]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/network/networkd-ndisc.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
man/systemd-sysext: list ephemeral/ephemeral-import in the list of options
[thirdparty/systemd.git] / src / network / networkd-ndisc.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
a13c50e7 2/***
810adae9 3 Copyright © 2014 Intel Corporation. All rights reserved.
a13c50e7
TG		 4***/
5
f4ef1c19 6#include <linux/if_arp.h>
baa3fadf 7#include <linux/rtnetlink.h>
1cf40697 8#include <netinet/icmp6.h>
a13c50e7 9
a13c50e7
TG		 10#include "sd-ndisc.h"
11
baa3fadf
DDM		 12#include "conf-parser.h"
13#include "errno-util.h"
77302468 14#include "event-util.h"
d909e4af 15#include "missing_network.h"
01420b2d 16#include "ndisc-router-internal.h"
093e3533 17#include "networkd-address.h"
1cf40697 18#include "networkd-address-generation.h"
ca5ad760 19#include "networkd-dhcp6.h"
0ee78fc9 20#include "networkd-link.h"
73854ba1 21#include "networkd-manager.h"
1e7a0e21 22#include "networkd-ndisc.h"
0f8afaf9 23#include "networkd-nexthop.h"
76c5a0f2 24#include "networkd-queue.h"
3b6a3bde 25#include "networkd-route.h"
3b5a4fc6 26#include "networkd-state-file.h"
3976c430 27#include "networkd-sysctl.h"
baa3fadf
DDM		 28#include "ordered-set.h"
29#include "set.h"
30#include "siphash24.h"
31#include "socket-util.h"
ac24e418 32#include "string-table.h"
5f506a55 33#include "string-util.h"
51517f9e 34#include "strv.h"
91750028 35#include "sysctl-util.h"
1e7a0e21
LP		 36
37#define NDISC_DNSSL_MAX 64U
38#define NDISC_RDNSS_MAX 64U
a791fea0 39#define NDISC_ENCRYPTED_DNS_MAX 64U
4df16cd0 40/* Not defined in the RFC, but let's set an upper limit to make not consume much memory.
bf943a9d
YW		 41 * This should be safe as typically there should be at most 1 portal per network. */
42#define NDISC_CAPTIVE_PORTAL_MAX 64U
4df16cd0
YW		 43/* Neither defined in the RFC. Just for safety. Otherwise, malformed messages can make clients trigger OOM.
44 * Not sure if the threshold is high enough. Let's adjust later if not. */
45#define NDISC_PREF64_MAX 64U
fe307276 46
01420b2d
YW		 47static int ndisc_drop_outdated(Link *link, const struct in6_addr *router, usec_t timestamp_usec);
48
baa3fadf
DDM		 49char* ndisc_dnssl_domain(const NDiscDNSSL *n) {
50 return ((char*) n) + ALIGN(sizeof(NDiscDNSSL));
51}
52
52672db3 53bool link_ndisc_enabled(Link *link) {
062c020f
YW		 54 assert(link);
55
56 if (!socket_ipv6_is_supported())
57 return false;
58
59 if (link->flags & IFF_LOOPBACK)
60 return false;
61
f4ef1c19
YW		 62 if (link->iftype == ARPHRD_CAN)
63 return false;
64
062c020f
YW		 65 if (!link->network)
66 return false;
67
bd7e0a3f 68 if (!link_may_have_ipv6ll(link, /* check_multicast = */ true))
062c020f
YW		 69 return false;
70
769f9744 71 /* Honor explicitly specified value. */
52672db3
YW		 72 if (link->network->ndisc >= 0)
73 return link->network->ndisc;
3976c430 74
769f9744
YW		 75 /* Disable if RADV is enabled. */
76 if (link_radv_enabled(link))
77 return false;
78
3976c430
YW		 79 /* Accept RAs if IPv6 forwarding is disabled, and ignore RAs if IPv6 forwarding is enabled. */
80 int t = link_get_ip_forwarding(link, AF_INET6);
81 if (t >= 0)
82 return !t;
83
84 /* Otherwise, defaults to true. */
85 return true;
3773eb54
YW		 86}
87
52672db3 88void network_adjust_ndisc(Network *network) {
3773eb54
YW		 89 assert(network);
90
91 if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) {
52672db3 92 if (network->ndisc > 0)
f81ac115 93 log_warning("%s: IPv6AcceptRA= is enabled but IPv6 link-local addressing is disabled or not supported. "
3773eb54 94 "Disabling IPv6AcceptRA=.", network->filename);
52672db3 95 network->ndisc = false;
3773eb54
YW		 96 }
97
75d26411
YW		 98 /* When RouterAllowList=, PrefixAllowList= or RouteAllowList= are specified, then
99 * RouterDenyList=, PrefixDenyList= or RouteDenyList= are ignored, respectively. */
100 if (!set_isempty(network->ndisc_allow_listed_router))
32b5deb1 101 network->ndisc_deny_listed_router = set_free(network->ndisc_deny_listed_router);
de6b6ff8 102 if (!set_isempty(network->ndisc_allow_listed_prefix))
32b5deb1 103 network->ndisc_deny_listed_prefix = set_free(network->ndisc_deny_listed_prefix);
de6b6ff8 104 if (!set_isempty(network->ndisc_allow_listed_route_prefix))
32b5deb1 105 network->ndisc_deny_listed_route_prefix = set_free(network->ndisc_deny_listed_route_prefix);
062c020f
YW		 106}
107
3b6a3bde 108static int ndisc_check_ready(Link *link);
50550722 109
3b6a3bde
YW		 110static int ndisc_address_ready_callback(Address *address) {
111 Address *a;
50550722 112
3b6a3bde
YW		 113 assert(address);
114 assert(address->link);
50550722 115
3b6a3bde
YW		 116 SET_FOREACH(a, address->link->addresses)
117 if (a->source == NETWORK_CONFIG_SOURCE_NDISC)
118 a->callback = NULL;
50550722 119
3b6a3bde
YW		 120 return ndisc_check_ready(address->link);
121}
50550722 122
3b6a3bde
YW		 123static int ndisc_check_ready(Link *link) {
124 bool found = false, ready = false;
125 Address *address;
50550722 126
3b6a3bde 127 assert(link);
50550722 128
3b6a3bde
YW		 129 if (link->ndisc_messages > 0) {
130 log_link_debug(link, "%s(): SLAAC addresses and routes are not set.", __func__);
131 return 0;
132 }
50550722 133
3b6a3bde
YW		 134 SET_FOREACH(address, link->addresses) {
135 if (address->source != NETWORK_CONFIG_SOURCE_NDISC)
136 continue;
50550722 137
3b6a3bde 138 found = true;
50550722 139
3b6a3bde
YW		 140 if (address_is_ready(address)) {
141 ready = true;
142 break;
50550722 143 }
3b6a3bde 144 }
50550722 145
3b6a3bde
YW		 146 if (found && !ready) {
147 SET_FOREACH(address, link->addresses)
148 if (address->source == NETWORK_CONFIG_SOURCE_NDISC)
149 address->callback = ndisc_address_ready_callback;
50550722 150
3b6a3bde
YW		 151 log_link_debug(link, "%s(): no SLAAC address is ready.", __func__);
152 return 0;
50550722
YW		 153 }
154
3b6a3bde
YW		 155 link->ndisc_configured = true;
156 log_link_debug(link, "SLAAC addresses and routes set.");
50550722 157
3b6a3bde
YW		 158 link_check_ready(link);
159 return 0;
50550722
YW		 160}
161
0f8afaf9
YW		 162static int ndisc_remove_unused_nexthop(Link *link, NextHop *nexthop) {
163 int r;
164
165 assert(link);
166 assert(link->manager);
167 assert(link->ifindex > 0);
168 assert(nexthop);
169
170 if (nexthop->source != NETWORK_CONFIG_SOURCE_NDISC)
171 return 0;
172
173 if (nexthop->ifindex != link->ifindex)
174 return 0;
175
176 Route *route;
177 SET_FOREACH(route, nexthop->routes)
178 if (route_exists(route) || route_is_requesting(route))
179 return 0;
180
181 Request *req;
182 ORDERED_SET_FOREACH(req, link->manager->request_queue) {
183 if (req->type != REQUEST_TYPE_ROUTE)
184 continue;
185
186 route = ASSERT_PTR(req->userdata);
187 if (route->nexthop_id == nexthop->id)
188 return 0;
189 }
190
191 r = nexthop_remove_and_cancel(nexthop, link->manager);
192 if (r < 0)
193 return log_link_debug_errno(link, r, "Failed to remove unused nexthop: %m");
194
195 return 0;
196}
197
198static int ndisc_remove_unused_nexthop_by_id(Link *link, uint32_t id) {
199 assert(link);
200 assert(link->manager);
201
202 if (id == 0)
203 return 0;
204
205 NextHop *nexthop;
206 if (nexthop_get_by_id(link->manager, id, &nexthop) < 0)
207 return 0;
208
209 return ndisc_remove_unused_nexthop(link, nexthop);
210}
211
212static int ndisc_remove_unused_nexthops(Link *link) {
213 int ret = 0;
214
215 assert(link);
216 assert(link->manager);
217
218 NextHop *nexthop;
219 HASHMAP_FOREACH(nexthop, link->manager->nexthops_by_id)
220 RET_GATHER(ret, ndisc_remove_unused_nexthop(link, nexthop));
221
222 return ret;
223}
224
225#define NDISC_NEXTHOP_APP_ID SD_ID128_MAKE(76,d2,0f,1f,76,1e,44,d1,97,3a,52,5c,05,68,b5,0d)
226
1168489c 227static uint32_t ndisc_generate_nexthop_id(const NextHop *nexthop, Link *link, sd_id128_t app_id, uint64_t trial) {
0f8afaf9
YW		 228 assert(nexthop);
229 assert(link);
230
231 struct siphash state;
232 siphash24_init(&state, app_id.bytes);
233 siphash24_compress_typesafe(nexthop->protocol, &state);
234 siphash24_compress_string(link->ifname, &state);
235 siphash24_compress_typesafe(nexthop->gw.address.in6, &state);
236 siphash24_compress_typesafe(nexthop->provider.in6, &state);
237 uint64_t n = htole64(trial);
238 siphash24_compress_typesafe(n, &state);
239
240 uint64_t result = htole64(siphash24_finalize(&state));
241 return (uint32_t) ((result & 0xffffffff) ^ (result >> 32));
242}
243
1168489c 244static bool ndisc_nexthop_equal(const NextHop *a, const NextHop *b) {
0f8afaf9
YW		 245 assert(a);
246 assert(b);
247
248 if (a->source != b->source)
249 return false;
250 if (a->protocol != b->protocol)
251 return false;
252 if (a->ifindex != b->ifindex)
253 return false;
254 if (!in6_addr_equal(&a->provider.in6, &b->provider.in6))
255 return false;
256 if (!in6_addr_equal(&a->gw.address.in6, &b->gw.address.in6))
257 return false;
258
259 return true;
260}
261
1168489c 262static bool ndisc_take_nexthop_id(NextHop *nexthop, const NextHop *existing, Manager *manager) {
0f8afaf9 263 assert(nexthop);
1168489c 264 assert(nexthop->id == 0);
0f8afaf9 265 assert(existing);
1168489c 266 assert(existing->id > 0);
0f8afaf9
YW		 267 assert(manager);
268
269 if (!ndisc_nexthop_equal(nexthop, existing))
270 return false;
271
272 log_nexthop_debug(existing, "Found matching", manager);
273 nexthop->id = existing->id;
274 return true;
275}
276
277static int ndisc_nexthop_find_id(NextHop *nexthop, Link *link) {
278 NextHop *n;
279 Request *req;
280 int r;
281
282 assert(nexthop);
283 assert(link);
284 assert(link->manager);
285
286 sd_id128_t app_id;
287 r = sd_id128_get_machine_app_specific(NDISC_NEXTHOP_APP_ID, &app_id);
288 if (r < 0)
289 return r;
290
291 uint32_t id = ndisc_generate_nexthop_id(nexthop, link, app_id, 0);
292 if (nexthop_get_by_id(link->manager, id, &n) >= 0 &&
293 ndisc_take_nexthop_id(nexthop, n, link->manager))
294 return true;
295 if (nexthop_get_request_by_id(link->manager, id, &req) >= 0 &&
296 ndisc_take_nexthop_id(nexthop, req->userdata, link->manager))
297 return true;
298
299 HASHMAP_FOREACH(n, link->manager->nexthops_by_id)
300 if (ndisc_take_nexthop_id(nexthop, n, link->manager))
301 return true;
302
303 ORDERED_SET_FOREACH(req, link->manager->request_queue) {
304 if (req->type != REQUEST_TYPE_NEXTHOP)
305 continue;
306
307 if (ndisc_take_nexthop_id(nexthop, req->userdata, link->manager))
308 return true;
309 }
310
311 return false;
312}
313
1168489c 314static int ndisc_nexthop_new(const Route *route, Link *link, NextHop **ret) {
0f8afaf9
YW		 315 _cleanup_(nexthop_unrefp) NextHop *nexthop = NULL;
316 int r;
317
318 assert(route);
319 assert(link);
320 assert(ret);
321
322 r = nexthop_new(&nexthop);
323 if (r < 0)
324 return r;
325
326 nexthop->source = NETWORK_CONFIG_SOURCE_NDISC;
327 nexthop->provider = route->provider;
328 nexthop->protocol = route->protocol == RTPROT_REDIRECT ? RTPROT_REDIRECT : RTPROT_RA;
329 nexthop->family = AF_INET6;
330 nexthop->gw.address = route->nexthop.gw;
331 nexthop->ifindex = link->ifindex;
332
333 r = ndisc_nexthop_find_id(nexthop, link);
334 if (r < 0)
335 return r;
336
337 *ret = TAKE_PTR(nexthop);
338 return 0;
339}
340
341static int ndisc_nexthop_acquire_id(NextHop *nexthop, Link *link) {
342 int r;
343
344 assert(nexthop);
345 assert(nexthop->id == 0);
346 assert(link);
347 assert(link->manager);
348
349 sd_id128_t app_id;
350 r = sd_id128_get_machine_app_specific(NDISC_NEXTHOP_APP_ID, &app_id);
351 if (r < 0)
352 return r;
353
354 for (uint64_t trial = 0; trial < 100; trial++) {
355 uint32_t id = ndisc_generate_nexthop_id(nexthop, link, app_id, trial);
356 if (id == 0)
357 continue;
358
359 if (set_contains(link->manager->nexthop_ids, UINT32_TO_PTR(id)))
360 continue; /* The ID is already used in a .network file. */
361
362 if (nexthop_get_by_id(link->manager, id, NULL) >= 0)
363 continue; /* The ID is already used by an existing nexthop. */
364
365 if (nexthop_get_request_by_id(link->manager, id, NULL) >= 0)
366 continue; /* The ID is already used by a nexthop being requested. */
367
368 log_link_debug(link, "Generated new ndisc nexthop ID for %s with trial %"PRIu64": %"PRIu32,
369 IN6_ADDR_TO_STRING(&nexthop->gw.address.in6), trial, id);
370 nexthop->id = id;
371 return 0;
372 }
373
374 return log_link_debug_errno(link, SYNTHETIC_ERRNO(EBUSY), "Cannot find free nexthop ID for %s.",
375 IN6_ADDR_TO_STRING(&nexthop->gw.address.in6));
376}
377
378static int ndisc_nexthop_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, NextHop *nexthop) {
379 int r;
380
381 assert(link);
d28746ef 382 assert(nexthop);
0f8afaf9 383
d28746ef 384 r = nexthop_configure_handler_internal(m, link, nexthop);
0f8afaf9
YW		 385 if (r <= 0)
386 return r;
387
388 r = ndisc_check_ready(link);
389 if (r < 0)
390 link_enter_failed(link);
391
392 return 1;
393}
394
395static int ndisc_request_nexthop(NextHop *nexthop, Link *link) {
396 int r;
397
398 assert(nexthop);
399 assert(link);
400
401 if (nexthop->id > 0)
402 return 0;
403
404 r = ndisc_nexthop_acquire_id(nexthop, link);
405 if (r < 0)
406 return r;
407
408 r = link_request_nexthop(link, nexthop, &link->ndisc_messages, ndisc_nexthop_handler);
409 if (r < 0)
410 return r;
411 if (r > 0)
412 link->ndisc_configured = false;
413
414 return 0;
415}
416
417static int ndisc_set_route_nexthop(Route *route, Link *link, bool request) {
418 _cleanup_(nexthop_unrefp) NextHop *nexthop = NULL;
419 int r;
420
421 assert(route);
422 assert(link);
423 assert(link->manager);
424
425 if (!link->manager->manage_foreign_nexthops)
426 goto finalize;
427
428 if (route->nexthop.family != AF_INET6 || in6_addr_is_null(&route->nexthop.gw.in6))
429 goto finalize;
430
431 r = ndisc_nexthop_new(route, link, &nexthop);
432 if (r < 0)
433 return r;
434
435 if (nexthop->id == 0 && !request)
436 goto finalize;
437
438 r = ndisc_request_nexthop(nexthop, link);
439 if (r < 0)
440 return r;
441
442 route->nexthop = (RouteNextHop) {};
443 route->nexthop_id = nexthop->id;
444
445finalize:
446 return route_adjust_nexthops(route, link);
447}
448
80d62d4f 449static int ndisc_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Route *route) {
3b015d40
TG		 450 int r;
451
db8dc7c1 452 assert(req);
3b015d40 453 assert(link);
d28746ef 454 assert(route);
3b015d40 455
d28746ef 456 r = route_configure_handler_internal(m, req, route);
5a07fa9d
YW		 457 if (r <= 0)
458 return r;
3b015d40 459
3b6a3bde 460 r = ndisc_check_ready(link);
50550722 461 if (r < 0)
3b6a3bde 462 link_enter_failed(link);
76c5a0f2 463
3b6a3bde 464 return 1;
76c5a0f2
YW		 465}
466
6f812d28
YW		 467static void ndisc_set_route_priority(Link *link, Route *route) {
468 assert(link);
469 assert(route);
470
471 if (route->priority_set)
472 return; /* explicitly configured. */
473
474 switch (route->pref) {
475 case SD_NDISC_PREFERENCE_LOW:
52672db3 476 route->priority = link->network->ndisc_route_metric_low;
6f812d28
YW		 477 break;
478 case SD_NDISC_PREFERENCE_MEDIUM:
52672db3 479 route->priority = link->network->ndisc_route_metric_medium;
6f812d28
YW		 480 break;
481 case SD_NDISC_PREFERENCE_HIGH:
