1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 Copyright © 2014 Intel Corporation. All rights reserved.
7 #include <netinet/icmp6.h>
9 #include <linux/if_arp.h>
13 #include "missing_network.h"
14 #include "networkd-address-generation.h"
15 #include "networkd-address.h"
16 #include "networkd-dhcp6.h"
17 #include "networkd-manager.h"
18 #include "networkd-ndisc.h"
19 #include "networkd-queue.h"
20 #include "networkd-route.h"
21 #include "networkd-state-file.h"
22 #include "string-table.h"
23 #include "string-util.h"
26 #define NDISC_DNSSL_MAX 64U
27 #define NDISC_RDNSS_MAX 64U
29 bool link_ipv6_accept_ra_enabled(Link
*link
) {
32 if (!socket_ipv6_is_supported())
35 if (link
->flags
& IFF_LOOPBACK
)
38 if (link
->iftype
== ARPHRD_CAN
)
41 if (link
->hw_addr
.length
!= ETH_ALEN
&& !streq_ptr(link
->kind
, "wwan"))
42 /* Currently, only interfaces whose MAC address length is ETH_ALEN are supported.
43 * Note, wwan interfaces may be assigned MAC address slightly later.
44 * Hence, let's wait for a while.*/
50 if (!link_may_have_ipv6ll(link
))
53 assert(link
->network
->ipv6_accept_ra
>= 0);
54 return link
->network
->ipv6_accept_ra
;
57 void network_adjust_ipv6_accept_ra(Network
*network
) {
60 if (!FLAGS_SET(network
->link_local
, ADDRESS_FAMILY_IPV6
)) {
61 if (network
->ipv6_accept_ra
> 0)
62 log_warning("%s: IPv6AcceptRA= is enabled but IPv6 link local addressing is disabled or not supported. "
63 "Disabling IPv6AcceptRA=.", network
->filename
);
64 network
->ipv6_accept_ra
= false;
67 if (network
->ipv6_accept_ra
< 0)
68 /* default to accept RA if ip_forward is disabled and ignore RA if ip_forward is enabled */
69 network
->ipv6_accept_ra
= !FLAGS_SET(network
->ip_forward
, ADDRESS_FAMILY_IPV6
);
71 /* When RouterAllowList=, PrefixAllowList= or RouteAllowList= are specified, then
72 * RouterDenyList=, PrefixDenyList= or RouteDenyList= are ignored, respectively. */
73 if (!set_isempty(network
->ndisc_allow_listed_router
))
74 network
->ndisc_deny_listed_router
= set_free_free(network
->ndisc_deny_listed_router
);
75 if (!set_isempty(network
->ndisc_allow_listed_prefix
))
76 network
->ndisc_deny_listed_prefix
= set_free_free(network
->ndisc_deny_listed_prefix
);
77 if (!set_isempty(network
->ndisc_allow_listed_route_prefix
))
78 network
->ndisc_deny_listed_route_prefix
= set_free_free(network
->ndisc_deny_listed_route_prefix
);
81 static int ndisc_remove(Link
*link
, struct in6_addr
*router
) {
91 SET_FOREACH(route
, link
->routes
) {
92 if (route
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
94 if (!route_is_marked(route
))
96 if (router
&& !in6_addr_equal(router
, &route
->provider
.in6
))
99 k
= route_remove(route
);
103 route_cancel_request(route
, link
);
106 SET_FOREACH(address
, link
->addresses
) {
107 if (address
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
109 if (!address_is_marked(address
))
111 if (router
&& !in6_addr_equal(router
, &address
->provider
.in6
))
114 k
= address_remove(address
);
118 address_cancel_request(address
);
121 SET_FOREACH(rdnss
, link
->ndisc_rdnss
) {
124 if (router
&& !in6_addr_equal(router
, &rdnss
->router
))
127 free(set_remove(link
->ndisc_rdnss
, rdnss
));
131 SET_FOREACH(dnssl
, link
->ndisc_dnssl
) {
134 if (router
&& !in6_addr_equal(router
, &dnssl
->router
))
137 free(set_remove(link
->ndisc_dnssl
, dnssl
));
147 static int ndisc_check_ready(Link
*link
);
149 static int ndisc_address_ready_callback(Address
*address
) {
153 assert(address
->link
);
155 SET_FOREACH(a
, address
->link
->addresses
)
156 if (a
->source
== NETWORK_CONFIG_SOURCE_NDISC
)
159 return ndisc_check_ready(address
->link
);
162 static int ndisc_check_ready(Link
*link
) {
163 bool found
= false, ready
= false;
169 if (link
->ndisc_messages
> 0) {
170 log_link_debug(link
, "%s(): SLAAC addresses and routes are not set.", __func__
