]>
Commit | Line | Data |
---|---|---|
d5ebcf65 YW |
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
2 | ||
3 | #include "sd-dhcp6-client.h" | |
4 | ||
5 | #include "hashmap.h" | |
6 | #include "in-addr-prefix-util.h" | |
7 | #include "networkd-address-generation.h" | |
8 | #include "networkd-address.h" | |
9 | #include "networkd-dhcp-prefix-delegation.h" | |
10 | #include "networkd-dhcp6.h" | |
11 | #include "networkd-link.h" | |
12 | #include "networkd-manager.h" | |
13 | #include "networkd-queue.h" | |
14 | #include "networkd-radv.h" | |
15 | #include "networkd-route.h" | |
16 | #include "parse-util.h" | |
17 | #include "string-util.h" | |
18 | #include "strv.h" | |
19 | ||
20 | bool link_dhcp6_pd_is_enabled(Link *link) { | |
21 | assert(link); | |
22 | ||
23 | if (!link->network) | |
24 | return false; | |
25 | ||
26 | return link->network->dhcp6_pd; | |
27 | } | |
28 | ||
29 | bool dhcp6_pd_is_uplink(Link *link, Link *target, bool accept_auto) { | |
30 | assert(link); | |
31 | assert(target); | |
32 | ||
33 | if (!link_dhcp6_pd_is_enabled(link)) | |
34 | return false; | |
35 | ||
36 | if (link->network->dhcp6_pd_uplink_name) | |
37 | return streq_ptr(target->ifname, link->network->dhcp6_pd_uplink_name) || | |
38 | strv_contains(target->alternative_names, link->network->dhcp6_pd_uplink_name); | |
39 | ||
40 | if (link->network->dhcp6_pd_uplink_index > 0) | |
41 | return target->ifindex == link->network->dhcp6_pd_uplink_index; | |
42 | ||
43 | if (link->network->dhcp6_pd_uplink_index == UPLINK_INDEX_SELF) | |
44 | return link == target; | |
45 | ||
46 | assert(link->network->dhcp6_pd_uplink_index == UPLINK_INDEX_AUTO); | |
47 | return accept_auto; | |
48 | } | |
49 | ||
50 | bool dhcp6_lease_has_pd_prefix(sd_dhcp6_lease *lease) { | |
51 | uint32_t lifetime_preferred_sec, lifetime_valid_sec; | |
52 | struct in6_addr pd_prefix; | |
53 | uint8_t pd_prefix_len; | |
54 | ||
55 | if (!lease) | |
56 | return false; | |
57 | ||
58 | sd_dhcp6_lease_reset_pd_prefix_iter(lease); | |
59 | ||
60 | return sd_dhcp6_lease_get_pd(lease, &pd_prefix, &pd_prefix_len, &lifetime_preferred_sec, &lifetime_valid_sec) >= 0; | |
61 | } | |
62 | ||
63 | static void link_remove_dhcp6_pd_prefix(Link *link, const struct in6_addr *prefix) { | |
64 | void *key; | |
65 | ||
66 | assert(link); | |
67 | assert(link->manager); | |
68 | assert(prefix); | |
69 | ||
70 | if (hashmap_get(link->manager->links_by_dhcp6_pd_prefix, prefix) != link) | |
71 | return; | |
72 | ||
73 | hashmap_remove2(link->manager->links_by_dhcp6_pd_prefix, prefix, &key); | |
74 | free(key); | |
75 | } | |
76 | ||
77 | static int link_add_dhcp6_pd_prefix(Link *link, const struct in6_addr *prefix) { | |
78 | _cleanup_free_ struct in6_addr *copy = NULL; | |
79 | int r; | |
80 | ||
81 | assert(link); | |
82 | assert(prefix); | |
83 | ||
84 | copy = newdup(struct in6_addr, prefix, 1); | |
85 | if (!copy) | |
86 | return -ENOMEM; | |
87 | ||
88 | r = hashmap_ensure_put(&link->manager->links_by_dhcp6_pd_prefix, &in6_addr_hash_ops_free, copy, link); | |
89 | if (r < 0) | |
90 | return r; | |
91 | if (r > 0) | |
92 | TAKE_PTR(copy); | |
93 | ||
94 | return 0; | |
95 | } | |
96 | ||
97 | static int link_get_by_dhcp6_pd_prefix(Manager *manager, const struct in6_addr *prefix, Link **ret) { | |
98 | Link *link; | |
99 | ||
100 | assert(manager); | |
101 | assert(prefix); | |
102 | ||
103 | link = hashmap_get(manager->links_by_dhcp6_pd_prefix, prefix); | |
104 | if (!link) | |
105 | return -ENODEV; | |
106 | ||
107 | if (ret) | |
108 | *ret = link; | |
109 | return 0; | |
110 | } | |
111 | ||
112 | static int dhcp6_pd_get_assigned_prefix(Link *link, const struct in6_addr *pd_prefix, uint8_t pd_prefix_len, struct in6_addr *ret) { | |
113 | assert(link); | |
114 | assert(pd_prefix); | |
115 | ||
116 | if (!link_dhcp6_pd_is_enabled(link)) | |
117 | return -ENOENT; | |
118 | ||
119 | if (link->network->dhcp6_pd_assign) { | |
120 | Address *address; | |
121 | ||
122 | SET_FOREACH(address, link->addresses) { | |
123 | if (address->source != NETWORK_CONFIG_SOURCE_DHCP6PD) | |
124 | continue; | |
125 | assert(address->family == AF_INET6); | |
126 | ||
127 | if (in6_addr_prefix_covers(pd_prefix, pd_prefix_len, &address->in_addr.in6) <= 0) | |
128 | continue; | |
129 | ||
130 | if (ret) { | |
131 | struct in6_addr prefix = address->in_addr.in6; | |
