]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
a13c50e7 | 2 | /*** |
810adae9 | 3 | Copyright © 2014 Intel Corporation. All rights reserved. |
a13c50e7 TG |
4 | ***/ |
5 | ||
23f53b99 | 6 | #include <arpa/inet.h> |
062c020f | 7 | #include <netinet/icmp6.h> |
b8162cd2 | 8 | #include <net/if_arp.h> |
062c020f | 9 | #include <linux/if.h> |
a13c50e7 | 10 | |
a13c50e7 TG |
11 | #include "sd-ndisc.h" |
12 | ||
d909e4af | 13 | #include "missing_network.h" |
093e3533 | 14 | #include "networkd-address.h" |
ca5ad760 | 15 | #include "networkd-dhcp6.h" |
73854ba1 | 16 | #include "networkd-manager.h" |
1e7a0e21 | 17 | #include "networkd-ndisc.h" |
ac24e418 | 18 | #include "string-table.h" |
5f506a55 | 19 | #include "string-util.h" |
51517f9e | 20 | #include "strv.h" |
1e7a0e21 LP |
21 | |
22 | #define NDISC_DNSSL_MAX 64U | |
23 | #define NDISC_RDNSS_MAX 64U | |
6554550f | 24 | #define NDISC_PREFIX_LFT_MIN 7200U |
fe307276 | 25 | |
5f506a55 SS |
26 | #define DAD_CONFLICTS_IDGEN_RETRIES_RFC7217 3 |
27 | ||
28 | /* https://tools.ietf.org/html/rfc5453 */ | |
29 | /* https://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xml */ | |
30 | ||
31 | #define SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }) | |
32 | #define SUBNET_ROUTER_ANYCAST_PREFIXLEN 8 | |
33 | #define RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x02, 0x00, 0x5E, 0xFF, 0xFE } }) | |
34 | #define RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN 5 | |
35 | #define RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291 ((struct in6_addr) { .s6_addr = { 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } }) | |
36 | #define RESERVED_SUBNET_ANYCAST_PREFIXLEN 7 | |
37 | ||
38 | #define NDISC_APP_ID SD_ID128_MAKE(13,ac,81,a7,d5,3f,49,78,92,79,5d,0c,29,3a,bc,7e) | |
39 | ||
062c020f YW |
40 | bool link_ipv6_accept_ra_enabled(Link *link) { |
41 | assert(link); | |
42 | ||
43 | if (!socket_ipv6_is_supported()) | |
44 | return false; | |
45 | ||
46 | if (link->flags & IFF_LOOPBACK) | |
47 | return false; | |
48 | ||
49 | if (!link->network) | |
50 | return false; | |
51 | ||
52 | if (!link_ipv6ll_enabled(link)) | |
53 | return false; | |
54 | ||
3773eb54 YW |
55 | assert(link->network->ipv6_accept_ra >= 0); |
56 | return link->network->ipv6_accept_ra; | |
57 | } | |
58 | ||
59 | void network_adjust_ipv6_accept_ra(Network *network) { | |
60 | assert(network); | |
61 | ||
62 | if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) { | |
63 | if (network->ipv6_accept_ra > 0) | |
64 | log_warning("%s: IPv6AcceptRA= is enabled but IPv6 link local addressing is disabled or not supported. " | |
65 | "Disabling IPv6AcceptRA=.", network->filename); | |
66 | network->ipv6_accept_ra = false; | |
67 | } | |
68 | ||
69 | if (network->ipv6_accept_ra < 0) | |
062c020f | 70 | /* default to accept RA if ip_forward is disabled and ignore RA if ip_forward is enabled */ |
3773eb54 | 71 | network->ipv6_accept_ra = !FLAGS_SET(network->ip_forward, ADDRESS_FAMILY_IPV6); |
062c020f YW |
72 | } |
73 | ||
50550722 | 74 | static int ndisc_remove_old_one(Link *link, const struct in6_addr *router, bool force); |
69203fba YW |
75 | |
76 | static int ndisc_address_callback(Address *address) { | |
50550722 YW |
77 | struct in6_addr router = {}; |
78 | NDiscAddress *n; | |
69203fba YW |
79 | |
80 | assert(address); | |
81 | assert(address->link); | |
82 | ||
90e74a66 | 83 | SET_FOREACH(n, address->link->ndisc_addresses) |
50550722 YW |
84 | if (n->address == address) { |
85 | router = n->router; | |
86 | break; | |
87 | } | |
88 | ||
89 | if (IN6_IS_ADDR_UNSPECIFIED(&router)) { | |
90 | _cleanup_free_ char *buf = NULL; | |
91 | ||
92 | (void) in_addr_to_string(address->family, &address->in_addr, &buf); | |
93 | log_link_debug(address->link, "%s is called for %s/%u, but it is already removed, ignoring.", | |
94 | __func__, strna(buf), address->prefixlen); | |
95 | return 0; | |
96 | } | |
97 | ||
69203fba | 98 | /* Make this called only once */ |
90e74a66 | 99 | SET_FOREACH(n, address->link->ndisc_addresses) |
50550722 YW |
100 | if (IN6_ARE_ADDR_EQUAL(&n->router, &router)) |
101 | n->address->callback = NULL; | |
69203fba | 102 | |
50550722 | 103 | return ndisc_remove_old_one(address->link, &router, true); |
69203fba YW |
104 | } |
105 | ||
50550722 YW |
106 | static int ndisc_remove_old_one(Link *link, const struct in6_addr *router, bool force) { |
107 | NDiscAddress *na; | |
108 | NDiscRoute *nr; | |
b0b97766 YW |
109 | NDiscDNSSL *dnssl; |
110 | NDiscRDNSS *rdnss; | |
69203fba YW |
111 | int k, r = 0; |
112 | ||
113 | assert(link); | |
50550722 | 114 | assert(router); |
69203fba YW |
115 | |
116 | if (!force) { | |
50550722 | 117 | bool set_callback = false; |
69203fba YW |
118 | |
119 | if (!link->ndisc_addresses_configured || !link->ndisc_routes_configured) | |
120 | return 0; | |
121 | ||
90e74a66 | 122 | SET_FOREACH(na, link->ndisc_addresses) |
50550722 YW |
123 | if (!na->marked && IN6_ARE_ADDR_EQUAL(&na->router, router)) { |
124 | set_callback = true; | |
69203fba YW |
125 | break; |
126 | } | |
127 | ||
50550722 | 128 | if (set_callback) |
90e74a66 | 129 | SET_FOREACH(na, link->ndisc_addresses) |
50550722 YW |
130 | if (!na->marked && address_is_ready(na->address)) { |
131 | set_callback = false; | |
132 | break; | |
133 | } | |
134 | ||
69203fba | 135 | if (set_callback) { |
90e74a66 | 136 | SET_FOREACH(na, link->ndisc_addresses) |
50550722 YW |
137 | if (!na->marked && IN6_ARE_ADDR_EQUAL(&na->router, router)) |
138 | na->address->callback = ndisc_address_callback; | |
139 | ||
140 | if (DEBUG_LOGGING) { | |
141 | _cleanup_free_ char *buf = NULL; | |
142 | ||
143 | (void) in_addr_to_string(AF_INET6, (union in_addr_union *) router, &buf); | |
144 | log_link_debug(link, "No SLAAC address obtained from %s is ready. " | |
145 | "The old NDisc information will be removed later.", | |
146 | strna(buf)); | |
147 | } | |
69203fba YW |
148 | return 0; |
149 | } | |
150 | } | |
151 | ||
50550722 YW |
152 | if (DEBUG_LOGGING) { |
153 | _cleanup_free_ char *buf = NULL; | |
154 | ||
155 | (void) in_addr_to_string(AF_INET6, (union in_addr_union *) router, &buf); | |
156 | log_link_debug(link, "Removing old NDisc information obtained from %s.", strna(buf)); | |
157 | } | |
69203fba YW |
158 | |
159 | link_dirty(link); | |
160 | ||
90e74a66 | 161 | SET_FOREACH(na, link->ndisc_addresses) |
50550722 YW |
162 | if (na->marked && IN6_ARE_ADDR_EQUAL(&na->router, router)) { |
163 | k = address_remove(na->address, link, NULL); | |
164 | if (k < 0) | |
165 | r = k; | |
166 | } | |
69203fba | 167 | |
90e74a66 | 168 | SET_FOREACH(nr, link->ndisc_routes) |
50550722 | 169 | if (nr->marked && IN6_ARE_ADDR_EQUAL(&nr->router, router)) { |
ad208fac | 170 | k = route_remove(nr->route, NULL, link, NULL); |
50550722 YW |
171 | if (k < 0) |
172 | r = k; | |
173 | } | |
69203fba | 174 | |
90e74a66 | 175 | SET_FOREACH(rdnss, link->ndisc_rdnss) |
50550722 | 176 | if (rdnss->marked && IN6_ARE_ADDR_EQUAL(&rdnss->router, router)) |
b0b97766 YW |
177 | free(set_remove(link->ndisc_rdnss, rdnss)); |
178 | ||
90e74a66 | 179 | SET_FOREACH(dnssl, link->ndisc_dnssl) |
50550722 | 180 | if (dnssl->marked && IN6_ARE_ADDR_EQUAL(&dnssl->router, router)) |
b0b97766 YW |
181 | free(set_remove(link->ndisc_dnssl, dnssl)); |
182 | ||
69203fba YW |
183 | return r; |
184 | } | |
185 | ||
50550722 YW |