);
174 SET_FOREACH(address
, link
->addresses
) {
175 if (address
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
180 if (address_is_ready(address
)) {
186 if (found
&& !ready
) {
187 SET_FOREACH(address
, link
->addresses
)
188 if (address
->source
== NETWORK_CONFIG_SOURCE_NDISC
)
189 address
->callback
= ndisc_address_ready_callback
;
191 log_link_debug(link
, "%s(): no SLAAC address is ready.", __func__
);
195 link
->ndisc_configured
= true;
196 log_link_debug(link
, "SLAAC addresses and routes set.");
198 r
= ndisc_remove(link
, NULL
);
202 link_check_ready(link
);
206 static int ndisc_route_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
) {
210 assert(link
->ndisc_messages
> 0);
212 link
->ndisc_messages
--;
214 r
= route_configure_handler_internal(rtnl
, m
, link
, "Could not set NDisc route");
218 r
= ndisc_check_ready(link
);
220 link_enter_failed(link
);
225 static int ndisc_request_route(Route
*in
, Link
*link
, sd_ndisc_router
*rt
) {
226 _cleanup_(route_freep
) Route
*route
= in
;
227 struct in6_addr router
;
235 r
= sd_ndisc_router_get_address(rt
, &router
);
239 route
->source
= NETWORK_CONFIG_SOURCE_NDISC
;
240 route
->provider
.in6
= router
;
241 if (!route
->table_set
)
242 route
->table
= link_get_ipv6_accept_ra_route_table(link
);
243 if (!route
->priority_set
)
244 route
->priority
= link
->network
->ipv6_accept_ra_route_metric
;
245 if (!route
->protocol_set
)
246 route
->protocol
= RTPROT_RA
;
248 if (route_get(NULL
, link
, route
, &existing
) < 0)
249 link
->ndisc_configured
= false;
251 route_unmark(existing
);
253 return link_request_route(link
, TAKE_PTR(route
), true, &link
->ndisc_messages
,
254 ndisc_route_handler
, NULL
);
257 static int ndisc_address_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
) {
261 assert(link
->ndisc_messages
> 0);
263 link
->ndisc_messages
--;
265 r
= address_configure_handler_internal(rtnl
, m
, link
, "Could not set NDisc address");
269 r
= ndisc_check_ready(link
);
271 link_enter_failed(link
);
276 static int ndisc_request_address(Address
*in
, Link
*link
, sd_ndisc_router
*rt
) {
277 _cleanup_(address_freep
) Address
*address
= in
;
278 struct in6_addr router
;
286 r
= sd_ndisc_router_get_address(rt
, &router
);
290 address
->source
= NETWORK_CONFIG_SOURCE_NDISC
;
291 address
->provider
.in6
= router
;
293 if (address_get(link
, address
, &existing
) < 0)
294 link
->ndisc_configured
= false;
296 address_unmark(existing
);
298 return link_request_address(link
, TAKE_PTR(address
), true, &link
->ndisc_messages
,
299 ndisc_address_handler
, NULL
);
302 static int ndisc_router_process_default(Link
*link
, sd_ndisc_router
*rt
) {
303 usec_t lifetime_usec
, timestamp_usec
;
304 struct in6_addr gateway
;
305 uint16_t lifetime_sec
;
311 assert(link
->network
);
314 if (!link
->network
->ipv6_accept_ra_use_gateway
&&
315 hashmap_isempty(link
->network
->routes_by_section
))
318 r
= sd_ndisc_router_get_lifetime(rt
, &lifetime_sec
);
320 return log_link_error_errno(link
, r
, "Failed to get gateway lifetime from RA: %m");
322 if (lifetime_sec
== 0) /* not a default router */
325 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), ×tamp_usec
);
327 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
329 lifetime_usec
= usec_add(timestamp_usec
, lifetime_sec
* USEC_PER_SEC
);
331 r
= sd_ndisc_router_get_address(rt
, &gateway
);
333 return log_link_error_errno(link
, r
, "Failed to get gateway address from RA: %m");
335 if (link_get_ipv6_address(link
, &gateway
, NULL
) >= 0) {
337 _cleanup_free_
char *buffer
= NULL
;
339 (void) in6_addr_to_string(&gateway
, &buffer
);
340 log_link_debug(link
, "No NDisc route added, gateway %s matches local address",
346 r
= sd_ndisc_router_get_preference(rt
, &preference
);
348 return log_link_error_errno(link
, r
