]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/network/networkd-ndisc.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network: ndisc: do not read DNSSL option when UseDomains=no
[thirdparty/systemd.git] / src / network / networkd-ndisc.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 /***
3 Copyright © 2014 Intel Corporation. All rights reserved.
4 ***/
5
6 #include <arpa/inet.h>
7 #include <netinet/icmp6.h>
8 #include <linux/if.h>
9
10 #include "sd-ndisc.h"
11
12 #include "missing_network.h"
13 #include "networkd-address-generation.h"
14 #include "networkd-address.h"
15 #include "networkd-dhcp6.h"
16 #include "networkd-manager.h"
17 #include "networkd-ndisc.h"
18 #include "networkd-queue.h"
19 #include "networkd-route.h"
20 #include "networkd-state-file.h"
21 #include "string-table.h"
22 #include "string-util.h"
23 #include "strv.h"
24
25 #define NDISC_DNSSL_MAX 64U
26 #define NDISC_RDNSS_MAX 64U
27
28 bool link_ipv6_accept_ra_enabled(Link *link) {
29 assert(link);
30
31 if (!socket_ipv6_is_supported())
32 return false;
33
34 if (link->flags & IFF_LOOPBACK)
35 return false;
36
37 if (!link->network)
38 return false;
39
40 if (!link_ipv6ll_enabled(link))
41 return false;
42
43 assert(link->network->ipv6_accept_ra >= 0);
44 return link->network->ipv6_accept_ra;
45 }
46
47 void network_adjust_ipv6_accept_ra(Network *network) {
48 assert(network);
49
50 if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) {
51 if (network->ipv6_accept_ra > 0)
52 log_warning("%s: IPv6AcceptRA= is enabled but IPv6 link local addressing is disabled or not supported. "
53 "Disabling IPv6AcceptRA=.", network->filename);
54 network->ipv6_accept_ra = false;
55 }
56
57 if (network->ipv6_accept_ra < 0)
58 /* default to accept RA if ip_forward is disabled and ignore RA if ip_forward is enabled */
59 network->ipv6_accept_ra = !FLAGS_SET(network->ip_forward, ADDRESS_FAMILY_IPV6);
60
61 /* When RouterAllowList=, PrefixAllowList= or RouteAllowList= are specified, then
62 * RouterDenyList=, PrefixDenyList= or RouteDenyList= are ignored, respectively. */
63 if (!set_isempty(network->ndisc_allow_listed_router))
64 network->ndisc_deny_listed_router = set_free_free(network->ndisc_deny_listed_router);
65 if (!set_isempty(network->ndisc_allow_listed_prefix))
66 network->ndisc_deny_listed_prefix = set_free_free(network->ndisc_deny_listed_prefix);
67 if (!set_isempty(network->ndisc_allow_listed_route_prefix))
68 network->ndisc_deny_listed_route_prefix = set_free_free(network->ndisc_deny_listed_route_prefix);
69 }
70
71 static int ndisc_remove(Link *link, struct in6_addr *router) {
72 bool updated = false;
73 NDiscDNSSL *dnssl;
74 NDiscRDNSS *rdnss;
75 Address *address;
76 Route *route;
77 int k, r = 0;
78
79 assert(link);
80
81 SET_FOREACH(route, link->routes) {
82 if (route->source != NETWORK_CONFIG_SOURCE_NDISC)
83 continue;
84 if (!route_is_marked(route))
85 continue;
86 if (router && !in6_addr_equal(router, &route->provider.in6))
87 continue;
88
89 k = route_remove(route);
90 if (k < 0)
91 r = k;
92
93 route_cancel_request(route);
94 }
95
96 SET_FOREACH(address, link->addresses) {
97 if (address->source != NETWORK_CONFIG_SOURCE_NDISC)
98 continue;
99 if (!address_is_marked(address))
100 continue;
101 if (router && !in6_addr_equal(router, &address->provider.in6))
102 continue;
103
104 k = address_remove(address);
105 if (k < 0)
106 r = k;
107
108 address_cancel_request(address);
109 }
110
111 SET_FOREACH(rdnss, link->ndisc_rdnss) {
112 if (!rdnss->marked)
113 continue;
114 if (router && !in6_addr_equal(router, &rdnss->router))
115 continue;
116
117 free(set_remove(link->ndisc_rdnss, rdnss));
118 updated = true;
119 }
120
121 SET_FOREACH(dnssl, link->ndisc_dnssl) {
122 if (!dnssl->marked)
123 continue;
124 if (router && !in6_addr_equal(router, &dnssl->router))
125 continue;
126
127 free(set_remove(link->ndisc_dnssl, dnssl));
128 updated = true;
129 }
130
131 if (updated)
132 link_dirty(link);
133
134 return r;
135 }
136
137 static int ndisc_check_ready(Link *link);
138
139 static int ndisc_address_ready_callback(Address *address) {
140 Address *a;
141
142 assert(address);
143 assert(address->link);
144
145 SET_FOREACH(a, address->link->addresses)
146 if (a->source == NETWORK_CONFIG_SOURCE_NDISC)
147 a->callback = NULL;
148
149 return ndisc_check_ready(address->link);
150 }
151
152 static int ndisc_check_ready(Link *link) {
153 bool found = false, ready = false;
154 Address *address;
