]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/network/networkd-address.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
docs/RANDOM_SEEDS: update NetBSD link
[thirdparty/systemd.git] / src / network / networkd-address.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <net/if.h>
4 #include <net/if_arp.h>
5
6 #include "alloc-util.h"
7 #include "firewall-util.h"
8 #include "logarithm.h"
9 #include "memory-util.h"
10 #include "netlink-util.h"
11 #include "networkd-address-pool.h"
12 #include "networkd-address.h"
13 #include "networkd-dhcp-server.h"
14 #include "networkd-ipv4acd.h"
15 #include "networkd-manager.h"
16 #include "networkd-netlabel.h"
17 #include "networkd-network.h"
18 #include "networkd-queue.h"
19 #include "networkd-route-util.h"
20 #include "networkd-route.h"
21 #include "parse-util.h"
22 #include "string-util.h"
23 #include "strv.h"
24 #include "strxcpyx.h"
25
26 #define ADDRESSES_PER_LINK_MAX 2048U
27 #define STATIC_ADDRESSES_PER_NETWORK_MAX 1024U
28
29 #define KNOWN_FLAGS \
30 (IFA_F_SECONDARY | \
31 IFA_F_NODAD | \
32 IFA_F_OPTIMISTIC | \
33 IFA_F_DADFAILED | \
34 IFA_F_HOMEADDRESS | \
35 IFA_F_DEPRECATED | \
36 IFA_F_TENTATIVE | \
37 IFA_F_PERMANENT | \
38 IFA_F_MANAGETEMPADDR | \
39 IFA_F_NOPREFIXROUTE | \
40 IFA_F_MCAUTOJOIN | \
41 IFA_F_STABLE_PRIVACY)
42
43 /* From net/ipv4/devinet.c */
44 #define IPV6ONLY_FLAGS \
45 (IFA_F_NODAD | \
46 IFA_F_OPTIMISTIC | \
47 IFA_F_DADFAILED | \
48 IFA_F_HOMEADDRESS | \
49 IFA_F_TENTATIVE | \
50 IFA_F_MANAGETEMPADDR | \
51 IFA_F_STABLE_PRIVACY)
52
53 /* We do not control the following flags. */
54 #define UNMANAGED_FLAGS \
55 (IFA_F_SECONDARY | \
56 IFA_F_DADFAILED | \
57 IFA_F_DEPRECATED | \
58 IFA_F_TENTATIVE | \
59 IFA_F_PERMANENT | \
60 IFA_F_STABLE_PRIVACY)
61
62 int address_flags_to_string_alloc(uint32_t flags, int family, char **ret) {
63 _cleanup_free_ char *str = NULL;
64 static const char* map[] = {
65 [LOG2U(IFA_F_SECONDARY)] = "secondary", /* This is also called "temporary" for ipv6. */
66 [LOG2U(IFA_F_NODAD)] = "nodad",
67 [LOG2U(IFA_F_OPTIMISTIC)] = "optimistic",
68 [LOG2U(IFA_F_DADFAILED)] = "dadfailed",
69 [LOG2U(IFA_F_HOMEADDRESS)] = "home-address",
70 [LOG2U(IFA_F_DEPRECATED)] = "deprecated",
71 [LOG2U(IFA_F_TENTATIVE)] = "tentative",
72 [LOG2U(IFA_F_PERMANENT)] = "permanent",
73 [LOG2U(IFA_F_MANAGETEMPADDR)] = "manage-temporary-address",
74 [LOG2U(IFA_F_NOPREFIXROUTE)] = "no-prefixroute",
75 [LOG2U(IFA_F_MCAUTOJOIN)] = "auto-join",
76 [LOG2U(IFA_F_STABLE_PRIVACY)] = "stable-privacy",
77 };
78
79 assert(IN_SET(family, AF_INET, AF_INET6));
80 assert(ret);
81
82 for (size_t i = 0; i < ELEMENTSOF(map); i++)
83 if (FLAGS_SET(flags, 1 << i) && map[i])
84 if (!strextend_with_separator(
85 &str, ",",
86 family == AF_INET6 && (1 << i) == IFA_F_SECONDARY ? "temporary" : map[i]))
87 return -ENOMEM;
88
89 *ret = TAKE_PTR(str);
90 return 0;
91 }
92
93 static LinkAddressState address_state_from_scope(uint8_t scope) {
94 if (scope < RT_SCOPE_SITE)
95 /* universally accessible addresses found */
96 return LINK_ADDRESS_STATE_ROUTABLE;
97
98 if (scope < RT_SCOPE_HOST)
99 /* only link or site local addresses found */
100 return LINK_ADDRESS_STATE_DEGRADED;
101
102 /* no useful addresses found */
103 return LINK_ADDRESS_STATE_OFF;
104 }
105
106 void link_get_address_states(
107 Link *link,
108 LinkAddressState *ret_ipv4,
109 LinkAddressState *ret_ipv6,
110 LinkAddressState *ret_all) {
111
112 uint8_t ipv4_scope = RT_SCOPE_NOWHERE, ipv6_scope = RT_SCOPE_NOWHERE;
113 Address *address;
114
115 assert(link);
116
117 SET_FOREACH(address, link->addresses) {
118 if (!address_is_ready(address))
119 continue;
120
121 if (address->family == AF_INET)
122 ipv4_scope = MIN(ipv4_scope, address->scope);
123
124 if (address->family == AF_INET6)
125 ipv6_scope = MIN(ipv6_scope, address->scope);
126 }
127
128 if (ret_ipv4)
129 *ret_ipv4 = address_state_from_scope(ipv4_scope);
130 if (ret_ipv6)
131 *ret_ipv6 = address_state_from_scope(ipv6_scope);
132 if (ret_all)
133 *ret_all = address_state_from_scope(MIN(ipv4_scope, ipv6_scope));
134 }
135
136 static void address_hash_func(const Address *a, struct siphash *state);
137 static int address_compare_func(const Address *a1, const Address *a2);
138 static void address_detach(Address *address);
139
140 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
141 address_hash_ops_detach,
142 Address,
143 address_hash_func,
144 address_compare_func,
145 address_detach);
146
147 DEFINE_HASH_OPS(
148 address_hash_ops,
149 Address,
150 address_hash_func,
151 address_compare_func);
152
153 DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
154 address_section_hash_ops,
155 ConfigSection,
156 config_section_hash_func,
157 config_section_compare_func,
158 Address,
159 address_detach);
160
161 int address_new(Address **ret) {
162 _cleanup_(address_unrefp) Address *address = NULL;
163
164 address = new(Address, 1);
165 if (!address)
166 return -ENOMEM;
167
168 *address = (Address) {
169 .n_ref = 1,
170 .family = AF_UNSPEC,
171 .scope = RT_SCOPE_UNIVERSE,
172 .lifetime_valid_usec = USEC_INFINITY,
173 .lifetime_preferred_usec = USEC_INFINITY,
174 .set_broadcast = -1,
175 };
176
177 *ret = TAKE_PTR(address);
178
179 return 0;
180 }
181
182 int address_new_static(Network *network, const char *filename, unsigned section_line, Address **ret) {
183 _cleanup_(config_section_freep) ConfigSection *n = NULL;
184 _cleanup_(address_unrefp) Address *address = NULL;
185 int r;
186
187 assert(network);
188 assert(ret);
189 assert(filename);
190 assert(section_line > 0);
191
192 r = config_section_new(filename, section_line, &n);
193 if (r < 0)
194 return r;
195
196 address = ordered_hashmap_get(network->addresses_by_section, n);
197 if (address) {
198 *ret = TAKE_PTR(address);
199 return 0;
200 }
201
202 if (ordered_hashmap_size(network->addresses_by_section) >= STATIC_ADDRESSES_PER_NETWORK_MAX)
203 return -E2BIG;
204
205 r = address_new(&address);
206 if (r < 0)
207 return r;
208
209 address->network = network;
210 address->section = TAKE_PTR(n);
211 address->source = NETWORK_CONFIG_SOURCE_STATIC;
212 /* This will be adjusted in address_section_verify(). */
213 address->duplicate_address_detection = _ADDRESS_FAMILY_INVALID;
214
215 r = ordered_hashmap_ensure_put(&network->addresses_by_section, &address_section_hash_ops, address->section, address);
216 if (r < 0)
217 return r;
218
219 *ret = TAKE_PTR(address);
220 return 0;
221 }
222
223 static Address* address_detach_impl(Address *address) {
224 assert(address);
225 assert(!address->link || !address->network);
226
227 if (address->network) {
228 assert(address->section);
229 ordered_hashmap_remove(address->network->addresses_by_section, address->section);
230
231 if (address->network->dhcp_server_address == address)
232 address->network->dhcp_server_address = NULL;
233
234 address->network = NULL;
235 return address;
236 }
237
238 if (address->link) {
239 set_remove(address->link->addresses, address);
240
241 address->link = NULL;
242 return address;
243 }
244
245 return NULL;
246 }
247
248 static void address_detach(Address *address) {
249 assert(address);
250
251 address_unref(address_detach_impl(address));
252 }
253
254 static Address* address_free(Address *address) {
255 if (!address)
256 return NULL;
257
258 address_detach_impl(address);
259
260 config_section_free(address->section);
261 free(address->label);
262 free(address->netlabel);
263 nft_set_context_clear(&address->nft_set_context);
264 return mfree(address);
265 }
266
267 DEFINE_TRIVIAL_REF_UNREF_FUNC(Address, address, address_free);
268
269 static bool address_lifetime_is_valid(const Address *a) {
270 assert(a);
271
272 return
273 a->lifetime_valid_usec == USEC_INFINITY ||
274 a->lifetime_valid_usec > now(CLOCK_BOOTTIME);
275 }
276
277 bool address_is_ready(const Address *a) {
278 assert(a);
279 assert(a->link);
280
281 if (!ipv4acd_bound(a->link, a))
282 return false;
283
284 if (FLAGS_SET(a->flags, IFA_F_TENTATIVE))
285 return false;
286
287 if (FLAGS_SET(a->state, NETWORK_CONFIG_STATE_REMOVING))
288 return false;
289
290 if (!FLAGS_SET(a->state, NETWORK_CONFIG_STATE_CONFIGURED))
291 return false;
292
293 return address_lifetime_is_valid(a);
294 }
295
296 bool link_check_addresses_ready(Link *link, NetworkConfigSource source) {
297 Address *a;
298 bool has = false;
299
300 assert(link);
301
302 /* Check if all addresses on the interface are ready. If there is no address, this will return false. */
303
304 SET_FOREACH(a, link->addresses) {
305 if (source >= 0 && a->source != source)
306 continue;
307 if (address_is_marked(a))
308 continue;
309 if (!address_exists(a))
310 continue;
311 if (!address_is_ready(a))
312 return false;
313 has = true;
314 }
315
316 return has;
317 }
318
319 void link_mark_addresses(Link *link, NetworkConfigSource source) {
320 Address *a;
321
322 assert(link);
323
324 SET_FOREACH(a, link->addresses) {
325 if (a->source != source)
326 continue;
327
328 address_mark(a);
329 }
330 }
331
332 static int address_get_broadcast(const Address *a, Link *link, struct in_addr *ret) {
333 struct in_addr b_addr = {};
334
335 assert(a);
336 assert(link);
337
338 /* Returns 0 when broadcast address is null, 1 when non-null broadcast address, -EAGAIN when the main
339 * address is null. */
340
341 /* broadcast is only for IPv4. */
342 if (a->family != AF_INET)
343 goto finalize;
344
345 /* broadcast address cannot be used when peer address is specified. */
346 if (in4_addr_is_set(&a->in_addr_peer.in))
347 goto finalize;
348
349 /* A /31 or /32 IPv4 address does not have a broadcast address.