52672db3 482 route->priority = link->network->ndisc_route_metric_high;
6f812d28
YW		 483 break;
484 default:
485 assert_not_reached();
486 }
487}
488
33cab1d4 489static int ndisc_request_route(Route *route, Link *link) {
76c5a0f2
YW		 490 int r;
491
492 assert(route);
493 assert(link);
8d01e44c 494 assert(link->manager);
f95fb199 495 assert(link->network);
3b6a3bde 496
52672db3 497 r = route_metric_set(&route->metric, RTAX_QUICKACK, link->network->ndisc_quickack);
ebf4fa1e
YW		 498 if (r < 0)
499 return r;
f141b2c0 500
0f8afaf9 501 r = ndisc_set_route_nexthop(route, link, /* request = */ true);
2f542fc3
YW		 502 if (r < 0)
503 return r;
504
972f1d17
YW		 505 uint8_t pref, pref_original = route->pref;
506 FOREACH_ARGUMENT(pref, SD_NDISC_PREFERENCE_LOW, SD_NDISC_PREFERENCE_MEDIUM, SD_NDISC_PREFERENCE_HIGH) {
507 Route *existing;
508 Request *req;
509
510 /* If the preference is specified by the user config (that is, for semi-static routes),
511 * rather than RA, then only search conflicting routes that have the same preference. */
512 if (route->pref_set && pref != pref_original)
513 continue;
514
515 route->pref = pref;
516 ndisc_set_route_priority(link, route);
517
518 /* Note, here do not call route_remove_and_cancel() with 'route' directly, otherwise
519 * existing route(s) may be removed needlessly. */
520
7af3e8cd
YW		 521 /* First, check if a conflicting route is already requested. If there is an existing route,
522 * and also an existing pending request, then the source may be updated by the request. So,
523 * we first need to check the source of the requested route. */
524 if (route_get_request(link->manager, route, &req) >= 0) {
e2060bc1
YW		 525 route->pref = pref_original;
526 ndisc_set_route_priority(link, route);
527
7af3e8cd 528 existing = ASSERT_PTR(req->userdata);
f06e6d19 529 if (!route_can_update(link->manager, existing, route)) {
7af3e8cd
YW		 530 if (existing->source == NETWORK_CONFIG_SOURCE_STATIC) {
531 log_link_debug(link, "Found a pending route request that conflicts with new request based on a received RA, ignoring request.");
532 return 0;
533 }
534
535 log_link_debug(link, "Found a pending route request that conflicts with new request based on a received RA, cancelling.");
972f1d17
YW		 536 r = route_remove_and_cancel(existing, link->manager);
537 if (r < 0)
538 return r;
539 }
540 }
541
e2060bc1
YW		 542 route->pref = pref;
543 ndisc_set_route_priority(link, route);
544
7af3e8cd
YW		 545 /* Then, check if a conflicting route exists. */
546 if (route_get(link->manager, route, &existing) >= 0) {
e2060bc1
YW		 547 route->pref = pref_original;
548 ndisc_set_route_priority(link, route);
549
f06e6d19 550 if (!route_can_update(link->manager, existing, route)) {
7af3e8cd
YW		 551 if (existing->source == NETWORK_CONFIG_SOURCE_STATIC) {
552 log_link_debug(link, "Found an existing route that conflicts with new route based on a received RA, ignoring request.");
553 return 0;
554 }
555
556 log_link_debug(link, "Found an existing route that conflicts with new route based on a received RA, removing.");
972f1d17
YW		 557 r = route_remove_and_cancel(existing, link->manager);
558 if (r < 0)
559 return r;
560 }
561 }
562 }
563
564 /* The preference (and priority) may be changed in the above loop. Restore it. */
565 route->pref = pref_original;
566 ndisc_set_route_priority(link, route);
567
33cab1d4 568 bool is_new = route_get(link->manager, route, NULL) < 0;
d9a95033 569
5a18697d 570 r = link_request_route(link, route, &link->ndisc_messages, ndisc_route_handler);
d9a95033
YW		 571 if (r < 0)
572 return r;
573 if (r > 0 && is_new)
3b6a3bde 574 link->ndisc_configured = false;
50550722 575
d9a95033 576 return 0;
50550722
YW		 577}
578
74e0b590
YW		 579static void ndisc_route_prepare(Route *route, Link *link) {
580 assert(route);
581 assert(link);
582
583 route->source = NETWORK_CONFIG_SOURCE_NDISC;
584
585 if (!route->table_set)
586 route->table = link_get_ndisc_route_table(link);
587}
588
589static int ndisc_router_route_prepare(Route *route, Link *link, sd_ndisc_router *rt) {
590 assert(route);
591 assert(link);
592 assert(rt);
593
594 ndisc_route_prepare(route, link);
595
596 if (!route->protocol_set)
597 route->protocol = RTPROT_RA;
598
599 return sd_ndisc_router_get_sender_address(rt, &route->provider.in6);
600}
601
33cab1d4
YW		 602static int ndisc_request_router_route(Route *route, Link *link, sd_ndisc_router *rt) {
603 int r;
604
605 assert(route);
606 assert(link);
607 assert(rt);
608
74e0b590 609 r = ndisc_router_route_prepare(route, link, rt);
33cab1d4
YW		 610 if (r < 0)
611 return r;
612
33cab1d4
YW		 613 return ndisc_request_route(route, link);
614}
615
479d3e19 616static int ndisc_remove_route(Route *route, Link *link) {
42d9660f 617 int r, ret = 0;
479d3e19
YW		 618
619 assert(route);
620 assert(link);
621 assert(link->manager);
622
0f8afaf9 623 r = ndisc_set_route_nexthop(route, link, /* request = */ false);
479d3e19
YW		 624 if (r < 0)
625 return r;
626
fd436c8d 627 uint8_t pref, pref_original = route->pref;
479d3e19 628 FOREACH_ARGUMENT(pref, SD_NDISC_PREFERENCE_LOW, SD_NDISC_PREFERENCE_MEDIUM, SD_NDISC_PREFERENCE_HIGH) {
fd436c8d
YW		 629 Route *existing;
630 Request *req;
631
632 /* If the preference is specified by the user config (that is, for semi-static routes),
633 * rather than RA, then only search conflicting routes that have the same preference. */
634 if (route->pref_set && pref != pref_original)
635 continue;
636
479d3e19
YW		 637 route->pref = pref;
638 ndisc_set_route_priority(link, route);
fd436c8d
YW		 639
640 /* Unfortunately, we cannot directly pass 'route' to route_remove_and_cancel() here, as the
641 * same or similar route may be configured or requested statically. */
642
643 /* First, check if the route is already requested. If there is an existing route, and also an
644 * existing pending request, then the source may be updated by the request. So, we first need
645 * to check the source of the requested route. */
646 if (route_get_request(link->manager, route, &req) >= 0) {
647 existing = ASSERT_PTR(req->userdata);
648 if (existing->source == NETWORK_CONFIG_SOURCE_STATIC)
649 continue;
650
42d9660f 651 RET_GATHER(ret, route_remove_and_cancel(existing, link->manager));
fd436c8d
YW		 652 }
653
654 /* Then, check if the route exists. */
655 if (route_get(link->manager, route, &existing) >= 0) {
656 if (existing->source == NETWORK_CONFIG_SOURCE_STATIC)
657 continue;
658
42d9660f 659 RET_GATHER(ret, route_remove_and_cancel(existing, link->manager));
fd436c8d 660 }
479d3e19
YW		 661 }
662
0f8afaf9 663 return RET_GATHER(ret, ndisc_remove_unused_nexthop_by_id(link, route->nexthop_id));
479d3e19
YW		 664}
665
74e0b590
YW		 666static int ndisc_remove_router_route(Route *route, Link *link, sd_ndisc_router *rt) {
667 int r;
668
669 assert(route);
670 assert(link);
671 assert(rt);
672
673 r = ndisc_router_route_prepare(route, link, rt);
674 if (r < 0)
675 return r;
676
677 return ndisc_remove_route(route, link);
678}
679
80d62d4f 680static int ndisc_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Address *address) {
73854ba1
YW		 681 int r;
682
683 assert(link);
d28746ef 684 assert(address);
73854ba1 685
d28746ef 686 r = address_configure_handler_internal(m, link, address);
5a07fa9d
YW		 687 if (r <= 0)
688 return r;
73854ba1 689
3b6a3bde 690 r = ndisc_check_ready(link);
50550722 691 if (r < 0)
3b6a3bde 692 link_enter_failed(link);
69203fba 693
3b6a3bde 694 return 1;
69203fba
YW		 695}
696
2d4c9c42 697static int ndisc_request_address(Address *address, Link *link) {
d9a95033 698 bool is_new;
76c5a0f2
YW		 699 int r;
700
701 assert(address);
702 assert(link);
76c5a0f2 703
2d4c9c42 704 address->source = NETWORK_CONFIG_SOURCE_NDISC;
76c5a0f2 705
4b3590c3
TM		 706 r = free_and_strdup_warn(&address->netlabel, link->network->ndisc_netlabel);
707 if (r < 0)
708 return r;
709
e720ad88
YW		 710 Address *existing;
711 if (address_get_harder(link, address, &existing) < 0)
712 is_new = true;
713 else if (address_can_update(existing, address))
714 is_new = false;
715 else if (existing->source == NETWORK_CONFIG_SOURCE_DHCP6) {
716 /* SLAAC address is preferred over DHCPv6 address. */
717 log_link_debug(link, "Conflicting DHCPv6 address %s exists, removing.",
718 IN_ADDR_PREFIX_TO_STRING(existing->family, &existing->in_addr, existing->prefixlen));
719 r = address_remove(existing, link);
720 if (r < 0)
721 return r;
722
723 is_new = true;
724 } else {
725 /* Conflicting static address is configured?? */
726 log_link_debug(link, "Conflicting address %s exists, ignoring request.",
727 IN_ADDR_PREFIX_TO_STRING(existing->family, &existing->in_addr, existing->prefixlen));
728 return 0;
729 }
d9a95033 730
f60e6558 731 r = link_request_address(link, address, &link->ndisc_messages,
d9a95033
YW		 732 ndisc_address_handler, NULL);
733 if (r < 0)
734 return r;
735 if (r > 0 && is_new)
3b6a3bde 736 link->ndisc_configured = false;
3b6a3bde 737
d9a95033 738 return 0;
76c5a0f2
YW		 739}
740
e14679ff
YW		 741int ndisc_reconfigure_address(Address *address, Link *link) {
742 int r;
743
744 assert(address);
745 assert(address->source == NETWORK_CONFIG_SOURCE_NDISC);
746 assert(link);
747
748 r = regenerate_address(address, link);
749 if (r <= 0)
750 return r;
751
2d4c9c42 752 r = ndisc_request_address(address, link);
e14679ff
YW		 753 if (r < 0)
754 return r;
755
756 if (!link->ndisc_configured)
757 link_set_state(link, LINK_STATE_CONFIGURING);
758
759 link_check_ready(link);
760 return 0;
761}
762
6df00594
YW		 763static int ndisc_redirect_route_new(sd_ndisc_redirect *rd, Route **ret) {
764 _cleanup_(route_unrefp) Route *route = NULL;
765 struct in6_addr gateway, destination;
766 int r;
767
768 assert(rd);
769 assert(ret);
770
771 r = sd_ndisc_redirect_get_target_address(rd, &gateway);
772 if (r < 0)
773 return r;
774
775 r = sd_ndisc_redirect_get_destination_address(rd, &destination);
776 if (r < 0)
777 return r;
778
779 r = route_new(&route);
780 if (r < 0)
781 return r;
782
783 route->family = AF_INET6;
784 if (!in6_addr_equal(&gateway, &destination)) {
785 route->nexthop.gw.in6 = gateway;
786 route->nexthop.family = AF_INET6;
787 }
788 route->dst.in6 = destination;
789 route->dst_prefixlen = 128;
33cab1d4
YW		 790 route->protocol = RTPROT_REDIRECT;
791
792 r = sd_ndisc_redirect_get_sender_address(rd, &route->provider.in6);
793 if (r < 0)
794 return r;
6df00594
YW		 795
796 *ret = TAKE_PTR(route);
797 return 0;
798}
799
6df00594
YW		 800static int ndisc_remove_redirect_route(Link *link, sd_ndisc_redirect *rd) {
801 _cleanup_(route_unrefp) Route *route = NULL;
802 int r;
803
804 assert(link);
805 assert(rd);
806
807 r = ndisc_redirect_route_new(rd, &route);
808 if (r < 0)
809 return r;
810
74e0b590
YW		 811 ndisc_route_prepare(route, link);
812
6df00594
YW		 813 return ndisc_remove_route(route, link);
814}
815
816static void ndisc_redirect_hash_func(const sd_ndisc_redirect *x, struct siphash *state) {
817 struct in6_addr dest = {};
818
819 assert(x);
820 assert(state);
821
822 (void) sd_ndisc_redirect_get_destination_address((sd_ndisc_redirect*) x, &dest);
823
824 siphash24_compress_typesafe(dest, state);
825}
826
827static int ndisc_redirect_compare_func(const sd_ndisc_redirect *x, const sd_ndisc_redirect *y) {
828 struct in6_addr dest_x = {}, dest_y = {};
829
830 assert(x);
831 assert(y);
832
833 (void) sd_ndisc_redirect_get_destination_address((sd_ndisc_redirect*) x, &dest_x);
834 (void) sd_ndisc_redirect_get_destination_address((sd_ndisc_redirect*) y, &dest_y);
835
836 return memcmp(&dest_x, &dest_y, sizeof(dest_x));
837}
838
839DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
840 ndisc_redirect_hash_ops,
841 sd_ndisc_redirect,
842 ndisc_redirect_hash_func,
843 ndisc_redirect_compare_func,
844 sd_ndisc_redirect_unref);
845
846static int ndisc_redirect_equal(sd_ndisc_redirect *x, sd_ndisc_redirect *y) {
847 struct in6_addr a, b;
848 int r;
849
850 assert(x);
851 assert(y);
852
853 r = sd_ndisc_redirect_get_destination_address(x, &a);
854 if (r < 0)
855 return r;
856
857 r = sd_ndisc_redirect_get_destination_address(y, &b);
858 if (r < 0)
859 return r;
860
861 if (!in6_addr_equal(&a, &b))
862 return false;
863
864 r = sd_ndisc_redirect_get_target_address(x, &a);
865 if (r < 0)
866 return r;
867
868 r = sd_ndisc_redirect_get_target_address(y, &b);
869 if (r < 0)
870 return r;
871
872 return in6_addr_equal(&a, &b);
873}
874
875static int ndisc_redirect_drop_conflict(Link *link, sd_ndisc_redirect *rd) {
876 _cleanup_(sd_ndisc_redirect_unrefp) sd_ndisc_redirect *existing = NULL;
877 int r;
878
879 assert(link);
880 assert(rd);
881
882 existing = set_remove(link->ndisc_redirects, rd);
883 if (!existing)
884 return 0;
885
886 r = ndisc_redirect_equal(rd, existing);
887 if (r != 0)
888 return r;
889
890 return ndisc_remove_redirect_route(link, existing);
891}
892
f7681475 893static int ndisc_redirect_verify_sender(Link *link, sd_ndisc_redirect *rd) {
6df00594
YW		 894 int r;
895
896 assert(link);
6df00594
YW		 897 assert(rd);
898
9944629e
YW		 899 /* RFC 4861 section 8.1
900 * The IP source address of the Redirect is the same as the current first-hop router for the specified
901 * ICMP Destination Address. */
6df00594 902
01420b2d 903 struct in6_addr sender;
9944629e 904 r = sd_ndisc_redirect_get_sender_address(rd, &sender);
6df00594
YW		 905 if (r < 0)
906 return r;
907
01420b2d
YW		 908 /* We will reuse the sender's router lifetime as the lifetime of the redirect route. Hence, if we
909 * have not remembered an RA from the sender, refuse the Redirect message. */
910 sd_ndisc_router *router = hashmap_get(link->ndisc_routers_by_sender, &sender);
911 if (!router)
912 return false;
913
914 sd_ndisc_redirect *existing = set_get(link->ndisc_redirects, rd);
9944629e
YW		 915 if (existing) {
916 struct in6_addr target, dest;
6df00594 917
9944629e 918 /* If we have received Redirect message for the host, the sender must be the previous target. */
6df00594 919
9944629e
YW		 920 r = sd_ndisc_redirect_get_target_address(existing, &target);
921 if (r < 0)
922 return r;
6df00594 923
9944629e
YW		 924 if (in6_addr_equal(&sender, &target))
925 return true;
926
927 /* If the existing redirect route is on-link, that is, the destination and target address are
928 * equivalent, then also accept Redirect message from the current default router. This is not
929 * mentioned by the RFC, but without this, we cannot update on-link redirect route. */
930 r = sd_ndisc_redirect_get_destination_address(existing, &dest);
931 if (r < 0)
932 return r;
933
934 if (!in6_addr_equal(&dest, &target))
935 return false;
936 }
937
01420b2d
YW		 938 /* Check if the sender is one of the known router with highest priority. */
939 uint8_t preference;
940 r = sd_ndisc_router_get_preference(router, &preference);
6df00594
YW		 941 if (r < 0)
942 return r;
943
01420b2d
YW		 944 if (preference == SD_NDISC_PREFERENCE_HIGH)
945 return true;
946
947 sd_ndisc_router *rt;
948 HASHMAP_FOREACH(rt, link->ndisc_routers_by_sender) {
949 if (rt == router)
950 continue;
951
952 uint8_t pref;
953 if (sd_ndisc_router_get_preference(rt, &pref) < 0)
