1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include <netinet/in.h>
4 #include <linux/l2tp.h>
5 #include <linux/genetlink.h>
7 #include "conf-parser.h"
9 #include "l2tp-tunnel.h"
10 #include "netlink-util.h"
11 #include "networkd-address.h"
12 #include "networkd-manager.h"
13 #include "networkd-route-util.h"
14 #include "parse-util.h"
15 #include "socket-util.h"
16 #include "string-table.h"
17 #include "string-util.h"
20 static const char* const l2tp_l2spec_type_table
[_NETDEV_L2TP_L2SPECTYPE_MAX
] = {
21 [NETDEV_L2TP_L2SPECTYPE_NONE
] = "none",
22 [NETDEV_L2TP_L2SPECTYPE_DEFAULT
] = "default",
25 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_l2spec_type
, L2tpL2specType
);
27 static const char* const l2tp_encap_type_table
[_NETDEV_L2TP_ENCAPTYPE_MAX
] = {
28 [NETDEV_L2TP_ENCAPTYPE_UDP
] = "udp",
29 [NETDEV_L2TP_ENCAPTYPE_IP
] = "ip",
32 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_encap_type
, L2tpEncapType
);
33 DEFINE_CONFIG_PARSE_ENUM(config_parse_l2tp_encap_type
, l2tp_encap_type
, L2tpEncapType
, "Failed to parse L2TP Encapsulation Type");
35 static const char* const l2tp_local_address_type_table
[_NETDEV_L2TP_LOCAL_ADDRESS_MAX
] = {
36 [NETDEV_L2TP_LOCAL_ADDRESS_AUTO
] = "auto",
37 [NETDEV_L2TP_LOCAL_ADDRESS_STATIC
] = "static",
38 [NETDEV_L2TP_LOCAL_ADDRESS_DYNAMIC
] = "dynamic",
41 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_local_address_type
, L2tpLocalAddressType
);
43 static L2tpSession
* l2tp_session_free(L2tpSession
*s
) {
47 if (s
->tunnel
&& s
->section
)
48 ordered_hashmap_remove(s
->tunnel
->sessions_by_section
, s
->section
);
50 config_section_free(s
->section
);
55 DEFINE_SECTION_CLEANUP_FUNCTIONS(L2tpSession
, l2tp_session_free
);
57 static int l2tp_session_new_static(L2tpTunnel
*t
, const char *filename
, unsigned section_line
, L2tpSession
**ret
) {
58 _cleanup_(config_section_freep
) ConfigSection
*n
= NULL
;
59 _cleanup_(l2tp_session_freep
) L2tpSession
*s
= NULL
;
65 assert(section_line
> 0);
67 r
= config_section_new(filename
, section_line
, &n
);
71 s
= ordered_hashmap_get(t
->sessions_by_section
, n
);
77 s
= new(L2tpSession
, 1);
82 .l2tp_l2spec_type
= NETDEV_L2TP_L2SPECTYPE_DEFAULT
,
84 .section
= TAKE_PTR(n
),
87 r
= ordered_hashmap_ensure_put(&t
->sessions_by_section
, &config_section_hash_ops
, s
->section
, s
);
95 static int netdev_l2tp_create_message_tunnel(NetDev
*netdev
, union in_addr_union
*local_address
, sd_netlink_message
**ret
) {
96 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
102 assert(local_address
);
103 assert_se(t
= L2TP(netdev
));
105 r
= sd_genl_message_new(netdev
->manager
->genl
, L2TP_GENL_NAME
, L2TP_CMD_TUNNEL_CREATE
, &m
);
109 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_CONN_ID
, t
->tunnel_id
);
113 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_CONN_ID
, t
->peer_tunnel_id
);
117 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_PROTO_VERSION
, 3);
121 switch (t
->l2tp_encap_type
) {
122 case NETDEV_L2TP_ENCAPTYPE_IP
:
123 encap_type
= L2TP_ENCAPTYPE_IP
;
125 case NETDEV_L2TP_ENCAPTYPE_UDP
:
127 encap_type
= L2TP_ENCAPTYPE_UDP
;
131 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_ENCAP_TYPE
, encap_type
);
135 if (t
->family
== AF_INET
) {
136 r
= sd_netlink_message_append_in_addr(m
, L2TP_ATTR_IP_SADDR
, &local_address
->in
);
140 r
= sd_netlink_message_append_in_addr(m
, L2TP_ATTR_IP_DADDR
, &t
->remote
.in
);
144 r
= sd_netlink_message_append_in6_addr(m
, L2TP_ATTR_IP6_SADDR
