[thirdparty/systemd.git] / src / network / networkd-netlabel.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include "escape.h"
#include "netlink-util.h"
#include "networkd-address.h"
#include "networkd-link.h"
#include "networkd-manager.h"
#include "networkd-netlabel.h"
#include "networkd-network.h"

static int netlabel_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
        int r;

        assert_se(rtnl);
        assert_se(m);
        assert_se(link);

        r = sd_netlink_message_get_errno(m);
        if (r < 0) {
                log_link_message_warning_errno(link, m, r, "NetLabel operation failed, ignoring");
                return 1;
        }

        log_link_debug(link, "NetLabel operation successful");

        return 1;
}

static int netlabel_command(uint16_t command, const char *label, const Address *address) {
        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
        int r;

        assert(command != NLBL_UNLABEL_C_UNSPEC && command < __NLBL_UNLABEL_C_MAX);
        assert(address);
        assert(address->link);
        assert(address->link->ifname);
        assert(address->link->manager);
        assert(address->link->manager->genl);
        assert(IN_SET(address->family, AF_INET, AF_INET6));

        r = sd_genl_message_new(address->link->manager->genl, NETLBL_NLTYPE_UNLABELED_NAME, command, &m);
        if (r < 0)
                return r;

        r = sd_netlink_message_append_string(m, NLBL_UNLABEL_A_IFACE, address->link->ifname);
        if (r < 0)
                return r;

        if (command == NLBL_UNLABEL_C_STATICADD) {
                assert(label);
                r = sd_netlink_message_append_string(m, NLBL_UNLABEL_A_SECCTX, label);
                if (r < 0)
                        return r;
        }

        union in_addr_union netmask, masked_addr;
        r = in_addr_prefixlen_to_netmask(address->family, &netmask, address->prefixlen);
        if (r < 0)
                return r;

        /*
         * When adding rules, kernel adds the address to its hash table _applying also the netmask_, but on
         * removal, an exact match is required _without netmask applied_, so apply the mask on both
         * operations.
         */
        masked_addr = address->in_addr;
        r = in_addr_mask(address->family, &masked_addr, address->prefixlen);
        if (r < 0)
                return r;

        if (address->family == AF_INET) {
                r = sd_netlink_message_append_in_addr(m, NLBL_UNLABEL_A_IPV4ADDR, &masked_addr.in);
                if (r < 0)
                        return r;

                r = sd_netlink_message_append_in_addr(m, NLBL_UNLABEL_A_IPV4MASK, &netmask.in);
        } else if (address->family == AF_INET6) {
                r = sd_netlink_message_append_in6_addr(m, NLBL_UNLABEL_A_IPV6ADDR, &masked_addr.in6);
                if (r < 0)
                        return r;

                r = sd_netlink_message_append_in6_addr(m, NLBL_UNLABEL_A_IPV6MASK, &netmask.in6);
        }
        if (r < 0)
                return r;

        r = netlink_call_async(address->link->manager->genl, NULL, m, netlabel_handler, link_netlink_destroy_callback,
                               address->link);
        if (r < 0)
                return r;

        link_ref(address->link);
        return 0;
}

void address_add_netlabel(const Address *address) {
        int r;

        assert(address);

        if (!address->netlabel)
                return;

        r = netlabel_command(NLBL_UNLABEL_C_STATICADD, address->netlabel, address);
        if (r < 0)
                log_link_warning_errno(address->link, r, "Adding NetLabel %s for IP address %s failed, ignoring", address->netlabel,
                                       IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
        else
                log_link_debug(address->link, "Adding NetLabel %s for IP address %s", address->netlabel,
                               IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
}

void address_del_netlabel(const Address *address) {
        int r;

        assert(address);

        if (!address->netlabel)
                return;