132 | ||
133 | in6_addr_mask(&prefix, 64); | |
134 | *ret = prefix; | |
135 | } | |
136 | return 0; | |
137 | } | |
138 | } else { | |
139 | Route *route; | |
140 | ||
141 | SET_FOREACH(route, link->routes) { | |
142 | if (route->source != NETWORK_CONFIG_SOURCE_DHCP6PD) | |
143 | continue; | |
144 | assert(route->family == AF_INET6); | |
145 | ||
146 | if (in6_addr_prefix_covers(pd_prefix, pd_prefix_len, &route->dst.in6) > 0) { | |
147 | if (ret) | |
148 | *ret = route->dst.in6; | |
149 | return 0; | |
150 | } | |
151 | } | |
152 | } | |
153 | ||
154 | return -ENOENT; | |
155 | } | |
156 | ||
157 | int dhcp6_pd_remove(Link *link, bool only_marked) { | |
158 | int k, r = 0; | |
159 | ||
160 | assert(link); | |
161 | assert(link->manager); | |
162 | ||
163 | if (!link_dhcp6_pd_is_enabled(link)) | |
164 | return 0; | |
165 | ||
166 | if (!only_marked) | |
167 | link->dhcp6_pd_configured = false; | |
168 | ||
169 | if (!link->network->dhcp6_pd_assign) { | |
170 | Route *route; | |
171 | ||
172 | SET_FOREACH(route, link->routes) { | |
173 | if (route->source != NETWORK_CONFIG_SOURCE_DHCP6PD) | |
174 | continue; | |
175 | if (only_marked && !route_is_marked(route)) | |
176 | continue; | |
177 | ||
178 | if (link->radv) | |
179 | (void) sd_radv_remove_prefix(link->radv, &route->dst.in6, 64); | |
180 | ||
181 | link_remove_dhcp6_pd_prefix(link, &route->dst.in6); | |
182 | ||
183 | k = route_remove(route); | |
184 | if (k < 0) | |
185 | r = k; | |
186 | ||
187 | route_cancel_request(route); | |
188 | } | |
189 | } else { | |
190 | Address *address; | |
191 | ||
192 | SET_FOREACH(address, link->addresses) { | |
193 | struct in6_addr prefix; | |
194 | ||
195 | if (address->source != NETWORK_CONFIG_SOURCE_DHCP6PD) | |
196 | continue; | |
197 | if (only_marked && !address_is_marked(address)) | |
198 | continue; | |
199 | ||
200 | prefix = address->in_addr.in6; | |
201 | in6_addr_mask(&prefix, 64); | |
202 | ||
203 | if (link->radv) | |
204 | (void) sd_radv_remove_prefix(link->radv, &prefix, 64); | |
205 | ||
206 | link_remove_dhcp6_pd_prefix(link, &prefix); | |
207 | ||
208 | k = address_remove(address); | |
209 | if (k < 0) | |
210 | r = k; | |
211 | ||
212 | address_cancel_request(address); | |
213 | } | |
214 | } | |
215 | ||
216 | return r; | |
217 | } | |
218 | ||
219 | static int dhcp6_pd_check_ready(Link *link); | |
220 | ||
221 | static int dhcp6_pd_address_ready_callback(Address *address) { | |
222 | Address *a; | |
223 | ||
224 | assert(address); | |
225 | assert(address->link); | |
226 | ||
227 | SET_FOREACH(a, address->link->addresses) | |
228 | if (a->source == NETWORK_CONFIG_SOURCE_DHCP6PD) | |
229 | a->callback = NULL; | |
230 | ||
231 | return dhcp6_pd_check_ready(address->link); | |
232 | } | |
233 | ||
234 | static int dhcp6_pd_check_ready(Link *link) { | |
235 | int r; | |
236 | ||
237 | assert(link); | |
238 | assert(link->network); | |
239 | ||
240 | if (link->dhcp6_pd_messages > 0) { | |
241 | log_link_debug(link, "%s(): DHCPv6PD addresses and routes are not set.", __func__); | |
242 | return 0; | |
243 | } | |
244 | ||
245 | if (link->network->dhcp6_pd_assign) { | |
246 | bool has_ready = false; | |
247 | Address *address; | |
248 | ||
249 | SET_FOREACH(address, link->addresses) { | |
250 | if (address->source != NETWORK_CONFIG_SOURCE_DHCP6PD) | |
251 | continue; | |
252 | if (address_is_ready(address)) { | |
253 | has_ready = true; | |
254 | break; | |
255 | } | |
256 | } | |
257 | ||
258 | if (!has_ready) { | |
259 | SET_FOREACH(address, link->addresses) | |
260 | if (address->source == NETWORK_CONFIG_SOURCE_DHCP6PD) | |
261 | address->callback = dhcp6_pd_address_ready_callback; | |
262 | ||
263 | log_link_debug(link, "%s(): no DHCPv6PD address is ready.", __func__); | |
264 | return 0; | |
265 | } | |
266 | } | |
267 | ||
268 | link->dhcp6_pd_configured = true; | |
269 | ||
270 | log_link_debug(link, "DHCPv6 PD addresses and routes set."); | |
271 | ||
272 | r = dhcp6_pd_remove(link, /* only_marked = */ true); | |
273 | if (r < 0) | |
274 | return r; | |
275 | ||
276 | link_check_ready(link); | |
277 | return 1; | |
278 | } | |
279 | ||
280 | static int dhcp6_pd_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { | |
281 | int r; | |
282 | ||
283 | assert(link); | |
284 | assert(link->dhcp6_pd_messages > 0); | |