350 * See https://tools.ietf.org/html/rfc3021 */
351 if (a->prefixlen > 30)
352 goto finalize;
353
354 /* If explicitly configured, use the address as is. */
355 if (in4_addr_is_set(&a->broadcast)) {
356 b_addr = a->broadcast;
357 goto finalize;
358 }
359
360 /* If explicitly disabled, then return null address. */
361 if (a->set_broadcast == 0)
362 goto finalize;
363
364 /* For wireguard interfaces, broadcast is disabled by default. */
365 if (a->set_broadcast < 0 && streq_ptr(link->kind, "wireguard"))
366 goto finalize;
367
368 /* If the main address is null, e.g. Address=0.0.0.0/24, the broadcast address will be automatically
369 * determined after an address is acquired. */
370 if (!in4_addr_is_set(&a->in_addr.in))
371 return -EAGAIN;
372
373 /* Otherwise, generate a broadcast address from the main address and prefix length. */
374 b_addr.s_addr = a->in_addr.in.s_addr | htobe32(UINT32_C(0xffffffff) >> a->prefixlen);
375
376 finalize:
377 if (ret)
378 *ret = b_addr;
379
380 return in4_addr_is_set(&b_addr);
381 }
382
383 static void address_set_broadcast(Address *a, Link *link) {
384 assert(a);
385 assert_se(address_get_broadcast(a, link, &a->broadcast) >= 0);
386 }
387
388 static void address_set_cinfo(Manager *m, const Address *a, struct ifa_cacheinfo *cinfo) {
389 usec_t now_usec;
390
391 assert(m);
392 assert(a);
393 assert(cinfo);
394
395 assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0);
396
397 *cinfo = (struct ifa_cacheinfo) {
398 .ifa_valid = usec_to_sec(a->lifetime_valid_usec, now_usec),
399 .ifa_prefered = usec_to_sec(a->lifetime_preferred_usec, now_usec),
400 };
401 }
402
403 static void address_set_lifetime(Manager *m, Address *a, const struct ifa_cacheinfo *cinfo) {
404 usec_t now_usec;
405
406 assert(m);
407 assert(a);
408 assert(cinfo);
409
410 assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0);
411
412 a->lifetime_valid_usec = sec_to_usec(cinfo->ifa_valid, now_usec);
413 a->lifetime_preferred_usec = sec_to_usec(cinfo->ifa_prefered, now_usec);
414 }
415
416 static bool address_is_static_null(const Address *address) {
417 assert(address);
418
419 if (!address->network)
420 return false;
421
422 if (!address->requested_as_null)
423 return false;
424
425 assert(!in_addr_is_set(address->family, &address->in_addr));
426 return true;
427 }
428
429 static int address_ipv4_prefix(const Address *a, struct in_addr *ret) {
430 struct in_addr p;
431 int r;
432
433 assert(a);
434 assert(a->family == AF_INET);
435 assert(ret);
436
437 p = in4_addr_is_set(&a->in_addr_peer.in) ? a->in_addr_peer.in : a->in_addr.in;
438 r = in4_addr_mask(&p, a->prefixlen);
439 if (r < 0)
440 return r;
441
442 *ret = p;
443 return 0;
444 }
445
446 static void address_hash_func(const Address *a, struct siphash *state) {
447 assert(a);
448
449 siphash24_compress_typesafe(a->family, state);
450
451 switch (a->family) {
452 case AF_INET: {
453 struct in_addr prefix;
454
455 siphash24_compress_typesafe(a->prefixlen, state);
456
457 assert_se(address_ipv4_prefix(a, &prefix) >= 0);
458 siphash24_compress_typesafe(prefix, state);
459
460 siphash24_compress_typesafe(a->in_addr.in, state);
461 break;
462 }
463 case AF_INET6:
464 siphash24_compress_typesafe(a->in_addr.in6, state);
465
466 if (in6_addr_is_null(&a->in_addr.in6))
467 siphash24_compress_typesafe(a->prefixlen, state);
468 break;
469
470 default:
471 /* treat any other address family as AF_UNSPEC */
472 break;
473 }
474 }
475
476 static int address_compare_func(const Address *a1, const Address *a2) {
477 int r;
478
479 r = CMP(a1->family, a2->family);
480 if (r != 0)
481 return r;
482
483 switch (a1->family) {
484 case AF_INET: {
485 struct in_addr p1, p2;
486
487 /* See kernel's find_matching_ifa() in net/ipv4/devinet.c */
488 r = CMP(a1->prefixlen, a2->prefixlen);
489 if (r != 0)
490 return r;
491
492 assert_se(address_ipv4_prefix(a1, &p1) >= 0);
493 assert_se(address_ipv4_prefix(a2, &p2) >= 0);
494 r = memcmp(&p1, &p2, sizeof(p1));
495 if (r != 0)
496 return r;
497
498 return memcmp(&a1->in_addr.in, &a2->in_addr.in, sizeof(a1->in_addr.in));
499 }
500 case AF_INET6:
501 /* See kernel's ipv6_get_ifaddr() in net/ipv6/addrconf.c */
502 r = memcmp(&a1->in_addr.in6, &a2->in_addr.in6, sizeof(a1->in_addr.in6));
503 if (r != 0)
504 return r;
505
506 /* To distinguish IPv6 null addresses with different prefixlen, e.g. ::48 vs ::64, let's
507 * compare the prefix length. */
508 if (in6_addr_is_null(&a1->in_addr.in6))
509 r = CMP(a1->prefixlen, a2->prefixlen);
510
511 return r;
512
513 default:
514 /* treat any other address family as AF_UNSPEC */
515 return 0;
516 }
517 }
518
519 bool address_can_update(const Address *existing, const Address *requesting) {
520 assert(existing);
521 assert(requesting);
522
523 /*
524 * property | IPv4 | IPv6
525 * -----------------------------------------
526 * family | ✗ | ✗
527 * prefixlen | ✗ | ✗
528 * address | ✗ | ✗
529 * scope | ✗ | -
530 * label | ✗ | -
531 * broadcast | ✗ | -
532 * peer | ✗ | ✓
533 * flags | ✗ | ✓
534 * lifetime | ✓ | ✓
535 * route metric | ✓ | ✓
536 * protocol | ✓ | ✓
537 *
538 * ✗ : cannot be changed
539 * ✓ : can be changed
540 * - : unused
541 *
542 * IPv4 : See inet_rtm_newaddr() in net/ipv4/devinet.c.
543 * IPv6 : See inet6_addr_modify() in net/ipv6/addrconf.c.
544 */
545
546 if (existing->family != requesting->family)
547 return false;
548
549 if (existing->prefixlen != requesting->prefixlen)
550 return false;
551
552 /* When a null address is requested, the address to be assigned/updated will be determined later. */
553 if (!address_is_static_null(requesting) &&
554 in_addr_equal(existing->family, &existing->in_addr, &requesting->in_addr) <= 0)
555 return false;
556
557 switch (existing->family) {
558 case AF_INET: {
559 struct in_addr bcast;
560
561 if (existing->scope != requesting->scope)
562 return false;
563 if (((existing->flags ^ requesting->flags) & KNOWN_FLAGS & ~IPV6ONLY_FLAGS & ~UNMANAGED_FLAGS) != 0)
564 return false;
565 if (!streq_ptr(existing->label, requesting->label))
566 return false;
567 if (!in4_addr_equal(&existing->in_addr_peer.in, &requesting->in_addr_peer.in))
568 return false;
569 if (existing->link && address_get_broadcast(requesting, existing->link, &bcast) >= 0) {
570 /* If the broadcast address can be determined now, check if they match. */
571 if (!in4_addr_equal(&existing->broadcast, &bcast))
572 return false;
573 } else {
574 /* When a null address is requested, then the broadcast address will be
575 * automatically calculated from the acquired address, e.g.
576 * 192.168.0.10/24 -> 192.168.0.255
577 * So, here let's only check if the broadcast is the last address in the range, e.g.
