]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/network/networkd-dhcp-prefix-delegation.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
test: also flush and rotate journal before read
[thirdparty/systemd.git] / src / network / networkd-dhcp-prefix-delegation.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <linux/ipv6_route.h>
4
5 #include "dhcp6-lease-internal.h"
6 #include "hashmap.h"
7 #include "in-addr-prefix-util.h"
8 #include "networkd-address-generation.h"
9 #include "networkd-address.h"
10 #include "networkd-dhcp-prefix-delegation.h"
11 #include "networkd-dhcp6.h"
12 #include "networkd-link.h"
13 #include "networkd-manager.h"
14 #include "networkd-queue.h"
15 #include "networkd-radv.h"
16 #include "networkd-route.h"
17 #include "networkd-setlink.h"
18 #include "parse-util.h"
19 #include "string-util.h"
20 #include "strv.h"
21 #include "tunnel.h"
22
23 bool link_dhcp_pd_is_enabled(Link *link) {
24 assert(link);
25
26 if (!link->network)
27 return false;
28
29 return link->network->dhcp_pd;
30 }
31
32 bool dhcp_pd_is_uplink(Link *link, Link *target, bool accept_auto) {
33 assert(link);
34 assert(target);
35
36 if (!link_dhcp_pd_is_enabled(link))
37 return false;
38
39 if (link->network->dhcp_pd_uplink_name)
40 return streq_ptr(target->ifname, link->network->dhcp_pd_uplink_name) ||
41 strv_contains(target->alternative_names, link->network->dhcp_pd_uplink_name);
42
43 if (link->network->dhcp_pd_uplink_index > 0)
44 return target->ifindex == link->network->dhcp_pd_uplink_index;
45
46 if (link->network->dhcp_pd_uplink_index == UPLINK_INDEX_SELF)
47 return link == target;
48
49 assert(link->network->dhcp_pd_uplink_index == UPLINK_INDEX_AUTO);
50 return accept_auto;
51 }
52
53 static void link_remove_dhcp_pd_subnet_prefix(Link *link, const struct in6_addr *prefix) {
54 void *key;
55
56 assert(link);
57 assert(link->manager);
58 assert(prefix);
59
60 if (hashmap_get(link->manager->links_by_dhcp_pd_subnet_prefix, prefix) != link)
61 return;
62
63 hashmap_remove2(link->manager->links_by_dhcp_pd_subnet_prefix, prefix, &key);
64 free(key);
65 }
66
67 static int link_add_dhcp_pd_subnet_prefix(Link *link, const struct in6_addr *prefix) {
68 _cleanup_free_ struct in6_addr *copy = NULL;
69 int r;
70
71 assert(link);
72 assert(prefix);
73
74 copy = newdup(struct in6_addr, prefix, 1);
75 if (!copy)
76 return -ENOMEM;
77
78 r = hashmap_ensure_put(&link->manager->links_by_dhcp_pd_subnet_prefix, &in6_addr_hash_ops_free, copy, link);
79 if (r < 0)
80 return r;
81 if (r > 0)
82 TAKE_PTR(copy);
83
84 return 0;
85 }
86
87 static int link_get_by_dhcp_pd_subnet_prefix(Manager *manager, const struct in6_addr *prefix, Link **ret) {
88 Link *link;
89
90 assert(manager);
91 assert(prefix);
92
93 link = hashmap_get(manager->links_by_dhcp_pd_subnet_prefix, prefix);
94 if (!link)
95 return -ENODEV;
96
97 if (ret)
98 *ret = link;
99 return 0;
100 }
101
102 static int dhcp_pd_get_assigned_subnet_prefix(Link *link, const struct in6_addr *pd_prefix, uint8_t pd_prefix_len, struct in6_addr *ret) {
103 assert(link);
104 assert(link->manager);
105 assert(pd_prefix);
106
107 if (!link_dhcp_pd_is_enabled(link))
108 return -ENOENT;
109
110 if (link->network->dhcp_pd_assign) {
111 Address *address;
112
113 SET_FOREACH(address, link->addresses) {
114 if (address->source != NETWORK_CONFIG_SOURCE_DHCP_PD)
115 continue;
116 assert(address->family == AF_INET6);
117
118 if (in6_addr_prefix_covers(pd_prefix, pd_prefix_len, &address->in_addr.in6) <= 0)
119 continue;
120
121 if (ret) {
122 struct in6_addr prefix = address->in_addr.in6;
123
124 in6_addr_mask(&prefix, 64);
125 *ret = prefix;
126 }
127 return 0;
128 }
129 } else {
130 Route *route;
131
132 SET_FOREACH(route, link->manager->routes) {
133 if (route->source != NETWORK_CONFIG_SOURCE_DHCP_PD)
134 continue;
135 assert(route->family == AF_INET6);
136
137 if (route->nexthop.ifindex != link->ifindex)
138 continue;
139
140 if (in6_addr_prefix_covers(pd_prefix, pd_prefix_len, &route->dst.in6) > 0) {
141 if (ret)
142 *ret = route->dst.in6;
143 return 0;
144 }
145 }
146 }
147
148 return -ENOENT;
149 }
150
151 int dhcp_pd_remove(Link *link, bool only_marked) {
152 int ret = 0;
153
154 assert(link);
155 assert(link->manager);
156
157 if (!link_dhcp_pd_is_enabled(link))
158 return 0;
159
160 if (!only_marked)
161 link->dhcp_pd_configured = false;
162
163 if (!link->network->dhcp_pd_assign) {
164 Route *route;
165
166 SET_FOREACH(route, link->manager->routes) {
167 if (route->source != NETWORK_CONFIG_SOURCE_DHCP_PD)
168 continue;
169 if (route->nexthop.ifindex != link->ifindex)
170 continue;
171 if (only_marked && !route_is_marked(route))
172 continue;
173
174 if (link->radv)
