1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 #include <netinet/in.h>
4 #include <linux/l2tp.h>
5 #include <linux/genetlink.h>
7 #include "sd-netlink.h"
9 #include "conf-parser.h"
11 #include "l2tp-tunnel.h"
13 #include "netlink-util.h"
14 #include "networkd-address.h"
15 #include "networkd-manager.h"
16 #include "parse-util.h"
17 #include "socket-util.h"
18 #include "string-table.h"
19 #include "string-util.h"
22 static const char* const l2tp_l2spec_type_table
[_NETDEV_L2TP_L2SPECTYPE_MAX
] = {
23 [NETDEV_L2TP_L2SPECTYPE_NONE
] = "none",
24 [NETDEV_L2TP_L2SPECTYPE_DEFAULT
] = "default",
27 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_l2spec_type
, L2tpL2specType
);
29 static const char* const l2tp_encap_type_table
[_NETDEV_L2TP_ENCAPTYPE_MAX
] = {
30 [NETDEV_L2TP_ENCAPTYPE_UDP
] = "udp",
31 [NETDEV_L2TP_ENCAPTYPE_IP
] = "ip",
34 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_encap_type
, L2tpEncapType
);
35 DEFINE_CONFIG_PARSE_ENUM(config_parse_l2tp_encap_type
, l2tp_encap_type
, L2tpEncapType
, "Failed to parse L2TP Encapsulation Type");
37 static const char* const l2tp_local_address_type_table
[_NETDEV_L2TP_LOCAL_ADDRESS_MAX
] = {
38 [NETDEV_L2TP_LOCAL_ADDRESS_AUTO
] = "auto",
39 [NETDEV_L2TP_LOCAL_ADDRESS_STATIC
] = "static",
40 [NETDEV_L2TP_LOCAL_ADDRESS_DYNAMIC
] = "dynamic",
43 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(l2tp_local_address_type
, L2tpLocalAddressType
);
45 static void l2tp_session_free(L2tpSession
*s
) {
49 if (s
->tunnel
&& s
->section
)
50 ordered_hashmap_remove(s
->tunnel
->sessions_by_section
, s
);
52 network_config_section_free(s
->section
);
59 DEFINE_NETWORK_SECTION_FUNCTIONS(L2tpSession
, l2tp_session_free
);
61 static int l2tp_session_new_static(L2tpTunnel
*t
, const char *filename
, unsigned section_line
, L2tpSession
**ret
) {
62 _cleanup_(network_config_section_freep
) NetworkConfigSection
*n
= NULL
;
63 _cleanup_(l2tp_session_freep
) L2tpSession
*s
= NULL
;
69 assert(section_line
> 0);
71 r
= network_config_section_new(filename
, section_line
, &n
);
75 s
= ordered_hashmap_get(t
->sessions_by_section
, n
);
81 s
= new(L2tpSession
, 1);
86 .l2tp_l2spec_type
= NETDEV_L2TP_L2SPECTYPE_DEFAULT
,
88 .section
= TAKE_PTR(n
),
91 r
= ordered_hashmap_ensure_allocated(&t
->sessions_by_section
, &network_config_hash_ops
);
95 r
= ordered_hashmap_put(t
->sessions_by_section
, s
->section
, s
);
103 static int netdev_l2tp_fill_message_tunnel(NetDev
*netdev
, union in_addr_union
*local_address
, sd_netlink_message
**ret
) {
104 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
110 assert(local_address
);
116 r
= sd_genl_message_new(netdev
->manager
->genl
, SD_GENL_L2TP
, L2TP_CMD_TUNNEL_CREATE
, &m
);
118 return log_netdev_error_errno(netdev
, r
, "Failed to create generic netlink message: %m");
120 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_CONN_ID
, t
->tunnel_id
);
122 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_CONN_ID attribute: %m");
124 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_CONN_ID
, t
->peer_tunnel_id
);
126 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_PEER_CONN_ID attribute: %m");
128 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_PROTO_VERSION
, 3);
130 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_PROTO_VERSION attribute: %m");
132 switch(t
->l2tp_encap_type
) {
133 case NETDEV_L2TP_ENCAPTYPE_IP
:
134 encap_type
= L2TP_ENCAPTYPE_IP
;
136 case NETDEV_L2TP_ENCAPTYPE_UDP
:
138 encap_type
= L2TP_ENCAPTYPE_UDP
;
142 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_ENCAP_TYPE
, encap_type
);
144 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_ENCAP_TYPE attribute: %m");
146 if (t
->family
== AF_INET
) {
147 r
= sd_netlink_message_append_in_addr(m
, L2TP_ATTR_IP_SADDR
, &local_address
->in
);
149 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_IP_SADDR attribute: %m");
151 r
= sd_netlink_message_append_in_addr(m
, L2TP_ATTR_IP_DADDR
, &t
->remote
.in
);
