1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <net/if_arp.h>
6 #include "alloc-util.h"
7 #include "firewall-util.h"
9 #include "memory-util.h"
10 #include "netlink-util.h"
11 #include "networkd-address-pool.h"
12 #include "networkd-address.h"
13 #include "networkd-dhcp-server.h"
14 #include "networkd-ipv4acd.h"
15 #include "networkd-manager.h"
16 #include "networkd-netlabel.h"
17 #include "networkd-network.h"
18 #include "networkd-queue.h"
19 #include "networkd-route-util.h"
20 #include "networkd-route.h"
21 #include "parse-util.h"
22 #include "string-util.h"
26 #define ADDRESSES_PER_LINK_MAX 2048U
27 #define STATIC_ADDRESSES_PER_NETWORK_MAX 1024U
38 IFA_F_MANAGETEMPADDR | \
39 IFA_F_NOPREFIXROUTE | \
43 /* From net/ipv4/devinet.c */
44 #define IPV6ONLY_FLAGS \
50 IFA_F_MANAGETEMPADDR | \
53 /* We do not control the following flags. */
54 #define UNMANAGED_FLAGS \
62 int address_flags_to_string_alloc(uint32_t flags
, int family
, char **ret
) {
63 _cleanup_free_
char *str
= NULL
;
64 static const char* map
[] = {
65 [LOG2U(IFA_F_SECONDARY
)] = "secondary", /* This is also called "temporary" for ipv6. */
66 [LOG2U(IFA_F_NODAD
)] = "nodad",
67 [LOG2U(IFA_F_OPTIMISTIC
)] = "optimistic",
68 [LOG2U(IFA_F_DADFAILED
)] = "dadfailed",
69 [LOG2U(IFA_F_HOMEADDRESS
)] = "home-address",
70 [LOG2U(IFA_F_DEPRECATED
)] = "deprecated",
71 [LOG2U(IFA_F_TENTATIVE
)] = "tentative",
72 [LOG2U(IFA_F_PERMANENT
)] = "permanent",
73 [LOG2U(IFA_F_MANAGETEMPADDR
)] = "manage-temporary-address",
74 [LOG2U(IFA_F_NOPREFIXROUTE
)] = "no-prefixroute",
75 [LOG2U(IFA_F_MCAUTOJOIN
)] = "auto-join",
76 [LOG2U(IFA_F_STABLE_PRIVACY
)] = "stable-privacy",
79 assert(IN_SET(family
, AF_INET
, AF_INET6
));
82 for (size_t i
= 0; i
< ELEMENTSOF(map
); i
++)
83 if (FLAGS_SET(flags
, 1 << i
) && map
[i
])
84 if (!strextend_with_separator(
86 family
== AF_INET6
&& (1 << i
) == IFA_F_SECONDARY
? "temporary" : map
[i
]))
93 static LinkAddressState
address_state_from_scope(uint8_t scope
) {
94 if (scope
< RT_SCOPE_SITE
)
95 /* universally accessible addresses found */
96 return LINK_ADDRESS_STATE_ROUTABLE
;
98 if (scope
< RT_SCOPE_HOST
)
99 /* only link or site local addresses found */
100 return LINK_ADDRESS_STATE_DEGRADED
;
102 /* no useful addresses found */
103 return LINK_ADDRESS_STATE_OFF
;
106 void link_get_address_states(
108 LinkAddressState
*ret_ipv4
,
109 LinkAddressState
*ret_ipv6
,
110 LinkAddressState
*ret_all
) {
112 uint8_t ipv4_scope
= RT_SCOPE_NOWHERE
, ipv6_scope
= RT_SCOPE_NOWHERE
;
117 SET_FOREACH(address
, link
->addresses
) {
118 if (!address_is_ready(address
))
121 if (address
->family
== AF_INET
)
122 ipv4_scope
= MIN(ipv4_scope
, address
->scope
);
124 if (address
->family
== AF_INET6
)
125 ipv6_scope
= MIN(ipv6_scope
, address
->scope
);
129 *ret_ipv4
= address_state_from_scope(ipv4_scope
);
131 *ret_ipv6
= address_state_from_scope(ipv6_scope
);
133 *ret_all
= address_state_from_scope(MIN(ipv4_scope
, ipv6_scope
));
136 static void address_hash_func(const Address
*a
, struct siphash
*state
);
137 static int address_compare_func(const Address
*a1
, const Address
*a2
);
138 static void address_detach(Address
*address
);
140 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
141 address_hash_ops_detach
,
144 address_compare_func
,
151 address_compare_func
);
153 DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
154 address_section_hash_ops
,
156 config_section_hash_func
,
157 config_section_compare_func
,
161 int address_new(Address
**ret
) {
162 _cleanup_(address_unrefp
) Address
*address
= NULL
;
164 address
= new(Address
, 1);
168 *address
= (Address
) {
171 .scope
= RT_SCOPE_UNIVERSE
,
172 .lifetime_valid_usec
= USEC_INFINITY
,
173 .lifetime_preferred_usec
= USEC_INFINITY
,
177 *ret
= TAKE_PTR(address
);
182 int address_new_static(Network
*network
, const char *filename
, unsigned section_line
, Address
**ret
) {
183 _cleanup_(config_section_freep
) ConfigSection
*n
= NULL
;
184 _cleanup_(address_unrefp
) Address
*address
= NULL
;
190 assert(section_line
> 0);
192 r
= config_section_new(filename
, section_line
, &n
);
196 address
= ordered_hashmap_get(network
->addresses_by_section
, n
);
198 *ret
= TAKE_PTR(address
);
202 if (ordered_hashmap_size(network
->addresses_by_section
) >= STATIC_ADDRESSES_PER_NETWORK_MAX
)
205 r
= address_new(&address
);
209 address
->network
= network
;
210 address
->section
= TAKE_PTR(n
);
211 address
->source
= NETWORK_CONFIG_SOURCE_STATIC
;
212 /* This will be adjusted in address_section_verify(). */
213 address
->duplicate_address_detection
= _ADDRESS_FAMILY_INVALID
;
215 r
= ordered_hashmap_ensure_put(&network
->addresses_by_section
, &address_section_hash_ops
, address
->section
, address
);
219 *ret
= TAKE_PTR(address
);
223 static Address
* address_detach_impl(Address
*address
) {
225 assert(!address
->link
|| !address
->network
);
227 if (address
->network
) {
228 assert(address
->section
);
229 ordered_hashmap_remove(address
->network
->addresses_by_section
, address
->section
);
231 if (address
->network
->dhcp_server_address
== address
)
232 address
->network
->dhcp_server_address
= NULL
;
234 address
->network
= NULL
;
239 set_remove(address
->link
->addresses
, address
);
241 address
->link
= NULL
;
248 static void address_detach(Address
*address
) {
251 address_unref(address_detach_impl(address
));
254 static Address
* address_free(Address
*address
) {
258 address_detach_impl(address
);
260 config_section_free(address
->section
);
261 free(address
->label
);
262 free(address
->netlabel
);
263 nft_set_context_clear(&address
->nft_set_context
);
264 return mfree(address
);
267 DEFINE_TRIVIAL_REF_UNREF_FUNC(Address
, address
, address_free
);
269 static bool address_lifetime_is_valid(const Address
*a
) {
273 a
->lifetime_valid_usec
== USEC_INFINITY
||
274 a
->lifetime_valid_usec
> now(CLOCK_BOOTTIME
);
277 bool address_is_ready(const Address
*a
) {
281 if (!ipv4acd_bound(a
->link
, a
))
284 if (FLAGS_SET(a
->flags
, IFA_F_TENTATIVE
))
287 if (FLAGS_SET(a
->state
, NETWORK_CONFIG_STATE_REMOVING
))
290 if (!FLAGS_SET(a
->state
, NETWORK_CONFIG_STATE_CONFIGURED
))
293 return address_lifetime_is_valid(a
);
296 bool link_check_addresses_ready(Link
*link
, NetworkConfigSource source
) {
302 /* Check if all addresses on the interface are ready. If there is no address, this will return false. */
304 SET_FOREACH(a
, link
->addresses
) {
305 if (source
>= 0 && a
->source
!= source
)
307 if (address_is_marked(a
))
309 if (!address_exists(a
))
311 if (!address_is_ready(a
))
319 void link_mark_addresses(Link
*link
, NetworkConfigSource source
) {
324 SET_FOREACH(a
, link
->addresses
) {
325 if (a
->source
!= source
)
332 static int address_get_broadcast(const Address
*a
, Link
*link
, struct in_addr
*ret
) {
333 struct in_addr b_addr
= {};
338 /* Returns 0 when broadcast address is null, 1 when non-null broadcast address, -EAGAIN when the main
339 * address is null. */
341 /* broadcast is only for IPv4. */
342 if (a
->family
!= AF_INET
)
345 /* broadcast address cannot be used when peer address is specified. */
346 if (in4_addr_is_set(&a
->in_addr_peer
.in
))
349 /* A /31 or /32 IPv4 address does not have a broadcast address.