186 | static int ndisc_remove_old(Link *link) { |
187 | _cleanup_set_free_free_ Set *routers = NULL; | |
188 | _cleanup_free_ struct in6_addr *router = NULL; | |
189 | struct in6_addr *a; | |
190 | NDiscAddress *na; | |
191 | NDiscRoute *nr; | |
192 | NDiscDNSSL *dnssl; | |
193 | NDiscRDNSS *rdnss; | |
50550722 YW |
194 | int k, r; |
195 | ||
196 | assert(link); | |
197 | ||
198 | routers = set_new(&in6_addr_hash_ops); | |
199 | if (!routers) | |
200 | return -ENOMEM; | |
201 | ||
90e74a66 | 202 | SET_FOREACH(na, link->ndisc_addresses) |
50550722 YW |
203 | if (!set_contains(routers, &na->router)) { |
204 | router = newdup(struct in6_addr, &na->router, 1); | |
205 | if (!router) | |
206 | return -ENOMEM; | |
207 | ||
208 | r = set_put(routers, router); | |
209 | if (r < 0) | |
210 | return r; | |
211 | ||
212 | assert(r > 0); | |
213 | TAKE_PTR(router); | |
214 | } | |
215 | ||
90e74a66 | 216 | SET_FOREACH(nr, link->ndisc_routes) |
50550722 YW |
217 | if (!set_contains(routers, &nr->router)) { |
218 | router = newdup(struct in6_addr, &nr->router, 1); | |
219 | if (!router) | |
220 | return -ENOMEM; | |
221 | ||
222 | r = set_put(routers, router); | |
223 | if (r < 0) | |
224 | return r; | |
225 | ||
226 | assert(r > 0); | |
227 | TAKE_PTR(router); | |
228 | } | |
229 | ||
90e74a66 | 230 | SET_FOREACH(rdnss, link->ndisc_rdnss) |
50550722 YW |
231 | if (!set_contains(routers, &rdnss->router)) { |
232 | router = newdup(struct in6_addr, &rdnss->router, 1); | |
233 | if (!router) | |
234 | return -ENOMEM; | |
235 | ||
236 | r = set_put(routers, router); | |
237 | if (r < 0) | |
238 | return r; | |
239 | ||
240 | assert(r > 0); | |
241 | TAKE_PTR(router); | |
242 | } | |
243 | ||
90e74a66 | 244 | SET_FOREACH(dnssl, link->ndisc_dnssl) |
50550722 YW |
245 | if (!set_contains(routers, &dnssl->router)) { |
246 | router = newdup(struct in6_addr, &dnssl->router, 1); | |
247 | if (!router) | |
248 | return -ENOMEM; | |
249 | ||
250 | r = set_put(routers, router); | |
251 | if (r < 0) | |
252 | return r; | |
253 | ||
254 | assert(r > 0); | |
255 | TAKE_PTR(router); | |
256 | } | |
257 | ||
258 | r = 0; | |
90e74a66 | 259 | SET_FOREACH(a, routers) { |
50550722 YW |
260 | k = ndisc_remove_old_one(link, a, false); |
261 | if (k < 0) | |
262 | r = k; | |
263 | } | |
264 | ||
265 | return r; | |
266 | } | |
267 | ||
268 | static void ndisc_route_hash_func(const NDiscRoute *x, struct siphash *state) { | |
269 | route_hash_func(x->route, state); | |
270 | } | |
271 | ||
272 | static int ndisc_route_compare_func(const NDiscRoute *a, const NDiscRoute *b) { | |
273 | return route_compare_func(a->route, b->route); | |
274 | } | |
275 | ||
276 | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( | |
277 | ndisc_route_hash_ops, | |
278 | NDiscRoute, | |
279 | ndisc_route_hash_func, | |
280 | ndisc_route_compare_func, | |
281 | free); | |
282 | ||
d98c546d | 283 | static int ndisc_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { |
3b015d40 TG |
284 | int r; |
285 | ||
286 | assert(link); | |
d98c546d | 287 | assert(link->ndisc_routes_messages > 0); |
3b015d40 | 288 | |
d98c546d | 289 | link->ndisc_routes_messages--; |
3b015d40 | 290 | |
4ff296b0 YW |
291 | if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) |
292 | return 1; | |
293 | ||
3b015d40 | 294 | r = sd_netlink_message_get_errno(m); |
4ff296b0 | 295 | if (r < 0 && r != -EEXIST) { |
d98c546d | 296 | log_link_message_error_errno(link, m, r, "Could not set NDisc route"); |
4ff296b0 YW |
297 | link_enter_failed(link); |
298 | return 1; | |
299 | } | |
3b015d40 | 300 | |
d98c546d YW |
301 | if (link->ndisc_routes_messages == 0) { |
302 | log_link_debug(link, "NDisc routes set."); | |
303 | link->ndisc_routes_configured = true; | |
69203fba | 304 | |
50550722 | 305 | r = ndisc_remove_old(link); |
69203fba YW |
306 | if (r < 0) { |
307 | link_enter_failed(link); | |
308 | return 1; | |
309 | } | |
310 | ||
3b015d40 TG |
311 | link_check_ready(link); |
312 | } | |
313 | ||
314 | return 1; | |
315 | } | |
316 | ||
50550722 YW |
317 | static int ndisc_route_configure(Route *route, Link *link, sd_ndisc_router *rt) { |
318 | _cleanup_free_ NDiscRoute *nr = NULL; | |
319 | NDiscRoute *nr_exist; | |
320 | struct in6_addr router; | |
321 | Route *ret; | |
322 | int r; | |
323 | ||
324 | assert(route); | |
325 | assert(link); | |
326 | assert(rt); | |
327 | ||
328 | r = route_configure(route, link, ndisc_route_handler, &ret); | |
329 | if (r < 0) | |
330 | return log_link_error_errno(link, r, "Failed to set NDisc route: %m"); | |
331 | ||
332 | link->ndisc_routes_messages++; | |
333 | ||
334 | r = sd_ndisc_router_get_address(rt, &router); | |
335 | if (r < 0) | |
336 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); | |
337 | ||
338 | nr = new(NDiscRoute, 1); | |
339 | if (!nr) | |
340 | return log_oom(); | |
341 | ||
342 | *nr = (NDiscRoute) { | |
343 | .router = router, | |
344 | .route = ret, | |
345 | }; | |
346 | ||
347 | nr_exist = set_get(link->ndisc_routes, nr); | |
348 | if (nr_exist) { | |
349 | nr_exist->marked = false; | |
350 | nr_exist->router = router; | |
351 | return 0; | |
352 | } | |
353 | ||
354 | r = set_ensure_put(&link->ndisc_routes, &ndisc_route_hash_ops, nr); | |
355 | if (r < 0) | |
356 | return log_link_error_errno(link, r, "Failed to store NDisc SLAAC route: %m"); | |
357 | assert(r > 0); | |
358 | TAKE_PTR(nr); | |
359 | ||
360 | return 0; | |
361 | } | |
362 | ||
363 | static void ndisc_address_hash_func(const NDiscAddress *x, struct siphash *state) { | |
364 | address_hash_func(x->address, state); | |
365 | } | |
366 | ||
367 | static int ndisc_address_compare_func(const NDiscAddress *a, const NDiscAddress *b) { | |
368 | return address_compare_func(a->address, b->address); | |
369 | } | |
370 | ||
371 | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( | |
372 | ndisc_address_hash_ops, | |
373 | NDiscAddress, | |
374 | ndisc_address_hash_func, | |
375 | ndisc_address_compare_func, | |
376 | free); | |
377 | ||
d98c546d | 378 | static int ndisc_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { |
73854ba1 YW |
379 | int r; |
380 | ||
381 | assert(link); | |
d98c546d | 382 | assert(link->ndisc_addresses_messages > 0); |
73854ba1 | 383 | |
d98c546d | 384 | link->ndisc_addresses_messages--; |
73854ba1 | 385 | |
4ff296b0 YW |
386 | if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) |
387 | return 1; | |
388 | ||
73854ba1 | 389 | r = sd_netlink_message_get_errno(m); |
4ff296b0 | 390 | if (r < 0 && r != -EEXIST) { |
d98c546d | 391 | log_link_message_error_errno(link, m, r, "Could not set NDisc address"); |
4ff296b0 YW |
392 | link_enter_failed(link); |
393 | return 1; | |
394 | } else if (r >= 0) | |
395 | (void) manager_rtnl_process_address(rtnl, m, link->manager); | |
73854ba1 | 396 | |
d98c546d YW |
397 | if (link->ndisc_addresses_messages == 0) { |
398 | log_link_debug(link, "NDisc SLAAC addresses set."); | |
399 | link->ndisc_addresses_configured = true; | |
69203fba | 400 | |
50550722 | 401 | r = ndisc_remove_old(link); |
69203fba YW |
402 | if (r < 0) { |
403 | link_enter_failed(link); | |
404 | return 1; | |
405 | } | |
406 | ||
141318f7 | 407 | r = link_set_routes(link); |
4ff296b0 YW |
408 | if (r < 0) { |
409 | link_enter_failed(link); | |
410 | return 1; | |
411 | } | |
73854ba1 YW |
412 | } |
413 | ||
414 | return 1; | |
415 | } | |