285 | ||
286 | link->dhcp6_pd_messages--; | |
287 | ||
288 | r = route_configure_handler_internal(rtnl, m, link, "Failed to add DHCPv6 Prefix Delegation route"); | |
289 | if (r <= 0) | |
290 | return r; | |
291 | ||
292 | r = dhcp6_pd_check_ready(link); | |
293 | if (r < 0) | |
294 | link_enter_failed(link); | |
295 | ||
296 | return 1; | |
297 | } | |
298 | ||
299 | static int dhcp6_pd_request_route(Link *link, const struct in6_addr *prefix, usec_t lifetime_usec) { | |
300 | _cleanup_(route_freep) Route *route = NULL; | |
301 | Route *existing; | |
302 | int r; | |
303 | ||
304 | assert(link); | |
305 | assert(link->network); | |
306 | assert(prefix); | |
307 | ||
308 | if (link->network->dhcp6_pd_assign) | |
309 | return 0; | |
310 | ||
311 | r = route_new(&route); | |
312 | if (r < 0) | |
313 | return r; | |
314 | ||
315 | route->source = NETWORK_CONFIG_SOURCE_DHCP6PD; | |
316 | route->family = AF_INET6; | |
317 | route->dst.in6 = *prefix; | |
318 | route->dst_prefixlen = 64; | |
319 | route->protocol = RTPROT_DHCP; | |
320 | route->priority = link->network->dhcp6_pd_route_metric; | |
321 | route->lifetime_usec = lifetime_usec; | |
322 | ||
323 | if (route_get(NULL, link, route, &existing) < 0) | |
324 | link->dhcp6_pd_configured = false; | |
325 | else | |
326 | route_unmark(existing); | |
327 | ||
328 | r = link_request_route(link, TAKE_PTR(route), true, &link->dhcp6_pd_messages, | |
329 | dhcp6_pd_route_handler, NULL); | |
330 | if (r < 0) | |
331 | return log_link_error_errno(link, r, "Failed to request DHCPv6 prefix route: %m"); | |
332 | ||
333 | return 0; | |
334 | } | |
335 | ||
336 | static int dhcp6_pd_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { | |
337 | int r; | |
338 | ||
339 | assert(link); | |
340 | assert(link->dhcp6_pd_messages > 0); | |
341 | ||
342 | link->dhcp6_pd_messages--; | |
343 | ||
344 | r = address_configure_handler_internal(rtnl, m, link, "Could not set DHCPv6 delegated prefix address"); | |
345 | if (r <= 0) | |
346 | return r; | |
347 | ||
348 | r = dhcp6_pd_check_ready(link); | |
349 | if (r < 0) | |
350 | link_enter_failed(link); | |
351 | ||
352 | return 1; | |
353 | } | |
354 | ||
355 | static void log_dhcp6_pd_address(Link *link, const Address *address) { | |
356 | _cleanup_free_ char *buffer = NULL; | |
357 | int log_level; | |
358 | ||
359 | assert(address); | |
360 | assert(address->family == AF_INET6); | |
361 | ||
362 | log_level = address_get(link, address, NULL) >= 0 ? LOG_DEBUG : LOG_INFO; | |
363 | ||
364 | if (log_level < log_get_max_level()) | |
365 | return; | |
366 | ||
367 | (void) in6_addr_prefix_to_string(&address->in_addr.in6, address->prefixlen, &buffer); | |
368 | ||
369 | log_link_full(link, log_level, "DHCPv6-PD address %s (valid %s, preferred %s)", | |
370 | strna(buffer), | |
371 | FORMAT_LIFETIME(address->lifetime_valid_usec), | |
372 | FORMAT_LIFETIME(address->lifetime_preferred_usec)); | |
373 | } | |
374 | ||
375 | static int dhcp6_pd_request_address( | |
376 | Link *link, | |
377 | const struct in6_addr *prefix, | |
378 | usec_t lifetime_preferred_usec, | |
379 | usec_t lifetime_valid_usec) { | |
380 | ||
381 | _cleanup_set_free_ Set *addresses = NULL; | |
382 | struct in6_addr *a; | |
383 | int r; | |
384 | ||
385 | assert(link); | |
386 | assert(link->network); | |
387 | assert(prefix); | |
388 | ||
389 | if (!link->network->dhcp6_pd_assign) | |
390 | return 0; | |
391 | ||
392 | r = dhcp6_pd_generate_addresses(link, prefix, &addresses); | |
393 | if (r < 0) | |
394 | return log_link_warning_errno(link, r, "Failed to generate addresses for acquired DHCPv6 delegated prefix: %m"); | |
395 | ||
396 | SET_FOREACH(a, addresses) { | |
397 | _cleanup_(address_freep) Address *address = NULL; | |
398 | Address *existing; | |
399 | ||
400 | r = address_new(&address); | |
401 | if (r < 0) | |
402 | return log_link_error_errno(link, r, "Failed to allocate address for DHCPv6 delegated prefix: %m"); | |
403 | ||
404 | address->source = NETWORK_CONFIG_SOURCE_DHCP6PD; | |
405 | address->family = AF_INET6; | |
406 | address->in_addr.in6 = *a; | |
407 | address->prefixlen = 64; | |
408 | address->lifetime_preferred_usec = lifetime_preferred_usec; | |
409 | address->lifetime_valid_usec = lifetime_valid_usec; | |
410 | SET_FLAG(address->flags, IFA_F_MANAGETEMPADDR, link->network->dhcp6_pd_manage_temporary_address); | |