155 int r;
156
157 assert(link);
158
159 if (link->ndisc_messages > 0) {
160 log_link_debug(link, "%s(): SLAAC addresses and routes are not set.", __func__);
161 return 0;
162 }
163
164 SET_FOREACH(address, link->addresses) {
165 if (address->source != NETWORK_CONFIG_SOURCE_NDISC)
166 continue;
167
168 found = true;
169
170 if (address_is_ready(address)) {
171 ready = true;
172 break;
173 }
174 }
175
176 if (found && !ready) {
177 SET_FOREACH(address, link->addresses)
178 if (address->source == NETWORK_CONFIG_SOURCE_NDISC)
179 address->callback = ndisc_address_ready_callback;
180
181 log_link_debug(link, "%s(): no SLAAC address is ready.", __func__);
182 return 0;
183 }
184
185 link->ndisc_configured = true;
186 log_link_debug(link, "SLAAC addresses and routes set.");
187
188 r = ndisc_remove(link, NULL);
189 if (r < 0)
190 return r;
191
192 link_check_ready(link);
193 return 0;
194 }
195
196 static int ndisc_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
197 int r;
198
199 assert(link);
200 assert(link->ndisc_messages > 0);
201
202 link->ndisc_messages--;
203
204 r = route_configure_handler_internal(rtnl, m, link, "Could not set NDisc route");
205 if (r <= 0)
206 return r;
207
208 r = ndisc_check_ready(link);
209 if (r < 0)
210 link_enter_failed(link);
211
212 return 1;
213 }
214
215 static int ndisc_request_route(Route *in, Link *link, sd_ndisc_router *rt) {
216 _cleanup_(route_freep) Route *route = in;
217 struct in6_addr router;
218 Route *existing;
219 int r;
220
221 assert(route);
222 assert(link);
223 assert(rt);
224
225 r = sd_ndisc_router_get_address(rt, &router);
226 if (r < 0)
227 return r;
228
229 route->source = NETWORK_CONFIG_SOURCE_NDISC;
230 route->provider.in6 = router;
231 if (!route->table_set)
232 route->table = link_get_ipv6_accept_ra_route_table(link);
233 if (!route->priority_set)
234 route->priority = link->network->ipv6_accept_ra_route_metric;
235 if (!route->protocol_set)
236 route->protocol = RTPROT_RA;
237
238 if (route_get(NULL, link, route, &existing) < 0)
239 link->ndisc_configured = false;
240 else
241 route_unmark(existing);
242
243 return link_request_route(link, TAKE_PTR(route), true, &link->ndisc_messages,
244 ndisc_route_handler, NULL);
245 }
246
247 static int ndisc_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
248 int r;
249
250 assert(link);
251 assert(link->ndisc_messages > 0);
252
253 link->ndisc_messages--;
254
255 r = address_configure_handler_internal(rtnl, m, link, "Could not set NDisc address");
256 if (r <= 0)
257 return r;
258
259 r = ndisc_check_ready(link);
260 if (r < 0)
261 link_enter_failed(link);
262
263 return 1;
264 }
265
266 static int ndisc_request_address(Address *in, Link *link, sd_ndisc_router *rt) {
267 _cleanup_(address_freep) Address *address = in;
268 struct in6_addr router;
269 Address *existing;
270 int r;
271
272 assert(address);
273 assert(link);
274 assert(rt);
275
276 r = sd_ndisc_router_get_address(rt, &router);
277 if (r < 0)
278 return r;
279
280 address->source = NETWORK_CONFIG_SOURCE_NDISC;
281 address->provider.in6 = router;
282
283 if (address_get(link, address, &existing) < 0)
284 link->ndisc_configured = false;
285 else
286 address_unmark(existing);
287
288 return link_request_address(link, TAKE_PTR(address), true, &link->ndisc_messages,
289 ndisc_address_handler, NULL);
290 }
291
292 static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) {
293 _cleanup_(route_freep) Route *route = NULL;
294 usec_t lifetime_usec, timestamp_usec;
295 struct in6_addr gateway;
296 uint16_t lifetime_sec;
297 unsigned preference;
298 uint32_t mtu = 0;
299 int r;
300
301 assert(link);
302 assert(rt);
303
304 r = sd_ndisc_router_get_lifetime(rt, &lifetime_sec);
305 if (r < 0)
306 return log_link_error_errno(link, r, "Failed to get gateway lifetime from RA: %m");
307
308 if (lifetime_sec == 0) /* not a default router */
309 return 0;
310
311 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &timestamp_usec);
312 if (r < 0)
313 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
314
315 lifetime_usec = usec_add(timestamp_usec, lifetime_sec * USEC_PER_SEC);
316
317 r = sd_ndisc_router_get_address(rt, &gateway);
318 if (r < 0)
319 return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m");
320
321 if (link_get_ipv6_address(link, &gateway, NULL) >= 0) {
322 if (DEBUG_LOGGING) {
323 _cleanup_free_ char *buffer = NULL;
324
325 (void) in6_addr_to_string(&gateway, &buffer);
