1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 Copyright © 2014 Intel Corporation. All rights reserved.
7 #include <netinet/icmp6.h>
9 #include <linux/if_arp.h>
13 #include "missing_network.h"
14 #include "networkd-address-generation.h"
15 #include "networkd-address.h"
16 #include "networkd-dhcp6.h"
17 #include "networkd-manager.h"
18 #include "networkd-ndisc.h"
19 #include "networkd-queue.h"
20 #include "networkd-route.h"
21 #include "networkd-state-file.h"
22 #include "string-table.h"
23 #include "string-util.h"
26 #define NDISC_DNSSL_MAX 64U
27 #define NDISC_RDNSS_MAX 64U
29 bool link_ipv6_accept_ra_enabled(Link
*link
) {
32 if (!socket_ipv6_is_supported())
35 if (link
->flags
& IFF_LOOPBACK
)
38 if (link
->iftype
== ARPHRD_CAN
)
44 if (!link_may_have_ipv6ll(link
))
47 assert(link
->network
->ipv6_accept_ra
>= 0);
48 return link
->network
->ipv6_accept_ra
;
51 void network_adjust_ipv6_accept_ra(Network
*network
) {
54 if (!FLAGS_SET(network
->link_local
, ADDRESS_FAMILY_IPV6
)) {
55 if (network
->ipv6_accept_ra
> 0)
56 log_warning("%s: IPv6AcceptRA= is enabled but IPv6 link-local addressing is disabled or not supported. "
57 "Disabling IPv6AcceptRA=.", network
->filename
);
58 network
->ipv6_accept_ra
= false;
61 if (network
->ipv6_accept_ra
< 0)
62 /* default to accept RA if ip_forward is disabled and ignore RA if ip_forward is enabled */
63 network
->ipv6_accept_ra
= !FLAGS_SET(network
->ip_forward
, ADDRESS_FAMILY_IPV6
);
65 /* When RouterAllowList=, PrefixAllowList= or RouteAllowList= are specified, then
66 * RouterDenyList=, PrefixDenyList= or RouteDenyList= are ignored, respectively. */
67 if (!set_isempty(network
->ndisc_allow_listed_router
))
68 network
->ndisc_deny_listed_router
= set_free_free(network
->ndisc_deny_listed_router
);
69 if (!set_isempty(network
->ndisc_allow_listed_prefix
))
70 network
->ndisc_deny_listed_prefix
= set_free_free(network
->ndisc_deny_listed_prefix
);
71 if (!set_isempty(network
->ndisc_allow_listed_route_prefix
))
72 network
->ndisc_deny_listed_route_prefix
= set_free_free(network
->ndisc_deny_listed_route_prefix
);
75 static int ndisc_remove(Link
*link
, struct in6_addr
*router
) {
85 SET_FOREACH(route
, link
->routes
) {
86 if (route
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
88 if (!route_is_marked(route
))
90 if (router
&& !in6_addr_equal(router
, &route
->provider
.in6
))
93 k
= route_remove(route
);
97 route_cancel_request(route
, link
);
100 SET_FOREACH(address
, link
->addresses
) {
101 if (address
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
103 if (!address_is_marked(address
))
105 if (router
&& !in6_addr_equal(router
, &address
->provider
.in6
))
108 k
= address_remove(address
);
112 address_cancel_request(address
);
115 SET_FOREACH(rdnss
, link
->ndisc_rdnss
) {
118 if (router
&& !in6_addr_equal(router
, &rdnss
->router
))
121 free(set_remove(link
->ndisc_rdnss
, rdnss
));
125 SET_FOREACH(dnssl
, link
->ndisc_dnssl
) {
128 if (router
&& !in6_addr_equal(router
, &dnssl
->router
))
131 free(set_remove(link
->ndisc_dnssl
, dnssl
));
141 static int ndisc_check_ready(Link
*link
);
143 static int ndisc_address_ready_callback(Address
*address
) {
147 assert(address
->link
);
149 SET_FOREACH(a
, address
->link
->addresses
)
150 if (a
->source
== NETWORK_CONFIG_SOURCE_NDISC
)
153 return ndisc_check_ready(address
->link
);
156 static int ndisc_check_ready(Link
*link
) {
157 bool found
= false, ready
= false;
163 if (link
->ndisc_messages
> 0) {
164 log_link_debug(link
, "%s(): SLAAC addresses and routes are not set.", __func__
);
168 SET_FOREACH(address
, link
->addresses
) {
169 if (address
->source
!= NETWORK_CONFIG_SOURCE_NDISC