153 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_IP_DADDR attribute: %m");
155 r
= sd_netlink_message_append_in6_addr(m
, L2TP_ATTR_IP6_SADDR
, &local_address
->in6
);
157 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_IP6_SADDR attribute: %m");
159 r
= sd_netlink_message_append_in6_addr(m
, L2TP_ATTR_IP6_DADDR
, &t
->remote
.in6
);
161 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_IP6_DADDR attribute: %m");
164 if (encap_type
== L2TP_ENCAPTYPE_UDP
) {
165 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_UDP_SPORT
, t
->l2tp_udp_sport
);
167 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_UDP_SPORT, attribute: %m");
169 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_UDP_DPORT
, t
->l2tp_udp_dport
);
171 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_UDP_DPORT attribute: %m");
174 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_UDP_CSUM
, t
->udp_csum
);
176 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_UDP_CSUM attribute: %m");
179 if (t
->udp6_csum_tx
) {
180 r
= sd_netlink_message_append_flag(m
, L2TP_ATTR_UDP_ZERO_CSUM6_TX
);
182 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_UDP_ZERO_CSUM6_TX attribute: %m");
185 if (t
->udp6_csum_rx
) {
186 r
= sd_netlink_message_append_flag(m
, L2TP_ATTR_UDP_ZERO_CSUM6_RX
);
188 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_UDP_ZERO_CSUM6_RX attribute: %m");
197 static int netdev_l2tp_fill_message_session(NetDev
*netdev
, L2tpSession
*session
, sd_netlink_message
**ret
) {
198 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
199 uint16_t l2_spec_len
;
200 uint8_t l2_spec_type
;
205 assert(session
->tunnel
);
207 r
= sd_genl_message_new(netdev
->manager
->genl
, SD_GENL_L2TP
, L2TP_CMD_SESSION_CREATE
, &m
);
209 return log_netdev_error_errno(netdev
, r
, "Failed to create generic netlink message: %m");
211 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_CONN_ID
, session
->tunnel
->tunnel_id
);
213 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_CONN_ID attribute: %m");
215 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_CONN_ID
, session
->tunnel
->peer_tunnel_id
);
217 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_PEER_CONN_ID attribute: %m");
219 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_SESSION_ID
, session
->session_id
);
221 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_SESSION_ID attribute: %m");
223 r
= sd_netlink_message_append_u32(m
, L2TP_ATTR_PEER_SESSION_ID
, session
->peer_session_id
);
225 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_PEER_SESSION_ID attribute: %m");
227 r
= sd_netlink_message_append_u16(m
, L2TP_ATTR_PW_TYPE
, L2TP_PWTYPE_ETH
);
229 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_PW_TYPE attribute: %m");
231 switch (session
->l2tp_l2spec_type
) {
232 case NETDEV_L2TP_L2SPECTYPE_NONE
:
233 l2_spec_type
= L2TP_L2SPECTYPE_NONE
;
236 case NETDEV_L2TP_L2SPECTYPE_DEFAULT
:
238 l2_spec_type
= L2TP_L2SPECTYPE_DEFAULT
;
243 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_L2SPEC_TYPE
, l2_spec_type
);
245 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_L2SPEC_TYPE attribute: %m");
247 r
= sd_netlink_message_append_u8(m
, L2TP_ATTR_L2SPEC_LEN
, l2_spec_len
);
249 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_L2SPEC_LEN attribute: %m");
251 r
= sd_netlink_message_append_string(m
, L2TP_ATTR_IFNAME
, session
->name
);
253 return log_netdev_error_errno(netdev
, r
, "Could not append L2TP_ATTR_IFNAME attribute: %m");
260 static int l2tp_acquire_local_address_one(L2tpTunnel
*t
, Address
*a
, union in_addr_union
*ret
) {
261 if (a
->family
!= t
->family
)
264 if (in_addr_is_null(a
->family
, &a
->in_addr_peer
) <= 0)
267 if (t
->local_address_type
== NETDEV_L2TP_LOCAL_ADDRESS_STATIC
&&
268 !FLAGS_SET(a
->flags
, IFA_F_PERMANENT
))
271 if (t
->local_address_type
== NETDEV_L2TP_LOCAL_ADDRESS_DYNAMIC
&&
272 FLAGS_SET(a
->flags
, IFA_F_PERMANENT
))
279 static int l2tp_acquire_local_address(L2tpTunnel
*t
, Link
*link