350 * See https://tools.ietf.org/html/rfc3021 */
351 if (a
->prefixlen
> 30)
354 /* If explicitly configured, use the address as is. */
355 if (in4_addr_is_set(&a
->broadcast
)) {
356 b_addr
= a
->broadcast
;
360 /* If explicitly disabled, then return null address. */
361 if (a
->set_broadcast
== 0)
364 /* For wireguard interfaces, broadcast is disabled by default. */
365 if (a
->set_broadcast
< 0 && streq_ptr(link
->kind
, "wireguard"))
368 /* If the main address is null, e.g. Address=0.0.0.0/24, the broadcast address will be automatically
369 * determined after an address is acquired. */
370 if (!in4_addr_is_set(&a
->in_addr
.in
))
373 /* Otherwise, generate a broadcast address from the main address and prefix length. */
374 b_addr
.s_addr
= a
->in_addr
.in
.s_addr
| htobe32(UINT32_C(0xffffffff) >> a
->prefixlen
);
380 return in4_addr_is_set(&b_addr
);
383 static void address_set_broadcast(Address
*a
, Link
*link
) {
385 assert_se(address_get_broadcast(a
, link
, &a
->broadcast
) >= 0);
388 static void address_set_cinfo(Manager
*m
, const Address
*a
, struct ifa_cacheinfo
*cinfo
) {
395 assert_se(sd_event_now(m
->event
, CLOCK_BOOTTIME
, &now_usec
) >= 0);
397 *cinfo
= (struct ifa_cacheinfo
) {
398 .ifa_valid
= usec_to_sec(a
->lifetime_valid_usec
, now_usec
),
399 .ifa_prefered
= usec_to_sec(a
->lifetime_preferred_usec
, now_usec
),
403 static void address_set_lifetime(Manager
*m
, Address
*a
, const struct ifa_cacheinfo
*cinfo
) {
410 assert_se(sd_event_now(m
->event
, CLOCK_BOOTTIME
, &now_usec
) >= 0);
412 a
->lifetime_valid_usec
= sec_to_usec(cinfo
->ifa_valid
, now_usec
);
413 a
->lifetime_preferred_usec
= sec_to_usec(cinfo
->ifa_prefered
, now_usec
);
416 static bool address_is_static_null(const Address
*address
) {
419 if (!address
->network
)
422 if (!address
->requested_as_null
)
425 assert(!in_addr_is_set(address
->family
, &address
->in_addr
));
429 static int address_ipv4_prefix(const Address
*a
, struct in_addr
*ret
) {
434 assert(a
->family
== AF_INET
);
437 p
= in4_addr_is_set(&a
->in_addr_peer
.in
) ? a
->in_addr_peer
.in
: a
->in_addr
.in
;
438 r
= in4_addr_mask(&p
, a
->prefixlen
);
446 static void address_hash_func(const Address
*a
, struct siphash
*state
) {
449 siphash24_compress_typesafe(a
->family
, state
);
453 struct in_addr prefix
;
455 siphash24_compress_typesafe(a
->prefixlen
, state
);
457 assert_se(address_ipv4_prefix(a
, &prefix
) >= 0);
458 siphash24_compress_typesafe(prefix
, state
);
460 siphash24_compress_typesafe(a
->in_addr
.in
, state
);
464 siphash24_compress_typesafe(a
->in_addr
.in6
, state
);
466 if (in6_addr_is_null(&a
->in_addr
.in6
))
467 siphash24_compress_typesafe(a
->prefixlen
, state
);
471 /* treat any other address family as AF_UNSPEC */
476 static int address_compare_func(const Address
*a1
, const Address
*a2
) {
479 r
= CMP(a1
->family
, a2
->family
);
483 switch (a1
->family
) {
485 struct in_addr p1
, p2
;
487 /* See kernel's find_matching_ifa() in net/ipv4/devinet.c */
488 r
= CMP(a1
->prefixlen
, a2
->prefixlen
);
492 assert_se(address_ipv4_prefix(a1
, &p1
) >= 0);
493 assert_se(address_ipv4_prefix(a2
, &p2
) >= 0);
494 r
= memcmp(&p1
, &p2
, sizeof(p1
));
498 return memcmp(&a1
->in_addr
.in
, &a2
->in_addr
.in
, sizeof(a1
->in_addr
.in
));
501 /* See kernel's ipv6_get_ifaddr() in net/ipv6/addrconf.c */
502 r
= memcmp(&a1
->in_addr
.in6
, &a2
->in_addr
.in6
, sizeof(a1
->in_addr
.in6
));
506 /* To distinguish IPv6 null addresses with different prefixlen, e.g. ::48 vs ::64, let's
507 * compare the prefix length. */
508 if (in6_addr_is_null(&a1
->in_addr
.in6
))
509 r
= CMP(a1
->prefixlen
, a2
->prefixlen
);
514 /* treat any other address family as AF_UNSPEC */
519 bool address_can_update(const Address
*existing
, const Address
*requesting
) {
524 * property | IPv4 | IPv6
525 * -----------------------------------------
527 * prefixlen | ✗ | ✗
528 * address | ✗ | ✗
531 * broadcast | ✗ | -
534 * lifetime | ✓ | ✓
535 * route metric | ✓ | ✓
536 * protocol | ✓ | ✓
538 * ✗ : cannot be changed
539 * ✓ : can be changed
542 * IPv4 : See inet_rtm_newaddr() in net/ipv4/devinet.c.
543 * IPv6 : See inet6_addr_modify() in net/ipv6/addrconf.c.
546 if (existing
->family
!= requesting
->family
)
549 if (existing
->prefixlen
!= requesting
->prefixlen
)
552 /* When a null address is requested, the address to be assigned/updated will be determined later. */
553 if (!address_is_static_null(requesting
) &&
554 in_addr_equal(existing
->family
, &existing
->in_addr
, &requesting
->in_addr
) <= 0)
557 switch (existing
->family
) {
559 struct in_addr bcast
;
561 if (existing
->scope
!= requesting
->scope
)
563 if (((existing
->flags
^ requesting
->flags
) & KNOWN_FLAGS
& ~IPV6ONLY_FLAGS
& ~UNMANAGED_FLAGS
) != 0)
565 if (!streq_ptr(existing
->label
, requesting
->label
))
567 if (!in4_addr_equal(&existing
->in_addr_peer
.in
, &requesting
->in_addr_peer
.in
))
569 if (existing
->link
&& address_get_broadcast(requesting
, existing
->link
, &bcast
) >= 0) {
570 /* If the broadcast address can be determined now, check if they match. */
571 if (!in4_addr_equal(&existing
->broadcast
, &bcast
))
574 /* When a null address is requested, then the broadcast address will be
575 * automatically calculated from the acquired address, e.g.
576 * 192.168.0.10/24 -> 192.168.0.255
577 * So, here let's only check if the broadcast is the last address in the range, e.g.