)
174 if (address_is_ready(address
)) {
180 if (found
&& !ready
) {
181 SET_FOREACH(address
, link
->addresses
)
182 if (address
->source
== NETWORK_CONFIG_SOURCE_NDISC
)
183 address
->callback
= ndisc_address_ready_callback
;
185 log_link_debug(link
, "%s(): no SLAAC address is ready.", __func__
);
189 link
->ndisc_configured
= true;
190 log_link_debug(link
, "SLAAC addresses and routes set.");
192 r
= ndisc_remove(link
, NULL
);
196 link_check_ready(link
);
200 static int ndisc_route_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Request
*req
, Link
*link
, Route
*route
) {
205 r
= route_configure_handler_internal(rtnl
, m
, link
, "Could not set NDisc route");
209 r
= ndisc_check_ready(link
);
211 link_enter_failed(link
);
216 static int ndisc_request_route(Route
*in
, Link
*link
, sd_ndisc_router
*rt
) {
217 _cleanup_(route_freep
) Route
*route
= in
;
218 struct in6_addr router
;
226 r
= sd_ndisc_router_get_address(rt
, &router
);
230 route
->source
= NETWORK_CONFIG_SOURCE_NDISC
;
231 route
->provider
.in6
= router
;
232 if (!route
->table_set
)
233 route
->table
= link_get_ipv6_accept_ra_route_table(link
);
234 if (!route
->priority_set
)
235 route
->priority
= link
->network
->ipv6_accept_ra_route_metric
;
236 if (!route
->protocol_set
)
237 route
->protocol
= RTPROT_RA
;
239 if (route_get(NULL
, link
, route
, &existing
) < 0)
240 link
->ndisc_configured
= false;
242 route_unmark(existing
);
244 return link_request_route(link
, TAKE_PTR(route
), true, &link
->ndisc_messages
,
245 ndisc_route_handler
, NULL
);
248 static int ndisc_address_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Request
*req
, Link
*link
, Address
*address
) {
253 r
= address_configure_handler_internal(rtnl
, m
, link
, "Could not set NDisc address");
257 r
= ndisc_check_ready(link
);
259 link_enter_failed(link
);
264 static int ndisc_request_address(Address
*in
, Link
*link
, sd_ndisc_router
*rt
) {
265 _cleanup_(address_freep
) Address
*address
= in
;
266 struct in6_addr router
;
274 r
= sd_ndisc_router_get_address(rt
, &router
);
278 address
->source
= NETWORK_CONFIG_SOURCE_NDISC
;
279 address
->provider
.in6
= router
;
281 if (address_get(link
, address
, &existing
) < 0)
282 link
->ndisc_configured
= false;
284 address_unmark(existing
);
286 return link_request_address(link
, TAKE_PTR(address
), true, &link
->ndisc_messages
,
287 ndisc_address_handler
, NULL
);
290 static int ndisc_router_process_default(Link
*link
, sd_ndisc_router
*rt
) {
291 usec_t lifetime_usec
, timestamp_usec
;
292 struct in6_addr gateway
;
293 uint16_t lifetime_sec
;
299 assert(link
->network
);
302 if (!link
->network
->ipv6_accept_ra_use_gateway
&&
303 hashmap_isempty(link
->network
->routes_by_section
))
306 r
= sd_ndisc_router_get_lifetime(rt
, &lifetime_sec
);
308 return log_link_error_errno(link
, r
, "Failed to get gateway lifetime from RA: %m");
310 if (lifetime_sec
== 0) /* not a default router */
313 r
= sd_ndisc_router_get_timestamp(rt
, CLOCK_BOOTTIME
, ×tamp_usec
);
315 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
317 lifetime_usec
= sec16_to_usec(lifetime_sec
, timestamp_usec
);
319 r
= sd_ndisc_router_get_address(rt
, &gateway
);
321 return log_link_error_errno(link
, r
, "Failed to get gateway address from RA: %m");
323 if (link_get_ipv6_address(link
, &gateway
, 0, NULL
) >= 0) {
325 log_link_debug(link
, "No NDisc route added, gateway %s matches local address",
326 IN6_ADDR_TO_STRING(&gateway
));
330 r
= sd_ndisc_router_get_preference(rt
, &preference
);
332 return log_link_error_errno(link
, r
, "Failed to get default router preference from RA: %m");
334 if (link
->network
->ipv6_accept_ra_use_mtu