578 * 0.0.0.0/24 -> 0.0.0.255 */
579 if (!FLAGS_SET(existing->broadcast.s_addr, htobe32(UINT32_C(0xffffffff) >> existing->prefixlen)))
580 return false;
581 }
582 break;
583 }
584 case AF_INET6:
585 break;
586
587 default:
588 assert_not_reached();
589 }
590
591 return true;
592 }
593
594 int address_dup(const Address *src, Address **ret) {
595 _cleanup_(address_unrefp) Address *dest = NULL;
596 int r;
597
598 assert(src);
599 assert(ret);
600
601 dest = newdup(Address, src, 1);
602 if (!dest)
603 return -ENOMEM;
604
605 /* clear the reference counter and all pointers */
606 dest->n_ref = 1;
607 dest->network = NULL;
608 dest->section = NULL;
609 dest->link = NULL;
610 dest->label = NULL;
611 dest->netlabel = NULL;
612 dest->nft_set_context.sets = NULL;
613 dest->nft_set_context.n_sets = 0;
614
615 if (src->family == AF_INET) {
616 r = strdup_to(&dest->label, src->label);
617 if (r < 0)
618 return r;
619 }
620
621 r = strdup_to(&dest->netlabel, src->netlabel);
622 if (r < 0)
623 return r;
624
625 r = nft_set_context_dup(&src->nft_set_context, &dest->nft_set_context);
626 if (r < 0)
627 return r;
628
629 *ret = TAKE_PTR(dest);
630 return 0;
631 }
632
633 static int address_set_masquerade(Address *address, bool add) {
634 union in_addr_union masked;
635 int r;
636
637 assert(address);
638 assert(address->link);
639
640 if (!address->link->network)
641 return 0;
642
643 if (address->family == AF_INET &&
644 !FLAGS_SET(address->link->network->ip_masquerade, ADDRESS_FAMILY_IPV4))
645 return 0;
646
647 if (address->family == AF_INET6 &&
648 !FLAGS_SET(address->link->network->ip_masquerade, ADDRESS_FAMILY_IPV6))
649 return 0;
650
651 if (address->scope >= RT_SCOPE_LINK)
652 return 0;
653
654 if (address->ip_masquerade_done == add)
655 return 0;
656
657 masked = address->in_addr;
658 r = in_addr_mask(address->family, &masked, address->prefixlen);
659 if (r < 0)
660 return r;
661
662 r = fw_add_masquerade(&address->link->manager->fw_ctx, add, address->family, &masked, address->prefixlen);
663 if (r < 0)
664 return r;
665
666 address->ip_masquerade_done = add;
667
668 return 0;
669 }
670
671 static void address_modify_nft_set_context(Address *address, bool add, NFTSetContext *nft_set_context) {
672 int r;
673
674 assert(address);
675 assert(address->link);
676 assert(address->link->manager);
677 assert(nft_set_context);
678
679 if (!address->link->manager->fw_ctx) {
680 r = fw_ctx_new_full(&address->link->manager->fw_ctx, /* init_tables= */ false);
681 if (r < 0)
682 return;
683 }
684
685 FOREACH_ARRAY(nft_set, nft_set_context->sets, nft_set_context->n_sets) {
686 uint32_t ifindex;
687
688 assert(nft_set);
689
690 switch (nft_set->source) {
691 case NFT_SET_SOURCE_ADDRESS:
692 r = nft_set_element_modify_ip(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set,
693 &address->in_addr);
694 break;
695 case NFT_SET_SOURCE_PREFIX:
696 r = nft_set_element_modify_iprange(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set,
697 &address->in_addr, address->prefixlen);
698 break;
699 case NFT_SET_SOURCE_IFINDEX:
700 ifindex = address->link->ifindex;
701 r = nft_set_element_modify_any(address->link->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set,
702 &ifindex, sizeof(ifindex));
703 break;
704 default:
705 assert_not_reached();
706 }
707
708 if (r < 0)
709 log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m",
710 add ? "add" : "delete",
711 nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
712 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
713 else
714 log_debug("%s NFT set: family %s, table %s, set %s, IP address %s",
715 add ? "Added" : "Deleted",
716 nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
717 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
718 }
719 }
720
721 static void address_modify_nft_set(Address *address, bool add) {
722 assert(address);
723 assert(address->link);
724
725 if (!IN_SET(address->family, AF_INET, AF_INET6))
726 return;
727
728 if (!address->link->network)
729 return;
730
731 switch (address->source) {
732 case NETWORK_CONFIG_SOURCE_DHCP4:
733 return address_modify_nft_set_context(address, add, &address->link->network->dhcp_nft_set_context);
734 case NETWORK_CONFIG_SOURCE_DHCP6:
735 return address_modify_nft_set_context(address, add, &address->link->network->dhcp6_nft_set_context);
736 case NETWORK_CONFIG_SOURCE_DHCP_PD:
737 return address_modify_nft_set_context(address, add, &address->link->network->dhcp_pd_nft_set_context);
738 case NETWORK_CONFIG_SOURCE_NDISC:
739 return address_modify_nft_set_context(address, add, &address->link->network->ndisc_nft_set_context);
740 case NETWORK_CONFIG_SOURCE_STATIC:
741 return address_modify_nft_set_context(address, add, &address->nft_set_context);
742 default:
743 return;
744 }
745 }
746
747 static int address_attach(Link *link, Address *address) {
748 int r;
749
750 assert(link);
751 assert(address);
752 assert(!address->link);
753
754 r = set_ensure_put(&link->addresses, &address_hash_ops_detach, address);
755 if (r < 0)
756 return r;
757 if (r == 0)
758 return -EEXIST;
759
760 address->link = link;
761 address_ref(address);
762 return 0;
763 }
764
765 static int address_update(Address *address) {
766 Link *link = ASSERT_PTR(ASSERT_PTR(address)->link);
767 int r;
768
769 if (address_is_ready(address) &&
770 address->family == AF_INET6 &&
771 in6_addr_is_link_local(&address->in_addr.in6) &&
772 in6_addr_is_null(&link->ipv6ll_address)) {
773
774 link->ipv6ll_address = address->in_addr.in6;
775
776 r = link_ipv6ll_gained(link);
777 if (r < 0)
778 return r;
779 }
780
781 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
782 return 0;
783
784 r = address_set_masquerade(address, /* add = */ true);
785 if (r < 0)
786 return log_link_warning_errno(link, r, "Could not enable IP masquerading: %m");
787
788 address_add_netlabel(address);
789
790 address_modify_nft_set(address, /* add = */ true);
791
792 if (address_is_ready(address) && address->callback) {
793 r = address->callback(address);
794 if (r < 0)
795 return r;
796 }
797
798 link_update_operstate(link, /* also_update_master = */ true);
799 link_check_ready(link);
800 return 0;
801 }
802
803 static int address_drop(Address *address) {
804 Link *link = ASSERT_PTR(ASSERT_PTR(address)->link);
805 int r;
806
807 r = address_set_masquerade(address, /* add = */ false);
808 if (r < 0)
809 log_link_warning_errno(link, r, "Failed to disable IP masquerading, ignoring: %m");
810
811 address_modify_nft_set(address, /* add = */ false);
812
813 address_del_netlabel(address);
814
815 /* FIXME: if the IPv6LL address is dropped, stop DHCPv6, NDISC, RADV. */
816 if (address->family == AF_INET6 &&
817 in6_addr_equal(&address->in_addr.in6, &link->ipv6ll_address))
818 link->ipv6ll_address = (const struct in6_addr) {};
819
820 ipv4acd_detach(link, address);
821
822 address_detach(address);
823
824 link_update_operstate(link, /* also_update_master = */ true);
825 link_check_ready(link);
826 return 0;
827 }
828
829 static bool address_match_null(const Address *a, const Address *null_address) {
830 assert(a);
831 assert(null_address);
832
833 if (!a->requested_as_null)
834 return false;
835
836 /* Currently, null address is supported only by static addresses. Note that static
837 * address may be set as foreign during reconfiguring the interface. */
838 if (!IN_SET(a->source, NETWORK_CONFIG_SOURCE_FOREIGN, NETWORK_CONFIG_SOURCE_STATIC))
839 return false;
840
841 if (a->family != null_address->family)
842 return false;
843
844 if (a->prefixlen != null_address->prefixlen)
845 return false;
846
847 return true;
848 }
849
850 static int address_get_request(Link *link, const Address *address, Request **ret) {
851 Request *req;
852
853 assert(link);
854 assert(link->manager);
855 assert(address);
856
857 req = ordered_set_get(
858 link->manager->request_queue,
859 &(Request) {
860 .link = link,
861 .type = REQUEST_TYPE_ADDRESS,
862 .userdata = (void*) address,
863 .hash_func = (hash_func_t) address_hash_func,
864 .compare_func = (compare_func_t) address_compare_func,
865 });
866 if (req) {
867 if (ret)
868 *ret = req;
869 return 0;
870 }
871
872 if (address_is_static_null(address))
873 ORDERED_SET_FOREACH(req, link->manager->request_queue) {
874 if (req->link != link)
875 continue;
876 if (req->type != REQUEST_TYPE_ADDRESS)
877 continue;
878
879 if (!address_match_null(req->userdata, address))
880 continue;
881
882 if (ret)
883 *ret = req;
884
885 return 0;
886 }
887
888 return -ENOENT;
889 }
890
891 int address_get(Link *link, const Address *in, Address **ret) {
892 Address *a;
893
894 assert(link);
895 assert(in);
896
897 a = set_get(link->addresses, in);
898 if (a) {
899 if (ret)
900 *ret = a;
901 return 0;
902 }
903
904 /* Find matching address that originally requested as null address. */
905 if (address_is_static_null(in))
906 SET_FOREACH(a, link->addresses) {
907 if (!address_match_null(a, in))
908 continue;
909
910 if (ret)
911 *ret = a;
912 return 0;
913 }
914
915 return -ENOENT;
916 }
917
918 int address_get_harder(Link *link, const Address *in, Address **ret) {
919 Request *req;
920 int r;
921
922 assert(link);
923 assert(in);
924
925 if (address_get(link, in, ret) >= 0)
926 return 0;
927
928 r = address_get_request(link, in, &req);
929 if (r < 0)
930 return r;
931
932 if (ret)
933 *ret = ASSERT_PTR(req->userdata);
934
935 return 0;
936 }
937
938 int link_get_address(Link *link, int family, const union in_addr_union *address, unsigned char prefixlen, Address **ret) {
939 Address *a;
940 int r;
941
942 assert(link);
943 assert(IN_SET(family, AF_INET, AF_INET6));
944 assert(address);
945
946 /* This find an Address object on the link which matches the given address and prefix length
947 * and does not have peer address. When the prefixlen is zero, then an Address object with an
948 * arbitrary prefixlen will be returned. */
949
950 if (family == AF_INET6 || prefixlen != 0) {
951 _cleanup_(address_unrefp) Address *tmp = NULL;
952
953 /* In this case, we can use address_get(). */
954
955 r = address_new(&tmp);
956 if (r < 0)
957 return r;
958
959 tmp->family = family;
960 tmp->in_addr = *address;
961 tmp->prefixlen = prefixlen;
962
963 r = address_get(link, tmp, &a);
964 if (r < 0)
965 return r;
966
967 if (family == AF_INET6) {
968 /* IPv6 addresses are managed without peer address and prefix length. Hence, we need
969 * to check them explicitly. */
970 if (in_addr_is_set(family, &a->in_addr_peer))
971 return -ENOENT;
972 if (prefixlen != 0 && a->prefixlen != prefixlen)
973 return -ENOENT;
974 }
975
976 if (ret)
977 *ret = a;
978
979 return 0;
980 }
981
982 SET_FOREACH(a, link->addresses) {
983 if (a->family != family)
984 continue;
985
986 if (!in_addr_equal(family, &a->in_addr, address))
987 continue;
988
989 if (in_addr_is_set(family, &a->in_addr_peer))
990 continue;
991
992 if (ret)
993 *ret = a;
994
995 return 0;
996 }
997
998 return -ENOENT;
999 }
1000
1001 int manager_get_address(Manager *manager, int family, const union in_addr_union *address, unsigned char prefixlen, Address **ret) {
1002 Link *link;
1003
1004 assert(manager);
1005 assert(IN_SET(family, AF_INET, AF_INET6));
1006 assert(address);
1007
1008 HASHMAP_FOREACH(link, manager->links_by_index) {
1009 if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED))
1010 continue;
1011
1012 if (link_get_address(link, family, address, prefixlen, ret) >= 0)
1013 return 0;
1014 }
1015
1016 return -ENOENT;
1017 }
1018
1019 bool manager_has_address(Manager *manager, int family, const union in_addr_union *address) {
1020 Address *a;
1021
1022 assert(manager);
1023 assert(IN_SET(family, AF_INET, AF_INET6));
1024 assert(address);
1025
1026 if (manager_get_address(manager, family, address, 0, &a) < 0)
1027 return false;
1028
1029 return address_is_ready(a);
1030 }
1031
1032 const char* format_lifetime(char *buf, size_t l, usec_t lifetime_usec) {
1033 assert(buf);
1034 assert(l > 4);
1035
1036 if (lifetime_usec == USEC_INFINITY)
1037 return "forever";
1038
1039 sprintf(buf, "for ");
1040 /* format_timespan() never fails */
1041 assert_se(format_timespan(buf + 4, l - 4, usec_sub_unsigned(lifetime_usec, now(CLOCK_BOOTTIME)), USEC_PER_SEC));
1042 return buf;
1043 }
1044
1045 static void log_address_debug(const Address *address, const char *str, const Link *link) {
1046 _cleanup_free_ char *state = NULL, *flags_str = NULL, *scope_str = NULL;
1047
1048 assert(address);
1049 assert(str);
1050 assert(link);
1051
1052 if (!DEBUG_LOGGING)
1053 return;
1054
1055 (void) network_config_state_to_string_alloc(address->state, &state);
1056
1057 const char *peer = in_addr_is_set(address->family, &address->in_addr_peer) ?