578 * 0.0.0.0/24 -> 0.0.0.255 */
579 if (!FLAGS_SET(existing
->broadcast
.s_addr
, htobe32(UINT32_C(0xffffffff) >> existing
->prefixlen
)))
588 assert_not_reached();
594 int address_dup(const Address
*src
, Address
**ret
) {
595 _cleanup_(address_unrefp
) Address
*dest
= NULL
;
601 dest
= newdup(Address
, src
, 1);
605 /* clear the reference counter and all pointers */
607 dest
->network
= NULL
;
608 dest
->section
= NULL
;
611 dest
->netlabel
= NULL
;
612 dest
->nft_set_context
.sets
= NULL
;
613 dest
->nft_set_context
.n_sets
= 0;
615 if (src
->family
== AF_INET
) {
616 r
= strdup_to(&dest
->label
, src
->label
);
621 r
= strdup_to(&dest
->netlabel
, src
->netlabel
);
625 r
= nft_set_context_dup(&src
->nft_set_context
, &dest
->nft_set_context
);
629 *ret
= TAKE_PTR(dest
);
633 static int address_set_masquerade(Address
*address
, bool add
) {
634 union in_addr_union masked
;
638 assert(address
->link
);
640 if (!address
->link
->network
)
643 if (address
->family
== AF_INET
&&
644 !FLAGS_SET(address
->link
->network
->ip_masquerade
, ADDRESS_FAMILY_IPV4
))
647 if (address
->family
== AF_INET6
&&
648 !FLAGS_SET(address
->link
->network
->ip_masquerade
, ADDRESS_FAMILY_IPV6
))
651 if (address
->scope
>= RT_SCOPE_LINK
)
654 if (address
->ip_masquerade_done
== add
)
657 masked
= address
->in_addr
;
658 r
= in_addr_mask(address
->family
, &masked
, address
->prefixlen
);
662 r
= fw_add_masquerade(&address
->link
->manager
->fw_ctx
, add
, address
->family
, &masked
, address
->prefixlen
);
666 address
->ip_masquerade_done
= add
;
671 static void address_modify_nft_set_context(Address
*address
, bool add
, NFTSetContext
*nft_set_context
) {
675 assert(address
->link
);
676 assert(address
->link
->manager
);
677 assert(nft_set_context
);
679 if (!address
->link
->manager
->fw_ctx
) {
680 r
= fw_ctx_new_full(&address
->link
->manager
->fw_ctx
, /* init_tables= */ false);
685 FOREACH_ARRAY(nft_set
, nft_set_context
->sets
, nft_set_context
->n_sets
) {
690 switch (nft_set
->source
) {
691 case NFT_SET_SOURCE_ADDRESS
:
692 r
= nft_set_element_modify_ip(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, address
->family
, nft_set
->table
, nft_set
->set
,
695 case NFT_SET_SOURCE_PREFIX
:
696 r
= nft_set_element_modify_iprange(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, address
->family
, nft_set
->table
, nft_set
->set
,
697 &address
->in_addr
, address
->prefixlen
);
699 case NFT_SET_SOURCE_IFINDEX
:
700 ifindex
= address
->link
->ifindex
;
701 r
= nft_set_element_modify_any(address
->link
->manager
->fw_ctx
, add
, nft_set
->nfproto
, nft_set
->table
, nft_set
->set
,
702 &ifindex
, sizeof(ifindex
));
705 assert_not_reached();
709 log_warning_errno(r
, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m",
710 add
? "add" : "delete",
711 nfproto_to_string(nft_set
->nfproto
), nft_set
->table
, nft_set
->set
,
712 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
714 log_debug("%s NFT set: family %s, table %s, set %s, IP address %s",
715 add
? "Added" : "Deleted",
716 nfproto_to_string(nft_set
->nfproto
), nft_set
->table
, nft_set
->set
,
717 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
721 static void address_modify_nft_set(Address
*address
, bool add
) {
723 assert(address
->link
);
725 if (!IN_SET(address
->family
, AF_INET
, AF_INET6
))
728 if (!address
->link
->network
)
731 switch (address
->source
) {
732 case NETWORK_CONFIG_SOURCE_DHCP4
:
733 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp_nft_set_context
);
734 case NETWORK_CONFIG_SOURCE_DHCP6
:
735 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp6_nft_set_context
);
736 case NETWORK_CONFIG_SOURCE_DHCP_PD
:
737 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->dhcp_pd_nft_set_context
);
738 case NETWORK_CONFIG_SOURCE_NDISC
:
739 return address_modify_nft_set_context(address
, add
, &address
->link
->network
->ndisc_nft_set_context
);
740 case NETWORK_CONFIG_SOURCE_STATIC
:
741 return address_modify_nft_set_context(address
, add
, &address
->nft_set_context
);
747 static int address_attach(Link
*link
, Address
*address
) {
752 assert(!address
->link
);
754 r
= set_ensure_put(&link
->addresses
, &address_hash_ops_detach
, address
);
760 address
->link
= link
;
761 address_ref(address
);
765 static int address_update(Address
*address
) {
766 Link
*link
= ASSERT_PTR(ASSERT_PTR(address
)->link
);
769 if (address_is_ready(address
) &&
770 address
->family
== AF_INET6
&&
771 in6_addr_is_link_local(&address
->in_addr
.in6
) &&
772 in6_addr_is_null(&link
->ipv6ll_address
)) {
774 link
->ipv6ll_address
= address
->in_addr
.in6
;
776 r
= link_ipv6ll_gained(link
);
781 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
784 r
= address_set_masquerade(address
, /* add = */ true);
786 return log_link_warning_errno(link
, r
, "Could not enable IP masquerading: %m");
788 address_add_netlabel(address
);
790 address_modify_nft_set(address
, /* add = */ true);
792 if (address_is_ready(address
) && address
->callback
) {
793 r
= address
->callback(address
);
798 link_update_operstate(link
, /* also_update_master = */ true);
799 link_check_ready(link
);
803 static int address_drop(Address
*address
) {
804 Link
*link
= ASSERT_PTR(ASSERT_PTR(address
)->link
);
807 r
= address_set_masquerade(address
, /* add = */ false);
809 log_link_warning_errno(link
, r
, "Failed to disable IP masquerading, ignoring: %m");
811 address_modify_nft_set(address
, /* add = */ false);
813 address_del_netlabel(address
);
815 /* FIXME: if the IPv6LL address is dropped, stop DHCPv6, NDISC, RADV. */
816 if (address
->family
== AF_INET6
&&
817 in6_addr_equal(&address
->in_addr
.in6
, &link
->ipv6ll_address
))
818 link
->ipv6ll_address
= (const struct in6_addr
) {};
820 ipv4acd_detach(link
, address
);
822 address_detach(address
);
824 link_update_operstate(link
, /* also_update_master = */ true);
825 link_check_ready(link
);
829 static bool address_match_null(const Address
*a
, const Address
*null_address
) {
831 assert(null_address
);
833 if (!a
->requested_as_null
)
836 /* Currently, null address is supported only by static addresses. Note that static
837 * address may be set as foreign during reconfiguring the interface. */
838 if (!IN_SET(a
->source
, NETWORK_CONFIG_SOURCE_FOREIGN
, NETWORK_CONFIG_SOURCE_STATIC
))
841 if (a
->family
!= null_address
->family
)
844 if (a
->prefixlen
!= null_address
->prefixlen
)
850 static int address_get_request(Link
*link
, const Address
*address
, Request
**ret
) {
854 assert(link
->manager
);
857 req
= ordered_set_get(
858 link
->manager
->request_queue
,
861 .type
= REQUEST_TYPE_ADDRESS
,
862 .userdata
= (void*) address
,
863 .hash_func
= (hash_func_t
) address_hash_func
,
864 .compare_func
= (compare_func_t
) address_compare_func
,
872 if (address_is_static_null(address
))
873 ORDERED_SET_FOREACH(req
, link
->manager
->request_queue
) {
874 if (req
->link
!= link
)
876 if (req
->type
!= REQUEST_TYPE_ADDRESS
)
879 if (!address_match_null(req
->userdata
, address
))
891 int address_get(Link
*link
, const Address
*in
, Address
**ret
) {
897 a
= set_get(link
->addresses
, in
);
904 /* Find matching address that originally requested as null address. */
905 if (address_is_static_null(in
))
906 SET_FOREACH(a
, link
->addresses
) {
907 if (!address_match_null(a
, in
))
918 int address_get_harder(Link
*link
, const Address
*in
, Address
**ret
) {
925 if (address_get(link
, in
, ret
) >= 0)
928 r
= address_get_request(link
, in
, &req
);
933 *ret
= ASSERT_PTR(req
->userdata
);
938 int link_get_address(Link
*link
, int family
, const union in_addr_union
*address
, unsigned char prefixlen
, Address
**ret
) {
943 assert(IN_SET(family
, AF_INET
, AF_INET6
));
946 /* This find an Address object on the link which matches the given address and prefix length
947 * and does not have peer address. When the prefixlen is zero, then an Address object with an
948 * arbitrary prefixlen will be returned. */
950 if (family
== AF_INET6
|| prefixlen
!= 0) {
951 _cleanup_(address_unrefp
) Address
*tmp
= NULL
;
953 /* In this case, we can use address_get(). */
955 r
= address_new(&tmp
);
959 tmp
->family
= family
;
960 tmp
->in_addr
= *address
;
961 tmp
->prefixlen
= prefixlen
;
963 r
= address_get(link
, tmp
, &a
);
967 if (family
== AF_INET6
) {
968 /* IPv6 addresses are managed without peer address and prefix length. Hence, we need
969 * to check them explicitly. */
970 if (in_addr_is_set(family
, &a
->in_addr_peer
))
972 if (prefixlen
!= 0 && a
->prefixlen
!= prefixlen
)
982 SET_FOREACH(a
, link
->addresses
) {
983 if (a
->family
!= family
)
986 if (!in_addr_equal(family
, &a
->in_addr
, address
))
989 if (in_addr_is_set(family
, &a
->in_addr_peer
))
1001 int manager_get_address(Manager
*manager
, int family
, const union in_addr_union
*address
, unsigned char prefixlen
, Address
**ret
) {
1005 assert(IN_SET(family
, AF_INET
, AF_INET6
));
1008 HASHMAP_FOREACH(link
, manager
->links_by_index
) {
1009 if (!IN_SET(link
->state
, LINK_STATE_CONFIGURING
, LINK_STATE_CONFIGURED
))
1012 if (link_get_address(link
, family
, address
, prefixlen
, ret
) >= 0)
1019 bool manager_has_address(Manager
*manager
, int family
, const union in_addr_union
*address
) {
1023 assert(IN_SET(family
, AF_INET
, AF_INET6
));
1026 if (manager_get_address(manager
, family
, address
, 0, &a
) < 0)
1029 return address_is_ready(a
);
1032 const char* format_lifetime(char *buf
, size_t l
, usec_t lifetime_usec
) {
1036 if (lifetime_usec
== USEC_INFINITY
)
1039 sprintf(buf
, "for ");
1040 /* format_timespan() never fails */
1041 assert_se(format_timespan(buf
+ 4, l
- 4, usec_sub_unsigned(lifetime_usec
, now(CLOCK_BOOTTIME
)), USEC_PER_SEC
));
1045 static void log_address_debug(const Address
*address
, const char *str
, const Link
*link
) {
1046 _cleanup_free_
char *state
= NULL
, *flags_str
= NULL
, *scope_str
= NULL
;
1055 (void) network_config_state_to_string_alloc(address
->state
, &state
);
1057 const char *peer
= in_addr_is_set(address
->family
, &address
->in_addr_peer
) ?