, "Failed to get default router preference from RA: %m");
350 if (link
->network
->ipv6_accept_ra_use_mtu
) {
351 r
= sd_ndisc_router_get_mtu(rt
, &mtu
);
352 if (r
< 0 && r
!= -ENODATA
)
353 return log_link_error_errno(link
, r
, "Failed to get default router MTU from RA: %m");
356 if (link
->network
->ipv6_accept_ra_use_gateway
) {
357 _cleanup_(route_freep
) Route
*route
= NULL
;
359 r
= route_new(&route
);
363 route
->family
= AF_INET6
;
364 route
->pref
= preference
;
365 route
->gw_family
= AF_INET6
;
366 route
->gw
.in6
= gateway
;
367 route
->lifetime_usec
= lifetime_usec
;
370 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
372 return log_link_error_errno(link
, r
, "Could not request default route: %m");
376 HASHMAP_FOREACH(route_gw
, link
->network
->routes_by_section
) {
377 _cleanup_(route_freep
) Route
*route
= NULL
;
379 if (!route_gw
->gateway_from_dhcp_or_ra
)
382 if (route_gw
->gw_family
!= AF_INET6
)
385 r
= route_dup(route_gw
, &route
);
389 route
->gw
.in6
= gateway
;
390 if (!route
->pref_set
)
391 route
->pref
= preference
;
392 route
->lifetime_usec
= lifetime_usec
;
396 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
398 return log_link_error_errno(link
, r
, "Could not request gateway: %m");
404 static int ndisc_router_process_autonomous_prefix(Link
*link
, sd_ndisc_router
*rt
) {
405 uint32_t lifetime_valid_sec
, lifetime_preferred_sec
;
406 usec_t lifetime_valid_usec
, lifetime_preferred_usec
, timestamp_usec
;
407 _cleanup_set_free_ Set
*addresses
= NULL
;
408 struct in6_addr prefix
, *a
;
413 assert(link
->network
);
416 if (!link
->network
->ipv6_accept_ra_use_autonomous_prefix
)
419 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), ×tamp_usec
);
421 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
423 r
= sd_ndisc_router_prefix_get_address(rt
, &prefix
);
425 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
427 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
429 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
431 /* ndisc_generate_addresses() below requires the prefix length <= 64. */
432 if (prefixlen
> 64) {
433 _cleanup_free_
char *buf
= NULL
;
435 (void) in6_addr_prefix_to_string(&prefix
, prefixlen
, &buf
);
436 log_link_debug(link
, "Prefix is longer than 64, ignoring autonomous prefix %s.", strna(buf
));
440 r
= sd_ndisc_router_prefix_get_valid_lifetime(rt
, &lifetime_valid_sec
);
442 return log_link_error_errno(link
, r
, "Failed to get prefix valid lifetime: %m");
444 if (lifetime_valid_sec
== 0) {
445 log_link_debug(link
, "Ignoring prefix as its valid lifetime is zero.");
449 r
= sd_ndisc_router_prefix_get_preferred_lifetime(rt
, &lifetime_preferred_sec
);
451 return log_link_error_errno(link
, r
, "Failed to get prefix preferred lifetime: %m");
453 /* The preferred lifetime is never greater than the valid lifetime */
454 if (lifetime_preferred_sec
> lifetime_valid_sec
)
457 lifetime_valid_usec
= usec_add(lifetime_valid_sec
* USEC_PER_SEC
, timestamp_usec
);
458 lifetime_preferred_usec
= usec_add(lifetime_preferred_sec
* USEC_PER_SEC
, timestamp_usec
);
460 r
= ndisc_generate_addresses(link
, &prefix
, prefixlen
, &addresses
);
462 return log_link_error_errno(link
, r
, "Failed to generate SLAAC addresses: %m");
464 SET_FOREACH(a
, addresses
) {
465 _cleanup_(address_freep
) Address
*address
= NULL
;
468 r
= address_new(&address
);
472 address
->family
= AF_INET6
;
473 address
->in_addr
.in6
= *a
;
474 address
->prefixlen
= prefixlen
;
475 address
->flags
= IFA_F_NOPREFIXROUTE
|IFA_F_MANAGETEMPADDR
;
476 address
->lifetime_valid_usec
= lifetime_valid_usec
;
477 address
->lifetime_preferred_usec
= lifetime_preferred_usec
;
479 /* See RFC4862, section 5.5.3.e. But the following logic is deviated from RFC4862 by
480 * honoring all valid lifetimes to improve the reaction of SLAAC to renumbering events.