1058 IN_ADDR_TO_STRING(address->family, &address->in_addr_peer) : NULL;
1059
1060 const char *broadcast = (address->family == AF_INET && in4_addr_is_set(&address->broadcast)) ?
1061 IN4_ADDR_TO_STRING(&address->broadcast) : NULL;
1062
1063 (void) address_flags_to_string_alloc(address->flags, address->family, &flags_str);
1064 (void) route_scope_to_string_alloc(address->scope, &scope_str);
1065
1066 log_link_debug(link, "%s %s address (%s): %s%s%s/%u%s%s (valid %s, preferred %s), flags: %s, scope: %s%s%s",
1067 str, strna(network_config_source_to_string(address->source)), strna(state),
1068 IN_ADDR_TO_STRING(address->family, &address->in_addr),
1069 peer ? " peer " : "", strempty(peer), address->prefixlen,
1070 broadcast ? " broadcast " : "", strempty(broadcast),
1071 FORMAT_LIFETIME(address->lifetime_valid_usec),
1072 FORMAT_LIFETIME(address->lifetime_preferred_usec),
1073 strna(flags_str), strna(scope_str),
1074 address->family == AF_INET ? ", label: " : "",
1075 address->family == AF_INET ? strna(address->label) : "");
1076 }
1077
1078 static int address_set_netlink_message(const Address *address, sd_netlink_message *m, Link *link) {
1079 uint32_t flags;
1080 int r;
1081
1082 assert(address);
1083 assert(m);
1084 assert(link);
1085
1086 r = sd_rtnl_message_addr_set_prefixlen(m, address->prefixlen);
1087 if (r < 0)
1088 return r;
1089
1090 /* On remove, only IFA_F_MANAGETEMPADDR flag for IPv6 addresses are used. But anyway, set all
1091 * flags except tentative flag here unconditionally. Without setting the flag, the template
1092 * addresses generated by kernel will not be removed automatically when the main address is
1093 * removed. */
1094 flags = address->flags & ~IFA_F_TENTATIVE;
1095 r = sd_rtnl_message_addr_set_flags(m, flags & 0xff);
1096 if (r < 0)
1097 return r;
1098
1099 if ((flags & ~0xff) != 0) {
1100 r = sd_netlink_message_append_u32(m, IFA_FLAGS, flags);
1101 if (r < 0)
1102 return r;
1103 }
1104
1105 r = netlink_message_append_in_addr_union(m, IFA_LOCAL, address->family, &address->in_addr);
1106 if (r < 0)
1107 return r;
1108
1109 return 0;
1110 }
1111
1112 static int address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, RemoveRequest *rreq) {
1113 int r;
1114
1115 assert(m);
1116 assert(rreq);
1117
1118 Link *link = ASSERT_PTR(rreq->link);
1119 Address *address = ASSERT_PTR(rreq->userdata);
1120
1121 if (link->state == LINK_STATE_LINGER)
1122 return 0;
1123
1124 r = sd_netlink_message_get_errno(m);
1125 if (r < 0) {
1126 log_link_message_full_errno(link, m,
1127 (r == -EADDRNOTAVAIL || !address->link) ? LOG_DEBUG : LOG_WARNING,
1128 r, "Could not drop address");
1129
1130 if (address->link) {
1131 /* If the address cannot be removed, then assume the address is already removed. */
1132 log_address_debug(address, "Forgetting", link);
1133
1134 Request *req;
1135 if (address_get_request(link, address, &req) >= 0)
1136 address_enter_removed(req->userdata);
1137
1138 (void) address_drop(address);
1139 }
1140 }
1141
1142 return 1;
1143 }
1144
1145 int address_remove(Address *address, Link *link) {
1146 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
1147 int r;
1148
1149 assert(address);
1150 assert(IN_SET(address->family, AF_INET, AF_INET6));
1151 assert(link);
1152 assert(link->ifindex > 0);
1153 assert(link->manager);
1154 assert(link->manager->rtnl);
1155
1156 /* If the address is remembered, use the remembered object. */
1157 (void) address_get(link, address, &address);
1158
1159 log_address_debug(address, "Removing", link);
1160
1161 r = sd_rtnl_message_new_addr(link->manager->rtnl, &m, RTM_DELADDR,
1162 link->ifindex, address->family);
1163 if (r < 0)
1164 return log_link_warning_errno(link, r, "Could not allocate RTM_DELADDR message: %m");
1165
1166 r = address_set_netlink_message(address, m, link);
1167 if (r < 0)
1168 return log_link_warning_errno(link, r, "Could not set netlink attributes: %m");
1169
1170 r = link_remove_request_add(link, address, address, link->manager->rtnl, m, address_remove_handler);
1171 if (r < 0)
1172 return log_link_warning_errno(link, r, "Could not queue rtnetlink message: %m");
1173
1174 address_enter_removing(address);
1175
1176 /* The operational state is determined by address state and carrier state. Hence, if we remove
1177 * an address, the operational state may be changed. */
1178 link_update_operstate(link, true);
1179 return 0;
1180 }
1181
1182 int address_remove_and_cancel(Address *address, Link *link) {
1183 _cleanup_(request_unrefp) Request *req = NULL;
1184 bool waiting = false;
1185
1186 assert(address);
1187 assert(link);
1188 assert(link->manager);
1189
1190 /* If the address is remembered by the link, then use the remembered object. */
1191 (void) address_get(link, address, &address);
1192
1193 /* Cancel the request for the address. If the request is already called but we have not received the
1194 * notification about the request, then explicitly remove the address. */
1195 if (address_get_request(link, address, &req) >= 0) {
1196 request_ref(req); /* avoid the request freed by request_detach() */
1197 waiting = req->waiting_reply;
1198 request_detach(req);
1199 address_cancel_requesting(address);
1200 }
1201
1202 /* If we know the address will come or already exists, remove it. */
1203 if (waiting || (address->link && address_exists(address)))
1204 return address_remove(address, link);
1205
1206 return 0;
1207 }
1208
1209 bool link_address_is_dynamic(const Link *link, const Address *address) {
1210 Route *route;
1211
1212 assert(link);
1213 assert(link->manager);
1214 assert(address);
1215
1216 if (address->lifetime_preferred_usec != USEC_INFINITY)
1217 return true;
1218
1219 /* Even when the address is leased from a DHCP server, networkd assign the address
1220 * without lifetime when KeepConfiguration=dhcp. So, let's check that we have
1221 * corresponding routes with RTPROT_DHCP. */
1222 SET_FOREACH(route, link->manager->routes) {
1223 if (route->source != NETWORK_CONFIG_SOURCE_FOREIGN)
1224 continue;
1225
1226 /* The route is not assigned yet, or already removed. Ignoring. */
1227 if (!route_exists(route))
1228 continue;
1229
1230 if (route->protocol != RTPROT_DHCP)
1231 continue;
1232
1233 if (route->nexthop.ifindex != link->ifindex)
1234 continue;
1235
1236 if (address->family != route->family)
1237 continue;
1238
1239 if (in_addr_equal(address->family, &address->in_addr, &route->prefsrc))
1240 return true;
1241 }
1242
1243 return false;
1244 }
1245
1246 int link_drop_ipv6ll_addresses(Link *link) {
1247 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
1248 int r;
1249
1250 assert(link);
1251 assert(link->manager);
1252 assert(link->manager->rtnl);
1253
1254 /* IPv6LL address may be in the tentative state, and in that case networkd has not received it.