954 continue;
955
956 if (pref == SD_NDISC_PREFERENCE_HIGH ||
957 (pref == SD_NDISC_PREFERENCE_MEDIUM && preference == SD_NDISC_PREFERENCE_LOW))
958 return false;
959 }
960
961 return true;
f7681475
YW		 962}
963
964static int ndisc_redirect_handler(Link *link, sd_ndisc_redirect *rd) {
965 int r;
966
967 assert(link);
968 assert(link->network);
969 assert(rd);
6df00594 970
f7681475
YW		 971 if (!link->network->ndisc_use_redirect)
972 return 0;
973
01420b2d
YW		 974 usec_t now_usec;
975 r = sd_event_now(link->manager->event, CLOCK_BOOTTIME, &now_usec);
976 if (r < 0)
977 return r;
978
979 r = ndisc_drop_outdated(link, /* router = */ NULL, now_usec);
980 if (r < 0)
981 return r;
982
f7681475
YW		 983 r = ndisc_redirect_verify_sender(link, rd);
984 if (r <= 0)
985 return r;
6df00594 986
d9688518 987 /* First, drop conflicting redirect route, if exists. */
6df00594
YW		 988 r = ndisc_redirect_drop_conflict(link, rd);
989 if (r < 0)
990 return r;
991
d9688518 992 /* Then, remember the received message. */
6df00594
YW		 993 r = set_ensure_put(&link->ndisc_redirects, &ndisc_redirect_hash_ops, rd);
994 if (r < 0)
995 return r;
996
997 sd_ndisc_redirect_ref(rd);
998
d9688518
YW		 999 /* Finally, request the corresponding route. */
1000 _cleanup_(route_unrefp) Route *route = NULL;
1001 r = ndisc_redirect_route_new(rd, &route);
1002 if (r < 0)
1003 return r;
1004
01420b2d
YW		 1005 sd_ndisc_router *rt = hashmap_get(link->ndisc_routers_by_sender, &route->provider.in6);
1006 if (!rt)
1007 return -EADDRNOTAVAIL;
1008
1009 r = sd_ndisc_router_get_lifetime_timestamp(rt, CLOCK_BOOTTIME, &route->lifetime_usec);
1010 if (r < 0)
1011 return r;
1012
74e0b590
YW		 1013 ndisc_route_prepare(route, link);
1014
d9688518 1015 return ndisc_request_route(route, link);
6df00594
YW		 1016}
1017
9944629e
YW		 1018static int ndisc_drop_redirect(Link *link, const struct in6_addr *router) {
1019 int r, ret = 0;
6df00594
YW		 1020
1021 assert(link);
1022
6df00594
YW		 1023 sd_ndisc_redirect *rd;
1024 SET_FOREACH(rd, link->ndisc_redirects) {
9944629e 1025 if (router) {
01420b2d 1026 struct in6_addr a;
9944629e 1027
01420b2d
YW		 1028 if (!(sd_ndisc_redirect_get_sender_address(rd, &a) >= 0 && in6_addr_equal(&a, router)) &&
1029 !(sd_ndisc_redirect_get_target_address(rd, &a) >= 0 && in6_addr_equal(&a, router)))
9944629e 1030 continue;
6df00594
YW		 1031 }
1032
9944629e
YW		 1033 r = ndisc_remove_redirect_route(link, rd);
1034 if (r < 0)
1035 RET_GATHER(ret, log_link_warning_errno(link, r, "Failed to remove redirect route, ignoring: %m"));
1036
6df00594
YW		 1037 sd_ndisc_redirect_unref(set_remove(link->ndisc_redirects, rd));
1038 }
1039
9944629e 1040 return ret;
6df00594
YW		 1041}
1042
1043static int ndisc_update_redirect_sender(Link *link, const struct in6_addr *original_address, const struct in6_addr *current_address) {
1044 int r;
1045
1046 assert(link);
1047 assert(original_address);
1048 assert(current_address);
1049
1050 sd_ndisc_redirect *rd;
1051 SET_FOREACH(rd, link->ndisc_redirects) {
1052 struct in6_addr sender;
1053
1054 r = sd_ndisc_redirect_get_sender_address(rd, &sender);
1055 if (r < 0)
1056 return r;
1057
1058 if (!in6_addr_equal(&sender, original_address))
1059 continue;
1060
1061 r = sd_ndisc_redirect_set_sender_address(rd, current_address);
1062 if (r < 0)
1063 return r;
1064 }
1065
1066 return 0;
1067}
1068
479d3e19
YW		 1069static int ndisc_router_drop_default(Link *link, sd_ndisc_router *rt) {
1070 _cleanup_(route_unrefp) Route *route = NULL;
1071 struct in6_addr gateway;
1072 int r;
1073
1074 assert(link);
1075 assert(link->network);
1076 assert(rt);
1077
9ca04752 1078 r = sd_ndisc_router_get_sender_address(rt, &gateway);
479d3e19
YW		 1079 if (r < 0)
1080 return log_link_warning_errno(link, r, "Failed to get router address from RA: %m");
1081
1082 r = route_new(&route);
1083 if (r < 0)
1084 return log_oom();
1085
1086 route->family = AF_INET6;
1087 route->nexthop.family = AF_INET6;
1088 route->nexthop.gw.in6 = gateway;
1089
74e0b590 1090 r = ndisc_remove_router_route(route, link, rt);
479d3e19
YW		 1091 if (r < 0)
1092 return log_link_warning_errno(link, r, "Failed to remove the default gateway configured by RA: %m");
1093
1094 Route *route_gw;
1095 HASHMAP_FOREACH(route_gw, link->network->routes_by_section) {
1096 _cleanup_(route_unrefp) Route *tmp = NULL;
1097
e92f40c6 1098 if (route_gw->source != NETWORK_CONFIG_SOURCE_NDISC)
479d3e19
YW		 1099 continue;
1100
e92f40c6 1101 assert(route_gw->nexthop.family == AF_INET6);
479d3e19
YW		 1102
1103 r = route_dup(route_gw, NULL, &tmp);
1104 if (r < 0)
1105 return r;
1106
1107 tmp->nexthop.gw.in6 = gateway;
1108
74e0b590 1109 r = ndisc_remove_router_route(tmp, link, rt);
479d3e19
YW		 1110 if (r < 0)
1111 return log_link_warning_errno(link, r, "Could not remove semi-static gateway: %m");
1112 }
1113
1114 return 0;
1115}
1116
d5017c84 1117static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) {
6197db53 1118 usec_t lifetime_usec;
b8ce3b44 1119 struct in6_addr gateway;
9ca04752 1120 uint8_t preference;
13e8a49a 1121 int r;
3b015d40 1122
3b015d40 1123 assert(link);
610c0db1 1124 assert(link->network);
1e7a0e21 1125 assert(rt);
3b015d40 1126
479d3e19
YW		 1127 /* If the router lifetime is zero, the router should not be used as the default gateway. */
1128 r = sd_ndisc_router_get_lifetime(rt, NULL);
1129 if (r < 0)
1130 return r;
1131 if (r == 0)
1132 return ndisc_router_drop_default(link, rt);
1133
52672db3 1134 if (!link->network->ndisc_use_gateway &&
610c0db1
YW		 1135 hashmap_isempty(link->network->routes_by_section))
1136 return 0;
1137
6197db53 1138 r = sd_ndisc_router_get_lifetime_timestamp(rt, CLOCK_BOOTTIME, &lifetime_usec);
d5017c84 1139 if (r < 0)
2c5bca17 1140 return log_link_warning_errno(link, r, "Failed to get gateway lifetime from RA: %m");
d5017c84 1141
9ca04752 1142 r = sd_ndisc_router_get_sender_address(rt, &gateway);
d5017c84 1143 if (r < 0)
2c5bca17 1144 return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
1e7a0e21
LP		 1145
1146 r = sd_ndisc_router_get_preference(rt, &preference);
d5017c84 1147 if (r < 0)
34acdf90 1148 return log_link_warning_errno(link, r, "Failed to get router preference from RA: %m");
1e7a0e21 1149
52672db3 1150 if (link->network->ndisc_use_gateway) {
74c301b9 1151 _cleanup_(route_unrefp) Route *route = NULL;
1e7a0e21 1152
610c0db1
YW		 1153 r = route_new(&route);
1154 if (r < 0)
1155 return log_oom();
1e7a0e21 1156
610c0db1
YW		 1157 route->family = AF_INET6;
1158 route->pref = preference;
054b8c28
YW		 1159 route->nexthop.family = AF_INET6;
1160 route->nexthop.gw.in6 = gateway;
610c0db1 1161 route->lifetime_usec = lifetime_usec;
610c0db1 1162
33cab1d4 1163 r = ndisc_request_router_route(route, link, rt);
610c0db1 1164 if (r < 0)
2c5bca17 1165 return log_link_warning_errno(link, r, "Could not request default route: %m");
610c0db1 1166 }
d5017c84 1167
1985c54f 1168 Route *route_gw;
2a54a044 1169 HASHMAP_FOREACH(route_gw, link->network->routes_by_section) {
74c301b9 1170 _cleanup_(route_unrefp) Route *route = NULL;
610c0db1 1171
e92f40c6 1172 if (route_gw->source != NETWORK_CONFIG_SOURCE_NDISC)
1985c54f
YW		 1173 continue;
1174
e92f40c6 1175 assert(route_gw->nexthop.family == AF_INET6);
1985c54f 1176
413ea20a 1177 r = route_dup(route_gw, NULL, &route);
76c5a0f2
YW		 1178 if (r < 0)
1179 return r;
1180
054b8c28 1181 route->nexthop.gw.in6 = gateway;
76c5a0f2
YW		 1182 if (!route->pref_set)
1183 route->pref = preference;
91fc5135 1184 route->lifetime_usec = lifetime_usec;
76c5a0f2 1185
33cab1d4 1186 r = ndisc_request_router_route(route, link, rt);
13e8a49a 1187 if (r < 0)
2c5bca17 1188 return log_link_warning_errno(link, r, "Could not request gateway: %m");
1985c54f
YW		 1189 }
1190
0f9a2b80
YW		 1191 return 0;
1192}
91750028 1193
01420b2d
YW		 1194DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
1195 ndisc_router_hash_ops,
1196 struct in6_addr,
1197 in6_addr_hash_func,
1198 in6_addr_compare_func,
1199 sd_ndisc_router,
1200 sd_ndisc_router_unref);
1201
1202static int ndisc_update_router_address(Link *link, const struct in6_addr *original_address, const struct in6_addr *current_address) {
1203 _cleanup_(sd_ndisc_router_unrefp) sd_ndisc_router *rt = NULL;
b03d7291
YW		 1204 int r;
1205
1206 assert(link);
1207 assert(original_address);
1208 assert(current_address);
1209
01420b2d
YW		 1210 rt = hashmap_remove(link->ndisc_routers_by_sender, original_address);
1211 if (!rt)
b03d7291
YW		 1212 return 0;
1213
01420b2d
YW		 1214 /* If we already received an RA from the new address, then forget the RA from the old address. */
1215 if (hashmap_contains(link->ndisc_routers_by_sender, current_address))
b03d7291
YW		 1216 return 0;
1217
01420b2d
YW		 1218 /* Otherwise, update the sender address of the previously received RA. */
1219 r = sd_ndisc_router_set_sender_address(rt, current_address);
b03d7291
YW		 1220 if (r < 0)
1221 return r;
1222
01420b2d
YW		 1223 r = hashmap_put(link->ndisc_routers_by_sender, &rt->packet->sender_address, rt);
1224 if (r < 0)
1225 return r;
b03d7291 1226
01420b2d 1227 TAKE_PTR(rt);
b03d7291
YW		 1228 return 0;
1229}
1230
01420b2d 1231static int ndisc_drop_router_one(Link *link, sd_ndisc_router *rt, usec_t timestamp_usec) {
b03d7291 1232 usec_t lifetime_usec;
b03d7291
YW		 1233 int r;
1234
01420b2d
YW		 1235 assert(link);
1236 assert(rt);
1237 assert(rt->packet);
b03d7291 1238
01420b2d 1239 r = sd_ndisc_router_get_lifetime_timestamp(rt, CLOCK_BOOTTIME, &lifetime_usec);
b03d7291
YW		 1240 if (r < 0)
1241 return r;
1242
01420b2d
YW		 1243 if (lifetime_usec > timestamp_usec)
1244 return 0;
b03d7291 1245
01420b2d 1246 r = ndisc_drop_redirect(link, &rt->packet->sender_address);
b03d7291 1247
01420b2d 1248 sd_ndisc_router_unref(hashmap_remove(link->ndisc_routers_by_sender, &rt->packet->sender_address));
b03d7291 1249
01420b2d
YW		 1250 return r;
1251}
b03d7291 1252
01420b2d
YW		 1253static int ndisc_drop_routers(Link *link, const struct in6_addr *router, usec_t timestamp_usec) {
1254 sd_ndisc_router *rt;
1255 int ret = 0;
b03d7291 1256
01420b2d 1257 assert(link);
b03d7291 1258
01420b2d
YW		 1259 if (router) {
1260 rt = hashmap_get(link->ndisc_routers_by_sender, router);
1261 if (!rt)
1262 return 0;
b03d7291 1263
01420b2d
YW		 1264 return ndisc_drop_router_one(link, rt, timestamp_usec);
1265 }
b03d7291 1266
01420b2d
YW		 1267 HASHMAP_FOREACH_KEY(rt, router, link->ndisc_routers_by_sender)
1268 RET_GATHER(ret, ndisc_drop_router_one(link, rt, timestamp_usec));
b03d7291 1269
01420b2d 1270 return ret;
b03d7291
YW		 1271}
1272
01420b2d 1273static int ndisc_remember_router(Link *link, sd_ndisc_router *rt) {
b03d7291
YW		 1274 int r;
1275
1276 assert(link);
1277 assert(rt);
01420b2d
YW		 1278 assert(rt->packet);
1279
1280 sd_ndisc_router_unref(hashmap_remove(link->ndisc_routers_by_sender, &rt->packet->sender_address));
b03d7291 1281
01420b2d
YW		 1282 /* Remember RAs with non-zero lifetime. */
1283 r = sd_ndisc_router_get_lifetime(rt, NULL);
b03d7291
YW		 1284 if (r <= 0)
1285 return r;
1286
01420b2d
YW		 1287 r = hashmap_ensure_put(&link->ndisc_routers_by_sender, &ndisc_router_hash_ops, &rt->packet->sender_address, rt);
1288 if (r < 0)
1289 return r;
b03d7291 1290
01420b2d
YW		 1291 sd_ndisc_router_ref(rt);
1292 return 0;
b03d7291
YW		 1293}
1294
1452d497
YW		 1295static int ndisc_router_process_reachable_time(Link *link, sd_ndisc_router *rt) {
1296 usec_t reachable_time, msec;
1297 int r;
1298
1299 assert(link);
64629617 1300 assert(link->manager);
1452d497
YW		 1301 assert(link->network);
1302 assert(rt);
1303
52672db3 1304 if (!link->network->ndisc_use_reachable_time)
1452d497
YW		 1305 return 0;
1306
1452d497
YW		 1307 r = sd_ndisc_router_get_reachable_time(rt, &reachable_time);
1308 if (r < 0)
1309 return log_link_warning_errno(link, r, "Failed to get reachable time from RA: %m");
1310
1311 /* 0 is the unspecified value and must not be set (see RFC4861, 6.3.4) */
1312 if (!timestamp_is_set(reachable_time))
1313 return 0;
1314
1315 msec = DIV_ROUND_UP(reachable_time, USEC_PER_MSEC);
1316 if (msec <= 0 || msec > UINT32_MAX) {
1317 log_link_debug(link, "Failed to get reachable time from RA - out of range (%"PRIu64"), ignoring", msec);
1318 return 0;
1319 }
1320
1321 /* Set the reachable time for Neighbor Solicitations. */
099ee34c 1322 r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "base_reachable_time_ms", (uint32_t) msec, manager_get_sysctl_shadow(link->manager));
1452d497
YW		 1323 if (r < 0)
1324 log_link_warning_errno(link, r, "Failed to apply neighbor reachable time (%"PRIu64"), ignoring: %m", msec);
1325
1326 return 0;
1327}
1328
d4c8de21
MM		 1329static int ndisc_router_process_retransmission_time(Link *link, sd_ndisc_router *rt) {
1330 usec_t retrans_time, msec;
1331 int r;
1332
1333 assert(link);
64629617 1334 assert(link->manager);
d4c8de21
MM		 1335 assert(link->network);
1336 assert(rt);
1337
52672db3 1338 if (!link->network->ndisc_use_retransmission_time)
d4c8de21
MM		 1339 return 0;
1340
1341 r = sd_ndisc_router_get_retransmission_time(rt, &retrans_time);
b409ac6c
YW		 1342 if (r < 0)
1343 return log_link_warning_errno(link, r, "Failed to get retransmission time from RA: %m");
d4c8de21
MM		 1344
1345 /* 0 is the unspecified value and must not be set (see RFC4861, 6.3.4) */
1346 if (!timestamp_is_set(retrans_time))
1347 return 0;
1348
1349 msec = DIV_ROUND_UP(retrans_time, USEC_PER_MSEC);
1350 if (msec <= 0 || msec > UINT32_MAX) {
1351 log_link_debug(link, "Failed to get retransmission time from RA - out of range (%"PRIu64"), ignoring", msec);
1352 return 0;
1353 }
1354
6a8026e8 1355 /* Set the retransmission time for Neighbor Solicitations. */
099ee34c 1356 r = sysctl_write_ip_neighbor_property_uint32(AF_INET6, link->ifname, "retrans_time_ms", (uint32_t) msec, manager_get_sysctl_shadow(link->manager));
d4c8de21 1357 if (r < 0)
ffef01ac 1358 log_link_warning_errno(link, r, "Failed to apply neighbor retransmission time (%"PRIu64"), ignoring: %m", msec);
d4c8de21
MM		 1359
1360 return 0;
1361}
1362
b15ed2be
MM		 1363static int ndisc_router_process_hop_limit(Link *link, sd_ndisc_router *rt) {
1364 uint8_t hop_limit;
1365 int r;
1366
1367 assert(link);
64629617 1368 assert(link->manager);
b15ed2be
MM		 1369 assert(link->network);
1370 assert(rt);
1371
52672db3 1372 if (!link->network->ndisc_use_hop_limit)
b15ed2be
MM		 1373 return 0;
1374
1375 r = sd_ndisc_router_get_hop_limit(rt, &hop_limit);
1376 if (r < 0)
1377 return log_link_warning_errno(link, r, "Failed to get hop limit from RA: %m");
1378
1379 /* 0 is the unspecified value and must not be set (see RFC4861, 6.3.4):
1380 *
1381 * A Router Advertisement field (e.g., Cur Hop Limit, Reachable Time, and Retrans Timer) may contain
1382 * a value denoting that it is unspecified. In such cases, the parameter should be ignored and the
1383 * host should continue using whatever value it is already using. In particular, a host MUST NOT
1384 * interpret the unspecified value as meaning change back to the default value that was in use before
1385 * the first Router Advertisement was received.