326 log_link_debug(link, "No NDisc route added, gateway %s matches local address",
327 strna(buffer));
328 }
329 return 0;
330 }
331
332 r = sd_ndisc_router_get_preference(rt, &preference);
333 if (r < 0)
334 return log_link_error_errno(link, r, "Failed to get default router preference from RA: %m");
335
336 if (link->network->ipv6_accept_ra_use_mtu) {
337 r = sd_ndisc_router_get_mtu(rt, &mtu);
338 if (r < 0 && r != -ENODATA)
339 return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m");
340 }
341
342 r = route_new(&route);
343 if (r < 0)
344 return log_oom();
345
346 route->family = AF_INET6;
347 route->pref = preference;
348 route->gw_family = AF_INET6;
349 route->gw.in6 = gateway;
350 route->lifetime_usec = lifetime_usec;
351 route->mtu = mtu;
352
353 r = ndisc_request_route(TAKE_PTR(route), link, rt);
354 if (r < 0)
355 return log_link_error_errno(link, r, "Could not request default route: %m");
356
357 Route *route_gw;
358 HASHMAP_FOREACH(route_gw, link->network->routes_by_section) {
359 if (!route_gw->gateway_from_dhcp_or_ra)
360 continue;
361
362 if (route_gw->gw_family != AF_INET6)
363 continue;
364
365 r = route_dup(route_gw, &route);
366 if (r < 0)
367 return r;
368
369 route->gw.in6 = gateway;
370 if (!route->pref_set)
371 route->pref = preference;
372 route->lifetime_usec = lifetime_usec;
373 if (route->mtu == 0)
374 route->mtu = mtu;
375
376 r = ndisc_request_route(TAKE_PTR(route), link, rt);
377 if (r < 0)
378 return log_link_error_errno(link, r, "Could not request gateway: %m");
379 }
380
381 return 0;
382 }
383
384 static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) {
385 uint32_t lifetime_valid_sec, lifetime_preferred_sec;
386 usec_t lifetime_valid_usec, lifetime_preferred_usec, timestamp_usec;
387 _cleanup_set_free_ Set *addresses = NULL;
388 struct in6_addr prefix, *a;
389 unsigned prefixlen;
390 int r;
391
392 assert(link);
393 assert(link->network);
394 assert(rt);
395
396 if (!link->network->ipv6_accept_ra_use_autonomous_prefix)
397 return 0;
398
399 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &timestamp_usec);
400 if (r < 0)
401 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
402
403 r = sd_ndisc_router_prefix_get_address(rt, &prefix);
404 if (r < 0)
405 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
406
407 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
408 if (r < 0)
409 return log_link_error_errno(link, r, "Failed to get prefix length: %m");
410
411 /* ndisc_generate_addresses() below requires the prefix length <= 64. */
412 if (prefixlen > 64) {
413 _cleanup_free_ char *buf = NULL;
414
415 (void) in6_addr_prefix_to_string(&prefix, prefixlen, &buf);
416 log_link_debug(link, "Prefix is longer than 64, ignoring autonomous prefix %s.", strna(buf));
417 return 0;
418 }
419
420 r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid_sec);
421 if (r < 0)
422 return log_link_error_errno(link, r, "Failed to get prefix valid lifetime: %m");
423
424 if (lifetime_valid_sec == 0) {
425 log_link_debug(link, "Ignoring prefix as its valid lifetime is zero.");
426 return 0;
427 }
428
429 r = sd_ndisc_router_prefix_get_preferred_lifetime(rt, &lifetime_preferred_sec);
430 if (r < 0)
431 return log_link_error_errno(link, r, "Failed to get prefix preferred lifetime: %m");
432
433 /* The preferred lifetime is never greater than the valid lifetime */
434 if (lifetime_preferred_sec > lifetime_valid_sec)
435 return 0;
436
437 lifetime_valid_usec = usec_add(lifetime_valid_sec * USEC_PER_SEC, timestamp_usec);
438 lifetime_preferred_usec = usec_add(lifetime_preferred_sec * USEC_PER_SEC, timestamp_usec);
439
440 r = ndisc_generate_addresses(link, &prefix, prefixlen, &addresses);
441 if (r < 0)
442 return log_link_error_errno(link, r, "Failed to generate SLAAC addresses: %m");
443
444 SET_FOREACH(a, addresses) {
445 _cleanup_(address_freep) Address *address = NULL;
446 Address *e;
447
448 r = address_new(&address);
449 if (r < 0)
450 return log_oom();
451
452 address->family = AF_INET6;
453 address->in_addr.in6 = *a;
454 address->prefixlen = prefixlen;
455 address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
456 address->lifetime_valid_usec = lifetime_valid_usec;
457 address->lifetime_preferred_usec = lifetime_preferred_usec;
458
459 /* See RFC4862, section 5.5.3.e. But the following logic is deviated from RFC4862 by
460 * honoring all valid lifetimes to improve the reaction of SLAAC to renumbering events.