, &local_address
->in6
);
148 r
= sd_netlink_message_append_in6_addr(m
, L2TP_ATTR_IP6_DADDR
, &t
->remote
.in6
);
153 if (encap_type
== L2TP_ENCAPTYPE_UDP
) {
154 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_UDP_SPORT
, t
->l2tp_udp_sport
);
158 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_UDP_DPORT
, t
->l2tp_udp_dport
);
163 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_UDP_CSUM
, t
->udp_csum
);
168 if (t
->udp6_csum_tx
) {
169 r
= sd_netlink_message_append_flag(m
, L2TP_ATTR_UDP_ZERO_CSUM6_TX
);
174 if (t
->udp6_csum_rx
) {
175 r
= sd_netlink_message_append_flag(m
, L2TP_ATTR_UDP_ZERO_CSUM6_RX
);
186 static int netdev_l2tp_create_message_session(NetDev
*netdev
, L2tpSession
*session
, sd_netlink_message
**ret
) {
187 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
188 uint16_t l2_spec_len
;
189 uint8_t l2_spec_type
;
194 assert(session
->tunnel
);
196 r
= sd_genl_message_new(netdev
->manager
->genl
, L2TP_GENL_NAME
, L2TP_CMD_SESSION_CREATE
, &m
);
200 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_CONN_ID
, session
->tunnel
->tunnel_id
);
204 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_CONN_ID
, session
->tunnel
->peer_tunnel_id
);
208 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_SESSION_ID
, session
->session_id
);
212 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_SESSION_ID
, session
->peer_session_id
);
216 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_PW_TYPE
, L2TP_PWTYPE_ETH
);
220 switch (session
->l2tp_l2spec_type
) {
221 case NETDEV_L2TP_L2SPECTYPE_NONE
:
222 l2_spec_type
= L2TP_L2SPECTYPE_NONE
;
225 case NETDEV_L2TP_L2SPECTYPE_DEFAULT
:
227 l2_spec_type
= L2TP_L2SPECTYPE_DEFAULT
;
232 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_L2SPEC_TYPE
, l2_spec_type
);
236 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_L2SPEC_LEN
, l2_spec_len
);
240 r
= sd_netlink_message_append_string(m
, L2TP_ATTR_IFNAME
, session
->name
);
249 static int link_get_l2tp_local_address(Link
*link
, L2tpTunnel
*t
, union in_addr_union
*ret
) {
255 SET_FOREACH(a
, link
->addresses
) {
256 if (!address_is_ready(a
))
259 if (a
->family
!= t
->family
)
262 if (in_addr_is_set(a
->family
, &a
->in_addr_peer
))
265 if (t
->local_address_type
== NETDEV_L2TP_LOCAL_ADDRESS_STATIC
&&
266 !FLAGS_SET(a
->flags
, IFA_F_PERMANENT
))
269 if (t
->local_address_type
== NETDEV_L2TP_LOCAL_ADDRESS_DYNAMIC
&&
270 FLAGS_SET(a
->flags
, IFA_F_PERMANENT
))
280 static int l2tp_get_local_address(NetDev
*netdev
, union in_addr_union
*ret
) {
287 assert(netdev
->manager
);
288 assert_se(t
= L2TP(netdev
));
290 if (t
->local_ifname
) {
291 r
= link_get_by_name(netdev
->manager
, t
->local_ifname
, &link
);
295 if (!link_is_ready_to_configure(link
, /* allow_unmanaged = */ false))
299 if (netdev
->manager
->manage_foreign_routes
) {
300 /* First, check if the remote address is accessible. */
302 r
= link_address_is_reachable(link
, t
->family
, &t
->remote
, &t
->local
, &a
);
304 r
= manager_address_is_reachable(netdev
->manager
, t
->family
, &t
->remote
, &t
->local
, &a
);
309 if (in_addr_is_set(t
->family
, &t
->local
)) {
310 /* local address is explicitly specified. */
314 r
= link_get_address(link
, t
->family
, &t
->local
, 0, &a
);
316 r
= manager_get_address(netdev
->manager
, t
->family
, &t
->local
, 0, &a
);
320 if (!address_is_ready(a
))
331 if (t
->local_address_type
== NETDEV_L2TP_LOCAL_ADDRESS_STATIC
&&
332 !FLAGS_SET(a
->flags
, IFA_F_PERMANENT
