]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/network/networkd-address.c
projects / thirdparty / systemd.git / blob
? search:


15c5f883e1b11209c121e3eb0c54901d7b551914
[thirdparty/systemd.git] / src / network / networkd-address.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <net/if.h>
4 #include <stdio.h>
5
6 #include "sd-event.h"
7 #include "sd-netlink.h"
8
9 #include "af-list.h"
10 #include "alloc-util.h"
11 #include "bitfield.h"
12 #include "conf-parser.h"
13 #include "errno-util.h"
14 #include "firewall-util.h"
15 #include "in-addr-prefix-util.h"
16 #include "logarithm.h"
17 #include "netlink-util.h"
18 #include "networkd-address-generation.h"
19 #include "networkd-address.h"
20 #include "networkd-address-pool.h"
21 #include "networkd-dhcp-prefix-delegation.h"
22 #include "networkd-dhcp-server.h"
23 #include "networkd-ipv4acd.h"
24 #include "networkd-link.h"
25 #include "networkd-manager.h"
26 #include "networkd-ndisc.h"
27 #include "networkd-netlabel.h"
28 #include "networkd-network.h"
29 #include "networkd-queue.h"
30 #include "networkd-route.h"
31 #include "networkd-route-util.h"
32 #include "ordered-set.h"
33 #include "parse-util.h"
34 #include "set.h"
35 #include "siphash24.h"
36 #include "socket-util.h"
37 #include "string-util.h"
38 #include "strv.h"
39
40 #define ADDRESSES_PER_LINK_MAX 16384U
41 #define STATIC_ADDRESSES_PER_NETWORK_MAX 8192U
42
43 #define KNOWN_FLAGS \
44 (IFA_F_SECONDARY | \
45 IFA_F_NODAD | \
46 IFA_F_OPTIMISTIC | \
47 IFA_F_DADFAILED | \
48 IFA_F_HOMEADDRESS | \
49 IFA_F_DEPRECATED | \
50 IFA_F_TENTATIVE | \
51 IFA_F_PERMANENT | \
52 IFA_F_MANAGETEMPADDR | \
53 IFA_F_NOPREFIXROUTE | \
54 IFA_F_MCAUTOJOIN | \
55 IFA_F_STABLE_PRIVACY)
56
57 /* From net/ipv4/devinet.c */
58 #define IPV6ONLY_FLAGS \
59 (IFA_F_NODAD | \
60 IFA_F_OPTIMISTIC | \
61 IFA_F_DADFAILED | \
62 IFA_F_HOMEADDRESS | \
63 IFA_F_TENTATIVE | \
64 IFA_F_MANAGETEMPADDR | \
65 IFA_F_STABLE_PRIVACY)
66
67 /* We do not control the following flags. */
68 #define UNMANAGED_FLAGS \
69 (IFA_F_SECONDARY | \
70 IFA_F_DADFAILED | \
71 IFA_F_DEPRECATED | \
72 IFA_F_TENTATIVE | \
73 IFA_F_PERMANENT | \
74 IFA_F_STABLE_PRIVACY)
75
76 int address_flags_to_string_alloc(uint32_t flags, int family, char **ret) {
77 _cleanup_free_ char *str = NULL;
78 static const char* map[] = {
79 [LOG2U(IFA_F_SECONDARY)] = "secondary", /* This is also called "temporary" for ipv6. */
80 [LOG2U(IFA_F_NODAD)] = "nodad",
81 [LOG2U(IFA_F_OPTIMISTIC)] = "optimistic",
82 [LOG2U(IFA_F_DADFAILED)] = "dadfailed",
83 [LOG2U(IFA_F_HOMEADDRESS)] = "home-address",
84 [LOG2U(IFA_F_DEPRECATED)] = "deprecated",
85 [LOG2U(IFA_F_TENTATIVE)] = "tentative",
86 [LOG2U(IFA_F_PERMANENT)] = "permanent",
87 [LOG2U(IFA_F_MANAGETEMPADDR)] = "manage-temporary-address",
88 [LOG2U(IFA_F_NOPREFIXROUTE)] = "no-prefixroute",
89 [LOG2U(IFA_F_MCAUTOJOIN)] = "auto-join",
90 [LOG2U(IFA_F_STABLE_PRIVACY)] = "stable-privacy",
91 };
92
93 assert(IN_SET(family, AF_INET, AF_INET6));
94 assert(ret);
95
96 for (size_t i = 0; i < ELEMENTSOF(map); i++)
97 if (BIT_SET(flags, i) && map[i])
98 if (!strextend_with_separator(
99 &str, ",",
100 family == AF_INET6 && (1 << i) == IFA_F_SECONDARY ? "temporary" : map[i]))
101 return -ENOMEM;
102
103 *ret = TAKE_PTR(str);
104 return 0;
105 }
106
107 static LinkAddressState address_state_from_scope(uint8_t scope) {
108 if (scope < RT_SCOPE_SITE)
109 /* universally accessible addresses found */
110 return LINK_ADDRESS_STATE_ROUTABLE;
111
112 if (scope < RT_SCOPE_HOST)
113 /* only link or site local addresses found */
114 return LINK_ADDRESS_STATE_DEGRADED;
115
116 /* no useful addresses found */
117 return LINK_ADDRESS_STATE_OFF;
118 }
119
120 void link_get_address_states(
121 Link *link,
122 LinkAddressState *ret_ipv4,
123 LinkAddressState *ret_ipv6,
124 LinkAddressState *ret_all) {
125
126 uint8_t ipv4_scope = RT_SCOPE_NOWHERE, ipv6_scope = RT_SCOPE_NOWHERE;
127 Address *address;
128
129 assert(link);
130
131 SET_FOREACH(address, link->addresses) {
132 if (!address_is_ready(address))
133 continue;
134
135 if (address->family == AF_INET)
136 ipv4_scope = MIN(ipv4_scope, address->scope);
137
138 if (address->family == AF_INET6)
139 ipv6_scope = MIN(ipv6_scope, address->scope);
140 }
141
142 if (ret_ipv4)
143 *ret_ipv4 = address_state_from_scope(ipv4_scope);
144 if (ret_ipv6)
145 *ret_ipv6 = address_state_from_scope(ipv6_scope);
146 if (ret_all)
147 *ret_all = address_state_from_scope(MIN(ipv4_scope, ipv6_scope));
148 }
149
150 static void address_detach(Address *address);
151
152 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
153 address_hash_ops_detach,
154 Address,
155 address_hash_func,
156 address_compare_func,
157 address_detach);
158
159 DEFINE_HASH_OPS(
160 address_hash_ops,
161 Address,
162 address_hash_func,
163 address_compare_func);
164
165 DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
166 address_section_hash_ops,
167 ConfigSection,
168 config_section_hash_func,
169 config_section_compare_func,
170 Address,
171 address_detach);
172
173 int address_new(Address **ret) {
174 _cleanup_(address_unrefp) Address *address = NULL;
175
176 address = new(Address, 1);
177 if (!address)
178 return -ENOMEM;
179
180 *address = (Address) {
181 .n_ref = 1,
182 .family = AF_UNSPEC,
183 .scope = RT_SCOPE_UNIVERSE,
184 .lifetime_valid_usec = USEC_INFINITY,
185 .lifetime_preferred_usec = USEC_INFINITY,
186 .set_broadcast = -1,
187 };
188
189 *ret = TAKE_PTR(address);
190
191 return 0;
192 }
193
194 int address_new_static(Network *network, const char *filename, unsigned section_line, Address **ret) {
195 _cleanup_(config_section_freep) ConfigSection *n = NULL;
196 _cleanup_(address_unrefp) Address *address = NULL;
197 int r;
198
199 assert(network);
200 assert(ret);
201 assert(filename);
202 assert(section_line > 0);
203
204 r = config_section_new(filename, section_line, &n);
205 if (r < 0)
206 return r;
207
208 address = ordered_hashmap_get(network->addresses_by_section, n);
209 if (address) {
210 *ret = TAKE_PTR(address);
211 return 0;
212 }
213
214 if (ordered_hashmap_size(network->addresses_by_section) >= STATIC_ADDRESSES_PER_NETWORK_MAX)
215 return -E2BIG;
216
217 r = address_new(&address);
218 if (r < 0)
219 return r;
220
221 address->network = network;
222 address->section = TAKE_PTR(n);
223 address->source = NETWORK_CONFIG_SOURCE_STATIC;
224 /* This will be adjusted in address_section_verify(). */
225 address->duplicate_address_detection = _ADDRESS_FAMILY_INVALID;
226
227 r = ordered_hashmap_ensure_put(&network->addresses_by_section, &address_section_hash_ops, address->section, address);
228 if (r < 0)
229 return r;
230
231 *ret = TAKE_PTR(address);
232 return 0;
233 }
234
235 static Address* address_detach_impl(Address *address) {
236 assert(address);
237 assert(!address->link || !address->network);
238
239 if (address->network) {
240 assert(address->section);
241 ordered_hashmap_remove(address->network->addresses_by_section, address->section);
242
243 if (address->network->dhcp_server_address == address)
244 address->network->dhcp_server_address = NULL;
245
246 address->network = NULL;
247 return address;
248 }
249
250 if (address->link) {
251 set_remove(address->link->addresses, address);
252
253 address->link = NULL;
254 return address;
255 }
256
257 return NULL;
258 }
259
260 static void address_detach(Address *address) {
261 assert(address);
262
263 address_unref(address_detach_impl(address));
264 }
265
266 static Address* address_free(Address *address) {
267 if (!address)
268 return NULL;
269
270 address_detach_impl(address);
271
272 config_section_free(address->section);
273 free(address->label);
274 free(address->netlabel);
275 ipv6_token_unref(address->token);
276 nft_set_context_clear(&address->nft_set_context);
277 return mfree(address);
278 }
279
280 DEFINE_TRIVIAL_REF_UNREF_FUNC(Address, address, address_free);
281
282 static bool address_lifetime_is_valid(const Address *a) {
283 assert(a);
284
285 return
286 a->lifetime_valid_usec == USEC_INFINITY ||
287 a->lifetime_valid_usec > now(CLOCK_BOOTTIME);
288 }
289
290 bool address_is_ready(const Address *a) {
291 assert(a);
292 assert(a->link);
293
294 if (!ipv4acd_bound(a->link, a))
295 return false;
296
297 if (FLAGS_SET(a->flags, IFA_F_TENTATIVE))
298 return false;
299
300 if (FLAGS_SET(a->state, NETWORK_CONFIG_STATE_REMOVING))
301 return false;
302
303 if (!FLAGS_SET(a->state, NETWORK_CONFIG_STATE_CONFIGURED))
304 return false;
305
306 return address_lifetime_is_valid(a);
307 }
308
309 bool link_check_addresses_ready(Link *link, NetworkConfigSource source) {
310 Address *a;
311 bool has = false;
312
313 assert(link);
314
315 /* Check if all addresses on the interface are ready. If there is no address, this will return false. */
316
317 SET_FOREACH(a, link->addresses) {
318 if (source >= 0 && a->source != source)
319 continue;
320 if (address_is_marked(a))
321 continue;
322 if (!address_exists(a))
323 continue;
324 if (!address_is_ready(a))
325 return false;
326 has = true;
327 }
328
329 if (has || source != NETWORK_CONFIG_SOURCE_DHCP6)
330 return has;
331
332 /* If there is no DHCPv6 addresses, but all conflicting addresses are successfully configured, then
333 * let's handle the DHCPv6 client successfully configured addresses. Otherwise, if the conflicted
334 * addresses are static or foreign, and there is no other dynamic addressing protocol enabled, then
335 * the link will never enter the configured state. See also link_check_ready(). */
336 SET_FOREACH(a, link->addresses) {
337 if (source >= 0 && a->source == NETWORK_CONFIG_SOURCE_DHCP6)
338 continue;
339 if (!a->also_requested_by_dhcp6)
340 continue;
341 if (address_is_marked(a))
342 continue;
343 if (!address_exists(a))
344 continue;
345 if (!address_is_ready(a))
346 return false;
347 has = true;
348 }
349
350 return has;
351 }
352
353 void link_mark_addresses(Link *link, NetworkConfigSource source) {
354 Address *a;
355
356 assert(link);
357
358 SET_FOREACH(a, link->addresses) {
359 if (a->source != source)
360 continue;
361
362 address_mark(a);
363 }
364 }
365
366 static int address_get_broadcast(const Address *a, Link *link, struct in_addr *ret) {
367 struct in_addr b_addr = {};
368
369 assert(a);
370 assert(link);
371
372 /* Returns 0 when broadcast address is null, 1 when non-null broadcast address, -EAGAIN when the main
373 * address is null. */
374
375 /* broadcast is only for IPv4. */
376 if (a->family != AF_INET)
377 goto finalize;
378
379 /* broadcast address cannot be used when peer address is specified. */
380 if (in4_addr_is_set(&a->in_addr_peer.in))
381 goto finalize;
382
383 /* A /31 or /32 IPv4 address does not have a broadcast address.