461 * See draft-ietf-6man-slaac-renum-02, section 4.2. */
462 r = address_get(link, address, &e);
463 if (r > 0) {
464 /* If the address is already assigned, but not valid anymore, then refuse to
465 * update the address, and it will be removed. */
466 if (e->lifetime_valid_usec < timestamp_usec)
467 continue;
468 }
469
470 r = ndisc_request_address(TAKE_PTR(address), link, rt);
471 if (r < 0)
472 return log_link_error_errno(link, r, "Could not request SLAAC address: %m");
473 }
474
475 return 0;
476 }
477
478 static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
479 _cleanup_(route_freep) Route *route = NULL;
480 usec_t timestamp_usec;
481 uint32_t lifetime_sec;
482 unsigned prefixlen;
483 int r;
484
485 assert(link);
486 assert(link->network);
487 assert(rt);
488
489 if (!link->network->ipv6_accept_ra_use_onlink_prefix)
490 return 0;
491
492 r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_sec);
493 if (r < 0)
494 return log_link_error_errno(link, r, "Failed to get prefix lifetime: %m");
495
496 if (lifetime_sec == 0)
497 return 0;
498
499 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &timestamp_usec);
500 if (r < 0)
501 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
502
503 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
504 if (r < 0)
505 return log_link_error_errno(link, r, "Failed to get prefix length: %m");
506
507 r = route_new(&route);
508 if (r < 0)
509 return log_oom();
510
511 route->family = AF_INET6;
512 route->flags = RTM_F_PREFIX;
513 route->dst_prefixlen = prefixlen;
514 route->lifetime_usec = usec_add(timestamp_usec, lifetime_sec * USEC_PER_SEC);
515
516 r = sd_ndisc_router_prefix_get_address(rt, &route->dst.in6);
517 if (r < 0)
518 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
519
520 r = ndisc_request_route(TAKE_PTR(route), link, rt);
521 if (r < 0)
522 return log_link_error_errno(link, r, "Could not request prefix route: %m");;
523
524 return 0;
525 }
526
527 static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt) {
528 unsigned prefixlen;
529 struct in6_addr a;
530 uint8_t flags;
531 int r;
532
533 assert(link);
534 assert(link->network);
535 assert(rt);
536
537 r = sd_ndisc_router_prefix_get_address(rt, &a);
538 if (r < 0)
539 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
540
541 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
542 if (r < 0)
543 return log_link_error_errno(link, r, "Failed to get prefix length: %m");
544
545 if (in6_prefix_is_filtered(&a, prefixlen, link->network->ndisc_allow_listed_prefix, link->network->ndisc_deny_listed_prefix)) {
546 if (DEBUG_LOGGING) {
547 _cleanup_free_ char *b = NULL;
548
549 (void) in6_addr_prefix_to_string(&a, prefixlen, &b);
550 if (!set_isempty(link->network->ndisc_allow_listed_prefix))
551 log_link_debug(link, "Prefix '%s' is not in allow list, ignoring", strna(b));
552 else
553 log_link_debug(link, "Prefix '%s' is in deny list, ignoring", strna(b));
554 }
555 return 0;
556 }
557
558 r = sd_ndisc_router_prefix_get_flags(rt, &flags);
559 if (r < 0)
560 return log_link_error_errno(link, r, "Failed to get RA prefix flags: %m");
561
562 if (FLAGS_SET(flags, ND_OPT_PI_FLAG_ONLINK)) {
563 r = ndisc_router_process_onlink_prefix(link, rt);
564 if (r < 0)
565 return r;
566 }
567
568 if (FLAGS_SET(flags, ND_OPT_PI_FLAG_AUTO)) {
569 r = ndisc_router_process_autonomous_prefix(link, rt);
570 if (r < 0)
571 return r;
572 }
573
574 return 0;
575 }
576
577 static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
578 _cleanup_(route_freep) Route *route = NULL;
579 unsigned preference, prefixlen;
580 struct in6_addr gateway, dst;
581 uint32_t lifetime_sec;
582 usec_t timestamp_usec;
583 int r;
584
585 assert(link);
586
587 r = sd_ndisc_router_route_get_lifetime(rt, &lifetime_sec);
588 if (r < 0)
589 return log_link_error_errno(link, r, "Failed to get route lifetime from RA: %m");
