1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <net/if_arp.h>
6 #include "alloc-util.h"
7 #include "firewall-util.h"
9 #include "memory-util.h"
10 #include "netlink-util.h"
11 #include "networkd-address-pool.h"
12 #include "networkd-address.h"
13 #include "networkd-dhcp-server.h"
14 #include "networkd-ipv4acd.h"
15 #include "networkd-manager.h"
16 #include "networkd-netlabel.h"
17 #include "networkd-network.h"
18 #include "networkd-queue.h"
19 #include "networkd-route-util.h"
20 #include "networkd-route.h"
21 #include "parse-util.h"
22 #include "string-util.h"
26 #define ADDRESSES_PER_LINK_MAX 2048U
27 #define STATIC_ADDRESSES_PER_NETWORK_MAX 1024U
38 IFA_F_MANAGETEMPADDR | \
39 IFA_F_NOPREFIXROUTE | \
43 /* From net/ipv4/devinet.c */
44 #define IPV6ONLY_FLAGS \
50 IFA_F_MANAGETEMPADDR | \
53 /* We do not control the following flags. */
54 #define UNMANAGED_FLAGS \
62 int address_flags_to_string_alloc(uint32_t flags
, int family
, char **ret
) {
63 _cleanup_free_
char *str
= NULL
;
64 static const char* map
[] = {
65 [LOG2U(IFA_F_SECONDARY
)] = "secondary", /* This is also called "temporary" for ipv6. */
66 [LOG2U(IFA_F_NODAD
)] = "nodad",
67 [LOG2U(IFA_F_OPTIMISTIC
)] = "optimistic",
68 [LOG2U(IFA_F_DADFAILED
)] = "dadfailed",
69 [LOG2U(IFA_F_HOMEADDRESS
)] = "home-address",
70 [LOG2U(IFA_F_DEPRECATED
)] = "deprecated",
71 [LOG2U(IFA_F_TENTATIVE
)] = "tentative",
72 [LOG2U(IFA_F_PERMANENT
)] = "permanent",
73 [LOG2U(IFA_F_MANAGETEMPADDR
)] = "manage-temporary-address",
74 [LOG2U(IFA_F_NOPREFIXROUTE
)] = "no-prefixroute",
75 [LOG2U(IFA_F_MCAUTOJOIN
)] = "auto-join",
76 [LOG2U(IFA_F_STABLE_PRIVACY
)] = "stable-privacy",
79 assert(IN_SET(family
, AF_INET
, AF_INET6
));
82 for (size_t i
= 0; i
< ELEMENTSOF(map
); i
++)
83 if (FLAGS_SET(flags
, 1 << i
) && map
[i
])
84 if (!strextend_with_separator(
86 family
== AF_INET6
&& (1 << i
) == IFA_F_SECONDARY
? "temporary" : map
[i
]))
93 static LinkAddressState
address_state_from_scope(uint8_t scope
) {
94 if (scope
< RT_SCOPE_SITE
)
95 /* universally accessible addresses found */
96 return LINK_ADDRESS_STATE_ROUTABLE
;
98 if (scope
< RT_SCOPE_HOST
)
99 /* only link or site local addresses found */
100 return LINK_ADDRESS_STATE_DEGRADED
;
102 /* no useful addresses found */
103 return LINK_ADDRESS_STATE_OFF
;
106 void link_get_address_states(
108 LinkAddressState
*ret_ipv4
,
109 LinkAddressState
*ret_ipv6
,
110 LinkAddressState
*ret_all
) {
112 uint8_t ipv4_scope
= RT_SCOPE_NOWHERE
, ipv6_scope
= RT_SCOPE_NOWHERE
;
117 SET_FOREACH(address
, link
->addresses
) {
118 if (!address_is_ready(address
))
121 if (address
->family
== AF_INET
)
122 ipv4_scope
= MIN(ipv4_scope
, address
->scope
);
124 if (address
->family
== AF_INET6
)
125 ipv6_scope
= MIN(ipv6_scope
, address
->scope
);
129 *ret_ipv4
= address_state_from_scope(ipv4_scope
);
131 *ret_ipv6
= address_state_from_scope(ipv6_scope
);
133 *ret_all
= address_state_from_scope(MIN(ipv4_scope
, ipv6_scope
));
136 int address_new(Address
**ret
) {
137 _cleanup_(address_freep
) Address
*address
= NULL
;
139 address
= new(Address
, 1);
143 *address
= (Address
) {
145 .scope
= RT_SCOPE_UNIVERSE
,
146 .lifetime_valid_usec
= USEC_INFINITY
,
147 .lifetime_preferred_usec
= USEC_INFINITY
,
151 *ret
= TAKE_PTR(address
);
156 int address_new_static(Network
*network
, const char *filename
, unsigned section_line
, Address
**ret
) {
157 _cleanup_(config_section_freep
) ConfigSection
*n
= NULL
;
158 _cleanup_(address_freep
) Address
*address
= NULL
;
164 assert(section_line
> 0);
166 r
= config_section_new(filename
, section_line
, &n
);
170 address
= ordered_hashmap_get(network
->addresses_by_section
, n
);
172 *ret
= TAKE_PTR(address
);
176 if (ordered_hashmap_size(network
->addresses_by_section
) >= STATIC_ADDRESSES_PER_NETWORK_MAX
)
179 r
= address_new(&address
);
183 address
->network
= network
;
184 address
->section
= TAKE_PTR(n
);
185 address
->source
= NETWORK_CONFIG_SOURCE_STATIC
;
186 /* This will be adjusted in address_section_verify(). */
187 address
->duplicate_address_detection
= _ADDRESS_FAMILY_INVALID
;
189 r
= ordered_hashmap_ensure_put(&network
->addresses_by_section
, &config_section_hash_ops
, address
->section
, address
);
193 *ret
= TAKE_PTR(address
);
197 Address
*address_free(Address
*address
) {
201 if (address
->network
) {
202 assert(address
->section
);
203 ordered_hashmap_remove(address
->network
->addresses_by_section
, address
->section
);
207 set_remove(address
->link
->addresses
, address
);
209 if (address
->family
== AF_INET6
&&
210 in6_addr_equal(&address
->in_addr
.in6
, &address
->link
->ipv6ll_address
))
211 memzero(&address
->link
->ipv6ll_address
, sizeof(struct in6_addr
));
213 ipv4acd_detach(address
->link
, address
);
216 config_section_free(address
->section
);
217 free(address
->label
);
218 free(address
->netlabel
);
219 nft_set_context_clear(&address
->nft_set_context
);
220 return mfree(address
);
223 static bool address_lifetime_is_valid(const Address
*a
) {
227 a
->lifetime_valid_usec
== USEC_INFINITY
||
228 a
->lifetime_valid_usec
> now(CLOCK_BOOTTIME
);
231 bool address_is_ready(const Address
*a
) {
235 if (!ipv4acd_bound(a
->link
, a
))
238 if (FLAGS_SET(a
->flags
, IFA_F_TENTATIVE
))
241 if (FLAGS_SET(a
->state
, NETWORK_CONFIG_STATE_REMOVING
))
244 if (!FLAGS_SET(a
->state
, NETWORK_CONFIG_STATE_CONFIGURED
))
247 return address_lifetime_is_valid(a
);
250 bool link_check_addresses_ready(Link
*link
, NetworkConfigSource source
) {
256 /* Check if all addresses on the interface are ready. If there is no address, this will return false. */
258 SET_FOREACH(a
, link
->addresses
) {
259 if (source
>= 0 && a
->source
!= source
)
261 if (address_is_marked(a
))
263 if (!address_exists(a
))
265 if (!address_is_ready(a
))
273 void link_mark_addresses(Link
*link
, NetworkConfigSource source
) {
278 SET_FOREACH(a
, link
->addresses
) {
279 if (a
->source
!= source
)
286 static int address_get_broadcast(const Address
*a
, Link
*link
, struct in_addr
*ret
) {
287 struct in_addr b_addr
= {};
292 /* Returns 0 when broadcast address is null, 1 when non-null broadcast address, -EAGAIN when the main
293 * address is null. */
295 /* broadcast is only for IPv4. */
296 if (a
->family
!= AF_INET
)
299 /* broadcast address cannot be used when peer address is specified. */
300 if (in4_addr_is_set(&a
->in_addr_peer
.in
))
303 /* A /31 or /32 IPv4 address does not have a broadcast address.