1058 IN_ADDR_TO_STRING(address
->family
, &address
->in_addr_peer
) : NULL
;
1060 const char *broadcast
= (address
->family
== AF_INET
&& in4_addr_is_set(&address
->broadcast
)) ?
1061 IN4_ADDR_TO_STRING(&address
->broadcast
) : NULL
;
1063 (void) address_flags_to_string_alloc(address
->flags
, address
->family
, &flags_str
);
1064 (void) route_scope_to_string_alloc(address
->scope
, &scope_str
);
1066 log_link_debug(link
, "%s %s address (%s): %s%s%s/%u%s%s (valid %s, preferred %s), flags: %s, scope: %s%s%s",
1067 str
, strna(network_config_source_to_string(address
->source
)), strna(state
),
1068 IN_ADDR_TO_STRING(address
->family
, &address
->in_addr
),
1069 peer
? " peer " : "", strempty(peer
), address
->prefixlen
,
1070 broadcast
? " broadcast " : "", strempty(broadcast
),
1071 FORMAT_LIFETIME(address
->lifetime_valid_usec
),
1072 FORMAT_LIFETIME(address
->lifetime_preferred_usec
),
1073 strna(flags_str
), strna(scope_str
),
1074 address
->family
== AF_INET
? ", label: " : "",
1075 address
->family
== AF_INET
? strna(address
->label
) : "");
1078 static int address_set_netlink_message(const Address
*address
, sd_netlink_message
*m
, Link
*link
) {
1086 r
= sd_rtnl_message_addr_set_prefixlen(m
, address
->prefixlen
);
1090 /* On remove, only IFA_F_MANAGETEMPADDR flag for IPv6 addresses are used. But anyway, set all
1091 * flags except tentative flag here unconditionally. Without setting the flag, the template
1092 * addresses generated by kernel will not be removed automatically when the main address is
1094 flags
= address
->flags
& ~IFA_F_TENTATIVE
;
1095 r
= sd_rtnl_message_addr_set_flags(m
, flags
& 0xff);
1099 if ((flags
& ~0xff) != 0) {
1100 r
= sd_netlink_message_append_u32(m
, IFA_FLAGS
, flags
);
1105 r
= netlink_message_append_in_addr_union(m
, IFA_LOCAL
, address
->family
, &address
->in_addr
);
1112 static int address_remove_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, RemoveRequest
*rreq
) {
1118 Link
*link
= ASSERT_PTR(rreq
->link
);
1119 Address
*address
= ASSERT_PTR(rreq
->userdata
);
1121 if (link
->state
== LINK_STATE_LINGER
)
1124 r
= sd_netlink_message_get_errno(m
);
1126 log_link_message_full_errno(link
, m
,
1127 (r
== -EADDRNOTAVAIL
|| !address
->link
) ? LOG_DEBUG
: LOG_WARNING
,
1128 r
, "Could not drop address");
1130 if (address
->link
) {
1131 /* If the address cannot be removed, then assume the address is already removed. */
1132 log_address_debug(address
, "Forgetting", link
);
1135 if (address_get_request(link
, address
, &req
) >= 0)
1136 address_enter_removed(req
->userdata
);
1138 (void) address_drop(address
);
1145 int address_remove(Address
*address
, Link
*link
) {
1146 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
1150 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
1152 assert(link
->ifindex
> 0);
1153 assert(link
->manager
);
1154 assert(link
->manager
->rtnl
);
1156 /* If the address is remembered, use the remembered object. */
1157 (void) address_get(link
, address
, &address
);
1159 log_address_debug(address
, "Removing", link
);
1161 r
= sd_rtnl_message_new_addr(link
->manager
->rtnl
, &m
, RTM_DELADDR
,
1162 link
->ifindex
, address
->family
);
1164 return log_link_warning_errno(link
, r
, "Could not allocate RTM_DELADDR message: %m");
1166 r
= address_set_netlink_message(address
, m
, link
);
1168 return log_link_warning_errno(link
, r
, "Could not set netlink attributes: %m");
1170 r
= link_remove_request_add(link
, address
, address
, link
->manager
->rtnl
, m
, address_remove_handler
);
1172 return log_link_warning_errno(link
, r
, "Could not queue rtnetlink message: %m");
1174 address_enter_removing(address
);
1176 /* The operational state is determined by address state and carrier state. Hence, if we remove
1177 * an address, the operational state may be changed. */
1178 link_update_operstate(link
, true);
1182 int address_remove_and_cancel(Address
*address
, Link
*link
) {
1183 _cleanup_(request_unrefp
) Request
*req
= NULL
;
1184 bool waiting
= false;
1188 assert(link
->manager
);
1190 /* If the address is remembered by the link, then use the remembered object. */
1191 (void) address_get(link
, address
, &address
);
1193 /* Cancel the request for the address. If the request is already called but we have not received the
1194 * notification about the request, then explicitly remove the address. */
1195 if (address_get_request(link
, address
, &req
) >= 0) {
1196 request_ref(req
); /* avoid the request freed by request_detach() */
1197 waiting
= req
->waiting_reply
;
1198 request_detach(req
);
1199 address_cancel_requesting(address
);
1202 /* If we know the address will come or already exists, remove it. */
1203 if (waiting
|| (address
->link
&& address_exists(address
)))
1204 return address_remove(address
, link
);
1209 bool link_address_is_dynamic(const Link
*link
, const Address
*address
) {
1213 assert(link
->manager
);
1216 if (address
->lifetime_preferred_usec
!= USEC_INFINITY
)
1219 /* Even when the address is leased from a DHCP server, networkd assign the address
1220 * without lifetime when KeepConfiguration=dhcp. So, let's check that we have
1221 * corresponding routes with RTPROT_DHCP. */
1222 SET_FOREACH(route
, link
->manager
->routes
) {
1223 if (route
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
)
1226 /* The route is not assigned yet, or already removed. Ignoring. */
1227 if (!route_exists(route
))
1230 if (route
->protocol
!= RTPROT_DHCP
)
1233 if (route
->nexthop
.ifindex
!= link
->ifindex
)
1236 if (address
->family
!= route
->family
)
1239 if (in_addr_equal(address
->family
, &address
->in_addr
, &route
->prefsrc
))
1246 int link_drop_ipv6ll_addresses(Link
*link
) {
1247 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*req
= NULL
, *reply
= NULL
;
1251 assert(link
->manager
);
1252 assert(link
->manager
->rtnl
);
1254 /* IPv6LL address may be in the tentative state, and in that case networkd has not received it.