175 sd_radv_remove_prefix(link->radv, &route->dst.in6, 64);
176
177 link_remove_dhcp_pd_subnet_prefix(link, &route->dst.in6);
178
179 RET_GATHER(ret, route_remove_and_cancel(route, link->manager));
180 }
181 } else {
182 Address *address;
183
184 SET_FOREACH(address, link->addresses) {
185 struct in6_addr prefix;
186
187 if (address->source != NETWORK_CONFIG_SOURCE_DHCP_PD)
188 continue;
189 if (only_marked && !address_is_marked(address))
190 continue;
191
192 prefix = address->in_addr.in6;
193 in6_addr_mask(&prefix, 64);
194
195 if (link->radv)
196 sd_radv_remove_prefix(link->radv, &prefix, 64);
197
198 link_remove_dhcp_pd_subnet_prefix(link, &prefix);
199
200 RET_GATHER(ret, address_remove_and_cancel(address, link));
201 }
202 }
203
204 return ret;
205 }
206
207 static int dhcp_pd_check_ready(Link *link);
208
209 static int dhcp_pd_address_ready_callback(Address *address) {
210 Address *a;
211
212 assert(address);
213 assert(address->link);
214
215 SET_FOREACH(a, address->link->addresses)
216 if (a->source == NETWORK_CONFIG_SOURCE_DHCP_PD)
217 a->callback = NULL;
218
219 return dhcp_pd_check_ready(address->link);
220 }
221
222 static int dhcp_pd_check_ready(Link *link) {
223 int r;
224
225 assert(link);
226 assert(link->network);
227
228 if (link->dhcp_pd_messages > 0) {
229 log_link_debug(link, "%s(): DHCP-PD addresses and routes are not set.", __func__);
230 return 0;
231 }
232
233 if (link->network->dhcp_pd_assign) {
234 bool has_ready = false;
235 Address *address;
236
237 SET_FOREACH(address, link->addresses) {
238 if (address->source != NETWORK_CONFIG_SOURCE_DHCP_PD)
239 continue;
240 if (address_is_ready(address)) {
241 has_ready = true;
242 break;
243 }
244 }
245
246 if (!has_ready) {
247 SET_FOREACH(address, link->addresses)
248 if (address->source == NETWORK_CONFIG_SOURCE_DHCP_PD)
249 address->callback = dhcp_pd_address_ready_callback;
250
251 log_link_debug(link, "%s(): no DHCP-PD address is ready.", __func__);
252 return 0;
253 }
254 }
255
256 link->dhcp_pd_configured = true;
257
258 log_link_debug(link, "DHCP-PD addresses and routes set.");
259
260 r = dhcp_pd_remove(link, /* only_marked = */ true);
261 if (r < 0)
262 return r;
263
264 link_check_ready(link);
265 return 1;
266 }
267
268 static int dhcp_pd_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Route *route) {
269 int r;
270
271 assert(link);
272
273 r = route_configure_handler_internal(rtnl, m, link, route, "Failed to add prefix route for DHCP delegated subnet prefix");
274 if (r <= 0)
275 return r;
276
277 r = dhcp_pd_check_ready(link);
278 if (r < 0)
279 link_enter_failed(link);
280
281 return 1;
282 }
283
284 static int dhcp_pd_request_route(Link *link, const struct in6_addr *prefix, usec_t lifetime_usec) {
285 _cleanup_(route_unrefp) Route *route = NULL;
286 Route *existing;
287 int r;
288
289 assert(link);
290 assert(link->manager);
291 assert(link->network);
292 assert(prefix);
293
294 if (link->network->dhcp_pd_assign)
295 return 0;
296
297 r = route_new(&route);
298 if (r < 0)
299 return r;
300
301 route->source = NETWORK_CONFIG_SOURCE_DHCP_PD;
302 route->family = AF_INET6;
303 route->dst.in6 = *prefix;
304 route->dst_prefixlen = 64;
305 route->protocol = RTPROT_DHCP;
306 route->priority = link->network->dhcp_pd_route_metric;
307 route->lifetime_usec = lifetime_usec;
308
309 r = route_adjust_nexthops(route, link);
310 if (r < 0)
311 return r;
312
313 if (route_get(link->manager, route, &existing) < 0)
314 link->dhcp_pd_configured = false;
315 else
316 route_unmark(existing);
317
318 r = link_request_route(link, route, &link->dhcp_pd_messages, dhcp_pd_route_handler);
319 if (r < 0)
320 return log_link_error_errno(link, r, "Failed to request DHCP-PD prefix route: %m");
321
322 return 0;
323 }
324
325 static int dhcp_pd_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Address *address) {
326 int r;
327
328 assert(link);
329
330 r = address_configure_handler_internal(rtnl, m, link, "Could not set DHCP-PD address");
331 if (r <= 0)
332 return r;
333
334 r = dhcp_pd_check_ready(link);
335 if (r < 0)
336 link_enter_failed(link);
337
338 return 1;
339 }
340
341 static void log_dhcp_pd_address(Link *link, const Address *address) {
342 assert(address);
343 assert(address->family == AF_INET6);
344
345 int log_level = address_get_harder(link, address, NULL) >= 0 ? LOG_DEBUG : LOG_INFO;
346
347 if (log_level < log_get_max_level())
348 return;
349
350 log_link_full(link, log_level, "DHCP-PD address %s (valid %s, preferred %s)",
351 IN6_ADDR_PREFIX_TO_STRING(&address->in_addr.in6, address->prefixlen),
352 FORMAT_LIFETIME(address->lifetime_valid_usec),
353 FORMAT_LIFETIME(address->lifetime_preferred_usec));
354 }