) {
335 r
= sd_ndisc_router_get_mtu(rt
, &mtu
);
336 if (r
< 0 && r
!= -ENODATA
)
337 return log_link_error_errno(link
, r
, "Failed to get default router MTU from RA: %m");
340 if (link
->network
->ipv6_accept_ra_use_gateway
) {
341 _cleanup_(route_freep
) Route
*route
= NULL
;
343 r
= route_new(&route
);
347 route
->family
= AF_INET6
;
348 route
->pref
= preference
;
349 route
->gw_family
= AF_INET6
;
350 route
->gw
.in6
= gateway
;
351 route
->lifetime_usec
= lifetime_usec
;
354 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
356 return log_link_error_errno(link
, r
, "Could not request default route: %m");
360 HASHMAP_FOREACH(route_gw
, link
->network
->routes_by_section
) {
361 _cleanup_(route_freep
) Route
*route
= NULL
;
363 if (!route_gw
->gateway_from_dhcp_or_ra
)
366 if (route_gw
->gw_family
!= AF_INET6
)
369 r
= route_dup(route_gw
, &route
);
373 route
->gw
.in6
= gateway
;
374 if (!route
->pref_set
)
375 route
->pref
= preference
;
376 route
->lifetime_usec
= lifetime_usec
;
380 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
382 return log_link_error_errno(link
, r
, "Could not request gateway: %m");
388 static int ndisc_router_process_autonomous_prefix(Link
*link
, sd_ndisc_router
*rt
) {
389 uint32_t lifetime_valid_sec
, lifetime_preferred_sec
;
390 usec_t lifetime_valid_usec
, lifetime_preferred_usec
, timestamp_usec
;
391 _cleanup_set_free_ Set
*addresses
= NULL
;
392 struct in6_addr prefix
, *a
;
397 assert(link
->network
);
400 if (!link
->network
->ipv6_accept_ra_use_autonomous_prefix
)
403 r
= sd_ndisc_router_get_timestamp(rt
, CLOCK_BOOTTIME
, ×tamp_usec
);
405 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
407 r
= sd_ndisc_router_prefix_get_address(rt
, &prefix
);
409 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
411 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
413 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
415 /* ndisc_generate_addresses() below requires the prefix length <= 64. */
416 if (prefixlen
> 64) {
417 log_link_debug(link
, "Prefix is longer than 64, ignoring autonomous prefix %s.",
418 IN6_ADDR_PREFIX_TO_STRING(&prefix
, prefixlen
));
422 r
= sd_ndisc_router_prefix_get_valid_lifetime(rt
, &lifetime_valid_sec
);
424 return log_link_error_errno(link
, r
, "Failed to get prefix valid lifetime: %m");
426 if (lifetime_valid_sec
== 0) {
427 log_link_debug(link
, "Ignoring prefix as its valid lifetime is zero.");
431 r
= sd_ndisc_router_prefix_get_preferred_lifetime(rt
, &lifetime_preferred_sec
);
433 return log_link_error_errno(link
, r
, "Failed to get prefix preferred lifetime: %m");
435 /* The preferred lifetime is never greater than the valid lifetime */
436 if (lifetime_preferred_sec
> lifetime_valid_sec
)
439 lifetime_valid_usec
= sec_to_usec(lifetime_valid_sec
, timestamp_usec
);
440 lifetime_preferred_usec
= sec_to_usec(lifetime_preferred_sec
, timestamp_usec
);
442 r
= ndisc_generate_addresses(link
, &prefix
, prefixlen
, &addresses
);
444 return log_link_error_errno(link
, r
, "Failed to generate SLAAC addresses: %m");
446 SET_FOREACH(a
, addresses
) {
447 _cleanup_(address_freep
) Address
*address
= NULL
;
450 r
= address_new(&address
);
454 address
->family
= AF_INET6
;
455 address
->in_addr
.in6
= *a
;
456 address
->prefixlen
= prefixlen
;
457 address
->flags
= IFA_F_NOPREFIXROUTE
|IFA_F_MANAGETEMPADDR
;
458 address
->lifetime_valid_usec
= lifetime_valid_usec
;
459 address
->lifetime_preferred_usec
= lifetime_preferred_usec
;
461 /* See RFC4862, section 5.5.3.e. But the following logic is deviated from RFC4862 by
462 * honoring all valid lifetimes to improve the reaction of SLAAC to renumbering events.