1255 * So, we need to dump all IPv6 addresses. */
1257 if (link_may_have_ipv6ll(link
, /* check_multicast = */ false))
1260 r
= sd_rtnl_message_new_addr(link
->manager
->rtnl
, &req
, RTM_GETADDR
, link
->ifindex
, AF_INET6
);
1264 r
= sd_netlink_message_set_request_dump(req
, true);
1268 r
= sd_netlink_call(link
->manager
->rtnl
, req
, 0, &reply
);
1272 for (sd_netlink_message
*addr
= reply
; addr
; addr
= sd_netlink_message_next(addr
)) {
1273 _cleanup_(address_unrefp
) Address
*a
= NULL
;
1274 unsigned char flags
, prefixlen
;
1275 struct in6_addr address
;
1278 /* NETLINK_GET_STRICT_CHK socket option is supported since kernel 4.20. To support
1279 * older kernels, we need to check ifindex here. */
1280 r
= sd_rtnl_message_addr_get_ifindex(addr
, &ifindex
);
1282 log_link_debug_errno(link
, r
, "rtnl: received address message without valid ifindex, ignoring: %m");
1284 } else if (link
->ifindex
!= ifindex
)
1287 r
= sd_rtnl_message_addr_get_flags(addr
, &flags
);
1289 log_link_debug_errno(link
, r
, "rtnl: received address message without valid flags, ignoring: %m");
1293 r
= sd_rtnl_message_addr_get_prefixlen(addr
, &prefixlen
);
1295 log_link_debug_errno(link
, r
, "rtnl: received address message without prefixlen, ignoring: %m");
1299 if (sd_netlink_message_read_in6_addr(addr
, IFA_LOCAL
, NULL
) >= 0)
1300 /* address with peer, ignoring. */
1303 r
= sd_netlink_message_read_in6_addr(addr
, IFA_ADDRESS
, &address
);
1305 log_link_debug_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1309 if (!in6_addr_is_link_local(&address
))
1312 r
= address_new(&a
);
1316 a
->family
= AF_INET6
;
1317 a
->in_addr
.in6
= address
;
1318 a
->prefixlen
= prefixlen
;
1321 r
= address_remove(a
, link
);
1329 int link_drop_foreign_addresses(Link
*link
) {
1334 assert(link
->network
);
1336 /* First, mark all addresses. */
1337 SET_FOREACH(address
, link
->addresses
) {
1338 /* We consider IPv6LL addresses to be managed by the kernel, or dropped in link_drop_ipv6ll_addresses() */
1339 if (address
->family
== AF_INET6
&& in6_addr_is_link_local(&address
->in_addr
.in6
))
1342 /* Do not remove localhost address (127.0.0.1 and ::1) */
1343 if (link
->flags
& IFF_LOOPBACK
&& in_addr_is_localhost_one(address
->family
, &address
->in_addr
) > 0)
1346 /* Ignore addresses we configured. */
1347 if (address
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
)
1350 /* Ignore addresses not assigned yet or already removing. */
1351 if (!address_exists(address
))
1354 /* link_address_is_dynamic() is slightly heavy. Let's call the function only when KeepConfiguration= is set. */
1355 if (IN_SET(link
->network
->keep_configuration
, KEEP_CONFIGURATION_DHCP
, KEEP_CONFIGURATION_STATIC
) &&
1356 link_address_is_dynamic(link
, address
) == (link
->network
->keep_configuration
== KEEP_CONFIGURATION_DHCP
))
1359 address_mark(address
);
1362 /* Then, unmark requested addresses. */
1363 ORDERED_HASHMAP_FOREACH(address
, link
->network
->addresses_by_section
) {
1366 if (address_get(link
, address
, &existing
) < 0)
1369 if (!address_can_update(existing
, address
))
1372 /* Found matching static configuration. Keep the existing address. */
1373 address_unmark(existing
);
1376 /* Finally, remove all marked addresses. */
1377 SET_FOREACH(address
, link
->addresses
) {
1378 if (!address_is_marked(address
))
1381 RET_GATHER(r
, address_remove(address
, link
));
1387 int link_drop_static_addresses(Link
*link
) {
1393 SET_FOREACH(address
, link
->addresses
) {
1394 /* Remove only static addresses here. Dynamic addresses will be removed e.g. on lease
1395 * expiration or stopping the DHCP client. */
1396 if (address
->source
!= NETWORK_CONFIG_SOURCE_STATIC
)
1399 /* Ignore addresses not assigned yet or already removing. */
1400 if (!address_exists(address
))
1403 RET_GATHER(r
, address_remove(address
, link
));
1409 void link_foreignize_addresses(Link
*link
) {
1414 SET_FOREACH(address
, link
->addresses
)
1415 address
->source
= NETWORK_CONFIG_SOURCE_FOREIGN
;
1418 int address_configure_handler_internal(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
, const char *error_msg
) {
1426 r
= sd_netlink_message_get_errno(m
);
1427 if (r
< 0 && r
!= -EEXIST
) {
1428 log_link_message_warning_errno(link
, m
, r
, error_msg
);
1429 link_enter_failed(link
);
1436 static int address_configure(const Address
*address
, const struct ifa_cacheinfo
*c
, Link
*link
, Request
*req
) {
1437 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
1441 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
1444 assert(link
->ifindex
> 0);
1445 assert(link
->manager
);
1446 assert(link
->manager
->rtnl
);
1449 log_address_debug(address
, "Configuring", link
);
1451 r
= sd_rtnl_message_new_addr_update(link
->manager
->rtnl
, &m
, link
->ifindex
, address
->family
);
1455 r
= address_set_netlink_message(address
, m
, link
);
1459 r
= sd_rtnl_message_addr_set_scope(m
, address
->scope
);
1463 if (address
->family
== AF_INET6
|| in_addr_is_set(address
->family
, &address
->in_addr_peer
)) {
1464 r
= netlink_message_append_in_addr_union(m
, IFA_ADDRESS
, address
->family
, &address
->in_addr_peer
);
1467 } else if (in4_addr_is_set(&address
->broadcast
)) {
1468 r
= sd_netlink_message_append_in_addr(m
, IFA_BROADCAST
, &address
->broadcast
);
1473 if (address
->family
== AF_INET
&& address
->label
) {
1474 r
= sd_netlink_message_append_string(m
, IFA_LABEL
, address
->label
);
1479 r
= sd_netlink_message_append_cache_info(m
, IFA_CACHEINFO
, c
);
1483 r
= sd_netlink_message_append_u32(m
, IFA_RT_PRIORITY
, address
->route_metric
);
1487 return request_call_netlink_async(link
->manager
->rtnl
, m
, req
);
1490 static int address_acquire(Link
*link
, const Address
*address
, union in_addr_union
*ret
) {
1491 union in_addr_union a
;
1498 r
= address_acquire_from_dhcp_server_leases_file(link
, address
, ret
);
1502 r
= address_pool_acquire(link
->manager
, address
->family
, address
->prefixlen
, &a
);
1508 /* Pick first address in range for ourselves. */
1509 if (address
->family
== AF_INET
)
1510 a
.in
.s_addr
|= htobe32(1);
1511 else if (address
->family
== AF_INET6
)
1512 a
.in6
.s6_addr
[15] |= 1;
1514 assert_not_reached();
1520 static int address_requeue_request(Request
*req
, Link
*link
, const Address
*address
) {
1525 assert(link
->manager
);
1526 assert(link
->network
);
1529 /* Something useful was configured? just use it */
1530 if (in_addr_is_set(address
->family
, &address
->in_addr
))
1533 /* The address is configured to be 0.0.0.0 or [::] by the user?