))
335 if (t
->local_address_type
== NETDEV_L2TP_LOCAL_ADDRESS_DYNAMIC
&&
336 FLAGS_SET(a
->flags
, IFA_F_PERMANENT
))
346 return link_get_l2tp_local_address(link
, t
, ret
);
348 HASHMAP_FOREACH(link
, netdev
->manager
->links_by_index
) {
349 if (!link_is_ready_to_configure(link
, /* allow_unmanaged = */ false))
352 if (link_get_l2tp_local_address(link
, t
, ret
) >= 0)
359 static void l2tp_session_destroy_callback(L2tpSession
*session
) {
363 netdev_unref(NETDEV(session
->tunnel
));
366 static int l2tp_create_session_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, L2tpSession
*session
) {
371 assert(session
->tunnel
);
373 netdev
= NETDEV(session
->tunnel
);
375 r
= sd_netlink_message_get_errno(m
);
377 log_netdev_info(netdev
, "L2TP session %s exists, using existing without changing its parameters",
380 log_netdev_warning_errno(netdev
, r
, "L2TP session %s could not be created: %m", session
->name
);
384 log_netdev_debug(netdev
, "L2TP session %s created", session
->name
);
388 static int l2tp_create_session(NetDev
*netdev
, L2tpSession
*session
) {
389 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*n
= NULL
;
392 r
= netdev_l2tp_create_message_session(netdev
, session
, &n
);
394 return log_netdev_error_errno(netdev
, r
, "Failed to create netlink message: %m");
396 r
= netlink_call_async(netdev
->manager
->genl
, NULL
, n
, l2tp_create_session_handler
,
397 l2tp_session_destroy_callback
, session
);
399 return log_netdev_error_errno(netdev
, r
, "Failed to create L2TP session %s: %m", session
->name
);
405 static int l2tp_create_tunnel_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, NetDev
*netdev
) {
406 L2tpSession
*session
;
411 assert(netdev
->state
!= _NETDEV_STATE_INVALID
);
417 r
= sd_netlink_message_get_errno(m
);
419 log_netdev_info(netdev
, "netdev exists, using existing without changing its parameters");
421 log_netdev_warning_errno(netdev
, r
, "netdev could not be created: %m");
422 netdev_enter_failed(netdev
);
427 log_netdev_debug(netdev
, "L2TP tunnel is created");
429 ORDERED_HASHMAP_FOREACH(session
, t
->sessions_by_section
)
430 (void) l2tp_create_session(netdev
, session
);
435 static int l2tp_create_tunnel(NetDev
*netdev
) {
436 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
437 union in_addr_union local_address
;
442 assert_se(t
= L2TP(netdev
));
444 r
= l2tp_get_local_address(netdev
, &local_address
);
446 return log_netdev_error_errno(netdev
, r
, "Could not find local address.");
448 if (t
->local_address_type
>= 0 && DEBUG_LOGGING
)
449 log_netdev_debug(netdev
, "Local address %s acquired.",
450 IN_ADDR_TO_STRING(t
->family
, &local_address
));
452 r
= netdev_l2tp_create_message_tunnel(netdev
, &local_address
, &m
);
454 return log_netdev_error_errno(netdev
, r
, "Failed to create netlink message: %m");
456 r
= netlink_call_async(netdev
->manager
->genl
, NULL
, m
, l2tp_create_tunnel_handler
,
457 netdev_destroy_callback
, netdev
);
459 return log_netdev_error_errno(netdev
, r
, "Failed to create L2TP tunnel: %m");
466 static int netdev_l2tp_is_ready_to_create(NetDev
*netdev
, Link
*link
) {
467 return l2tp_get_local_address(netdev
, NULL
) >= 0;
470 int config_parse_l2tp_tunnel_local_address(
472 const char *filename
,
475 unsigned section_line
,
482 _cleanup_free_
char *addr_or_type
= NULL
, *ifname
= NULL
;
483 L2tpLocalAddressType type
;
484 L2tpTunnel
*t
= ASSERT_PTR(userdata
);
485 const char *p
= ASSERT_PTR(rvalue
);
486 union in_addr_union a