463 * See draft-ietf-6man-slaac-renum-02, section 4.2. */
464 r
= address_get(link
, address
, &e
);
466 /* If the address is already assigned, but not valid anymore, then refuse to
467 * update the address, and it will be removed. */
468 if (e
->lifetime_valid_usec
< timestamp_usec
)
472 r
= ndisc_request_address(TAKE_PTR(address
), link
, rt
);
474 return log_link_error_errno(link
, r
, "Could not request SLAAC address: %m");
480 static int ndisc_router_process_onlink_prefix(Link
*link
, sd_ndisc_router
*rt
) {
481 _cleanup_(route_freep
) Route
*route
= NULL
;
482 usec_t timestamp_usec
;
483 uint32_t lifetime_sec
;
488 assert(link
->network
);
491 if (!link
->network
->ipv6_accept_ra_use_onlink_prefix
)
494 r
= sd_ndisc_router_prefix_get_valid_lifetime(rt
, &lifetime_sec
);
496 return log_link_error_errno(link
, r
, "Failed to get prefix lifetime: %m");
498 if (lifetime_sec
== 0)
501 r
= sd_ndisc_router_get_timestamp(rt
, CLOCK_BOOTTIME
, ×tamp_usec
);
503 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
505 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
507 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
509 r
= route_new(&route
);
513 route
->family
= AF_INET6
;
514 route
->flags
= RTM_F_PREFIX
;
515 route
->dst_prefixlen
= prefixlen
;
516 route
->lifetime_usec
= sec_to_usec(lifetime_sec
, timestamp_usec
);
518 r
= sd_ndisc_router_prefix_get_address(rt
, &route
->dst
.in6
);
520 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
522 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
524 return log_link_error_errno(link
, r
, "Could not request prefix route: %m");
529 static int ndisc_router_process_prefix(Link
*link
, sd_ndisc_router
*rt
) {
536 assert(link
->network
);
539 r
= sd_ndisc_router_prefix_get_address(rt
, &a
);
541 return log_link_error_errno(link
, r
, "Failed to get prefix address: %m");
543 r
= sd_ndisc_router_prefix_get_prefixlen(rt
, &prefixlen
);
545 return log_link_error_errno(link
, r
, "Failed to get prefix length: %m");
547 if (in6_prefix_is_filtered(&a
, prefixlen
, link
->network
->ndisc_allow_listed_prefix
, link
->network
->ndisc_deny_listed_prefix
)) {
549 log_link_debug(link
, "Prefix '%s' is %s, ignoring",
550 !set_isempty(link
->network
->ndisc_allow_listed_prefix
) ? "not in allow list"
552 IN6_ADDR_PREFIX_TO_STRING(&a
, prefixlen
));
556 r
= sd_ndisc_router_prefix_get_flags(rt
, &flags
);
558 return log_link_error_errno(link
, r
, "Failed to get RA prefix flags: %m");
560 if (FLAGS_SET(flags
, ND_OPT_PI_FLAG_ONLINK
)) {
561 r
= ndisc_router_process_onlink_prefix(link
, rt
);
566 if (FLAGS_SET(flags
, ND_OPT_PI_FLAG_AUTO
)) {
567 r
= ndisc_router_process_autonomous_prefix(link
, rt
);
575 static int ndisc_router_process_route(Link
*link
, sd_ndisc_router
*rt
) {
576 _cleanup_(route_freep
) Route
*route
= NULL
;
577 unsigned preference
, prefixlen
;
578 struct in6_addr gateway
, dst
;
579 uint32_t lifetime_sec
;
580 usec_t timestamp_usec
;
585 if (!link
->network
->ipv6_accept_ra_use_route_prefix
)
588 r
= sd_ndisc_router_route_get_lifetime(rt
, &lifetime_sec
);
590 return log_link_error_errno(link
, r
, "Failed to get route lifetime from RA: %m");
592 if (lifetime_sec
== 0)
595 r
= sd_ndisc_router_route_get_address(rt
, &dst
);
597 return log_link_error_errno(link
, r