355
356 static int dhcp_pd_request_address_one(Address *address, Link *link) {
357 Address *existing;
358
359 assert(address);
360 assert(link);
361
362 log_dhcp_pd_address(link, address);
363
364 if (address_get(link, address, &existing) < 0)
365 link->dhcp_pd_configured = false;
366 else
367 address_unmark(existing);
368
369 return link_request_address(link, address, &link->dhcp_pd_messages, dhcp_pd_address_handler, NULL);
370 }
371
372 int dhcp_pd_reconfigure_address(Address *address, Link *link) {
373 int r;
374
375 assert(address);
376 assert(address->source == NETWORK_CONFIG_SOURCE_DHCP_PD);
377 assert(link);
378
379 r = regenerate_address(address, link);
380 if (r <= 0)
381 return r;
382
383 r = dhcp_pd_request_address_one(address, link);
384 if (r < 0)
385 return r;
386
387 if (!link->dhcp_pd_configured)
388 link_set_state(link, LINK_STATE_CONFIGURING);
389
390 link_check_ready(link);
391 return 0;
392 }
393
394 static int dhcp_pd_request_address(
395 Link *link,
396 const struct in6_addr *prefix,
397 usec_t lifetime_preferred_usec,
398 usec_t lifetime_valid_usec) {
399
400 int r;
401
402 assert(link);
403 assert(link->network);
404 assert(prefix);
405
406 if (!link->network->dhcp_pd_assign)
407 return 0;
408
409 _cleanup_hashmap_free_ Hashmap *tokens_by_address = NULL;
410 r = dhcp_pd_generate_addresses(link, prefix, &tokens_by_address);
411 if (r < 0)
412 return log_link_warning_errno(link, r, "Failed to generate addresses for acquired DHCP delegated prefix: %m");
413
414 IPv6Token *token;
415 struct in6_addr *a;
416 HASHMAP_FOREACH_KEY(token, a, tokens_by_address) {
417 _cleanup_(address_unrefp) Address *address = NULL;
418
419 r = address_new(&address);
420 if (r < 0)
421 return log_link_error_errno(link, r, "Failed to allocate address for DHCP delegated prefix: %m");
422
423 address->source = NETWORK_CONFIG_SOURCE_DHCP_PD;
424 address->family = AF_INET6;
425 address->in_addr.in6 = *a;
426 address->prefixlen = 64;
427 address->lifetime_preferred_usec = lifetime_preferred_usec;
428 address->lifetime_valid_usec = lifetime_valid_usec;
429 SET_FLAG(address->flags, IFA_F_MANAGETEMPADDR, link->network->dhcp_pd_manage_temporary_address);
430 address->route_metric = link->network->dhcp_pd_route_metric;
431 address->token = ipv6_token_ref(token);
432
433 r = free_and_strdup_warn(&address->netlabel, link->network->dhcp_pd_netlabel);
434 if (r < 0)
435 return r;
436
437 r = dhcp_pd_request_address_one(address, link);
438 if (r < 0)
439 return log_link_error_errno(link, r, "Failed to request DHCP delegated prefix address: %m");
440 }
441
442 return 0;
443 }
444
445 static int dhcp_pd_calculate_subnet_prefix(
446 const struct in6_addr *pd_prefix,
447 uint8_t pd_prefix_len,
448 uint64_t subnet_id,
449 struct in6_addr *ret) {
450
451 struct in6_addr prefix;
452
453 assert(pd_prefix);
454 assert(pd_prefix_len <= 64);
455 assert(ret);
456
457 if (subnet_id >= UINT64_C(1) << (64 - pd_prefix_len))
458 return -ERANGE;
459
460 prefix = *pd_prefix;
461
462 if (pd_prefix_len < 32)
463 prefix.s6_addr32[0] |= htobe32(subnet_id >> 32);
464
465 prefix.s6_addr32[1] |= htobe32(subnet_id & 0xffffffff);
466
467 *ret = prefix;
468 return 0;
469 }
470
471 static int dhcp_pd_get_preferred_subnet_prefix(
472 Link *link,
473 const struct in6_addr *pd_prefix,
474 uint8_t pd_prefix_len,
475 struct in6_addr *ret) {
476
477 struct in6_addr prefix;
478 Link *assigned_link;
479 int r;
480
481 assert(link);
482 assert(link->manager);
483 assert(link->network);
484 assert(pd_prefix);
485
486 if (link->network->dhcp_pd_subnet_id >= 0) {
487 /* If the link has a preference for a particular subnet id try to allocate that */
488
489 r = dhcp_pd_calculate_subnet_prefix(pd_prefix, pd_prefix_len, link->network->dhcp_pd_subnet_id, &prefix);
490 if (r < 0)
491 return log_link_warning_errno(link, r,
492 "subnet id %" PRIi64 " is out of range. Only have %" PRIu64 " subnets.",
493 link->network->dhcp_pd_subnet_id, UINT64_C(1) << (64 - pd_prefix_len));
494
495 *ret = prefix;
496 return 0;
497 }
498
499 if (dhcp_pd_get_assigned_subnet_prefix(link, pd_prefix, pd_prefix_len, ret) >= 0)
500 return 0;
501
502 for (uint64_t n = 0; ; n++) {
503 /* If we do not have an allocation preference just iterate
504 * through the address space and return the first free prefix. */
505
506 r = dhcp_pd_calculate_subnet_prefix(pd_prefix, pd_prefix_len, n, &prefix);
507 if (r < 0)
508 return log_link_warning_errno(link, r,
509 "Couldn't find a suitable prefix. Ran out of address space.");
510
511 /* Do not use explicitly requested subnet IDs. Note that the corresponding link may not
512 * appear yet. So, we need to check the ID is not used in any .network files. */