304 * See https://tools.ietf.org/html/rfc3021 */
305 if (a
->prefixlen
> 30)
308 /* If explicitly configured, use the address as is. */
309 if (in4_addr_is_set(&a
->broadcast
)) {
310 b_addr
= a
->broadcast
;
314 /* If explicitly disabled, then return null address. */
315 if (a
->set_broadcast
== 0)
318 /* For wireguard interfaces, broadcast is disabled by default. */
319 if (a
->set_broadcast
< 0 && streq_ptr(link
->kind
, "wireguard"))
322 /* If the main address is null, e.g. Address=0.0.0.0/24, the broadcast address will be automatically
323 * determined after an address is acquired. */
324 if (!in4_addr_is_set(&a
->in_addr
.in
))
327 /* Otherwise, generate a broadcast address from the main address and prefix length. */
328 b_addr
.s_addr
= a
->in_addr
.in
.s_addr
| htobe32(UINT32_C(0xffffffff) >> a
->prefixlen
);
334 return in4_addr_is_set(&b_addr
);
337 static void address_set_broadcast(Address
*a
, Link
*link
) {
339 assert_se(address_get_broadcast(a
, link
, &a
->broadcast
) >= 0);
342 static void address_set_cinfo(Manager
*m
, const Address
*a
, struct ifa_cacheinfo
*cinfo
) {
349 assert_se(sd_event_now(m
->event
, CLOCK_BOOTTIME
, &now_usec
) >= 0);
351 *cinfo
= (struct ifa_cacheinfo
) {
352 .ifa_valid
= usec_to_sec(a
->lifetime_valid_usec
, now_usec
),
353 .ifa_prefered
= usec_to_sec(a
->lifetime_preferred_usec
, now_usec
),
357 static void address_set_lifetime(Manager
*m
, Address
*a
, const struct ifa_cacheinfo
*cinfo
) {
364 assert_se(sd_event_now(m
->event
, CLOCK_BOOTTIME
, &now_usec
) >= 0);
366 a
->lifetime_valid_usec
= sec_to_usec(cinfo
->ifa_valid
, now_usec
);
367 a
->lifetime_preferred_usec
= sec_to_usec(cinfo
->ifa_prefered
, now_usec
);
370 static bool address_is_static_null(const Address
*address
) {
373 if (!address
->network
)
376 if (!address
->requested_as_null
)
379 assert(!in_addr_is_set(address
->family
, &address
->in_addr
));
383 static int address_ipv4_prefix(const Address
*a
, struct in_addr
*ret
) {
388 assert(a
->family
== AF_INET
);
391 p
= in4_addr_is_set(&a
->in_addr_peer
.in
) ? a
->in_addr_peer
.in
: a
->in_addr
.in
;
392 r
= in4_addr_mask(&p
, a
->prefixlen
);
400 static void address_hash_func(const Address
*a
, struct siphash
*state
) {
403 siphash24_compress(&a
->family
, sizeof(a
->family
), state
);
407 struct in_addr prefix
;
409 siphash24_compress(&a
->prefixlen
, sizeof(a
->prefixlen
), state
);
411 assert_se(address_ipv4_prefix(a
, &prefix
) >= 0);
412 siphash24_compress(&prefix
, sizeof(prefix
), state
);
414 siphash24_compress(&a
->in_addr
.in
, sizeof(a
->in_addr
.in
), state
);
418 siphash24_compress(&a
->in_addr
.in6
, sizeof(a
->in_addr
.in6
), state
);
420 if (in6_addr_is_null(&a
->in_addr
.in6
))
421 siphash24_compress(&a
->prefixlen
, sizeof(a
->prefixlen
), state
);
425 /* treat any other address family as AF_UNSPEC */
430 static int address_compare_func(const Address
*a1
, const Address
*a2
) {
433 r
= CMP(a1
->family
, a2
->family
);
437 switch (a1
->family
) {
439 struct in_addr p1
, p2
;
441 /* See kernel's find_matching_ifa() in net/ipv4/devinet.c */
442 r
= CMP(a1
->prefixlen
, a2
->prefixlen
);
446 assert_se(address_ipv4_prefix(a1
, &p1
) >= 0);
447 assert_se(address_ipv4_prefix(a2
, &p2
) >= 0);
448 r
= memcmp(&p1
, &p2
, sizeof(p1
));
452 return memcmp(&a1
->in_addr
.in
, &a2
->in_addr
.in
, sizeof(a1
->in_addr
.in
));
455 /* See kernel's ipv6_get_ifaddr() in net/ipv6/addrconf.c */
456 r
= memcmp(&a1
->in_addr
.in6
, &a2
->in_addr
.in6
, sizeof(a1
->in_addr
.in6
));
460 /* To distinguish IPv6 null addresses with different prefixlen, e.g. ::48 vs ::64, let's
461 * compare the prefix length. */
462 if (in6_addr_is_null(&a1
->in_addr
.in6
))
463 r
= CMP(a1
->prefixlen
, a2
->prefixlen
);
468 /* treat any other address family as AF_UNSPEC */
477 address_compare_func
);
479 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
480 address_hash_ops_free
,
483 address_compare_func
,
486 static bool address_can_update(const Address
*la
, const Address
*na
) {
493 * property | IPv4 | IPv6
494 * -----------------------------------------
496 * prefixlen | ✗ | ✗
497 * address | ✗ | ✗
500 * broadcast | ✗ | -
503 * lifetime | ✓ | ✓
504 * route metric | ✓ | ✓
505 * protocol | ✓ | ✓
507 * ✗ : cannot be changed
508 * ✓ : can be changed
511 * IPv4 : See inet_rtm_newaddr() in net/ipv4/devinet.c.
512 * IPv6 : See inet6_addr_modify() in net/ipv6/addrconf.c.
515 if (la
->family
!= na
->family
)
518 if (la
->prefixlen
!= na
->prefixlen
)
521 /* When a null address is requested, the address to be assigned/updated will be determined later. */
522 if (!address_is_static_null(na
) &&
523 in_addr_equal(la
->family
, &la
->in_addr
, &na
->in_addr
) <= 0)
526 switch (la
->family
) {
528 struct in_addr bcast
;
530 if (la
->scope
!= na
->scope
)
532 if (((la
->flags
^ na
->flags
) & KNOWN_FLAGS
& ~IPV6ONLY_FLAGS
& ~UNMANAGED_FLAGS
) != 0)
534 if (!streq_ptr(la
->label
, na
->label
))
536 if (!in4_addr_equal(&la
->in_addr_peer
.in
, &na
->in_addr_peer
.in
))
538 if (address_get_broadcast(na
, la
->link
, &bcast
) >= 0) {
539 /* If the broadcast address can be determined now, check if they match. */
540 if (!in4_addr_equal(&la
->broadcast
, &bcast
))
543 /* When a null address is requested, then the broadcast address will be
544 * automatically calculated from the acquired address, e.g.
545 * 192.168.0.10/24 -> 192.168.0.255
546 * So, here let's only check if the broadcast is the last address in the range, e.g.