416 | ||
50550722 YW |
417 | static int ndisc_address_configure(Address *address, Link *link, sd_ndisc_router *rt) { |
418 | _cleanup_free_ NDiscAddress *na = NULL; | |
419 | NDiscAddress *na_exist; | |
420 | struct in6_addr router; | |
69203fba YW |
421 | Address *ret; |
422 | int r; | |
423 | ||
424 | assert(address); | |
425 | assert(link); | |
50550722 | 426 | assert(rt); |
69203fba YW |
427 | |
428 | r = address_configure(address, link, ndisc_address_handler, true, &ret); | |
429 | if (r < 0) | |
430 | return log_link_error_errno(link, r, "Failed to set NDisc SLAAC address: %m"); | |
431 | ||
432 | link->ndisc_addresses_messages++; | |
433 | ||
50550722 | 434 | r = sd_ndisc_router_get_address(rt, &router); |
69203fba | 435 | if (r < 0) |
50550722 YW |
436 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); |
437 | ||
438 | na = new(NDiscAddress, 1); | |
439 | if (!na) | |
440 | return log_oom(); | |
69203fba | 441 | |
50550722 YW |
442 | *na = (NDiscAddress) { |
443 | .router = router, | |
444 | .address = ret, | |
445 | }; | |
446 | ||
447 | na_exist = set_get(link->ndisc_addresses, na); | |
448 | if (na_exist) { | |
449 | na_exist->marked = false; | |
450 | na_exist->router = router; | |
451 | return 0; | |
452 | } | |
453 | ||
454 | r = set_ensure_put(&link->ndisc_addresses, &ndisc_address_hash_ops, na); | |
455 | if (r < 0) | |
456 | return log_link_error_errno(link, r, "Failed to store NDisc SLAAC address: %m"); | |
457 | assert(r > 0); | |
458 | TAKE_PTR(na); | |
69203fba YW |
459 | |
460 | return 0; | |
461 | } | |
462 | ||
d5017c84 | 463 | static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { |
8e766630 | 464 | _cleanup_(route_freep) Route *route = NULL; |
ce2ea782 | 465 | union in_addr_union gateway; |
1e7a0e21 LP |
466 | uint16_t lifetime; |
467 | unsigned preference; | |
c27abcf4 | 468 | uint32_t table, mtu; |
3b015d40 | 469 | usec_t time_now; |
13e8a49a | 470 | int r; |
3b015d40 | 471 | |
3b015d40 | 472 | assert(link); |
1e7a0e21 | 473 | assert(rt); |
3b015d40 | 474 | |
1e7a0e21 | 475 | r = sd_ndisc_router_get_lifetime(rt, &lifetime); |
d5017c84 | 476 | if (r < 0) |
13e8a49a | 477 | return log_link_error_errno(link, r, "Failed to get gateway lifetime from RA: %m"); |
d5017c84 | 478 | |
1e7a0e21 | 479 | if (lifetime == 0) /* not a default router */ |
d5017c84 | 480 | return 0; |
1e7a0e21 | 481 | |
ce2ea782 | 482 | r = sd_ndisc_router_get_address(rt, &gateway.in6); |
d5017c84 | 483 | if (r < 0) |
13e8a49a | 484 | return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m"); |
1e7a0e21 | 485 | |
5eec0a08 YW |
486 | if (address_exists(link, AF_INET6, &gateway)) { |
487 | if (DEBUG_LOGGING) { | |
488 | _cleanup_free_ char *buffer = NULL; | |
6d7c7615 | 489 | |
5eec0a08 YW |
490 | (void) in_addr_to_string(AF_INET6, &gateway, &buffer); |
491 | log_link_debug(link, "No NDisc route added, gateway %s matches local address", | |
492 | strnull(buffer)); | |
6d7c7615 | 493 | } |
5eec0a08 | 494 | return 0; |
ce2ea782 | 495 | } |
6d7c7615 | 496 | |
1e7a0e21 | 497 | r = sd_ndisc_router_get_preference(rt, &preference); |
d5017c84 | 498 | if (r < 0) |
13e8a49a | 499 | return log_link_error_errno(link, r, "Failed to get default router preference from RA: %m"); |
1e7a0e21 LP |
500 | |
501 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); | |
d5017c84 | 502 | if (r < 0) |
13e8a49a | 503 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
1e7a0e21 | 504 | |
d6fceaf1 | 505 | r = sd_ndisc_router_get_mtu(rt, &mtu); |
29b5ad08 JT |
506 | if (r == -ENODATA) |
507 | mtu = 0; | |
d5017c84 | 508 | else if (r < 0) |
13e8a49a | 509 | return log_link_error_errno(link, r, "Failed to get default router MTU from RA: %m"); |
d6fceaf1 | 510 | |
c27abcf4 YW |
511 | table = link_get_ipv6_accept_ra_route_table(link); |
512 | ||
1e7a0e21 | 513 | r = route_new(&route); |
d5017c84 | 514 | if (r < 0) |
13e8a49a | 515 | return log_oom(); |
1e7a0e21 LP |
516 | |
517 | route->family = AF_INET6; | |
c27abcf4 | 518 | route->table = table; |
1bf1bfd9 | 519 | route->priority = link->network->dhcp6_route_metric; |
1e7a0e21 LP |
520 | route->protocol = RTPROT_RA; |
521 | route->pref = preference; | |
6dd53981 | 522 | route->gw_family = AF_INET6; |
ce2ea782 | 523 | route->gw = gateway; |
1e7a0e21 | 524 | route->lifetime = time_now + lifetime * USEC_PER_SEC; |
d6fceaf1 | 525 | route->mtu = mtu; |
1e7a0e21 | 526 | |
50550722 | 527 | r = ndisc_route_configure(route, link, rt); |
13e8a49a YW |
528 | if (r < 0) |
529 | return log_link_error_errno(link, r, "Could not set default route: %m"); | |
d5017c84 | 530 | |
1985c54f | 531 | Route *route_gw; |
2a54a044 | 532 | HASHMAP_FOREACH(route_gw, link->network->routes_by_section) { |
1a3a6309 | 533 | if (!route_gw->gateway_from_dhcp_or_ra) |
1985c54f YW |
534 | continue; |
535 | ||
5bb80a46 | 536 | if (route_gw->gw_family != AF_INET6) |
1985c54f YW |
537 | continue; |
538 | ||
539 | route_gw->gw = gateway; | |
c27abcf4 YW |
540 | if (!route_gw->table_set) |
541 | route_gw->table = table; | |
542 | if (!route_gw->priority_set) | |
543 | route_gw->priority = link->network->dhcp6_route_metric; | |
544 | if (!route_gw->protocol_set) | |
545 | route_gw->protocol = RTPROT_RA; | |
546 | if (!route_gw->pref_set) | |
547 | route->pref = preference; | |
548 | route_gw->lifetime = time_now + lifetime * USEC_PER_SEC; | |
549 | if (route_gw->mtu == 0) | |
550 | route_gw->mtu = mtu; | |
1985c54f | 551 | |
50550722 | 552 | r = ndisc_route_configure(route_gw, link, rt); |
13e8a49a YW |
553 | if (r < 0) |
554 | return log_link_error_errno(link, r, "Could not set gateway: %m"); | |
1985c54f YW |
555 | } |
556 | ||
d5017c84 | 557 | return 0; |
1e7a0e21 LP |
558 | } |
559 | ||
92ee90af YW |
560 | static bool stableprivate_address_is_valid(const struct in6_addr *addr) { |
561 | assert(addr); | |
562 | ||
563 | /* According to rfc4291, generated address should not be in the following ranges. */ | |
564 | ||
565 | if (memcmp(addr, &SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291, SUBNET_ROUTER_ANYCAST_PREFIXLEN) == 0) | |
566 | return false; | |
567 | ||
568 | if (memcmp(addr, &RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291, RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN) == 0) | |
569 | return false; | |
570 | ||
571 | if (memcmp(addr, &RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291, RESERVED_SUBNET_ANYCAST_PREFIXLEN) == 0) | |
572 | return false; | |
573 | ||
574 | return true; | |
575 | } | |
576 | ||
577 | static int make_stableprivate_address(Link *link, const struct in6_addr *prefix, uint8_t prefix_len, uint8_t dad_counter, struct in6_addr **ret) { | |
578 | _cleanup_free_ struct in6_addr *addr = NULL; | |
579 | sd_id128_t secret_key; | |
580 | struct siphash state; | |
581 | uint64_t rid; | |
582 | size_t l; | |
583 | int r; | |
584 | ||
585 | /* According to rfc7217 section 5.1 | |
586 | * RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) */ | |
587 | ||
588 | r = sd_id128_get_machine_app_specific(NDISC_APP_ID, &secret_key); | |
589 | if (r < 0) | |
590 | return log_error_errno(r, "Failed to generate key: %m"); | |
591 | ||
592 | siphash24_init(&state, secret_key.bytes); | |
593 | ||
594 | l = MAX(DIV_ROUND_UP(prefix_len, 8), 8); | |
595 | siphash24_compress(prefix, l, &state); | |
596 | siphash24_compress_string(link->ifname, &state); | |
b8162cd2 TR |