481 * See draft-ietf-6man-slaac-renum-02, section 4.2. */
482 r
= address_get(link
, address
, &e
);
484 /* If the address is already assigned, but not valid anymore, then refuse to
485 * update the address, and it will be removed. */
486 if (e
->lifetime_valid_usec
< timestamp_usec
)
490 r
= ndisc_request_address(TAKE_PTR(address
), link
, rt
);
492 return log_link_error_errno(link
, r
, "Could not request SLAAC address: %m");
498 static int ndisc_router_process_onlink_prefix(Link
*link
, sd_ndisc_router
*rt
) {
499 _cleanup_(route_freep
) Route
*route
= NULL
;
500 usec_t timestamp_usec
;
501 uint32_t lifetime_sec
;
506 assert(link
->network
);
509 if (!link
->network
->ipv6_accept_ra_use_onlink_prefix
)
512 r
= sd_ndisc_router_prefix_get_valid_lifetime(rt
, &lifetime_sec
);
514 return log_link_error_errno(link
, r
, "Failed to get prefix lifetime: %m");
516 if (lifetime_sec
== 0)
519 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), ×tamp_usec
);
521 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
523 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
525 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
527 r
= route_new(&route
);
531 route
->family
= AF_INET6
;
532 route
->flags
= RTM_F_PREFIX
;
533 route
->dst_prefixlen
= prefixlen
;
534 route
->lifetime_usec
= usec_add(timestamp_usec
, lifetime_sec
* USEC_PER_SEC
);
536 r
= sd_ndisc_router_prefix_get_address(rt
, &route
->dst
.in6
);
538 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
540 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
542 return log_link_error_errno(link
, r
, "Could not request prefix route: %m");;
547 static int ndisc_router_process_prefix(Link
*link
, sd_ndisc_router
*rt
) {
554 assert(link
->network
);
557 r
= sd_ndisc_router_prefix_get_address(rt
, &a
);
559 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
561 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
563 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
565 if (in6_prefix_is_filtered(&a
, prefixlen
, link
->network
->ndisc_allow_listed_prefix
, link
->network
->ndisc_deny_listed_prefix
)) {
567 _cleanup_free_
char *b
= NULL
;
569 (void) in6_addr_prefix_to_string(&a
, prefixlen
, &b
);
570 if (!set_isempty(link
->network
->ndisc_allow_listed_prefix
))
571 log_link_debug(link
, "Prefix '%s' is not in allow list, ignoring", strna(b
));
573 log_link_debug(link
, "Prefix '%s' is in deny list, ignoring", strna(b
));
578 r
= sd_ndisc_router_prefix_get_flags(rt
, &flags
);
580 return log_link_error_errno(link
, r
, "Failed to get RA prefix flags: %m");
582 if (FLAGS_SET(flags
, ND_OPT_PI_FLAG_ONLINK
)) {
583 r
= ndisc_router_process_onlink_prefix(link
, rt
);
588 if (FLAGS_SET(flags
, ND_OPT_PI_FLAG_AUTO
)) {
589 r
= ndisc_router_process_autonomous_prefix(link
, rt
);
597 static int ndisc_router_process_route(Link
*link
, sd_ndisc_router
*rt
) {
598 _cleanup_(route_freep
) Route
*route
= NULL
;
599 unsigned preference
, prefixlen
;
600 struct in6_addr gateway
, dst
;
601 uint32_t lifetime_sec
;
602 usec_t timestamp_usec
;
607 if (!link
->network
->ipv6_accept_ra_use_route_prefix
)
610 r
= sd_ndisc_router_route_get_lifetime(rt
, &lifetime_sec
);
612 return log_link_error_errno(link
, r
, "Failed to get route lifetime from RA: %m");
614 if (lifetime_sec
== 0)
617 r
= sd_ndisc_router_route_get_address(rt
, &dst
);
619 return log_link_error_errno(link
, r