547 * 0.0.0.0/24 -> 0.0.0.255 */
548 if (!FLAGS_SET(la
->broadcast
.s_addr
, htobe32(UINT32_C(0xffffffff) >> la
->prefixlen
)))
557 assert_not_reached();
563 int address_dup(const Address
*src
, Address
**ret
) {
564 _cleanup_(address_freep
) Address
*dest
= NULL
;
570 dest
= newdup(Address
, src
, 1);
574 /* clear all pointers */
575 dest
->network
= NULL
;
576 dest
->section
= NULL
;
579 dest
->netlabel
= NULL
;
580 dest
->nft_set_context
.sets
= NULL
;
581 dest
->nft_set_context
.n_sets
= 0;
583 if (src
->family
== AF_INET
) {
584 r
= free_and_strdup(&dest
->label
, src
->label
);
589 r
= free_and_strdup(&dest
->netlabel
, src
->netlabel
);
593 r
= nft_set_context_dup(&src
->nft_set_context
, &dest
->nft_set_context
);
597 *ret
= TAKE_PTR(dest
);
601 static int address_set_masquerade(Address
*address
, bool add
) {
602 union in_addr_union masked
;
606 assert(address
->link
);
608 if (!address
->link
->network
)
611 if (address
->family
== AF_INET
&&
612 !FLAGS_SET(address
->link
->network
->ip_masquerade
, ADDRESS_FAMILY_IPV4
))
615 if (address
->family
== AF_INET6
&&
616 !FLAGS_SET(address
->link
->network
->ip_masquerade
, ADDRESS_FAMILY_IPV6
))
619 if (address
->scope
>= RT_SCOPE_LINK
)
622 if (address
->ip_masquerade_done
== add
)
625 masked
= address
->in_addr
;
626 r
= in_addr_mask(address
->family
, &masked
, address
->prefixlen
);
630 r
= fw_add_masquerade(&address
->link
->manager
->fw_ctx
, add
, address
->family
, &masked
, address
->prefixlen
);
634 address
->ip_masquerade_done
= add
;
639 static void address_modify_nft_set_context(Address
*address
, bool add
, NFTSetContext
*nft_set_context
) {
643 assert(address
->link
);
644 assert(address
->link
->manager
);
645 assert(nft_set_context
);
647 if (!address
->link
->manager
->fw_ctx
) {
648 r
= fw_ctx_new_full(&address
->link
->manager
->fw_ctx
, /* init_tables= */ false);
653 FOREACH_ARRAY(nft_set
, nft_set_context
->sets
, nft_set_context
->n_sets
) {
658 switch (nft_set
->source
) {
659 case NFT_SET_SOURCE_ADDRESS
:
660 r
= nft_set_element_modify_ip(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, address
->family
, nft_set
->table
, nft_set
->set
,
663 case NFT_SET_SOURCE_PREFIX
:
664 r
= nft_set_element_modify_iprange(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, address
->family
, nft_set
->table
, nft_set
->set
,
665 &address
->in_addr
, address
->prefixlen
);
667 case NFT_SET_SOURCE_IFINDEX
:
668 ifindex
= address
->link
->ifindex
;
669 r
= nft_set_element_modify_any(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, nft_set
->table
, nft_set
->set
,
670 &ifindex
, sizeof(ifindex
));
673 assert_not_reached();
677 log_warning_errno(r
, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring",
678 add
? "add" : "delete",
679 nfproto_to_string(nft_set
->nfproto
), nft_set
->table
, nft_set
->set
,
680 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
682 log_debug("%s NFT set: family %s, table %s, set %s, IP address %s",
683 add
? "Added" : "Deleted",
684 nfproto_to_string(nft_set
->nfproto
), nft_set
->table
, nft_set
->set
,
685 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
689 static void address_modify_nft_set(Address
*address
, bool add
) {
691 assert(address
->link
);
693 if (!IN_SET(address
->family
, AF_INET
, AF_INET6
))
696 if (!address
->link
->network
)
699 switch (address
->source
) {
700 case NETWORK_CONFIG_SOURCE_DHCP4
:
701 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp_nft_set_context
);
702 case NETWORK_CONFIG_SOURCE_DHCP6
:
703 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp6_nft_set_context
);
704 case NETWORK_CONFIG_SOURCE_DHCP_PD
:
705 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp_pd_nft_set_context
);
706 case NETWORK_CONFIG_SOURCE_NDISC
:
707 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->ndisc_nft_set_context
);
708 case NETWORK_CONFIG_SOURCE_STATIC
:
709 return address_modify_nft_set_context(address
, add
, &address
->nft_set_context
);
715 static int address_add(Link
*link
, Address
*address
) {
721 r
= set_ensure_put(&link
->addresses
, &address_hash_ops_free
, address
);
727 address
->link
= link
;
731 static int address_update(Address
*address
) {
732 Link
*link
= ASSERT_PTR(ASSERT_PTR(address
)->link
);
735 if (address_is_ready(address
) &&
736 address
->family
== AF_INET6
&&
737 in6_addr_is_link_local(&address
->in_addr
.in6
) &&
738 in6_addr_is_null(&link
->ipv6ll_address
)) {
740 link
->ipv6ll_address
= address
->in_addr
.in6
;
742 r
= link_ipv6ll_gained(link
);
747 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
750 r
= address_set_masquerade(address
, /* add = */ true);
752 return log_link_warning_errno(link
, r
, "Could not enable IP masquerading: %m");
754 address_add_netlabel(address
);
756 address_modify_nft_set(address
, /* add = */ true);
758 if (address_is_ready(address
) && address
->callback
) {
759 r
= address
->callback(address
);
764 link_update_operstate(link
, /* also_update_master = */ true);
765 link_check_ready(link
);
769 static int address_drop(Address
*address
) {
770 Link
*link
= ASSERT_PTR(ASSERT_PTR(address
)->link
);
773 r
= address_set_masquerade(address
, /* add = */ false);
775 log_link_warning_errno(link
, r
, "Failed to disable IP masquerading, ignoring: %m");
777 address_modify_nft_set(address
, /* add = */ false);
779 address_del_netlabel(address
);
781 address_free(address
);
783 link_update_operstate(link
, /* also_update_master = */ true);
784 link_check_ready(link
);
788 static bool address_match_null(const Address
*a
, const Address
*null_address
) {
790 assert(null_address
);
792 if (!a
->requested_as_null
)
795 /* Currently, null address is supported only by static addresses. Note that static
796 * address may be set as foreign during reconfiguring the interface. */
797 if (!IN_SET(a
->source
, NETWORK_CONFIG_SOURCE_FOREIGN
, NETWORK_CONFIG_SOURCE_STATIC
))
800 if (a
->family
!= null_address
->family
)
803 if (a
->prefixlen
!= null_address
->prefixlen
)
809 static int address_get_request(Link
*link
, const Address
*address
, Request
**ret
) {
813 assert(link
->manager
);
816 req
= ordered_set_get(
817 link
->manager
->request_queue
,
820 .type
= REQUEST_TYPE_ADDRESS
,
821 .userdata
= (void*) address
,
822 .hash_func
= (hash_func_t
) address_hash_func
,
823 .compare_func
= (compare_func_t
) address_compare_func
,
831 if (address_is_static_null(address
))
832 ORDERED_SET_FOREACH(req
, link
->manager
->request_queue
) {
833 if (req
->link
!= link
)
835 if (req
->type
!= REQUEST_TYPE_ADDRESS
)
838 if (!address_match_null(req
->userdata
, address
))
850 int address_get(Link
*link
, const Address
*in
, Address
**ret
) {
856 a
= set_get(link
->addresses
, in
);
863 /* Find matching address that originally requested as null address. */
864 if (address_is_static_null(in
))
865 SET_FOREACH(a
, link
->addresses
) {
866 if (!address_match_null(a
, in
))
877 int address_get_harder(Link
*link
, const Address
*in
, Address
**ret
) {
884 if (address_get(link
, in
, ret
) >= 0)
887 r
= address_get_request(link
, in
, &req
);
892 *ret
= ASSERT_PTR(req
->userdata
);
897 int link_get_address(Link
*link
, int family
, const union in_addr_union
*address
, unsigned char prefixlen
, Address
**ret
) {
902 assert(IN_SET(family
, AF_INET
, AF_INET6
));
905 /* This find an Address object on the link which matches the given address and prefix length
906 * and does not have peer address. When the prefixlen is zero, then an Address object with an
907 * arbitrary prefixlen will be returned. */
909 if (family
== AF_INET6
|| prefixlen
!= 0) {
910 _cleanup_(address_freep
) Address
*tmp
= NULL
;
912 /* In this case, we can use address_get(). */
914 r
= address_new(&tmp
);
918 tmp
->family
= family
;
919 tmp
->in_addr
= *address
;
920 tmp
->prefixlen
= prefixlen
;
922 r
= address_get(link
, tmp
, &a
);
926 if (family
== AF_INET6
) {
927 /* IPv6 addresses are managed without peer address and prefix length. Hence, we need
928 * to check them explicitly. */
929 if (in_addr_is_set(family
, &a
->in_addr_peer
))
931 if (prefixlen
!= 0 && a
->prefixlen
!= prefixlen
)
941 SET_FOREACH(a
, link
->addresses
) {
942 if (a
->family
!= family
)
945 if (!in_addr_equal(family
, &a
->in_addr
, address
))
948 if (in_addr_is_set(family
, &a
->in_addr_peer
))
960 int manager_get_address(Manager
*manager
, int family
, const union in_addr_union
*address
, unsigned char prefixlen
, Address
**ret
) {
964 assert(IN_SET(family
, AF_INET
, AF_INET6
));
967 HASHMAP_FOREACH(link
, manager
->links_by_index
) {
968 if (!IN_SET(link
->state
, LINK_STATE_CONFIGURING
, LINK_STATE_CONFIGURED
))
971 if (link_get_address(link
, family
, address
, prefixlen
, ret
) >= 0)
978 bool manager_has_address(Manager
*manager
, int family
, const union in_addr_union
*address
, bool check_ready
) {
982 assert(IN_SET(family
, AF_INET
, AF_INET6
));
985 if (manager_get_address(manager
, family
, address
, 0, &a
) < 0)
988 return check_ready
? address_is_ready(a
) : (address_exists(a
) && address_lifetime_is_valid(a
));
991 const char* format_lifetime(char *buf
, size_t l
, usec_t lifetime_usec
) {
995 if (lifetime_usec
== USEC_INFINITY
)
998 sprintf(buf
, "for ");
999 /* format_timespan() never fails */
1000 assert_se(format_timespan(buf
+ 4, l
- 4, usec_sub_unsigned(lifetime_usec
, now(CLOCK_BOOTTIME
)), USEC_PER_SEC
));
1004 static void log_address_debug(const Address
*address
, const char *str
, const Link
*link
) {
1005 _cleanup_free_
char *state
= NULL
, *flags_str
= NULL
, *scope_str
= NULL
;
1014 (void) network_config_state_to_string_alloc(address
->state
, &state
);
1016 const char *peer
= in_addr_is_set(address
->family
, &address
->in_addr_peer
) ?