384 * See https://tools.ietf.org/html/rfc3021 */
385 if (a->prefixlen > 30)
386 goto finalize;
387
388 /* If explicitly configured, use the address as is. */
389 if (in4_addr_is_set(&a->broadcast)) {
390 b_addr = a->broadcast;
391 goto finalize;
392 }
393
394 /* If explicitly disabled, then return null address. */
395 if (a->set_broadcast == 0)
396 goto finalize;
397
398 /* For wireguard interfaces, broadcast is disabled by default. */
399 if (a->set_broadcast < 0 && streq_ptr(link->kind, "wireguard"))
400 goto finalize;
401
402 /* If the main address is null, e.g. Address=0.0.0.0/24, the broadcast address will be automatically
403 * determined after an address is acquired. */
404 if (!in4_addr_is_set(&a->in_addr.in))
405 return -EAGAIN;
406
407 /* Otherwise, generate a broadcast address from the main address and prefix length. */
408 b_addr.s_addr = a->in_addr.in.s_addr | htobe32(UINT32_C(0xffffffff) >> a->prefixlen);
409
410 finalize:
411 if (ret)
412 *ret = b_addr;
413
414 return in4_addr_is_set(&b_addr);
415 }
416
417 static void address_set_broadcast(Address *a, Link *link) {
418 assert(a);
419 assert_se(address_get_broadcast(a, link, &a->broadcast) >= 0);
420 }
421
422 static void address_set_cinfo(Manager *m, const Address *a, struct ifa_cacheinfo *cinfo) {
423 usec_t now_usec;
424
425 assert(m);
426 assert(a);
427 assert(cinfo);
428
429 assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0);
430
431 *cinfo = (struct ifa_cacheinfo) {
432 .ifa_valid = usec_to_sec(a->lifetime_valid_usec, now_usec),
433 .ifa_prefered = usec_to_sec(a->lifetime_preferred_usec, now_usec),
434 };
435 }
436
437 static void address_set_lifetime(Manager *m, Address *a, const struct ifa_cacheinfo *cinfo) {
438 usec_t now_usec;
439
440 assert(m);
441 assert(a);
442 assert(cinfo);
443
444 assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0);
445
446 a->lifetime_valid_usec = sec_to_usec(cinfo->ifa_valid, now_usec);
447 a->lifetime_preferred_usec = sec_to_usec(cinfo->ifa_prefered, now_usec);
448 }
449
450 static bool address_is_static_null(const Address *address) {
451 assert(address);
452
453 if (!address->network)
454 return false;
455
456 if (!address->requested_as_null)
457 return false;
458
459 assert(!in_addr_is_set(address->family, &address->in_addr));
460 return true;
461 }
462
463 static int address_ipv4_prefix(const Address *a, struct in_addr *ret) {
464 struct in_addr p;
465 int r;
466
467 assert(a);
468 assert(a->family == AF_INET);
469 assert(ret);
470
471 p = in4_addr_is_set(&a->in_addr_peer.in) ? a->in_addr_peer.in : a->in_addr.in;
472 r = in4_addr_mask(&p, a->prefixlen);
473 if (r < 0)
474 return r;
475
476 *ret = p;
477 return 0;
478 }
479
480 void address_hash_func(const Address *a, struct siphash *state) {
481 assert(a);
482
483 siphash24_compress_typesafe(a->family, state);
484
485 switch (a->family) {
486 case AF_INET: {
487 struct in_addr prefix;
488
489 siphash24_compress_typesafe(a->prefixlen, state);
490
491 assert_se(address_ipv4_prefix(a, &prefix) >= 0);
492 siphash24_compress_typesafe(prefix, state);
493
494 siphash24_compress_typesafe(a->in_addr.in, state);
495 break;
496 }
497 case AF_INET6:
498 siphash24_compress_typesafe(a->in_addr.in6, state);
499
500 if (in6_addr_is_null(&a->in_addr.in6))
501 siphash24_compress_typesafe(a->prefixlen, state);
502 break;
503
504 default:
505 assert_not_reached();
506 }
507 }
508
509 int address_compare_func(const Address *a1, const Address *a2) {
510 int r;
511
512 r = CMP(a1->family, a2->family);
513 if (r != 0)
514 return r;
515
516 switch (a1->family) {
517 case AF_INET: {
518 struct in_addr p1, p2;
519
520 /* See kernel's find_matching_ifa() in net/ipv4/devinet.c */
521 r = CMP(a1->prefixlen, a2->prefixlen);
522 if (r != 0)
523 return r;
524
525 assert_se(address_ipv4_prefix(a1, &p1) >= 0);
526 assert_se(address_ipv4_prefix(a2, &p2) >= 0);
527 r = memcmp(&p1, &p2, sizeof(p1));
528 if (r != 0)
529 return r;
530
531 return memcmp(&a1->in_addr.in, &a2->in_addr.in, sizeof(a1->in_addr.in));
532 }
533 case AF_INET6:
534 /* See kernel's ipv6_get_ifaddr() in net/ipv6/addrconf.c */
535 r = memcmp(&a1->in_addr.in6, &a2->in_addr.in6, sizeof(a1->in_addr.in6));
536 if (r != 0)
537 return r;
538
539 /* To distinguish IPv6 null addresses with different prefixlen, e.g. ::48 vs ::64, let's
540 * compare the prefix length. */
541 if (in6_addr_is_null(&a1->in_addr.in6))
542 r = CMP(a1->prefixlen, a2->prefixlen);
543
544 return r;
545
546 default:
547 assert_not_reached();
548 }
549 }
550
551 bool address_can_update(const Address *existing, const Address *requesting) {
552 assert(existing);
553 assert(requesting);
554
555 /*
556 * property | IPv4 | IPv6
557 * -----------------------------------------
558 * family | ✗ | ✗
559 * prefixlen | ✗ | ✗
560 * address | ✗ | ✗
561 * scope | ✗ | -
562 * label | ✗ | -
563 * broadcast | ✗ | -
564 * peer | ✗ | ✓
565 * flags | ✗ | ✓
566 * lifetime | ✓ | ✓
567 * route metric | ✓ | ✓
568 * protocol | ✓ | ✓
569 *
570 * ✗ : cannot be changed
571 * ✓ : can be changed
572 * - : unused
573 *
574 * IPv4 : See inet_rtm_newaddr() in net/ipv4/devinet.c.
575 * IPv6 : See inet6_addr_modify() in net/ipv6/addrconf.c.
576 */
577
578 if (existing->family != requesting->family)
579 return false;
580
581 if (existing->prefixlen != requesting->prefixlen)
582 return false;
583
584 /* When a null address is requested, the address to be assigned/updated will be determined later. */
585 if (!address_is_static_null(requesting) &&
586 in_addr_equal(existing->family, &existing->in_addr, &requesting->in_addr) <= 0)
587 return false;
588
589 switch (existing->family) {
590 case AF_INET: {
591 struct in_addr bcast;
592
593 if (existing->scope != requesting->scope)
594 return false;
595 if (((existing->flags ^ requesting->flags) & KNOWN_FLAGS & ~IPV6ONLY_FLAGS & ~UNMANAGED_FLAGS) != 0)
596 return false;
597 if (!streq_ptr(existing->label, requesting->label))
598 return false;
599 if (!in4_addr_equal(&existing->in_addr_peer.in, &requesting->in_addr_peer.in))
600 return false;
601 if (existing->link && address_get_broadcast(requesting, existing->link, &bcast) >= 0) {
602 /* If the broadcast address can be determined now, check if they match. */
603 if (!in4_addr_equal(&existing->broadcast, &bcast))
604 return false;
605 } else {
606 /* When a null address is requested, then the broadcast address will be
607 * automatically calculated from the acquired address, e.g.
608 * 192.168.0.10/24 -> 192.168.0.255
609 * So, here let's only check if the broadcast is the last address in the range, e.g.