597 | /* Only last 8 bytes of IB MAC are stable */ |
598 | if (link->iftype == ARPHRD_INFINIBAND) | |
599 | siphash24_compress(&link->hw_addr.addr.infiniband[12], 8, &state); | |
600 | else | |
601 | siphash24_compress(link->hw_addr.addr.bytes, link->hw_addr.length, &state); | |
92ee90af YW |
602 | siphash24_compress(&dad_counter, sizeof(uint8_t), &state); |
603 | ||
604 | rid = htole64(siphash24_finalize(&state)); | |
605 | ||
606 | addr = new(struct in6_addr, 1); | |
607 | if (!addr) | |
608 | return log_oom(); | |
609 | ||
610 | memcpy(addr->s6_addr, prefix->s6_addr, l); | |
611 | memcpy(addr->s6_addr + l, &rid, 16 - l); | |
612 | ||
613 | if (!stableprivate_address_is_valid(addr)) { | |
614 | *ret = NULL; | |
615 | return 0; | |
616 | } | |
617 | ||
618 | *ret = TAKE_PTR(addr); | |
619 | return 1; | |
620 | } | |
621 | ||
622 | static int ndisc_router_generate_addresses(Link *link, struct in6_addr *address, uint8_t prefixlen, Set **ret) { | |
c24c83dc | 623 | _cleanup_set_free_free_ Set *addresses = NULL; |
5f506a55 | 624 | IPv6Token *j; |
5f506a55 SS |
625 | int r; |
626 | ||
5f506a55 | 627 | assert(link); |
c24c83dc KF |
628 | assert(address); |
629 | assert(ret); | |
630 | ||
92ee90af | 631 | addresses = set_new(&in6_addr_hash_ops); |
c24c83dc KF |
632 | if (!addresses) |
633 | return log_oom(); | |
5f506a55 | 634 | |
90e74a66 | 635 | ORDERED_SET_FOREACH(j, link->network->ipv6_tokens) { |
92ee90af | 636 | _cleanup_free_ struct in6_addr *new_address = NULL; |
c24c83dc | 637 | |
5f506a55 | 638 | if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE |
b27caa34 | 639 | && (IN6_IS_ADDR_UNSPECIFIED(&j->prefix) || IN6_ARE_ADDR_EQUAL(&j->prefix, address))) { |
0ddad04e KF |
640 | /* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop |
641 | does not actually attempt Duplicate Address Detection; the counter will be incremented | |
642 | only when the address generation algorithm produces an invalid address, and the loop | |
643 | may exit with an address which ends up being unusable due to duplication on the link. | |
644 | */ | |
5f506a55 | 645 | for (; j->dad_counter < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; j->dad_counter++) { |
b27caa34 | 646 | r = make_stableprivate_address(link, address, prefixlen, j->dad_counter, &new_address); |
5f506a55 | 647 | if (r < 0) |
92ee90af YW |
648 | return r; |
649 | if (r > 0) | |
c24c83dc | 650 | break; |
5f506a55 | 651 | } |
e2c4070e | 652 | } else if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC) { |
92ee90af YW |
653 | new_address = new(struct in6_addr, 1); |
654 | if (!new_address) | |
655 | return log_oom(); | |
5f506a55 | 656 | |
92ee90af YW |
657 | memcpy(new_address->s6_addr, address->s6_addr, 8); |
658 | memcpy(new_address->s6_addr + 8, j->prefix.s6_addr + 8, 8); | |
659 | } | |
c24c83dc | 660 | |
92ee90af | 661 | if (new_address) { |
c24c83dc KF |
662 | r = set_put(addresses, new_address); |
663 | if (r < 0) | |
13e8a49a | 664 | return log_link_error_errno(link, r, "Failed to store SLAAC address: %m"); |
92ee90af YW |
665 | else if (r == 0) |
666 | log_link_debug_errno(link, r, "Generated SLAAC address is duplicated, ignoring."); | |
667 | else | |
668 | TAKE_PTR(new_address); | |
c24c83dc KF |
669 | } |
670 | } | |
671 | ||
672 | /* fall back to EUI-64 if no tokens provided addresses */ | |
673 | if (set_isempty(addresses)) { | |
92ee90af | 674 | _cleanup_free_ struct in6_addr *new_address = NULL; |
c24c83dc | 675 | |
92ee90af YW |
676 | new_address = newdup(struct in6_addr, address, 1); |
677 | if (!new_address) | |
c24c83dc KF |
678 | return log_oom(); |
679 | ||
92ee90af | 680 | r = generate_ipv6_eui_64_address(link, new_address); |
a781ddef SS |
681 | if (r < 0) |
682 | return log_link_error_errno(link, r, "Failed to generate EUI64 address: %m"); | |
683 | ||
c24c83dc KF |
684 | r = set_put(addresses, new_address); |
685 | if (r < 0) | |
13e8a49a | 686 | return log_link_error_errno(link, r, "Failed to store SLAAC address: %m"); |
92ee90af | 687 | |
c24c83dc | 688 | TAKE_PTR(new_address); |
5f506a55 SS |
689 | } |
690 | ||
c24c83dc | 691 | *ret = TAKE_PTR(addresses); |
5f506a55 SS |
692 | |
693 | return 0; | |
694 | } | |
c24c83dc | 695 | |
d5017c84 | 696 | static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) { |
5f506a55 | 697 | uint32_t lifetime_valid, lifetime_preferred, lifetime_remaining; |
c24c83dc | 698 | _cleanup_set_free_free_ Set *addresses = NULL; |
8e766630 | 699 | _cleanup_(address_freep) Address *address = NULL; |
92ee90af | 700 | struct in6_addr addr, *a; |
1e7a0e21 | 701 | unsigned prefixlen; |
5f506a55 | 702 | usec_t time_now; |
1e7a0e21 LP |
703 | int r; |
704 | ||
705 | assert(link); | |
706 | assert(rt); | |
707 | ||
6554550f | 708 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); |
d5017c84 | 709 | if (r < 0) |
13e8a49a | 710 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
6554550f | 711 | |
1e7a0e21 | 712 | r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen); |
d5017c84 YW |
713 | if (r < 0) |
714 | return log_link_error_errno(link, r, "Failed to get prefix length: %m"); | |
1e7a0e21 LP |
715 | |
716 | r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid); | |
d5017c84 YW |
717 | if (r < 0) |
718 | return log_link_error_errno(link, r, "Failed to get prefix valid lifetime: %m"); | |
1e7a0e21 LP |
719 | |
720 | r = sd_ndisc_router_prefix_get_preferred_lifetime(rt, &lifetime_preferred); | |
d5017c84 YW |
721 | if (r < 0) |
722 | return log_link_error_errno(link, r, "Failed to get prefix preferred lifetime: %m"); | |
3b015d40 | 723 | |
92bdc3ff SS |
724 | /* The preferred lifetime is never greater than the valid lifetime */ |
725 | if (lifetime_preferred > lifetime_valid) | |
d5017c84 | 726 | return 0; |
92bdc3ff | 727 | |
92ee90af | 728 | r = sd_ndisc_router_prefix_get_address(rt, &addr); |
d5017c84 YW |
729 | if (r < 0) |
730 | return log_link_error_errno(link, r, "Failed to get prefix address: %m"); | |
1e7a0e21 | 731 | |
92ee90af | 732 | r = ndisc_router_generate_addresses(link, &addr, prefixlen, &addresses); |
5f506a55 | 733 | if (r < 0) |
13e8a49a | 734 | return r; |
c24c83dc | 735 | |
92ee90af YW |
736 | r = address_new(&address); |
737 | if (r < 0) | |
738 | return log_oom(); | |
739 | ||
740 | address->family = AF_INET6; | |
741 | address->prefixlen = prefixlen; | |
742 | address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR; | |
743 | address->cinfo.ifa_prefered = lifetime_preferred; | |
744 | ||
90e74a66 | 745 | SET_FOREACH(a, addresses) { |
13e8a49a YW |
746 | Address *existing_address; |
747 | ||
fe841414 YW |
748 | address->in_addr.in6 = *a; |
749 | ||
c24c83dc | 750 | /* see RFC4862 section 5.5.3.e */ |
fe841414 | 751 | r = address_get(link, address, &existing_address); |
c24c83dc KF |
752 | if (r > 0) { |
753 | lifetime_remaining = existing_address->cinfo.tstamp / 100 + existing_address->cinfo.ifa_valid - time_now / USEC_PER_SEC; | |
754 | if (lifetime_valid > NDISC_PREFIX_LFT_MIN || lifetime_valid > lifetime_remaining) | |
92ee90af | 755 | address->cinfo.ifa_valid = lifetime_valid; |
c24c83dc | 756 | else if (lifetime_remaining <= NDISC_PREFIX_LFT_MIN) |
92ee90af | 757 | address->cinfo.ifa_valid = lifetime_remaining; |
c24c83dc | 758 | else |
92ee90af | 759 | address->cinfo.ifa_valid = NDISC_PREFIX_LFT_MIN; |
c24c83dc | 760 | } else if (lifetime_valid > 0) |