590
591 if (lifetime_sec == 0)
592 return 0;
593
594 r = sd_ndisc_router_route_get_address(rt, &dst);
595 if (r < 0)
596 return log_link_error_errno(link, r, "Failed to get route destination address: %m");
597
598 r = sd_ndisc_router_route_get_prefixlen(rt, &prefixlen);
599 if (r < 0)
600 return log_link_error_errno(link, r, "Failed to get route prefix length: %m");
601
602 if (in6_prefix_is_filtered(&dst, prefixlen, link->network->ndisc_allow_listed_route_prefix, link->network->ndisc_deny_listed_route_prefix)) {
603 if (DEBUG_LOGGING) {
604 _cleanup_free_ char *buf = NULL;
605
606 (void) in6_addr_prefix_to_string(&dst, prefixlen, &buf);
607 if (!set_isempty(link->network->ndisc_allow_listed_route_prefix))
608 log_link_debug(link, "Route prefix '%s' is not in allow list, ignoring", strna(buf));
609 else
610 log_link_debug(link, "Route prefix '%s' is in deny list, ignoring", strna(buf));
611 }
612 return 0;
613 }
614
615 r = sd_ndisc_router_get_address(rt, &gateway);
616 if (r < 0)
617 return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m");
618
619 if (link_get_ipv6_address(link, &gateway, NULL) >= 0) {
620 if (DEBUG_LOGGING) {
621 _cleanup_free_ char *buf = NULL;
622
623 (void) in6_addr_to_string(&gateway, &buf);
624 log_link_debug(link, "Advertised route gateway %s is local to the link, ignoring route", strna(buf));
625 }
626 return 0;
627 }
628
629 r = sd_ndisc_router_route_get_preference(rt, &preference);
630 if (r < 0)
631 return log_link_error_errno(link, r, "Failed to get default router preference from RA: %m");
632
633 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &timestamp_usec);
634 if (r < 0)
635 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
636
637 r = route_new(&route);
638 if (r < 0)
639 return log_oom();
640
641 route->family = AF_INET6;
642 route->pref = preference;
643 route->gw.in6 = gateway;
644 route->gw_family = AF_INET6;
645 route->dst.in6 = dst;
646 route->dst_prefixlen = prefixlen;
647 route->lifetime_usec = usec_add(timestamp_usec, lifetime_sec * USEC_PER_SEC);
648
649 r = ndisc_request_route(TAKE_PTR(route), link, rt);
650 if (r < 0)
651 return log_link_error_errno(link, r, "Could not request additional route: %m");
652
653 return 0;
654 }
655
656 static void ndisc_rdnss_hash_func(const NDiscRDNSS *x, struct siphash *state) {
657 siphash24_compress(&x->address, sizeof(x->address), state);
658 }
659
660 static int ndisc_rdnss_compare_func(const NDiscRDNSS *a, const NDiscRDNSS *b) {
661 return memcmp(&a->address, &b->address, sizeof(a->address));
662 }
663
664 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
665 ndisc_rdnss_hash_ops,
666 NDiscRDNSS,
667 ndisc_rdnss_hash_func,
668 ndisc_rdnss_compare_func,
669 free);
670
671 static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) {
672 usec_t lifetime_usec, timestamp_usec;
673 uint32_t lifetime_sec;
674 const struct in6_addr *a;
675 struct in6_addr router;
676 bool updated = false;
677 int n, r;
678
679 assert(link);
680 assert(link->network);
681 assert(rt);
682
683 if (!link->network->ipv6_accept_ra_use_dns)
684 return 0;
685
686 r = sd_ndisc_router_get_address(rt, &router);
687 if (r < 0)
688 return log_link_error_errno(link, r, "Failed to get router address from RA: %m");
689
690 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &timestamp_usec);
691 if (r < 0)
692 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
693
694 r = sd_ndisc_router_rdnss_get_lifetime(rt, &lifetime_sec);
695 if (r < 0)
696 return log_link_error_errno(link, r, "Failed to get RDNSS lifetime: %m");
697
698 if (lifetime_sec == 0)
699 return 0;
700
701 lifetime_usec = usec_add(timestamp_usec, lifetime_sec * USEC_PER_SEC);
702
703 n = sd_ndisc_router_rdnss_get_addresses(rt, &a);
704 if (n < 0)
705 return log_link_error_errno(link, n, "Failed to get RDNSS addresses: %m");