610 * 0.0.0.0/24 -> 0.0.0.255 */
611 if (!FLAGS_SET(existing->broadcast.s_addr, htobe32(UINT32_C(0xffffffff) >> existing->prefixlen)))
612 return false;
613 }
614 break;
615 }
616 case AF_INET6:
617 break;
618
619 default:
620 assert_not_reached();
621 }
622
623 return true;
624 }
625
626 int address_dup(const Address *src, Address **ret) {
627 _cleanup_(address_unrefp) Address *dest = NULL;
628 int r;
629
630 assert(src);
631 assert(ret);
632
633 dest = newdup(Address, src, 1);
634 if (!dest)
635 return -ENOMEM;
636
637 /* clear the reference counter and all pointers */
638 dest->n_ref = 1;
639 dest->network = NULL;
640 dest->section = NULL;
641 dest->link = NULL;
642 dest->label = NULL;
643 dest->token = ipv6_token_ref(src->token);
644 dest->netlabel = NULL;
645 dest->nft_set_context.sets = NULL;
646 dest->nft_set_context.n_sets = 0;
647
648 if (src->family == AF_INET) {
649 r = strdup_to(&dest->label, src->label);
650 if (r < 0)
651 return r;
652 }
653
654 r = strdup_to(&dest->netlabel, src->netlabel);
655 if (r < 0)
656 return r;
657
658 r = nft_set_context_dup(&src->nft_set_context, &dest->nft_set_context);
659 if (r < 0)
660 return r;
661
662 *ret = TAKE_PTR(dest);
663 return 0;
664 }
665
666 static int address_set_masquerade(Address *address, bool add) {
667 union in_addr_union masked;
668 int r;
669
670 assert(address);
671 assert(address->link);
672
673 if (!address->link->network)
674 return 0;
675
676 if (!FLAGS_SET(address->link->network->ip_masquerade, AF_TO_ADDRESS_FAMILY(address->family)))
677 return 0;
678
679 if (address->scope >= RT_SCOPE_LINK)
680 return 0;
681
682 if (address->ip_masquerade_done == add)
683 return 0;
684
685 masked = address->in_addr;
686 r = in_addr_mask(address->family, &masked, address->prefixlen);
687 if (r < 0)
688 return r;
689
690 r = fw_add_masquerade(&address->link->manager->fw_ctx, add, address->family, &masked, address->prefixlen);
691 if (r < 0)
692 return r;
693
694 address->ip_masquerade_done = add;
695
696 return 0;
697 }
698
699 static void address_modify_nft_set_context(Address *address, bool add, NFTSetContext *nft_set_context) {
700 int r;
701
702 assert(address);
703 assert(address->link);
704 assert(address->link->manager);
705 assert(nft_set_context);
706
707 if (!address->link->manager->fw_ctx) {
708 r = fw_ctx_new_full(&address->link->manager->fw_ctx, /* init_tables= */ false);
709 if (r < 0)
710 return;
711 }
712
713 FOREACH_ARRAY(nft_set, nft_set_context->sets, nft_set_context->n_sets) {
714 uint32_t ifindex;
715
716 assert(nft_set);
717
718 switch (nft_set->source) {
719 case NFT_SET_SOURCE_ADDRESS:
720 r = nft_set_element_modify_ip(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set,
721 &address->in_addr);
722 break;
723 case NFT_SET_SOURCE_PREFIX:
724 r = nft_set_element_modify_iprange(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set,
725 &address->in_addr, address->prefixlen);
726 break;
727 case NFT_SET_SOURCE_IFINDEX:
728 ifindex = address->link->ifindex;
729 r = nft_set_element_modify_any(address->link->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set,
730 &ifindex, sizeof(ifindex));
731 break;
732 default:
733 assert_not_reached();
734 }
735
736 if (r < 0)
737 log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m",
738 add ? "add" : "delete",
739 nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
740 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
741 else
742 log_debug("%s NFT set: family %s, table %s, set %s, IP address %s",
743 add ? "Added" : "Deleted",
744 nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
745 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
746 }
747 }
748
749 static void address_modify_nft_set(Address *address, bool add) {
750 assert(address);
751 assert(address->link);
752
753 if (!IN_SET(address->family, AF_INET, AF_INET6))
754 return;
755
756 if (!address->link->network)
757 return;
758
759 switch (address->source) {
760 case NETWORK_CONFIG_SOURCE_DHCP4:
761 return address_modify_nft_set_context(address, add, &address->link->network->dhcp_nft_set_context);
762 case NETWORK_CONFIG_SOURCE_DHCP6:
763 return address_modify_nft_set_context(address, add, &address->link->network->dhcp6_nft_set_context);
764 case NETWORK_CONFIG_SOURCE_DHCP_PD:
765 return address_modify_nft_set_context(address, add, &address->link->network->dhcp_pd_nft_set_context);
766 case NETWORK_CONFIG_SOURCE_NDISC:
767 return address_modify_nft_set_context(address, add, &address->link->network->ndisc_nft_set_context);
768 case NETWORK_CONFIG_SOURCE_STATIC:
769 return address_modify_nft_set_context(address, add, &address->nft_set_context);
770 default:
771 return;
772 }
773 }
774
775 static int address_attach(Link *link, Address *address) {
776 int r;
777
778 assert(link);
779 assert(address);
780 assert(!address->link);
781
782 r = set_ensure_put(&link->addresses, &address_hash_ops_detach, address);
783 if (r < 0)
784 return r;
785 if (r == 0)
786 return -EEXIST;
787
788 address->link = link;
789 address_ref(address);
790 return 0;
791 }
792
793 static int address_update(Address *address) {
794 Link *link = ASSERT_PTR(ASSERT_PTR(address)->link);
795 int r;
796
797 if (address_is_ready(address) &&
798 address->family == AF_INET6 &&
799 in6_addr_is_link_local(&address->in_addr.in6) &&
800 in6_addr_is_null(&link->ipv6ll_address)) {
801
802 link->ipv6ll_address = address->in_addr.in6;
803
804 r = link_ipv6ll_gained(link);
805 if (r < 0)
806 return r;
807 }
808
809 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
810 return 0;
811
812 r = address_set_masquerade(address, /* add = */ true);
813 if (r < 0)
814 return log_link_warning_errno(link, r, "Could not enable IP masquerading: %m");
815
816 address_add_netlabel(address);
817
818 address_modify_nft_set(address, /* add = */ true);
819
820 if (address_is_ready(address) && address->callback) {
821 r = address->callback(address);
822 if (r < 0)
823 return r;
824 }
825
826 link_update_operstate(link, /* also_update_bond_master = */ true);
827 link_check_ready(link);
828 return 0;
829 }
830
831 static int address_removed_maybe_kernel_dad(Link *link, Address *address) {
832 int r;
833
834 assert(link);
835 assert(address);
836
837 if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED))
838 return 0;
839
840 if (address->family != AF_INET6)
841 return 0;
842
843 if (!FLAGS_SET(address->flags, IFA_F_TENTATIVE))
844 return 0;
845
846 log_link_info(link, "Address %s with tentative flag is removed, maybe a duplicated address is assigned on another node or link?",
847 IN6_ADDR_TO_STRING(&address->in_addr.in6));
848
849 /* Reset the address state, as the object may be reused in the below. */
850 address->state = 0;
851
852 switch (address->source) {
853 case NETWORK_CONFIG_SOURCE_STATIC:
854 r = link_reconfigure_radv_address(address, link);
855 break;
856 case NETWORK_CONFIG_SOURCE_DHCP_PD:
857 r = dhcp_pd_reconfigure_address(address, link);
858 break;
859 case NETWORK_CONFIG_SOURCE_NDISC:
860 r = ndisc_reconfigure_address(address, link);
861 break;
862 default:
863 r = 0;
864 }
865 if (r < 0)
866 return log_link_warning_errno(link, r, "Failed to configure an alternative address: %m");
867
868 return 0;
869 }
870
871 static int address_drop(Address *in, bool removed_by_us) {
872 _cleanup_(address_unrefp) Address *address = address_ref(ASSERT_PTR(in));
873 Link *link = ASSERT_PTR(address->link);
874 int r;
875
876 r = address_set_masquerade(address, /* add = */ false);
877 if (r < 0)
878 log_link_warning_errno(link, r, "Failed to disable IP masquerading, ignoring: %m");
879
880 address_modify_nft_set(address, /* add = */ false);
881
882 address_del_netlabel(address);
883
884 /* FIXME: if the IPv6LL address is dropped, stop DHCPv6, NDISC, RADV. */
885 if (address->family == AF_INET6 &&
886 in6_addr_equal(&address->in_addr.in6, &link->ipv6ll_address))
887 link->ipv6ll_address = (const struct in6_addr) {};
888
889 ipv4acd_detach(link, address);
890
891 address_detach(address);
892
893 if (!removed_by_us) {
894 r = address_removed_maybe_kernel_dad(link, address);
895 if (r < 0) {
896 link_enter_failed(link);
897 return r;
898 }
899 }
900
901 link_update_operstate(link, /* also_update_bond_master = */ true);
902 link_check_ready(link);
903 return 0;
904 }
905
906 static bool address_match_null(const Address *a, const Address *null_address) {
907 assert(a);
908 assert(null_address);
909
910 if (!a->requested_as_null)
911 return false;
912
913 /* Currently, null address is supported only by static addresses. Note that static
914 * address may be set as foreign during reconfiguring the interface. */
915 if (!IN_SET(a->source, NETWORK_CONFIG_SOURCE_FOREIGN, NETWORK_CONFIG_SOURCE_STATIC))
916 return false;
917
918 if (a->family != null_address->family)
919 return false;
920
921 if (a->prefixlen != null_address->prefixlen)
922 return false;
923
924 return true;
925 }
926
927 static int address_get_request(Link *link, const Address *address, Request **ret) {
928 Request *req;
929
930 assert(link);
931 assert(link->manager);
932 assert(address);
933
934 req = ordered_set_get(
935 link->manager->request_queue,
936 &(Request) {
937 .link = link,
938 .type = REQUEST_TYPE_ADDRESS,
939 .userdata = (void*) address,
940 .hash_func = (hash_func_t) address_hash_func,
941 .compare_func = (compare_func_t) address_compare_func,
942 });
943 if (req) {
944 if (ret)
945 *ret = req;
946 return 0;
947 }
948
949 if (address_is_static_null(address))
950 ORDERED_SET_FOREACH(req, link->manager->request_queue) {
951 if (req->link != link)
952 continue;
953 if (req->type != REQUEST_TYPE_ADDRESS)
954 continue;
955
956 if (!address_match_null(req->userdata, address))
957 continue;
958
959 if (ret)
960 *ret = req;
961
962 return 0;
963 }
964
965 return -ENOENT;
966 }
967
968 int address_get(Link *link, const Address *in, Address **ret) {
969 Address *a;
970
971 assert(link);
972 assert(in);
973
974 a = set_get(link->addresses, in);
975 if (a) {
976 if (ret)
977 *ret = a;
978 return 0;
979 }
980
981 /* Find matching address that originally requested as null address. */
982 if (address_is_static_null(in))
983 SET_FOREACH(a, link->addresses) {
984 if (!address_match_null(a, in))
985 continue;
986
987 if (ret)
988 *ret = a;
989 return 0;
990 }
991
992 return -ENOENT;
993 }
994
995 int address_get_harder(Link *link, const Address *in, Address **ret) {
996 Request *req;
997 int r;
998
999 assert(link);
1000 assert(in);
1001
1002 if (address_get(link, in, ret) >= 0)
1003 return 0;
1004
1005 r = address_get_request(link, in, &req);
1006 if (r < 0)
1007 return r;
1008
1009 if (ret)
1010 *ret = ASSERT_PTR(req->userdata);
1011
1012 return 0;
1013 }
1014
1015 int link_get_address_full(
1016 Link *link,
1017 int family,
1018 const union in_addr_union *address,
1019 const union in_addr_union *peer, /* optional, can be NULL */
1020 unsigned char prefixlen, /* optional, can be 0 */
1021 Address **ret) {
1022
1023 Address *a;
1024 int r;
1025
1026 assert(link);
1027 assert(IN_SET(family, AF_INET, AF_INET6));
1028 assert(address);
1029
1030 /* This finds an Address object on the link which matches the given address, peer, and prefix length.