92ee90af | 761 | address->cinfo.ifa_valid = lifetime_valid; |
6554550f | 762 | else |
01c344bd | 763 | continue; /* see RFC4862 section 5.5.3.d */ |
6554550f | 764 | |
92ee90af | 765 | if (address->cinfo.ifa_valid == 0) |
c24c83dc | 766 | continue; |
3b015d40 | 767 | |
50550722 | 768 | r = ndisc_address_configure(address, link, rt); |
13e8a49a YW |
769 | if (r < 0) |
770 | return log_link_error_errno(link, r, "Could not set SLAAC address: %m"); | |
3b015d40 | 771 | } |
d5017c84 YW |
772 | |
773 | return 0; | |
3b015d40 TG |
774 | } |
775 | ||
d5017c84 | 776 | static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) { |
8e766630 | 777 | _cleanup_(route_freep) Route *route = NULL; |
3b015d40 | 778 | usec_t time_now; |
1e7a0e21 LP |
779 | uint32_t lifetime; |
780 | unsigned prefixlen; | |
3b015d40 TG |
781 | int r; |
782 | ||
3b015d40 | 783 | assert(link); |
1e7a0e21 | 784 | assert(rt); |
3b015d40 | 785 | |
1e7a0e21 | 786 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); |
d5017c84 | 787 | if (r < 0) |
13e8a49a | 788 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
1e7a0e21 LP |
789 | |
790 | r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen); | |
d5017c84 YW |
791 | if (r < 0) |
792 | return log_link_error_errno(link, r, "Failed to get prefix length: %m"); | |
1e7a0e21 LP |
793 | |
794 | r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime); | |
d5017c84 YW |
795 | if (r < 0) |
796 | return log_link_error_errno(link, r, "Failed to get prefix lifetime: %m"); | |
3b015d40 TG |
797 | |
798 | r = route_new(&route); | |
d5017c84 | 799 | if (r < 0) |
13e8a49a | 800 | return log_oom(); |
3b015d40 | 801 | |
3b015d40 | 802 | route->family = AF_INET6; |
bdb9f580 | 803 | route->table = link_get_ipv6_accept_ra_route_table(link); |
1bf1bfd9 | 804 | route->priority = link->network->dhcp6_route_metric; |
3b015d40 TG |
805 | route->protocol = RTPROT_RA; |
806 | route->flags = RTM_F_PREFIX; | |
3b015d40 TG |
807 | route->dst_prefixlen = prefixlen; |
808 | route->lifetime = time_now + lifetime * USEC_PER_SEC; | |
809 | ||
1e7a0e21 | 810 | r = sd_ndisc_router_prefix_get_address(rt, &route->dst.in6); |
d5017c84 YW |
811 | if (r < 0) |
812 | return log_link_error_errno(link, r, "Failed to get prefix address: %m"); | |
1e7a0e21 | 813 | |
50550722 | 814 | r = ndisc_route_configure(route, link, rt); |
13e8a49a YW |
815 | if (r < 0) |
816 | return log_link_error_errno(link, r, "Could not set prefix route: %m");; | |
d5017c84 YW |
817 | |
818 | return 0; | |
3b015d40 TG |
819 | } |
820 | ||
d5017c84 | 821 | static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) { |
8e766630 | 822 | _cleanup_(route_freep) Route *route = NULL; |
1e7a0e21 LP |
823 | struct in6_addr gateway; |
824 | uint32_t lifetime; | |
825 | unsigned preference, prefixlen; | |
fe307276 | 826 | usec_t time_now; |
7a695d8e | 827 | int r; |
a13c50e7 TG |
828 | |
829 | assert(link); | |
a13c50e7 | 830 | |
1e7a0e21 | 831 | r = sd_ndisc_router_route_get_lifetime(rt, &lifetime); |
d5017c84 | 832 | if (r < 0) |
13e8a49a | 833 | return log_link_error_errno(link, r, "Failed to get gateway lifetime from RA: %m"); |
d5017c84 | 834 | |
1e7a0e21 | 835 | if (lifetime == 0) |
d5017c84 | 836 | return 0; |
a13c50e7 | 837 | |
1e7a0e21 | 838 | r = sd_ndisc_router_get_address(rt, &gateway); |
d5017c84 | 839 | if (r < 0) |
13e8a49a | 840 | return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m"); |
3b015d40 | 841 | |
1e7a0e21 | 842 | r = sd_ndisc_router_route_get_prefixlen(rt, &prefixlen); |
d5017c84 | 843 | if (r < 0) |
13e8a49a | 844 | return log_link_error_errno(link, r, "Failed to get route prefix length: %m"); |
1e7a0e21 LP |
845 | |
846 | r = sd_ndisc_router_route_get_preference(rt, &preference); | |
d5017c84 | 847 | if (r < 0) |
13e8a49a | 848 | return log_link_error_errno(link, r, "Failed to get default router preference from RA: %m"); |
1e7a0e21 LP |
849 | |
850 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); | |
d5017c84 | 851 | if (r < 0) |
13e8a49a | 852 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
3b015d40 TG |
853 | |
854 | r = route_new(&route); | |
d5017c84 | 855 | if (r < 0) |
13e8a49a | 856 | return log_oom(); |
3b015d40 | 857 | |
3b015d40 | 858 | route->family = AF_INET6; |
bdb9f580 | 859 | route->table = link_get_ipv6_accept_ra_route_table(link); |
1bf1bfd9 | 860 | route->priority = link->network->dhcp6_route_metric; |
3b015d40 | 861 | route->protocol = RTPROT_RA; |
1e7a0e21 LP |
862 | route->pref = preference; |
863 | route->gw.in6 = gateway; | |
6dd53981 | 864 | route->gw_family = AF_INET6; |
1e7a0e21 | 865 | route->dst_prefixlen = prefixlen; |
3b015d40 TG |
866 | route->lifetime = time_now + lifetime * USEC_PER_SEC; |
867 | ||
1e7a0e21 | 868 | r = sd_ndisc_router_route_get_address(rt, &route->dst.in6); |
d5017c84 YW |
869 | if (r < 0) |
870 | return log_link_error_errno(link, r, "Failed to get route address: %m"); | |
1e7a0e21 | 871 | |
50550722 | 872 | r = ndisc_route_configure(route, link, rt); |
13e8a49a YW |
873 | if (r < 0) |
874 | return log_link_error_errno(link, r, "Could not set additional route: %m"); | |
d5017c84 YW |
875 | |
876 | return 0; | |
9d96e6c3 | 877 | } |
a13c50e7 | 878 | |
7a08d314 | 879 | static void ndisc_rdnss_hash_func(const NDiscRDNSS *x, struct siphash *state) { |
1e7a0e21 LP |
880 | siphash24_compress(&x->address, sizeof(x->address), state); |
881 | } | |
882 | ||
7a08d314 | 883 | static int ndisc_rdnss_compare_func(const NDiscRDNSS *a, const NDiscRDNSS *b) { |
1e7a0e21 LP |
884 | return memcmp(&a->address, &b->address, sizeof(a->address)); |
885 | } | |
886 | ||
b0b97766 YW |
887 | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( |
888 | ndisc_rdnss_hash_ops, | |
889 | NDiscRDNSS, | |
890 | ndisc_rdnss_hash_func, | |
891 | ndisc_rdnss_compare_func, | |
892 | free); | |
1e7a0e21 | 893 | |
d5017c84 | 894 | static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) { |
1e7a0e21 LP |
895 | uint32_t lifetime; |
896 | const struct in6_addr *a; | |
50550722 | 897 | struct in6_addr router; |
b0b97766 | 898 | NDiscRDNSS *rdnss; |
1e7a0e21 | 899 | usec_t time_now; |
13e8a49a | 900 | int n, r; |
1e7a0e21 LP |
901 | |
902 | assert(link); | |
903 | assert(rt); | |
904 | ||
50550722 YW |
905 | r = sd_ndisc_router_get_address(rt, &router); |
906 | if (r < 0) | |
907 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); | |
908 | ||
1e7a0e21 | 909 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); |
d5017c84 | 910 | if (r < 0) |
13e8a49a | 911 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); |
1e7a0e21 LP |
912 | |
913 | r = sd_ndisc_router_rdnss_get_lifetime(rt, &lifetime); | |
d5017c84 | 914 | if (r < 0) |
13e8a49a | 915 | return log_link_error_errno(link, r, "Failed to get RDNSS lifetime: %m"); |
1e7a0e21 LP |
916 | |
917 | n = sd_ndisc_router_rdnss_get_addresses(rt, &a); | |
d5017c84 | 918 | if (n < 0) |
13e8a49a | 919 | return log_link_error_errno(link, n, "Failed to get RDNSS addresses: %m"); |
1e7a0e21 | 920 | |
90e74a66 | 921 | SET_FOREACH(rdnss, link->ndisc_rdnss) |
50550722 YW |
922 | if (IN6_ARE_ADDR_EQUAL(&rdnss->router, &router)) |
923 | rdnss->marked = true; | |
1e7a0e21 | 924 | |
b0b97766 YW |
925 | if (lifetime == 0) |
926 | return 0; | |
1e7a0e21 | 927 | |
b0b97766 YW |
928 | if (n >= (int) NDISC_RDNSS_MAX) { |