706
707 if (n >= (int) NDISC_RDNSS_MAX) {
708 log_link_warning(link, "Too many RDNSS records per link. Only first %i records will be used.", NDISC_RDNSS_MAX);
709 n = NDISC_RDNSS_MAX;
710 }
711
712 for (int j = 0; j < n; j++) {
713 _cleanup_free_ NDiscRDNSS *x = NULL;
714 NDiscRDNSS *rdnss, d = {
715 .address = a[j],
716 };
717
718 rdnss = set_get(link->ndisc_rdnss, &d);
719 if (rdnss) {
720 rdnss->marked = false;
721 rdnss->router = router;
722 rdnss->lifetime_usec = lifetime_usec;
723 continue;
724 }
725
726 x = new(NDiscRDNSS, 1);
727 if (!x)
728 return log_oom();
729
730 *x = (NDiscRDNSS) {
731 .address = a[j],
732 .router = router,
733 .lifetime_usec = lifetime_usec,
734 };
735
736 r = set_ensure_consume(&link->ndisc_rdnss, &ndisc_rdnss_hash_ops, TAKE_PTR(x));
737 if (r < 0)
738 return log_oom();
739 assert(r > 0);
740
741 updated = true;
742 }
743
744 if (updated)
745 link_dirty(link);
746
747 return 0;
748 }
749
750 static void ndisc_dnssl_hash_func(const NDiscDNSSL *x, struct siphash *state) {
751 siphash24_compress_string(NDISC_DNSSL_DOMAIN(x), state);
752 }
753
754 static int ndisc_dnssl_compare_func(const NDiscDNSSL *a, const NDiscDNSSL *b) {
755 return strcmp(NDISC_DNSSL_DOMAIN(a), NDISC_DNSSL_DOMAIN(b));
756 }
757
758 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
759 ndisc_dnssl_hash_ops,
760 NDiscDNSSL,
761 ndisc_dnssl_hash_func,
762 ndisc_dnssl_compare_func,
763 free);
764
765 static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) {
766 _cleanup_strv_free_ char **l = NULL;
767 usec_t lifetime_usec, timestamp_usec;
768 struct in6_addr router;
769 uint32_t lifetime_sec;
770 bool updated = false;
771 char **j;
772 int r;
773
774 assert(link);
775 assert(link->network);
776 assert(rt);
777
778 if (link->network->ipv6_accept_ra_use_domains == DHCP_USE_DOMAINS_NO)
779 return 0;
780
781 r = sd_ndisc_router_get_address(rt, &router);
782 if (r < 0)
783 return log_link_error_errno(link, r, "Failed to get router address from RA: %m");
784
785 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &timestamp_usec);
786 if (r < 0)
787 return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
788
789 r = sd_ndisc_router_dnssl_get_lifetime(rt, &lifetime_sec);
790 if (r < 0)
791 return log_link_error_errno(link, r, "Failed to get DNSSL lifetime: %m");
792
793 if (lifetime_sec == 0)
794 return 0;
795
796 lifetime_usec = usec_add(timestamp_usec, lifetime_sec * USEC_PER_SEC);
797
798 r = sd_ndisc_router_dnssl_get_domains(rt, &l);
799 if (r < 0)
800 return log_link_error_errno(link, r, "Failed to get DNSSL addresses: %m");
801
802 if (strv_length(l) >= NDISC_DNSSL_MAX) {
803 log_link_warning(link, "Too many DNSSL records per link. Only first %i records will be used.", NDISC_DNSSL_MAX);
804 STRV_FOREACH(j, l + NDISC_DNSSL_MAX)
805 *j = mfree(*j);
806 }
807
808 STRV_FOREACH(j, l) {
809 _cleanup_free_ NDiscDNSSL *s = NULL;
810 NDiscDNSSL *dnssl;
811
812 s = malloc0(ALIGN(sizeof(NDiscDNSSL)) + strlen(*j) + 1);
813 if (!s)
814 return log_oom();
815
816 strcpy(NDISC_DNSSL_DOMAIN(s), *j);
817
818 dnssl = set_get(link->ndisc_dnssl, s);
819 if (dnssl) {
820 dnssl->marked = false;
821 dnssl->router = router;
822 dnssl->lifetime_usec = lifetime_usec;
823 continue;
824 }
825
826 s->router = router;
827 s->lifetime_usec = lifetime_usec;
828
829 r = set_ensure_consume(&link->ndisc_dnssl, &ndisc_dnssl_hash_ops, TAKE_PTR(s));
830 if (r < 0)
831 return log_oom();
832 assert(r > 0);
833
834 updated = true;
835 }
836
837 if (updated)
838 link_dirty(link);
839
840 return 0;
841 }
842
843 static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
844 int r;
845
846 assert(link);
847 assert(link->network);
848 assert(rt);
849
850 for (r = sd_ndisc_router_option_rewind(rt); ; r = sd_ndisc_router_option_next(rt)) {
851 uint8_t type;
852
853 if (r < 0)