411 | address->route_metric = link->network->dhcp6_pd_route_metric; | |
412 | ||
413 | log_dhcp6_pd_address(link, address); | |
414 | ||
415 | if (address_get(link, address, &existing) < 0) | |
416 | link->dhcp6_pd_configured = false; | |
417 | else | |
418 | address_unmark(existing); | |
419 | ||
420 | r = link_request_address(link, TAKE_PTR(address), true, &link->dhcp6_pd_messages, | |
421 | dhcp6_pd_address_handler, NULL); | |
422 | if (r < 0) | |
423 | return log_link_error_errno(link, r, "Failed to request DHCPv6 delegated prefix address: %m"); | |
424 | } | |
425 | ||
426 | return 0; | |
427 | } | |
428 | ||
429 | static bool link_has_preferred_subnet_id(Link *link) { | |
430 | if (!link->network) | |
431 | return false; | |
432 | ||
433 | return link->network->dhcp6_pd_subnet_id >= 0; | |
434 | } | |
435 | ||
436 | static int dhcp6_pd_calculate_prefix( | |
437 | const struct in6_addr *pd_prefix, | |
438 | uint8_t pd_prefix_len, | |
439 | uint64_t subnet_id, | |
440 | struct in6_addr *ret) { | |
441 | ||
442 | struct in6_addr prefix; | |
443 | ||
444 | assert(pd_prefix); | |
445 | assert(pd_prefix_len <= 64); | |
446 | assert(ret); | |
447 | ||
448 | if (subnet_id >= UINT64_C(1) << (64 - pd_prefix_len)) | |
449 | return -ERANGE; | |
450 | ||
451 | prefix = *pd_prefix; | |
452 | ||
453 | if (pd_prefix_len < 32) | |
454 | prefix.s6_addr32[0] |= htobe32(subnet_id >> 32); | |
455 | ||
456 | prefix.s6_addr32[1] |= htobe32(subnet_id & 0xffffffff); | |
457 | ||
458 | *ret = prefix; | |
459 | return 0; | |
460 | } | |
461 | ||
462 | static int dhcp6_pd_get_preferred_prefix( | |
463 | Link *link, | |
464 | const struct in6_addr *pd_prefix, | |
465 | uint8_t pd_prefix_len, | |
466 | struct in6_addr *ret) { | |
467 | ||
468 | struct in6_addr prefix; | |
469 | Link *assigned_link; | |
470 | int r; | |
471 | ||
472 | assert(link); | |
473 | assert(link->manager); | |
474 | assert(pd_prefix); | |
475 | ||
476 | if (link_has_preferred_subnet_id(link)) { | |
477 | /* If the link has a preference for a particular subnet id try to allocate that */ | |
478 | ||
479 | r = dhcp6_pd_calculate_prefix(pd_prefix, pd_prefix_len, link->network->dhcp6_pd_subnet_id, &prefix); | |
480 | if (r < 0) | |
481 | return log_link_warning_errno(link, r, | |
482 | "subnet id %" PRIu64 " is out of range. Only have %" PRIu64 " subnets.", | |
483 | link->network->dhcp6_pd_subnet_id, UINT64_C(1) << (64 - pd_prefix_len)); | |
484 | ||
485 | if (link_get_by_dhcp6_pd_prefix(link->manager, &prefix, &assigned_link) >= 0 && | |
486 | assigned_link != link) { | |
487 | _cleanup_free_ char *assigned_buf = NULL; | |
488 | ||
489 | (void) in6_addr_to_string(&prefix, &assigned_buf); | |
490 | return log_link_warning_errno(link, SYNTHETIC_ERRNO(EAGAIN), | |
491 | "The requested prefix %s is already assigned to another link.", | |
492 | strna(assigned_buf)); | |
493 | } | |
494 | ||
495 | *ret = prefix; | |
496 | return 0; | |
497 | } | |
498 | ||
499 | for (uint64_t n = 0; ; n++) { | |
500 | /* If we do not have an allocation preference just iterate | |
501 | * through the address space and return the first free prefix. */ | |
502 | ||
503 | r = dhcp6_pd_calculate_prefix(pd_prefix, pd_prefix_len, n, &prefix); | |
504 | if (r < 0) | |
505 | return log_link_warning_errno(link, r, | |
506 | "Couldn't find a suitable prefix. Ran out of address space."); | |
507 | ||
508 | /* Do not use explicitly requested subnet IDs. Note that the corresponding link may not | |
509 | * appear yet. So, we need to check the ID is not used in any .network files. */ | |
510 | if (set_contains(link->manager->dhcp6_pd_subnet_ids, &n)) | |
511 | continue; | |
512 | ||
513 | /* Check that the prefix is not assigned to another link. */ | |
514 | if (link_get_by_dhcp6_pd_prefix(link->manager, &prefix, &assigned_link) < 0 || | |
515 | assigned_link == link) { | |
516 | *ret = prefix; | |
517 | return 0; | |
518 | } | |
519 | } | |
520 | } | |
521 | ||
522 | static int dhcp6_pd_assign_prefix( | |
523 | Link *link, | |
524 | const struct in6_addr *pd_prefix, | |
525 | uint8_t pd_prefix_len, | |
526 | usec_t lifetime_preferred_usec, | |
527 | usec_t lifetime_valid_usec) { | |
528 | ||
529 | _cleanup_free_ char *buf = NULL; | |
530 | struct in6_addr prefix; | |
531 | int r; | |
532 | ||