, "Failed to get route destination address: %m");
599 r
= sd_ndisc_router_route_get_prefixlen(rt
, &prefixlen
);
601 return log_link_error_errno(link
, r
, "Failed to get route prefix length: %m");
603 if (in6_addr_is_null(&dst
) && prefixlen
== 0) {
604 log_link_debug(link
, "Route prefix is ::/0, ignoring");
608 if (in6_prefix_is_filtered(&dst
, prefixlen
,
609 link
->network
->ndisc_allow_listed_route_prefix
,
610 link
->network
->ndisc_deny_listed_route_prefix
)) {
613 log_link_debug(link
, "Route prefix %s is %s, ignoring",
614 !set_isempty(link
->network
->ndisc_allow_listed_route_prefix
) ? "not in allow list"
616 IN6_ADDR_PREFIX_TO_STRING(&dst
, prefixlen
));
620 r
= sd_ndisc_router_get_address(rt
, &gateway
);
622 return log_link_error_errno(link
, r
, "Failed to get gateway address from RA: %m");
624 if (link_get_ipv6_address(link
, &gateway
, 0, NULL
) >= 0) {
626 log_link_debug(link
, "Advertised route gateway %s is local to the link, ignoring route",
627 IN6_ADDR_TO_STRING(&gateway
));
631 r
= sd_ndisc_router_route_get_preference(rt
, &preference
);
633 return log_link_error_errno(link
, r
, "Failed to get default router preference from RA: %m");
635 r
= sd_ndisc_router_get_timestamp(rt
, CLOCK_BOOTTIME
, ×tamp_usec
);
637 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
639 r
= route_new(&route
);
643 route
->family
= AF_INET6
;
644 route
->pref
= preference
;
645 route
->gw
.in6
= gateway
;
646 route
->gw_family
= AF_INET6
;
647 route
->dst
.in6
= dst
;
648 route
->dst_prefixlen
= prefixlen
;
649 route
->lifetime_usec
= sec_to_usec(lifetime_sec
, timestamp_usec
);
651 r
= ndisc_request_route(TAKE_PTR(route
), link
, rt
);
653 return log_link_error_errno(link
, r
, "Could not request additional route: %m");
658 static void ndisc_rdnss_hash_func(const NDiscRDNSS
*x
, struct siphash
*state
) {
659 siphash24_compress(&x
->address
, sizeof(x
->address
), state
);
662 static int ndisc_rdnss_compare_func(const NDiscRDNSS
*a
, const NDiscRDNSS
*b
) {
663 return memcmp(&a
->address
, &b
->address
, sizeof(a
->address
));
666 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
667 ndisc_rdnss_hash_ops
,
669 ndisc_rdnss_hash_func
,
670 ndisc_rdnss_compare_func
,
673 static int ndisc_router_process_rdnss(Link
*link
, sd_ndisc_router
*rt
) {
674 usec_t lifetime_usec
, timestamp_usec
;
675 uint32_t lifetime_sec
;
676 const struct in6_addr
*a
;
677 struct in6_addr router
;
678 bool updated
= false;
682 assert(link
->network
);
685 if (!link
->network
->ipv6_accept_ra_use_dns
)
688 r
= sd_ndisc_router_get_address(rt
, &router
);
690 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
692 r
= sd_ndisc_router_get_timestamp(rt
, CLOCK_BOOTTIME
, ×tamp_usec
);
694 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
696 r
= sd_ndisc_router_rdnss_get_lifetime(rt
, &lifetime_sec
);
698 return log_link_error_errno(link
, r
, "Failed to get RDNSS lifetime: %m");
700 if (lifetime_sec
== 0)
703 lifetime_usec
= sec_to_usec(lifetime_sec
, timestamp_usec
);
705 n
= sd_ndisc_router_rdnss_get_addresses(rt
, &a
);
707 return log_link_error_errno(link
, n
, "Failed to get RDNSS addresses: %m");
709 if (n
>= (int) NDISC_RDNSS_MAX
) {
710 log_link_warning(link
, "Too many RDNSS records per link. Only first %i records will be used.", NDISC_RDNSS_MAX
);
714 for (int j