1255 * So, we need to dump all IPv6 addresses. */
1256
1257 if (link_may_have_ipv6ll(link, /* check_multicast = */ false))
1258 return 0;
1259
1260 r = sd_rtnl_message_new_addr(link->manager->rtnl, &req, RTM_GETADDR, link->ifindex, AF_INET6);
1261 if (r < 0)
1262 return r;
1263
1264 r = sd_netlink_message_set_request_dump(req, true);
1265 if (r < 0)
1266 return r;
1267
1268 r = sd_netlink_call(link->manager->rtnl, req, 0, &reply);
1269 if (r < 0)
1270 return r;
1271
1272 for (sd_netlink_message *addr = reply; addr; addr = sd_netlink_message_next(addr)) {
1273 _cleanup_(address_unrefp) Address *a = NULL;
1274 unsigned char flags, prefixlen;
1275 struct in6_addr address;
1276 int ifindex;
1277
1278 /* NETLINK_GET_STRICT_CHK socket option is supported since kernel 4.20. To support
1279 * older kernels, we need to check ifindex here. */
1280 r = sd_rtnl_message_addr_get_ifindex(addr, &ifindex);
1281 if (r < 0) {
1282 log_link_debug_errno(link, r, "rtnl: received address message without valid ifindex, ignoring: %m");
1283 continue;
1284 } else if (link->ifindex != ifindex)
1285 continue;
1286
1287 r = sd_rtnl_message_addr_get_flags(addr, &flags);
1288 if (r < 0) {
1289 log_link_debug_errno(link, r, "rtnl: received address message without valid flags, ignoring: %m");
1290 continue;
1291 }
1292
1293 r = sd_rtnl_message_addr_get_prefixlen(addr, &prefixlen);
1294 if (r < 0) {
1295 log_link_debug_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m");
1296 continue;
1297 }
1298
1299 if (sd_netlink_message_read_in6_addr(addr, IFA_LOCAL, NULL) >= 0)
1300 /* address with peer, ignoring. */
1301 continue;
1302
1303 r = sd_netlink_message_read_in6_addr(addr, IFA_ADDRESS, &address);
1304 if (r < 0) {
1305 log_link_debug_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1306 continue;
1307 }
1308
1309 if (!in6_addr_is_link_local(&address))
1310 continue;
1311
1312 r = address_new(&a);
1313 if (r < 0)
1314 return -ENOMEM;
1315
1316 a->family = AF_INET6;
1317 a->in_addr.in6 = address;
1318 a->prefixlen = prefixlen;
1319 a->flags = flags;
1320
1321 r = address_remove(a, link);
1322 if (r < 0)
1323 return r;
1324 }
1325
1326 return 0;
1327 }
1328
1329 int link_drop_foreign_addresses(Link *link) {
1330 Address *address;
1331 int r = 0;
1332
1333 assert(link);
1334 assert(link->network);
1335
1336 /* First, mark all addresses. */
1337 SET_FOREACH(address, link->addresses) {
1338 /* We consider IPv6LL addresses to be managed by the kernel, or dropped in link_drop_ipv6ll_addresses() */
1339 if (address->family == AF_INET6 && in6_addr_is_link_local(&address->in_addr.in6))
1340 continue;
1341
1342 /* Do not remove localhost address (127.0.0.1 and ::1) */
1343 if (link->flags & IFF_LOOPBACK && in_addr_is_localhost_one(address->family, &address->in_addr) > 0)
1344 continue;
1345
1346 /* Ignore addresses we configured. */
1347 if (address->source != NETWORK_CONFIG_SOURCE_FOREIGN)
1348 continue;
1349
1350 /* Ignore addresses not assigned yet or already removing. */
1351 if (!address_exists(address))
1352 continue;
1353
1354 /* link_address_is_dynamic() is slightly heavy. Let's call the function only when KeepConfiguration= is set. */
1355 if (IN_SET(link->network->keep_configuration, KEEP_CONFIGURATION_DHCP, KEEP_CONFIGURATION_STATIC) &&
1356 link_address_is_dynamic(link, address) == (link->network->keep_configuration == KEEP_CONFIGURATION_DHCP))
1357 continue;
1358
1359 address_mark(address);
1360 }
1361
1362 /* Then, unmark requested addresses. */
1363 ORDERED_HASHMAP_FOREACH(address, link->network->addresses_by_section) {
1364 Address *existing;
1365
1366 if (address_get(link, address, &existing) < 0)
1367 continue;
1368
1369 if (!address_can_update(existing, address))
1370 continue;
1371
1372 /* Found matching static configuration. Keep the existing address. */
1373 address_unmark(existing);
1374 }
1375
1376 /* Finally, remove all marked addresses. */
1377 SET_FOREACH(address, link->addresses) {
1378 if (!address_is_marked(address))
1379 continue;
1380
1381 RET_GATHER(r, address_remove(address, link));
1382 }
1383
1384 return r;
1385 }
1386
1387 int link_drop_static_addresses(Link *link) {
1388 Address *address;
1389 int r = 0;
1390
1391 assert(link);
1392
1393 SET_FOREACH(address, link->addresses) {
1394 /* Remove only static addresses here. Dynamic addresses will be removed e.g. on lease
1395 * expiration or stopping the DHCP client. */
1396 if (address->source != NETWORK_CONFIG_SOURCE_STATIC)
1397 continue;
1398
1399 /* Ignore addresses not assigned yet or already removing. */
1400 if (!address_exists(address))
1401 continue;
1402
1403 RET_GATHER(r, address_remove(address, link));
1404 }
1405
1406 return r;
1407 }
1408
1409 void link_foreignize_addresses(Link *link) {
1410 Address *address;
1411
1412 assert(link);
1413
1414 SET_FOREACH(address, link->addresses)
1415 address->source = NETWORK_CONFIG_SOURCE_FOREIGN;
1416 }
1417
1418 int address_configure_handler_internal(sd_netlink *rtnl, sd_netlink_message *m, Link *link, const char *error_msg) {
1419 int r;
1420
1421 assert(rtnl);
1422 assert(m);
1423 assert(link);
1424 assert(error_msg);
1425
1426 r = sd_netlink_message_get_errno(m);
1427 if (r < 0 && r != -EEXIST) {
1428 log_link_message_warning_errno(link, m, r, error_msg);
1429 link_enter_failed(link);
1430 return 0;
1431 }
1432
1433 return 1;
1434 }
1435
1436 static int address_configure(const Address *address, const struct ifa_cacheinfo *c, Link *link, Request *req) {
1437 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
1438 int r;
1439
1440 assert(address);
1441 assert(IN_SET(address->family, AF_INET, AF_INET6));
1442 assert(c);
1443 assert(link);
1444 assert(link->ifindex > 0);
1445 assert(link->manager);
1446 assert(link->manager->rtnl);
1447 assert(req);
1448
1449 log_address_debug(address, "Configuring", link);
1450
1451 r = sd_rtnl_message_new_addr_update(link->manager->rtnl, &m, link->ifindex, address->family);
1452 if (r < 0)
1453 return r;
1454
1455 r = address_set_netlink_message(address, m, link);
1456 if (r < 0)
1457 return r;
1458
1459 r = sd_rtnl_message_addr_set_scope(m, address->scope);
1460 if (r < 0)
1461 return r;
1462
1463 if (address->family == AF_INET6 || in_addr_is_set(address->family, &address->in_addr_peer)) {
1464 r = netlink_message_append_in_addr_union(m, IFA_ADDRESS, address->family, &address->in_addr_peer);
1465 if (r < 0)
1466 return r;
1467 } else if (in4_addr_is_set(&address->broadcast)) {
1468 r = sd_netlink_message_append_in_addr(m, IFA_BROADCAST, &address->broadcast);
1469 if (r < 0)
1470 return r;
1471 }
1472
1473 if (address->family == AF_INET && address->label) {
1474 r = sd_netlink_message_append_string(m, IFA_LABEL, address->label);
1475 if (r < 0)
1476 return r;
1477 }
1478
1479 r = sd_netlink_message_append_cache_info(m, IFA_CACHEINFO, c);
1480 if (r < 0)
1481 return r;
1482
1483 r = sd_netlink_message_append_u32(m, IFA_RT_PRIORITY, address->route_metric);
1484 if (r < 0)
1485 return r;
1486
1487 return request_call_netlink_async(link->manager->rtnl, m, req);
1488 }
1489
1490 static int address_acquire(Link *link, const Address *address, union in_addr_union *ret) {
1491 union in_addr_union a;
1492 int r;
1493
1494 assert(link);
1495 assert(address);
1496 assert(ret);
1497
1498 r = address_acquire_from_dhcp_server_leases_file(link, address, ret);
1499 if (r != -ENOENT)
1500 return r;
1501
1502 r = address_pool_acquire(link->manager, address->family, address->prefixlen, &a);
1503 if (r < 0)
1504 return r;
1505 if (r == 0)
1506 return -EBUSY;
1507
1508 /* Pick first address in range for ourselves. */
1509 if (address->family == AF_INET)
1510 a.in.s_addr |= htobe32(1);
1511 else if (address->family == AF_INET6)
1512 a.in6.s6_addr[15] |= 1;
1513 else
1514 assert_not_reached();
1515
1516 *ret = a;
1517 return 0;
1518 }
1519
1520 static int address_requeue_request(Request *req, Link *link, const Address *address) {
1521 int r;
1522
1523 assert(req);
1524 assert(link);
1525 assert(link->manager);
1526 assert(link->network);
1527 assert(address);
1528
1529 /* Something useful was configured? just use it */
1530 if (in_addr_is_set(address->family, &address->in_addr))
1531 return 0;
1532
1533 /* The address is configured to be 0.0.0.0 or [::] by the user?
1534 * Then let's acquire something more useful. */
1535 union in_addr_union a;
1536 r = address_acquire(link, address, &a);
1537 if (r < 0)
1538 return r;
1539
1540 _cleanup_(address_unrefp) Address *tmp = NULL;
1541 r = address_dup(address, &tmp);
1542 if (r < 0)
1543 return r;
1544
1545 tmp->in_addr = a;
1546
1547 r = link_requeue_request(link, req, tmp, NULL);
1548 if (r < 0)
1549 return r;
1550 if (r == 0)
1551 return -EEXIST; /* Already queued?? Strange... */
1552
1553 TAKE_PTR(tmp);
1554 return 1; /* A new request is queued. it is not necessary to process this request anymore. */
1555 }
1556
1557 static int address_process_request(Request *req, Link *link, Address *address) {
1558 Address *existing;
1559 struct ifa_cacheinfo c;
1560 int r;
1561
1562 assert(req);
1563 assert(link);
1564 assert(address);
1565
1566 if (!link_is_ready_to_configure(link, false))
1567 return 0;
1568
1569 /* Refuse adding more than the limit */
1570 if (set_size(link->addresses) >= ADDRESSES_PER_LINK_MAX)
1571 return 0;
1572
1573 r = address_requeue_request(req, link, address);
1574 if (r == -EBUSY)
1575 return 0;
1576 if (r != 0)
1577 return r;
1578
1579 address_set_broadcast(address, link);
1580
1581 r = ipv4acd_configure(link, address);
1582 if (r < 0)
1583 return r;
1584
1585 if (!ipv4acd_bound(link, address))
1586 return 0;
1587
1588 address_set_cinfo(link->manager, address, &c);
1589 if (c.ifa_valid == 0) {
1590 log_link_debug(link, "Refuse to configure %s address %s, as its valid lifetime is zero.",
1591 network_config_source_to_string(address->source),
1592 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
1593
1594 address_cancel_requesting(address);
1595 if (address_get(link, address, &existing) >= 0)
1596 address_cancel_requesting(existing);
1597 return 1;
1598 }
1599
1600 r = address_configure(address, &c, link, req);
1601 if (r < 0)
1602 return log_link_warning_errno(link, r, "Failed to configure address: %m");
1603
1604 address_enter_configuring(address);
1605 if (address_get(link, address, &existing) >= 0)
1606 address_enter_configuring(existing);
1607
1608 return 1;
1609 }
1610