513 if (set_contains(link->manager->dhcp_pd_subnet_ids, &n))
514 continue;
515
516 /* Check that the prefix is not assigned to another link. */
517 if (link_get_by_dhcp_pd_subnet_prefix(link->manager, &prefix, &assigned_link) < 0 ||
518 assigned_link == link)
519 break;
520 }
521
522 r = link_add_dhcp_pd_subnet_prefix(link, &prefix);
523 if (r < 0)
524 return log_link_warning_errno(link, r, "Failed to save acquired free subnet prefix: %m");
525
526 *ret = prefix;
527 return 0;
528 }
529
530 static int dhcp_pd_assign_subnet_prefix(
531 Link *link,
532 const struct in6_addr *pd_prefix,
533 uint8_t pd_prefix_len,
534 usec_t lifetime_preferred_usec,
535 usec_t lifetime_valid_usec,
536 bool is_uplink) {
537
538 struct in6_addr prefix;
539 int r;
540
541 assert(link);
542 assert(link->network);
543 assert(pd_prefix);
544
545 r = dhcp_pd_get_preferred_subnet_prefix(link, pd_prefix, pd_prefix_len, &prefix);
546 if (r < 0)
547 return r == -ERANGE ? 0 : r;
548
549 const char *pretty = IN6_ADDR_PREFIX_TO_STRING(&prefix, 64);
550
551 if (link_radv_enabled(link) && link->network->dhcp_pd_announce) {
552 if (is_uplink)
553 log_link_debug(link, "Ignoring Announce= setting on upstream interface.");
554 else {
555 r = radv_add_prefix(link, &prefix, 64, lifetime_preferred_usec, lifetime_valid_usec);
556 if (r < 0)
557 return log_link_warning_errno(link, r,
558 "Failed to assign/update prefix %s to IPv6 Router Advertisement: %m",
559 pretty);
560 }
561 }
562
563 r = dhcp_pd_request_route(link, &prefix, lifetime_valid_usec);
564 if (r < 0)
565 return log_link_warning_errno(link, r,
566 "Failed to assign/update route for prefix %s: %m", pretty);
567
568 r = dhcp_pd_request_address(link, &prefix, lifetime_preferred_usec, lifetime_valid_usec);
569 if (r < 0)
570 return log_link_warning_errno(link, r,
571 "Failed to assign/update address for prefix %s: %m", pretty);
572
573 log_link_debug(link, "Assigned prefix %s", pretty);
574 return 1;
575 }
576
577 static int dhcp_pd_prepare(Link *link) {
578 if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED))
579 return 0;
580
581 if (!link_dhcp_pd_is_enabled(link))
582 return 0;
583
584 if (link_radv_enabled(link) && link->network->dhcp_pd_announce && !link->radv)
585 return 0;
586
587 link_mark_addresses(link, NETWORK_CONFIG_SOURCE_DHCP_PD);
588 manager_mark_routes(link->manager, link, NETWORK_CONFIG_SOURCE_DHCP_PD);
589
590 return 1;
591 }
592
593 static int dhcp_pd_finalize(Link *link) {
594 int r;
595
596 if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED))
597 return 0;
598
599 if (link->dhcp_pd_messages == 0) {
600 link->dhcp_pd_configured = false;
601
602 r = dhcp_pd_remove(link, /* only_marked = */ true);
603 if (r < 0)
604 return r;
605 }
606
607 if (!link->dhcp_pd_configured)
608 link_set_state(link, LINK_STATE_CONFIGURING);
609
610 link_check_ready(link);
611 return 0;
612 }
613
614 void dhcp_pd_prefix_lost(Link *uplink) {
615 Route *route;
616 Link *link;
617 int r;
618
619 assert(uplink);
620 assert(uplink->manager);
621
622 HASHMAP_FOREACH(link, uplink->manager->links_by_index) {
623 if (!dhcp_pd_is_uplink(link, uplink, /* accept_auto = */ true))
624 continue;
625
626 r = dhcp_pd_remove(link, /* only_marked = */ false);
627 if (r < 0)
628 link_enter_failed(link);
629 }
630
631 SET_FOREACH(route, uplink->manager->routes) {
632 if (!IN_SET(route->source, NETWORK_CONFIG_SOURCE_DHCP4, NETWORK_CONFIG_SOURCE_DHCP6))
633 continue;
634 if (route->family != AF_INET6)
635 continue;
636 if (route->type != RTN_UNREACHABLE)
637 continue;
638 if (!set_contains(uplink->dhcp_pd_prefixes,
639 &(struct in_addr_prefix) {
640 .family = AF_INET6,
641 .prefixlen = route->dst_prefixlen,
642 .address = route->dst }))
643 continue;
644
645 (void) route_remove_and_cancel(route, uplink->manager);
646 }
647
648 set_clear(uplink->dhcp_pd_prefixes);
649 }
650
651 void dhcp4_pd_prefix_lost(Link *uplink) {
652 Link *tunnel;
653
654 dhcp_pd_prefix_lost(uplink);
655
656 if (uplink->dhcp4_6rd_tunnel_name &&
657 link_get_by_name(uplink->manager, uplink->dhcp4_6rd_tunnel_name, &tunnel) >= 0)
658 (void) link_remove(tunnel);
659 }
660
661 static int dhcp4_unreachable_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Route *route) {
662 int r;
663
664 assert(link);
665
666 r = route_configure_handler_internal(rtnl, m, link, route, "Failed to set unreachable route for DHCPv4 delegated prefix");
667 if (r <= 0)
668 return r;
669
670 r = dhcp4_check_ready(link);
671 if (r < 0)
672 link_enter_failed(link);
673
674 return 1;
675 }
676
677 static int dhcp6_unreachable_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Route *route) {
678 int r;
679
680 assert(link);
681