1386 *
1387 * If the received Cur Hop Limit value is non-zero, the host SHOULD set
d7306348 1388 * its CurHopLimit variable to the received value. */
b15ed2be
MM		 1389 if (hop_limit <= 0)
1390 return 0;
1391
099ee34c 1392 r = sysctl_write_ip_property_uint32(AF_INET6, link->ifname, "hop_limit", (uint32_t) hop_limit, manager_get_sysctl_shadow(link->manager));
b15ed2be
MM		 1393 if (r < 0)
1394 log_link_warning_errno(link, r, "Failed to apply hop_limit (%u), ignoring: %m", hop_limit);
1395
1396 return 0;
1397}
1398
8c9ef90b
YW		 1399static int ndisc_router_process_mtu(Link *link, sd_ndisc_router *rt) {
1400 uint32_t mtu;
1401 int r;
1402
1403 assert(link);
1404 assert(link->network);
1405 assert(rt);
1406
1407 if (!link->network->ndisc_use_mtu)
1408 return 0;
1409
8c9ef90b
YW		 1410 r = sd_ndisc_router_get_mtu(rt, &mtu);
1411 if (r == -ENODATA)
1412 return 0;
1413 if (r < 0)
1414 return log_link_warning_errno(link, r, "Failed to get MTU from RA: %m");
1415
1416 link->ndisc_mtu = mtu;
1417
7edfbf41 1418 (void) link_set_ipv6_mtu(link, LOG_DEBUG);
8c9ef90b
YW		 1419
1420 return 0;
1421}
1422
e42a7480
YW		 1423static int ndisc_address_set_lifetime(Address *address, Link *link, sd_ndisc_router *rt) {
1424 Address *existing;
1425 usec_t t;
1426 int r;
1427
1428 assert(address);
1429 assert(link);
1430 assert(rt);
1431
1432 /* This is mostly based on RFC 4862 section 5.5.3 (e). However, the definition of 'RemainingLifetime'
4dbcda1c 1433 * is ambiguous, and there is no clear explanation when the address is not assigned yet. If we assume
e42a7480
YW		 1434 * that 'RemainingLifetime' is zero in that case, then IPv6 Core Conformance test [v6LC.3.2.5 Part C]
1435 * fails. So, in such case, we skip the conditions about 'RemainingLifetime'. */
1436
1437 r = sd_ndisc_router_prefix_get_valid_lifetime_timestamp(rt, CLOCK_BOOTTIME, &address->lifetime_valid_usec);
1438 if (r < 0)
1439 return r;
1440
1441 r = sd_ndisc_router_prefix_get_preferred_lifetime_timestamp(rt, CLOCK_BOOTTIME, &address->lifetime_preferred_usec);
1442 if (r < 0)
1443 return r;
1444
1445 /* RFC 4862 section 5.5.3 (e)
1446 * 1. If the received Valid Lifetime is greater than 2 hours or greater than RemainingLifetime,
1447 * set the valid lifetime of the corresponding address to the advertised Valid Lifetime. */
1448 r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &t);
1449 if (r < 0)
1450 return r;
1451
1452 if (t > 2 * USEC_PER_HOUR)
1453 return 0;
1454
68adffed
MM		 1455 if (address_get(link, address, &existing) < 0 || existing->source != NETWORK_CONFIG_SOURCE_NDISC)
1456 return 0;
1457
1458 if (address->lifetime_valid_usec > existing->lifetime_valid_usec)
1459 return 0;
1460
1461 /* 2. If RemainingLifetime is less than or equal to 2 hours, ignore the Prefix Information option
1462 * with regards to the valid lifetime, unless the Router Advertisement from which this option was
1463 * obtained has been authenticated (e.g., via Secure Neighbor Discovery [RFC3971]). If the Router
1464 * Advertisement was authenticated, the valid lifetime of the corresponding address should be set
1465 * to the Valid Lifetime in the received option.
1466 *
1467 * Currently, authentication is not supported. So check the lifetime of the existing address. */
e42a7480
YW		 1468 r = sd_ndisc_router_get_timestamp(rt, CLOCK_BOOTTIME, &t);
1469 if (r < 0)
1470 return r;
1471
68adffed
MM		 1472 if (existing->lifetime_valid_usec <= usec_add(t, 2 * USEC_PER_HOUR)) {
1473 address->lifetime_valid_usec = existing->lifetime_valid_usec;
1474 return 0;
e42a7480
YW		 1475 }
1476
1477 /* 3. Otherwise, reset the valid lifetime of the corresponding address to 2 hours. */
1478 address->lifetime_valid_usec = usec_add(t, 2 * USEC_PER_HOUR);
1479 return 0;
1480}
1481
d5017c84 1482static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) {
6197db53 1483 usec_t lifetime_valid_usec, lifetime_preferred_usec;
2d4c9c42 1484 struct in6_addr prefix, router;
9ca04752 1485 uint8_t prefixlen;
1e7a0e21
LP		 1486 int r;
1487
1488 assert(link);
fbdda4bb 1489 assert(link->network);
1e7a0e21
LP		 1490 assert(rt);
1491
52672db3 1492 if (!link->network->ndisc_use_autonomous_prefix)
fbdda4bb
YW		 1493 return 0;
1494
2d4c9c42
YW		 1495 r = sd_ndisc_router_get_sender_address(rt, &router);
1496 if (r < 0)
1497 return log_link_warning_errno(link, r, "Failed to get router address: %m");
1498
151b8ea3
YW		 1499 r = sd_ndisc_router_prefix_get_address(rt, &prefix);
1500 if (r < 0)
2c5bca17 1501 return log_link_warning_errno(link, r, "Failed to get prefix address: %m");
151b8ea3 1502
1e7a0e21 1503 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
d5017c84 1504 if (r < 0)
2c5bca17 1505 return log_link_warning_errno(link, r, "Failed to get prefix length: %m");
1e7a0e21 1506
868bd1aa 1507 /* ndisc_generate_addresses() below requires the prefix length <= 64. */
151b8ea3 1508 if (prefixlen > 64) {
c71384a9
ZJS		 1509 log_link_debug(link, "Prefix is longer than 64, ignoring autonomous prefix %s.",
1510 IN6_ADDR_PREFIX_TO_STRING(&prefix, prefixlen));
151b8ea3
YW		 1511 return 0;
1512 }
1513
e42a7480 1514 r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid_usec);
d5017c84 1515 if (r < 0)
2c5bca17 1516 return log_link_warning_errno(link, r, "Failed to get prefix valid lifetime: %m");
1e7a0e21 1517
e42a7480 1518 r = sd_ndisc_router_prefix_get_preferred_lifetime(rt, &lifetime_preferred_usec);
d5017c84 1519 if (r < 0)
2c5bca17 1520 return log_link_warning_errno(link, r, "Failed to get prefix preferred lifetime: %m");
3b015d40 1521
e42a7480
YW		 1522 /* RFC 4862 section 5.5.3 (c)
1523 * If the preferred lifetime is greater than the valid lifetime, silently ignore the Prefix
1524 * Information option. */
6197db53 1525 if (lifetime_preferred_usec > lifetime_valid_usec)
d5017c84 1526 return 0;
92bdc3ff 1527
e700e482
YW		 1528 _cleanup_hashmap_free_ Hashmap *tokens_by_address = NULL;
1529 r = ndisc_generate_addresses(link, &prefix, prefixlen, &tokens_by_address);
5f506a55 1530 if (r < 0)
2c5bca17 1531 return log_link_warning_errno(link, r, "Failed to generate SLAAC addresses: %m");
c24c83dc 1532
e700e482
YW		 1533 IPv6Token *token;
1534 struct in6_addr *a;
1535 HASHMAP_FOREACH_KEY(token, a, tokens_by_address) {
ebd96906 1536 _cleanup_(address_unrefp) Address *address = NULL;
13e8a49a 1537
76c5a0f2
YW		 1538 r = address_new(&address);
1539 if (r < 0)
1540 return log_oom();
1541
2d4c9c42 1542 address->provider.in6 = router;
76c5a0f2 1543 address->family = AF_INET6;
25db3aea 1544 address->in_addr.in6 = *a;
76c5a0f2
YW		 1545 address->prefixlen = prefixlen;
1546 address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
e700e482 1547 address->token = ipv6_token_ref(token);
fe841414 1548
e42a7480
YW		 1549 r = ndisc_address_set_lifetime(address, link, rt);
1550 if (r < 0)
1551 return log_link_warning_errno(link, r, "Failed to set lifetime of SLAAC address: %m");
1552
1553 assert(address->lifetime_preferred_usec <= address->lifetime_valid_usec);
1554
1555 r = ndisc_request_address(address, link);
1556 if (r < 0)
1557 return log_link_warning_errno(link, r, "Could not request SLAAC address: %m");
3b015d40 1558 }
d5017c84
YW		 1559
1560 return 0;
3b015d40
TG		 1561}
1562
d5017c84 1563static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
74c301b9 1564 _cleanup_(route_unrefp) Route *route = NULL;
9ca04752 1565 uint8_t prefixlen, preference;
6197db53 1566 usec_t lifetime_usec;
167c7ae5 1567 struct in6_addr prefix;
3b015d40
TG		 1568 int r;
1569
3b015d40 1570 assert(link);
fbdda4bb 1571 assert(link->network);
1e7a0e21 1572 assert(rt);
3b015d40 1573
52672db3 1574 if (!link->network->ndisc_use_onlink_prefix)
fbdda4bb
YW		 1575 return 0;
1576
6197db53 1577 r = sd_ndisc_router_prefix_get_valid_lifetime_timestamp(rt, CLOCK_BOOTTIME, &lifetime_usec);
09845af5 1578 if (r < 0)
2c5bca17 1579 return log_link_warning_errno(link, r, "Failed to get prefix lifetime: %m");
09845af5 1580
167c7ae5
YW		 1581 r = sd_ndisc_router_prefix_get_address(rt, &prefix);
1582 if (r < 0)
2c5bca17 1583 return log_link_warning_errno(link, r, "Failed to get prefix address: %m");
167c7ae5 1584
1e7a0e21 1585 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
d5017c84 1586 if (r < 0)
2c5bca17 1587 return log_link_warning_errno(link, r, "Failed to get prefix length: %m");
1e7a0e21 1588
f44eebd1
SS		 1589 /* Prefix Information option does not have preference, hence we use the 'main' preference here */
1590 r = sd_ndisc_router_get_preference(rt, &preference);
1591 if (r < 0)
a8b0b848 1592 return log_link_warning_errno(link, r, "Failed to get router preference from RA: %m");
f44eebd1 1593
3b015d40 1594 r = route_new(&route);
d5017c84 1595 if (r < 0)
13e8a49a 1596 return log_oom();
3b015d40 1597
3b015d40 1598 route->family = AF_INET6;
167c7ae5 1599 route->dst.in6 = prefix;
3b015d40 1600 route->dst_prefixlen = prefixlen;
f44eebd1 1601 route->pref = preference;
6197db53 1602 route->lifetime_usec = lifetime_usec;
3b015d40 1603
b2633622
YW		 1604 /* RFC 4861 section 6.3.4:
1605 * - If the prefix is not already present in the Prefix List, and the Prefix Information option's
1606 * Valid Lifetime field is non-zero, create a new entry for the prefix and initialize its
1607 * invalidation timer to the Valid Lifetime value in the Prefix Information option.