1611 int link_request_address(
1612 Link *link,
1613 const Address *address,
1614 unsigned *message_counter,
1615 address_netlink_handler_t netlink_handler,
1616 Request **ret) {
1617
1618 _cleanup_(address_unrefp) Address *tmp = NULL;
1619 Address *existing = NULL;
1620 int r;
1621
1622 assert(link);
1623 assert(address);
1624 assert(address->source != NETWORK_CONFIG_SOURCE_FOREIGN);
1625
1626 if (address->lifetime_valid_usec == 0)
1627 /* The requested address is outdated. Let's ignore the request. */
1628 return 0;
1629
1630 if (address_get_request(link, address, NULL) >= 0)
1631 return 0; /* already requested, skipping. */
1632
1633 r = address_dup(address, &tmp);
1634 if (r < 0)
1635 return log_oom();
1636
1637 if (address_get(link, address, &existing) >= 0) {
1638 /* Copy already assigned address when it is requested as a null address. */
1639 if (address_is_static_null(address))
1640 tmp->in_addr = existing->in_addr;
1641
1642 /* Copy state for logging below. */
1643 tmp->state = existing->state;
1644 }
1645
1646 log_address_debug(tmp, "Requesting", link);
1647 r = link_queue_request_safe(link, REQUEST_TYPE_ADDRESS,
1648 tmp,
1649 address_unref,
1650 address_hash_func,
1651 address_compare_func,
1652 address_process_request,
1653 message_counter, netlink_handler, ret);
1654 if (r < 0)
1655 return log_link_warning_errno(link, r, "Failed to request address: %m");
1656 if (r == 0)
1657 return 0;
1658
1659 address_enter_requesting(tmp);
1660 if (existing)
1661 address_enter_requesting(existing);
1662
1663 TAKE_PTR(tmp);
1664 return 1;
1665 }
1666
1667 static int static_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Address *address) {
1668 int r;
1669
1670 assert(link);
1671
1672 r = address_configure_handler_internal(rtnl, m, link, "Failed to set static address");
1673 if (r <= 0)
1674 return r;
1675
1676 if (link->static_address_messages == 0) {
1677 log_link_debug(link, "Addresses set");
1678 link->static_addresses_configured = true;
1679 link_check_ready(link);
1680 }
1681
1682 return 1;
1683 }
1684
1685 int link_request_static_address(Link *link, const Address *address) {
1686 assert(link);
1687 assert(address);
1688 assert(address->source == NETWORK_CONFIG_SOURCE_STATIC);
1689
1690 return link_request_address(link, address, &link->static_address_messages,
1691 static_address_handler, NULL);
1692 }
1693
1694 int link_request_static_addresses(Link *link) {
1695 Address *a;
1696 int r;
1697
1698 assert(link);
1699 assert(link->network);
1700
1701 link->static_addresses_configured = false;
1702
1703 ORDERED_HASHMAP_FOREACH(a, link->network->addresses_by_section) {
1704 r = link_request_static_address(link, a);
1705 if (r < 0)
1706 return r;
1707 }
1708
1709 r = link_request_radv_addresses(link);
1710 if (r < 0)
1711 return r;
1712
1713 if (link->static_address_messages == 0) {
1714 link->static_addresses_configured = true;
1715 link_check_ready(link);
1716 } else {
1717 log_link_debug(link, "Setting addresses");
1718 link_set_state(link, LINK_STATE_CONFIGURING);
1719 }
1720
1721 return 0;
1722 }
1723
1724 int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) {
1725 _cleanup_(address_unrefp) Address *tmp = NULL;
1726 struct ifa_cacheinfo cinfo;
1727 Link *link;
1728 uint16_t type;
1729 Address *address = NULL;
1730 Request *req = NULL;
1731 bool is_new = false, update_dhcp4;
1732 int ifindex, r;
1733
1734 assert(rtnl);
1735 assert(message);
1736 assert(m);
1737
1738 if (sd_netlink_message_is_error(message)) {
1739 r = sd_netlink_message_get_errno(message);
1740 if (r < 0)
1741 log_message_warning_errno(message, r, "rtnl: failed to receive address message, ignoring");
1742
1743 return 0;
1744 }
1745
1746 r = sd_netlink_message_get_type(message, &type);
1747 if (r < 0) {
1748 log_warning_errno(r, "rtnl: could not get message type, ignoring: %m");
1749 return 0;
1750 } else if (!IN_SET(type, RTM_NEWADDR, RTM_DELADDR)) {
1751 log_warning("rtnl: received unexpected message type %u when processing address, ignoring.", type);
1752 return 0;
1753 }
1754
1755 r = sd_rtnl_message_addr_get_ifindex(message, &ifindex);
1756 if (r < 0) {
1757 log_warning_errno(r, "rtnl: could not get ifindex from message, ignoring: %m");
1758 return 0;
1759 } else if (ifindex <= 0) {
1760 log_warning("rtnl: received address message with invalid ifindex %d, ignoring.", ifindex);
1761 return 0;
1762 }
1763
1764 r = link_get_by_index(m, ifindex, &link);
1765 if (r < 0) {
1766 /* when enumerating we might be out of sync, but we will get the address again, so just
1767 * ignore it */
1768 if (!m->enumerating)
1769 log_warning("rtnl: received address for link '%d' we don't know about, ignoring.", ifindex);
1770 return 0;
1771 }
1772
1773 r = address_new(&tmp);
1774 if (r < 0)
1775 return log_oom();
1776
1777 /* First, read minimal information to make address_get() work below. */
1778
1779 r = sd_rtnl_message_addr_get_family(message, &tmp->family);
1780 if (r < 0) {
1781 log_link_warning(link, "rtnl: received address message without family, ignoring.");
1782 return 0;
1783 } else if (!IN_SET(tmp->family, AF_INET, AF_INET6)) {
1784 log_link_debug(link, "rtnl: received address message with invalid family '%i', ignoring.", tmp->family);
1785 return 0;
1786 }
1787
1788 r = sd_rtnl_message_addr_get_prefixlen(message, &tmp->prefixlen);
1789 if (r < 0) {
1790 log_link_warning_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m");
1791 return 0;
1792 }
1793
1794 switch (tmp->family) {
1795 case AF_INET:
1796 r = sd_netlink_message_read_in_addr(message, IFA_LOCAL, &tmp->in_addr.in);
1797 if (r < 0) {
1798 log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1799 return 0;
1800 }
1801
1802 r = sd_netlink_message_read_in_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in);
1803 if (r < 0 && r != -ENODATA) {
1804 log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m");
1805 return 0;
1806 } else if (r >= 0) {
1807 if (in4_addr_equal(&tmp->in_addr.in, &tmp->in_addr_peer.in))
1808 tmp->in_addr_peer = IN_ADDR_NULL;
1809 }
1810
1811 break;
1812
1813 case AF_INET6:
1814 r = sd_netlink_message_read_in6_addr(message, IFA_LOCAL, &tmp->in_addr.in6);
1815 if (r >= 0) {
1816 /* Have peer address. */
1817 r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in6);
1818 if (r < 0) {
1819 log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m");
1820 return 0;
1821 }
1822 } else if (r == -ENODATA) {
1823 /* Does not have peer address. */
1824 r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr.in6);
1825 if (r < 0) {
1826 log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1827 return 0;
1828 }
1829 } else {
1830 log_link_warning_errno(link, r, "rtnl: could not get local address from address message, ignoring: %m");
1831 return 0;
1832 }
1833
1834 break;
1835
1836 default:
1837 assert_not_reached();
1838 }
1839
1840 update_dhcp4 = tmp->family == AF_INET6;
1841
1842 /* Then, find the managed Address and Request objects corresponding to the received address. */
1843 (void) address_get(link, tmp, &address);
1844 (void) address_get_request(link, tmp, &req);
1845
1846 if (type == RTM_DELADDR) {
1847 if (address) {
1848 address_enter_removed(address);
1849 log_address_debug(address, "Forgetting removed", link);
1850 (void) address_drop(address);
1851 } else
1852 log_address_debug(tmp, "Kernel removed unknown", link);
1853
1854 if (req)
1855 address_enter_removed(req->userdata);
1856
1857 goto finalize;
1858 }
1859
1860 if (!address) {
1861 /* If we did not know the address, then save it. */
1862 r = address_attach(link, tmp);
1863 if (r < 0) {
1864 log_link_warning_errno(link, r, "Failed to save received address %s, ignoring: %m",
1865 IN_ADDR_PREFIX_TO_STRING(tmp->family, &tmp->in_addr, tmp->prefixlen));
1866 return 0;
1867 }
1868 address = tmp;
1869
1870 is_new = true;
1871
1872 } else {
1873 /* Otherwise, update the managed Address object with the netlink notification. */
1874 address->prefixlen = tmp->prefixlen;
1875 address->in_addr_peer = tmp->in_addr_peer;
1876 }
1877
1878 /* Also update information that cannot be obtained through netlink notification. */
1879 if (req && req->waiting_reply) {
1880 Address *a = ASSERT_PTR(req->userdata);
1881
1882 address->source = a->source;
1883 address->provider = a->provider;
1884 (void) free_and_strdup_warn(&address->netlabel, a->netlabel);
1885 nft_set_context_clear(&address->nft_set_context);
1886 (void) nft_set_context_dup(&a->nft_set_context, &address->nft_set_context);
1887 address->requested_as_null = a->requested_as_null;
1888 address->callback = a->callback;
1889 }
1890
1891 /* Then, update miscellaneous info. */
1892 r = sd_rtnl_message_addr_get_scope(message, &address->scope);
1893 if (r < 0)
1894 log_link_debug_errno(link, r, "rtnl: received address message without scope, ignoring: %m");
1895
1896 if (address->family == AF_INET) {
1897 _cleanup_free_ char *label = NULL;
1898
1899 r = sd_netlink_message_read_string_strdup(message, IFA_LABEL, &label);
1900 if (r >= 0) {
1901 if (!streq_ptr(label, link->ifname))
1902 free_and_replace(address->label, label);
1903 } else if (r != -ENODATA)
1904 log_link_debug_errno(link, r, "rtnl: could not get label from address message, ignoring: %m");
1905
1906 r = sd_netlink_message_read_in_addr(message, IFA_BROADCAST, &address->broadcast);
1907 if (r < 0 && r != -ENODATA)
1908 log_link_debug_errno(link, r, "rtnl: could not get broadcast from address message, ignoring: %m");
1909 }
1910
1911 r = sd_netlink_message_read_u32(message, IFA_FLAGS, &address->flags);
1912 if (r == -ENODATA) {
1913 unsigned char flags;
1914
1915 /* For old kernels. */
1916 r = sd_rtnl_message_addr_get_flags(message, &flags);
1917 if (r >= 0)
1918 address->flags = flags;
1919 } else if (r < 0)
1920 log_link_debug_errno(link, r, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m");
1921
1922 r = sd_netlink_message_read_cache_info(message, IFA_CACHEINFO, &cinfo);
1923 if (r >= 0)
1924 address_set_lifetime(m, address, &cinfo);
1925 else if (r != -ENODATA)
1926 log_link_debug_errno(link, r, "rtnl: failed to read IFA_CACHEINFO attribute, ignoring: %m");
1927
1928 r = sd_netlink_message_read_u32(message, IFA_RT_PRIORITY, &address->route_metric);
1929 if (r < 0 && r != -ENODATA)
1930 log_link_debug_errno(link, r, "rtnl: failed to read IFA_RT_PRIORITY attribute, ignoring: %m");
1931
1932 address_enter_configured(address);
1933 if (req)