1031 * If the prefixlen is zero, then an Address object with an arbitrary prefixlen will be returned.
1032 * If the peer is NULL, then an Address object with an arbitrary peer will be returned. */
1033
1034 if (family == AF_INET6 || (prefixlen != 0 && peer)) {
1035 _cleanup_(address_unrefp) Address *tmp = NULL;
1036
1037 /* In this case, we can use address_get(). */
1038
1039 r = address_new(&tmp);
1040 if (r < 0)
1041 return r;
1042
1043 tmp->family = family;
1044 tmp->in_addr = *address;
1045 if (peer)
1046 tmp->in_addr_peer = *peer;
1047 tmp->prefixlen = prefixlen;
1048
1049 r = address_get(link, tmp, &a);
1050 if (r < 0)
1051 return r;
1052
1053 if (family == AF_INET6) {
1054 /* IPv6 addresses are managed without peer address and prefix length. Hence, we need
1055 * to check them explicitly. */
1056 if (peer && !in_addr_equal(family, &a->in_addr_peer, peer))
1057 return -ENOENT;
1058 if (prefixlen != 0 && a->prefixlen != prefixlen)
1059 return -ENOENT;
1060 }
1061
1062 if (ret)
1063 *ret = a;
1064
1065 return 0;
1066 }
1067
1068 SET_FOREACH(a, link->addresses) {
1069 if (a->family != family)
1070 continue;
1071
1072 if (!in_addr_equal(family, &a->in_addr, address))
1073 continue;
1074
1075 if (peer && !in_addr_equal(family, &a->in_addr_peer, peer))
1076 continue;
1077
1078 if (prefixlen != 0 && a->prefixlen != prefixlen)
1079 continue;
1080
1081 if (ret)
1082 *ret = a;
1083
1084 return 0;
1085 }
1086
1087 return -ENOENT;
1088 }
1089
1090 int manager_get_address_full(
1091 Manager *manager,
1092 int family,
1093 const union in_addr_union *address,
1094 const union in_addr_union *peer,
1095 unsigned char prefixlen,
1096 Address **ret) {
1097
1098 Link *link;
1099
1100 assert(manager);
1101 assert(IN_SET(family, AF_INET, AF_INET6));
1102 assert(address);
1103
1104 HASHMAP_FOREACH(link, manager->links_by_index) {
1105 if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED))
1106 continue;
1107
1108 if (link_get_address_full(link, family, address, peer, prefixlen, ret) >= 0)
1109 return 0;
1110 }
1111
1112 return -ENOENT;
1113 }
1114
1115 const char* format_lifetime(char *buf, size_t l, usec_t lifetime_usec) {
1116 assert(buf);
1117 assert(l > 4);
1118
1119 if (lifetime_usec == USEC_INFINITY)
1120 return "forever";
1121
1122 sprintf(buf, "for ");
1123 /* format_timespan() never fails */
1124 assert_se(format_timespan(buf + 4, l - 4, usec_sub_unsigned(lifetime_usec, now(CLOCK_BOOTTIME)), USEC_PER_SEC));
1125 return buf;
1126 }
1127
1128 void log_address_debug(const Address *address, const char *str, const Link *link) {
1129 _cleanup_free_ char *state = NULL, *flags_str = NULL, *scope_str = NULL;
1130
1131 assert(address);
1132 assert(str);
1133 assert(link);
1134
1135 if (!DEBUG_LOGGING)
1136 return;
1137
1138 (void) network_config_state_to_string_alloc(address->state, &state);
1139
1140 const char *peer = in_addr_is_set(address->family, &address->in_addr_peer) ?
1141 IN_ADDR_TO_STRING(address->family, &address->in_addr_peer) : NULL;
1142
1143 const char *broadcast = (address->family == AF_INET && in4_addr_is_set(&address->broadcast)) ?
1144 IN4_ADDR_TO_STRING(&address->broadcast) : NULL;
1145
1146 (void) address_flags_to_string_alloc(address->flags, address->family, &flags_str);
1147 (void) route_scope_to_string_alloc(address->scope, &scope_str);
1148
1149 log_link_debug(link, "%s %s address (%s): %s%s%s/%u%s%s (valid %s, preferred %s), flags: %s, scope: %s%s%s",
1150 str, strna(network_config_source_to_string(address->source)), strna(state),
1151 IN_ADDR_TO_STRING(address->family, &address->in_addr),
1152 peer ? " peer " : "", strempty(peer), address->prefixlen,
1153 broadcast ? " broadcast " : "", strempty(broadcast),
1154 FORMAT_LIFETIME(address->lifetime_valid_usec),
1155 FORMAT_LIFETIME(address->lifetime_preferred_usec),
1156 strna(flags_str), strna(scope_str),
1157 address->family == AF_INET ? ", label: " : "",
1158 address->family == AF_INET ? strna(address->label) : "");
1159 }
1160
1161 static void address_forget(Link *link, Address *address, bool removed_by_us, const char *msg) {
1162 assert(link);
1163 assert(address);
1164 assert(msg);
1165
1166 Request *req;
1167 if (address_get_request(link, address, &req) >= 0)
1168 address_enter_removed(req->userdata);
1169
1170 if (!address->link && address_get(link, address, &address) < 0)
1171 return;
1172
1173 address_enter_removed(address);
1174 log_address_debug(address, msg, link);
1175 (void) address_drop(address, removed_by_us);
1176 }
1177
1178 static int address_set_netlink_message(const Address *address, sd_netlink_message *m, Link *link) {
1179 int r;
1180
1181 assert(address);
1182 assert(m);
1183 assert(link);
1184
1185 r = sd_rtnl_message_addr_set_prefixlen(m, address->prefixlen);
1186 if (r < 0)
1187 return r;
1188
1189 /* On remove, only IFA_F_MANAGETEMPADDR flag for IPv6 addresses are used. But anyway, set all
1190 * flags except tentative flag here unconditionally. Without setting the flag, the template
1191 * addresses generated by kernel will not be removed automatically when the main address is
1192 * removed. */
1193 uint32_t flags = address->flags & ~IFA_F_TENTATIVE;
1194 if (flags != 0) {
1195 r = sd_netlink_message_append_u32(m, IFA_FLAGS, flags);
1196 if (r < 0)
1197 return r;
1198 }
1199
1200 r = netlink_message_append_in_addr_union(m, IFA_LOCAL, address->family, &address->in_addr);
1201 if (r < 0)
1202 return r;
1203
1204 return 0;
1205 }
1206
1207 static int address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, RemoveRequest *rreq) {
1208 int r;
1209
1210 assert(m);
1211 assert(rreq);
1212
1213 Link *link = ASSERT_PTR(rreq->link);
1214 Address *address = ASSERT_PTR(rreq->userdata);
1215
1216 if (link->state == LINK_STATE_LINGER)
1217 return 0;
1218
1219 r = sd_netlink_message_get_errno(m);
1220 if (r < 0) {
1221 log_link_message_full_errno(link, m,
1222 (r == -EADDRNOTAVAIL || !address->link) ? LOG_DEBUG : LOG_WARNING,
1223 r, "Could not drop address");
1224
1225 /* If the address cannot be removed, then assume the address is already removed. */
1226 address_forget(link, address, /* removed_by_us = */ true, "Forgetting");
1227 }
1228
1229 return 1;
1230 }
1231
1232 int address_remove(Address *address, Link *link) {
1233 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
1234 int r;
1235
1236 assert(address);
1237 assert(IN_SET(address->family, AF_INET, AF_INET6));
1238 assert(link);
1239 assert(link->ifindex > 0);
1240 assert(link->manager);
1241 assert(link->manager->rtnl);
1242
1243 /* If the address is remembered, use the remembered object. */
1244 (void) address_get(link, address, &address);
1245
1246 log_address_debug(address, "Removing", link);
1247
1248 r = sd_rtnl_message_new_addr(link->manager->rtnl, &m, RTM_DELADDR,
1249 link->ifindex, address->family);
1250 if (r < 0)
1251 return log_link_warning_errno(link, r, "Could not allocate RTM_DELADDR message: %m");
1252
1253 r = address_set_netlink_message(address, m, link);
1254 if (r < 0)
1255 return log_link_warning_errno(link, r, "Could not set netlink attributes: %m");
1256
1257 r = link_remove_request_add(link, address, address, link->manager->rtnl, m, address_remove_handler);
1258 if (r < 0)
1259 return log_link_warning_errno(link, r, "Could not queue rtnetlink message: %m");
1260
1261 address_enter_removing(address);
1262
1263 /* The operational state is determined by address state and carrier state. Hence, if we remove
1264 * an address, the operational state may be changed. */
1265 link_update_operstate(link, true);
1266 return 0;
1267 }
1268
1269 int address_remove_and_cancel(Address *address, Link *link) {
1270 _cleanup_(request_unrefp) Request *req = NULL;
1271 bool waiting = false;
1272
1273 assert(address);
1274 assert(link);
1275 assert(link->manager);
1276
1277 /* If the address is remembered by the link, then use the remembered object. */
1278 (void) address_get(link, address, &address);
1279
1280 /* Cancel the request for the address. If the request is already called but we have not received the
1281 * notification about the request, then explicitly remove the address. */
1282 if (address_get_request(link, address, &req) >= 0) {
1283 request_ref(req); /* avoid the request freed by request_detach() */
1284 waiting = req->waiting_reply;
1285 request_detach(req);
1286 address_cancel_requesting(address);
1287 }
1288
1289 /* If we know the address will come or already exists, remove it. */
1290 if (waiting || (address->link && address_exists(address)))
1291 return address_remove(address, link);
1292
1293 return 0;
1294 }
1295
1296 bool link_address_is_dynamic(const Link *link, const Address *address) {
1297 Route *route;
1298
1299 assert(link);
1300 assert(link->manager);
1301 assert(address);
1302
1303 if (address->lifetime_preferred_usec != USEC_INFINITY)
1304 return true;
1305
1306 /* There is no way to drtermine if the IPv6 address is dynamic when the lifetime is infinity. */
1307 if (address->family != AF_INET)
1308 return false;
1309
1310 /* Even if an IPv4 address is leased from a DHCP server with a finite lifetime, networkd assign the
1311 * address without lifetime when KeepConfiguration=dynamic. So, let's check that we have
1312 * corresponding routes with RTPROT_DHCP. */
1313 SET_FOREACH(route, link->manager->routes) {
1314 if (route->source != NETWORK_CONFIG_SOURCE_FOREIGN)
1315 continue;
1316
1317 /* The route is not assigned yet, or already being removed. Ignoring. */
1318 if (!route_exists(route))
1319 continue;
1320
1321 if (route->protocol != RTPROT_DHCP)
1322 continue;
1323
1324 if (route->nexthop.ifindex != link->ifindex)
1325 continue;
1326
1327 if (address->family != route->family)
1328 continue;
1329
1330 if (in_addr_equal(address->family, &address->in_addr, &route->prefsrc))
1331 return true;
1332 }
1333
1334 return false;
1335 }
1336
1337 int link_drop_ipv6ll_addresses(Link *link) {
1338 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
1339 int r;
1340
1341 assert(link);
1342 assert(link->manager);
1343 assert(link->manager->rtnl);
1344
1345 /* IPv6LL address may be in the tentative state, and in that case networkd has not received it.