1017 IN_ADDR_TO_STRING(address
->family
, &address
->in_addr_peer
) : NULL
;
1019 const char *broadcast
= (address
->family
== AF_INET
&& in4_addr_is_set(&address
->broadcast
)) ?
1020 IN4_ADDR_TO_STRING(&address
->broadcast
) : NULL
;
1022 (void) address_flags_to_string_alloc(address
->flags
, address
->family
, &flags_str
);
1023 (void) route_scope_to_string_alloc(address
->scope
, &scope_str
);
1025 log_link_debug(link
, "%s %s address (%s): %s%s%s/%u%s%s (valid %s, preferred %s), flags: %s, scope: %s%s%s",
1026 str
, strna(network_config_source_to_string(address
->source
)), strna(state
),
1027 IN_ADDR_TO_STRING(address
->family
, &address
->in_addr
),
1028 peer
? " peer " : "", strempty(peer
), address
->prefixlen
,
1029 broadcast
? " broadcast " : "", strempty(broadcast
),
1030 FORMAT_LIFETIME(address
->lifetime_valid_usec
),
1031 FORMAT_LIFETIME(address
->lifetime_preferred_usec
),
1032 strna(flags_str
), strna(scope_str
),
1033 address
->family
== AF_INET
? ", label: " : "",
1034 address
->family
== AF_INET
? strna(address
->label
) : "");
1037 static int address_set_netlink_message(const Address
*address
, sd_netlink_message
*m
, Link
*link
) {
1045 r
= sd_rtnl_message_addr_set_prefixlen(m
, address
->prefixlen
);
1049 /* On remove, only IFA_F_MANAGETEMPADDR flag for IPv6 addresses are used. But anyway, set all
1050 * flags except tentative flag here unconditionally. Without setting the flag, the template
1051 * addresses generated by kernel will not be removed automatically when the main address is
1053 flags
= address
->flags
& ~IFA_F_TENTATIVE
;
1054 r
= sd_rtnl_message_addr_set_flags(m
, flags
& 0xff);
1058 if ((flags
& ~0xff) != 0) {
1059 r
= sd_netlink_message_append_u32(m
, IFA_FLAGS
, flags
);
1064 r
= netlink_message_append_in_addr_union(m
, IFA_LOCAL
, address
->family
, &address
->in_addr
);
1071 static int address_remove_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
) {
1077 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
1080 r
= sd_netlink_message_get_errno(m
);
1081 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
1082 log_link_message_warning_errno(link
, m
, r
, "Could not drop address");
1087 int address_remove(Address
*address
) {
1088 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
1094 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
1095 assert(address
->link
);
1096 assert(address
->link
->ifindex
> 0);
1097 assert(address
->link
->manager
);
1098 assert(address
->link
->manager
->rtnl
);
1100 link
= address
->link
;
1102 log_address_debug(address
, "Removing", link
);
1104 r
= sd_rtnl_message_new_addr(link
->manager
->rtnl
, &m
, RTM_DELADDR
,
1105 link
->ifindex
, address
->family
);
1107 return log_link_warning_errno(link
, r
, "Could not allocate RTM_DELADDR message: %m");
1109 r
= address_set_netlink_message(address
, m
, link
);
1111 return log_link_warning_errno(link
, r
, "Could not set netlink attributes: %m");
1113 r
= netlink_call_async(link
->manager
->rtnl
, NULL
, m
,
1114 address_remove_handler
,
1115 link_netlink_destroy_callback
, link
);
1117 return log_link_warning_errno(link
, r
, "Could not send rtnetlink message: %m");
1121 address_enter_removing(address
);
1122 if (address_get_request(link
, address
, &req
) >= 0)
1123 address_enter_removing(req
->userdata
);
1125 /* The operational state is determined by address state and carrier state. Hence, if we remove
1126 * an address, the operational state may be changed. */
1127 link_update_operstate(link
, true);
1131 int address_remove_and_drop(Address
*address
) {
1135 address_cancel_request(address
);
1137 if (address_exists(address
))
1138 return address_remove(address
);
1140 return address_drop(address
);
1143 bool link_address_is_dynamic(const Link
*link
, const Address
*address
) {
1149 if (address
->lifetime_preferred_usec
!= USEC_INFINITY
)
1152 /* Even when the address is leased from a DHCP server, networkd assign the address
1153 * without lifetime when KeepConfiguration=dhcp. So, let's check that we have
1154 * corresponding routes with RTPROT_DHCP. */
1155 SET_FOREACH(route
, link
->routes
) {
1156 if (route
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
)
1159 /* The route is not assigned yet, or already removed. Ignoring. */
1160 if (!route_exists(route
))
1163 if (route
->protocol
!= RTPROT_DHCP
)
1166 if (address
->family
!= route
->family
)
1169 if (in_addr_equal(address
->family
, &address
->in_addr
, &route
->prefsrc
))
1176 int link_drop_ipv6ll_addresses(Link
*link
) {
1177 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*req
= NULL
, *reply
= NULL
;
1181 assert(link
->manager
);
1182 assert(link
->manager
->rtnl
);
1184 /* IPv6LL address may be in the tentative state, and in that case networkd has not received it.