682 r = route_configure_handler_internal(rtnl, m, link, route, "Failed to set unreachable route for DHCPv6 delegated prefix");
683 if (r <= 0)
684 return r;
685
686 r = dhcp6_check_ready(link);
687 if (r < 0)
688 link_enter_failed(link);
689
690 return 1;
691 }
692
693 static int dhcp_request_unreachable_route(
694 Link *link,
695 const struct in6_addr *addr,
696 uint8_t prefixlen,
697 usec_t lifetime_usec,
698 NetworkConfigSource source,
699 const union in_addr_union *server_address,
700 unsigned *counter,
701 route_netlink_handler_t callback,
702 bool *configured) {
703
704 _cleanup_(route_unrefp) Route *route = NULL;
705 Route *existing;
706 int r;
707
708 assert(link);
709 assert(link->manager);
710 assert(addr);
711 assert(IN_SET(source, NETWORK_CONFIG_SOURCE_DHCP4, NETWORK_CONFIG_SOURCE_DHCP6));
712 assert(server_address);
713 assert(counter);
714 assert(callback);
715 assert(configured);
716
717 if (prefixlen >= 64) {
718 log_link_debug(link, "Not adding a blocking route for DHCP delegated prefix %s since the prefix has length >= 64.",
719 IN6_ADDR_PREFIX_TO_STRING(addr, prefixlen));
720 return 0;
721 }
722
723 r = route_new(&route);
724 if (r < 0)
725 return log_oom();
726
727 route->source = source;
728 route->provider = *server_address;
729 route->family = AF_INET6;
730 route->dst.in6 = *addr;
731 route->dst_prefixlen = prefixlen;
732 route->type = RTN_UNREACHABLE;
733 route->protocol = RTPROT_DHCP;
734 route->priority = IP6_RT_PRIO_USER;
735 route->lifetime_usec = lifetime_usec;
736
737 r = route_adjust_nexthops(route, link);
738 if (r < 0)
739 return r;
740
741 if (route_get(link->manager, route, &existing) < 0)
742 *configured = false;
743 else
744 route_unmark(existing);
745
746 r = link_request_route(link, route, counter, callback);
747 if (r < 0)
748 return log_link_error_errno(link, r, "Failed to request unreachable route for DHCP delegated prefix %s: %m",
749 IN6_ADDR_PREFIX_TO_STRING(addr, prefixlen));
750
751 return 0;
752 }
753
754 static int dhcp4_request_unreachable_route(
755 Link *link,
756 const struct in6_addr *addr,
757 uint8_t prefixlen,
758 usec_t lifetime_usec,
759 const union in_addr_union *server_address) {
760
761 return dhcp_request_unreachable_route(link, addr, prefixlen, lifetime_usec,
762 NETWORK_CONFIG_SOURCE_DHCP4, server_address,
763 &link->dhcp4_messages, dhcp4_unreachable_route_handler,
764 &link->dhcp4_configured);
765 }
766
767 static int dhcp6_request_unreachable_route(
768 Link *link,
769 const struct in6_addr *addr,
770 uint8_t prefixlen,
771 usec_t lifetime_usec,
772 const union in_addr_union *server_address) {
773
774 return dhcp_request_unreachable_route(link, addr, prefixlen, lifetime_usec,
775 NETWORK_CONFIG_SOURCE_DHCP6, server_address,
776 &link->dhcp6_messages, dhcp6_unreachable_route_handler,
777 &link->dhcp6_configured);
778 }
779
780 static int dhcp_pd_prefix_add(Link *link, const struct in6_addr *prefix, uint8_t prefixlen) {
781 struct in_addr_prefix *p;
782 int r;
783
784 assert(link);
785 assert(prefix);
786
787 p = new(struct in_addr_prefix, 1);
788 if (!p)
789 return log_oom();
790
791 *p = (struct in_addr_prefix) {
792 .family = AF_INET6,
793 .prefixlen = prefixlen,
794 .address.in6 = *prefix,
795 };
796
797 int log_level = set_contains(link->dhcp_pd_prefixes, p) ? LOG_DEBUG :
798 prefixlen > 64 || prefixlen < 48 ? LOG_WARNING : LOG_INFO;
799 log_link_full(link,
800 log_level,
801 "DHCP: received delegated prefix %s%s",
802 IN6_ADDR_PREFIX_TO_STRING(prefix, prefixlen),
803 prefixlen > 64 ? " with prefix length > 64, ignoring." :
804 prefixlen < 48 ? " with prefix length < 48, looks unusual.": "");
805
806 /* Store PD prefix even if prefixlen > 64, not to make logged at warning level so frequently. */
807 r = set_ensure_consume(&link->dhcp_pd_prefixes, &in_addr_prefix_hash_ops_free, p);
808 if (r < 0)
809 return log_link_error_errno(link, r, "Failed to store DHCP delegated prefix %s: %m",
810 IN6_ADDR_PREFIX_TO_STRING(prefix, prefixlen));
811 return 0;
812 }
813
814 static int dhcp4_pd_request_default_gateway_on_6rd_tunnel(Link *link, const struct in_addr *br_address, usec_t lifetime_usec) {
815 _cleanup_(route_unrefp) Route *route = NULL;
816 Route *existing;
817 int r;
818
819 assert(link);
820 assert(link->manager);
821 assert(br_address);
822
823 r = route_new(&route);
824 if (r < 0)
825 return log_link_debug_errno(link, r, "Failed to allocate default gateway for DHCP delegated prefix: %m");
826
827 route->source = NETWORK_CONFIG_SOURCE_DHCP_PD;
828 route->family = AF_INET6;
829 route->nexthop.family = AF_INET6;
830 route->nexthop.gw.in6.s6_addr32[3] = br_address->s_addr;
831 route->scope = RT_SCOPE_UNIVERSE;
832 route->protocol = RTPROT_DHCP;