1346 * So, we need to dump all IPv6 addresses. */
1347
1348 if (link_may_have_ipv6ll(link, /* check_multicast = */ false))
1349 return 0;
1350
1351 r = sd_rtnl_message_new_addr(link->manager->rtnl, &req, RTM_GETADDR, link->ifindex, AF_INET6);
1352 if (r < 0)
1353 return r;
1354
1355 r = sd_netlink_message_set_request_dump(req, true);
1356 if (r < 0)
1357 return r;
1358
1359 r = sd_netlink_call(link->manager->rtnl, req, 0, &reply);
1360 if (r < 0)
1361 return r;
1362
1363 for (sd_netlink_message *addr = reply; addr; addr = sd_netlink_message_next(addr)) {
1364 _cleanup_(address_unrefp) Address *a = NULL;
1365 unsigned char prefixlen;
1366 struct in6_addr address;
1367 int ifindex;
1368
1369 /* We set ifindex in the request, and NETLINK_GET_STRICT_CHK socket option is set. Hence the
1370 * check below is redundant, but let's do that for safety. */
1371 r = sd_rtnl_message_addr_get_ifindex(addr, &ifindex);
1372 if (r < 0) {
1373 log_link_debug_errno(link, r, "rtnl: received address message without valid ifindex, ignoring: %m");
1374 continue;
1375 } else if (link->ifindex != ifindex)
1376 continue;
1377
1378 uint32_t flags;
1379 r = sd_netlink_message_read_u32(addr, IFA_FLAGS, &flags);
1380 if (r < 0) {
1381 log_link_debug_errno(link, r, "rtnl: Failed to read IFA_FLAGS attribute, ignoring: %m");
1382 continue;
1383 }
1384
1385 r = sd_rtnl_message_addr_get_prefixlen(addr, &prefixlen);
1386 if (r < 0) {
1387 log_link_debug_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m");
1388 continue;
1389 }
1390
1391 if (sd_netlink_message_read_in6_addr(addr, IFA_LOCAL, NULL) >= 0)
1392 /* address with peer, ignoring. */
1393 continue;
1394
1395 r = sd_netlink_message_read_in6_addr(addr, IFA_ADDRESS, &address);
1396 if (r < 0) {
1397 log_link_debug_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1398 continue;
1399 }
1400
1401 if (!in6_addr_is_link_local(&address))
1402 continue;
1403
1404 r = address_new(&a);
1405 if (r < 0)
1406 return -ENOMEM;
1407
1408 a->family = AF_INET6;
1409 a->in_addr.in6 = address;
1410 a->prefixlen = prefixlen;
1411 a->flags = flags;
1412
1413 r = address_remove(a, link);
1414 if (r < 0)
1415 return r;
1416 }
1417
1418 return 0;
1419 }
1420
1421 int link_drop_unmanaged_addresses(Link *link) {
1422 Address *address;
1423 int r = 0;
1424
1425 assert(link);
1426 assert(link->network);
1427
1428 /* First, mark all addresses. */
1429 SET_FOREACH(address, link->addresses) {
1430 /* We consider IPv6LL addresses to be managed by the kernel, or dropped in link_drop_ipv6ll_addresses() */
1431 if (address->family == AF_INET6 && in6_addr_is_link_local(&address->in_addr.in6))
1432 continue;
1433
1434 /* Do not remove localhost address (127.0.0.1 and ::1) */
1435 if (link->flags & IFF_LOOPBACK && in_addr_is_localhost_one(address->family, &address->in_addr) > 0)
1436 continue;
1437
1438 /* Ignore addresses not assigned yet or already removing. */
1439 if (!address_exists(address))
1440 continue;
1441
1442 if (address->source == NETWORK_CONFIG_SOURCE_FOREIGN) {
1443 if (link->network->keep_configuration == KEEP_CONFIGURATION_YES)
1444 continue;
1445
1446 /* link_address_is_dynamic() is slightly heavy. Let's call the function only when
1447 * KeepConfiguration=dynamic or static. */
1448 if (IN_SET(link->network->keep_configuration, KEEP_CONFIGURATION_DYNAMIC, KEEP_CONFIGURATION_STATIC) &&
1449 link_address_is_dynamic(link, address) == (link->network->keep_configuration == KEEP_CONFIGURATION_DYNAMIC))
1450 continue;
1451
1452 } else if (address->source != NETWORK_CONFIG_SOURCE_STATIC)
1453 continue; /* Ignore dynamically configurad addresses. */
1454
1455 address_mark(address);
1456 }
1457
1458 /* Then, unmark requested addresses. */
1459 ORDERED_HASHMAP_FOREACH(address, link->network->addresses_by_section) {
1460 Address *existing;
1461
1462 if (address_get(link, address, &existing) < 0)
1463 continue;
1464
1465 if (!address_can_update(existing, address))
1466 continue;
1467
1468 /* Found matching static configuration. Keep the existing address. */
1469 address_unmark(existing);
1470 }
1471
1472 /* Finally, remove all marked addresses. */
1473 SET_FOREACH(address, link->addresses) {
1474 if (!address_is_marked(address))
1475 continue;
1476
1477 RET_GATHER(r, address_remove(address, link));
1478 }
1479
1480 return r;
1481 }
1482
1483 int link_drop_static_addresses(Link *link) {
1484 Address *address;
1485 int r = 0;
1486
1487 assert(link);
1488
1489 SET_FOREACH(address, link->addresses) {
1490 /* Remove only static addresses here. Dynamic addresses will be removed e.g. on lease
1491 * expiration or stopping the DHCP client. */
1492 if (address->source != NETWORK_CONFIG_SOURCE_STATIC)
1493 continue;
1494
1495 /* Ignore addresses not assigned yet or already removing. */
1496 if (!address_exists(address))
1497 continue;
1498
1499 RET_GATHER(r, address_remove(address, link));
1500 }
1501
1502 return r;
1503 }
1504
1505 int address_configure_handler_internal(sd_netlink_message *m, Link *link, Address *address) {
1506 int r;
1507
1508 assert(m);
1509 assert(link);
1510 assert(address);
1511
1512 r = sd_netlink_message_get_errno(m);
1513 if (r < 0 && r != -EEXIST) {
1514 log_link_message_warning_errno(link, m, r, "Failed to set %s address %s",
1515 network_config_source_to_string(address->source),
1516 IN_ADDR_TO_STRING(address->family, &address->in_addr));
1517 link_enter_failed(link);
1518 return 0;
1519 }
1520
1521 return 1;
1522 }
1523
1524 static int address_configure(const Address *address, const struct ifa_cacheinfo *c, Link *link, Request *req) {
1525 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
1526 int r;
1527
1528 assert(address);
1529 assert(IN_SET(address->family, AF_INET, AF_INET6));
1530 assert(c);
1531 assert(link);
1532 assert(link->ifindex > 0);
1533 assert(link->manager);
1534 assert(link->manager->rtnl);
1535 assert(req);
1536
1537 log_address_debug(address, "Configuring", link);
1538
1539 r = sd_rtnl_message_new_addr_update(link->manager->rtnl, &m, link->ifindex, address->family);
1540 if (r < 0)
1541 return r;
1542
1543 r = address_set_netlink_message(address, m, link);
1544 if (r < 0)
1545 return r;
1546
1547 r = sd_rtnl_message_addr_set_scope(m, address->scope);
1548 if (r < 0)
1549 return r;
1550
1551 if (address->family == AF_INET6 || in_addr_is_set(address->family, &address->in_addr_peer)) {
1552 r = netlink_message_append_in_addr_union(m, IFA_ADDRESS, address->family, &address->in_addr_peer);
1553 if (r < 0)
1554 return r;
1555 } else if (in4_addr_is_set(&address->broadcast)) {
1556 r = sd_netlink_message_append_in_addr(m, IFA_BROADCAST, &address->broadcast);
1557 if (r < 0)
1558 return r;
1559 }
1560
1561 if (address->family == AF_INET && address->label) {
1562 r = sd_netlink_message_append_string(m, IFA_LABEL, address->label);
1563 if (r < 0)
1564 return r;
1565 }
1566
1567 r = sd_netlink_message_append_cache_info(m, IFA_CACHEINFO, c);
1568 if (r < 0)
1569 return r;
1570
1571 r = sd_netlink_message_append_u32(m, IFA_RT_PRIORITY, address->route_metric);
1572 if (r < 0)
1573 return r;
1574
1575 return request_call_netlink_async(link->manager->rtnl, m, req);
1576 }
1577
1578 static int address_acquire(Link *link, const Address *address, union in_addr_union *ret) {
1579 union in_addr_union a;
1580 int r;
1581
1582 assert(link);
1583 assert(address);
1584 assert(ret);
1585
1586 r = address_acquire_from_dhcp_server_leases_file(link, address, ret);
1587 if (!IN_SET(r, -ENOENT, -ENXIO, -EINVAL))
1588 return r;
1589
1590 r = address_pool_acquire(link->manager, address->family, address->prefixlen, &a);
1591 if (r < 0)
1592 return r;
1593 if (r == 0)
1594 return -EBUSY;
1595
1596 /* Pick first address in range for ourselves. */
1597 if (address->family == AF_INET)
1598 a.in.s_addr |= htobe32(1);
1599 else if (address->family == AF_INET6)
1600 a.in6.s6_addr[15] |= 1;
1601 else
1602 assert_not_reached();
1603
1604 *ret = a;
1605 return 0;
1606 }
1607
1608 static int address_requeue_request(Request *req, Link *link, const Address *address) {
1609 int r;
1610
1611 assert(req);
1612 assert(link);
1613 assert(link->manager);
1614 assert(link->network);
1615 assert(address);
1616
1617 /* Something useful was configured? just use it */
1618 if (in_addr_is_set(address->family, &address->in_addr))
1619 return 0;
1620
1621 /* The address is configured to be 0.0.0.0 or [::] by the user?