1185 * So, we need to dump all IPv6 addresses. */
1187 if (link_may_have_ipv6ll(link
, /* check_multicast = */ false))
1190 r
= sd_rtnl_message_new_addr(link
->manager
->rtnl
, &req
, RTM_GETADDR
, link
->ifindex
, AF_INET6
);
1194 r
= sd_netlink_message_set_request_dump(req
, true);
1198 r
= sd_netlink_call(link
->manager
->rtnl
, req
, 0, &reply
);
1202 for (sd_netlink_message
*addr
= reply
; addr
; addr
= sd_netlink_message_next(addr
)) {
1203 _cleanup_(address_freep
) Address
*a
= NULL
;
1204 unsigned char flags
, prefixlen
;
1205 struct in6_addr address
;
1209 /* NETLINK_GET_STRICT_CHK socket option is supported since kernel 4.20. To support
1210 * older kernels, we need to check ifindex here. */
1211 r
= sd_rtnl_message_addr_get_ifindex(addr
, &ifindex
);
1213 log_link_debug_errno(link
, r
, "rtnl: received address message without valid ifindex, ignoring: %m");
1215 } else if (link
->ifindex
!= ifindex
)
1218 r
= sd_rtnl_message_addr_get_flags(addr
, &flags
);
1220 log_link_debug_errno(link
, r
, "rtnl: received address message without valid flags, ignoring: %m");
1224 r
= sd_rtnl_message_addr_get_prefixlen(addr
, &prefixlen
);
1226 log_link_debug_errno(link
, r
, "rtnl: received address message without prefixlen, ignoring: %m");
1230 if (sd_netlink_message_read_in6_addr(addr
, IFA_LOCAL
, NULL
) >= 0)
1231 /* address with peer, ignoring. */
1234 r
= sd_netlink_message_read_in6_addr(addr
, IFA_ADDRESS
, &address
);
1236 log_link_debug_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1240 if (!in6_addr_is_link_local(&address
))
1243 r
= address_new(&a
);
1247 a
->family
= AF_INET6
;
1248 a
->in_addr
.in6
= address
;
1249 a
->prefixlen
= prefixlen
;
1252 if (address_get(link
, a
, &existing
) < 0) {
1253 r
= address_add(link
, a
);
1257 existing
= TAKE_PTR(a
);
1260 r
= address_remove(existing
);
1268 int link_drop_foreign_addresses(Link
*link
) {
1273 assert(link
->network
);
1275 /* First, mark all addresses. */
1276 SET_FOREACH(address
, link
->addresses
) {
1277 /* We consider IPv6LL addresses to be managed by the kernel, or dropped in link_drop_ipv6ll_addresses() */
1278 if (address
->family
== AF_INET6
&& in6_addr_is_link_local(&address
->in_addr
.in6
))
1281 /* Do not remove localhost address (127.0.0.1 and ::1) */
1282 if (link
->flags
& IFF_LOOPBACK
&& in_addr_is_localhost_one(address
->family
, &address
->in_addr
) > 0)
1285 /* Ignore addresses we configured. */
1286 if (address
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
)
1289 /* Ignore addresses not assigned yet or already removing. */
1290 if (!address_exists(address
))
1293 /* link_address_is_dynamic() is slightly heavy. Let's call the function only when KeepConfiguration= is set. */
1294 if (IN_SET(link
->network
->keep_configuration
, KEEP_CONFIGURATION_DHCP
, KEEP_CONFIGURATION_STATIC
) &&
1295 link_address_is_dynamic(link
, address
) == (link
->network
->keep_configuration
== KEEP_CONFIGURATION_DHCP
))
1298 address_mark(address
);
1301 /* Then, unmark requested addresses. */
1302 ORDERED_HASHMAP_FOREACH(address
, link
->network
->addresses_by_section
) {
1305 if (address_get(link
, address
, &existing
) < 0)
1308 if (!address_can_update(existing
, address
))
1311 /* Found matching static configuration. Keep the existing address. */
1312 address_unmark(existing
);
1315 /* Finally, remove all marked addresses. */
1316 SET_FOREACH(address
, link
->addresses
) {
1317 if (!address_is_marked(address
))
1320 RET_GATHER(r
, address_remove(address
));
1326 int link_drop_managed_addresses(Link
*link
) {
1332 SET_FOREACH(address
, link
->addresses
) {
1333 /* Do not touch addresses managed by kernel or other tools. */
1334 if (address
->source
== NETWORK_CONFIG_SOURCE_FOREIGN
)
1337 /* Ignore addresses not assigned yet or already removing. */
1338 if (!address_exists(address
))
1341 RET_GATHER(r
, address_remove(address
));
1347 void link_foreignize_addresses(Link
*link
) {
1352 SET_FOREACH(address
, link
->addresses
)
1353 address
->source
= NETWORK_CONFIG_SOURCE_FOREIGN
;
1356 static int address_acquire(Link
*link
, const Address
*original
, Address
**ret
) {
1357 _cleanup_(address_freep
) Address
*na
= NULL
;
1358 union in_addr_union in_addr
;
1365 /* Something useful was configured? just use it */
1366 if (in_addr_is_set(original
->family
, &original
->in_addr
))
1367 return address_dup(original
, ret
);
1369 /* The address is configured to be 0.0.0.0 or [::] by the user?
1370 * Then let's acquire something more useful from the pool. */
1371 r
= address_pool_acquire(link
->manager
, original
->family
, original
->prefixlen
, &in_addr
);
1377 /* Pick first address in range for ourselves. */
1378 if (original
->family
== AF_INET
)
1379 in_addr
.in
.s_addr
= in_addr
.in
.s_addr
| htobe32(1);
1380 else if (original
->family
== AF_INET6
)
1381 in_addr
.in6
.s6_addr
[15] |= 1;
1383 r
= address_dup(original
, &na
);
1387 na
->in_addr
= in_addr
;
1389 *ret
= TAKE_PTR(na
);
1393 int address_configure_handler_internal(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
, const char *error_msg
) {
1401 r
= sd_netlink_message_get_errno(m
);
1402 if (r
< 0 && r
!= -EEXIST
) {
1403 log_link_message_warning_errno(link
, m
, r
, error_msg
);
1404 link_enter_failed(link
);
1411 static int address_configure(const Address
*address
, const struct ifa_cacheinfo
*c
, Link
*link
, Request
*req
) {
1412 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
1416 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
1419 assert(link
->ifindex
> 0);
1420 assert(link
->manager
);
1421 assert(link
->manager
->rtnl
);
1424 log_address_debug(address
, "Configuring", link
);
1426 r
= sd_rtnl_message_new_addr_update(link
->manager
->rtnl
, &m
, link
->ifindex
, address
->family
);
1430 r
= address_set_netlink_message(address
, m
, link
);
1434 r
= sd_rtnl_message_addr_set_scope(m
, address
->scope
);
1438 if (address
->family
== AF_INET6
|| in_addr_is_set(address
->family
, &address
->in_addr_peer
)) {
1439 r
= netlink_message_append_in_addr_union(m
, IFA_ADDRESS
, address
->family
, &address
->in_addr_peer
);
1442 } else if (in4_addr_is_set(&address
->broadcast
)) {
1443 r
= sd_netlink_message_append_in_addr(m
, IFA_BROADCAST
, &address
->broadcast
);
1448 if (address
->family
== AF_INET
&& address
->label
) {
1449 r
= sd_netlink_message_append_string(m
, IFA_LABEL
, address
->label
);
1454 r
= sd_netlink_message_append_cache_info(m
, IFA_CACHEINFO
, c
);
1458 r
= sd_netlink_message_append_u32(m
, IFA_RT_PRIORITY
, address
->route_metric
);
1462 return request_call_netlink_async(link
->manager
->rtnl
, m
, req
);
1465 static bool address_is_ready_to_configure(Link
*link
, const Address
*address
) {
1469 if (!link_is_ready_to_configure(link
, false))
1472 if (!ipv4acd_bound(link
, address
))
1475 /* Refuse adding more than the limit */
1476 if (set_size(link
->addresses
) >= ADDRESSES_PER_LINK_MAX
)
1482 static int address_process_request(Request
*req
, Link
*link
, Address
*address
) {
1483 struct Address
*existing
;
1484 struct ifa_cacheinfo c
;
1491 if (!address_is_ready_to_configure(link
, address
))
1494 address_set_cinfo(link
->manager
, address
, &c
);
1495 if (c
.ifa_valid
== 0) {
1496 log_link_debug(link
, "Refuse to configure %s address %s, as its valid lifetime is zero.",
1497 network_config_source_to_string(address
->source
),
1498 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
1500 address_cancel_requesting(address
);
1501 if (address_get(link
, address
, &existing
) >= 0)
1502 address_cancel_requesting(existing
);
1506 r
= address_configure(address
, &c
, link
, req
);
1508 return log_link_warning_errno(link
, r
, "Failed to configure address: %m");
1510 address_enter_configuring(address
);
1511 if (address_get(link
, address
, &existing
) >= 0)
1512 address_enter_configuring(existing
);
1517 int link_request_address(
1519 const Address
*address
,
1520 unsigned *message_counter
,
1521 address_netlink_handler_t netlink_handler
,
1524 _cleanup_(address_freep
) Address
*tmp
= NULL
;
1525 Address
*existing
= NULL
;
1530 assert(address
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
);