929 | log_link_warning(link, "Too many RDNSS records per link. Only first %i records will be used.", NDISC_RDNSS_MAX); | |
930 | n = NDISC_RDNSS_MAX; | |
931 | } | |
1e7a0e21 | 932 | |
b0b97766 YW |
933 | for (int j = 0; j < n; j++) { |
934 | _cleanup_free_ NDiscRDNSS *x = NULL; | |
935 | NDiscRDNSS d = { | |
936 | .address = a[j], | |
937 | }; | |
1e7a0e21 | 938 | |
b0b97766 YW |
939 | rdnss = set_get(link->ndisc_rdnss, &d); |
940 | if (rdnss) { | |
941 | rdnss->marked = false; | |
50550722 | 942 | rdnss->router = router; |
b0b97766 | 943 | rdnss->valid_until = time_now + lifetime * USEC_PER_SEC; |
1e7a0e21 LP |
944 | continue; |
945 | } | |
946 | ||
d5017c84 YW |
947 | x = new(NDiscRDNSS, 1); |
948 | if (!x) | |
949 | return log_oom(); | |
1e7a0e21 | 950 | |
d5017c84 | 951 | *x = (NDiscRDNSS) { |
b0b97766 | 952 | .address = a[j], |
50550722 | 953 | .router = router, |
d5017c84 YW |
954 | .valid_until = time_now + lifetime * USEC_PER_SEC, |
955 | }; | |
1e7a0e21 | 956 | |
35e601d4 | 957 | r = set_ensure_consume(&link->ndisc_rdnss, &ndisc_rdnss_hash_ops, TAKE_PTR(x)); |
d5017c84 YW |
958 | if (r < 0) |
959 | return log_oom(); | |
1e7a0e21 | 960 | assert(r > 0); |
1e7a0e21 | 961 | } |
d5017c84 YW |
962 | |
963 | return 0; | |
1e7a0e21 LP |
964 | } |
965 | ||
7a08d314 | 966 | static void ndisc_dnssl_hash_func(const NDiscDNSSL *x, struct siphash *state) { |
f281fc1e | 967 | siphash24_compress_string(NDISC_DNSSL_DOMAIN(x), state); |
1e7a0e21 LP |
968 | } |
969 | ||
7a08d314 | 970 | static int ndisc_dnssl_compare_func(const NDiscDNSSL *a, const NDiscDNSSL *b) { |
1e7a0e21 LP |
971 | return strcmp(NDISC_DNSSL_DOMAIN(a), NDISC_DNSSL_DOMAIN(b)); |
972 | } | |
973 | ||
b0b97766 YW |
974 | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( |
975 | ndisc_dnssl_hash_ops, | |
976 | NDiscDNSSL, | |
977 | ndisc_dnssl_hash_func, | |
978 | ndisc_dnssl_compare_func, | |
979 | free); | |
1e7a0e21 | 980 | |
13e8a49a | 981 | static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) { |
1e7a0e21 | 982 | _cleanup_strv_free_ char **l = NULL; |
50550722 | 983 | struct in6_addr router; |
1e7a0e21 LP |
984 | uint32_t lifetime; |
985 | usec_t time_now; | |
b0b97766 | 986 | NDiscDNSSL *dnssl; |
b0b97766 | 987 | char **j; |
1e7a0e21 LP |
988 | int r; |
989 | ||
990 | assert(link); | |
991 | assert(rt); | |
992 | ||
50550722 YW |
993 | r = sd_ndisc_router_get_address(rt, &router); |
994 | if (r < 0) | |
995 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); | |
996 | ||
1e7a0e21 | 997 | r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); |
13e8a49a YW |
998 | if (r < 0) |
999 | return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); | |
1e7a0e21 LP |
1000 | |
1001 | r = sd_ndisc_router_dnssl_get_lifetime(rt, &lifetime); | |
13e8a49a YW |
1002 | if (r < 0) |
1003 | return log_link_error_errno(link, r, "Failed to get DNSSL lifetime: %m"); | |
1e7a0e21 LP |
1004 | |
1005 | r = sd_ndisc_router_dnssl_get_domains(rt, &l); | |
13e8a49a YW |
1006 | if (r < 0) |
1007 | return log_link_error_errno(link, r, "Failed to get DNSSL addresses: %m"); | |
1e7a0e21 | 1008 | |
90e74a66 | 1009 | SET_FOREACH(dnssl, link->ndisc_dnssl) |
50550722 YW |
1010 | if (IN6_ARE_ADDR_EQUAL(&dnssl->router, &router)) |
1011 | dnssl->marked = true; | |
1e7a0e21 | 1012 | |
b0b97766 YW |
1013 | if (lifetime == 0) |
1014 | return 0; | |
a34349e7 | 1015 | |
b0b97766 YW |
1016 | if (strv_length(l) >= NDISC_DNSSL_MAX) { |
1017 | log_link_warning(link, "Too many DNSSL records per link. Only first %i records will be used.", NDISC_DNSSL_MAX); | |
1018 | STRV_FOREACH(j, l + NDISC_DNSSL_MAX) | |
1019 | *j = mfree(*j); | |
1020 | } | |
1e7a0e21 | 1021 | |
b0b97766 YW |
1022 | STRV_FOREACH(j, l) { |
1023 | _cleanup_free_ NDiscDNSSL *s = NULL; | |
1e7a0e21 | 1024 | |
b0b97766 YW |
1025 | s = malloc0(ALIGN(sizeof(NDiscDNSSL)) + strlen(*j) + 1); |
1026 | if (!s) | |
1027 | return log_oom(); | |
1e7a0e21 | 1028 | |
b0b97766 | 1029 | strcpy(NDISC_DNSSL_DOMAIN(s), *j); |
1e7a0e21 | 1030 | |
b0b97766 YW |
1031 | dnssl = set_get(link->ndisc_dnssl, s); |
1032 | if (dnssl) { | |
1033 | dnssl->marked = false; | |
50550722 | 1034 | dnssl->router = router; |
b0b97766 | 1035 | dnssl->valid_until = time_now + lifetime * USEC_PER_SEC; |
1e7a0e21 LP |
1036 | continue; |
1037 | } | |
1038 | ||
50550722 | 1039 | s->router = router; |
a34349e7 | 1040 | s->valid_until = time_now + lifetime * USEC_PER_SEC; |
1e7a0e21 | 1041 | |
35e601d4 | 1042 | r = set_ensure_consume(&link->ndisc_dnssl, &ndisc_dnssl_hash_ops, TAKE_PTR(s)); |
13e8a49a YW |
1043 | if (r < 0) |
1044 | return log_oom(); | |
1e7a0e21 | 1045 | assert(r > 0); |
1e7a0e21 | 1046 | } |
13e8a49a YW |
1047 | |
1048 | return 0; | |
1e7a0e21 LP |
1049 | } |
1050 | ||
e8c9b5b0 | 1051 | static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) { |
1e7a0e21 | 1052 | assert(link); |
55d3fdcf | 1053 | assert(link->network); |
1e7a0e21 LP |
1054 | assert(rt); |
1055 | ||
13e8a49a | 1056 | for (int r = sd_ndisc_router_option_rewind(rt); ; r = sd_ndisc_router_option_next(rt)) { |
1e7a0e21 LP |
1057 | uint8_t type; |
1058 | ||
e8c9b5b0 | 1059 | if (r < 0) |
13e8a49a | 1060 | return log_link_error_errno(link, r, "Failed to iterate through options: %m"); |
1e7a0e21 | 1061 | if (r == 0) /* EOF */ |
13e8a49a | 1062 | return 0; |
1e7a0e21 LP |
1063 | |
1064 | r = sd_ndisc_router_option_get_type(rt, &type); | |
e8c9b5b0 | 1065 | if (r < 0) |
13e8a49a | 1066 | return log_link_error_errno(link, r, "Failed to get RA option type: %m"); |
1e7a0e21 LP |
1067 | |
1068 | switch (type) { | |
1069 | ||
1070 | case SD_NDISC_OPTION_PREFIX_INFORMATION: { | |
55d3fdcf | 1071 | union in_addr_union a; |
1e7a0e21 LP |
1072 | uint8_t flags; |
1073 | ||
55d3fdcf YW |
1074 | r = sd_ndisc_router_prefix_get_address(rt, &a.in6); |
1075 | if (r < 0) | |
1076 | return log_link_error_errno(link, r, "Failed to get prefix address: %m"); | |
1077 | ||
6b000af4 | 1078 | if (set_contains(link->network->ndisc_deny_listed_prefix, &a.in6)) { |
55d3fdcf YW |
1079 | if (DEBUG_LOGGING) { |
1080 | _cleanup_free_ char *b = NULL; | |
1081 | ||
1082 | (void) in_addr_to_string(AF_INET6, &a, &b); | |
6b000af4 | 1083 | log_link_debug(link, "Prefix '%s' is deny-listed, ignoring", strna(b)); |
55d3fdcf | 1084 | } |
55d3fdcf YW |
1085 | break; |
1086 | } | |
1087 | ||
1e7a0e21 | 1088 | r = sd_ndisc_router_prefix_get_flags(rt, &flags); |
e8c9b5b0 | 1089 | if (r < 0) |
13e8a49a | 1090 | return log_link_error_errno(link, r, "Failed to get RA prefix flags: %m"); |
1e7a0e21 | 1091 | |
87d8a4de | 1092 | if (link->network->ipv6_accept_ra_use_onlink_prefix && |
13e8a49a YW |
1093 | FLAGS_SET(flags, ND_OPT_PI_FLAG_ONLINK)) { |
1094 | r = ndisc_router_process_onlink_prefix(link, rt); | |
1095 | if (r < 0) | |
1096 | return r; | |
1097 | } | |
062c2eea | 1098 | |
87d8a4de | 1099 | if (link->network->ipv6_accept_ra_use_autonomous_prefix && |
13e8a49a YW |
1100 | FLAGS_SET(flags, ND_OPT_PI_FLAG_AUTO)) { |
1101 | r = ndisc_router_process_autonomous_prefix(link, rt); | |
1102 | if (r < 0) | |
1103 | return r; | |
1104 | } | |
1e7a0e21 LP |
1105 | break; |
1106 | } | |
1107 | ||
1108 | case SD_NDISC_OPTION_ROUTE_INFORMATION: | |
13e8a49a YW |
1109 | r = ndisc_router_process_route(link, rt); |
1110 | if (r < 0) | |
1111 | return r; | |
1e7a0e21 LP |
1112 | break; |
1113 | ||
1114 | case SD_NDISC_OPTION_RDNSS: | |
13e8a49a YW |
1115 | if (link->network->ipv6_accept_ra_use_dns) { |