;
492 if (isempty(rvalue
)) {
493 t
->local_ifname
= mfree(t
->local_ifname
);
494 t
->local_address_type
= NETDEV_L2TP_LOCAL_ADDRESS_AUTO
;
495 t
->local
= IN_ADDR_NULL
;
497 if (!in_addr_is_set(t
->family
, &t
->remote
))
498 /* If Remote= is not specified yet, then also clear family. */
499 t
->family
= AF_UNSPEC
;
504 r
= extract_first_word(&p
, &addr_or_type
, "@", 0);
508 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
509 "Invalid L2TP Tunnel address specified in %s=, ignoring assignment: %s", lvalue
, rvalue
);
514 if (!ifname_valid_full(p
, IFNAME_VALID_ALTERNATIVE
)) {
515 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
516 "Invalid interface name specified in %s=, ignoring assignment: %s", lvalue
, rvalue
);
525 type
= l2tp_local_address_type_from_string(rvalue
);
527 free_and_replace(t
->local_ifname
, ifname
);
528 t
->local_address_type
= type
;
529 t
->local
= IN_ADDR_NULL
;
531 if (!in_addr_is_set(t
->family
, &t
->remote
))
532 /* If Remote= is not specified yet, then also clear family. */
533 t
->family
= AF_UNSPEC
;
538 r
= in_addr_from_string_auto(rvalue
, &f
, &a
);
540 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
541 "Invalid L2TP Tunnel local address specified, ignoring assignment: %s", rvalue
);
545 if (in_addr_is_null(f
, &a
)) {
546 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
547 "L2TP Tunnel local address cannot be null, ignoring assignment: %s", rvalue
);
551 if (t
->family
!= AF_UNSPEC
&& t
->family
!= f
) {
552 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
553 "Address family does not match the previous assignment, ignoring assignment: %s", rvalue
);
559 free_and_replace(t
->local_ifname
, ifname
);
560 t
->local_address_type
= _NETDEV_L2TP_LOCAL_ADDRESS_INVALID
;
564 int config_parse_l2tp_tunnel_remote_address(
566 const char *filename
,
569 unsigned section_line
,
576 L2tpTunnel
*t
= ASSERT_PTR(userdata
);
577 union in_addr_union a
;
584 if (isempty(rvalue
)) {
585 t
->remote
= IN_ADDR_NULL
;
587 if (!in_addr_is_set(t
->family
, &t
->local
))
588 /* If Local= is not specified yet, then also clear family. */
589 t
->family
= AF_UNSPEC
;
594 r
= in_addr_from_string_auto(rvalue
, &f
, &a
);
596 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
597 "Invalid L2TP Tunnel remote address specified, ignoring assignment: %s", rvalue
);
601 if (in_addr_is_null(f
, &a
)) {
602 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
603 "L2TP Tunnel remote address cannot be null, ignoring assignment: %s", rvalue
);
607 if (t
->family
!= AF_UNSPEC
&& t
->family
!= f
) {
608 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
609 "Address family does not match the previous assignment, ignoring assignment: %s", rvalue
);
618 int config_parse_l2tp_tunnel_id(
620 const char *filename
,
623 unsigned section_line
,
630 uint32_t *id
= data
, k
;
638 r
= safe_atou32(rvalue
, &k
);
640 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
641 "Failed to parse L2TP tunnel id. Ignoring assignment: %s", rvalue
);
646 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
647 "Invalid L2TP tunnel id. Ignoring assignment: %s", rvalue
);
656 int config_parse_l2tp_session_id(
658 const char *filename
,
661 unsigned section_line
,
668 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
669 L2tpTunnel
*t
= userdata
;
679 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
683 r
= safe_atou32(rvalue
, &k
);
685 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