1622 * Then let's acquire something more useful. */
1623 union in_addr_union a;
1624 r = address_acquire(link, address, &a);
1625 if (r < 0)
1626 return r;
1627
1628 _cleanup_(address_unrefp) Address *tmp = NULL;
1629 r = address_dup(address, &tmp);
1630 if (r < 0)
1631 return r;
1632
1633 tmp->in_addr = a;
1634
1635 r = link_requeue_request(link, req, tmp, NULL);
1636 if (r < 0)
1637 return r;
1638 if (r == 0)
1639 return -EEXIST; /* Already queued?? Strange... */
1640
1641 TAKE_PTR(tmp);
1642 return 1; /* A new request is queued. it is not necessary to process this request anymore. */
1643 }
1644
1645 static int address_process_request(Request *req, Link *link, Address *address) {
1646 Address *existing;
1647 struct ifa_cacheinfo c;
1648 int r;
1649
1650 assert(req);
1651 assert(link);
1652 assert(address);
1653
1654 if (!link_is_ready_to_configure(link, false))
1655 return 0;
1656
1657 /* Refuse adding more than the limit */
1658 if (set_size(link->addresses) >= ADDRESSES_PER_LINK_MAX)
1659 return 0;
1660
1661 r = address_requeue_request(req, link, address);
1662 if (r == -EBUSY)
1663 return 0;
1664 if (r != 0)
1665 return r;
1666
1667 address_set_broadcast(address, link);
1668
1669 r = ipv4acd_configure(link, address);
1670 if (r < 0)
1671 return r;
1672
1673 if (!ipv4acd_bound(link, address))
1674 return 0;
1675
1676 address_set_cinfo(link->manager, address, &c);
1677 if (c.ifa_valid == 0) {
1678 log_link_debug(link, "Refuse to configure %s address %s, as its valid lifetime is zero.",
1679 network_config_source_to_string(address->source),
1680 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
1681
1682 address_cancel_requesting(address);
1683 if (address_get(link, address, &existing) >= 0)
1684 address_cancel_requesting(existing);
1685 return 1;
1686 }
1687
1688 r = address_configure(address, &c, link, req);
1689 if (r < 0)
1690 return log_link_warning_errno(link, r, "Failed to configure address: %m");
1691
1692 address_enter_configuring(address);
1693 if (address_get(link, address, &existing) >= 0)
1694 address_enter_configuring(existing);
1695
1696 return 1;
1697 }
1698
1699 int link_request_address(
1700 Link *link,
1701 const Address *address,
1702 unsigned *message_counter,
1703 address_netlink_handler_t netlink_handler,
1704 Request **ret) {
1705
1706 _cleanup_(address_unrefp) Address *tmp = NULL;
1707 Address *existing = NULL;
1708 int r;
1709
1710 assert(link);
1711 assert(address);
1712 assert(address->source != NETWORK_CONFIG_SOURCE_FOREIGN);
1713
1714 if (address->lifetime_valid_usec == 0)
1715 /* The requested address is outdated. Let's ignore the request. */
1716 return 0;
1717
1718 if (address_get_request(link, address, NULL) >= 0)
1719 return 0; /* already requested, skipping. */
1720
1721 r = address_dup(address, &tmp);
1722 if (r < 0)
1723 return log_oom();
1724
1725 if (address_get(link, address, &existing) >= 0) {
1726 /* Copy already assigned address when it is requested as a null address. */
1727 if (address_is_static_null(address))
1728 tmp->in_addr = existing->in_addr;
1729
1730 /* Copy state for logging below. */
1731 tmp->state = existing->state;
1732 }
1733
1734 log_address_debug(tmp, "Requesting", link);
1735 r = link_queue_request_safe(link, REQUEST_TYPE_ADDRESS,
1736 tmp,
1737 address_unref,
1738 address_hash_func,
1739 address_compare_func,
1740 address_process_request,
1741 message_counter, netlink_handler, ret);
1742 if (r < 0)
1743 return log_link_warning_errno(link, r, "Failed to request address: %m");
1744 if (r == 0)
1745 return 0;
1746
1747 address_enter_requesting(tmp);
1748 if (existing)
1749 address_enter_requesting(existing);
1750
1751 TAKE_PTR(tmp);
1752 return 1;
1753 }
1754
1755 static int static_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Address *address) {
1756 int r;
1757
1758 assert(link);
1759 assert(address);
1760
1761 r = address_configure_handler_internal(m, link, address);
1762 if (r <= 0)
1763 return r;
1764
1765 if (link->static_address_messages == 0) {
1766 log_link_debug(link, "Addresses set");
1767 link->static_addresses_configured = true;
1768 link_check_ready(link);
1769 }
1770
1771 return 1;
1772 }
1773
1774 int link_request_static_address(Link *link, const Address *address) {
1775 assert(link);
1776 assert(address);
1777 assert(address->source == NETWORK_CONFIG_SOURCE_STATIC);
1778
1779 return link_request_address(link, address, &link->static_address_messages,
1780 static_address_handler, NULL);
1781 }
1782
1783 int link_request_static_addresses(Link *link) {
1784 Address *a;
1785 int r;
1786
1787 assert(link);
1788 assert(link->network);
1789
1790 link->static_addresses_configured = false;
1791
1792 ORDERED_HASHMAP_FOREACH(a, link->network->addresses_by_section) {
1793 r = link_request_static_address(link, a);
1794 if (r < 0)
1795 return r;
1796 }
1797
1798 r = link_request_radv_addresses(link);
1799 if (r < 0)
1800 return r;
1801
1802 if (link->static_address_messages == 0) {
1803 link->static_addresses_configured = true;
1804 link_check_ready(link);
1805 } else {
1806 log_link_debug(link, "Setting addresses");
1807 link_set_state(link, LINK_STATE_CONFIGURING);
1808 }
1809
1810 return 0;
1811 }
1812
1813 int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) {
1814 int r;
1815
1816 assert(rtnl);
1817 assert(message);
1818 assert(m);
1819
1820 if (sd_netlink_message_is_error(message)) {
1821 r = sd_netlink_message_get_errno(message);
1822 if (r < 0)
1823 log_message_warning_errno(message, r, "rtnl: failed to receive address message, ignoring");
1824
1825 return 0;
1826 }
1827
1828 uint16_t type;
1829 r = sd_netlink_message_get_type(message, &type);
1830 if (r < 0) {
1831 log_warning_errno(r, "rtnl: could not get message type, ignoring: %m");
1832 return 0;
1833 } else if (!IN_SET(type, RTM_NEWADDR, RTM_DELADDR)) {
1834 log_warning("rtnl: received unexpected message type %u when processing address, ignoring.", type);
1835 return 0;
1836 }
1837
1838 int ifindex;
1839 r = sd_rtnl_message_addr_get_ifindex(message, &ifindex);
1840 if (r < 0) {
1841 log_warning_errno(r, "rtnl: could not get ifindex from message, ignoring: %m");
1842 return 0;
1843 } else if (ifindex <= 0) {
1844 log_warning("rtnl: received address message with invalid ifindex %d, ignoring.", ifindex);
1845 return 0;
1846 }
1847
1848 Link *link;
1849 r = link_get_by_index(m, ifindex, &link);
1850 if (r < 0) {
1851 /* when enumerating we might be out of sync, but we will get the address again, so just
1852 * ignore it */
1853 if (!m->enumerating)
1854 log_warning("rtnl: received address for link '%d' we don't know about, ignoring.", ifindex);
1855 return 0;
1856 }
1857
1858 _cleanup_(address_unrefp) Address *tmp = NULL;
1859 r = address_new(&tmp);
1860 if (r < 0)
1861 return log_oom();
1862
1863 /* First, read minimal information to make address_get() work below. */
1864
1865 r = sd_rtnl_message_addr_get_family(message, &tmp->family);
1866 if (r < 0) {
1867 log_link_warning(link, "rtnl: received address message without family, ignoring.");
1868 return 0;
1869 } else if (!IN_SET(tmp->family, AF_INET, AF_INET6)) {
1870 log_link_debug(link, "rtnl: received address message with invalid family '%i', ignoring.", tmp->family);
1871 return 0;
1872 }
1873
1874 r = sd_rtnl_message_addr_get_prefixlen(message, &tmp->prefixlen);
1875 if (r < 0) {
1876 log_link_warning_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m");
1877 return 0;
1878 }
1879
1880 switch (tmp->family) {
1881 case AF_INET:
1882 r = sd_netlink_message_read_in_addr(message, IFA_LOCAL, &tmp->in_addr.in);
1883 if (r < 0) {
1884 log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1885 return 0;
1886 }
1887
1888 r = sd_netlink_message_read_in_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in);
1889 if (r < 0 && r != -ENODATA) {
1890 log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m");
1891 return 0;
1892 } else if (r >= 0) {
1893 if (in4_addr_equal(&tmp->in_addr.in, &tmp->in_addr_peer.in))
1894 tmp->in_addr_peer = IN_ADDR_NULL;
1895 }
1896
1897 break;
1898
1899 case AF_INET6:
1900 r = sd_netlink_message_read_in6_addr(message, IFA_LOCAL, &tmp->in_addr.in6);
1901 if (r >= 0) {
1902 /* Have peer address. */
1903 r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in6);
1904 if (r < 0) {
1905 log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m");
1906 return 0;
1907 }
1908 } else if (r == -ENODATA) {
1909 /* Does not have peer address. */
1910 r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr.in6);
1911 if (r < 0) {
1912 log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m");
1913 return 0;
1914 }
1915 } else {
1916 log_link_warning_errno(link, r, "rtnl: could not get local address from address message, ignoring: %m");
1917 return 0;
1918 }
1919
1920 break;
1921
1922 default:
1923 assert_not_reached();
1924 }
1925
1926 /* Then, find the managed Address object corresponding to the received address. */
1927 Address *address = NULL;
1928 (void) address_get(link, tmp, &address);
1929
1930 if (type == RTM_DELADDR) {
1931 if (address)
1932 address_forget(link, address,
1933 /* removed_by_us = */ FLAGS_SET(address->state, NETWORK_CONFIG_STATE_REMOVING),
1934 "Forgetting removed");
1935 else
1936 log_address_debug(tmp, "Kernel removed unknown", link);
1937
1938 goto finalize;
1939 }
1940
1941 bool is_new = false;
1942 if (!address) {
1943 /* If we did not know the address, then save it. */
1944 r = address_attach(link, tmp);
1945 if (r < 0) {
1946 log_link_warning_errno(link, r, "Failed to save received address %s, ignoring: %m",
1947 IN_ADDR_PREFIX_TO_STRING(tmp->family, &tmp->in_addr, tmp->prefixlen));