= 0; j
< n
; j
++) {
715 _cleanup_free_ NDiscRDNSS
*x
= NULL
;
716 NDiscRDNSS
*rdnss
, d
= {
720 rdnss
= set_get(link
->ndisc_rdnss
, &d
);
722 rdnss
->marked
= false;
723 rdnss
->router
= router
;
724 rdnss
->lifetime_usec
= lifetime_usec
;
728 x
= new(NDiscRDNSS
, 1);
735 .lifetime_usec
= lifetime_usec
,
738 r
= set_ensure_consume(&link
->ndisc_rdnss
, &ndisc_rdnss_hash_ops
, TAKE_PTR(x
));
752 static void ndisc_dnssl_hash_func(const NDiscDNSSL
*x
, struct siphash
*state
) {
753 siphash24_compress_string(NDISC_DNSSL_DOMAIN(x
), state
);
756 static int ndisc_dnssl_compare_func(const NDiscDNSSL
*a
, const NDiscDNSSL
*b
) {
757 return strcmp(NDISC_DNSSL_DOMAIN(a
), NDISC_DNSSL_DOMAIN(b
));
760 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
761 ndisc_dnssl_hash_ops
,
763 ndisc_dnssl_hash_func
,
764 ndisc_dnssl_compare_func
,
767 static int ndisc_router_process_dnssl(Link
*link
, sd_ndisc_router
*rt
) {
768 _cleanup_strv_free_
char **l
= NULL
;
769 usec_t lifetime_usec
, timestamp_usec
;
770 struct in6_addr router
;
771 uint32_t lifetime_sec
;
772 bool updated
= false;
776 assert(link
->network
);
779 if (link
->network
->ipv6_accept_ra_use_domains
== DHCP_USE_DOMAINS_NO
)
782 r
= sd_ndisc_router_get_address(rt
, &router
);
784 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
786 r
= sd_ndisc_router_get_timestamp(rt
, CLOCK_BOOTTIME
, ×tamp_usec
);
788 return log_link_error_errno(link
, r
, "Failed to get RA timestamp: %m");
790 r
= sd_ndisc_router_dnssl_get_lifetime(rt
, &lifetime_sec
);
792 return log_link_error_errno(link
, r
, "Failed to get DNSSL lifetime: %m");
794 if (lifetime_sec
== 0)
797 lifetime_usec
= sec_to_usec(lifetime_sec
, timestamp_usec
);
799 r
= sd_ndisc_router_dnssl_get_domains(rt
, &l
);
801 return log_link_error_errno(link
, r
, "Failed to get DNSSL addresses: %m");
803 if (strv_length(l
) >= NDISC_DNSSL_MAX
) {
804 log_link_warning(link
, "Too many DNSSL records per link. Only first %i records will be used.", NDISC_DNSSL_MAX
);
805 STRV_FOREACH(j
, l
+ NDISC_DNSSL_MAX
)
810 _cleanup_free_ NDiscDNSSL
*s
= NULL
;
813 s
= malloc0(ALIGN(sizeof(NDiscDNSSL
)) + strlen(*j
) + 1);
817 strcpy(NDISC_DNSSL_DOMAIN(s
), *j
);
819 dnssl
= set_get(link
->ndisc_dnssl
, s
);
821 dnssl
->marked
= false;
822 dnssl
->router
= router
;
823 dnssl
->lifetime_usec
= lifetime_usec
;
828 s
->lifetime_usec
= lifetime_usec
;
830 r
= set_ensure_consume(&link
->ndisc_dnssl
, &ndisc_dnssl_hash_ops
, TAKE_PTR(s
));
844 static int ndisc_router_process_options(Link
*link
, sd_ndisc_router
*rt
) {
848 assert(link
->network
);
851 for (r
= sd_ndisc_router_option_rewind(rt
); ; r
= sd_ndisc_router_option_next(rt
)) {
855 return log_link_error_errno(link
, r
, "Failed to iterate through options: %m");
856 if (r
== 0) /* EOF */
859 r
= sd_ndisc_router_option_get_type(rt
, &type
);
861 return log_link_error_errno(link
, r
, "Failed to get RA option type: %m");
865 case SD_NDISC_OPTION_PREFIX_INFORMATION
:
866 r
= ndisc_router_process_prefix(link
, rt
);
871 case SD_NDISC_OPTION_ROUTE_INFORMATION
:
872 r
= ndisc_router_process_route(link
, rt
);
877 case SD_NDISC_OPTION_RDNSS
:
878 r
= ndisc_router_process_rdnss(link
, rt
);
883 case SD_NDISC_OPTION_DNSSL
:
884 r
= ndisc_router_process_dnssl(link
, rt
);
892 static void ndisc_mark(Link
*link