1534 * Then let's acquire something more useful. */
1535 union in_addr_union a
;
1536 r
= address_acquire(link
, address
, &a
);
1540 _cleanup_(address_unrefp
) Address
*tmp
= NULL
;
1541 r
= address_dup(address
, &tmp
);
1547 r
= link_requeue_request(link
, req
, tmp
, NULL
);
1551 return -EEXIST
; /* Already queued?? Strange... */
1554 return 1; /* A new request is queued. it is not necessary to process this request anymore. */
1557 static int address_process_request(Request
*req
, Link
*link
, Address
*address
) {
1559 struct ifa_cacheinfo c
;
1566 if (!link_is_ready_to_configure(link
, false))
1569 /* Refuse adding more than the limit */
1570 if (set_size(link
->addresses
) >= ADDRESSES_PER_LINK_MAX
)
1573 r
= address_requeue_request(req
, link
, address
);
1579 address_set_broadcast(address
, link
);
1581 r
= ipv4acd_configure(link
, address
);
1585 if (!ipv4acd_bound(link
, address
))
1588 address_set_cinfo(link
->manager
, address
, &c
);
1589 if (c
.ifa_valid
== 0) {
1590 log_link_debug(link
, "Refuse to configure %s address %s, as its valid lifetime is zero.",
1591 network_config_source_to_string(address
->source
),
1592 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
));
1594 address_cancel_requesting(address
);
1595 if (address_get(link
, address
, &existing
) >= 0)
1596 address_cancel_requesting(existing
);
1600 r
= address_configure(address
, &c
, link
, req
);
1602 return log_link_warning_errno(link
, r
, "Failed to configure address: %m");
1604 address_enter_configuring(address
);
1605 if (address_get(link
, address
, &existing
) >= 0)
1606 address_enter_configuring(existing
);
1611 int link_request_address(
1613 const Address
*address
,
1614 unsigned *message_counter
,
1615 address_netlink_handler_t netlink_handler
,
1618 _cleanup_(address_unrefp
) Address
*tmp
= NULL
;
1619 Address
*existing
= NULL
;
1624 assert(address
->source
!= NETWORK_CONFIG_SOURCE_FOREIGN
);
1626 if (address
->lifetime_valid_usec
== 0)
1627 /* The requested address is outdated. Let's ignore the request. */
1630 if (address_get_request(link
, address
, NULL
) >= 0)
1631 return 0; /* already requested, skipping. */
1633 r
= address_dup(address
, &tmp
);
1637 if (address_get(link
, address
, &existing
) >= 0) {
1638 /* Copy already assigned address when it is requested as a null address. */
1639 if (address_is_static_null(address
))
1640 tmp
->in_addr
= existing
->in_addr
;
1642 /* Copy state for logging below. */
1643 tmp
->state
= existing
->state
;
1646 log_address_debug(tmp
, "Requesting", link
);
1647 r
= link_queue_request_safe(link
, REQUEST_TYPE_ADDRESS
,
1651 address_compare_func
,
1652 address_process_request
,
1653 message_counter
, netlink_handler
, ret
);
1655 return log_link_warning_errno(link
, r
, "Failed to request address: %m");
1659 address_enter_requesting(tmp
);
1661 address_enter_requesting(existing
);
1667 static int static_address_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Request
*req
, Link
*link
, Address
*address
) {
1672 r
= address_configure_handler_internal(rtnl
, m
, link
, "Failed to set static address");
1676 if (link
->static_address_messages
== 0) {
1677 log_link_debug(link
, "Addresses set");
1678 link
->static_addresses_configured
= true;
1679 link_check_ready(link
);
1685 int link_request_static_address(Link
*link
, const Address
*address
) {
1688 assert(address
->source
== NETWORK_CONFIG_SOURCE_STATIC
);
1690 return link_request_address(link
, address
, &link
->static_address_messages
,
1691 static_address_handler
, NULL
);
1694 int link_request_static_addresses(Link
*link
) {
1699 assert(link
->network
);
1701 link
->static_addresses_configured
= false;
1703 ORDERED_HASHMAP_FOREACH(a
, link
->network
->addresses_by_section
) {
1704 r
= link_request_static_address(link
, a
);
1709 r
= link_request_radv_addresses(link
);
1713 if (link
->static_address_messages
== 0) {
1714 link
->static_addresses_configured
= true;
1715 link_check_ready(link
);
1717 log_link_debug(link
, "Setting addresses");
1718 link_set_state(link
, LINK_STATE_CONFIGURING
);
1724 int manager_rtnl_process_address(sd_netlink
*rtnl
, sd_netlink_message
*message
, Manager
*m
) {
1725 _cleanup_(address_unrefp
) Address
*tmp
= NULL
;
1726 struct ifa_cacheinfo cinfo
;
1729 Address
*address
= NULL
;
1730 Request
*req
= NULL
;
1731 bool is_new
= false, update_dhcp4
;
1738 if (sd_netlink_message_is_error(message
)) {
1739 r
= sd_netlink_message_get_errno(message
);
1741 log_message_warning_errno(message
, r
, "rtnl: failed to receive address message, ignoring");
1746 r
= sd_netlink_message_get_type(message
, &type
);
1748 log_warning_errno(r
, "rtnl: could not get message type, ignoring: %m");
1750 } else if (!IN_SET(type
, RTM_NEWADDR
, RTM_DELADDR
)) {
1751 log_warning("rtnl: received unexpected message type %u when processing address, ignoring.", type
);
1755 r
= sd_rtnl_message_addr_get_ifindex(message
, &ifindex
);
1757 log_warning_errno(r
, "rtnl: could not get ifindex from message, ignoring: %m");
1759 } else if (ifindex
<= 0) {
1760 log_warning("rtnl: received address message with invalid ifindex %d, ignoring.", ifindex
);
1764 r
= link_get_by_index(m
, ifindex
, &link
);
1766 /* when enumerating we might be out of sync, but we will get the address again, so just
1768 if (!m
->enumerating
)
1769 log_warning("rtnl: received address for link '%d' we don't know about, ignoring.", ifindex
);
1773 r
= address_new(&tmp
);
1777 /* First, read minimal information to make address_get() work below. */
1779 r
= sd_rtnl_message_addr_get_family(message
, &tmp
->family
);
1781 log_link_warning(link
, "rtnl: received address message without family, ignoring.");
1783 } else if (!IN_SET(tmp
->family
, AF_INET
, AF_INET6
)) {
1784 log_link_debug(link
, "rtnl: received address message with invalid family '%i', ignoring.", tmp
->family
);
1788 r
= sd_rtnl_message_addr_get_prefixlen(message
, &tmp
->prefixlen
);
1790 log_link_warning_errno(link
, r
, "rtnl: received address message without prefixlen, ignoring: %m");
1794 switch (tmp
->family
) {
1796 r
= sd_netlink_message_read_in_addr(message
, IFA_LOCAL
, &tmp
->in_addr
.in
);
1798 log_link_warning_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1802 r
= sd_netlink_message_read_in_addr(message
, IFA_ADDRESS
, &tmp
->in_addr_peer
.in
);
1803 if (r
< 0 && r
!= -ENODATA
) {
1804 log_link_warning_errno(link
, r
, "rtnl: could not get peer address from address message, ignoring: %m");
1806 } else if (r
>= 0) {
1807 if (in4_addr_equal(&tmp
->in_addr
.in
, &tmp
->in_addr_peer
.in
))
1808 tmp
->in_addr_peer
= IN_ADDR_NULL
;
1814 r
= sd_netlink_message_read_in6_addr(message
, IFA_LOCAL
, &tmp
->in_addr
.in6
);
1816 /* Have peer address. */
1817 r
= sd_netlink_message_read_in6_addr(message
, IFA_ADDRESS
, &tmp
->in_addr_peer
.in6
);
1819 log_link_warning_errno(link
, r
, "rtnl: could not get peer address from address message, ignoring: %m");
1822 } else if (r
== -ENODATA
) {
1823 /* Does not have peer address. */
1824 r
= sd_netlink_message_read_in6_addr(message
, IFA_ADDRESS
, &tmp
->in_addr
.in6
);
1826 log_link_warning_errno(link
, r
, "rtnl: received address message without valid address, ignoring: %m");
1830 log_link_warning_errno(link
, r
, "rtnl: could not get local address from address message, ignoring: %m");
1837 assert_not_reached();
1840 update_dhcp4
= tmp
->family
== AF_INET6
;
1842 /* Then, find the managed Address and Request objects corresponding to the received address. */
1843 (void) address_get(link
, tmp
, &address
);
1844 (void) address_get_request(link
, tmp
, &req
);
1846 if (type
== RTM_DELADDR
) {
1848 address_enter_removed(address
);
1849 log_address_debug(address
, "Forgetting removed", link
);
1850 (void) address_drop(address
);
1852 log_address_debug(tmp
, "Kernel removed unknown", link
);
1855 address_enter_removed(req
->userdata
);
1861 /* If we did not know the address, then save it. */
1862 r
= address_attach(link
, tmp
);
1864 log_link_warning_errno(link
, r
, "Failed to save received address %s, ignoring: %m",
1865 IN_ADDR_PREFIX_TO_STRING(tmp
->family
, &tmp
->in_addr
, tmp
->prefixlen
));
1873 /* Otherwise, update the managed Address object with the netlink notification. */
1874 address
->prefixlen
= tmp
->prefixlen
;
1875 address
->in_addr_peer
= tmp
->in_addr_peer
;
1878 /* Also update information that cannot be obtained through netlink notification. */
1879 if (req
&& req
->waiting_reply
) {
1880 Address
*a
= ASSERT_PTR(req
->userdata
);
1882 address
->source
= a
->source
;
1883 address
->provider
= a
->provider
;
1884 (void) free_and_strdup_warn(&address