533 | assert(link); | |
534 | assert(link->network); | |
535 | assert(pd_prefix); | |
536 | ||
537 | if (dhcp6_pd_get_assigned_prefix(link, pd_prefix, pd_prefix_len, &prefix) < 0 && | |
538 | dhcp6_pd_get_preferred_prefix(link, pd_prefix, pd_prefix_len, &prefix) < 0) | |
539 | return 0; | |
540 | ||
541 | (void) in6_addr_prefix_to_string(&prefix, 64, &buf); | |
542 | ||
543 | if (link->network->dhcp6_pd_announce) { | |
544 | r = radv_add_prefix(link, &prefix, 64, lifetime_preferred_usec, lifetime_valid_usec); | |
545 | if (r < 0) | |
546 | return log_link_warning_errno(link, r, | |
547 | "Failed to assign/update prefix %s to IPv6 Router Advertisement: %m", | |
548 | strna(buf)); | |
549 | } | |
550 | ||
551 | r = dhcp6_pd_request_route(link, &prefix, lifetime_valid_usec); | |
552 | if (r < 0) | |
553 | return log_link_warning_errno(link, r, | |
554 | "Failed to assign/update route for prefix %s: %m", | |
555 | strna(buf)); | |
556 | ||
557 | r = dhcp6_pd_request_address(link, &prefix, lifetime_preferred_usec, lifetime_valid_usec); | |
558 | if (r < 0) | |
559 | return log_link_warning_errno(link, r, | |
560 | "Failed to assign/update address for prefix %s: %m", | |
561 | strna(buf)); | |
562 | ||
563 | r = link_add_dhcp6_pd_prefix(link, &prefix); | |
564 | if (r < 0) | |
565 | return log_link_warning_errno(link, r, | |
566 | "Failed to save assigned prefix %s: %m", | |
567 | strna(buf)); | |
568 | ||
569 | log_link_debug(link, "Assigned prefix %s", strna(buf)); | |
570 | return 1; | |
571 | } | |
572 | ||
573 | static int dhcp6_pd_distribute_prefix( | |
574 | Link *dhcp6_link, | |
575 | const struct in6_addr *pd_prefix, | |
576 | uint8_t pd_prefix_len, | |
577 | usec_t lifetime_preferred_usec, | |
578 | usec_t lifetime_valid_usec) { | |
579 | ||
580 | Link *link; | |
581 | int r; | |
582 | ||
583 | assert(dhcp6_link); | |
584 | assert(dhcp6_link->manager); | |
585 | assert(pd_prefix); | |
586 | assert(pd_prefix_len <= 64); | |
587 | ||
588 | HASHMAP_FOREACH(link, dhcp6_link->manager->links_by_index) { | |
589 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) | |
590 | continue; | |
591 | ||
592 | if (!dhcp6_pd_is_uplink(link, dhcp6_link, /* accept_auto = */ true)) | |
593 | continue; | |
594 | ||
595 | if (link->network->dhcp6_pd_announce && !link->radv) | |
596 | continue; | |
597 | ||
d5ebcf65 YW |
598 | r = dhcp6_pd_assign_prefix(link, pd_prefix, pd_prefix_len, lifetime_preferred_usec, lifetime_valid_usec); |
599 | if (r < 0) { | |
600 | if (link == dhcp6_link) | |
601 | return r; | |
602 | ||
603 | link_enter_failed(link); | |
604 | continue; | |
605 | } | |
606 | } | |
607 | ||
608 | return 0; | |
609 | } | |
610 | ||
611 | static int dhcp6_pd_prepare(Link *link) { | |
612 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) | |
613 | return 0; | |
614 | ||
615 | if (!link_dhcp6_pd_is_enabled(link)) | |
616 | return 0; | |
617 | ||
618 | if (link->network->dhcp6_pd_announce && !link->radv) | |
619 | return 0; | |
620 | ||
621 | link_mark_addresses(link, NETWORK_CONFIG_SOURCE_DHCP6PD, NULL); | |
622 | link_mark_routes(link, NETWORK_CONFIG_SOURCE_DHCP6PD, NULL); | |
623 | ||
624 | return 0; | |
625 | } | |
626 | ||
627 | static int dhcp6_pd_finalize(Link *link) { | |
628 | int r; | |
629 | ||
630 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) | |
631 | return 0; | |
632 | ||
633 | if (!link_dhcp6_pd_is_enabled(link)) | |
634 | return 0; | |
635 | ||
636 | if (link->network->dhcp6_pd_announce && !link->radv) | |
637 | return 0; | |
638 | ||
639 | if (link->dhcp6_pd_messages == 0) { | |
640 | link->dhcp6_pd_configured = false; | |
641 | ||
642 | r = dhcp6_pd_remove(link, /* only_marked = */ true); | |
643 | if (r < 0) | |
644 | return r; | |
645 | } | |
646 | ||
647 | if (!link->dhcp6_pd_configured) | |
648 | link_set_state(link, LINK_STATE_CONFIGURING); | |
649 | ||
650 | link_check_ready(link); | |
651 | return 0; | |
652 | } | |
653 | ||
654 | void dhcp6_pd_prefix_lost(Link *dhcp6_link) { | |
655 | Link *link; | |
656 | int r; | |
657 | ||
658 | assert(dhcp6_link); | |
659 | assert(dhcp6_link->manager); | |
660 | ||
661 | HASHMAP_FOREACH(link, dhcp6_link->manager->links_by_index) { | |
662 | if (link == dhcp6_link) | |
663 | continue; | |
664 | ||
665 | r = dhcp6_pd_remove(link, /* only_marked = */ false); | |
666 | if (r < 0) | |
