-/* SPDX-License-Identifier: LGPL-2.1+ */
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <netinet/in.h>
#include <linux/if.h>
-#include <unistd.h>
-#include "fileio.h"
#include "netlink-util.h"
#include "networkd-ipv6-proxy-ndp.h"
#include "networkd-link.h"
#include "networkd-manager.h"
#include "networkd-network.h"
+#include "networkd-queue.h"
#include "socket-util.h"
#include "string-util.h"
-#include "sysctl-util.h"
-static bool ipv6_proxy_ndp_is_needed(Link *link) {
- assert(link);
+void network_adjust_ipv6_proxy_ndp(Network *network) {
+ assert(network);
+
+ if (set_isempty(network->ipv6_proxy_ndp_addresses))
+ return;
- if (link->flags & IFF_LOOPBACK)
- return false;
+ if (!socket_ipv6_is_supported()) {
+ log_once(LOG_WARNING,
+ "%s: IPv6 proxy NDP addresses are set, but IPv6 is not supported by kernel, "
+ "Ignoring IPv6 proxy NDP addresses.", network->filename);
+ network->ipv6_proxy_ndp_addresses = set_free_free(network->ipv6_proxy_ndp_addresses);
+ }
+}
- if (!link->network)
- return false;
+static int ipv6_proxy_ndp_address_configure_handler(
+ sd_netlink *rtnl,
+ sd_netlink_message *m,
+ Request *req,
+ Link *link,
+ struct in6_addr *address) {
- if (link->network->ipv6_proxy_ndp >= 0)
- return link->network->ipv6_proxy_ndp;
+ int r;
+
+ assert(m);
+ assert(link);
+
+ r = sd_netlink_message_get_errno(m);
+ if (r < 0)
+ log_link_message_warning_errno(link, m, r, "Could not add IPv6 proxy ndp address entry, ignoring");
- if (link->network->n_ipv6_proxy_ndp_addresses == 0)
- return false;
+ if (link->static_ipv6_proxy_ndp_messages == 0) {
+ log_link_debug(link, "IPv6 proxy NDP addresses set.");
+ link->static_ipv6_proxy_ndp_configured = true;
+ link_check_ready(link);
+ }
- return true;
+ return 1;
}
-static int ipv6_proxy_ndp_set(Link *link) {
- bool v;
+/* send a request to the kernel to add an IPv6 Proxy entry to the neighbour table */
+static int ipv6_proxy_ndp_address_configure(const struct in6_addr *address, Link *link, Request *req) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
+ assert(address);
assert(link);
+ assert(link->manager);
+ assert(link->manager->rtnl);
+ assert(req);
- if (!socket_ipv6_is_supported())
- return 0;
+ /* create new netlink message */
+ r = sd_rtnl_message_new_neigh(link->manager->rtnl, &m, RTM_NEWNEIGH, link->ifindex, AF_INET6);
+ if (r < 0)
+ return r;
- v = ipv6_proxy_ndp_is_needed(link);
+ r = sd_rtnl_message_neigh_set_flags(m, NTF_PROXY);
+ if (r < 0)
+ return r;
- r = sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "proxy_ndp", v);
+ r = sd_netlink_message_append_in6_addr(m, NDA_DST, address);
if (r < 0)
- log_link_warning_errno(link, r, "Cannot configure proxy NDP for interface: %m");
+ return r;
- return 0;
+ return request_call_netlink_async(link->manager->rtnl, m, req);
}
-static int ipv6_proxy_ndp_address_new_static(Network *network, IPv6ProxyNDPAddress **ret) {
- _cleanup_(ipv6_proxy_ndp_address_freep) IPv6ProxyNDPAddress *ipv6_proxy_ndp_address = NULL;
-
- assert(network);
- assert(ret);
-
- /* allocate space for IPv6ProxyNDPAddress entry */
- ipv6_proxy_ndp_address = new(IPv6ProxyNDPAddress, 1);
- if (!ipv6_proxy_ndp_address)
- return -ENOMEM;
+static int ipv6_proxy_ndp_address_process_request(Request *req, Link *link, struct in6_addr *address) {
+ int r;
- *ipv6_proxy_ndp_address = (IPv6ProxyNDPAddress) {
- .network = network,
- };
+ assert(req);
+ assert(link);
+ assert(address);
- LIST_PREPEND(ipv6_proxy_ndp_addresses, network->ipv6_proxy_ndp_addresses, ipv6_proxy_ndp_address);
- network->n_ipv6_proxy_ndp_addresses++;
+ if (!link_is_ready_to_configure(link, false))
+ return 0;
- *ret = TAKE_PTR(ipv6_proxy_ndp_address);
+ r = ipv6_proxy_ndp_address_configure(address, link, req);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Failed to configure IPv6 proxy NDP address: %m");
- return 0;
+ return 1;
}
-void ipv6_proxy_ndp_address_free(IPv6ProxyNDPAddress *ipv6_proxy_ndp_address) {
- if (!ipv6_proxy_ndp_address)
- return;
+int link_request_static_ipv6_proxy_ndp_addresses(Link *link) {
+ struct in6_addr *address;
+ int r;
+
+ assert(link);
+ assert(link->network);
- if (ipv6_proxy_ndp_address->network) {
- LIST_REMOVE(ipv6_proxy_ndp_addresses, ipv6_proxy_ndp_address->network->ipv6_proxy_ndp_addresses,