1116 | r = ndisc_router_process_rdnss(link, rt); | |
1117 | if (r < 0) | |
1118 | return r; | |
1119 | } | |
1e7a0e21 LP |
1120 | break; |
1121 | ||
1122 | case SD_NDISC_OPTION_DNSSL: | |
13e8a49a YW |
1123 | if (link->network->ipv6_accept_ra_use_dns) { |
1124 | r = ndisc_router_process_dnssl(link, rt); | |
1125 | if (r < 0) | |
1126 | return r; | |
1127 | } | |
1e7a0e21 LP |
1128 | break; |
1129 | } | |
1e7a0e21 LP |
1130 | } |
1131 | } | |
1132 | ||
d5017c84 | 1133 | static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) { |
50550722 | 1134 | struct in6_addr router; |
1e7a0e21 | 1135 | uint64_t flags; |
50550722 YW |
1136 | NDiscAddress *na; |
1137 | NDiscRoute *nr; | |
86e2be7b | 1138 | int r; |
1e7a0e21 LP |
1139 | |
1140 | assert(link); | |
1141 | assert(link->network); | |
1142 | assert(link->manager); | |
1143 | assert(rt); | |
1144 | ||
69203fba YW |
1145 | link->ndisc_addresses_configured = false; |
1146 | link->ndisc_routes_configured = false; | |
1147 | ||
1148 | link_dirty(link); | |
1149 | ||
50550722 YW |
1150 | r = sd_ndisc_router_get_address(rt, &router); |
1151 | if (r < 0) | |
1152 | return log_link_error_errno(link, r, "Failed to get router address from RA: %m"); | |
69203fba | 1153 | |
90e74a66 | 1154 | SET_FOREACH(na, link->ndisc_addresses) |
50550722 YW |
1155 | if (IN6_ARE_ADDR_EQUAL(&na->router, &router)) |
1156 | na->marked = true; | |
1157 | ||
90e74a66 | 1158 | SET_FOREACH(nr, link->ndisc_routes) |
50550722 YW |
1159 | if (IN6_ARE_ADDR_EQUAL(&nr->router, &router)) |
1160 | nr->marked = true; | |
69203fba | 1161 | |
1e7a0e21 | 1162 | r = sd_ndisc_router_get_flags(rt, &flags); |
d5017c84 | 1163 | if (r < 0) |
13e8a49a | 1164 | return log_link_error_errno(link, r, "Failed to get RA flags: %m"); |
1e7a0e21 | 1165 | |
ac24e418 SS |
1166 | if ((flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER) && link->network->ipv6_accept_ra_start_dhcp6_client)) { |
1167 | ||
1168 | if (link->network->ipv6_accept_ra_start_dhcp6_client == IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS) | |
1169 | r = dhcp6_request_address(link, false); | |
1170 | else | |
1171 | /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags */ | |
1172 | r = dhcp6_request_address(link, !(flags & ND_RA_FLAG_MANAGED)); | |
1e7a0e21 | 1173 | if (r < 0 && r != -EBUSY) |
13e8a49a | 1174 | return log_link_error_errno(link, r, "Could not acquire DHCPv6 lease on NDisc request: %m"); |
69203fba | 1175 | else |
1e7a0e21 LP |
1176 | log_link_debug(link, "Acquiring DHCPv6 lease on NDisc request"); |
1177 | } | |
1178 | ||
13e8a49a YW |
1179 | r = ndisc_router_process_default(link, rt); |
1180 | if (r < 0) | |
1181 | return r; | |
1182 | r = ndisc_router_process_options(link, rt); | |
1183 | if (r < 0) | |
1184 | return r; | |
d5017c84 | 1185 | |
69203fba YW |
1186 | if (link->ndisc_addresses_messages == 0) |
1187 | link->ndisc_addresses_configured = true; | |
1188 | else { | |
1189 | log_link_debug(link, "Setting SLAAC addresses."); | |
1190 | ||
141318f7 YW |
1191 | /* address_handler calls link_set_routes() and link_set_nexthop(). Before they are |
1192 | * called, the related flags must be cleared. Otherwise, the link becomes configured | |
1193 | * state before routes are configured. */ | |
69203fba YW |
1194 | link->static_routes_configured = false; |
1195 | link->static_nexthops_configured = false; | |
1196 | } | |
1197 | ||
1198 | if (link->ndisc_routes_messages == 0) | |
1199 | link->ndisc_routes_configured = true; | |
1200 | else | |
1201 | log_link_debug(link, "Setting NDisc routes."); | |
1202 | ||
50550722 | 1203 | r = ndisc_remove_old(link); |
69203fba YW |
1204 | if (r < 0) |
1205 | return r; | |
1206 | ||
1207 | if (link->ndisc_addresses_configured && link->ndisc_routes_configured) | |
1208 | link_check_ready(link); | |
1209 | else | |
1210 | link_set_state(link, LINK_STATE_CONFIGURING); | |
1211 | ||
1212 | return 0; | |
1e7a0e21 LP |
1213 | } |
1214 | ||
1215 | static void ndisc_handler(sd_ndisc *nd, sd_ndisc_event event, sd_ndisc_router *rt, void *userdata) { | |
9d96e6c3 | 1216 | Link *link = userdata; |
13e8a49a | 1217 | int r; |
a13c50e7 | 1218 | |
9d96e6c3 | 1219 | assert(link); |
a13c50e7 | 1220 | |
9d96e6c3 TG |
1221 | if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) |
1222 | return; | |
a13c50e7 | 1223 | |
9d96e6c3 | 1224 | switch (event) { |
1e7a0e21 LP |
1225 | |
1226 | case SD_NDISC_EVENT_ROUTER: | |
13e8a49a YW |
1227 | r = ndisc_router_handler(link, rt); |
1228 | if (r < 0) { | |
1229 | link_enter_failed(link); | |
1230 | return; | |
1231 | } | |
1e7a0e21 LP |
1232 | break; |
1233 | ||
9d96e6c3 | 1234 | case SD_NDISC_EVENT_TIMEOUT: |
a8c10331 | 1235 | log_link_debug(link, "NDisc handler get timeout event"); |
3336e946 YW |
1236 | if (link->ndisc_addresses_messages == 0 && link->ndisc_routes_messages == 0) { |
1237 | link->ndisc_addresses_configured = true; | |
1238 | link->ndisc_routes_configured = true; | |
1239 | link_check_ready(link); | |
1240 | } | |
9d96e6c3 TG |
1241 | break; |
1242 | default: | |
a8c10331 | 1243 | assert_not_reached("Unknown NDisc event"); |
a13c50e7 TG |
1244 | } |
1245 | } | |
1246 | ||
1247 | int ndisc_configure(Link *link) { | |
1248 | int r; | |
1249 | ||
1e7a0e21 LP |
1250 | assert(link); |
1251 | ||
2ffd6d73 YW |
1252 | if (!link_ipv6_accept_ra_enabled(link)) |
1253 | return 0; | |
a13c50e7 | 1254 | |
2ffd6d73 YW |
1255 | if (!link->ndisc) { |
1256 | r = sd_ndisc_new(&link->ndisc); | |
1257 | if (r < 0) | |
1258 | return r; | |
1259 | ||
4cf85000 | 1260 | r = sd_ndisc_attach_event(link->ndisc, link->manager->event, 0); |
2ffd6d73 YW |
1261 | if (r < 0) |
1262 | return r; | |
1263 | } | |
a13c50e7 | 1264 | |
b8162cd2 | 1265 | r = sd_ndisc_set_mac(link->ndisc, &link->hw_addr.addr.ether); |
a13c50e7 TG |
1266 | if (r < 0) |
1267 | return r; | |
1268 | ||
1e7a0e21 | 1269 | r = sd_ndisc_set_ifindex(link->ndisc, link->ifindex); |
a13c50e7 TG |
1270 | if (r < 0) |
1271 | return r; | |
1272 | ||
1e7a0e21 | 1273 | r = sd_ndisc_set_callback(link->ndisc, ndisc_handler, link); |
a13c50e7 TG |
1274 | if (r < 0) |
1275 | return r; | |
1276 | ||
1e7a0e21 LP |
1277 | return 0; |
1278 | } | |
1279 | ||
1280 | void ndisc_vacuum(Link *link) { | |
1281 | NDiscRDNSS *r; | |
1282 | NDiscDNSSL *d; | |
1e7a0e21 | 1283 | usec_t time_now; |
b0b97766 | 1284 | bool updated = false; |
1e7a0e21 LP |
1285 | |
1286 | assert(link); | |
1287 | ||
1288 | /* Removes all RDNSS and DNSSL entries whose validity time has passed */ | |
1289 | ||
1290 | time_now = now(clock_boottime_or_monotonic()); | |
1291 | ||
90e74a66 | 1292 | SET_FOREACH(r, link->ndisc_rdnss) |
1e7a0e21 | 1293 | if (r->valid_until < time_now) { |
02affb4e | 1294 | free(set_remove(link->ndisc_rdnss, r)); |
b0b97766 | 1295 | updated = true; |
1e7a0e21 | 1296 | } |
a13c50e7 | 1297 | |
90e74a66 | 1298 | SET_FOREACH(d, link->ndisc_dnssl) |
1e7a0e21 | 1299 | if (d->valid_until < time_now) { |
02affb4e | 1300 | free(set_remove(link->ndisc_dnssl, d)); |
b0b97766 | 1301 | updated = true; |
1e7a0e21 | 1302 | } |
b0b97766 YW |
1303 | |
1304 | if (updated) | |
1305 | link_dirty(link); | |
a13c50e7 | 1306 | } |
c69305ff LP |
1307 | |
1308 | void ndisc_flush(Link *link) { | |
1309 | assert(link); | |
1310 | ||
1311 | /* Removes all RDNSS and DNSSL entries, without exception */ | |
1312 | ||
b0b97766 YW |