1948 return 0;
1949 }
1950 address = tmp;
1951
1952 is_new = true;
1953
1954 } else {
1955 /* Otherwise, update the managed Address object with the netlink notification. */
1956 address->prefixlen = tmp->prefixlen;
1957 address->in_addr_peer = tmp->in_addr_peer;
1958 }
1959
1960 /* Also update information that cannot be obtained through netlink notification. */
1961 Request *req = NULL;
1962 (void) address_get_request(link, tmp, &req);
1963 if (req && req->waiting_reply) {
1964 Address *a = ASSERT_PTR(req->userdata);
1965
1966 address->source = a->source;
1967 address->provider = a->provider;
1968 (void) free_and_strdup_warn(&address->netlabel, a->netlabel);
1969 nft_set_context_clear(&address->nft_set_context);
1970 (void) nft_set_context_dup(&a->nft_set_context, &address->nft_set_context);
1971 address->requested_as_null = a->requested_as_null;
1972 address->also_requested_by_dhcp6 = a->also_requested_by_dhcp6;
1973 address->callback = a->callback;
1974
1975 ipv6_token_ref(a->token);
1976 ipv6_token_unref(address->token);
1977 address->token = a->token;
1978 }
1979
1980 /* Then, update miscellaneous info. */
1981 r = sd_rtnl_message_addr_get_scope(message, &address->scope);
1982 if (r < 0)
1983 log_link_debug_errno(link, r, "rtnl: received address message without scope, ignoring: %m");
1984
1985 if (address->family == AF_INET) {
1986 _cleanup_free_ char *label = NULL;
1987
1988 r = sd_netlink_message_read_string_strdup(message, IFA_LABEL, &label);
1989 if (r >= 0) {
1990 if (!streq_ptr(label, link->ifname))
1991 free_and_replace(address->label, label);
1992 } else if (r != -ENODATA)
1993 log_link_debug_errno(link, r, "rtnl: could not get label from address message, ignoring: %m");
1994
1995 r = sd_netlink_message_read_in_addr(message, IFA_BROADCAST, &address->broadcast);
1996 if (r < 0 && r != -ENODATA)
1997 log_link_debug_errno(link, r, "rtnl: could not get broadcast from address message, ignoring: %m");
1998 }
1999
2000 r = sd_netlink_message_read_u32(message, IFA_FLAGS, &address->flags);
2001 if (r < 0)
2002 log_link_debug_errno(link, r, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m");
2003
2004 struct ifa_cacheinfo cinfo;
2005 r = sd_netlink_message_read_cache_info(message, IFA_CACHEINFO, &cinfo);
2006 if (r >= 0)
2007 address_set_lifetime(m, address, &cinfo);
2008 else if (r != -ENODATA)
2009 log_link_debug_errno(link, r, "rtnl: failed to read IFA_CACHEINFO attribute, ignoring: %m");
2010
2011 r = sd_netlink_message_read_u32(message, IFA_RT_PRIORITY, &address->route_metric);
2012 if (r < 0 && r != -ENODATA)
2013 log_link_debug_errno(link, r, "rtnl: failed to read IFA_RT_PRIORITY attribute, ignoring: %m");
2014
2015 address_enter_configured(address);
2016 if (req)
2017 address_enter_configured(req->userdata);
2018
2019 log_address_debug(address, is_new ? "Received new": "Received updated", link);
2020
2021 /* address_update() logs internally, so we don't need to here. */
2022 r = address_update(address);
2023 if (r < 0)
2024 link_enter_failed(link);
2025
2026 finalize:
2027 if (tmp->family == AF_INET6) {
2028 r = dhcp4_update_ipv6_connectivity(link);
2029 if (r < 0) {
2030 log_link_warning_errno(link, r, "Failed to notify IPv6 connectivity to DHCPv4 client: %m");
2031 link_enter_failed(link);
2032 }
2033 }
2034
2035 return 1;
2036 }
2037
2038 static int config_parse_broadcast(
2039 const char *unit,
2040 const char *filename,
2041 unsigned line,
2042 const char *section,
2043 unsigned section_line,
2044 const char *lvalue,
2045 int ltype,
2046 const char *rvalue,
2047 void *data,
2048 void *userdata) {
2049
2050 Address *address = ASSERT_PTR(userdata);
2051 int r;
2052
2053 /* Do not check or set address->family here. It will be checked later in
2054 * address_section_verify() -> address_section_adjust_broadcast() . */
2055
2056 if (isempty(rvalue)) {
2057 /* The broadcast address will be calculated based on Address=, and set if the link is
2058 * not a wireguard interface. */
2059 address->broadcast = (struct in_addr) {};
2060 address->set_broadcast = -1;
2061 return 1;
2062 }
2063
2064 r = parse_boolean(rvalue);
2065 if (r >= 0) {
2066 /* The broadcast address will be calculated based on Address=. */
2067 address->broadcast = (struct in_addr) {};
2068 address->set_broadcast = r;
2069 return 1;
2070 }
2071
2072 r = config_parse_in_addr_non_null(
2073 unit, filename, line, section, section_line,
2074 lvalue, /* ltype = */ AF_INET, rvalue,
2075 &address->broadcast, /* userdata = */ NULL);
2076 if (r <= 0)
2077 return r;
2078
2079 address->set_broadcast = true;
2080 return 1;
2081 }
2082
2083 static int config_parse_address(
2084 const char *unit,
2085 const char *filename,
2086 unsigned line,
2087 const char *section,
2088 unsigned section_line,
2089 const char *lvalue,
2090 int ltype,
2091 const char *rvalue,
2092 void *data,
2093 void *userdata) {
2094
2095 Address *address = ASSERT_PTR(userdata);
2096 union in_addr_union *a = ASSERT_PTR(data);
2097 struct in_addr_prefix prefix;
2098 int r;
2099
2100 assert(rvalue);
2101
2102 if (isempty(rvalue)) {
2103 /* When an empty string is assigned, clear both Address= and Peer=. */
2104 address->family = AF_UNSPEC;
2105 address->prefixlen = 0;
2106 address->in_addr = IN_ADDR_NULL;
2107 address->in_addr_peer = IN_ADDR_NULL;
2108 return 1;
2109 }
2110
2111 r = config_parse_in_addr_prefix(unit, filename, line, section, section_line, lvalue, /* ltype = */ true, rvalue, &prefix, /* userdata = */ NULL);
2112 if (r <= 0)
2113 return r;
2114
2115 if (address->family != AF_UNSPEC && prefix.family != address->family) {
2116 log_syntax(unit, LOG_WARNING, filename, line, 0, "Address is incompatible, ignoring assignment: %s", rvalue);
2117 return 0;
2118 }
2119
2120 address->family = prefix.family;
2121 address->prefixlen = prefix.prefixlen;
2122 *a = prefix.address;
2123 return 1;
2124 }
2125
2126 static int config_parse_address_label(
2127 const char *unit,
2128 const char *filename,
2129 unsigned line,
2130 const char *section,
2131 unsigned section_line,
2132 const char *lvalue,
2133 int ltype,
2134 const char *rvalue,
2135 void *data,
2136 void *userdata) {
2137
2138 char **label = ASSERT_PTR(data);
2139 int r;
2140
2141 if (!isempty(rvalue) && !address_label_valid(rvalue)) {
2142 log_syntax(unit, LOG_WARNING, filename, line, 0,
2143 "Interface label is too long or invalid, ignoring assignment: %s", rvalue);
2144 return 0;
2145 }
2146
2147 r = free_and_strdup_warn(label, empty_to_null(rvalue));
2148 if (r < 0)
2149 return r;
2150
2151 return 1;
2152 }
2153
2154 static int config_parse_address_lifetime(
2155 const char *unit,
2156 const char *filename,
2157 unsigned line,
2158 const char *section,
2159 unsigned section_line,
2160 const char *lvalue,
2161 int ltype,
2162 const char *rvalue,
2163 void *data,
2164 void *userdata) {
2165
2166 usec_t *usec = ASSERT_PTR(data);
2167
2168 /* We accept only "forever", "infinity", empty, or "0". */
2169 if (isempty(rvalue) || STR_IN_SET(rvalue, "forever", "infinity"))
2170 *usec = USEC_INFINITY;
2171 else if (streq(rvalue, "0"))
2172 *usec = 0;
2173 else {
2174 log_syntax(unit, LOG_WARNING, filename, line, 0,
2175 "Invalid PreferredLifetime= value, ignoring: %s", rvalue);
2176 return 0;
2177 }
2178
2179 return 1;
2180 }
2181
2182 static int config_parse_address_scope(
2183 const char *unit,
2184 const char *filename,
2185 unsigned line,
2186 const char *section,
2187 unsigned section_line,
2188 const char *lvalue,
2189 int ltype,
2190 const char *rvalue,
2191 void *data,
2192 void *userdata) {
2193
2194 Address *address = ASSERT_PTR(userdata);
2195 int r;
2196
2197 if (isempty(rvalue)) {
2198 address->scope = RT_SCOPE_UNIVERSE;
2199 address->scope_set = false;
2200 return 1;
2201 }
2202
2203 r = route_scope_from_string(rvalue);
2204 if (r < 0)
2205 return log_syntax_parse_error(unit, filename, line, r, lvalue, rvalue);
2206
2207 address->scope = r;
2208 address->scope_set = true;
2209 return 1;
2210 }
2211
2212 static int config_parse_address_dad(
2213 const char *unit,
2214 const char *filename,
2215 unsigned line,
2216 const char *section,
2217 unsigned section_line,
2218 const char *lvalue,
2219 int ltype,
2220 const char *rvalue,
2221 void *data,
2222 void *userdata) {
2223
2224 AddressFamily *p = ASSERT_PTR(data);
2225 int r;
2226
2227 if (isempty(rvalue)) {
2228 *p = _ADDRESS_FAMILY_INVALID;
2229 return 1;
2230 }
2231
2232 r = parse_boolean(rvalue);
2233 if (r >= 0) {
2234 log_syntax(unit, LOG_WARNING, filename, line, 0,
2235 "For historical reasons, %s=%s means %s=%s. "
2236 "Please use 'both', 'ipv4', 'ipv6' or 'none' instead.",
2237 lvalue, rvalue, lvalue, r ? "none" : "both");
2238 *p = r ? ADDRESS_FAMILY_NO : ADDRESS_FAMILY_YES;
2239 return 1;
2240 }
2241
2242 AddressFamily a = duplicate_address_detection_address_family_from_string(rvalue);
2243 if (a < 0)
2244 return log_syntax_parse_error(unit, filename, line, a, lvalue, rvalue);
2245
2246 *p = a;
2247 return 1;
2248 }
2249
2250 int config_parse_address_section(
2251 const char *unit,
2252 const char *filename,
2253 unsigned line,
2254 const char *section,
2255 unsigned section_line,
2256 const char *lvalue,
2257 int ltype,
2258 const char *rvalue,
2259 void *data,
2260 void *userdata) {
2261
2262 static const ConfigSectionParser table[_ADDRESS_CONF_PARSER_MAX] = {
2263 [ADDRESS_ADDRESS] = { .parser = config_parse_address, .ltype = 0, .offset = offsetof(Address, in_addr), },
2264 [ADDRESS_PEER] = { .parser = config_parse_address, .ltype = 0, .offset = offsetof(Address, in_addr_peer), },