1532 if (address
->lifetime_valid_usec
== 0)
1533 /* The requested address is outdated. Let's ignore the request. */
1536 if (address_get(link
, address
, &existing
) < 0) {
1537 if (address_get_request(link
, address
, NULL
) >= 0)
1538 return 0; /* already requested, skipping. */
1540 r
= address_acquire(link
, address
, &tmp
);
1542 return log_link_warning_errno(link
, r
, "Failed to acquire an address from pool: %m");
1544 /* Consider address tentative until we get the real flags from the kernel */
1545 tmp
->flags
|= IFA_F_TENTATIVE
;
1548 r
= address_dup(address
, &tmp
);
1552 /* Copy already assigned address when it is requested as a null address. */
1553 if (address_is_static_null(address
))
1554 tmp
->in_addr
= existing
->in_addr
;
1556 /* Copy state for logging below. */
1557 tmp
->state
= existing
->state
;
1560 address_set_broadcast(tmp
, link
);
1562 r
= ipv4acd_configure(link
, tmp
);
1566 log_address_debug(tmp
, "Requesting", link
);
1567 r
= link_queue_request_safe(link
, REQUEST_TYPE_ADDRESS
,
1571 address_compare_func
,
1572 address_process_request
,
1573 message_counter
, netlink_handler
, ret
);
1575 return log_link_warning_errno(link
, r
, "Failed to request address: %m");
1579 address_enter_requesting(tmp
);
1581 address_enter_requesting(existing
);
1587 static int static_address_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Request
*req
, Link
*link
, Address
*address
) {
1592 r
= address_configure_handler_internal(rtnl
, m
, link
, "Failed to set static address");
1596 if (link
->static_address_messages
== 0) {
1597 log_link_debug(link
, "Addresses set");
1598 link
->static_addresses_configured
= true;
1599 link_check_ready(link
);
1605 int link_request_static_address(Link
*link
, const Address
*address
) {
1608 assert(address
->source
== NETWORK_CONFIG_SOURCE_STATIC
);
1610 return link_request_address(link
, address
, &link
->static_address_messages
,
1611 static_address_handler
, NULL
);
1614 int link_request_static_addresses(Link
*link
) {
1619 assert(link
->network
);
1621 link
->static_addresses_configured
= false;
1623 ORDERED_HASHMAP_FOREACH(a
, link
->network
->addresses_by_section
) {
1624 r
= link_request_static_address(link
, a
);
1629 r
= link_request_radv_addresses(link
);
1633 if (link
->static_address_messages
== 0) {
1634 link
->static_addresses_configured
= true;
1635 link_check_ready(link
);
1637 log_link_debug(link
, "Setting addresses");
1638 link_set_state(link
, LINK_STATE_CONFIGURING
);
1644 void address_cancel_request(Address
*address
) {
1648 assert(address
->link
);
1650 if (!address_is_requesting(address
))
1654 .link
= address
->link
,
1655 .type
= REQUEST_TYPE_ADDRESS
,
1656 .userdata
= address
,
1657 .hash_func
= (hash_func_t
) address_hash_func
,
1658 .compare_func
= (compare_func_t
) address_compare_func
,
1661 request_detach(address
->link
->manager
, &req
);
1662 address_cancel_requesting(address
);
1665 int manager_rtnl_process_address(sd_netlink
*rtnl
, sd_netlink_message
*message
, Manager
*m
) {
1666 _cleanup_(address_freep
) Address
*tmp
= NULL
;
1667 struct ifa_cacheinfo cinfo
;
1670 Address
*address
= NULL
;
1671 Request
*req
= NULL
;
1672 bool is_new
= false, update_dhcp4
;
1679 if (sd_netlink_message_is_error(message
)) {
1680 r
= sd_netlink_message_get_errno(message
);
1682 log_message_warning_errno(message
, r
, "rtnl: failed to receive address message, ignoring");
1687 r
= sd_netlink_message_get_type(message
, &type
);
1689 log_warning_errno(r
, "rtnl: could not get message type, ignoring: %m");
1691 } else if (!IN_SET(type
, RTM_NEWADDR
, RTM_DELADDR
)) {
1692 log_warning("rtnl: received unexpected message type %u when processing address, ignoring.", type
);
1696 r
= sd_rtnl_message_addr_get_ifindex(message
, &ifindex
);
1698 log_warning_errno(r
, "rtnl: could not get ifindex from message, ignoring: %m");
1700 } else if (ifindex
<= 0) {
1701 log_warning("rtnl: received address message with invalid ifindex %d, ignoring.", ifindex
);
1705 r
= link_get_by_index(m
, ifindex
, &link
);
1707 /* when enumerating we might be out of sync, but we will get the address again, so just
1709 if (!m
->enumerating
)
1710 log_warning("rtnl: received address for link '%d' we don't know about, ignoring.", ifindex
);
1714 r
= address_new(&tmp
);
1718 /* First, read minimal information to make address_get() work below. */
1720 r
= sd_rtnl_message_addr_get_family(message
, &tmp
->family
);
1722 log_link_warning(link
, "rtnl: received address message without family, ignoring.");
1724 } else if (!IN_SET(tmp
->family
, AF_INET
, AF_INET6
)) {
1725 log_link_debug(link
, "rtnl: received address message with invalid family '%i', ignoring.", tmp
->family
);
1729 r
= sd_rtnl_message_addr_get_prefixlen(message
, &tmp
->prefixlen
);
1731 log_link_warning_errno(link
, r
, "rtnl: received address message without prefixlen, ignoring: %m");
1735 switch (tmp
->family
) {
1737 r
= sd_netlink_message_read_in_addr(message
, IFA_LOCAL
, &tmp
->in_addr
.in
);
1739 log_link_warning_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1743 r
= sd_netlink_message_read_in_addr(message
, IFA_ADDRESS
, &tmp
->in_addr_peer
.in
);
1744 if (r
< 0 && r
!= -ENODATA
) {
1745 log_link_warning_errno(link
, r
, "rtnl: could not get peer address from address message, ignoring: %m");
1747 } else if (r
>= 0) {
1748 if (in4_addr_equal(&tmp
->in_addr
.in
, &tmp
->in_addr_peer
.in
))
1749 tmp
->in_addr_peer
= IN_ADDR_NULL
;
1755 r
= sd_netlink_message_read_in6_addr(message
, IFA_LOCAL
, &tmp
->in_addr
.in6
);
1757 /* Have peer address. */
1758 r
= sd_netlink_message_read_in6_addr(message
, IFA_ADDRESS
, &tmp
->in_addr_peer
.in6
);
1760 log_link_warning_errno(link
, r
, "rtnl: could not get peer address from address message, ignoring: %m");
1763 } else if (r
== -ENODATA
) {
1764 /* Does not have peer address. */
1765 r
= sd_netlink_message_read_in6_addr(message
, IFA_ADDRESS
, &tmp
->in_addr
.in6
);
1767 log_link_warning_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1771 log_link_warning_errno(link
, r
, "rtnl: could not get local address from address message, ignoring: %m");
1778 assert_not_reached();
1781 update_dhcp4
= tmp
->family
== AF_INET6
;
1783 /* Then, find the managed Address and Request objects corresponding to the received address. */
1784 (void) address_get(link
, tmp
, &address
);
1785 (void) address_get_request(link
, tmp
, &req
);
1787 if (type
== RTM_DELADDR
) {
1789 address_enter_removed(address
);
1790 log_address_debug(address
, "Forgetting removed", link
);
1791 (void) address_drop(address
);
1793 log_address_debug(tmp
, "Kernel removed unknown", link
);
1796 address_enter_removed(req
->userdata
);
1802 /* If we did not know the address, then save it. */
1803 r
= address_add(link
, tmp
);
1805 log_link_warning_errno(link
, r
, "Failed to save received address %s, ignoring: %m",
1806 IN_ADDR_PREFIX_TO_STRING(tmp
->family
, &tmp
->in_addr
, tmp
->prefixlen
));
1809 address
= TAKE_PTR(tmp
);
1814 /* Otherwise, update the managed Address object with the netlink notification. */
1815 address
->prefixlen
= tmp
->prefixlen
;
1816 address
->in_addr_peer
= tmp
->in_addr_peer
;
1819 /* Also update information that cannot be obtained through netlink notification. */
1820 if (req
&& req
->waiting_reply
) {
1821 Address
*a
= ASSERT_PTR(req
->userdata
);
1823 address
->source
= a
->source
;
1824 address
->provider
= a
->provider
;
1825 (void) free_and_strdup_warn(&address
->netlabel
, a
->netlabel
);
1826 nft_set_context_clear(&address
->nft_set_context
);
1827 (void) nft_set_context_dup(&a
->nft_set_context
, &address
->nft_set_context
);
1828 address
->requested_as_null
= a
->requested_as_null
;
1829 address
->callback
= a
->callback
;
1832 /* Then, update miscellaneous info. */
1833 r
= sd_rtnl_message_addr_get_scope(message
, &address
->scope
);
1835 log_link_debug_errno(link
, r
, "rtnl: received address message without scope, ignoring: %m");
1837 if (address
->family
== AF_INET
) {
1838 _cleanup_free_
char *label
= NULL
;
1840 r
= sd_netlink_message_read_string_strdup(message
, IFA_LABEL
, &label
);
1842 if (!streq_ptr(label
, link