->netlabel
, a
->netlabel
);
1885 nft_set_context_clear(&address
->nft_set_context
);
1886 (void) nft_set_context_dup(&a
->nft_set_context
, &address
->nft_set_context
);
1887 address
->requested_as_null
= a
->requested_as_null
;
1888 address
->callback
= a
->callback
;
1891 /* Then, update miscellaneous info. */
1892 r
= sd_rtnl_message_addr_get_scope(message
, &address
->scope
);
1894 log_link_debug_errno(link
, r
, "rtnl: received address message without scope, ignoring: %m");
1896 if (address
->family
== AF_INET
) {
1897 _cleanup_free_
char *label
= NULL
;
1899 r
= sd_netlink_message_read_string_strdup(message
, IFA_LABEL
, &label
);
1901 if (!streq_ptr(label
, link
->ifname
))
1902 free_and_replace(address
->label
, label
);
1903 } else if (r
!= -ENODATA
)
1904 log_link_debug_errno(link
, r
, "rtnl: could not get label from address message, ignoring: %m");
1906 r
= sd_netlink_message_read_in_addr(message
, IFA_BROADCAST
, &address
->broadcast
);
1907 if (r
< 0 && r
!= -ENODATA
)
1908 log_link_debug_errno(link
, r
, "rtnl: could not get broadcast from address message, ignoring: %m");
1911 r
= sd_netlink_message_read_u32(message
, IFA_FLAGS
, &address
->flags
);
1912 if (r
== -ENODATA
) {
1913 unsigned char flags
;
1915 /* For old kernels. */
1916 r
= sd_rtnl_message_addr_get_flags(message
, &flags
);
1918 address
->flags
= flags
;
1920 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m");
1922 r
= sd_netlink_message_read_cache_info(message
, IFA_CACHEINFO
, &cinfo
);
1924 address_set_lifetime(m
, address
, &cinfo
);
1925 else if (r
!= -ENODATA
)
1926 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_CACHEINFO attribute, ignoring: %m");
1928 r
= sd_netlink_message_read_u32(message
, IFA_RT_PRIORITY
, &address
->route_metric
);
1929 if (r
< 0 && r
!= -ENODATA
)
1930 log_link_debug_errno(link
, r
, "rtnl: failed to read IFA_RT_PRIORITY attribute, ignoring: %m");
1932 address_enter_configured(address
);
1934 address_enter_configured(req
->userdata
);
1936 log_address_debug(address
, is_new
? "Received new": "Received updated", link
);
1938 /* address_update() logs internally, so we don't need to here. */
1939 r
= address_update(address
);
1941 link_enter_failed(link
);
1945 r
= dhcp4_update_ipv6_connectivity(link
);
1947 log_link_warning_errno(link
, r
, "Failed to notify IPv6 connectivity to DHCPv4 client: %m");
1948 link_enter_failed(link
);
1955 int config_parse_broadcast(
1957 const char *filename
,
1959 const char *section
,
1960 unsigned section_line
,
1967 Network
*network
= userdata
;
1968 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
1969 union in_addr_union u
;
1978 r
= address_new_static(network
, filename
, section_line
, &n
);
1982 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1983 "Failed to allocate new address, ignoring assignment: %m");
1987 if (isempty(rvalue
)) {
1988 /* The broadcast address will be calculated based on Address=, and set if the link is
1989 * not a wireguard interface. Here, we do not check or set n->family. */
1990 n
->broadcast
= (struct in_addr
) {};
1991 n
->set_broadcast
= -1;
1996 r
= parse_boolean(rvalue
);
1998 /* The broadcast address will be calculated based on Address=. Here, we do not check or
2000 n
->broadcast
= (struct in_addr
) {};
2001 n
->set_broadcast
= r
;
2006 if (n
->family
== AF_INET6
) {
2007 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2008 "Broadcast is not valid for IPv6 addresses, ignoring assignment: %s", rvalue
);
2012 r
= in_addr_from_string(AF_INET
, rvalue
, &u
);
2014 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2015 "Broadcast is invalid, ignoring assignment: %s", rvalue
);
2018 if (in4_addr_is_null(&u
.in
)) {
2019 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2020 "Broadcast cannot be ANY address, ignoring assignment: %s", rvalue
);
2024 n
->broadcast
= u
.in
;
2025 n
->set_broadcast
= true;
2026 n
->family
= AF_INET
;
2032 int config_parse_address(
2034 const char *filename
,
2036 const char *section
,
2037 unsigned section_line
,
2044 Network
*network
= userdata
;
2045 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2046 union in_addr_union buffer
;
2047 unsigned char prefixlen
;
2056 if (streq(section
, "Network")) {
2057 if (isempty(rvalue
)) {
2058 /* If an empty string specified in [Network] section, clear previously assigned addresses. */
2059 network
->addresses_by_section
= ordered_hashmap_free(network
->addresses_by_section
);
2063 /* we are not in an Address section, so use line number instead. */
2064 r
= address_new_static(network
, filename
, line
, &n
);
2066 r
= address_new_static(network
, filename
, section_line
, &n
);
2070 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2071 "Failed to allocate new address, ignoring assignment: %m");
2075 /* Address=address/prefixlen */
2076 r
= in_addr_prefix_from_string_auto_internal(rvalue
, PREFIXLEN_REFUSE
, &f
, &buffer
, &prefixlen
);
2078 r
= in_addr_prefix_from_string_auto(rvalue
, &f
, &buffer
, &prefixlen
);
2080 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2081 "Address '%s' is specified without prefix length. Assuming the prefix length is %u. "
2082 "Please specify the prefix length explicitly.", rvalue
, prefixlen
);
2085 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid address '%s', ignoring assignment: %m", rvalue
);
2089 if (n
->family
!= AF_UNSPEC
&& f
!= n
->family
) {
2090 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Address is incompatible, ignoring assignment: %s", rvalue
);
2094 if (in_addr_is_null(f
, &buffer
)) {
2095 /* Will use address from address pool. Note that for ipv6 case, prefix of the address
2096 * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So,
2097 * let's limit the prefix length to 64 or larger. See RFC4193. */
2098 if ((f
== AF_INET
&& prefixlen
< 8) ||
2099 (f
== AF_INET6
&& prefixlen
< 64)) {
2100 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2101 "Null address with invalid prefixlen='%u', ignoring assignment: %s",
2108 n
->prefixlen
= prefixlen
;
2110 if (streq(lvalue
, "Address")) {
2111 n
->in_addr
= buffer
;
2112 n
->requested_as_null
= !in_addr_is_set(n
->family
, &n
->in_addr
);
2114 n
->in_addr_peer
= buffer
;
2120 int config_parse_label(
2122 const char *filename
,
2124 const char *section
,
2125 unsigned section_line
,
2132 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2133 Network
*network
= userdata
;
2142 r
= address_new_static(network
, filename
, section_line
, &n
);
2146 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2147 "Failed to allocate new address, ignoring assignment: %m");
2151 if (isempty(rvalue
)) {
2152 n
->label
= mfree(n
->label
);
2157 if (!address_label_valid(rvalue
)) {
2158 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2159 "Interface label is too long or invalid, ignoring assignment: %s", rvalue
);
2163 r
= free_and_strdup(&n
->label
, rvalue
);
2171 int config_parse_lifetime(
2173 const char *filename
,
2175 const char *section
,
2176 unsigned section_line
,
2183 Network
*network
= userdata
;
2184 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2194 r
= address_new_static(network
, filename
, section_line
, &n
);
2198 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2199 "Failed to allocate new address, ignoring assignment: %m");
2203 /* We accept only "forever", "infinity", empty, or "0". */
2204 if (STR_IN_SET(rvalue
, "forever", "infinity", ""))
2206 else if (streq(rvalue
, "0"))
2209 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2210 "Invalid PreferredLifetime= value, ignoring: %s", rvalue
);
2214 n
->lifetime_preferred_usec
= k
;
2220 int config_parse_address_flags(
2222 const char *filename
,
2224 const char *section
,
2225 unsigned section_line
,
2232 Network
*network
= userdata
;
2233 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2242 r
= address_new_static(network
, filename
, section_line
, &n
);
2246 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2247 "Failed to allocate new address, ignoring assignment: %m");
2251 r
= parse_boolean(rvalue
);
2253 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2254 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
2258 if (streq(lvalue
, "AddPrefixRoute"))
2261 SET_FLAG(n
->flags
, ltype
, r
);
2267 int config_parse_address_scope(
2269 const char *filename
,
2271 const char *section
,
2272 unsigned section_line
,
2279 Network
*network
= userdata
;
2280 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2289 r
= address_new_static(network
, filename
, section_line
, &n
);