1608 *
1609 * - If the prefix is already present in the host's Prefix List as the result of a previously
1610 * received advertisement, reset its invalidation timer to the Valid Lifetime value in the Prefix
2257be13 1611 * Information option. If the new Lifetime value is zero, timeout the prefix immediately. */
b2633622 1612 if (lifetime_usec == 0) {
74e0b590 1613 r = ndisc_remove_router_route(route, link, rt);
b2633622
YW		 1614 if (r < 0)
1615 return log_link_warning_errno(link, r, "Failed to remove prefix route: %m");
1616 } else {
1617 r = ndisc_request_router_route(route, link, rt);
1618 if (r < 0)
1619 return log_link_warning_errno(link, r, "Failed to request prefix route: %m");
1620 }
d5017c84
YW		 1621
1622 return 0;
3b015d40
TG		 1623}
1624
25688f8d 1625static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
9ca04752 1626 uint8_t flags, prefixlen;
fbdda4bb 1627 struct in6_addr a;
fbdda4bb
YW		 1628 int r;
1629
1630 assert(link);
1631 assert(link->network);
1632 assert(rt);
1633
25688f8d
YW		 1634 usec_t lifetime_usec;
1635 r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_usec);
1636 if (r < 0)
1637 return log_link_warning_errno(link, r, "Failed to get prefix lifetime: %m");
1638
1639 if ((lifetime_usec == 0) != zero_lifetime)
1640 return 0;
1641
fbdda4bb
YW		 1642 r = sd_ndisc_router_prefix_get_address(rt, &a);
1643 if (r < 0)
2c5bca17 1644 return log_link_warning_errno(link, r, "Failed to get prefix address: %m");
fbdda4bb 1645
a115c60e
YW		 1646 /* RFC 4861 Section 4.6.2:
1647 * A router SHOULD NOT send a prefix option for the link-local prefix and a host SHOULD ignore such
1648 * a prefix option. */
1649 if (in6_addr_is_link_local(&a)) {
479d3e19 1650 log_link_debug(link, "Received link-local prefix, ignoring prefix.");
a115c60e
YW		 1651 return 0;
1652 }
1653
fbdda4bb
YW		 1654 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
1655 if (r < 0)
2c5bca17 1656 return log_link_warning_errno(link, r, "Failed to get prefix length: %m");
fbdda4bb
YW		 1657
1658 if (in6_prefix_is_filtered(&a, prefixlen, link->network->ndisc_allow_listed_prefix, link->network->ndisc_deny_listed_prefix)) {
a0b7cae5
YW		 1659 if (set_isempty(link->network->ndisc_allow_listed_prefix))
1660 log_link_debug(link, "Prefix '%s' is in deny list, ignoring.",
1661 IN6_ADDR_PREFIX_TO_STRING(&a, prefixlen));
1662 else
1663 log_link_debug(link, "Prefix '%s' is not in allow list, ignoring.",
c71384a9 1664 IN6_ADDR_PREFIX_TO_STRING(&a, prefixlen));
fbdda4bb
YW		 1665 return 0;
1666 }
1667
1668 r = sd_ndisc_router_prefix_get_flags(rt, &flags);
1669 if (r < 0)
2c5bca17 1670 return log_link_warning_errno(link, r, "Failed to get RA prefix flags: %m");
fbdda4bb 1671
9f368d9e 1672 if (FLAGS_SET(flags, ND_OPT_PI_FLAG_ONLINK)) {
fbdda4bb 1673 r = ndisc_router_process_onlink_prefix(link, rt);
9f368d9e
YW		 1674 if (r < 0)
1675 return r;
1676 }
fbdda4bb
YW		 1677
1678 if (FLAGS_SET(flags, ND_OPT_PI_FLAG_AUTO)) {
1679 r = ndisc_router_process_autonomous_prefix(link, rt);
1680 if (r < 0)
1681 return r;
1682 }
1683
1684 return 0;
1685}
1686
25688f8d 1687static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
74c301b9 1688 _cleanup_(route_unrefp) Route *route = NULL;
9ca04752 1689 uint8_t preference, prefixlen;
91fc5135 1690 struct in6_addr gateway, dst;
6197db53 1691 usec_t lifetime_usec;
7a695d8e 1692 int r;
a13c50e7
TG		 1693
1694 assert(link);
a13c50e7 1695
52672db3 1696 if (!link->network->ndisc_use_route_prefix)
610c0db1
YW		 1697 return 0;
1698
6197db53 1699 r = sd_ndisc_router_route_get_lifetime_timestamp(rt, CLOCK_BOOTTIME, &lifetime_usec);
d5017c84 1700 if (r < 0)
2c5bca17 1701 return log_link_warning_errno(link, r, "Failed to get route lifetime from RA: %m");
d5017c84 1702
25688f8d
YW		 1703 if ((lifetime_usec == 0) != zero_lifetime)
1704 return 0;
1705
b8ce3b44 1706 r = sd_ndisc_router_route_get_address(rt, &dst);
d5017c84 1707 if (r < 0)
2c5bca17 1708 return log_link_warning_errno(link, r, "Failed to get route destination address: %m");
3b015d40 1709
c995fa02
YW		 1710 r = sd_ndisc_router_route_get_prefixlen(rt, &prefixlen);
1711 if (r < 0)
2c5bca17 1712 return log_link_warning_errno(link, r, "Failed to get route prefix length: %m");
c995fa02 1713
c71384a9
ZJS		 1714 if (in6_prefix_is_filtered(&dst, prefixlen,
1715 link->network->ndisc_allow_listed_route_prefix,
1716 link->network->ndisc_deny_listed_route_prefix)) {
a0b7cae5
YW		 1717 if (set_isempty(link->network->ndisc_allow_listed_route_prefix))
1718 log_link_debug(link, "Route prefix '%s' is in deny list, ignoring.",
1719 IN6_ADDR_PREFIX_TO_STRING(&dst, prefixlen));
1720 else
1721 log_link_debug(link, "Route prefix '%s' is not in allow list, ignoring.",
c71384a9 1722 IN6_ADDR_PREFIX_TO_STRING(&dst, prefixlen));
16c89e64
DP		 1723 return 0;
1724 }
1725
9ca04752 1726 r = sd_ndisc_router_get_sender_address(rt, &gateway);
19e334bd 1727 if (r < 0)
2c5bca17 1728 return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
19e334bd 1729
56f91e2d 1730 if (link_get_ipv6_address(link, &gateway, NULL) >= 0) {
84dbb3fd
ZJS		 1731 if (DEBUG_LOGGING)
1732 log_link_debug(link, "Advertised route gateway %s is local to the link, ignoring route",
1733 IN6_ADDR_TO_STRING(&gateway));
22101916
DP		 1734 return 0;
1735 }
1736
1e7a0e21 1737 r = sd_ndisc_router_route_get_preference(rt, &preference);
d5017c84 1738 if (r < 0)
34acdf90 1739 return log_link_warning_errno(link, r, "Failed to get router preference from RA: %m");
1e7a0e21 1740
3b015d40 1741 r = route_new(&route);
d5017c84 1742 if (r < 0)
13e8a49a 1743 return log_oom();
3b015d40 1744
3b015d40 1745 route->family = AF_INET6;
1e7a0e21 1746 route->pref = preference;
054b8c28
YW		 1747 route->nexthop.gw.in6 = gateway;
1748 route->nexthop.family = AF_INET6;
b8ce3b44 1749 route->dst.in6 = dst;
1e7a0e21 1750 route->dst_prefixlen = prefixlen;
6197db53 1751 route->lifetime_usec = lifetime_usec;
3b015d40 1752
b3ea82af 1753 if (lifetime_usec != 0) {
33cab1d4 1754 r = ndisc_request_router_route(route, link, rt);
b3ea82af
YW		 1755 if (r < 0)
1756 return log_link_warning_errno(link, r, "Could not request additional route: %m");
1757 } else {
74e0b590 1758 r = ndisc_remove_router_route(route, link, rt);
b3ea82af
YW		 1759 if (r < 0)
1760 return log_link_warning_errno(link, r, "Could not remove additional route with zero lifetime: %m");
1761 }
d5017c84
YW		 1762
1763 return 0;
9d96e6c3 1764}
a13c50e7 1765
7a08d314 1766static void ndisc_rdnss_hash_func(const NDiscRDNSS *x, struct siphash *state) {
c01a5c05 1767 siphash24_compress_typesafe(x->address, state);
1e7a0e21
LP		 1768}
1769
7a08d314 1770static int ndisc_rdnss_compare_func(const NDiscRDNSS *a, const NDiscRDNSS *b) {
1e7a0e21
LP		 1771 return memcmp(&a->address, &b->address, sizeof(a->address));
1772}
1773
b0b97766
YW		 1774DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
1775 ndisc_rdnss_hash_ops,
1776 NDiscRDNSS,
1777 ndisc_rdnss_hash_func,
1778 ndisc_rdnss_compare_func,
1779 free);
1e7a0e21 1780
25688f8d 1781static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
6197db53 1782 usec_t lifetime_usec;
1e7a0e21 1783 const struct in6_addr *a;
50550722 1784 struct in6_addr router;
8aba7b83 1785 bool updated = false, logged_about_too_many = false;
13e8a49a 1786 int n, r;
1e7a0e21
LP		 1787
1788 assert(link);
ad0b2df6 1789 assert(link->network);
1e7a0e21
LP		 1790 assert(rt);
1791
9646ffe2 1792 if (!link_get_use_dns(link, NETWORK_CONFIG_SOURCE_NDISC))
ad0b2df6
YW		 1793 return 0;
1794
9ca04752 1795 r = sd_ndisc_router_get_sender_address(rt, &router);
50550722 1796 if (r < 0)
2c5bca17 1797 return log_link_warning_errno(link, r, "Failed to get router address from RA: %m");
50550722 1798
6197db53 1799 r = sd_ndisc_router_rdnss_get_lifetime_timestamp(rt, CLOCK_BOOTTIME, &lifetime_usec);
d5017c84 1800 if (r < 0)
2c5bca17 1801 return log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m");
1e7a0e21 1802
25688f8d
YW		 1803 if ((lifetime_usec == 0) != zero_lifetime)
1804 return 0;
1805
1e7a0e21 1806 n = sd_ndisc_router_rdnss_get_addresses(rt, &a);
d5017c84 1807 if (n < 0)
2c5bca17 1808 return log_link_warning_errno(link, n, "Failed to get RDNSS addresses: %m");
1e7a0e21 1809
b0b97766
YW		 1810 for (int j = 0; j < n; j++) {
1811 _cleanup_free_ NDiscRDNSS *x = NULL;
3b6a3bde 1812 NDiscRDNSS *rdnss, d = {
b0b97766
YW		 1813 .address = a[j],
1814 };
1e7a0e21 1815
af2aea8b
YW		 1816 if (lifetime_usec == 0) {
1817 /* The entry is outdated. */
1818 free(set_remove(link->ndisc_rdnss, &d));
1819 updated = true;
1820 continue;
1821 }
1822
b0b97766
YW		 1823 rdnss = set_get(link->ndisc_rdnss, &d);
1824 if (rdnss) {
50550722 1825 rdnss->router = router;
03ccc4b4 1826 rdnss->lifetime_usec = lifetime_usec;
1e7a0e21
LP		 1827 continue;
1828 }
1829
8aba7b83
YW		 1830 if (set_size(link->ndisc_rdnss) >= NDISC_RDNSS_MAX) {
1831 if (!logged_about_too_many)
1832 log_link_warning(link, "Too many RDNSS records per link. Only first %u records will be used.", NDISC_RDNSS_MAX);
1833 logged_about_too_many = true;
1834 continue;
1835 }
1836
d5017c84
YW		 1837 x = new(NDiscRDNSS, 1);
1838 if (!x)
1839 return log_oom();
1e7a0e21 1840
d5017c84 1841 *x = (NDiscRDNSS) {
b0b97766 1842 .address = a[j],
50550722 1843 .router = router,
03ccc4b4 1844 .lifetime_usec = lifetime_usec,
d5017c84 1845 };
1e7a0e21 1846
35e601d4 1847 r = set_ensure_consume(&link->ndisc_rdnss, &ndisc_rdnss_hash_ops, TAKE_PTR(x));
d5017c84
YW		 1848 if (r < 0)
1849 return log_oom();
1e7a0e21 1850 assert(r > 0);
9092113d
YW		 1851
1852 updated = true;
1e7a0e21 1853 }
d5017c84 1854
9092113d
YW		 1855 if (updated)
1856 link_dirty(link);
1857
d5017c84 1858 return 0;
1e7a0e21
LP		 1859}
1860
7a08d314 1861static void ndisc_dnssl_hash_func(const NDiscDNSSL *x, struct siphash *state) {
baa3fadf 1862 siphash24_compress_string(ndisc_dnssl_domain(x), state);
1e7a0e21
LP		 1863}
1864
7a08d314 1865static int ndisc_dnssl_compare_func(const NDiscDNSSL *a, const NDiscDNSSL *b) {
baa3fadf 1866 return strcmp(ndisc_dnssl_domain(a), ndisc_dnssl_domain(b));
1e7a0e21
LP		 1867}
1868
b0b97766
YW		 1869DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
1870 ndisc_dnssl_hash_ops,
1871 NDiscDNSSL,
1872 ndisc_dnssl_hash_func,
1873 ndisc_dnssl_compare_func,
1874 free);
1e7a0e21 1875
25688f8d 1876static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
9ca04752 1877 char **l;
6197db53 1878 usec_t lifetime_usec;
50550722 1879 struct in6_addr router;
8aba7b83 1880 bool updated = false, logged_about_too_many = false;
1e7a0e21
LP		 1881 int r;
1882
1883 assert(link);
ad0b2df6 1884 assert(link->network);
1e7a0e21
LP		 1885 assert(rt);
1886
7a169cb4 1887 if (link_get_use_domains(link, NETWORK_CONFIG_SOURCE_NDISC) <= 0)
ad0b2df6
YW		 1888 return 0;
1889
9ca04752 1890 r = sd_ndisc_router_get_sender_address(rt, &router);
50550722 1891 if (r < 0)
2c5bca17 1892 return log_link_warning_errno(link, r, "Failed to get router address from RA: %m");
50550722 1893
6197db53 1894 r = sd_ndisc_router_dnssl_get_lifetime_timestamp(rt, CLOCK_BOOTTIME, &lifetime_usec);
13e8a49a 1895 if (r < 0)
2c5bca17 1896 return log_link_warning_errno(link, r, "Failed to get DNSSL lifetime: %m");
1e7a0e21 1897
25688f8d
YW		 1898 if ((lifetime_usec == 0) != zero_lifetime)
1899 return 0;
1900
1e7a0e21 1901 r = sd_ndisc_router_dnssl_get_domains(rt, &l);
13e8a49a 1902 if (r < 0)
2c5bca17 1903 return log_link_warning_errno(link, r, "Failed to get DNSSL addresses: %m");
1e7a0e21 1904
b0b97766
YW		 1905 STRV_FOREACH(j, l) {
1906 _cleanup_free_ NDiscDNSSL *s = NULL;
3b6a3bde 1907 NDiscDNSSL *dnssl;
1e7a0e21 1908
b0b97766
YW		 1909 s = malloc0(ALIGN(sizeof(NDiscDNSSL)) + strlen(*j) + 1);
1910 if (!s)
1911 return log_oom();
1e7a0e21 1912
baa3fadf 1913 strcpy(ndisc_dnssl_domain(s), *j);
1e7a0e21 1914
af2aea8b
YW		 1915 if (lifetime_usec == 0) {
1916 /* The entry is outdated. */
1917 free(set_remove(link->ndisc_dnssl, s));
1918 updated = true;
1919 continue;
1920 }
1921
b0b97766
YW		 1922 dnssl = set_get(link->ndisc_dnssl, s);
1923 if (dnssl) {
50550722 1924 dnssl->router = router;
03ccc4b4 1925 dnssl->lifetime_usec = lifetime_usec;
1e7a0e21
LP		 1926 continue;
1927 }
1928
8aba7b83
YW		 1929 if (set_size(link->ndisc_dnssl) >= NDISC_DNSSL_MAX) {
1930 if (!logged_about_too_many)
1931 log_link_warning(link, "Too many DNSSL records per link. Only first %u records will be used.", NDISC_DNSSL_MAX);
1932 logged_about_too_many = true;
1933 continue;
1934 }
1935
50550722 1936 s->router = router;
03ccc4b4 1937 s->lifetime_usec = lifetime_usec;
1e7a0e21 1938
35e601d4 1939 r = set_ensure_consume(&link->ndisc_dnssl, &ndisc_dnssl_hash_ops, TAKE_PTR(s));
13e8a49a
YW		 1940 if (r < 0)
1941 return log_oom();
1e7a0e21 1942 assert(r > 0);
9092113d
YW		 1943
1944 updated = true;
1e7a0e21 1945 }
13e8a49a 1946
9092113d
YW		 1947 if (updated)
1948 link_dirty(link);
1949
13e8a49a 1950 return 0;
1e7a0e21
LP		 1951}
1952
64de00c4
YW		 1953static NDiscCaptivePortal* ndisc_captive_portal_free(NDiscCaptivePortal *x) {
1954 if (!x)
1955 return NULL;
1956
1957 free(x->captive_portal);
1958 return mfree(x);
1959}
1960
1961DEFINE_TRIVIAL_CLEANUP_FUNC(NDiscCaptivePortal*, ndisc_captive_portal_free);
1962
1963static void ndisc_captive_portal_hash_func(const NDiscCaptivePortal *x, struct siphash *state) {
1964 assert(x);
1965 siphash24_compress_string(x->captive_portal, state);
1966}
1967
1968static int ndisc_captive_portal_compare_func(const NDiscCaptivePortal *a, const NDiscCaptivePortal *b) {
1969 assert(a);
1970 assert(b);
1971 return strcmp_ptr(a->captive_portal, b->captive_portal);
1972}
1973
1974DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
1975 ndisc_captive_portal_hash_ops,
1976 NDiscCaptivePortal,