1313 | link->ndisc_rdnss = set_free(link->ndisc_rdnss); |
1314 | link->ndisc_dnssl = set_free(link->ndisc_dnssl); | |
c69305ff | 1315 | } |
e520ce64 | 1316 | |
5f506a55 SS |
1317 | int ipv6token_new(IPv6Token **ret) { |
1318 | IPv6Token *p; | |
1319 | ||
1320 | p = new(IPv6Token, 1); | |
1321 | if (!p) | |
1322 | return -ENOMEM; | |
1323 | ||
1324 | *p = (IPv6Token) { | |
1325 | .address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_NONE, | |
1326 | }; | |
1327 | ||
1328 | *ret = TAKE_PTR(p); | |
1329 | ||
1330 | return 0; | |
1331 | } | |
1332 | ||
2c621495 YW |
1333 | static void ipv6_token_hash_func(const IPv6Token *p, struct siphash *state) { |
1334 | siphash24_compress(&p->address_generation_type, sizeof(p->address_generation_type), state); | |
1335 | siphash24_compress(&p->prefix, sizeof(p->prefix), state); | |
1336 | } | |
1337 | ||
1338 | static int ipv6_token_compare_func(const IPv6Token *a, const IPv6Token *b) { | |
1339 | int r; | |
1340 | ||
1341 | r = CMP(a->address_generation_type, b->address_generation_type); | |
1342 | if (r != 0) | |
1343 | return r; | |
1344 | ||
1345 | return memcmp(&a->prefix, &b->prefix, sizeof(struct in6_addr)); | |
1346 | } | |
1347 | ||
1348 | DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR( | |
5f506a55 | 1349 | ipv6_token_hash_ops, |
5f506a55 | 1350 | IPv6Token, |
2c621495 YW |
1351 | ipv6_token_hash_func, |
1352 | ipv6_token_compare_func, | |
5f506a55 SS |
1353 | free); |
1354 | ||
6b000af4 | 1355 | int config_parse_ndisc_deny_listed_prefix( |
e520ce64 SS |
1356 | const char *unit, |
1357 | const char *filename, | |
1358 | unsigned line, | |
1359 | const char *section, | |
1360 | unsigned section_line, | |
1361 | const char *lvalue, | |
1362 | int ltype, | |
1363 | const char *rvalue, | |
1364 | void *data, | |
1365 | void *userdata) { | |
1366 | ||
1367 | Network *network = data; | |
1368 | const char *p; | |
1369 | int r; | |
1370 | ||
1371 | assert(filename); | |
1372 | assert(lvalue); | |
1373 | assert(rvalue); | |
1374 | assert(data); | |
1375 | ||
1376 | if (isempty(rvalue)) { | |
6b000af4 | 1377 | network->ndisc_deny_listed_prefix = set_free_free(network->ndisc_deny_listed_prefix); |
e520ce64 SS |
1378 | return 0; |
1379 | } | |
1380 | ||
1381 | for (p = rvalue;;) { | |
1382 | _cleanup_free_ char *n = NULL; | |
1383 | _cleanup_free_ struct in6_addr *a = NULL; | |
1384 | union in_addr_union ip; | |
1385 | ||
1386 | r = extract_first_word(&p, &n, NULL, 0); | |
d96edb2c YW |
1387 | if (r == -ENOMEM) |
1388 | return log_oom(); | |
e520ce64 | 1389 | if (r < 0) { |
d96edb2c | 1390 | log_syntax(unit, LOG_WARNING, filename, line, r, |
a8c10331 | 1391 | "Failed to parse NDisc deny-listed prefix, ignoring assignment: %s", |
e520ce64 SS |
1392 | rvalue); |
1393 | return 0; | |
1394 | } | |
1395 | if (r == 0) | |
1396 | return 0; | |
1397 | ||
1398 | r = in_addr_from_string(AF_INET6, n, &ip); | |
1399 | if (r < 0) { | |
d96edb2c | 1400 | log_syntax(unit, LOG_WARNING, filename, line, r, |
a8c10331 | 1401 | "NDisc deny-listed prefix is invalid, ignoring assignment: %s", n); |
e520ce64 SS |
1402 | continue; |
1403 | } | |
1404 | ||
6b000af4 | 1405 | if (set_contains(network->ndisc_deny_listed_prefix, &ip.in6)) |
e4443f9b YW |
1406 | continue; |
1407 | ||
e520ce64 SS |
1408 | a = newdup(struct in6_addr, &ip.in6, 1); |
1409 | if (!a) | |
1410 | return log_oom(); | |
1411 | ||
6b000af4 | 1412 | r = set_ensure_consume(&network->ndisc_deny_listed_prefix, &in6_addr_hash_ops, TAKE_PTR(a)); |
35e601d4 ZJS |
1413 | if (r < 0) |
1414 | return log_oom(); | |
e520ce64 | 1415 | } |
e520ce64 | 1416 | } |
5f506a55 SS |
1417 | |
1418 | int config_parse_address_generation_type( | |
1419 | const char *unit, | |
1420 | const char *filename, | |
1421 | unsigned line, | |
1422 | const char *section, | |
1423 | unsigned section_line, | |
1424 | const char *lvalue, | |
1425 | int ltype, | |
1426 | const char *rvalue, | |
1427 | void *data, | |
1428 | void *userdata) { | |
1429 | ||
1430 | _cleanup_free_ IPv6Token *token = NULL; | |
5f506a55 SS |
1431 | union in_addr_union buffer; |
1432 | Network *network = data; | |
1433 | const char *p; | |
1434 | int r; | |
1435 | ||
1436 | assert(filename); | |
1437 | assert(lvalue); | |
1438 | assert(rvalue); | |
1439 | assert(data); | |
1440 | ||
1441 | if (isempty(rvalue)) { | |
2c621495 | 1442 | network->ipv6_tokens = ordered_set_free(network->ipv6_tokens); |
5f506a55 SS |
1443 | return 0; |
1444 | } | |
1445 | ||
5f506a55 SS |
1446 | r = ipv6token_new(&token); |
1447 | if (r < 0) | |
1448 | return log_oom(); | |
1449 | ||
b27caa34 | 1450 | if ((p = startswith(rvalue, "prefixstable"))) { |
5f506a55 | 1451 | token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE; |
b27caa34 YW |
1452 | if (*p == ':') |
1453 | p++; | |
1454 | else if (*p == '\0') | |
1455 | p = NULL; | |
1456 | else { | |
1457 | log_syntax(unit, LOG_WARNING, filename, line, 0, | |
1458 | "Invalid IPv6 token mode in %s=, ignoring assignment: %s", | |
1459 | lvalue, rvalue); | |
1460 | return 0; | |
1461 | } | |
1462 | } else { | |
e2c4070e | 1463 | token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_STATIC; |
b27caa34 YW |
1464 | p = startswith(rvalue, "static:"); |
1465 | if (!p) | |
1466 | p = rvalue; | |
f0c1ad30 YW |
1467 | } |
1468 | ||
b27caa34 YW |
1469 | if (p) { |
1470 | r = in_addr_from_string(AF_INET6, p, &buffer); | |
1471 | if (r < 0) { | |
1472 | log_syntax(unit, LOG_WARNING, filename, line, r, | |
1473 | "Failed to parse IP address in %s=, ignoring assignment: %s", | |
1474 | lvalue, rvalue); | |
1475 | return 0; | |
1476 | } | |
1477 | if (token->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC && | |
1478 | in_addr_is_null(AF_INET6, &buffer)) { | |
1479 | log_syntax(unit, LOG_WARNING, filename, line, 0, | |
1480 | "IPv6 address in %s= cannot be the ANY address, ignoring assignment: %s", | |
1481 | lvalue, rvalue); | |
1482 | return 0; | |
1483 | } | |
1484 | token->prefix = buffer.in6; | |
5f506a55 SS |
1485 | } |
1486 | ||
2c621495 | 1487 | r = ordered_set_ensure_allocated(&network->ipv6_tokens, &ipv6_token_hash_ops); |
5f506a55 SS |
1488 | if (r < 0) |
1489 | return log_oom(); | |
1490 | ||
2c621495 YW |
1491 | r = ordered_set_put(network->ipv6_tokens, token); |
1492 | if (r == -EEXIST) | |
1493 | log_syntax(unit, LOG_DEBUG, filename, line, r, | |
1494 | "IPv6 token '%s' is duplicated, ignoring: %m", rvalue); | |
1495 | else if (r < 0) | |
d96edb2c | 1496 | log_syntax(unit, LOG_WARNING, filename, line, r, |
2c621495 YW |
1497 | "Failed to store IPv6 token '%s', ignoring: %m", rvalue); |
1498 | else | |
1499 | TAKE_PTR(token); | |
5f506a55 SS |
1500 | |
1501 | return 0; | |
1502 | } | |
ac24e418 SS |
1503 | |
1504 | DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_start_dhcp6_client, ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client, | |
1505 | "Failed to parse DHCPv6Client= setting") | |
1506 | static const char* const ipv6_accept_ra_start_dhcp6_client_table[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX] = { | |
1507 | [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO] = "no", | |
1508 | [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS] = "always", | |
1509 | [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES] = "yes", | |
1510 | }; | |
1511 | ||
1512 | DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES); |