833 route->priority = IP6_RT_PRIO_USER;
834 route->lifetime_usec = lifetime_usec;
835
836 r = route_adjust_nexthops(route, link);
837 if (r < 0)
838 return r;
839
840 if (route_get(link->manager, route, &existing) < 0) /* This is a new route. */
841 link->dhcp_pd_configured = false;
842 else
843 route_unmark(existing);
844
845 r = link_request_route(link, route, &link->dhcp_pd_messages, dhcp_pd_route_handler);
846 if (r < 0)
847 return log_link_debug_errno(link, r, "Failed to request default gateway for DHCP delegated prefix: %m");
848
849 return 0;
850 }
851
852 static void dhcp4_calculate_pd_prefix(
853 const struct in_addr *ipv4address,
854 uint8_t ipv4masklen,
855 const struct in6_addr *sixrd_prefix,
856 uint8_t sixrd_prefixlen,
857 struct in6_addr *ret_pd_prefix,
858 uint8_t *ret_pd_prefixlen) {
859
860 struct in6_addr pd_prefix;
861
862 assert(ipv4address);
863 assert(ipv4masklen <= 32);
864 assert(sixrd_prefix);
865 assert(32 - ipv4masklen + sixrd_prefixlen <= 128);
866 assert(ret_pd_prefix);
867
868 pd_prefix = *sixrd_prefix;
869 for (unsigned i = 0; i < (unsigned) (32 - ipv4masklen); i++)
870 if (ipv4address->s_addr & htobe32(UINT32_C(1) << (32 - ipv4masklen - i - 1)))
871 pd_prefix.s6_addr[(i + sixrd_prefixlen) / 8] |= 1 << (7 - (i + sixrd_prefixlen) % 8);
872
873 *ret_pd_prefix = pd_prefix;
874 if (ret_pd_prefixlen)
875 *ret_pd_prefixlen = 32 - ipv4masklen + sixrd_prefixlen;
876 }
877
878 static int dhcp4_pd_assign_subnet_prefix(Link *link, Link *uplink) {
879 uint8_t ipv4masklen, sixrd_prefixlen, pd_prefixlen;
880 struct in6_addr sixrd_prefix, pd_prefix;
881 const struct in_addr *br_addresses;
882 struct in_addr ipv4address;
883 usec_t lifetime_usec;
884 int r;
885
886 assert(link);
887 assert(uplink);
888 assert(uplink->manager);
889 assert(uplink->dhcp_lease);
890
891 r = sd_dhcp_lease_get_address(uplink->dhcp_lease, &ipv4address);
892 if (r < 0)
893 return log_link_warning_errno(uplink, r, "Failed to get DHCPv4 address: %m");
894
895 r = sd_dhcp_lease_get_lifetime_timestamp(uplink->dhcp_lease, CLOCK_BOOTTIME, &lifetime_usec);
896 if (r < 0)
897 return log_link_warning_errno(uplink, r, "Failed to get lifetime of DHCPv4 lease: %m");
898
899 r = sd_dhcp_lease_get_6rd(uplink->dhcp_lease, &ipv4masklen, &sixrd_prefixlen, &sixrd_prefix, &br_addresses, NULL);
900 if (r < 0)
901 return log_link_warning_errno(uplink, r, "Failed to get DHCPv4 6rd option: %m");
902
903 dhcp4_calculate_pd_prefix(&ipv4address, ipv4masklen, &sixrd_prefix, sixrd_prefixlen, &pd_prefix, &pd_prefixlen);
904
905 if (pd_prefixlen > 64)
906 return 0;
907
908 r = dhcp_pd_prepare(link);
909 if (r <= 0)
910 return r;
911
912 if (streq_ptr(uplink->dhcp4_6rd_tunnel_name, link->ifname)) {
913 r = dhcp4_pd_request_default_gateway_on_6rd_tunnel(link, &br_addresses[0], lifetime_usec);
914 if (r < 0)
915 return r;
916 }
917
918 r = dhcp_pd_assign_subnet_prefix(link, &pd_prefix, pd_prefixlen, lifetime_usec, lifetime_usec, /* is_uplink = */ false);
919 if (r < 0)
920 return r;
921
922 return dhcp_pd_finalize(link);
923 }
924
925 static int dhcp4_pd_6rd_tunnel_create_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
926 int r;
927
928 assert(m);
929 assert(link);
930 assert(link->manager);
931 assert(link->dhcp4_6rd_tunnel_name);
932
933 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
934 return 0;
935
936 r = sd_netlink_message_get_errno(m);
937 if (r < 0) {
938 log_link_message_warning_errno(link, m, r, "Failed to create tunnel device for DHCPv4 6rd");
939 link_enter_failed(link);
940 return 0;
941 }
942
943 return 0;
944 }
945
946 int dhcp4_pd_prefix_acquired(Link *uplink) {
947 _cleanup_free_ char *tunnel_name = NULL;
948 uint8_t ipv4masklen, sixrd_prefixlen, pd_prefixlen;
949 struct in6_addr sixrd_prefix, pd_prefix;
950 struct in_addr ipv4address;
951 union in_addr_union server_address;
952 const struct in_addr *br_addresses;
953 usec_t lifetime_usec;
954 Link *link;
955 int r;
956
957 assert(uplink);
958 assert(uplink->manager);
959 assert(uplink->dhcp_lease);
960
961 r = sd_dhcp_lease_get_address(uplink->dhcp_lease, &ipv4address);
962 if (r < 0)
963 return log_link_warning_errno(uplink, r, "Failed to get DHCPv4 address: %m");
964
965 r = sd_dhcp_lease_get_lifetime_timestamp(uplink->dhcp_lease, CLOCK_BOOTTIME, &lifetime_usec);
966 if (r < 0)
967 return log_link_warning_errno(uplink, r, "Failed to get lifetime of DHCPv4 lease: %m");
968
969 r = sd_dhcp_lease_get_server_identifier(uplink->dhcp_lease, &server_address.in);
970 if (r < 0)
971 return log_link_warning_errno(uplink, r, "Failed to get server address of DHCPv4 lease: %m");
972
973 r = sd_dhcp_lease_get_6rd(uplink->dhcp_lease, &ipv4masklen, &sixrd_prefixlen, &sixrd_prefix, &br_addresses, NULL);