, union in_addr_union
*ret
) {
286 assert(IN_SET(t
->family
, AF_INET
, AF_INET6
));
288 if (!in_addr_is_null(t
->family
, &t
->local
)) {
289 /* local address is explicitly specified. */
294 SET_FOREACH(a
, link
->addresses
, i
)
295 if (l2tp_acquire_local_address_one(t
, a
, ret
) >= 0)
298 SET_FOREACH(a
, link
->addresses_foreign
, i
)
299 if (l2tp_acquire_local_address_one(t
, a
, ret
) >= 0)
305 static void l2tp_session_destroy_callback(L2tpSession
*session
) {
309 netdev_unref(NETDEV(session
->tunnel
));
312 static int l2tp_create_session_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, L2tpSession
*session
) {
317 assert(session
->tunnel
);
319 netdev
= NETDEV(session
->tunnel
);
321 r
= sd_netlink_message_get_errno(m
);
323 log_netdev_info(netdev
, "L2TP session %s exists, using existing without changing its parameters",
326 log_netdev_warning_errno(netdev
, r
, "L2TP session %s could not be created: %m", session
->name
);
330 log_netdev_debug(netdev
, "L2TP session %s created", session
->name
);
334 static int l2tp_create_session(NetDev
*netdev
, L2tpSession
*session
) {
335 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*n
= NULL
;
338 r
= netdev_l2tp_fill_message_session(netdev
, session
, &n
);
342 r
= netlink_call_async(netdev
->manager
->genl
, NULL
, n
, l2tp_create_session_handler
,
343 l2tp_session_destroy_callback
, session
);
345 return log_netdev_error_errno(netdev
, r
, "Failed to create L2TP session %s: %m", session
->name
);
351 static int l2tp_create_tunnel_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, NetDev
*netdev
) {
352 L2tpSession
*session
;
358 assert(netdev
->state
!= _NETDEV_STATE_INVALID
);
364 r
= sd_netlink_message_get_errno(m
);
366 log_netdev_info(netdev
, "netdev exists, using existing without changing its parameters");
368 log_netdev_warning_errno(netdev
, r
, "netdev could not be created: %m");
374 log_netdev_debug(netdev
, "L2TP tunnel is created");
376 ORDERED_HASHMAP_FOREACH(session
, t
->sessions_by_section
, i
)
377 (void) l2tp_create_session(netdev
, session
);
382 static int l2tp_create_tunnel(NetDev
*netdev
, Link
*link
) {
383 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
384 union in_addr_union local_address
;
394 r
= l2tp_acquire_local_address(t
, link
, &local_address
);
396 return log_netdev_error_errno(netdev
, r
, "Could not find local address.");
398 if (r
> 0 && DEBUG_LOGGING
) {
399 _cleanup_free_
char *str
= NULL
;
401 (void) in_addr_to_string(t
->family
, &local_address
, &str
);
402 log_netdev_debug(netdev
, "Local address %s acquired.", strna(str
));
405 r
= netdev_l2tp_fill_message_tunnel(netdev
, &local_address
, &m
);
409 r
= netlink_call_async(netdev
->manager
->genl
, NULL
, m
, l2tp_create_tunnel_handler
,
410 netdev_destroy_callback
, netdev
);
412 return log_netdev_error_errno(netdev
, r
, "Failed to create L2TP tunnel: %m");
419 int config_parse_l2tp_tunnel_address(
421 const char *filename
,
424 unsigned section_line
,
431 L2tpTunnel
*t
= userdata
;
432 union in_addr_union
*addr
= data
;
440 if (streq(lvalue
, "Local")) {
441 L2tpLocalAddressType addr_type
;
444 addr_type
= NETDEV_L2TP_LOCAL_ADDRESS_AUTO
;
446 addr_type
= l2tp_local_address_type_from_string(rvalue
);
448 if (addr_type
>= 0) {
449 if (in_addr_is_null(t
->family
, &t
->remote
) != 0)
450 /* If Remote= is not specified yet, then also clear family. */
451 t
->family
= AF_UNSPEC
;
453 t
->local
= IN_ADDR_NULL
;
454 t
->local_address_type
= addr_type
;
460 if (t
->family
== AF_UNSPEC
)
461 r
= in_addr_from_string_auto(rvalue
, &t
->family
, addr
);
463 r
= in_addr_from_string(t
->family
, rvalue
, addr
);
465 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
466 "Invalid L2TP Tunnel address specified in %s='%s', ignoring assignment: %m", lvalue
, rvalue
);
473 int config_parse_l2tp_tunnel_id(
475 const char *filename
,
478 unsigned section_line
,
485 uint32_t *id
= data
, k
;
493 r
= safe_atou32(rvalue
, &k
);
495 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