667 | link_enter_failed(link); | |
668 | } | |
669 | ||
670 | set_clear(dhcp6_link->dhcp6_pd_prefixes); | |
671 | } | |
672 | ||
673 | static int dhcp6_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { | |
674 | int r; | |
675 | ||
676 | assert(link); | |
677 | assert(link->dhcp6_messages > 0); | |
678 | ||
679 | link->dhcp6_messages--; | |
680 | ||
681 | r = route_configure_handler_internal(rtnl, m, link, "Failed to set unreachable route for DHCPv6 delegated subnet"); | |
682 | if (r <= 0) | |
683 | return r; | |
684 | ||
685 | r = dhcp6_check_ready(link); | |
686 | if (r < 0) | |
687 | link_enter_failed(link); | |
688 | ||
689 | return 1; | |
690 | } | |
691 | ||
692 | static int dhcp6_request_unreachable_route(Link *link, const struct in6_addr *addr, uint8_t prefixlen, usec_t lifetime_usec) { | |
693 | _cleanup_(route_freep) Route *route = NULL; | |
694 | _cleanup_free_ char *buf = NULL; | |
695 | Route *existing; | |
696 | int r; | |
697 | ||
698 | assert(link); | |
699 | assert(addr); | |
700 | ||
701 | (void) in6_addr_prefix_to_string(addr, prefixlen, &buf); | |
702 | ||
703 | if (prefixlen == 64) { | |
704 | log_link_debug(link, "Not adding a blocking route for DHCPv6 delegated subnet %s since distributed prefix is 64", | |
705 | strna(buf)); | |
706 | return 0; | |
707 | } | |
708 | ||
709 | r = route_new(&route); | |
710 | if (r < 0) | |
711 | return log_oom(); | |
712 | ||
713 | route->source = NETWORK_CONFIG_SOURCE_DHCP6; | |
714 | route->family = AF_INET6; | |
715 | route->dst.in6 = *addr; | |
716 | route->dst_prefixlen = prefixlen; | |
717 | route->table = link_get_dhcp6_route_table(link); | |
718 | route->type = RTN_UNREACHABLE; | |
719 | route->protocol = RTPROT_DHCP; | |
720 | route->priority = DHCP_ROUTE_METRIC; | |
721 | route->lifetime_usec = lifetime_usec; | |
722 | ||
723 | if (route_get(link->manager, NULL, route, &existing) < 0) | |
724 | link->dhcp6_configured = false; | |
725 | else | |
726 | route_unmark(existing); | |
727 | ||
728 | r = link_request_route(link, TAKE_PTR(route), true, &link->dhcp6_messages, | |
729 | dhcp6_route_handler, NULL); | |
730 | if (r < 0) | |
731 | return log_link_error_errno(link, r, "Failed to request unreachable route for DHCPv6 delegated subnet %s: %m", | |
732 | strna(buf)); | |
733 | ||
734 | return 0; | |
735 | } | |
736 | ||
737 | static int dhcp6_pd_prefix_add(Link *link, const struct in6_addr *prefix, uint8_t prefixlen) { | |
738 | _cleanup_free_ char *buf = NULL; | |
739 | struct in_addr_prefix *p; | |
740 | int r; | |
741 | ||
742 | assert(link); | |
743 | assert(prefix); | |
744 | ||
745 | p = new(struct in_addr_prefix, 1); | |
746 | if (!p) | |
747 | return log_oom(); | |
748 | ||
749 | *p = (struct in_addr_prefix) { | |
750 | .family = AF_INET6, | |
751 | .prefixlen = prefixlen, | |
752 | .address.in6 = *prefix, | |
753 | }; | |
754 | ||
755 | (void) in6_addr_prefix_to_string(prefix, prefixlen, &buf); | |
756 | ||
757 | log_link_full(link, | |
758 | set_contains(link->dhcp6_pd_prefixes, p) ? LOG_DEBUG : | |
759 | prefixlen > 64 || prefixlen < 48 ? LOG_WARNING : LOG_INFO, | |
760 | "DHCPv6: received PD Prefix %s%s", | |
761 | strna(buf), | |
762 | prefixlen > 64 ? " with prefix length > 64, ignoring." : | |
763 | prefixlen < 48 ? " with prefix length < 48, looks unusual.": ""); | |
764 | ||
765 | /* Store PD prefix even if prefixlen > 64, not to make logged at warning level so frequently. */ | |
766 | r = set_ensure_consume(&link->dhcp6_pd_prefixes, &in_addr_prefix_hash_ops_free, p); | |
767 | if (r < 0) | |
768 | return log_link_error_errno(link, r, "Failed to store DHCPv6 PD prefix %s: %m", strna(buf)); | |
769 | ||
770 | return prefixlen <= 64; | |
771 | } | |
772 | ||
5014e660 YW |
773 | static int dhcp6_pd_assign_prefixes(Link *link, Link *uplink) { |
774 | usec_t timestamp_usec; | |
775 | int r; | |
776 | ||
777 | assert(link); | |
778 | assert(uplink); | |
779 | assert(uplink->dhcp6_lease); | |
780 | ||
781 | /* This is similar to dhcp6_pd_prefix_acquired(), but called when a downstream interface | |
782 | * appears later or reconfiguring the interface. */ | |
783 | ||
784 | r = sd_dhcp6_lease_get_timestamp(uplink->dhcp6_lease, clock_boottime_or_monotonic(), ×tamp_usec); | |
785 | if (r < 0) | |
786 | return r; | |
787 | ||
788 | r = dhcp6_pd_prepare(link); | |