1934 address_enter_configured(req->userdata);
1935
1936 log_address_debug(address, is_new ? "Received new": "Received updated", link);
1937
1938 /* address_update() logs internally, so we don't need to here. */
1939 r = address_update(address);
1940 if (r < 0)
1941 link_enter_failed(link);
1942
1943 finalize:
1944 if (update_dhcp4) {
1945 r = dhcp4_update_ipv6_connectivity(link);
1946 if (r < 0) {
1947 log_link_warning_errno(link, r, "Failed to notify IPv6 connectivity to DHCPv4 client: %m");
1948 link_enter_failed(link);
1949 }
1950 }
1951
1952 return 1;
1953 }
1954
1955 int config_parse_broadcast(
1956 const char *unit,
1957 const char *filename,
1958 unsigned line,
1959 const char *section,
1960 unsigned section_line,
1961 const char *lvalue,
1962 int ltype,
1963 const char *rvalue,
1964 void *data,
1965 void *userdata) {
1966
1967 Network *network = userdata;
1968 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
1969 union in_addr_union u;
1970 int r;
1971
1972 assert(filename);
1973 assert(section);
1974 assert(lvalue);
1975 assert(rvalue);
1976 assert(data);
1977
1978 r = address_new_static(network, filename, section_line, &n);
1979 if (r == -ENOMEM)
1980 return log_oom();
1981 if (r < 0) {
1982 log_syntax(unit, LOG_WARNING, filename, line, r,
1983 "Failed to allocate new address, ignoring assignment: %m");
1984 return 0;
1985 }
1986
1987 if (isempty(rvalue)) {
1988 /* The broadcast address will be calculated based on Address=, and set if the link is
1989 * not a wireguard interface. Here, we do not check or set n->family. */
1990 n->broadcast = (struct in_addr) {};
1991 n->set_broadcast = -1;
1992 TAKE_PTR(n);
1993 return 0;
1994 }
1995
1996 r = parse_boolean(rvalue);
1997 if (r >= 0) {
1998 /* The broadcast address will be calculated based on Address=. Here, we do not check or
1999 * set n->family. */
2000 n->broadcast = (struct in_addr) {};
2001 n->set_broadcast = r;
2002 TAKE_PTR(n);
2003 return 0;
2004 }
2005
2006 if (n->family == AF_INET6) {
2007 log_syntax(unit, LOG_WARNING, filename, line, 0,
2008 "Broadcast is not valid for IPv6 addresses, ignoring assignment: %s", rvalue);
2009 return 0;
2010 }
2011
2012 r = in_addr_from_string(AF_INET, rvalue, &u);
2013 if (r < 0) {
2014 log_syntax(unit, LOG_WARNING, filename, line, r,
2015 "Broadcast is invalid, ignoring assignment: %s", rvalue);
2016 return 0;
2017 }
2018 if (in4_addr_is_null(&u.in)) {
2019 log_syntax(unit, LOG_WARNING, filename, line, 0,
2020 "Broadcast cannot be ANY address, ignoring assignment: %s", rvalue);
2021 return 0;
2022 }
2023
2024 n->broadcast = u.in;
2025 n->set_broadcast = true;
2026 n->family = AF_INET;
2027 TAKE_PTR(n);
2028
2029 return 0;
2030 }
2031
2032 int config_parse_address(
2033 const char *unit,
2034 const char *filename,
2035 unsigned line,
2036 const char *section,
2037 unsigned section_line,
2038 const char *lvalue,
2039 int ltype,
2040 const char *rvalue,
2041 void *data,
2042 void *userdata) {
2043
2044 Network *network = userdata;
2045 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2046 union in_addr_union buffer;
2047 unsigned char prefixlen;
2048 int r, f;
2049
2050 assert(filename);
2051 assert(section);
2052 assert(lvalue);
2053 assert(rvalue);
2054 assert(data);
2055
2056 if (streq(section, "Network")) {
2057 if (isempty(rvalue)) {
2058 /* If an empty string specified in [Network] section, clear previously assigned addresses. */
2059 network->addresses_by_section = ordered_hashmap_free(network->addresses_by_section);
2060 return 0;
2061 }
2062
2063 /* we are not in an Address section, so use line number instead. */
2064 r = address_new_static(network, filename, line, &n);
2065 } else
2066 r = address_new_static(network, filename, section_line, &n);
2067 if (r == -ENOMEM)
2068 return log_oom();
2069 if (r < 0) {
2070 log_syntax(unit, LOG_WARNING, filename, line, r,
2071 "Failed to allocate new address, ignoring assignment: %m");
2072 return 0;
2073 }
2074
2075 /* Address=address/prefixlen */
2076 r = in_addr_prefix_from_string_auto_internal(rvalue, PREFIXLEN_REFUSE, &f, &buffer, &prefixlen);
2077 if (r == -ENOANO) {
2078 r = in_addr_prefix_from_string_auto(rvalue, &f, &buffer, &prefixlen);
2079 if (r >= 0)
2080 log_syntax(unit, LOG_WARNING, filename, line, r,
2081 "Address '%s' is specified without prefix length. Assuming the prefix length is %u. "
2082 "Please specify the prefix length explicitly.", rvalue, prefixlen);
2083 }
2084 if (r < 0) {
2085 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid address '%s', ignoring assignment: %m", rvalue);
2086 return 0;
2087 }
2088
2089 if (n->family != AF_UNSPEC && f != n->family) {
2090 log_syntax(unit, LOG_WARNING, filename, line, 0, "Address is incompatible, ignoring assignment: %s", rvalue);
2091 return 0;
2092 }
2093
2094 if (in_addr_is_null(f, &buffer)) {
2095 /* Will use address from address pool. Note that for ipv6 case, prefix of the address
2096 * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So,
2097 * let's limit the prefix length to 64 or larger. See RFC4193. */
2098 if ((f == AF_INET && prefixlen < 8) ||
2099 (f == AF_INET6 && prefixlen < 64)) {
2100 log_syntax(unit, LOG_WARNING, filename, line, 0,
2101 "Null address with invalid prefixlen='%u', ignoring assignment: %s",
2102 prefixlen, rvalue);
2103 return 0;
2104 }
2105 }
2106
2107 n->family = f;
2108 n->prefixlen = prefixlen;
2109
2110 if (streq(lvalue, "Address")) {
2111 n->in_addr = buffer;
2112 n->requested_as_null = !in_addr_is_set(n->family, &n->in_addr);
2113 } else
2114 n->in_addr_peer = buffer;
2115
2116 TAKE_PTR(n);
2117 return 0;
2118 }
2119
2120 int config_parse_label(
2121 const char *unit,
2122 const char *filename,
2123 unsigned line,
2124 const char *section,
2125 unsigned section_line,
2126 const char *lvalue,
2127 int ltype,
2128 const char *rvalue,
2129 void *data,
2130 void *userdata) {
2131
2132 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2133 Network *network = userdata;
2134 int r;
2135
2136 assert(filename);
2137 assert(section);
2138 assert(lvalue);
2139 assert(rvalue);
2140 assert(data);
2141
2142 r = address_new_static(network, filename, section_line, &n);
2143 if (r == -ENOMEM)
2144 return log_oom();
2145 if (r < 0) {
2146 log_syntax(unit, LOG_WARNING, filename, line, r,
2147 "Failed to allocate new address, ignoring assignment: %m");
2148 return 0;
2149 }
2150
2151 if (isempty(rvalue)) {
2152 n->label = mfree(n->label);
2153 TAKE_PTR(n);
2154 return 0;
2155 }
2156
2157 if (!address_label_valid(rvalue)) {
2158 log_syntax(unit, LOG_WARNING, filename, line, 0,
2159 "Interface label is too long or invalid, ignoring assignment: %s", rvalue);
2160 return 0;
2161 }
2162
2163 r = free_and_strdup(&n->label, rvalue);
2164 if (r < 0)
2165 return log_oom();
2166
2167 TAKE_PTR(n);
2168 return 0;
2169 }
2170
2171 int config_parse_lifetime(
2172 const char *unit,
2173 const char *filename,
2174 unsigned line,
2175 const char *section,
2176 unsigned section_line,
2177 const char *lvalue,
2178 int ltype,
2179 const char *rvalue,
2180 void *data,
2181 void *userdata) {
2182
2183 Network *network = userdata;
2184 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2185 usec_t k;
2186 int r;
2187
2188 assert(filename);
2189 assert(section);
2190 assert(lvalue);
2191 assert(rvalue);
2192 assert(data);
2193
2194 r = address_new_static(network, filename, section_line, &n);
2195 if (r == -ENOMEM)
2196 return log_oom();
2197 if (r < 0) {
2198 log_syntax(unit, LOG_WARNING, filename, line, r,
2199 "Failed to allocate new address, ignoring assignment: %m");
2200 return 0;
2201 }
2202
2203 /* We accept only "forever", "infinity", empty, or "0". */
2204 if (STR_IN_SET(rvalue, "forever", "infinity", ""))
2205 k = USEC_INFINITY;
2206 else if (streq(rvalue, "0"))
2207 k = 0;
2208 else {
2209 log_syntax(unit, LOG_WARNING, filename, line, 0,
2210 "Invalid PreferredLifetime= value, ignoring: %s", rvalue);
2211 return 0;
2212 }
2213
2214 n->lifetime_preferred_usec = k;
2215 TAKE_PTR(n);
2216
2217 return 0;
2218 }
2219
2220 int config_parse_address_flags(
2221 const char *unit,
2222 const char *filename,
2223 unsigned line,
2224 const char *section,
2225 unsigned section_line,
2226 const char *lvalue,
2227 int ltype,
2228 const char *rvalue,
2229 void *data,
2230 void *userdata) {
2231
2232 Network *network = userdata;
2233 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2234 int r;
2235
2236 assert(filename);
2237 assert(section);
2238 assert(lvalue);
2239 assert(rvalue);
2240 assert(data);
2241
2242 r = address_new_static(network, filename, section_line, &n);
2243 if (r == -ENOMEM)
2244 return log_oom();
2245 if (r < 0) {
2246 log_syntax(unit, LOG_WARNING, filename, line, r,
2247 "Failed to allocate new address, ignoring assignment: %m");
2248 return 0;
2249 }
2250
2251 r = parse_boolean(rvalue);
2252 if (r < 0) {
2253 log_syntax(unit, LOG_WARNING, filename, line, r,
2254 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
2255 return 0;
2256 }
2257
2258 if (streq(lvalue, "AddPrefixRoute"))
2259 r = !r;
2260
2261 SET_FLAG(n->flags, ltype, r);
2262
2263 TAKE_PTR(n);
2264 return 0;
2265 }
2266
2267 int config_parse_address_scope(
2268 const char *unit,
2269 const char *filename,
2270 unsigned line,
2271 const char *section,
2272 unsigned section_line,
2273 const char *lvalue,
2274 int ltype,
2275 const char *rvalue,
2276 void *data,
2277 void *userdata) {
2278
2279 Network *network = userdata;
2280 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2281 int r;
2282
2283 assert(filename);
2284 assert(section);
2285 assert(lvalue);
2286 assert(rvalue);
2287 assert(data);
2288
2289 r = address_new_static(network, filename, section_line, &n);
2290 if (r == -ENOMEM)
2291 return log_oom();
2292 if (r < 0) {
2293 log_syntax(unit, LOG_WARNING, filename, line, r,
2294 "Failed to allocate new address, ignoring assignment: %m");
2295 return 0;
2296 }
2297
2298 r = route_scope_from_string(rvalue);
2299 if (r < 0) {
2300 log_syntax(unit, LOG_WARNING, filename, line, r,
2301 "Could not parse address scope \"%s\", ignoring assignment: %m", rvalue);
2302 return 0;
2303 }
2304
2305 n->scope = r;
2306 n->scope_set = true;
2307 TAKE_PTR(n);
2308 return 0;
2309 }
2310
2311 int config_parse_address_route_metric(
2312 const char *unit,
2313 const char *filename,
2314 unsigned line,
2315 const char *section,
2316 unsigned section_line,
2317 const char *lvalue,