, "Failed to get route destination address: %m");
621 r
= sd_ndisc_router_route_get_prefixlen(rt
, &prefixlen
);
623 return log_link_error_errno(link
, r
, "Failed to get route prefix length: %m");
625 if (in6_addr_is_null(&dst
) && prefixlen
== 0) {
626 log_link_debug(link
, "Route prefix is ::/0, ignoring");
630 if (in6_prefix_is_filtered(&dst
, prefixlen
, link
->network
->ndisc_allow_listed_route_prefix
, link
->network
->ndisc_deny_listed_route_prefix
)) {
632 _cleanup_free_
char *buf
= NULL
;
634 (void) in6_addr_prefix_to_string(&dst
, prefixlen
, &buf
);
635 if (!set_isempty(link
->network
->ndisc_allow_listed_route_prefix
))
636 log_link_debug(link
, "Route prefix '%s' is not in allow list, ignoring", strna(buf
));
638 log_link_debug(link
, "Route prefix '%s' is in deny list, ignoring", strna(buf
));
643 r
= sd_ndisc_router_get_address(rt
, &gateway
);
645 return log_link_error_errno(link
, r
, "Failed to get gateway address from RA: %m");
647 if (link_get_ipv6_address(link
, &gateway
, NULL
) >= 0) {
649 _cleanup_free_
char *buf
= NULL
;
651 (void) in6_addr_to_string(&gateway
, &buf
);
652 log_link_debug(link
, "Advertised route gateway %s is local to the link, ignoring route", strna(buf
));
657 r
= sd_ndisc_router_route_get_preference(rt
, &preference
);
659 return log_link_error_errno(link
, r
, "Failed to get default router preference from RA: %m");
661 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), ×tamp_usec
);
663 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
665 r
= route_new(&route
);
669 route
->family
= AF_INET6
;
670 route
->pref
= preference
;
671 route
->gw
.in6
= gateway
;
672 route
->gw_family
= AF_INET6
;
673 route
->dst
.in6
= dst
;
674 route
->dst_prefixlen
= prefixlen
;
675 route
->lifetime_usec
= usec_add(timestamp_usec
, lifetime_sec
* USEC_PER_SEC
);
677 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
679 return log_link_error_errno(link
, r
, "Could not request additional route: %m");
684 static void ndisc_rdnss_hash_func(const NDiscRDNSS
*x
, struct siphash
*state
) {
685 siphash24_compress(&x
->address
, sizeof(x
->address
), state
);
688 static int ndisc_rdnss_compare_func(const NDiscRDNSS
*a
, const NDiscRDNSS
*b
) {
689 return memcmp(&a
->address
, &b
->address
, sizeof(a
->address
));
692 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
693 ndisc_rdnss_hash_ops
,
695 ndisc_rdnss_hash_func
,
696 ndisc_rdnss_compare_func
,
699 static int ndisc_router_process_rdnss(Link
*link
, sd_ndisc_router
*rt
) {
700 usec_t lifetime_usec
, timestamp_usec
;
701 uint32_t lifetime_sec
;
702 const struct in6_addr
*a
;
703 struct in6_addr router
;
704 bool updated
= false;
708 assert(link
->network
);
711 if (!link
->network
->ipv6_accept_ra_use_dns
)
714 r
= sd_ndisc_router_get_address(rt
, &router
);
716 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
718 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), ×tamp_usec
);
720 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
722 r
= sd_ndisc_router_rdnss_get_lifetime(rt
, &lifetime_sec
);
724 return log_link_error_errno(link
, r
, "Failed to get RDNSS lifetime: %m");
726 if (lifetime_sec
== 0)
729 lifetime_usec
= usec_add(timestamp_usec
, lifetime_sec
* USEC_PER_SEC
);
731 n
= sd_ndisc_router_rdnss_get_addresses(rt
, &a
);
733 return log_link_error_errno(link
, n
, "Failed to get RDNSS addresses: %m");
735 if (n
>= (int) NDISC_RDNSS_MAX