, const struct in6_addr
*router
) {
899 link_mark_addresses(link
, NETWORK_CONFIG_SOURCE_NDISC
, router
);
900 link_mark_routes(link
, NETWORK_CONFIG_SOURCE_NDISC
, router
);
902 SET_FOREACH(rdnss
, link
->ndisc_rdnss
)
903 if (in6_addr_equal(&rdnss
->router
, router
))
904 rdnss
->marked
= true;
906 SET_FOREACH(dnssl
, link
->ndisc_dnssl
)
907 if (in6_addr_equal(&dnssl
->router
, router
))
908 dnssl
->marked
= true;
911 static int ndisc_start_dhcp6_client(Link
*link
, sd_ndisc_router
*rt
) {
915 assert(link
->network
);
917 switch (link
->network
->ipv6_accept_ra_start_dhcp6_client
) {
918 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO
:
921 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES
: {
924 r
= sd_ndisc_router_get_flags(rt
, &flags
);
926 return log_link_warning_errno(link
, r
, "Failed to get RA flags: %m");
928 if ((flags
& (ND_RA_FLAG_MANAGED
| ND_RA_FLAG_OTHER
)) == 0)
931 /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags.
932 * Note, if both "managed" and "other configuration" bits are set, then ignore
933 * "other configuration" bit. See RFC 4861. */
934 r
= dhcp6_start_on_ra(link
, !(flags
& ND_RA_FLAG_MANAGED
));
937 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS
:
938 /* When IPv6AcceptRA.DHCPv6Client=always, start dhcp6 client in solicit mode
939 * even if the router flags have neither M nor O flags. */
940 r
= dhcp6_start_on_ra(link
, /* information_request = */ false);
944 assert_not_reached();
948 return log_link_error_errno(link
, r
, "Could not acquire DHCPv6 lease on NDisc request: %m");
950 log_link_debug(link
, "Acquiring DHCPv6 lease on NDisc request");
954 static int ndisc_router_handler(Link
*link
, sd_ndisc_router
*rt
) {
955 struct in6_addr router
;
959 assert(link
->network
);
960 assert(link
->manager
);
963 r
= sd_ndisc_router_get_address(rt
, &router
);
965 return log_link_error_errno(link
, r
, "Failed to get router address from RA: %m");
967 if (in6_prefix_is_filtered(&router
, 128, link
->network
->ndisc_allow_listed_router
, link
->network
->ndisc_deny_listed_router
)) {
969 if (!set_isempty(link
->network
->ndisc_allow_listed_router
))
970 log_link_debug(link
, "Router %s is not in allow list, ignoring.", IN6_ADDR_TO_STRING(&router
));
972 log_link_debug(link
, "Router %s is in deny list, ignoring.", IN6_ADDR_TO_STRING(&router
));
977 ndisc_mark(link
, &router
);
979 r
= ndisc_start_dhcp6_client(link
, rt
);
983 r
= ndisc_router_process_default(link
, rt
);
987 r
= ndisc_router_process_options(link
, rt
);
991 if (link
->ndisc_messages
== 0) {
992 link
->ndisc_configured
= true;
994 r
= ndisc_remove(link
, &router
);
998 log_link_debug(link
, "Setting SLAAC addresses and router.");
1000 if (!link
->ndisc_configured
)
1001 link_set_state(link
, LINK_STATE_CONFIGURING
);
1003 link_check_ready(link
);
1007 static void ndisc_handler(sd_ndisc
*nd
, sd_ndisc_event_t event
, sd_ndisc_router
*rt
, void *userdata
) {
1008 Link
*link
= userdata
;
1013 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
1018 case SD_NDISC_EVENT_ROUTER
:
1019 r
= ndisc_router_handler(link
, rt
);
1021 link_enter_failed(link
);
1026 case SD_NDISC_EVENT_TIMEOUT
:
1027 log_link_debug(link
, "NDisc handler get timeout event");
1028 if (link
->ndisc_messages
== 0) {
1029 link
->ndisc_configured
= true;