        r = netlabel_command(NLBL_UNLABEL_C_STATICREMOVE, address->netlabel, address);
        if (r < 0)
                log_link_warning_errno(address->link, r, "Deleting NetLabel %s for IP address %s failed, ignoring", address->netlabel,
                                       IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
        else
                log_link_debug(address->link, "Deleting NetLabel %s for IP address %s", address->netlabel,
                               IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
}
Commit	Line	Data
4b3590c3 TM	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
	2
	3	#include "escape.h"
	4	#include "netlink-util.h"
	5	#include "networkd-address.h"
	6	#include "networkd-link.h"
	7	#include "networkd-manager.h"
	8	#include "networkd-netlabel.h"
	9	#include "networkd-network.h"
	10
	11	static int netlabel_handler(sd_netlink rtnl, sd_netlink_message m, Link *link) {
	12	int r;
	13
	14	assert_se(rtnl);
	15	assert_se(m);
	16	assert_se(link);
	17
	18	r = sd_netlink_message_get_errno(m);
	19	if (r < 0) {
	20	log_link_message_warning_errno(link, m, r, "NetLabel operation failed, ignoring");
	21	return 1;
	22	}
	23
	24	log_link_debug(link, "NetLabel operation successful");
	25
	26	return 1;
	27	}
	28
	29	static int netlabel_command(uint16_t command, const char label, const Address address) {
	30	_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
	31	int r;
	32
	33	assert(command != NLBL_UNLABEL_C_UNSPEC && command < __NLBL_UNLABEL_C_MAX);
	34	assert(address);
	35	assert(address->link);
	36	assert(address->link->ifname);
	37	assert(address->link->manager);
	38	assert(address->link->manager->genl);
	39	assert(IN_SET(address->family, AF_INET, AF_INET6));
	40
	41	r = sd_genl_message_new(address->link->manager->genl, NETLBL_NLTYPE_UNLABELED_NAME, command, &m);
	42	if (r < 0)
	43	return r;
	44
	45	r = sd_netlink_message_append_string(m, NLBL_UNLABEL_A_IFACE, address->link->ifname);
	46	if (r < 0)
	47	return r;
	48
	49	if (command == NLBL_UNLABEL_C_STATICADD) {
	50	assert(label);
	51	r = sd_netlink_message_append_string(m, NLBL_UNLABEL_A_SECCTX, label);
	52	if (r < 0)
	53	return r;
	54	}
	55
	56	union in_addr_union netmask, masked_addr;
	57	r = in_addr_prefixlen_to_netmask(address->family, &netmask, address->prefixlen);
	58	if (r < 0)
	59	return r;
	60
	61	/*
	62	* When adding rules, kernel adds the address to its hash table _applying also the netmask_, but on
	63	* removal, an exact match is required _without netmask applied_, so apply the mask on both
	64	* operations.
65	*/
66	masked_addr = address->in_addr;
67	r = in_addr_mask(address->family, &masked_addr, address->prefixlen);
68	if (r < 0)
69	return r;
70
71	if (address->family == AF_INET) {
72	r = sd_netlink_message_append_in_addr(m, NLBL_UNLABEL_A_IPV4ADDR, &masked_addr.in);
73	if (r < 0)
74	return r;
75
76	r = sd_netlink_message_append_in_addr(m, NLBL_UNLABEL_A_IPV4MASK, &netmask.in);
77	} else if (address->family == AF_INET6) {
78	r = sd_netlink_message_append_in6_addr(m, NLBL_UNLABEL_A_IPV6ADDR, &masked_addr.in6);
79	if (r < 0)
80	return r;
81
82	r = sd_netlink_message_append_in6_addr(m, NLBL_UNLABEL_A_IPV6MASK, &netmask.in6);
83	}
84	if (r < 0)
85	return r;
86
87	r = netlink_call_async(address->link->manager->genl, NULL, m, netlabel_handler, link_netlink_destroy_callback,
88	address->link);
89	if (r < 0)
90	return r;
91
92	link_ref(address->link);
93	return 0;
94	}
95
96	void address_add_netlabel(const Address *address) {
97	int r;
98
99	assert(address);
100
101	if (!address->netlabel)
102	return;
103
104	r = netlabel_command(NLBL_UNLABEL_C_STATICADD, address->netlabel, address);
105	if (r < 0)
106	log_link_warning_errno(address->link, r, "Adding NetLabel %s for IP address %s failed, ignoring", address->netlabel,
107	IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
108	else
109	log_link_debug(address->link, "Adding NetLabel %s for IP address %s", address->netlabel,
110	IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
111	}
112
113	void address_del_netlabel(const Address *address) {
114	int r;
115
116	assert(address);
117
118	if (!address->netlabel)
119	return;
120
121	r = netlabel_command(NLBL_UNLABEL_C_STATICREMOVE, address->netlabel, address);
122	if (r < 0)
123	log_link_warning_errno(address->link, r, "Deleting NetLabel %s for IP address %s failed, ignoring", address->netlabel,
124	IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
125	else
126	log_link_debug(address->link, "Deleting NetLabel %s for IP address %s", address->netlabel,
127	IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
128	}