854 return log_link_error_errno(link, r, "Failed to iterate through options: %m");
855 if (r == 0) /* EOF */
856 return 0;
857
858 r = sd_ndisc_router_option_get_type(rt, &type);
859 if (r < 0)
860 return log_link_error_errno(link, r, "Failed to get RA option type: %m");
861
862 switch (type) {
863
864 case SD_NDISC_OPTION_PREFIX_INFORMATION:
865 r = ndisc_router_process_prefix(link, rt);
866 if (r < 0)
867 return r;
868 break;
869
870 case SD_NDISC_OPTION_ROUTE_INFORMATION:
871 r = ndisc_router_process_route(link, rt);
872 if (r < 0)
873 return r;
874 break;
875
876 case SD_NDISC_OPTION_RDNSS:
877 r = ndisc_router_process_rdnss(link, rt);
878 if (r < 0)
879 return r;
880 break;
881
882 case SD_NDISC_OPTION_DNSSL:
883 r = ndisc_router_process_dnssl(link, rt);
884 if (r < 0)
885 return r;
886 break;
887 }
888 }
889 }
890
891 static void ndisc_mark(Link *link, const struct in6_addr *router) {
892 NDiscRDNSS *rdnss;
893 NDiscDNSSL *dnssl;
894
895 assert(link);
896 assert(router);
897
898 link_mark_addresses(link, NETWORK_CONFIG_SOURCE_NDISC, router);
899 link_mark_routes(link, NETWORK_CONFIG_SOURCE_NDISC, router);
900
901 SET_FOREACH(rdnss, link->ndisc_rdnss)
902 if (in6_addr_equal(&rdnss->router, router))
903 rdnss->marked = true;
904
905 SET_FOREACH(dnssl, link->ndisc_dnssl)
906 if (in6_addr_equal(&dnssl->router, router))
907 dnssl->marked = true;
908 }
909
910 static int ndisc_start_dhcp6_client(Link *link, sd_ndisc_router *rt) {
911 int r;
912
913 assert(link);
914 assert(link->network);
915
916 switch (link->network->ipv6_accept_ra_start_dhcp6_client) {
917 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO:
918 return 0;
919
920 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES: {
921 uint64_t flags;
922
923 r = sd_ndisc_router_get_flags(rt, &flags);
924 if (r < 0)
925 return log_link_warning_errno(link, r, "Failed to get RA flags: %m");
926
927 if ((flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER)) == 0)
928 return 0;
929
930 /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags.
931 * Note, if both managed and other information bits are set, then ignore other
932 * information bit. See RFC 4861. */
933 r = dhcp6_start_on_ra(link, !(flags & ND_RA_FLAG_MANAGED));
934 break;
935 }
936 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS:
937 /* When IPv6AcceptRA.DHCPv6Client=always, start dhcp6 client in managed mode
938 * even if the router flags have neither M nor O flags. */
939 r = dhcp6_start_on_ra(link, /* information_request = */ false);
940 break;
941
942 default:
943 assert_not_reached();
944 }
945
946 if (r < 0)
947 return log_link_error_errno(link, r, "Could not acquire DHCPv6 lease on NDisc request: %m");
948
949 log_link_debug(link, "Acquiring DHCPv6 lease on NDisc request");
950 return 0;
951 }
952
953 static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
954 struct in6_addr router;
955 int r;
956
957 assert(link);
958 assert(link->network);
959 assert(link->manager);
960 assert(rt);
961
962 r = sd_ndisc_router_get_address(rt, &router);
963 if (r < 0)
964 return log_link_error_errno(link, r, "Failed to get router address from RA: %m");
965
966 if (in6_prefix_is_filtered(&router, 128, link->network->ndisc_allow_listed_router, link->network->ndisc_deny_listed_router)) {
967 if (DEBUG_LOGGING) {
968 _cleanup_free_ char *buf = NULL;
969
970 (void) in6_addr_to_string(&router, &buf);
971 if (!set_isempty(link->network->ndisc_allow_listed_router))
972 log_link_debug(link, "Router '%s' is not in allow list, ignoring", strna(buf));
973 else
974 log_link_debug(link, "Router '%s' is in deny list, ignoring", strna(buf));
975 }
976 return 0;
977 }
978
979 ndisc_mark(link, &router);
980
981 r = ndisc_start_dhcp6_client(link, rt);
982 if (r < 0)
983 return r;
984
985 r = ndisc_router_process_default(link, rt);
986 if (r < 0)
987 return r;
988