1030 link_check_ready(link
);
1034 assert_not_reached();
1038 static int ndisc_configure(Link
*link
) {
1043 if (!link_ipv6_accept_ra_enabled(link
))
1047 return -EBUSY
; /* Already configured. */
1049 r
= sd_ndisc_new(&link
->ndisc
);
1053 r
= sd_ndisc_attach_event(link
->ndisc
, link
->manager
->event
, 0);
1057 if (link
->hw_addr
.length
== ETH_ALEN
) {
1058 r
= sd_ndisc_set_mac(link
->ndisc
, &link
->hw_addr
.ether
);
1063 r
= sd_ndisc_set_ifindex(link
->ndisc
, link
->ifindex
);
1067 r
= sd_ndisc_set_callback(link
->ndisc
, ndisc_handler
, link
);
1074 int ndisc_start(Link
*link
) {
1079 if (!link
->ndisc
|| !link
->dhcp6_client
)
1082 if (!link_has_carrier(link
))
1085 if (in6_addr_is_null(&link
->ipv6ll_address
))
1088 log_link_debug(link
, "Discovering IPv6 routers");
1090 r
= sd_ndisc_start(link
->ndisc
);
1097 static int ndisc_process_request(Request
*req
, Link
*link
, void *userdata
) {
1102 if (!IN_SET(link
->state
, LINK_STATE_CONFIGURING
, LINK_STATE_CONFIGURED
))
1105 r
= ndisc_configure(link
);
1107 return log_link_warning_errno(link
, r
, "Failed to configure IPv6 Router Discovery: %m");
1109 r
= ndisc_start(link
);
1111 return log_link_warning_errno(link
, r
, "Failed to start IPv6 Router Discovery: %m");
1113 log_link_debug(link
, "IPv6 Router Discovery is configured%s.",
1114 r
> 0 ? " and started" : "");
1118 int link_request_ndisc(Link
*link
) {
1123 if (!link_ipv6_accept_ra_enabled(link
))
1129 r
= link_queue_request(link
, REQUEST_TYPE_NDISC
, ndisc_process_request
, NULL
);
1131 return log_link_warning_errno(link
, r
, "Failed to request configuring of the IPv6 Router Discovery: %m");
1133 log_link_debug(link
, "Requested configuring of the IPv6 Router Discovery.");
1137 void ndisc_vacuum(Link
*link
) {
1143 assert(link
->manager
);
1145 /* Removes all RDNSS and DNSSL entries whose validity time has passed */
1147 assert_se(sd_event_now(link
->manager
->event
, CLOCK_BOOTTIME
, &now_usec
) >= 0);
1149 SET_FOREACH(r
, link
->ndisc_rdnss
)
1150 if (r
->lifetime_usec
< now_usec
)
1151 free(set_remove(link
->ndisc_rdnss
, r
));
1153 SET_FOREACH(d
, link
->ndisc_dnssl
)
1154 if (d
->lifetime_usec
< now_usec
)
1155 free(set_remove(link
->ndisc_dnssl
, d
));
1158 void ndisc_flush(Link
*link
) {
1161 /* Removes all RDNSS and DNSSL entries, without exception */
1163 link
->ndisc_rdnss
= set_free(link
->ndisc_rdnss
);
1164 link
->ndisc_dnssl
= set_free(link
->ndisc_dnssl
);
1167 static const char* const ipv6_accept_ra_start_dhcp6_client_table
[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX
] = {
1168 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO
] = "no",
1169 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS
] = "always",
1170 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES
] = "yes",
1173 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(ipv6_accept_ra_start_dhcp6_client
, IPv6AcceptRAStartDHCP6Client
, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES
);
1175 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_use_domains
, dhcp_use_domains
, DHCPUseDomains
,
1176 "Failed to parse UseDomains= setting");
1177 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_start_dhcp6_client
, ipv6_accept_ra_start_dhcp6_client
, IPv6AcceptRAStartDHCP6Client
,
1178 "Failed to parse DHCPv6Client= setting");