2318 int ltype,
2319 const char *rvalue,
2320 void *data,
2321 void *userdata) {
2322
2323 Network *network = userdata;
2324 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2325 int r;
2326
2327 assert(filename);
2328 assert(section);
2329 assert(lvalue);
2330 assert(rvalue);
2331 assert(data);
2332
2333 r = address_new_static(network, filename, section_line, &n);
2334 if (r == -ENOMEM)
2335 return log_oom();
2336 if (r < 0) {
2337 log_syntax(unit, LOG_WARNING, filename, line, r,
2338 "Failed to allocate new address, ignoring assignment: %m");
2339 return 0;
2340 }
2341
2342 r = safe_atou32(rvalue, &n->route_metric);
2343 if (r < 0) {
2344 log_syntax(unit, LOG_WARNING, filename, line, r,
2345 "Could not parse %s=, ignoring assignment: %s", lvalue, rvalue);
2346 return 0;
2347 }
2348
2349 TAKE_PTR(n);
2350 return 0;
2351 }
2352
2353 int config_parse_duplicate_address_detection(
2354 const char *unit,
2355 const char *filename,
2356 unsigned line,
2357 const char *section,
2358 unsigned section_line,
2359 const char *lvalue,
2360 int ltype,
2361 const char *rvalue,
2362 void *data,
2363 void *userdata) {
2364
2365 Network *network = userdata;
2366 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2367 int r;
2368
2369 assert(filename);
2370 assert(section);
2371 assert(lvalue);
2372 assert(rvalue);
2373 assert(data);
2374
2375 r = address_new_static(network, filename, section_line, &n);
2376 if (r == -ENOMEM)
2377 return log_oom();
2378 if (r < 0) {
2379 log_syntax(unit, LOG_WARNING, filename, line, r,
2380 "Failed to allocate new address, ignoring assignment: %m");
2381 return 0;
2382 }
2383
2384 r = parse_boolean(rvalue);
2385 if (r >= 0) {
2386 log_syntax(unit, LOG_WARNING, filename, line, 0,
2387 "For historical reasons, %s=%s means %s=%s. "
2388 "Please use 'both', 'ipv4', 'ipv6' or 'none' instead.",
2389 lvalue, rvalue, lvalue, r ? "none" : "both");
2390 n->duplicate_address_detection = r ? ADDRESS_FAMILY_NO : ADDRESS_FAMILY_YES;
2391 n = NULL;
2392 return 0;
2393 }
2394
2395 AddressFamily a = duplicate_address_detection_address_family_from_string(rvalue);
2396 if (a < 0) {
2397 log_syntax(unit, LOG_WARNING, filename, line, a,
2398 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
2399 return 0;
2400 }
2401 n->duplicate_address_detection = a;
2402
2403 TAKE_PTR(n);
2404 return 0;
2405 }
2406
2407 int config_parse_address_netlabel(
2408 const char *unit,
2409 const char *filename,
2410 unsigned line,
2411 const char *section,
2412 unsigned section_line,
2413 const char *lvalue,
2414 int ltype,
2415 const char *rvalue,
2416 void *data,
2417 void *userdata) {
2418
2419 Network *network = userdata;
2420 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2421 int r;
2422
2423 assert(filename);
2424 assert(section);
2425 assert(lvalue);
2426 assert(rvalue);
2427 assert(data);
2428 assert(network);
2429
2430 r = address_new_static(network, filename, section_line, &n);
2431 if (r == -ENOMEM)
2432 return log_oom();
2433 if (r < 0) {
2434 log_syntax(unit, LOG_WARNING, filename, line, r,
2435 "Failed to allocate new address, ignoring assignment: %m");
2436 return 0;
2437 }
2438
2439 r = config_parse_string(unit, filename, line, section, section_line,
2440 lvalue, CONFIG_PARSE_STRING_SAFE, rvalue, &n->netlabel, network);
2441 if (r < 0)
2442 return r;
2443
2444 TAKE_PTR(n);
2445 return 0;
2446 }
2447
2448 static void address_section_adjust_broadcast(Address *address) {
2449 assert(address);
2450 assert(address->section);
2451
2452 if (!in4_addr_is_set(&address->broadcast))
2453 return;
2454
2455 if (address->family == AF_INET6)
2456 log_warning("%s: broadcast address is set for an IPv6 address. "
2457 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2458 address->section->filename, address->section->line);
2459 else if (address->prefixlen > 30)
2460 log_warning("%s: broadcast address is set for an IPv4 address with prefix length larger than 30. "
2461 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2462 address->section->filename, address->section->line);
2463 else if (in4_addr_is_set(&address->in_addr_peer.in))
2464 log_warning("%s: broadcast address is set for an IPv4 address with peer address. "
2465 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2466 address->section->filename, address->section->line);
2467 else if (!in4_addr_is_set(&address->in_addr.in))
2468 log_warning("%s: broadcast address is set for an IPv4 address with null address. "
2469 "Ignoring Broadcast= setting in the [Address] section from line %u.",
2470 address->section->filename, address->section->line);
2471 else
2472 /* Otherwise, keep the specified broadcast address. */
2473 return;
2474
2475 address->broadcast.s_addr = 0;
2476 }
2477
2478 int address_section_verify(Address *address) {
2479 if (section_is_invalid(address->section))
2480 return -EINVAL;
2481
2482 if (address->family == AF_UNSPEC) {
2483 assert(address->section);
2484
2485 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
2486 "%s: Address section without Address= field was configured. "
2487 "Ignoring [Address] section from line %u.",
2488 address->section->filename, address->section->line);
2489 }
2490
2491 if (address->family == AF_INET6 && !socket_ipv6_is_supported())
2492 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
2493 "%s: an IPv6 address was configured, but the kernel does not support IPv6. "
2494 "Ignoring [Address] section from line %u.",
2495 address->section->filename, address->section->line);
2496
2497 assert(IN_SET(address->family, AF_INET, AF_INET6));
2498
2499 address_section_adjust_broadcast(address);
2500
2501 if (address->family == AF_INET6 && address->label) {
2502 log_warning("%s: address label is set for IPv6 address in the [Address] section from line %u. "
2503 "Ignoring Label= setting.",
2504 address->section->filename, address->section->line);
2505
2506 address->label = mfree(address->label);
2507 }
2508
2509 if (!address->scope_set) {
2510 if (in_addr_is_localhost(address->family, &address->in_addr) > 0)
2511 address->scope = RT_SCOPE_HOST;
2512 else if (in_addr_is_link_local(address->family, &address->in_addr) > 0)
2513 address->scope = RT_SCOPE_LINK;
2514 }
2515
2516 if (address->duplicate_address_detection < 0) {
2517 if (address->family == AF_INET6)
2518 address->duplicate_address_detection = ADDRESS_FAMILY_IPV6;
2519 else if (in4_addr_is_link_local(&address->in_addr.in))
2520 address->duplicate_address_detection = ADDRESS_FAMILY_IPV4;
2521 else
2522 address->duplicate_address_detection = ADDRESS_FAMILY_NO;
2523 } else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV6 && address->family == AF_INET)
2524 log_warning("%s: DuplicateAddressDetection=ipv6 is specified for IPv4 address, ignoring.",
2525 address->section->filename);
2526 else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV4 && address->family == AF_INET6)
2527 log_warning("%s: DuplicateAddressDetection=ipv4 is specified for IPv6 address, ignoring.",
2528 address->section->filename);
2529
2530 if (address->family == AF_INET6 &&
2531 !FLAGS_SET(address->duplicate_address_detection, ADDRESS_FAMILY_IPV6))
2532 address->flags |= IFA_F_NODAD;
2533
2534 uint32_t filtered_flags = address->family == AF_INET ?
2535 address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS & ~IPV6ONLY_FLAGS :
2536 address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS;
2537 if (address->flags != filtered_flags) {
2538 _cleanup_free_ char *str = NULL;
2539
2540 (void) address_flags_to_string_alloc(address->flags ^ filtered_flags, address->family, &str);
2541 return log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
2542 "%s: unexpected address flags \"%s\" were configured. "
2543 "Ignoring [Address] section from line %u.",
2544 address->section->filename, strna(str), address->section->line);
2545 }
2546
2547 return 0;
2548 }
2549
2550 int network_drop_invalid_addresses(Network *network) {
2551 _cleanup_set_free_ Set *addresses = NULL;
2552 Address *address;
2553 int r;
2554
2555 assert(network);
2556
2557 ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) {
2558 Address *dup;
2559
2560 if (address_section_verify(address) < 0) {
2561 /* Drop invalid [Address] sections or Address= settings in [Network].
2562 * Note that address_detach() will drop the address from addresses_by_section. */
2563 address_detach(address);
2564 continue;
2565 }
2566
2567 /* Always use the setting specified later. So, remove the previously assigned setting. */
2568 dup = set_remove(addresses, address);
2569 if (dup) {
2570 log_warning("%s: Duplicated address %s is specified at line %u and %u, "
2571 "dropping the address setting specified at line %u.",
2572 dup->section->filename,
2573 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen),
2574 address->section->line,
2575 dup->section->line, dup->section->line);
2576
2577 /* address_detach() will drop the address from addresses_by_section. */
2578 address_detach(dup);
2579 }
2580
2581 /* Use address_hash_ops, instead of address_hash_ops_detach. Otherwise, the Address objects
2582 * will be detached. */
2583 r = set_ensure_put(&addresses, &address_hash_ops, address);
2584 if (r < 0)
2585 return log_oom();
2586 assert(r > 0);
2587 }
2588
2589 r = network_adjust_dhcp_server(network, &addresses);
2590 if (r < 0)
2591 return r;
2592
2593 return 0;
2594 }
2595
2596 int config_parse_address_ip_nft_set(
2597 const char *unit,
2598 const char *filename,
2599 unsigned line,
2600 const char *section,
2601 unsigned section_line,
2602 const char *lvalue,
2603 int ltype,
2604 const char *rvalue,
2605 void *data,
2606 void *userdata) {
2607
2608 Network *network = userdata;
2609 _cleanup_(address_unref_or_set_invalidp) Address *n = NULL;
2610 int r;
2611
2612 assert(filename);
2613 assert(lvalue);
2614 assert(rvalue);
2615 assert(network);
2616
2617 r = address_new_static(network, filename, section_line, &n);
2618 if (r == -ENOMEM)
2619 return log_oom();
2620 if (r < 0) {
2621 log_syntax(unit, LOG_WARNING, filename, line, r,
2622 "Failed to allocate a new address, ignoring assignment: %m");
2623 return 0;
2624 }
2625
2626 r = config_parse_nft_set(unit, filename, line, section, section_line, lvalue, ltype, rvalue, &n->nft_set_context, network);
2627 if (r < 0)
2628 return r;
2629
2630 TAKE_PTR(n);
2631 return 0;
2632 }
Unnamed repository; edit this file 'description' to name the repository.