789 | if (r < 0) | |
790 | return r; | |
791 | ||
792 | for (sd_dhcp6_lease_reset_pd_prefix_iter(uplink->dhcp6_lease);;) { | |
793 | uint32_t lifetime_preferred_sec, lifetime_valid_sec; | |
794 | usec_t lifetime_preferred_usec, lifetime_valid_usec; | |
795 | struct in6_addr pd_prefix; | |
796 | uint8_t pd_prefix_len; | |
797 | ||
798 | r = sd_dhcp6_lease_get_pd(uplink->dhcp6_lease, &pd_prefix, &pd_prefix_len, | |
799 | &lifetime_preferred_sec, &lifetime_valid_sec); | |
800 | if (r < 0) | |
801 | break; | |
802 | ||
803 | lifetime_preferred_usec = usec_add(lifetime_preferred_sec * USEC_PER_SEC, timestamp_usec); | |
804 | lifetime_valid_usec = usec_add(lifetime_valid_sec * USEC_PER_SEC, timestamp_usec); | |
805 | ||
806 | if (pd_prefix_len > 64) | |
807 | continue; | |
808 | ||
809 | /* Mask prefix for safety. */ | |
810 | r = in6_addr_mask(&pd_prefix, pd_prefix_len); | |
811 | if (r < 0) | |
812 | return r; | |
813 | ||
814 | r = dhcp6_pd_assign_prefix(link, &pd_prefix, pd_prefix_len, lifetime_preferred_usec, lifetime_valid_usec); | |
815 | if (r < 0) | |
816 | return r; | |
817 | } | |
818 | ||
819 | r = dhcp6_pd_finalize(link); | |
820 | if (r < 0) | |
821 | return r; | |
822 | ||
823 | return 0; | |
824 | } | |
825 | ||
d5ebcf65 YW |
826 | int dhcp6_pd_prefix_acquired(Link *dhcp6_link) { |
827 | usec_t timestamp_usec; | |
828 | Link *link; | |
829 | int r; | |
830 | ||
831 | assert(dhcp6_link); | |
832 | assert(dhcp6_link->dhcp6_lease); | |
833 | ||
834 | r = sd_dhcp6_lease_get_timestamp(dhcp6_link->dhcp6_lease, clock_boottime_or_monotonic(), ×tamp_usec); | |
835 | if (r < 0) | |
836 | return log_link_warning_errno(dhcp6_link, r, "Failed to get timestamp of DHCPv6 lease: %m"); | |
837 | ||
838 | HASHMAP_FOREACH(link, dhcp6_link->manager->links_by_index) { | |
839 | r = dhcp6_pd_prepare(link); | |
840 | if (r < 0) { | |
841 | /* When failed on the upstream interface (i.e., the case link == dhcp6_link), | |
842 | * immediately abort the assignment of the prefixes. As, the all assigned | |
843 | * prefixes will be dropped soon in link_enter_failed(), and it is meaningless | |
844 | * to continue the assignment. */ | |
845 | if (link == dhcp6_link) | |
846 | return r; | |
847 | ||
848 | link_enter_failed(link); | |
849 | } | |
850 | } | |
851 | ||
852 | for (sd_dhcp6_lease_reset_pd_prefix_iter(dhcp6_link->dhcp6_lease);;) { | |
853 | uint32_t lifetime_preferred_sec, lifetime_valid_sec; | |
854 | usec_t lifetime_preferred_usec, lifetime_valid_usec; | |
855 | struct in6_addr pd_prefix; | |
856 | uint8_t pd_prefix_len; | |
857 | ||
858 | r = sd_dhcp6_lease_get_pd(dhcp6_link->dhcp6_lease, &pd_prefix, &pd_prefix_len, | |
859 | &lifetime_preferred_sec, &lifetime_valid_sec); | |
860 | if (r < 0) | |
861 | break; | |
862 | ||
863 | lifetime_preferred_usec = usec_add(lifetime_preferred_sec * USEC_PER_SEC, timestamp_usec); | |
864 | lifetime_valid_usec = usec_add(lifetime_valid_sec * USEC_PER_SEC, timestamp_usec); | |
865 | ||
866 | r = dhcp6_pd_prefix_add(dhcp6_link, &pd_prefix, pd_prefix_len); | |
867 | if (r < 0) | |
868 | return r; | |
869 | if (r == 0) | |
870 | continue; | |
871 | ||
872 | r = dhcp6_request_unreachable_route(dhcp6_link, &pd_prefix, pd_prefix_len, lifetime_valid_usec); | |
873 | if (r < 0) | |
874 | return r; | |
875 | ||
876 | /* We are doing prefix allocation in two steps: | |
877 | * 1. all those links that have a preferred subnet id will be assigned their subnet | |
878 | * 2. all those links that remain will receive prefixes in sequential order. Prefixes | |
879 | * that were previously already allocated to another link will be skipped. | |
880 | * The assignment has to be split in two phases since subnet id | |
881 | * preferences should be honored. Meaning that any subnet id should be | |
882 | * handed out to the requesting link and not to some link that didn't | |
883 | * specify any preference. */ | |
884 | ||
885 | assert(pd_prefix_len <= 64); | |
886 | ||
887 | /* Mask prefix for safety. */ | |
888 | r = in6_addr_mask(&pd_prefix, pd_prefix_len); | |
889 | if (r < 0) | |
890 | return log_link_error_errno(dhcp6_link, r, "Failed to mask DHCPv6 PD prefix: %m"); | |
891 | ||
892 | if (DEBUG_LOGGING) { | |
893 | uint64_t n_prefixes = UINT64_C(1) << (64 - pd_prefix_len); | |
894 | _cleanup_free_ char *buf = NULL; | |
895 | ||