2293 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2294 "Failed to allocate new address, ignoring assignment: %m");
2298 r
= route_scope_from_string(rvalue
);
2300 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2301 "Could not parse address scope \"%s\", ignoring assignment: %m", rvalue
);
2306 n
->scope_set
= true;
2311 int config_parse_address_route_metric(
2313 const char *filename
,
2315 const char *section
,
2316 unsigned section_line
,
2323 Network
*network
= userdata
;
2324 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2333 r
= address_new_static(network
, filename
, section_line
, &n
);
2337 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2338 "Failed to allocate new address, ignoring assignment: %m");
2342 r
= safe_atou32(rvalue
, &n
->route_metric
);
2344 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2345 "Could not parse %s=, ignoring assignment: %s", lvalue
, rvalue
);
2353 int config_parse_duplicate_address_detection(
2355 const char *filename
,
2357 const char *section
,
2358 unsigned section_line
,
2365 Network
*network
= userdata
;
2366 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2375 r
= address_new_static(network
, filename
, section_line
, &n
);
2379 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2380 "Failed to allocate new address, ignoring assignment: %m");
2384 r
= parse_boolean(rvalue
);
2386 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2387 "For historical reasons, %s=%s means %s=%s. "
2388 "Please use 'both', 'ipv4', 'ipv6' or 'none' instead.",
2389 lvalue
, rvalue
, lvalue
, r
? "none" : "both");
2390 n
->duplicate_address_detection
= r
? ADDRESS_FAMILY_NO
: ADDRESS_FAMILY_YES
;
2395 AddressFamily a
= duplicate_address_detection_address_family_from_string(rvalue
);
2397 log_syntax(unit
, LOG_WARNING
, filename
, line
, a
,
2398 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
2401 n
->duplicate_address_detection
= a
;
2407 int config_parse_address_netlabel(
2409 const char *filename
,
2411 const char *section
,
2412 unsigned section_line
,
2419 Network
*network
= userdata
;
2420 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2430 r
= address_new_static(network
, filename
, section_line
, &n
);
2434 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2435 "Failed to allocate new address, ignoring assignment: %m");
2439 r
= config_parse_string(unit
, filename
, line
, section
, section_line
,
2440 lvalue
, CONFIG_PARSE_STRING_SAFE
, rvalue
, &n
->netlabel
, network
);
2448 static void address_section_adjust_broadcast(Address
*address
) {
2450 assert(address
->section
);
2452 if (!in4_addr_is_set(&address
->broadcast
))
2455 if (address
->family
== AF_INET6
)
2456 log_warning("%s: broadcast address is set for an IPv6 address. "
2457 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2458 address
->section
->filename
, address
->section
->line
);
2459 else if (address
->prefixlen
> 30)
2460 log_warning("%s: broadcast address is set for an IPv4 address with prefix length larger than 30. "
2461 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2462 address
->section
->filename
, address
->section
->line
);
2463 else if (in4_addr_is_set(&address
->in_addr_peer
.in
))
2464 log_warning("%s: broadcast address is set for an IPv4 address with peer address. "
2465 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2466 address
->section
->filename
, address
->section
->line
);
2467 else if (!in4_addr_is_set(&address
->in_addr
.in
))
2468 log_warning("%s: broadcast address is set for an IPv4 address with null address. "
2469 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2470 address
->section
->filename
, address
->section
->line
);
2472 /* Otherwise, keep the specified broadcast address. */
2475 address
->broadcast
.s_addr
= 0;
2478 int address_section_verify(Address
*address
) {
2479 if (section_is_invalid(address
->section
))
2482 if (address
->family
== AF_UNSPEC
) {
2483 assert(address
->section
);
2485 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2486 "%s: Address section without Address= field was configured. "
2487 "Ignoring [Address] section from line %u.",
2488 address
->section
->filename
, address
->section
->line
);
2491 if (address
->family
== AF_INET6
&& !socket_ipv6_is_supported())
2492 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2493 "%s: an IPv6 address was configured, but the kernel does not support IPv6. "
2494 "Ignoring [Address] section from line %u.",
2495 address
->section
->filename
, address
->section
->line
);
2497 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
2499 address_section_adjust_broadcast(address
);
2501 if (address
->family
== AF_INET6
&& address
->label
) {
2502 log_warning("%s: address label is set for IPv6 address in the [Address] section from line %u. "
2503 "Ignoring Label= setting.",
2504 address
->section
->filename
, address
->section
->line
);
2506 address
->label
= mfree(address
->label
);
2509 if (!address
->scope_set
) {
2510 if (in_addr_is_localhost(address
->family
, &address
->in_addr
) > 0)
2511 address
->scope
= RT_SCOPE_HOST
;
2512 else if (in_addr_is_link_local(address
->family
, &address
->in_addr
) > 0)
2513 address
->scope
= RT_SCOPE_LINK
;
2516 if (address
->duplicate_address_detection
< 0) {
2517 if (address
->family
== AF_INET6
)
2518 address
->duplicate_address_detection
= ADDRESS_FAMILY_IPV6
;
2519 else if (in4_addr_is_link_local(&address
->in_addr
.in
))
2520 address
->duplicate_address_detection
= ADDRESS_FAMILY_IPV4
;
2522 address
->duplicate_address_detection
= ADDRESS_FAMILY_NO
;
2523 } else if (address
->duplicate_address_detection
== ADDRESS_FAMILY_IPV6
&& address
->family
== AF_INET
)
2524 log_warning("%s: DuplicateAddressDetection=ipv6 is specified for IPv4 address, ignoring.",
2525 address
->section
->filename
);
2526 else if (address
->duplicate_address_detection
== ADDRESS_FAMILY_IPV4
&& address
->family
== AF_INET6
)
2527 log_warning("%s: DuplicateAddressDetection=ipv4 is specified for IPv6 address, ignoring.",
2528 address
->section
->filename
);
2530 if (address
->family
== AF_INET6
&&
2531 !FLAGS_SET(address
->duplicate_address_detection
, ADDRESS_FAMILY_IPV6
))
2532 address
->flags
|= IFA_F_NODAD
;
2534 uint32_t filtered_flags
= address
->family
== AF_INET
?
2535 address
->flags
& KNOWN_FLAGS
& ~UNMANAGED_FLAGS
& ~IPV6ONLY_FLAGS
:
2536 address
->flags
& KNOWN_FLAGS
& ~UNMANAGED_FLAGS
;
2537 if (address
->flags
!= filtered_flags
) {
2538 _cleanup_free_
char *str
= NULL
;
2540 (void) address_flags_to_string_alloc(address
->flags
^ filtered_flags
, address
->family
, &str
);
2541 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL
),
2542 "%s: unexpected address flags \"%s\" were configured. "
2543 "Ignoring [Address] section from line %u.",
2544 address
->section
->filename
, strna(str
), address
->section
->line
);
2550 int network_drop_invalid_addresses(Network
*network
) {
2551 _cleanup_set_free_ Set
*addresses
= NULL
;
2557 ORDERED_HASHMAP_FOREACH(address
, network
->addresses_by_section
) {
2560 if (address_section_verify(address
) < 0) {
2561 /* Drop invalid [Address] sections or Address= settings in [Network].
2562 * Note that address_detach() will drop the address from addresses_by_section. */
2563 address_detach(address
);
2567 /* Always use the setting specified later. So, remove the previously assigned setting. */
2568 dup
= set_remove(addresses
, address
);
2570 log_warning("%s: Duplicated address %s is specified at line %u and %u, "
2571 "dropping the address setting specified at line %u.",
2572 dup
->section
->filename
,
2573 IN_ADDR_PREFIX_TO_STRING(address
->family
, &address
->in_addr
, address
->prefixlen
),
2574 address
->section
->line
,
2575 dup
->section
->line
, dup
->section
->line
);
2577 /* address_detach() will drop the address from addresses_by_section. */
2578 address_detach(dup
);
2581 /* Use address_hash_ops, instead of address_hash_ops_detach. Otherwise, the Address objects
2582 * will be detached. */
2583 r
= set_ensure_put(&addresses
, &address_hash_ops
, address
);
2589 r
= network_adjust_dhcp_server(network
, &addresses
);
2596 int config_parse_address_ip_nft_set(
2598 const char *filename
,
2600 const char *section
,
2601 unsigned section_line
,
2608 Network
*network
= userdata
;
2609 _cleanup_(address_unref_or_set_invalidp
) Address
*n
= NULL
;
2617 r
= address_new_static(network
, filename
, section_line
, &n
);
2621 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2622 "Failed to allocate a new address, ignoring assignment: %m");
2626 r
= config_parse_nft_set(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, &n
->nft_set_context
, network
);