1977 ndisc_captive_portal_hash_func,
1978 ndisc_captive_portal_compare_func,
535134bc 1979 ndisc_captive_portal_free);
64de00c4 1980
25688f8d 1981static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
64de00c4
YW		 1982 _cleanup_(ndisc_captive_portal_freep) NDiscCaptivePortal *new_entry = NULL;
1983 _cleanup_free_ char *captive_portal = NULL;
9ca04752 1984 const char *uri;
6197db53 1985 usec_t lifetime_usec;
64de00c4
YW		 1986 NDiscCaptivePortal *exist;
1987 struct in6_addr router;
64de00c4
YW		 1988 int r;
1989
1990 assert(link);
1991 assert(link->network);
1992 assert(rt);
1993
52672db3 1994 if (!link->network->ndisc_use_captive_portal)
64de00c4
YW		 1995 return 0;
1996
9ca04752 1997 r = sd_ndisc_router_get_sender_address(rt, &router);
64de00c4
YW		 1998 if (r < 0)
1999 return log_link_warning_errno(link, r, "Failed to get router address from RA: %m");
2000
218f3738
YW		 2001 /* RFC 4861 section 4.2. states that the lifetime in the message header should be used only for the
2002 * default gateway, but the captive portal option does not have a lifetime field, hence, we use the
2003 * main lifetime for the portal. */
6197db53 2004 r = sd_ndisc_router_get_lifetime_timestamp(rt, CLOCK_BOOTTIME, &lifetime_usec);
64de00c4
YW		 2005 if (r < 0)
2006 return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m");
2007
25688f8d
YW		 2008 if ((lifetime_usec == 0) != zero_lifetime)
2009 return 0;
2010
9ca04752 2011 r = sd_ndisc_router_get_captive_portal(rt, &uri);
64de00c4
YW		 2012 if (r < 0)
2013 return log_link_warning_errno(link, r, "Failed to get captive portal from RA: %m");
2014
9ca04752
YW		 2015 captive_portal = strdup(uri);
2016 if (!captive_portal)
2017 return log_oom();
64de00c4 2018
218f3738
YW		 2019 if (lifetime_usec == 0) {
2020 /* Drop the portal with zero lifetime. */
2021 ndisc_captive_portal_free(set_remove(link->ndisc_captive_portals,
9ca04752 2022 &(const NDiscCaptivePortal) {
218f3738
YW		 2023 .captive_portal = captive_portal,
2024 }));
2025 return 0;
2026 }
2027
2028 exist = set_get(link->ndisc_captive_portals,
9ca04752 2029 &(const NDiscCaptivePortal) {
218f3738
YW		 2030 .captive_portal = captive_portal,
2031 });
64de00c4
YW		 2032 if (exist) {
2033 /* update existing entry */
2034 exist->router = router;
2035 exist->lifetime_usec = lifetime_usec;
6df82d12 2036 return 1;
64de00c4
YW		 2037 }
2038
bf943a9d
YW		 2039 if (set_size(link->ndisc_captive_portals) >= NDISC_CAPTIVE_PORTAL_MAX) {
2040 NDiscCaptivePortal *c, *target = NULL;
2041
2042 /* Find the portal who has the minimal lifetime and drop it to store new one. */
2043 SET_FOREACH(c, link->ndisc_captive_portals)
2044 if (!target || c->lifetime_usec < target->lifetime_usec)
2045 target = c;
2046
2047 assert(target);
2048 assert(set_remove(link->ndisc_captive_portals, target) == target);
2049 ndisc_captive_portal_free(target);
2050 }
2051
64de00c4
YW		 2052 new_entry = new(NDiscCaptivePortal, 1);
2053 if (!new_entry)
2054 return log_oom();
2055
2056 *new_entry = (NDiscCaptivePortal) {
2057 .router = router,
2058 .lifetime_usec = lifetime_usec,
2059 .captive_portal = TAKE_PTR(captive_portal),
2060 };
2061
2062 r = set_ensure_put(&link->ndisc_captive_portals, &ndisc_captive_portal_hash_ops, new_entry);
2063 if (r < 0)
2064 return log_oom();
2065 assert(r > 0);
2066 TAKE_PTR(new_entry);
2067
2068 link_dirty(link);
6df82d12 2069 return 1;
64de00c4
YW		 2070}
2071
6e8f5e4c
SS		 2072static void ndisc_pref64_hash_func(const NDiscPREF64 *x, struct siphash *state) {
2073 assert(x);
2074
c01a5c05
YW		 2075 siphash24_compress_typesafe(x->prefix_len, state);
2076 siphash24_compress_typesafe(x->prefix, state);
6e8f5e4c
SS		 2077}
2078
2079static int ndisc_pref64_compare_func(const NDiscPREF64 *a, const NDiscPREF64 *b) {
2080 int r;
2081
2082 assert(a);
2083 assert(b);
2084
2085 r = CMP(a->prefix_len, b->prefix_len);
2086 if (r != 0)
2087 return r;
2088
2089 return memcmp(&a->prefix, &b->prefix, sizeof(a->prefix));
2090}
2091
2092DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
2093 ndisc_pref64_hash_ops,
2094 NDiscPREF64,
2095 ndisc_pref64_hash_func,
2096 ndisc_pref64_compare_func,
2097 mfree);
2098
25688f8d 2099static int ndisc_router_process_pref64(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
6e8f5e4c 2100 _cleanup_free_ NDiscPREF64 *new_entry = NULL;
6197db53 2101 usec_t lifetime_usec;
6e8f5e4c 2102 struct in6_addr a, router;
9ca04752 2103 uint8_t prefix_len;
6e8f5e4c
SS		 2104 NDiscPREF64 *exist;
2105 int r;
2106
2107 assert(link);
2108 assert(link->network);
2109 assert(rt);
2110
52672db3 2111 if (!link->network->ndisc_use_pref64)
6e8f5e4c
SS		 2112 return 0;
2113
9ca04752 2114 r = sd_ndisc_router_get_sender_address(rt, &router);
6e8f5e4c
SS		 2115 if (r < 0)
2116 return log_link_warning_errno(link, r, "Failed to get router address from RA: %m");
2117
2118 r = sd_ndisc_router_prefix64_get_prefix(rt, &a);
2119 if (r < 0)
2120 return log_link_warning_errno(link, r, "Failed to get pref64 prefix: %m");
2121
2122 r = sd_ndisc_router_prefix64_get_prefixlen(rt, &prefix_len);
2123 if (r < 0)
2124 return log_link_warning_errno(link, r, "Failed to get pref64 prefix length: %m");
2125
6197db53 2126 r = sd_ndisc_router_prefix64_get_lifetime_timestamp(rt, CLOCK_BOOTTIME, &lifetime_usec);
6e8f5e4c
SS		 2127 if (r < 0)
2128 return log_link_warning_errno(link, r, "Failed to get pref64 prefix lifetime: %m");
2129
25688f8d
YW		 2130 if ((lifetime_usec == 0) != zero_lifetime)
2131 return 0;
2132
6e8f5e4c
SS		 2133 if (lifetime_usec == 0) {
2134 free(set_remove(link->ndisc_pref64,
2135 &(NDiscPREF64) {
2136 .prefix = a,
2137 .prefix_len = prefix_len
2138 }));
2139 return 0;
2140 }
2141
2142 exist = set_get(link->ndisc_pref64,
2143 &(NDiscPREF64) {
2144 .prefix = a,
2145 .prefix_len = prefix_len
2146 });
2147 if (exist) {
2148 /* update existing entry */
2149 exist->router = router;
2150 exist->lifetime_usec = lifetime_usec;
2151 return 0;
2152 }
2153
4df16cd0
YW		 2154 if (set_size(link->ndisc_pref64) >= NDISC_PREF64_MAX) {
2155 log_link_debug(link, "Too many PREF64 records received. Only first %u records will be used.", NDISC_PREF64_MAX);
2156 return 0;
2157 }
2158
6e8f5e4c
SS		 2159 new_entry = new(NDiscPREF64, 1);
2160 if (!new_entry)
2161 return log_oom();
2162
2163 *new_entry = (NDiscPREF64) {
2164 .router = router,
2165 .lifetime_usec = lifetime_usec,
2166 .prefix = a,
2167 .prefix_len = prefix_len,
2168 };
2169
2170 r = set_ensure_put(&link->ndisc_pref64, &ndisc_pref64_hash_ops, new_entry);
2171 if (r < 0)
2172 return log_oom();
2173
2174 assert(r > 0);
2175 TAKE_PTR(new_entry);
2176
2177 return 0;
2178}
2179
0c90d1d2
RP		 2180static NDiscDNR* ndisc_dnr_free(NDiscDNR *x) {
2181 if (!x)
2182 return NULL;
2183
2184 sd_dns_resolver_done(&x->resolver);
2185 return mfree(x);
2186}
2187
2188DEFINE_TRIVIAL_CLEANUP_FUNC(NDiscDNR*, ndisc_dnr_free);
2189
2190static int ndisc_dnr_compare_func(const NDiscDNR *a, const NDiscDNR *b) {
2191 return CMP(a->resolver.priority, b->resolver.priority) ||
2192 strcmp_ptr(a->resolver.auth_name, b->resolver.auth_name) ||
2193 CMP(a->resolver.transports, b->resolver.transports) ||
2194 CMP(a->resolver.port, b->resolver.port) ||
2195 strcmp_ptr(a->resolver.dohpath, b->resolver.dohpath) ||
2196 CMP(a->resolver.family, b->resolver.family) ||
2197 CMP(a->resolver.n_addrs, b->resolver.n_addrs) ||
2198 memcmp(a->resolver.addrs, b->resolver.addrs, sizeof(a->resolver.addrs[0]) * a->resolver.n_addrs);
2199}
2200
2201static void ndisc_dnr_hash_func(const NDiscDNR *x, struct siphash *state) {
2202 assert(x);
2203
2204 siphash24_compress_resolver(&x->resolver, state);
2205}
2206
2207DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
2208 ndisc_dnr_hash_ops,
2209 NDiscDNR,
2210 ndisc_dnr_hash_func,
2211 ndisc_dnr_compare_func,
2212 ndisc_dnr_free);
2213
2214static int sd_dns_resolver_copy(const sd_dns_resolver *a, sd_dns_resolver *b) {
2215 int r;
2216
2217 assert(a);
2218 assert(b);
2219
2220 _cleanup_(sd_dns_resolver_done) sd_dns_resolver c = {
2221 .priority = a->priority,
2222 .transports = a->transports,
2223 .port = a->port,
2224 /* .auth_name */
2225 .family = a->family,
2226 /* .addrs */
2227 /* .n_addrs */
2228 /* .dohpath */
2229 };
2230
2231 /* auth_name */
2232 r = strdup_to(&c.auth_name, a->auth_name);
2233 if (r < 0)
2234 return r;
2235
2236 /* addrs, n_addrs */
2237 c.addrs = newdup(union in_addr_union, a->addrs, a->n_addrs);
2238 if (!c.addrs)
2239 return r;
2240 c.n_addrs = a->n_addrs;
2241
2242 /* dohpath */
2243 r = strdup_to(&c.dohpath, a->dohpath);
2244 if (r < 0)
2245 return r;
2246
2247 *b = TAKE_STRUCT(c);
2248 return 0;
2249}
2250
25688f8d 2251static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
0c90d1d2
RP		 2252 int r;
2253
2254 assert(link);
2255 assert(link->network);
2256 assert(rt);
2257
2258 struct in6_addr router;
2259 usec_t lifetime_usec;
2260 sd_dns_resolver *res;
2261 _cleanup_(ndisc_dnr_freep) NDiscDNR *new_entry = NULL;
2262
9c683c0e
RP		 2263 if (!link_get_use_dnr(link, NETWORK_CONFIG_SOURCE_NDISC))
2264 return 0;
2265
0c90d1d2
RP		 2266 r = sd_ndisc_router_get_sender_address(rt, &router);
2267 if (r < 0)
2268 return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
2269
2270 r = sd_ndisc_router_encrypted_dns_get_lifetime_timestamp(rt, CLOCK_BOOTTIME, &lifetime_usec);
2271 if (r < 0)
2272 return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m");
2273
25688f8d
YW		 2274 if ((lifetime_usec == 0) != zero_lifetime)
2275 return 0;
2276
0c90d1d2
RP		 2277 r = sd_ndisc_router_encrypted_dns_get_resolver(rt, &res);
2278 if (r < 0)
2279 return log_link_warning_errno(link, r, "Failed to get encrypted dns resolvers: %m");
2280
2281 NDiscDNR *dnr, d = { .resolver = *res };
2282 if (lifetime_usec == 0) {
2283 dnr = set_remove(link->ndisc_dnr, &d);
2284 if (dnr) {
2285 ndisc_dnr_free(dnr);
2286 link_dirty(link);
2287 }
2288 return 0;
2289 }
2290
2291 dnr = set_get(link->ndisc_dnr, &d);
2292 if (dnr) {
2293 dnr->router = router;
2294 dnr->lifetime_usec = lifetime_usec;
2295 return 0;
2296 }
2297
a791fea0
RP		 2298 if (set_size(link->ndisc_dnr) >= NDISC_ENCRYPTED_DNS_MAX) {
2299 log_link_warning(link, "Too many Encrypted DNS records received. Only first %u records will be used.", NDISC_ENCRYPTED_DNS_MAX);
2300 return 0;
2301 }
2302
0c90d1d2
RP		 2303 new_entry = new(NDiscDNR, 1);
2304 if (!new_entry)
2305 return log_oom();
2306
2307 *new_entry = (NDiscDNR) {
2308 .router = router,
2309 /* .resolver, */
2310 .lifetime_usec = lifetime_usec,
2311 };
2312 r = sd_dns_resolver_copy(res, &new_entry->resolver);
2313 if (r < 0)
2314 return log_oom();
2315
2316 /* Not sorted by priority */
2317 r = set_ensure_put(&link->ndisc_dnr, &ndisc_dnr_hash_ops, new_entry);
2318 if (r < 0)
2319 return log_oom();
2320
2321 assert(r > 0);
2322 TAKE_PTR(new_entry);
2323
2324 link_dirty(link);
2325
2326 return 0;
2327}
2328
25688f8d 2329static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
6df82d12 2330 size_t n_captive_portal = 0;
fbdda4bb
YW		 2331 int r;
2332
1e7a0e21 2333 assert(link);
55d3fdcf 2334 assert(link->network);
1e7a0e21
LP		 2335 assert(rt);
2336
fbdda4bb 2337 for (r = sd_ndisc_router_option_rewind(rt); ; r = sd_ndisc_router_option_next(rt)) {
1e7a0e21
LP		 2338 uint8_t type;
2339
e8c9b5b0 2340 if (r < 0)
2c5bca17 2341 return log_link_warning_errno(link, r, "Failed to iterate through options: %m");
1e7a0e21 2342 if (r == 0) /* EOF */
13e8a49a 2343 return 0;
1e7a0e21
LP		 2344
2345 r = sd_ndisc_router_option_get_type(rt, &type);
e8c9b5b0 2346 if (r < 0)
2c5bca17 2347 return log_link_warning_errno(link, r, "Failed to get RA option type: %m");
1e7a0e21
LP		 2348
2349 switch (type) {
fbdda4bb 2350 case SD_NDISC_OPTION_PREFIX_INFORMATION:
25688f8d 2351 r = ndisc_router_process_prefix(link, rt, zero_lifetime);
1e7a0e21 2352 break;
1e7a0e21
LP		 2353
2354 case SD_NDISC_OPTION_ROUTE_INFORMATION:
25688f8d 2355 r = ndisc_router_process_route(link, rt, zero_lifetime);
1e7a0e21
LP		 2356 break;
2357
2358 case SD_NDISC_OPTION_RDNSS:
25688f8d 2359 r = ndisc_router_process_rdnss(link, rt, zero_lifetime);
1e7a0e21
LP		 2360 break;
2361
2362 case SD_NDISC_OPTION_DNSSL:
25688f8d 2363 r = ndisc_router_process_dnssl(link, rt, zero_lifetime);
1e7a0e21 2364 break;
9747955d 2365 case SD_NDISC_OPTION_CAPTIVE_PORTAL:
6df82d12
YW		 2366 if (n_captive_portal > 0) {
2367 if (n_captive_portal == 1)
2368 log_link_notice(link, "Received RA with multiple captive portals, only using the first one.");
2369
2370 n_captive_portal++;
2371 continue;
2372 }
25688f8d 2373 r = ndisc_router_process_captive_portal(link, rt, zero_lifetime);
6df82d12
YW		 2374 if (r > 0)
2375 n_captive_portal++;
9747955d 2376 break;
6e8f5e4c 2377 case SD_NDISC_OPTION_PREF64:
25688f8d 2378 r = ndisc_router_process_pref64(link, rt, zero_lifetime);
6e8f5e4c 2379 break;
0c90d1d2 2380 case SD_NDISC_OPTION_ENCRYPTED_DNS:
25688f8d 2381 r = ndisc_router_process_encrypted_dns(link, rt, zero_lifetime);
0c90d1d2 2382 break;
1e7a0e21 2383 }
5908d864
YW		 2384 if (r < 0 && r != -EBADMSG)
2385 return r;
1e7a0e21
LP		 2386 }
2387}
2388
87a33c07 2389static int ndisc_drop_outdated(Link *link, const struct in6_addr *router, usec_t timestamp_usec) {
94e6d37c
YW		 2390 bool updated = false;
2391 NDiscDNSSL *dnssl;
2392 NDiscRDNSS *rdnss;
64de00c4 2393 NDiscCaptivePortal *cp;
fabea9c0 2394 NDiscPREF64 *p64;
0c90d1d2 2395 NDiscDNR *dnr;
94e6d37c
YW		 2396 Address *address;
2397 Route *route;
372acaad 2398 int r, ret = 0;
94e6d37c
YW		 2399
2400 assert(link);
8d01e44c 2401 assert(link->manager);
94e6d37c
YW		 2402
2403 /* If an address or friends is already assigned, but not valid anymore, then refuse to update it,
2404 * and let's immediately remove it.