) {
736 log_link_warning(link
, "Too many RDNSS records per link. Only first %i records will be used.", NDISC_RDNSS_MAX
);
740 for (int j
= 0; j
< n
; j
++) {
741 _cleanup_free_ NDiscRDNSS
*x
= NULL
;
742 NDiscRDNSS
*rdnss
, d
= {
746 rdnss
= set_get(link
->ndisc_rdnss
, &d
);
748 rdnss
->marked
= false;
749 rdnss
->router
= router
;
750 rdnss
->lifetime_usec
= lifetime_usec
;
754 x
= new(NDiscRDNSS
, 1);
761 .lifetime_usec
= lifetime_usec
,
764 r
= set_ensure_consume(&link
->ndisc_rdnss
, &ndisc_rdnss_hash_ops
, TAKE_PTR(x
));
778 static void ndisc_dnssl_hash_func(const NDiscDNSSL
*x
, struct siphash
*state
) {
779 siphash24_compress_string(NDISC_DNSSL_DOMAIN(x
), state
);
782 static int ndisc_dnssl_compare_func(const NDiscDNSSL
*a
, const NDiscDNSSL
*b
) {
783 return strcmp(NDISC_DNSSL_DOMAIN(a
), NDISC_DNSSL_DOMAIN(b
));
786 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
787 ndisc_dnssl_hash_ops
,
789 ndisc_dnssl_hash_func
,
790 ndisc_dnssl_compare_func
,
793 static int ndisc_router_process_dnssl(Link
*link
, sd_ndisc_router
*rt
) {
794 _cleanup_strv_free_
char **l
= NULL
;
795 usec_t lifetime_usec
, timestamp_usec
;
796 struct in6_addr router
;
797 uint32_t lifetime_sec
;
798 bool updated
= false;
803 assert(link
->network
);
806 if (link
->network
->ipv6_accept_ra_use_domains
== DHCP_USE_DOMAINS_NO
)
809 r
= sd_ndisc_router_get_address(rt
, &router
);
811 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
813 r
= sd_ndisc_router_get_timestamp(rt
, clock_boottime_or_monotonic(), ×tamp_usec
);
815 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
817 r
= sd_ndisc_router_dnssl_get_lifetime(rt
, &lifetime_sec
);
819 return log_link_error_errno(link
, r
, "Failed to get DNSSL lifetime: %m");
821 if (lifetime_sec
== 0)
824 lifetime_usec
= usec_add(timestamp_usec
, lifetime_sec
* USEC_PER_SEC
);
826 r
= sd_ndisc_router_dnssl_get_domains(rt
, &l
);
828 return log_link_error_errno(link
, r
, "Failed to get DNSSL addresses: %m");
830 if (strv_length(l
) >= NDISC_DNSSL_MAX
) {
831 log_link_warning(link
, "Too many DNSSL records per link. Only first %i records will be used.", NDISC_DNSSL_MAX
);
832 STRV_FOREACH(j
, l
+ NDISC_DNSSL_MAX
)
837 _cleanup_free_ NDiscDNSSL
*s
= NULL
;
840 s
= malloc0(ALIGN(sizeof(NDiscDNSSL
)) + strlen(*j
) + 1);
844 strcpy(NDISC_DNSSL_DOMAIN(s
), *j
);
846 dnssl
= set_get(link
->ndisc_dnssl
, s
);
848 dnssl
->marked
= false;
849 dnssl
->router
= router
;
850 dnssl
->lifetime_usec
= lifetime_usec
;
855 s
->lifetime_usec
= lifetime_usec
;
857 r
= set_ensure_consume(&link
->ndisc_dnssl
, &ndisc_dnssl_hash_ops
, TAKE_PTR(s
));
871 static int ndisc_router_process_options(Link
*link
, sd_ndisc_router
*rt
) {
875 assert(link
->network
);
878 for (r
= sd_ndisc_router_option_rewind(rt
); ; r
= sd_ndisc_router_option_next(rt
)) {
882 return log_link_error_errno(link
, r
, "Failed to iterate through options: %m");
883 if (r
== 0) /* EOF */
886 r
= sd_ndisc_router_option_get_type(rt
, &type
);
888 return log_link_error_errno(link
, r
, "Failed to get RA option type: %m");
892 case SD_NDISC_OPTION_PREFIX_INFORMATION
:
893 r
= ndisc_router_process_prefix(link
, rt
);
898 case SD_NDISC_OPTION_ROUTE_INFORMATION
:
899 r
= ndisc_router_process_route(link
, rt
);
904 case SD_NDISC_OPTION_RDNSS
:
905 r
= ndisc_router_process_rdnss(link
, rt
);
910 case SD_NDISC_OPTION_DNSSL
:
911 r
= ndisc_router_process_dnssl(link