686 "Failed to parse L2TP session id. Ignoring assignment: %s", rvalue
);
691 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
692 "Invalid L2TP session id. Ignoring assignment: %s", rvalue
);
696 if (streq(lvalue
, "SessionId"))
697 session
->session_id
= k
;
699 session
->peer_session_id
= k
;
705 int config_parse_l2tp_session_l2spec(
707 const char *filename
,
710 unsigned section_line
,
717 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
718 L2tpTunnel
*t
= userdata
;
728 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
732 spec
= l2tp_l2spec_type_from_string(rvalue
);
734 log_syntax(unit
, LOG_WARNING
, filename
, line
, spec
,
735 "Failed to parse layer2 specific header type. Ignoring assignment: %s", rvalue
);
739 session
->l2tp_l2spec_type
= spec
;
745 int config_parse_l2tp_session_name(
747 const char *filename
,
750 unsigned section_line
,
757 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
758 L2tpTunnel
*t
= userdata
;
767 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
771 if (!ifname_valid(rvalue
)) {
772 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
773 "Failed to parse L2TP tunnel session name. Ignoring assignment: %s", rvalue
);
777 r
= free_and_strdup(&session
->name
, rvalue
);
785 static void l2tp_tunnel_init(NetDev
*netdev
) {
794 t
->l2tp_encap_type
= NETDEV_L2TP_ENCAPTYPE_UDP
;
795 t
->udp6_csum_rx
= true;
796 t
->udp6_csum_tx
= true;
799 static int l2tp_session_verify(L2tpSession
*session
) {
803 assert(session
->tunnel
);
805 netdev
= NETDEV(session
->tunnel
);
807 if (section_is_invalid(session
->section
))
811 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
812 "%s: L2TP session without name configured. "
813 "Ignoring [L2TPSession] section from line %u",
814 session
->section
->filename
, session
->section
->line
);
816 if (session
->session_id
== 0 || session
->peer_session_id
== 0)
817 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
818 "%s: L2TP session without session IDs configured. "
819 "Ignoring [L2TPSession] section from line %u",
820 session
->section
->filename
, session
->section
->line
);
825 static int netdev_l2tp_tunnel_verify(NetDev
*netdev
, const char *filename
) {
827 L2tpSession
*session
;
836 if (!IN_SET(t
->family
, AF_INET
, AF_INET6
))
837 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
838 "%s: L2TP tunnel with invalid address family configured. Ignoring",
841 if (!in_addr_is_set(t
->family
, &t
->remote
))
842 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
843 "%s: L2TP tunnel without a remote address configured. Ignoring",
846 if (t
->tunnel_id
== 0 || t
->peer_tunnel_id
== 0)
847 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
848 "%s: L2TP tunnel without tunnel IDs configured. Ignoring",
851 ORDERED_HASHMAP_FOREACH(session
, t
->sessions_by_section
)
852 if (l2tp_session_verify(session
) < 0)
853 l2tp_session_free(session
);
858 static void l2tp_tunnel_done(NetDev
*netdev
) {
867 ordered_hashmap_free_with_destructor(t
->sessions_by_section
, l2tp_session_free
);
868 free(t
->local_ifname
);
871 const NetDevVTable l2tptnl_vtable
= {
872 .object_size
= sizeof(L2tpTunnel
),
873 .init
= l2tp_tunnel_init
,
874 .sections
= NETDEV_COMMON_SECTIONS
"L2TP\0L2TPSession\0",
875 .create
= l2tp_create_tunnel
,
876 .done
= l2tp_tunnel_done
,
877 .create_type
= NETDEV_CREATE_INDEPENDENT
,
878 .is_ready_to_create
= netdev_l2tp_is_ready_to_create
,
879 .config_verify
= netdev_l2tp_tunnel_verify
,