2405 * See RFC4862, section 5.5.3.e. But the following logic is deviated from RFC4862 by honoring all
2406 * valid lifetimes to improve the reaction of SLAAC to renumbering events.
2407 * See draft-ietf-6man-slaac-renum-02, section 4.2. */
2408
01420b2d 2409 r = ndisc_drop_routers(link, router, timestamp_usec);
b03d7291
YW		 2410 if (r < 0)
2411 RET_GATHER(ret, log_link_warning_errno(link, r, "Failed to drop outdated default router, ignoring: %m"));
2412
8d01e44c 2413 SET_FOREACH(route, link->manager->routes) {
94e6d37c
YW		 2414 if (route->source != NETWORK_CONFIG_SOURCE_NDISC)
2415 continue;
2416
2437ebee 2417 if (!route_is_bound_to_link(route, link))
8d01e44c
YW		 2418 continue;
2419
9944629e
YW		 2420 if (route->protocol == RTPROT_REDIRECT)
2421 continue; /* redirect route will be dropped by ndisc_drop_redirect(). */
2422
c75d1196 2423 if (route->lifetime_usec > timestamp_usec)
94e6d37c
YW		 2424 continue; /* the route is still valid */
2425
87a33c07
YW		 2426 if (router && !in6_addr_equal(&route->provider.in6, router))
2427 continue;
2428
3caed9ea 2429 r = route_remove_and_cancel(route, link->manager);
372acaad
YW		 2430 if (r < 0)
2431 RET_GATHER(ret, log_link_warning_errno(link, r, "Failed to remove outdated SLAAC route, ignoring: %m"));
94e6d37c
YW		 2432 }
2433
0f8afaf9
YW		 2434 RET_GATHER(ret, ndisc_remove_unused_nexthops(link));
2435
94e6d37c
YW		 2436 SET_FOREACH(address, link->addresses) {
2437 if (address->source != NETWORK_CONFIG_SOURCE_NDISC)
2438 continue;
2439
c75d1196 2440 if (address->lifetime_valid_usec > timestamp_usec)
94e6d37c
YW		 2441 continue; /* the address is still valid */
2442
87a33c07
YW		 2443 if (router && !in6_addr_equal(&address->provider.in6, router))
2444 continue;
2445
f22b586a 2446 r = address_remove_and_cancel(address, link);
372acaad
YW		 2447 if (r < 0)
2448 RET_GATHER(ret, log_link_warning_errno(link, r, "Failed to remove outdated SLAAC address, ignoring: %m"));
94e6d37c
YW		 2449 }
2450
2451 SET_FOREACH(rdnss, link->ndisc_rdnss) {
c75d1196 2452 if (rdnss->lifetime_usec > timestamp_usec)
94e6d37c
YW		 2453 continue; /* the DNS server is still valid */
2454
87a33c07
YW		 2455 if (router && !in6_addr_equal(&rdnss->router, router))
2456 continue;
2457
94e6d37c
YW		 2458 free(set_remove(link->ndisc_rdnss, rdnss));
2459 updated = true;
2460 }
2461
2462 SET_FOREACH(dnssl, link->ndisc_dnssl) {
c75d1196 2463 if (dnssl->lifetime_usec > timestamp_usec)
94e6d37c
YW		 2464 continue; /* the DNS domain is still valid */
2465
87a33c07
YW		 2466 if (router && !in6_addr_equal(&dnssl->router, router))
2467 continue;
2468
94e6d37c
YW		 2469 free(set_remove(link->ndisc_dnssl, dnssl));
2470 updated = true;
2471 }
2472
64de00c4 2473 SET_FOREACH(cp, link->ndisc_captive_portals) {
c75d1196 2474 if (cp->lifetime_usec > timestamp_usec)
64de00c4
YW		 2475 continue; /* the captive portal is still valid */
2476
87a33c07
YW		 2477 if (router && !in6_addr_equal(&cp->router, router))
2478 continue;
2479
75a91226 2480 ndisc_captive_portal_free(set_remove(link->ndisc_captive_portals, cp));
64de00c4
YW		 2481 updated = true;
2482 }
2483
fabea9c0 2484 SET_FOREACH(p64, link->ndisc_pref64) {
c75d1196 2485 if (p64->lifetime_usec > timestamp_usec)
fabea9c0
YW		 2486 continue; /* the pref64 prefix is still valid */
2487
87a33c07
YW		 2488 if (router && !in6_addr_equal(&p64->router, router))
2489 continue;
2490
fabea9c0
YW		 2491 free(set_remove(link->ndisc_pref64, p64));
2492 /* The pref64 prefix is not exported through the state file, hence it is not necessary to set
2493 * the 'updated' flag. */
2494 }
2495
0c90d1d2
RP		 2496 SET_FOREACH(dnr, link->ndisc_dnr) {
2497 if (dnr->lifetime_usec > timestamp_usec)
2498 continue; /* The resolver is still valid */
2499
2500 ndisc_dnr_free(set_remove(link->ndisc_dnr, dnr));
2501 updated = true;
2502 }
2503
b8b0c1a0
YW		 2504 RET_GATHER(ret, link_request_stacked_netdevs(link, NETDEV_LOCAL_ADDRESS_SLAAC));
2505
94e6d37c
YW		 2506 if (updated)
2507 link_dirty(link);
2508
372acaad 2509 return ret;
94e6d37c
YW		 2510}
2511
77302468
YW		 2512static int ndisc_setup_expire(Link *link);
2513
2514static int ndisc_expire_handler(sd_event_source *s, uint64_t usec, void *userdata) {
2515 Link *link = ASSERT_PTR(userdata);
2516 usec_t now_usec;
2517
2518 assert(link->manager);
2519
2520 assert_se(sd_event_now(link->manager->event, CLOCK_BOOTTIME, &now_usec) >= 0);
2521
87a33c07 2522 (void) ndisc_drop_outdated(link, /* router = */ NULL, now_usec);
77302468
YW		 2523 (void) ndisc_setup_expire(link);
2524 return 0;
2525}
2526
2527static int ndisc_setup_expire(Link *link) {
2528 usec_t lifetime_usec = USEC_INFINITY;
64de00c4 2529 NDiscCaptivePortal *cp;
77302468
YW		 2530 NDiscDNSSL *dnssl;
2531 NDiscRDNSS *rdnss;
fabea9c0 2532 NDiscPREF64 *p64;
0c90d1d2 2533 NDiscDNR *dnr;
77302468
YW		 2534 Address *address;
2535 Route *route;
2536 int r;
2537
2538 assert(link);
2539 assert(link->manager);
2540
01420b2d
YW		 2541 sd_ndisc_router *rt;
2542 HASHMAP_FOREACH(rt, link->ndisc_routers_by_sender) {
2543 usec_t t;
2544
2545 if (sd_ndisc_router_get_lifetime_timestamp(rt, CLOCK_BOOTTIME, &t) < 0)
2546 continue;
2547
2548 lifetime_usec = MIN(lifetime_usec, t);
2549 }
2550
8d01e44c 2551 SET_FOREACH(route, link->manager->routes) {
77302468
YW		 2552 if (route->source != NETWORK_CONFIG_SOURCE_NDISC)
2553 continue;
2554
2437ebee 2555 if (!route_is_bound_to_link(route, link))
8d01e44c
YW		 2556 continue;
2557
77302468
YW		 2558 if (!route_exists(route))
2559 continue;
2560
2561 lifetime_usec = MIN(lifetime_usec, route->lifetime_usec);
2562 }
2563
2564 SET_FOREACH(address, link->addresses) {
2565 if (address->source != NETWORK_CONFIG_SOURCE_NDISC)
2566 continue;
2567
2568 if (!address_exists(address))
2569 continue;
2570
2571 lifetime_usec = MIN(lifetime_usec, address->lifetime_valid_usec);
2572 }
2573
2574 SET_FOREACH(rdnss, link->ndisc_rdnss)
2575 lifetime_usec = MIN(lifetime_usec, rdnss->lifetime_usec);
2576
2577 SET_FOREACH(dnssl, link->ndisc_dnssl)
2578 lifetime_usec = MIN(lifetime_usec, dnssl->lifetime_usec);
2579
64de00c4
YW		 2580 SET_FOREACH(cp, link->ndisc_captive_portals)
2581 lifetime_usec = MIN(lifetime_usec, cp->lifetime_usec);
2582
fabea9c0
YW		 2583 SET_FOREACH(p64, link->ndisc_pref64)
2584 lifetime_usec = MIN(lifetime_usec, p64->lifetime_usec);
2585
0c90d1d2
RP		 2586 SET_FOREACH(dnr, link->ndisc_dnr)
2587 lifetime_usec = MIN(lifetime_usec, dnr->lifetime_usec);
2588
77302468
YW		 2589 if (lifetime_usec == USEC_INFINITY)
2590 return 0;
2591
2592 r = event_reset_time(link->manager->event, &link->ndisc_expire, CLOCK_BOOTTIME,
2593 lifetime_usec, 0, ndisc_expire_handler, link, 0, "ndisc-expiration", true);
2594 if (r < 0)
2595 return log_link_warning_errno(link, r, "Failed to update expiration timer for ndisc: %m");
2596
2597 return 0;
2598}
2599
928112a4
YW		 2600static int ndisc_start_dhcp6_client(Link *link, sd_ndisc_router *rt) {
2601 int r;
2602
2603 assert(link);
2604 assert(link->network);
2605
52672db3 2606 switch (link->network->ndisc_start_dhcp6_client) {
928112a4
YW		 2607 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO:
2608 return 0;
2609
2610 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES: {
2611 uint64_t flags;
2612
2613 r = sd_ndisc_router_get_flags(rt, &flags);
2614 if (r < 0)
2615 return log_link_warning_errno(link, r, "Failed to get RA flags: %m");
2616
2617 if ((flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER)) == 0)
2618 return 0;
2619
2620 /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags.
0bcc6557
AH		 2621 * Note, if both "managed" and "other configuration" bits are set, then ignore
2622 * "other configuration" bit. See RFC 4861. */
fac19a21 2623 r = dhcp6_start_on_ra(link, !(flags & ND_RA_FLAG_MANAGED));
928112a4
YW		 2624 break;
2625 }
2626 case IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS:
0bcc6557 2627 /* When IPv6AcceptRA.DHCPv6Client=always, start dhcp6 client in solicit mode
928112a4 2628 * even if the router flags have neither M nor O flags. */
fac19a21 2629 r = dhcp6_start_on_ra(link, /* information_request = */ false);
928112a4
YW		 2630 break;
2631
2632 default:
2633 assert_not_reached();
2634 }
2635
2636 if (r < 0)
2c5bca17 2637 return log_link_warning_errno(link, r, "Could not acquire DHCPv6 lease on NDisc request: %m");
928112a4
YW		 2638
2639 log_link_debug(link, "Acquiring DHCPv6 lease on NDisc request");
2640 return 0;
2641}
2642
d5017c84 2643static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
b8ce3b44 2644 struct in6_addr router;
94e6d37c 2645 usec_t timestamp_usec;
86e2be7b 2646 int r;
1e7a0e21
LP		 2647
2648 assert(link);
2649 assert(link->network);
2650 assert(link->manager);
2651 assert(rt);
2652
9ca04752 2653 r = sd_ndisc_router_get_sender_address(rt, &router);
5908d864
YW		 2654 if (r == -ENODATA) {
2655 log_link_debug(link, "Received RA without router address, ignoring.");
2656 return 0;
2657 }
75d26411 2658 if (r < 0)
2c5bca17 2659 return log_link_warning_errno(link, r, "Failed to get router address from RA: %m");
75d26411 2660
c995fa02 2661 if (in6_prefix_is_filtered(&router, 128, link->network->ndisc_allow_listed_router, link->network->ndisc_deny_listed_router)) {
a0b7cae5
YW		 2662 if (!set_isempty(link->network->ndisc_allow_listed_router))
2663 log_link_debug(link, "Router %s is not in allow list, ignoring.", IN6_ADDR_TO_STRING(&router));
2664 else
2665 log_link_debug(link, "Router %s is in deny list, ignoring.", IN6_ADDR_TO_STRING(&router));
75d26411
YW		 2666 return 0;
2667 }
2668
94e6d37c 2669 r = sd_ndisc_router_get_timestamp(rt, CLOCK_BOOTTIME, &timestamp_usec);
5908d864
YW		 2670 if (r == -ENODATA) {
2671 log_link_debug(link, "Received RA without timestamp, ignoring.");
2672 return 0;
2673 }
94e6d37c
YW		 2674 if (r < 0)
2675 return r;
2676
87a33c07 2677 r = ndisc_drop_outdated(link, /* router = */ NULL, timestamp_usec);
94e6d37c 2678 if (r < 0)
2b4fca55 2679 return r;
94e6d37c 2680
01420b2d 2681 r = ndisc_remember_router(link, rt);
b03d7291
YW		 2682 if (r < 0)
2683 return r;
2684
928112a4
YW		 2685 r = ndisc_start_dhcp6_client(link, rt);
2686 if (r < 0)
2687 return r;
1e7a0e21 2688
1452d497
YW		 2689 r = ndisc_router_process_reachable_time(link, rt);
2690 if (r < 0)
2691 return r;
2692
d4c8de21
MM		 2693 r = ndisc_router_process_retransmission_time(link, rt);
2694 if (r < 0)
2695 return r;
2696
b15ed2be
MM		 2697 r = ndisc_router_process_hop_limit(link, rt);
2698 if (r < 0)
2699 return r;
2700
8c9ef90b
YW		 2701 r = ndisc_router_process_mtu(link, rt);
2702 if (r < 0)
2703 return r;
2704
25688f8d
YW		 2705 r = ndisc_router_process_options(link, rt, /* zero_lifetime = */ true);
2706 if (r < 0)
2707 return r;
2708
2709 r = ndisc_router_process_default(link, rt);
2710 if (r < 0)
2711 return r;
2712
2713 r = ndisc_router_process_options(link, rt, /* zero_lifetime = */ false);
13e8a49a
YW		 2714 if (r < 0)
2715 return r;
d5017c84 2716
77302468
YW		 2717 r = ndisc_setup_expire(link);
2718 if (r < 0)
2719 return r;
2720
9944629e
YW		 2721 if (sd_ndisc_router_get_lifetime(rt, NULL) <= 0)
2722 (void) ndisc_drop_redirect(link, &router);
6df00594 2723
2ccada8d 2724 if (link->ndisc_messages == 0)
3b6a3bde 2725 link->ndisc_configured = true;
2ccada8d 2726 else
3b6a3bde 2727 log_link_debug(link, "Setting SLAAC addresses and router.");
69203fba 2728
3b6a3bde 2729 if (!link->ndisc_configured)
69203fba
YW		 2730 link_set_state(link, LINK_STATE_CONFIGURING);
2731
76c5a0f2 2732 link_check_ready(link);
69203fba 2733 return 0;
1e7a0e21
LP		 2734}
2735
87a33c07
YW		 2736static int ndisc_neighbor_handle_non_router_message(Link *link, sd_ndisc_neighbor *na) {
2737 struct in6_addr address;
2738 int r;
2739
2740 assert(link);
2741 assert(na);
2742
2743 /* Received Neighbor Advertisement message without Router flag. The node might have been a router,
2744 * and now it is not. Let's drop all configurations based on RAs sent from the node. */
2745
2746 r = sd_ndisc_neighbor_get_target_address(na, &address);
2747 if (r == -ENODATA)
2748 return 0;
2749 if (r < 0)
2750 return r;
2751
9142bd5a
YW		 2752 /* Remove the routes configured by Redirect messages. */
2753 r = ndisc_drop_redirect(link, &address);
9944629e 2754
9142bd5a
YW		 2755 /* Also remove the default gateway via the host, but keep the configurations based on the RA options. */
2756 _cleanup_(sd_ndisc_router_unrefp) sd_ndisc_router *rt = hashmap_remove(link->ndisc_routers_by_sender, &address);
2757 if (rt)
2758 RET_GATHER(r, ndisc_router_drop_default(link, rt));
2759
2760 return r;
87a33c07
YW		 2761}
2762
2763static int ndisc_neighbor_handle_router_message(Link *link, sd_ndisc_neighbor *na) {
2764 struct in6_addr current_address, original_address;
2765 int r;
2766
2767 assert(link);
2768 assert(link->manager);
2769 assert(na);
2770
2771 /* Received Neighbor Advertisement message with Router flag. If the router address is changed, update
2772 * the provider field of configurations. */
2773
2774 r = sd_ndisc_neighbor_get_sender_address(na, &current_address);
2775 if (r == -ENODATA)
2776 return 0;
2777 if (r < 0)
2778 return r;
2779
2780 r = sd_ndisc_neighbor_get_target_address(na, &original_address);
2781 if (r == -ENODATA)
2782 return 0;
2783 if (r < 0)
2784 return r;
2785
2786 if (in6_addr_equal(&current_address, &original_address))