, rt
);
919 static void ndisc_mark(Link
*link
, const struct in6_addr
*router
) {
926 link_mark_addresses(link
, NETWORK_CONFIG_SOURCE_NDISC
, router
);
927 link_mark_routes(link
, NETWORK_CONFIG_SOURCE_NDISC
, router
);
929 SET_FOREACH(rdnss
, link
->ndisc_rdnss
)
930 if (in6_addr_equal(&rdnss
->router
, router
))
931 rdnss
->marked
= true;
933 SET_FOREACH(dnssl
, link
->ndisc_dnssl
)
934 if (in6_addr_equal(&dnssl
->router
, router
))
935 dnssl
->marked
= true;
938 static int ndisc_start_dhcp6_client(Link
*link
, sd_ndisc_router
*rt
) {
942 assert(link
->network
);
944 switch (link
->network
->ipv6_accept_ra_start_dhcp6_client
) {
945 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO
:
948 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES
: {
951 r
= sd_ndisc_router_get_flags(rt
, &flags
);
953 return log_link_warning_errno(link
, r
, "Failed to get RA flags: %m");
955 if ((flags
& (ND_RA_FLAG_MANAGED
| ND_RA_FLAG_OTHER
)) == 0)
958 /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags.
959 * Note, if both managed and other information bits are set, then ignore other
960 * information bit. See RFC 4861. */
961 r
= dhcp6_start_on_ra(link
, !(flags
& ND_RA_FLAG_MANAGED
));
964 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS
:
965 /* When IPv6AcceptRA.DHCPv6Client=always, start dhcp6 client in managed mode
966 * even if the router flags have neither M nor O flags. */
967 r
= dhcp6_start_on_ra(link
, /* information_request = */ false);
971 assert_not_reached();
975 return log_link_error_errno(link
, r
, "Could not acquire DHCPv6 lease on NDisc request: %m");
977 log_link_debug(link
, "Acquiring DHCPv6 lease on NDisc request");
981 static int ndisc_router_handler(Link
*link
, sd_ndisc_router
*rt
) {
982 struct in6_addr router
;
986 assert(link
->network
);
987 assert(link
->manager
);
990 r
= sd_ndisc_router_get_address(rt
, &router
);
992 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
994 if (in6_prefix_is_filtered(&router
, 128, link
->network
->ndisc_allow_listed_router
, link
->network
->ndisc_deny_listed_router
)) {
996 _cleanup_free_
char *buf
= NULL
;
998 (void) in6_addr_to_string(&router
, &buf
);
999 if (!set_isempty(link
->network
->ndisc_allow_listed_router
))
1000 log_link_debug(link
, "Router '%s' is not in allow list, ignoring", strna(buf
));
1002 log_link_debug(link
, "Router '%s' is in deny list, ignoring", strna(buf
));
1007 ndisc_mark(link
, &router
);
1009 r
= ndisc_start_dhcp6_client(link
, rt
);
1013 r
= ndisc_router_process_default(link
, rt
);
1017 r
= ndisc_router_process_options(link
, rt
);
1021 if (link
->ndisc_messages
== 0) {
1022 link
->ndisc_configured
= true;
1024 r
= ndisc_remove(link
, &router
);
1028 log_link_debug(link
, "Setting SLAAC addresses and router.");
1030 if (!link
->ndisc_configured
)
1031 link_set_state(link
, LINK_STATE_CONFIGURING
);
1033 link_check_ready(link
);
1037 static void ndisc_handler(sd_ndisc
*nd
, sd_ndisc_event_t event
, sd_ndisc_router
*rt
, void *userdata
) {
1038 Link
*link
= userdata
;
1043 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
1048 case SD_NDISC_EVENT_ROUTER
:
1049 r
= ndisc_router_handler(link
, rt
);
1051 link_enter_failed(link
);
1056 case SD_NDISC_EVENT_TIMEOUT
:
1057 log_link_debug(link
, "NDisc handler get timeout event");
1058 if (link
->ndisc_messages
== 0) {
1059 link
->ndisc_configured
= true;
1060 link_check_ready(link