- ipv6_proxy_ndp_address);
+ link->static_ipv6_proxy_ndp_configured = false;
+
+ SET_FOREACH(address, link->network->ipv6_proxy_ndp_addresses) {
+ r = link_queue_request_safe(link, REQUEST_TYPE_IPV6_PROXY_NDP,
+ address, NULL,
+ in6_addr_hash_func,
+ in6_addr_compare_func,
+ ipv6_proxy_ndp_address_process_request,
+ &link->static_ipv6_proxy_ndp_messages,
+ ipv6_proxy_ndp_address_configure_handler,
+ NULL);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Failed to request IPv6 proxy NDP address: %m");
+ }
- assert(ipv6_proxy_ndp_address->network->n_ipv6_proxy_ndp_addresses > 0);
- ipv6_proxy_ndp_address->network->n_ipv6_proxy_ndp_addresses--;
+ if (link->static_ipv6_proxy_ndp_messages == 0) {
+ link->static_ipv6_proxy_ndp_configured = true;
+ link_check_ready(link);
+ } else {
+ log_link_debug(link, "Setting IPv6 proxy NDP addresses.");
+ link_set_state(link, LINK_STATE_CONFIGURING);
}
- free(ipv6_proxy_ndp_address);
+ return 0;
}
int config_parse_ipv6_proxy_ndp_address(
void *data,
void *userdata) {
- Network *network = userdata;
- _cleanup_(ipv6_proxy_ndp_address_freep) IPv6ProxyNDPAddress *ipv6_proxy_ndp_address = NULL;
- int r;
+ _cleanup_free_ struct in6_addr *address = NULL;
+ Network *network = ASSERT_PTR(userdata);
union in_addr_union buffer;
+ int r;
assert(filename);
- assert(section);
- assert(lvalue);
assert(rvalue);
- assert(data);
- r = ipv6_proxy_ndp_address_new_static(network, &ipv6_proxy_ndp_address);
- if (r < 0)
- return log_oom();
+ if (isempty(rvalue)) {
+ network->ipv6_proxy_ndp_addresses = set_free_free(network->ipv6_proxy_ndp_addresses);
+ return 0;
+ }
r = in_addr_from_string(AF_INET6, rvalue, &buffer);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
- "Failed to parse IPv6 proxy NDP address, ignoring: %s",
- rvalue);
+ "Failed to parse IPv6 proxy NDP address, ignoring: %s", rvalue);
return 0;
}
return 0;
}
- ipv6_proxy_ndp_address->in_addr = buffer.in6;
- ipv6_proxy_ndp_address = NULL;
-
- return 0;
-}
-
-static int set_ipv6_proxy_ndp_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
- int r;
-
- assert(link);
-
- r = sd_netlink_message_get_errno(m);
- if (r < 0 && r != -EEXIST)
- log_link_message_warning_errno(link, m, r, "Could not add IPv6 proxy ndp address entry, ignoring");
-
- return 1;
-}
-
-/* send a request to the kernel to add a IPv6 Proxy entry to the neighbour table */
-int ipv6_proxy_ndp_address_configure(Link *link, IPv6ProxyNDPAddress *ipv6_proxy_ndp_address) {
- _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
- sd_netlink *rtnl;
- int r;
-
- assert(link);
- assert(link->network);
- assert(link->manager);
- assert(ipv6_proxy_ndp_address);
-
- rtnl = link->manager->rtnl;
-
- /* create new netlink message */
- r = sd_rtnl_message_new_neigh(rtnl, &req, RTM_NEWNEIGH, link->ifindex, AF_INET6);
- if (r < 0)
- return log_link_error_errno(link, r, "Could not create RTM_NEWNEIGH message: %m");
-
- r = sd_rtnl_message_neigh_set_flags(req, NLM_F_REQUEST | NTF_PROXY);
- if (r < 0)
- return log_link_error_errno(link, r, "Could not set neighbor flags: %m");
-
- r = sd_netlink_message_append_in6_addr(req, NDA_DST, &ipv6_proxy_ndp_address->in_addr);
- if (r < 0)
- return log_link_error_errno(link, r, "Could not append NDA_DST attribute: %m");
+ address = newdup(struct in6_addr, &buffer.in6, 1);
+ if (!address)
+ return log_oom();
- r = netlink_call_async(rtnl, NULL, req, set_ipv6_proxy_ndp_address_handler,
- link_netlink_destroy_callback, link);
+ r = set_ensure_put(&network->ipv6_proxy_ndp_addresses, &in6_addr_hash_ops, address);
if (r < 0)
- return log_link_error_errno(link, r, "Could not send rtnetlink message: %m");
-
- link_ref(link);
-
- return 0;
-}
-
-/* configure all ipv6 proxy ndp addresses */
-int ipv6_proxy_ndp_addresses_configure(Link *link) {
- IPv6ProxyNDPAddress *ipv6_proxy_ndp_address;
- int r;
-
- assert(link);
-
- /* enable or disable proxy_ndp itself depending on whether ipv6_proxy_ndp_addresses are set or not */
- r = ipv6_proxy_ndp_set(link);
- if (r != 0)
- return r;
+ return log_oom();
+ if (r > 0)
+ TAKE_PTR(address);
- LIST_FOREACH(ipv6_proxy_ndp_addresses, ipv6_proxy_ndp_address, link->network->ipv6_proxy_ndp_addresses) {
- r = ipv6_proxy_ndp_address_configure(link, ipv6_proxy_ndp_address);
- if (r != 0)
- return r;
- }
return 0;
}