->ifname
))
1843 free_and_replace(address
->label
, label
);
1844 } else if (r
!= -ENODATA
)
1845 log_link_debug_errno(link
, r
, "rtnl: could not get label from address message, ignoring: %m");
1847 r
= sd_netlink_message_read_in_addr(message
, IFA_BROADCAST
, &address
->broadcast
);
1848 if (r
< 0 && r
!= -ENODATA
)
1849 log_link_debug_errno(link
, r
, "rtnl: could not get broadcast from address message, ignoring: %m");
1852 r
= sd_netlink_message_read_u32(message
, IFA_FLAGS
, &address
->flags
);
1853 if (r
== -ENODATA
) {
1854 unsigned char flags
;
1856 /* For old kernels. */
1857 r
= sd_rtnl_message_addr_get_flags(message
, &flags
);
1859 address
->flags
= flags
;
1861 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m");
1863 r
= sd_netlink_message_read_cache_info(message
, IFA_CACHEINFO
, &cinfo
);
1865 address_set_lifetime(m
, address
, &cinfo
);
1866 else if (r
!= -ENODATA
)
1867 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_CACHEINFO attribute, ignoring: %m");
1869 r
= sd_netlink_message_read_u32(message
, IFA_RT_PRIORITY
, &address
->route_metric
);
1870 if (r
< 0 && r
!= -ENODATA
)
1871 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_RT_PRIORITY attribute, ignoring: %m");
1873 address_enter_configured(address
);
1875 address_enter_configured(req
->userdata
);
1877 log_address_debug(address
, is_new
? "Received new": "Received updated", link
);
1879 /* address_update() logs internally, so we don't need to here. */
1880 r
= address_update(address
);
1882 link_enter_failed(link
);
1886 r
= dhcp4_update_ipv6_connectivity(link
);
1888 log_link_warning_errno(link
, r
, "Failed to notify IPv6 connectivity to DHCPv4 client: %m");
1889 link_enter_failed(link
);
1896 int config_parse_broadcast(
1898 const char *filename
,
1900 const char *section
,
1901 unsigned section_line
,
1908 Network
*network
= userdata
;
1909 _cleanup_(address_free_or_set_invalidp
) Address
*n
= NULL
;
1910 union in_addr_union u
;
1919 r
= address_new_static(network
, filename
, section_line
, &n
);
1923 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1924 "Failed to allocate new address, ignoring assignment: %m");
1928 if (isempty(rvalue
)) {
1929 /* The broadcast address will be calculated based on Address=, and set if the link is
1930 * not a wireguard interface. Here, we do not check or set n->family. */
1931 n
->broadcast
= (struct in_addr
) {};
1932 n
->set_broadcast
= -1;
1937 r
= parse_boolean(rvalue
);
1939 /* The broadcast address will be calculated based on Address=. Here, we do not check or
1941 n
->broadcast
= (struct in_addr
) {};
1942 n
->set_broadcast
= r
;
1947 if (n
->family
== AF_INET6
) {
1948 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1949 "Broadcast is not valid for IPv6 addresses, ignoring assignment: %s", rvalue
);
1953 r
= in_addr_from_string(AF_INET
, rvalue
, &u
);
1955 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1956 "Broadcast is invalid, ignoring assignment: %s", rvalue
);
1959 if (in4_addr_is_null(&u
.in
)) {
1960 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1961 "Broadcast cannot be ANY address, ignoring assignment: %s", rvalue
);
1965 n
->broadcast
= u
.in
;
1966 n
->set_broadcast
= true;
1967 n
->family
= AF_INET
;
1973 int config_parse_address(
1975 const char *filename
,
1977 const char *section
,
1978 unsigned section_line
,
1985 Network
*network
= userdata
;
1986 _cleanup_(address_free_or_set_invalidp
) Address
*n
= NULL
;
1987 union in_addr_union buffer
;
1988 unsigned char prefixlen
;
1997 if (streq(section
, "Network"))
1998 /* we are not in an Address section, so use line number instead. */
1999 r
= address_new_static(network
, filename
, line
, &n
);
2001 r
= address_new_static(network
, filename
, section_line
, &n
);
2005 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2006 "Failed to allocate new address, ignoring assignment: %m");
2010 /* Address=address/prefixlen */
2011 r
= in_addr_prefix_from_string_auto_internal(rvalue
, PREFIXLEN_REFUSE
, &f
, &buffer
, &prefixlen
);
2013 r
= in_addr_prefix_from_string_auto(rvalue
, &f
, &buffer
, &prefixlen
);
2015 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2016 "Address '%s' is specified without prefix length. Assuming the prefix length is %u. "
2017 "Please specify the prefix length explicitly.", rvalue
, prefixlen
);
2020 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid address '%s', ignoring assignment: %m", rvalue
);
2024 if (n
->family
!= AF_UNSPEC
&& f
!= n
->family
) {
2025 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Address is incompatible, ignoring assignment: %s", rvalue
);
2029 if (in_addr_is_null(f
, &buffer
)) {
2030 /* Will use address from address pool. Note that for ipv6 case, prefix of the address
2031 * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So,
2032 * let's limit the prefix length to 64 or larger. See RFC4193. */
2033 if ((f
== AF_INET
&& prefixlen
< 8) ||
2034 (f
== AF_INET6
&& prefixlen
< 64)) {
2035 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2036 "Null address with invalid prefixlen='%u', ignoring assignment: %s",
2043 n
->prefixlen
= prefixlen
;
2045 if (streq(lvalue
, "Address")) {
2046 n
->in_addr
= buffer
;
2047 n
->requested_as_null
= !in_addr_is_set(n
->family
, &n
->in_addr
);
2049 n
->in_addr_peer
= buffer
;
2055 int config_parse_label(
2057 const char *filename
,
2059 const char *section
,
2060 unsigned section_line
,
2067 _cleanup_(address_free_or_set_invalidp
) Address
*n
= NULL
;
2068 Network
*network
= userdata
;
2077 r
= address_new_static(network
, filename
, section_line
, &n
);
2081 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2082 "Failed to allocate new address, ignoring assignment: %m");
2086 if (isempty(rvalue
)) {
2087 n
->label
= mfree(n
->label
);
2092 if (!address_label_valid(rvalue
)) {
2093 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2094 "Interface label is too long or invalid, ignoring assignment: %s", rvalue
);
2098 r
= free_and_strdup(&n
->label
, rvalue
);
2106 int config_parse_lifetime(
2108 const char *filename
,
2110 const char *section
,
2111 unsigned section_line
,
2118 Network
*network
= userdata
;
2119 _cleanup_(address_free_or_set_invalidp
) Address
*n
= NULL
;
2129 r
= address_new_static(network
, filename
, section_line
, &n
);
2133 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2134 "Failed to allocate new address, ignoring assignment: %m");
2138 /* We accept only "forever", "infinity", empty, or "0". */
2139 if (STR_IN_SET(rvalue
, "forever", "infinity", ""))
2141 else if (streq(rvalue
, "0"))
2144 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2145 "Invalid PreferredLifetime= value, ignoring: %s", rvalue
);
2149 n
->lifetime_preferred_usec
= k
;
2155 int config_parse_address_flags(
2157 const char *filename
,
2159 const char *section
,
2160 unsigned section_line
,
2167 Network
*network
= userdata
;
2168 _cleanup_(address_free_or_set_invalidp
) Address
*n
= NULL
;
2177 r
= address_new_static(network
, filename
, section_line
, &n
);
2181 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2182 "Failed to allocate new address, ignoring assignment: %m");
2186 r
= parse_boolean(rvalue
);
2188 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2189 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
2193 if (streq(lvalue
, "AddPrefixRoute"))
2196 SET_FLAG(n
->flags
, ltype
, r
);
2202 int config_parse_address_scope(
2204 const char *filename
,
2206 const char *section
,
2207 unsigned section_line
,
2214 Network
*network
= userdata
;
2215 _cleanup_(address_free_or_set_invalidp
) Address
*n
= NULL
;
2224 r
= address_new_static(network
, filename
, section_line
, &n
);
2228 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2229 "Failed to allocate new address, ignoring assignment: %m");
2233 r
= route_scope_from_string(rvalue
);
2235 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2236 "Could not parse address scope \"%s\", ignoring assignment: %m", rvalue
);
2241 n
->scope_set
= true;
2246 int config_parse_address_route_metric(
2248 const char *filename
,
2250 const char *section
,