974 if (r < 0)
975 return log_link_warning_errno(uplink, r, "Failed to get DHCPv4 6rd option: %m");
976
977 if (DEBUG_LOGGING)
978 log_link_debug(uplink, "DHCPv4: 6rd option is acquired: IPv4_masklen=%u, 6rd_prefix=%s, br_address="IPV4_ADDRESS_FMT_STR,
979 ipv4masklen,
980 IN6_ADDR_PREFIX_TO_STRING(&sixrd_prefix, sixrd_prefixlen),
981 IPV4_ADDRESS_FMT_VAL(*br_addresses));
982
983 /* Calculate PD prefix */
984 dhcp4_calculate_pd_prefix(&ipv4address, ipv4masklen, &sixrd_prefix, sixrd_prefixlen, &pd_prefix, &pd_prefixlen);
985
986 /* Register and log PD prefix */
987 r = dhcp_pd_prefix_add(uplink, &pd_prefix, pd_prefixlen);
988 if (r < 0)
989 return r;
990
991 /* Request unreachable route */
992 r = dhcp4_request_unreachable_route(uplink, &pd_prefix, pd_prefixlen, lifetime_usec, &server_address);
993 if (r < 0)
994 return r;
995
996 /* Generate 6rd SIT tunnel device name. */
997 r = dhcp4_pd_create_6rd_tunnel_name(uplink, &tunnel_name);
998 if (r < 0)
999 return r;
1000
1001 /* Remove old tunnel device if exists. */
1002 if (!streq_ptr(uplink->dhcp4_6rd_tunnel_name, tunnel_name)) {
1003 Link *old_tunnel;
1004
1005 if (uplink->dhcp4_6rd_tunnel_name &&
1006 link_get_by_name(uplink->manager, uplink->dhcp4_6rd_tunnel_name, &old_tunnel) >= 0)
1007 (void) link_remove(old_tunnel);
1008
1009 free_and_replace(uplink->dhcp4_6rd_tunnel_name, tunnel_name);
1010 }
1011
1012 /* Create 6rd SIT tunnel device if it does not exist yet. */
1013 if (link_get_by_name(uplink->manager, uplink->dhcp4_6rd_tunnel_name, NULL) < 0) {
1014 r = dhcp4_pd_create_6rd_tunnel(uplink, dhcp4_pd_6rd_tunnel_create_handler);
1015 if (r < 0)
1016 return r;
1017 }
1018
1019 /* Then, assign subnet prefixes to downstream interfaces. */
1020 HASHMAP_FOREACH(link, uplink->manager->links_by_index) {
1021 if (!dhcp_pd_is_uplink(link, uplink, /* accept_auto = */ true))
1022 continue;
1023
1024 r = dhcp4_pd_assign_subnet_prefix(link, uplink);
1025 if (r < 0) {
1026 /* When failed on the upstream interface (i.e., the case link == uplink),
1027 * immediately abort the assignment of the prefixes. As, the all assigned
1028 * prefixes will be dropped soon in link_enter_failed(), and it is meaningless
1029 * to continue the assignment. */
1030 if (link == uplink)
1031 return r;
1032
1033 link_enter_failed(link);
1034 }
1035 }
1036
1037 return 0;
1038 }
1039
1040 static int dhcp6_pd_assign_subnet_prefixes(Link *link, Link *uplink) {
1041 int r;
1042
1043 assert(link);
1044 assert(uplink);
1045 assert(uplink->dhcp6_lease);
1046
1047 r = dhcp_pd_prepare(link);
1048 if (r <= 0)
1049 return r;
1050
1051 FOREACH_DHCP6_PD_PREFIX(uplink->dhcp6_lease) {
1052 usec_t lifetime_preferred_usec, lifetime_valid_usec;
1053 struct in6_addr pd_prefix;
1054 uint8_t pd_prefix_len;
1055
1056 r = sd_dhcp6_lease_get_pd_prefix(uplink->dhcp6_lease, &pd_prefix, &pd_prefix_len);
1057 if (r < 0)
1058 return r;
1059
1060 if (pd_prefix_len > 64)
1061 continue;
1062
1063 /* Mask prefix for safety. */
1064 r = in6_addr_mask(&pd_prefix, pd_prefix_len);
1065 if (r < 0)
1066 return r;
1067
1068 r = sd_dhcp6_lease_get_pd_lifetime_timestamp(uplink->dhcp6_lease, CLOCK_BOOTTIME,
1069 &lifetime_preferred_usec, &lifetime_valid_usec);
1070 if (r < 0)
1071 return r;
1072
1073 r = dhcp_pd_assign_subnet_prefix(link, &pd_prefix, pd_prefix_len,
1074 lifetime_preferred_usec, lifetime_valid_usec,
1075 /* is_uplink = */ link == uplink);
1076 if (r < 0)
1077 return r;
1078 }
1079
1080 return dhcp_pd_finalize(link);
1081 }
1082
1083 int dhcp6_pd_prefix_acquired(Link *uplink) {
1084 union in_addr_union server_address;
1085 Link *link;
1086 int r;
1087
1088 assert(uplink);
1089 assert(uplink->dhcp6_lease);
1090
1091 r = sd_dhcp6_lease_get_server_address(uplink->dhcp6_lease, &server_address.in6);
1092 if (r < 0)
1093 return log_link_warning_errno(uplink, r, "Failed to get server address of DHCPv6 lease: %m");
1094
1095 /* First, logs acquired prefixes and request unreachable routes. */
1096 FOREACH_DHCP6_PD_PREFIX(uplink->dhcp6_lease) {
1097 usec_t lifetime_valid_usec;
1098 struct in6_addr pd_prefix;
1099 uint8_t pd_prefix_len;
1100
1101 r = sd_dhcp6_lease_get_pd_prefix(uplink->dhcp6_lease, &pd_prefix, &pd_prefix_len);
1102 if (r < 0)
1103 return r;
1104
1105 /* Mask prefix for safety. */
1106 r = in6_addr_mask(&pd_prefix, pd_prefix_len);
1107 if (r < 0)
1108 return log_link_error_errno(uplink, r, "Failed to mask DHCPv6 delegated prefix: %m");
1109
1110 r = dhcp_pd_prefix_add(uplink, &pd_prefix, pd_prefix_len);
1111 if (r < 0)
1112 return r;
1113
1114 r = sd_dhcp6_lease_get_pd_lifetime_timestamp(uplink->dhcp6_lease, CLOCK_BOOTTIME,
1115 NULL, &lifetime_valid_usec);