2265 [ADDRESS_BROADCAST] = { .parser = config_parse_broadcast, .ltype = 0, .offset = 0, },
2266 [ADDRESS_LABEL] = { .parser = config_parse_address_label, .ltype = 0, .offset = offsetof(Address, label), },
2267 [ADDRESS_PREFERRED_LIFETIME] = { .parser = config_parse_address_lifetime, .ltype = 0, .offset = offsetof(Address, lifetime_preferred_usec), },
2268 [ADDRESS_HOME_ADDRESS] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_HOMEADDRESS, .offset = offsetof(Address, flags), },
2269 [ADDRESS_MANAGE_TEMPORARY_ADDRESS] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_MANAGETEMPADDR, .offset = offsetof(Address, flags), },
2270 [ADDRESS_PREFIX_ROUTE] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_NOPREFIXROUTE, .offset = offsetof(Address, flags), },
2271 [ADDRESS_ADD_PREFIX_ROUTE] = { .parser = config_parse_uint32_invert_flag, .ltype = IFA_F_NOPREFIXROUTE, .offset = offsetof(Address, flags), },
2272 [ADDRESS_AUTO_JOIN] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_MCAUTOJOIN, .offset = offsetof(Address, flags), },
2273 [ADDRESS_DAD] = { .parser = config_parse_address_dad, .ltype = 0, .offset = offsetof(Address, duplicate_address_detection), },
2274 [ADDRESS_SCOPE] = { .parser = config_parse_address_scope, .ltype = 0, .offset = 0, },
2275 [ADDRESS_ROUTE_METRIC] = { .parser = config_parse_uint32, .ltype = 0, .offset = offsetof(Address, route_metric), },
2276 [ADDRESS_NET_LABEL] = { .parser = config_parse_string, .ltype = CONFIG_PARSE_STRING_SAFE, .offset = offsetof(Address, netlabel), },
2277 [ADDRESS_NFT_SET] = { .parser = config_parse_nft_set, .ltype = NFT_SET_PARSE_NETWORK, .offset = offsetof(Address, nft_set_context), },
2278 };
2279
2280 _cleanup_(address_unref_or_set_invalidp) Address *address = NULL;
2281 Network *network = ASSERT_PTR(userdata);
2282 int r;
2283
2284 assert(filename);
2285 assert(section);
2286
2287 if (streq(section, "Network")) {
2288 assert(streq(lvalue, "Address"));
2289
2290 if (isempty(rvalue)) {
2291 /* If an empty string specified in [Network] section, clear previously assigned addresses. */
2292 network->addresses_by_section = ordered_hashmap_free(network->addresses_by_section);
2293 return 0;
2294 }
2295
2296 /* we are not in an Address section, so use line number instead. */
2297 r = address_new_static(network, filename, line, &address);
2298 } else
2299 r = address_new_static(network, filename, section_line, &address);
2300 if (r == -ENOMEM)
2301 return log_oom();
2302 if (r < 0) {
2303 log_syntax(unit, LOG_WARNING, filename, line, r,
2304 "Failed to allocate new address, ignoring assignment: %m");
2305 return 0;
2306 }
2307
2308 r = config_section_parse(table, ELEMENTSOF(table),
2309 unit, filename, line, section, section_line, lvalue, ltype, rvalue, address);
2310 if (r <= 0)
2311 return r;
2312
2313 TAKE_PTR(address);
2314 return 0;
2315 }
2316
2317 #define log_broadcast(address, fmt, ...) \
2318 ({ \
2319 const Address *_address = (address); \
2320 log_section_warning( \
2321 _address ? _address->section : NULL, \
2322 fmt " Ignoring Broadcast= setting in the [Address] section.", \
2323 ##__VA_ARGS__); \
2324 })
2325
2326 static void address_section_adjust_broadcast(Address *address) {
2327 assert(address);
2328 assert(address->section);
2329
2330 if (!in4_addr_is_set(&address->broadcast))
2331 return;
2332
2333 if (address->family == AF_INET6)
2334 log_broadcast(address, "Broadcast address is set for an IPv6 address.");
2335 else if (address->prefixlen > 30)
2336 log_broadcast(address, "Broadcast address is set for an IPv4 address with prefix length larger than 30.");
2337 else if (in4_addr_is_set(&address->in_addr_peer.in))
2338 log_broadcast(address, "Broadcast address is set for an IPv4 address with peer address.");
2339 else if (!in4_addr_is_set(&address->in_addr.in))
2340 log_broadcast(address, "Broadcast address is set for an IPv4 address with null address.");
2341 else
2342 /* Otherwise, keep the specified broadcast address. */
2343 return;
2344
2345 address->broadcast.s_addr = 0;
2346 }
2347
2348 #define log_address_section(address, fmt, ...) \
2349 ({ \
2350 const Address *_address = (address); \
2351 log_section_warning_errno( \
2352 _address ? _address->section : NULL, \
2353 SYNTHETIC_ERRNO(EINVAL), \
2354 fmt " Ignoring [Address] section.", \
2355 ##__VA_ARGS__); \
2356 })
2357
2358 int address_section_verify(Address *address) {
2359 assert(address);
2360 assert(address->section);
2361
2362 if (section_is_invalid(address->section))
2363 return -EINVAL;
2364
2365 if (address->family == AF_UNSPEC)
2366 return log_address_section(address, "Address section without Address= field was configured.");
2367 assert(IN_SET(address->family, AF_INET, AF_INET6));
2368
2369 if (address->family == AF_INET6 && !socket_ipv6_is_supported())
2370 return log_address_section(address, "An IPv6 address was configured, but the kernel does not support IPv6.");
2371
2372 if (in_addr_is_null(address->family, &address->in_addr)) {
2373 /* Will use address from address pool. Note that for ipv6 case, prefix of the address
2374 * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So,
2375 * let's limit the prefix length to 64 or larger. See RFC4193. */
2376 unsigned min_prefixlen = address->family == AF_INET ? 8 : 64;
2377 if (address->prefixlen < min_prefixlen)
2378 return log_address_section(address, "Prefix length for %s null address must be equal or larger than %u.",
2379 af_to_ipv4_ipv6(address->family), min_prefixlen);
2380
2381 address->requested_as_null = !in_addr_is_set(address->family, &address->in_addr);
2382 }
2383
2384 address_section_adjust_broadcast(address);
2385
2386 if (address->family == AF_INET6 && address->label) {
2387 log_section_warning(address->section, "Address label is set for IPv6 address, ignoring Label= setting.");
2388 address->label = mfree(address->label);
2389 }
2390
2391 if (!address->scope_set) {
2392 if (in_addr_is_localhost(address->family, &address->in_addr) > 0)
2393 address->scope = RT_SCOPE_HOST;
2394 else if (in_addr_is_link_local(address->family, &address->in_addr) > 0)
2395 address->scope = RT_SCOPE_LINK;
2396 }
2397
2398 if (address->duplicate_address_detection < 0) {
2399 if (address->family == AF_INET6)
2400 address->duplicate_address_detection = ADDRESS_FAMILY_IPV6;
2401 else if (in4_addr_is_link_local(&address->in_addr.in))
2402 address->duplicate_address_detection = ADDRESS_FAMILY_IPV4;
2403 else
2404 address->duplicate_address_detection = ADDRESS_FAMILY_NO;
2405 } else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV6 && address->family == AF_INET)
2406 log_section_warning(address->section, "DuplicateAddressDetection=ipv6 is specified for IPv4 address, ignoring.");
2407 else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV4 && address->family == AF_INET6)
2408 log_section_warning(address->section, "DuplicateAddressDetection=ipv4 is specified for IPv6 address, ignoring.");
2409
2410 if (address->family == AF_INET6 &&
2411 !FLAGS_SET(address->duplicate_address_detection, ADDRESS_FAMILY_IPV6))
2412 address->flags |= IFA_F_NODAD;
2413
2414 uint32_t filtered_flags = address->family == AF_INET ?
2415 address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS & ~IPV6ONLY_FLAGS :
2416 address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS;
2417 if (address->flags != filtered_flags) {
2418 _cleanup_free_ char *str = NULL;
2419
2420 (void) address_flags_to_string_alloc(address->flags ^ filtered_flags, address->family, &str);
2421 return log_address_section(address, "unexpected address flags \"%s\" were configured.", strna(str));
2422 }
2423
2424 return 0;
2425 }
2426
2427 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
2428 trivial_hash_ops_address_detach,
2429 void,
2430 trivial_hash_func,
2431 trivial_compare_func,
2432 Address,
2433 address_detach);
2434
2435 int network_drop_invalid_addresses(Network *network) {
2436 _cleanup_set_free_ Set *addresses = NULL, *duplicated_addresses = NULL;
2437 Address *address;
2438 int r;
2439
2440 assert(network);
2441
2442 ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) {
2443 if (address_section_verify(address) < 0) {
2444 /* Drop invalid [Address] sections or Address= settings in [Network].
2445 * Note that address_detach() will drop the address from addresses_by_section. */
2446 address_detach(address);
2447 continue;
2448 }
2449
2450 /* Always use the setting specified later. So, remove the previously assigned setting. */
2451 Address *dup = set_remove(addresses, address);
2452 if (dup) {
2453 log_warning("%s: Duplicated address %s is specified at line %u and %u, "
2454 "dropping the address setting specified at line %u.",
2455 dup->section->filename,
2456 IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen),
2457 address->section->line,
2458 dup->section->line, dup->section->line);
2459
2460 /* Do not call address_detach() for 'dup' now, as we can remove only the current
2461 * entry in the loop. We will drop the address from addresses_by_section later. */
2462 r = set_ensure_put(&duplicated_addresses, &trivial_hash_ops_address_detach, dup);
2463 if (r < 0)
2464 return log_oom();
2465 assert(r > 0);
2466 }
2467
2468 /* Use address_hash_ops, instead of address_hash_ops_detach. Otherwise, the Address objects
2469 * will be detached. */
2470 r = set_ensure_put(&addresses, &address_hash_ops, address);
2471 if (r < 0)
2472 return log_oom();
2473 assert(r > 0);
2474 }
2475
2476 r = network_adjust_dhcp_server(network, &addresses);
2477 if (r < 0)
2478 return r;
2479
2480 return 0;
2481 }
Unnamed repository; edit this file 'description' to name the repository.