496 "Failed to parse L2TP tunnel id. Ignoring assignment: %s", rvalue
);
501 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
502 "Invalid L2TP tunnel id. Ignoring assignment: %s", rvalue
);
511 int config_parse_l2tp_session_id(
513 const char *filename
,
516 unsigned section_line
,
523 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
524 L2tpTunnel
*t
= userdata
;
534 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
538 r
= safe_atou32(rvalue
, &k
);
540 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
541 "Failed to parse L2TP session id. Ignoring assignment: %s", rvalue
);
546 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
547 "Invalid L2TP session id. Ignoring assignment: %s", rvalue
);
551 if (streq(lvalue
, "SessionId"))
552 session
->session_id
= k
;
554 session
->peer_session_id
= k
;
560 int config_parse_l2tp_session_l2spec(
562 const char *filename
,
565 unsigned section_line
,
572 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
573 L2tpTunnel
*t
= userdata
;
583 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
587 spec
= l2tp_l2spec_type_from_string(rvalue
);
589 log_syntax(unit
, LOG_ERR
, filename
, line
, 0,
590 "Failed to parse layer2 specific header type. Ignoring assignment: %s", rvalue
);
594 session
->l2tp_l2spec_type
= spec
;
600 int config_parse_l2tp_session_name(
602 const char *filename
,
605 unsigned section_line
,
612 _cleanup_(l2tp_session_free_or_set_invalidp
) L2tpSession
*session
= NULL
;
613 L2tpTunnel
*t
= userdata
;
622 r
= l2tp_session_new_static(t
, filename
, section_line
, &session
);
626 if (!ifname_valid(rvalue
)) {
627 log_syntax(unit
, LOG_ERR
, filename
, line
, 0,
628 "Failed to parse L2TP tunnel session name. Ignoring assignment: %s", rvalue
);
632 r
= free_and_strdup(&session
->name
, rvalue
);
640 static void l2tp_tunnel_init(NetDev
*netdev
) {
649 t
->l2tp_encap_type
= NETDEV_L2TP_ENCAPTYPE_UDP
;
650 t
->udp6_csum_rx
= true;
651 t
->udp6_csum_tx
= true;
654 static int l2tp_session_verify(L2tpSession
*session
) {
658 assert(session
->tunnel
);
660 netdev
= NETDEV(session
->tunnel
);
662 if (section_is_invalid(session
->section
))
666 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
667 "%s: L2TP session without name configured. "
668 "Ignoring [L2TPSession] section from line %u",
669 session
->section
->filename
, session
->section
->line
);
671 if (session
->session_id
== 0 || session
->peer_session_id
== 0)
672 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
673 "%s: L2TP session without session IDs configured. "
674 "Ignoring [L2TPSession] section from line %u",
675 session
->section
->filename
, session
->section
->line
);
680 static int netdev_l2tp_tunnel_verify(NetDev
*netdev
, const char *filename
) {
682 L2tpSession
*session
;
692 if (!IN_SET(t
->family
, AF_INET
, AF_INET6
))
693 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
694 "%s: L2TP tunnel with invalid address family configured. Ignoring",
697 if (in_addr_is_null(t
->family
, &t
->remote
))
698 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
699 "%s: L2TP tunnel without a remote address configured. Ignoring",
702 if (t
->tunnel_id
== 0 || t
->peer_tunnel_id
== 0)
703 return log_netdev_error_errno(netdev
, SYNTHETIC_ERRNO(EINVAL
),
704 "%s: L2TP tunnel without tunnel IDs configured. Ignoring",
707 ORDERED_HASHMAP_FOREACH(session
, t
->sessions_by_section
, i
)
708 if (l2tp_session_verify(session
) < 0)
709 l2tp_session_free(session
);
714 static void l2tp_tunnel_done(NetDev
*netdev
) {
723 ordered_hashmap_free_with_destructor(t
->sessions_by_section
, l2tp_session_free
);
726 const NetDevVTable l2tptnl_vtable
= {
727 .object_size
= sizeof(L2tpTunnel
),
728 .init
= l2tp_tunnel_init
,
729 .sections
= "Match\0NetDev\0L2TP\0L2TPSession\0",
730 .create_after_configured
= l2tp_create_tunnel
,
731 .done
= l2tp_tunnel_done
,
732 .create_type
= NETDEV_CREATE_AFTER_CONFIGURED
,
733 .config_verify
= netdev_l2tp_tunnel_verify
,