);
1064 assert_not_reached();
1068 static int ndisc_configure(Link
*link
) {
1073 if (!link_ipv6_accept_ra_enabled(link
))
1077 return -EBUSY
; /* Already configured. */
1079 r
= sd_ndisc_new(&link
->ndisc
);
1083 r
= sd_ndisc_attach_event(link
->ndisc
, link
->manager
->event
, 0);
1087 r
= sd_ndisc_set_mac(link
->ndisc
, &link
->hw_addr
.ether
);
1091 r
= sd_ndisc_set_ifindex(link
->ndisc
, link
->ifindex
);
1095 r
= sd_ndisc_set_callback(link
->ndisc
, ndisc_handler
, link
);
1102 int ndisc_start(Link
*link
) {
1107 if (!link
->ndisc
|| !link
->dhcp6_client
)
1110 if (!link_has_carrier(link
))
1113 if (in6_addr_is_null(&link
->ipv6ll_address
))
1116 log_link_debug(link
, "Discovering IPv6 routers");
1118 r
= sd_ndisc_start(link
->ndisc
);
1125 int request_process_ndisc(Request
*req
) {
1130 assert(req
->type
== REQUEST_TYPE_NDISC
);
1132 link
= ASSERT_PTR(req
->link
);
1134 if (!IN_SET(link
->state
, LINK_STATE_CONFIGURING
, LINK_STATE_CONFIGURED
))
1137 if (link
->hw_addr
.length
!= ETH_ALEN
|| hw_addr_is_null(&link
->hw_addr
))
1138 /* No MAC address is assigned to the hardware, or non-supported MAC address length. */
1141 r
= ndisc_configure(link
);
1143 return log_link_warning_errno(link
, r
, "Failed to configure IPv6 Router Discovery: %m");
1145 r
= ndisc_start(link
);
1147 return log_link_warning_errno(link
, r
, "Failed to start IPv6 Router Discovery: %m");
1149 log_link_debug(link
, "IPv6 Router Discovery is configured%s.",
1150 r
> 0 ? " and started" : "");
1155 int link_request_ndisc(Link
*link
) {
1160 if (!link_ipv6_accept_ra_enabled(link
))
1166 r
= link_queue_request(link
, REQUEST_TYPE_NDISC
, NULL
, false, NULL
, NULL
, NULL
);
1168 return log_link_warning_errno(link
, r
, "Failed to request configuring of the IPv6 Router Discovery: %m");
1170 log_link_debug(link
, "Requested configuring of the IPv6 Router Discovery.");
1174 void ndisc_vacuum(Link
*link
) {
1181 /* Removes all RDNSS and DNSSL entries whose validity time has passed */
1183 time_now
= now(clock_boottime_or_monotonic());
1185 SET_FOREACH(r
, link
->ndisc_rdnss
)
1186 if (r
->lifetime_usec
< time_now
)
1187 free(set_remove(link
->ndisc_rdnss
, r
));
1189 SET_FOREACH(d
, link
->ndisc_dnssl
)
1190 if (d
->lifetime_usec
< time_now
)
1191 free(set_remove(link
->ndisc_dnssl
, d
));
1194 void ndisc_flush(Link
*link
) {
1197 /* Removes all RDNSS and DNSSL entries, without exception */
1199 link
->ndisc_rdnss
= set_free(link
->ndisc_rdnss
);
1200 link
->ndisc_dnssl
= set_free(link
->ndisc_dnssl
);
1203 static const char* const ipv6_accept_ra_start_dhcp6_client_table
[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX
] = {
1204 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO
] = "no",
1205 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS
] = "always",
1206 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES
] = "yes",
1209 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(ipv6_accept_ra_start_dhcp6_client
, IPv6AcceptRAStartDHCP6Client
, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES
);
1211 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_use_domains
, dhcp_use_domains
, DHCPUseDomains
,
1212 "Failed to parse UseDomains= setting");
1213 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_start_dhcp6_client
, ipv6_accept_ra_start_dhcp6_client
, IPv6AcceptRAStartDHCP6Client
,
1214 "Failed to parse DHCPv6Client= setting");