1116 if (r < 0)
1117 return r;
1118
1119 r = dhcp6_request_unreachable_route(uplink, &pd_prefix, pd_prefix_len,
1120 lifetime_valid_usec, &server_address);
1121 if (r < 0)
1122 return r;
1123 }
1124
1125 /* Then, assign subnet prefixes. */
1126 HASHMAP_FOREACH(link, uplink->manager->links_by_index) {
1127 if (!dhcp_pd_is_uplink(link, uplink, /* accept_auto = */ true))
1128 continue;
1129
1130 r = dhcp6_pd_assign_subnet_prefixes(link, uplink);
1131 if (r < 0) {
1132 /* When failed on the upstream interface (i.e., the case link == uplink),
1133 * immediately abort the assignment of the prefixes. As, the all assigned
1134 * prefixes will be dropped soon in link_enter_failed(), and it is meaningless
1135 * to continue the assignment. */
1136 if (link == uplink)
1137 return r;
1138
1139 link_enter_failed(link);
1140 }
1141 }
1142
1143 return 0;
1144 }
1145
1146 static bool dhcp4_pd_uplink_is_ready(Link *link) {
1147 assert(link);
1148
1149 if (!link->network)
1150 return false;
1151
1152 if (!link->network->dhcp_use_6rd)
1153 return false;
1154
1155 if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED))
1156 return false;
1157
1158 if (!link->dhcp_client)
1159 return false;
1160
1161 if (sd_dhcp_client_is_running(link->dhcp_client) <= 0)
1162 return false;
1163
1164 return sd_dhcp_lease_has_6rd(link->dhcp_lease);
1165 }
1166
1167 static bool dhcp6_pd_uplink_is_ready(Link *link) {
1168 assert(link);
1169
1170 if (!link->network)
1171 return false;
1172
1173 if (!link->network->dhcp6_use_pd_prefix)
1174 return false;
1175
1176 if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED))
1177 return false;
1178
1179 if (!link->dhcp6_client)
1180 return false;
1181
1182 if (sd_dhcp6_client_is_running(link->dhcp6_client) <= 0)
1183 return false;
1184
1185 return sd_dhcp6_lease_has_pd_prefix(link->dhcp6_lease);
1186 }
1187
1188 int dhcp_pd_find_uplink(Link *link, Link **ret) {
1189 Link *uplink = NULL;
1190 int r = 0;
1191
1192 assert(link);
1193 assert(link->manager);
1194 assert(link_dhcp_pd_is_enabled(link));
1195 assert(ret);
1196
1197 if (link->network->dhcp_pd_uplink_name)
1198 r = link_get_by_name(link->manager, link->network->dhcp_pd_uplink_name, &uplink);
1199 else if (link->network->dhcp_pd_uplink_index > 0)
1200 r = link_get_by_index(link->manager, link->network->dhcp_pd_uplink_index, &uplink);
1201 else if (link->network->dhcp_pd_uplink_index == UPLINK_INDEX_SELF)
1202 uplink = link;
1203 if (r < 0)
1204 return r;
1205
1206 if (uplink) {
1207 if (dhcp4_pd_uplink_is_ready(uplink)) {
1208 *ret = uplink;
1209 return AF_INET;
1210 }
1211
1212 if (dhcp6_pd_uplink_is_ready(uplink)) {
1213 *ret = uplink;
1214 return AF_INET6;
1215 }
1216
1217 return -EBUSY;
1218 }
1219
1220 HASHMAP_FOREACH(uplink, link->manager->links_by_index) {
1221 /* Assume that there exists at most one link which acquired delegated prefixes. */
1222 if (dhcp4_pd_uplink_is_ready(uplink)) {
1223 *ret = uplink;
1224 return AF_INET;
1225 }
1226
1227 if (dhcp6_pd_uplink_is_ready(uplink)) {
1228 *ret = uplink;
1229 return AF_INET6;
1230 }
1231 }
1232
1233 return -ENODEV;
1234 }
1235
1236 int dhcp_request_prefix_delegation(Link *link) {
1237 Link *uplink;
1238 int r;
1239
1240 assert(link);
1241
1242 if (!link_dhcp_pd_is_enabled(link))
1243 return 0;
1244
1245 r = dhcp_pd_find_uplink(link, &uplink);
1246 if (r < 0)
1247 return 0;
1248
1249 log_link_debug(link, "Requesting subnets of delegated prefixes acquired by DHCPv%c client on %s",
1250 r == AF_INET ? '4' : '6', uplink->ifname);
1251
1252 return r == AF_INET ?
1253 dhcp4_pd_assign_subnet_prefix(link, uplink) :
1254 dhcp6_pd_assign_subnet_prefixes(link, uplink);
1255 }
1256
1257 int config_parse_dhcp_pd_subnet_id(
1258 const char *unit,
1259 const char *filename,
1260 unsigned line,
1261 const char *section,
1262 unsigned section_line,
1263 const char *lvalue,
1264 int ltype,
1265 const char *rvalue,
1266 void *data,
1267 void *userdata) {
1268
1269 int64_t *p = ASSERT_PTR(data);
1270 uint64_t t;
1271 int r;
1272
1273 assert(filename);
1274 assert(lvalue);
1275 assert(rvalue);
1276
1277 if (isempty(rvalue) || streq(rvalue, "auto")) {
1278 *p = -1;
1279 return 0;
1280 }
1281
1282 r = safe_atoux64(rvalue, &t);
1283 if (r < 0) {
1284 log_syntax(unit, LOG_WARNING, filename, line, r,
1285 "Failed to parse %s=, ignoring assignment: %s",
1286 lvalue, rvalue);
1287 return 0;
1288 }
1289 if (t > INT64_MAX) {
1290 log_syntax(unit, LOG_WARNING, filename, line, 0,
1291 "Invalid subnet id '%s', ignoring assignment.",
1292 rvalue);
1293 return 0;
1294 }
1295
1296 *p = (int64_t) t;
1297
1298 return 0;
1299 }
Unnamed repository; edit this file 'description' to name the repository.