896 | (void) in6_addr_prefix_to_string(&pd_prefix, pd_prefix_len, &buf); | |
897 | log_link_debug(dhcp6_link, "Assigning up to %" PRIu64 " prefixes from %s", | |
898 | n_prefixes, strna(buf)); | |
899 | } | |
900 | ||
901 | r = dhcp6_pd_distribute_prefix(dhcp6_link, | |
902 | &pd_prefix, | |
903 | pd_prefix_len, | |
904 | lifetime_preferred_usec, | |
905 | lifetime_valid_usec); | |
906 | if (r < 0) | |
907 | return r; | |
908 | } | |
909 | ||
910 | HASHMAP_FOREACH(link, dhcp6_link->manager->links_by_index) { | |
911 | r = dhcp6_pd_finalize(link); | |
912 | if (r < 0) { | |
913 | if (link == dhcp6_link) | |
914 | return r; | |
915 | ||
916 | link_enter_failed(link); | |
917 | } | |
918 | } | |
919 | ||
920 | return 0; | |
921 | } | |
922 | ||
d5ebcf65 YW |
923 | static bool dhcp6_pd_uplink_is_ready(Link *link) { |
924 | assert(link); | |
925 | ||
926 | if (!link->network) | |
927 | return false; | |
928 | ||
929 | if (!link->network->dhcp6_use_pd_prefix) | |
930 | return false; | |
931 | ||
932 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) | |
933 | return false; | |
934 | ||
935 | if (!link->dhcp6_client) | |
936 | return false; | |
937 | ||
938 | if (sd_dhcp6_client_is_running(link->dhcp6_client) <= 0) | |
939 | return false; | |
940 | ||
941 | if (!link->dhcp6_lease) | |
942 | return false; | |
943 | ||
944 | return dhcp6_lease_has_pd_prefix(link->dhcp6_lease); | |
945 | } | |
946 | ||
947 | int dhcp6_pd_find_uplink(Link *link, Link **ret) { | |
948 | Link *uplink = NULL; | |
949 | int r = 0; | |
950 | ||
951 | assert(link); | |
952 | assert(link->manager); | |
953 | assert(link_dhcp6_pd_is_enabled(link)); | |
954 | assert(ret); | |
955 | ||
956 | if (link->network->dhcp6_pd_uplink_name) | |
957 | r = link_get_by_name(link->manager, link->network->dhcp6_pd_uplink_name, &uplink); | |
958 | else if (link->network->dhcp6_pd_uplink_index > 0) | |
959 | r = link_get_by_index(link->manager, link->network->dhcp6_pd_uplink_index, &uplink); | |
960 | else if (link->network->dhcp6_pd_uplink_index == UPLINK_INDEX_SELF) | |
961 | uplink = link; | |
962 | if (r < 0) | |
963 | return r; | |
964 | ||
965 | if (uplink) { | |
966 | if (!dhcp6_pd_uplink_is_ready(uplink)) | |
967 | return -EBUSY; | |
968 | ||
969 | *ret = uplink; | |
970 | return 0; | |
971 | } | |
972 | ||
973 | HASHMAP_FOREACH(uplink, link->manager->links_by_index) { | |
974 | if (!dhcp6_pd_uplink_is_ready(uplink)) | |
975 | continue; | |
976 | ||
977 | /* Assume that there exists at most one link which acquired delegated prefixes. */ | |
978 | *ret = uplink; | |
979 | return 0; | |
980 | } | |
981 | ||
982 | return -ENODEV; | |
983 | } | |
984 | ||
985 | int dhcp6_request_prefix_delegation(Link *link) { | |
986 | Link *uplink; | |
987 | ||
988 | assert(link); | |
989 | ||
990 | if (!link_dhcp6_pd_is_enabled(link)) | |
991 | return 0; | |
992 | ||
993 | if (dhcp6_pd_find_uplink(link, &uplink) < 0) | |
994 | return 0; | |
995 | ||
996 | log_link_debug(link, "Requesting subnets of delegated prefixes acquired by %s", uplink->ifname); | |
997 | return dhcp6_pd_assign_prefixes(link, uplink); | |
998 | } | |
999 | ||
1000 | int config_parse_dhcp6_pd_subnet_id( | |
1001 | const char *unit, | |
1002 | const char *filename, | |
1003 | unsigned line, | |
1004 | const char *section, | |
1005 | unsigned section_line, | |
1006 | const char *lvalue, | |
1007 | int ltype, | |
1008 | const char *rvalue, | |
1009 | void *data, | |
1010 | void *userdata) { | |
1011 | ||
1012 | int64_t *p = data; | |
1013 | uint64_t t; | |
1014 | int r; | |
1015 | ||
1016 | assert(filename); | |
1017 | assert(lvalue); | |
1018 | assert(rvalue); | |
1019 | assert(data); | |
1020 | ||
1021 | if (isempty(rvalue) || streq(rvalue, "auto")) { | |
1022 | *p = -1; | |
1023 | return 0; | |
1024 | } | |
1025 | ||
1026 | r = safe_atoux64(rvalue, &t); | |
1027 | if (r < 0) { | |
1028 | log_syntax(unit, LOG_WARNING, filename, line, r, | |
1029 | "Failed to parse %s=, ignoring assignment: %s", | |
1030 | lvalue, rvalue); | |
1031 | return 0; | |
1032 | } | |
1033 | if (t > INT64_MAX) { | |
1034 | log_syntax(unit, LOG_WARNING, filename, line, 0, | |
1035 | "Invalid subnet id '%s', ignoring assignment.", | |
1036 | rvalue); | |
1037 | return 0; | |
1038 | } | |
1039 | ||
1040 | *p = (int64_t) t; | |
1041 | ||
1042 | return 0; | |
1043 | } |