989 r = ndisc_router_process_options(link, rt);
990 if (r < 0)
991 return r;
992
993 if (link->ndisc_messages == 0) {
994 link->ndisc_configured = true;
995
996 r = ndisc_remove(link, &router);
997 if (r < 0)
998 return r;
999 } else
1000 log_link_debug(link, "Setting SLAAC addresses and router.");
1001
1002 if (!link->ndisc_configured)
1003 link_set_state(link, LINK_STATE_CONFIGURING);
1004
1005 link_check_ready(link);
1006 return 0;
1007 }
1008
1009 static void ndisc_handler(sd_ndisc *nd, sd_ndisc_event_t event, sd_ndisc_router *rt, void *userdata) {
1010 Link *link = userdata;
1011 int r;
1012
1013 assert(link);
1014
1015 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
1016 return;
1017
1018 switch (event) {
1019
1020 case SD_NDISC_EVENT_ROUTER:
1021 r = ndisc_router_handler(link, rt);
1022 if (r < 0) {
1023 link_enter_failed(link);
1024 return;
1025 }
1026 break;
1027
1028 case SD_NDISC_EVENT_TIMEOUT:
1029 log_link_debug(link, "NDisc handler get timeout event");
1030 if (link->ndisc_messages == 0) {
1031 link->ndisc_configured = true;
1032 link_check_ready(link);
1033 }
1034 break;
1035 default:
1036 assert_not_reached();
1037 }
1038 }
1039
1040 int ndisc_configure(Link *link) {
1041 int r;
1042
1043 assert(link);
1044
1045 if (!link_ipv6_accept_ra_enabled(link))
1046 return 0;
1047
1048 if (link->ndisc)
1049 return -EBUSY; /* Already configured. */
1050
1051 r = sd_ndisc_new(&link->ndisc);
1052 if (r < 0)
1053 return r;
1054
1055 r = sd_ndisc_attach_event(link->ndisc, link->manager->event, 0);
1056 if (r < 0)
1057 return r;
1058
1059 r = sd_ndisc_set_mac(link->ndisc, &link->hw_addr.ether);
1060 if (r < 0)
1061 return r;
1062
1063 r = sd_ndisc_set_ifindex(link->ndisc, link->ifindex);
1064 if (r < 0)
1065 return r;
1066
1067 r = sd_ndisc_set_callback(link->ndisc, ndisc_handler, link);
1068 if (r < 0)
1069 return r;
1070
1071 return 0;
1072 }
1073
1074 int ndisc_start(Link *link) {
1075 assert(link);
1076
1077 if (!link->ndisc || !link->dhcp6_client)
1078 return 0;
1079
1080 if (!link_has_carrier(link))
1081 return 0;
1082
1083 if (in6_addr_is_null(&link->ipv6ll_address))
1084 return 0;
1085
1086 log_link_debug(link, "Discovering IPv6 routers");
1087
1088 return sd_ndisc_start(link->ndisc);
1089 }
1090
1091 void ndisc_vacuum(Link *link) {
1092 NDiscRDNSS *r;
1093 NDiscDNSSL *d;
1094 usec_t time_now;
1095
1096 assert(link);
1097
1098 /* Removes all RDNSS and DNSSL entries whose validity time has passed */
1099
1100 time_now = now(clock_boottime_or_monotonic());
1101
1102 SET_FOREACH(r, link->ndisc_rdnss)
1103 if (r->lifetime_usec < time_now)
1104 free(set_remove(link->ndisc_rdnss, r));
1105
1106 SET_FOREACH(d, link->ndisc_dnssl)
1107 if (d->lifetime_usec < time_now)
1108 free(set_remove(link->ndisc_dnssl, d));
1109 }
1110
1111 void ndisc_flush(Link *link) {
1112 assert(link);
1113
1114 /* Removes all RDNSS and DNSSL entries, without exception */
1115
1116 link->ndisc_rdnss = set_free(link->ndisc_rdnss);
1117 link->ndisc_dnssl = set_free(link->ndisc_dnssl);
1118 }
1119
1120 static const char* const ipv6_accept_ra_start_dhcp6_client_table[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX] = {
1121 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO] = "no",
1122 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS] = "always",
1123 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES] = "yes",
1124 };
1125
1126 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES);
1127
1128 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_use_domains, dhcp_use_domains, DHCPUseDomains,
1129 "Failed to parse UseDomains= setting");
1130 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_start_dhcp6_client, ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client,
1131 "Failed to parse DHCPv6Client= setting");
Unnamed repository; edit this file 'description' to name the repository.