2251 unsigned section_line
,
2258 Network
*network
= userdata
;
2259 _cleanup_(address_free_or_set_invalidp
) Address
*n
= NULL
;
2268 r
= address_new_static(network
, filename
, section_line
, &n
);
2272 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2273 "Failed to allocate new address, ignoring assignment: %m");
2277 r
= safe_atou32(rvalue
, &n
->route_metric
);
2279 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2280 "Could not parse %s=, ignoring assignment: %s", lvalue
, rvalue
);
2288 int config_parse_duplicate_address_detection(
2290 const char *filename
,
2292 const char *section
,
2293 unsigned section_line
,
2300 Network
*network
= userdata
;
2301 _cleanup_(address_free_or_set_invalidp
) Address
*n
= NULL
;
2310 r
= address_new_static(network
, filename
, section_line
, &n
);
2314 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2315 "Failed to allocate new address, ignoring assignment: %m");
2319 r
= parse_boolean(rvalue
);
2321 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2322 "For historical reasons, %s=%s means %s=%s. "
2323 "Please use 'both', 'ipv4', 'ipv6' or 'none' instead.",
2324 lvalue
, rvalue
, lvalue
, r
? "none" : "both");
2325 n
->duplicate_address_detection
= r
? ADDRESS_FAMILY_NO
: ADDRESS_FAMILY_YES
;
2330 AddressFamily a
= duplicate_address_detection_address_family_from_string(rvalue
);
2332 log_syntax(unit
, LOG_WARNING
, filename
, line
, a
,
2333 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
2336 n
->duplicate_address_detection
= a
;
2342 int config_parse_address_netlabel(
2344 const char *filename
,
2346 const char *section
,
2347 unsigned section_line
,
2354 Network
*network
= userdata
;
2355 _cleanup_(address_free_or_set_invalidp
) Address
*n
= NULL
;
2365 r
= address_new_static(network
, filename
, section_line
, &n
);
2369 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2370 "Failed to allocate new address, ignoring assignment: %m");
2374 r
= config_parse_string(unit
, filename
, line
, section
, section_line
,
2375 lvalue
, CONFIG_PARSE_STRING_SAFE
, rvalue
, &n
->netlabel
, network
);
2383 static void address_section_adjust_broadcast(Address
*address
) {
2385 assert(address
->section
);
2387 if (!in4_addr_is_set(&address
->broadcast
))
2390 if (address
->family
== AF_INET6
)
2391 log_warning("%s: broadcast address is set for an IPv6 address. "
2392 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2393 address
->section
->filename
, address
->section
->line
);
2394 else if (address
->prefixlen
> 30)
2395 log_warning("%s: broadcast address is set for an IPv4 address with prefix length larger than 30. "
2396 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2397 address
->section
->filename
, address
->section
->line
);
2398 else if (in4_addr_is_set(&address
->in_addr_peer
.in
))
2399 log_warning("%s: broadcast address is set for an IPv4 address with peer address. "
2400 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2401 address
->section
->filename
, address
->section
->line
);
2402 else if (!in4_addr_is_set(&address
->in_addr
.in
))
2403 log_warning("%s: broadcast address is set for an IPv4 address with null address. "
2404 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2405 address
->section
->filename
, address
->section
->line
);
2407 /* Otherwise, keep the specified broadcast address. */
2410 address
->broadcast
.s_addr
= 0;
2413 int address_section_verify(Address
*address
) {
2414 if (section_is_invalid(address
->section
))
2417 if (address
->family
== AF_UNSPEC
) {
2418 assert(address
->section
);
2420 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2421 "%s: Address section without Address= field was configured. "
2422 "Ignoring [Address] section from line %u.",
2423 address
->section
->filename
, address
->section
->line
);
2426 if (address
->family
== AF_INET6
&& !socket_ipv6_is_supported())
2427 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2428 "%s: an IPv6 address was configured, but the kernel does not support IPv6. "
2429 "Ignoring [Address] section from line %u.",
2430 address
->section
->filename
, address
->section
->line
);
2432 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
2434 address_section_adjust_broadcast(address
);
2436 if (address
->family
== AF_INET6
&& address
->label
) {
2437 log_warning("%s: address label is set for IPv6 address in the [Address] section from line %u. "
2438 "Ignoring Label= setting.",
2439 address
->section
->filename
, address
->section
->line
);
2441 address
->label
= mfree(address
->label
);
2444 if (!address
->scope_set
) {
2445 if (in_addr_is_localhost(address
->family
, &address
->in_addr
) > 0)
2446 address
->scope
= RT_SCOPE_HOST
;
2447 else if (in_addr_is_link_local(address
->family
, &address
->in_addr
) > 0)
2448 address
->scope
= RT_SCOPE_LINK
;
2451 if (address
->duplicate_address_detection
< 0) {
2452 if (address
->family
== AF_INET6
)
2453 address
->duplicate_address_detection
= ADDRESS_FAMILY_IPV6
;
2454 else if (in4_addr_is_link_local(&address
->in_addr
.in
))
2455 address
->duplicate_address_detection
= ADDRESS_FAMILY_IPV4
;
2457 address
->duplicate_address_detection
= ADDRESS_FAMILY_NO
;
2458 } else if (address
->duplicate_address_detection
== ADDRESS_FAMILY_IPV6
&& address
->family
== AF_INET
)
2459 log_warning("%s: DuplicateAddressDetection=ipv6 is specified for IPv4 address, ignoring.",
2460 address
->section
->filename
);
2461 else if (address
->duplicate_address_detection
== ADDRESS_FAMILY_IPV4
&& address
->family
== AF_INET6
)
2462 log_warning("%s: DuplicateAddressDetection=ipv4 is specified for IPv6 address, ignoring.",
2463 address
->section
->filename
);
2465 if (address
->family
== AF_INET6
&&
2466 !FLAGS_SET(address
->duplicate_address_detection
, ADDRESS_FAMILY_IPV6
))
2467 address
->flags
|= IFA_F_NODAD
;
2469 uint32_t filtered_flags
= address
->family
== AF_INET
?
2470 address
->flags
& KNOWN_FLAGS
& ~UNMANAGED_FLAGS
& ~IPV6ONLY_FLAGS
:
2471 address
->flags
& KNOWN_FLAGS
& ~UNMANAGED_FLAGS
;
2472 if (address
->flags
!= filtered_flags
) {
2473 _cleanup_free_
char *str
= NULL
;
2475 (void) address_flags_to_string_alloc(filtered_flags
, address
->family
, &str
);
2476 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2477 "%s: unexpected address flags \"%s\" were configured. "
2478 "Ignoring [Address] section from line %u.",
2479 address
->section
->filename
, strna(str
), address
->section
->line
);
2485 int network_drop_invalid_addresses(Network
*network
) {
2486 _cleanup_set_free_ Set
*addresses
= NULL
;
2492 ORDERED_HASHMAP_FOREACH(address
, network
->addresses_by_section
) {
2495 if (address_section_verify(address
) < 0) {
2496 /* Drop invalid [Address] sections or Address= settings in [Network].
2497 * Note that address_free() will drop the address from addresses_by_section. */
2498 address_free(address
);
2502 /* Always use the setting specified later. So, remove the previously assigned setting. */
2503 dup
= set_remove(addresses
, address
);
2505 log_warning("%s: Duplicated address %s is specified at line %u and %u, "
2506 "dropping the address setting specified at line %u.",
2507 dup
->section
->filename
,
2508 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
),
2509 address
->section
->line
,
2510 dup
->section
->line
, dup
->section
->line
);
2511 /* address_free() will drop the address from addresses_by_section. */
2515 /* Use address_hash_ops, instead of address_hash_ops_free. Otherwise, the Address objects
2517 r
= set_ensure_put(&addresses
, &address_hash_ops
, address
);
2523 r
= network_adjust_dhcp_server(network
, &addresses
);
2530 int config_parse_address_ip_nft_set(
2532 const char *filename
,
2534 const char *section
,
2535 unsigned section_line
,
2542 Network
*network
= userdata
;
2543 _cleanup_(address_free_or_set_invalidp
) Address
*n
= NULL
;
2551 r
= address_new_static(network
, filename
, section_line
, &n
);
2555 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2556 "Failed to allocate a new address, ignoring assignment: %m");
2560 r
= config_parse_nft_set(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, &n
->nft_set_context
, network
);