2787 return 0; /* the router address is not changed */
2788
01420b2d 2789 r = ndisc_update_router_address(link, &original_address, &current_address);
b03d7291
YW		 2790 if (r < 0)
2791 return r;
2792
6df00594
YW		 2793 r = ndisc_update_redirect_sender(link, &original_address, &current_address);
2794 if (r < 0)
2795 return r;
2796
87a33c07
YW		 2797 Route *route;
2798 SET_FOREACH(route, link->manager->routes) {
2799 if (route->source != NETWORK_CONFIG_SOURCE_NDISC)
2800 continue;
2801
2437ebee 2802 if (!route_is_bound_to_link(route, link))
87a33c07
YW		 2803 continue;
2804
2805 if (!in6_addr_equal(&route->provider.in6, &original_address))
2806 continue;
2807
2808 route->provider.in6 = current_address;
2809 }
2810
2811 Address *address;
2812 SET_FOREACH(address, link->addresses) {
2813 if (address->source != NETWORK_CONFIG_SOURCE_NDISC)
2814 continue;
2815
2816 if (!in6_addr_equal(&address->provider.in6, &original_address))
2817 continue;
2818
2819 address->provider.in6 = current_address;
2820 }
2821
2822 NDiscRDNSS *rdnss;
2823 SET_FOREACH(rdnss, link->ndisc_rdnss) {
2824 if (!in6_addr_equal(&rdnss->router, &original_address))
2825 continue;
2826
2827 rdnss->router = current_address;
2828 }
2829
2830 NDiscDNSSL *dnssl;
2831 SET_FOREACH(dnssl, link->ndisc_dnssl) {
2832 if (!in6_addr_equal(&dnssl->router, &original_address))
2833 continue;
2834
2835 dnssl->router = current_address;
2836 }
2837
2838 NDiscCaptivePortal *cp;
2839 SET_FOREACH(cp, link->ndisc_captive_portals) {
2840 if (!in6_addr_equal(&cp->router, &original_address))
2841 continue;
2842
2843 cp->router = current_address;
2844 }
2845
2846 NDiscPREF64 *p64;
2847 SET_FOREACH(p64, link->ndisc_pref64) {
2848 if (!in6_addr_equal(&p64->router, &original_address))
2849 continue;
2850
2851 p64->router = current_address;
2852 }
2853
0c90d1d2
RP		 2854 NDiscDNR *dnr;
2855 SET_FOREACH(dnr, link->ndisc_dnr) {
2856 if (!in6_addr_equal(&dnr->router, &original_address))
2857 continue;
2858
2859 dnr->router = current_address;
2860 }
2861
87a33c07
YW		 2862 return 0;
2863}
2864
2865static int ndisc_neighbor_handler(Link *link, sd_ndisc_neighbor *na) {
2866 int r;
2867
2868 assert(link);
2869 assert(na);
2870
2871 r = sd_ndisc_neighbor_is_router(na);
2872 if (r < 0)
2873 return r;
2874 if (r == 0)
2875 r = ndisc_neighbor_handle_non_router_message(link, na);
2876 else
2877 r = ndisc_neighbor_handle_router_message(link, na);
2878 if (r < 0)
2879 return r;
2880
2881 return 0;
2882}
2883
28eef158 2884static void ndisc_handler(sd_ndisc *nd, sd_ndisc_event_t event, void *message, void *userdata) {
99534007 2885 Link *link = ASSERT_PTR(userdata);
13e8a49a 2886 int r;
a13c50e7 2887
9d96e6c3
TG		 2888 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
2889 return;
a13c50e7 2890
9d96e6c3 2891 switch (event) {
1e7a0e21
LP		 2892
2893 case SD_NDISC_EVENT_ROUTER:
28eef158 2894 r = ndisc_router_handler(link, ASSERT_PTR(message));
5908d864 2895 if (r < 0 && r != -EBADMSG) {
13e8a49a
YW		 2896 link_enter_failed(link);
2897 return;
2898 }
1e7a0e21
LP		 2899 break;
2900
87a33c07
YW		 2901 case SD_NDISC_EVENT_NEIGHBOR:
2902 r = ndisc_neighbor_handler(link, ASSERT_PTR(message));
2903 if (r < 0 && r != -EBADMSG) {
2904 link_enter_failed(link);
2905 return;
2906 }
2907 break;
2908
6df00594
YW		 2909 case SD_NDISC_EVENT_REDIRECT:
2910 r = ndisc_redirect_handler(link, ASSERT_PTR(message));
2911 if (r < 0 && r != -EBADMSG) {
2912 log_link_warning_errno(link, r, "Failed to process Redirect message: %m");
2913 link_enter_failed(link);
2914 return;
2915 }
2916 break;
2917
9d96e6c3 2918 case SD_NDISC_EVENT_TIMEOUT:
a8c10331 2919 log_link_debug(link, "NDisc handler get timeout event");
3b6a3bde
YW		 2920 if (link->ndisc_messages == 0) {
2921 link->ndisc_configured = true;
3336e946
YW		 2922 link_check_ready(link);
2923 }
9d96e6c3 2924 break;
28eef158 2925
9d96e6c3 2926 default:
28eef158 2927 log_link_debug(link, "Received unsupported NDisc event, ignoring.");
a13c50e7
TG		 2928 }
2929}
2930
ba4c7184 2931static int ndisc_configure(Link *link) {
a13c50e7
TG		 2932 int r;
2933
1e7a0e21
LP		 2934 assert(link);
2935
52672db3 2936 if (!link_ndisc_enabled(link))
2ffd6d73 2937 return 0;
a13c50e7 2938
5c078687 2939 if (link->ndisc)
bc9e40c9 2940 return -EBUSY; /* Already configured. */
2ffd6d73 2941
5c078687
YW		 2942 r = sd_ndisc_new(&link->ndisc);
2943 if (r < 0)
2944 return r;
2945
2946 r = sd_ndisc_attach_event(link->ndisc, link->manager->event, 0);
2947 if (r < 0)
2948 return r;
a13c50e7 2949
3be64aa4
YW		 2950 if (link->hw_addr.length == ETH_ALEN) {
2951 r = sd_ndisc_set_mac(link->ndisc, &link->hw_addr.ether);
2952 if (r < 0)
2953 return r;
2954 }
a13c50e7 2955
1e7a0e21 2956 r = sd_ndisc_set_ifindex(link->ndisc, link->ifindex);
a13c50e7
TG		 2957 if (r < 0)
2958 return r;
2959
1e7a0e21 2960 r = sd_ndisc_set_callback(link->ndisc, ndisc_handler, link);
a13c50e7
TG		 2961 if (r < 0)
2962 return r;
2963
1e7a0e21
LP		 2964 return 0;
2965}
2966
294f129b 2967int ndisc_start(Link *link) {
ba4c7184
YW		 2968 int r;
2969
294f129b
YW		 2970 assert(link);
2971
2972 if (!link->ndisc || !link->dhcp6_client)
2973 return 0;
2974
ccffa166
YW		 2975 if (!link_has_carrier(link))
2976 return 0;
2977
3b6a3bde
YW		 2978 if (in6_addr_is_null(&link->ipv6ll_address))
2979 return 0;
2980
25413fbf
YW		 2981 r = sd_ndisc_set_link_local_address(link->ndisc, &link->ipv6ll_address);
2982 if (r < 0)
2983 return r;
2984
294f129b
YW		 2985 log_link_debug(link, "Discovering IPv6 routers");
2986
ba4c7184
YW		 2987 r = sd_ndisc_start(link->ndisc);
2988 if (r < 0)
2989 return r;
2990
2991 return 1;
2992}
2993
09d09207 2994static int ndisc_process_request(Request *req, Link *link, void *userdata) {
ba4c7184
YW		 2995 int r;
2996
ff51134c 2997 assert(link);
ba4c7184 2998
4b482e8b 2999 if (!link_is_ready_to_configure(link, /* allow_unmanaged = */ false))
ba4c7184
YW		 3000 return 0;
3001
ba4c7184
YW		 3002 r = ndisc_configure(link);
3003 if (r < 0)
3004 return log_link_warning_errno(link, r, "Failed to configure IPv6 Router Discovery: %m");
3005
3006 r = ndisc_start(link);
3007 if (r < 0)
3008 return log_link_warning_errno(link, r, "Failed to start IPv6 Router Discovery: %m");
3009
3010 log_link_debug(link, "IPv6 Router Discovery is configured%s.",
3011 r > 0 ? " and started" : "");
ba4c7184
YW		 3012 return 1;
3013}
3014
3015int link_request_ndisc(Link *link) {
3016 int r;
3017
3018 assert(link);
3019
52672db3 3020 if (!link_ndisc_enabled(link))
ba4c7184
YW		 3021 return 0;
3022
3023 if (link->ndisc)
3024 return 0;
3025
09d09207 3026 r = link_queue_request(link, REQUEST_TYPE_NDISC, ndisc_process_request, NULL);
ba4c7184
YW		 3027 if (r < 0)
3028 return log_link_warning_errno(link, r, "Failed to request configuring of the IPv6 Router Discovery: %m");
3029
3030 log_link_debug(link, "Requested configuring of the IPv6 Router Discovery.");
3031 return 0;
294f129b
YW		 3032}
3033
451c2baf
YW		 3034int link_drop_ndisc_config(Link *link, Network *network) {
3035 int r, ret = 0;
3036
3037 assert(link);
82df2e0f 3038 assert(link->network);
451c2baf 3039
82df2e0f
YW		 3040 if (link->network == network)
3041 return 0; /* .network file is unchanged. It is not necessary to reconfigure the client. */
451c2baf 3042
82df2e0f
YW		 3043 if (!link_ndisc_enabled(link)) {
3044 /* NDisc is disabled. Stop the client if it is running and flush configs. */
451c2baf
YW		 3045 ret = ndisc_stop(link);
3046 ndisc_flush(link);
3047 link->ndisc = sd_ndisc_unref(link->ndisc);
3048 return ret;
3049 }
3050
82df2e0f 3051 /* Even if the client was previously enabled and also enabled in the new .network file, detailed
451c2baf
YW		 3052 * settings for the client may be different. Let's unref() the client. */
3053 link->ndisc = sd_ndisc_unref(link->ndisc);
3054
82df2e0f
YW		 3055 /* Get if NDisc was enabled or not. */
3056 Network *current = link->network;
3057 link->network = network;
3058 bool enabled = link_ndisc_enabled(link);
3059 link->network = current;
3060
3061 /* If previously explicitly disabled, there should be nothing to drop.
3062 * If we do not know the previous setting of the client, e.g. when networkd is restarted, in that
3063 * case we do not have the previous .network file assigned to the interface, then let's assume no
3064 * detailed configuration is changed. Hopefully, unmatching configurations will be dropped after
3065 * their lifetime. */
3066 if (!enabled)
3067 return 0;
3068
3069 assert(network);
3070
451c2baf
YW		 3071 /* Redirect messages will be ignored. Drop configurations based on the previously received redirect
3072 * messages. */
3073 if (!network->ndisc_use_redirect)
3074 (void) ndisc_drop_redirect(link, /* router = */ NULL);
3075
3076 /* If one of the route setting is changed, drop all routes. */
3077 if (link->network->ndisc_use_gateway != network->ndisc_use_gateway ||
3078 link->network->ndisc_use_route_prefix != network->ndisc_use_route_prefix ||
3079 link->network->ndisc_use_onlink_prefix != network->ndisc_use_onlink_prefix ||
3080 link->network->ndisc_quickack != network->ndisc_quickack ||
3081 link->network->ndisc_route_metric_high != network->ndisc_route_metric_high ||
3082 link->network->ndisc_route_metric_medium != network->ndisc_route_metric_medium ||
3083 link->network->ndisc_route_metric_low != network->ndisc_route_metric_low ||
3084 !set_equal(link->network->ndisc_deny_listed_router, network->ndisc_deny_listed_router) ||
3085 !set_equal(link->network->ndisc_allow_listed_router, network->ndisc_allow_listed_router) ||
3086 !set_equal(link->network->ndisc_deny_listed_prefix, network->ndisc_deny_listed_prefix) ||
3087 !set_equal(link->network->ndisc_allow_listed_prefix, network->ndisc_allow_listed_prefix) ||
3088 !set_equal(link->network->ndisc_deny_listed_route_prefix, network->ndisc_deny_listed_route_prefix) ||
3089 !set_equal(link->network->ndisc_allow_listed_route_prefix, network->ndisc_allow_listed_route_prefix)) {
3090 Route *route;
3091 SET_FOREACH(route, link->manager->routes) {
3092 if (route->source != NETWORK_CONFIG_SOURCE_NDISC)
3093 continue;
3094
2437ebee 3095 if (!route_is_bound_to_link(route, link))
451c2baf
YW		 3096 continue;
3097
3098 if (route->protocol == RTPROT_REDIRECT)
3099 continue; /* redirect route is handled by ndisc_drop_redirect(). */
3100
3101 r = route_remove_and_cancel(route, link->manager);
3102 if (r < 0)
3103 RET_GATHER(ret, log_link_warning_errno(link, r, "Failed to remove SLAAC route, ignoring: %m"));
3104 }
0f8afaf9
YW		 3105
3106 RET_GATHER(ret, ndisc_remove_unused_nexthops(link));
451c2baf
YW		 3107 }
3108
3109 /* If SLAAC address is disabled, drop all addresses. */
3110 if (!network->ndisc_use_autonomous_prefix ||
3111 !set_equal(link->network->ndisc_tokens, network->ndisc_tokens) ||
3112 !set_equal(link->network->ndisc_deny_listed_prefix, network->ndisc_deny_listed_prefix) ||
3113 !set_equal(link->network->ndisc_allow_listed_prefix, network->ndisc_allow_listed_prefix)) {
3114 Address *address;
3115 SET_FOREACH(address, link->addresses) {
3116 if (address->source != NETWORK_CONFIG_SOURCE_NDISC)
3117 continue;
3118
3119 r = address_remove_and_cancel(address, link);
3120 if (r < 0)
3121 RET_GATHER(ret, log_link_warning_errno(link, r, "Failed to remove SLAAC address, ignoring: %m"));
3122 }
3123 }
3124
3125 if (!network->ndisc_use_mtu)
3126 link->ndisc_mtu = 0;
3127
3128 return ret;
3129}
3130
77302468
YW		 3131int ndisc_stop(Link *link) {
3132 assert(link);
3133
3134 link->ndisc_expire = sd_event_source_disable_unref(link->ndisc_expire);
3135
3136 return sd_ndisc_stop(link->ndisc);
3137}
3138
c69305ff
LP		 3139void ndisc_flush(Link *link) {
3140 assert(link);
3141
0c90d1d2 3142 /* Remove all addresses, routes, RDNSS, DNSSL, DNR, and Captive Portal entries, without exception. */
87a33c07 3143 (void) ndisc_drop_outdated(link, /* router = */ NULL, /* timestamp_usec = */ USEC_INFINITY);
9944629e 3144 (void) ndisc_drop_redirect(link, /* router = */ NULL);
c69305ff 3145
01420b2d 3146 link->ndisc_routers_by_sender = hashmap_free(link->ndisc_routers_by_sender);
b0b97766
YW		 3147 link->ndisc_rdnss = set_free(link->ndisc_rdnss);
3148 link->ndisc_dnssl = set_free(link->ndisc_dnssl);
64de00c4 3149 link->ndisc_captive_portals = set_free(link->ndisc_captive_portals);
6e8f5e4c 3150 link->ndisc_pref64 = set_free(link->ndisc_pref64);
6df00594 3151 link->ndisc_redirects = set_free(link->ndisc_redirects);
0c90d1d2 3152 link->ndisc_dnr = set_free(link->ndisc_dnr);
8c9ef90b 3153 link->ndisc_mtu = 0;
c69305ff 3154}
e520ce64 3155
52672db3 3156static const char* const ndisc_start_dhcp6_client_table[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX] = {
ac24e418
SS		 3157 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO] = "no",
3158 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS] = "always",
3159 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES] = "yes",
3160};
3161
52672db3 3162DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(ndisc_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES);
3b6a3bde 3163
42efe5be 3164DEFINE_CONFIG_PARSE_ENUM(config_parse_ndisc_start_dhcp6_client, ndisc_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client);
Unnamed repository; edit this file 'description' to name the repository.