(link
, false);
924 if (r
< 0 && r
!= -EBUSY
)
925 return log_link_error_errno(link
, r
, "Could not acquire DHCPv6 lease on NDisc request: %m");
927 log_link_debug(link
, "Acquiring DHCPv6 lease on NDisc request");
930 r
= ndisc_router_process_default(link
, rt
);
933 r
= ndisc_router_process_options(link
, rt
);
937 if (link
->ndisc_messages
== 0) {
938 link
->ndisc_configured
= true;
940 r
= ndisc_remove(link
, &router
);
944 log_link_debug(link
, "Setting SLAAC addresses and router.");
946 if (!link
->ndisc_configured
)
947 link_set_state(link
, LINK_STATE_CONFIGURING
);
949 link_check_ready(link
);
953 static void ndisc_handler(sd_ndisc
*nd
, sd_ndisc_event_t event
, sd_ndisc_router
*rt
, void *userdata
) {
954 Link
*link
= userdata
;
959 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
964 case SD_NDISC_EVENT_ROUTER
:
965 r
= ndisc_router_handler(link
, rt
);
967 link_enter_failed(link
);
972 case SD_NDISC_EVENT_TIMEOUT
:
973 log_link_debug(link
, "NDisc handler get timeout event");
974 if (link
->ndisc_messages
== 0) {
975 link
->ndisc_configured
= true;
976 link_check_ready(link
);
980 assert_not_reached();
984 int ndisc_configure(Link
*link
) {
989 if (!link_ipv6_accept_ra_enabled(link
))
993 return -EBUSY
; /* Already configured. */
995 r
= sd_ndisc_new(&link
->ndisc
);
999 r
= sd_ndisc_attach_event(link
->ndisc
, link
->manager
->event
, 0);
1003 r
= sd_ndisc_set_mac(link
->ndisc
, &link
->hw_addr
.ether
);
1007 r
= sd_ndisc_set_ifindex(link
->ndisc
, link
->ifindex
);
1011 r
= sd_ndisc_set_callback(link
->ndisc
, ndisc_handler
, link
);
1018 int ndisc_start(Link
*link
) {
1021 if (!link
->ndisc
|| !link
->dhcp6_client
)
1024 if (!link_has_carrier(link
))
1027 if (in6_addr_is_null(&link
->ipv6ll_address
))
1030 log_link_debug(link
, "Discovering IPv6 routers");
1032 return sd_ndisc_start(link
->ndisc
);
1035 void ndisc_vacuum(Link
*link
) {
1042 /* Removes all RDNSS and DNSSL entries whose validity time has passed */
1044 time_now
= now(clock_boottime_or_monotonic());
1046 SET_FOREACH(r
, link
->ndisc_rdnss
)
1047 if (r
->valid_until
< time_now
)
1048 free(set_remove(link
->ndisc_rdnss
, r
));
1050 SET_FOREACH(d
, link
->ndisc_dnssl
)
1051 if (d
->valid_until
< time_now
)
1052 free(set_remove(link
->ndisc_dnssl
, d
));
1055 void ndisc_flush(Link
*link
) {
1058 /* Removes all RDNSS and DNSSL entries, without exception */
1060 link
->ndisc_rdnss
= set_free(link
->ndisc_rdnss
);
1061 link
->ndisc_dnssl
= set_free(link
->ndisc_dnssl
);
1064 static const char* const ipv6_accept_ra_start_dhcp6_client_table
[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX
] = {
1065 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO
] = "no",
1066 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS
] = "always",
1067 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES
] = "yes",
1070 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(ipv6_accept_ra_start_dhcp6_client
, IPv6AcceptRAStartDHCP6Client
, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES
);
1072 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_use_domains
, dhcp_use_domains
, DHCPUseDomains
,
1073 "Failed to parse UseDomains= setting");
1074 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_start_dhcp6_client
, ipv6_accept_ra_start_dhcp6_client
, IPv6AcceptRAStartDHCP6Client
,
1075 "Failed to parse DHCPv6Client= setting");