]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/network/networkd-ndisc.c
projects / thirdparty / systemd.git / blob
? search:


19a655b2d7af1398792ce5827f00136878e75587
[thirdparty/systemd.git] / src / network / networkd-ndisc.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright © 2014 Intel Corporation. All rights reserved.
4 ***/
5
6 #include <netinet/icmp6.h>
7 #include <arpa/inet.h>
8
9 #include "sd-ndisc.h"
10
11 #include "missing_network.h"
12 #include "networkd-dhcp6.h"
13 #include "networkd-manager.h"
14 #include "networkd-ndisc.h"
15 #include "networkd-route.h"
16 #include "string-table.h"
17 #include "string-util.h"
18 #include "strv.h"
19
20 #define NDISC_DNSSL_MAX 64U
21 #define NDISC_RDNSS_MAX 64U
22 #define NDISC_PREFIX_LFT_MIN 7200U
23
24 #define DAD_CONFLICTS_IDGEN_RETRIES_RFC7217 3
25
26 /* https://tools.ietf.org/html/rfc5453 */
27 /* https://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xml */
28
29 #define SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } })
30 #define SUBNET_ROUTER_ANYCAST_PREFIXLEN 8
31 #define RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x02, 0x00, 0x5E, 0xFF, 0xFE } })
32 #define RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN 5
33 #define RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291 ((struct in6_addr) { .s6_addr = { 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } })
34 #define RESERVED_SUBNET_ANYCAST_PREFIXLEN 7
35
36 #define NDISC_APP_ID SD_ID128_MAKE(13,ac,81,a7,d5,3f,49,78,92,79,5d,0c,29,3a,bc,7e)
37
38 static bool stableprivate_address_is_valid(const struct in6_addr *addr) {
39 assert(addr);
40
41 /* According to rfc4291, generated address should not be in the following ranges. */
42
43 if (memcmp(addr, &SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291, SUBNET_ROUTER_ANYCAST_PREFIXLEN) == 0)
44 return false;
45
46 if (memcmp(addr, &RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291, RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN) == 0)
47 return false;
48
49 if (memcmp(addr, &RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291, RESERVED_SUBNET_ANYCAST_PREFIXLEN) == 0)
50 return false;
51
52 return true;
53 }
54
55 static int make_stableprivate_address(Link *link, const struct in6_addr *prefix, uint8_t prefix_len, uint8_t dad_counter, struct in6_addr *addr) {
56 sd_id128_t secret_key;
57 struct siphash state;
58 uint64_t rid;
59 size_t l;
60 int r;
61
62 /* According to rfc7217 section 5.1
63 * RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) */
64
65 r = sd_id128_get_machine_app_specific(NDISC_APP_ID, &secret_key);
66 if (r < 0)
67 return log_error_errno(r, "Failed to generate key: %m");
68
69 siphash24_init(&state, secret_key.bytes);
70
71 l = MAX(DIV_ROUND_UP(prefix_len, 8), 8);
72 siphash24_compress(prefix, l, &state);
73 siphash24_compress(link->ifname, strlen(link->ifname), &state);
74 siphash24_compress(&link->mac, sizeof(struct ether_addr), &state);
75 siphash24_compress(&dad_counter, sizeof(uint8_t), &state);
76
77 rid = htole64(siphash24_finalize(&state));
78
79 memcpy(addr->s6_addr, prefix->s6_addr, l);
80 memcpy(addr->s6_addr + l, &rid, 16 - l);
81
82 return 0;
83 }
84
85 static int ndisc_netlink_route_message_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
86 int r;
87
88 assert(link);
89 assert(link->ndisc_messages > 0);
90
91 link->ndisc_messages--;
92
93 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
94 return 1;
95
96 r = sd_netlink_message_get_errno(m);
97 if (r < 0 && r != -EEXIST) {
98 log_link_message_error_errno(link, m, r, "Could not set NDisc route or address");
99 link_enter_failed(link);
100 return 1;
101 }
102
103 if (link->ndisc_messages == 0) {
104 link->ndisc_configured = true;
105 r = link_request_set_routes(link);
106 if (r < 0) {
107 link_enter_failed(link);
108 return 1;
109 }
110 link_check_ready(link);
111 }
112
113 return 1;
114 }
115
116 static int ndisc_netlink_address_message_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
117 int r;
118
119 assert(link);
120 assert(link->ndisc_messages > 0);
121
122 link->ndisc_messages--;
123
124 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
125 return 1;
126
127 r = sd_netlink_message_get_errno(m);
128 if (r < 0 && r != -EEXIST) {
129 log_link_message_error_errno(link, m, r, "Could not set NDisc route or address");
130 link_enter_failed(link);
131 return 1;
132 } else if (r >= 0)
133 (void) manager_rtnl_process_address(rtnl, m, link->manager);
134
135 if (link->ndisc_messages == 0) {
136 link->ndisc_configured = true;
137 r = link_request_set_routes(link);
138 if (r < 0) {
139 link_enter_failed(link);
140 return 1;
141 }
142 link_check_ready(link);
143 }
144
145 return 1;
146 }
147
148 static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) {
149 _cleanup_(route_freep) Route *route = NULL;
150 union in_addr_union gateway;
151 uint16_t lifetime;
152 unsigned preference;
153 uint32_t mtu;
154 usec_t time_now;
155 int r;
156 Address *address;
157 Iterator i;
158
159 assert(link);
160 assert(rt);
161
162 r = sd_ndisc_router_get_lifetime(rt, &lifetime);
163 if (r < 0)
164 return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
165
166 if (lifetime == 0) /* not a default router */
167 return 0;
168
169 r = sd_ndisc_router_get_address(rt, &gateway.in6);
170 if (r < 0)
171 return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
172
173 SET_FOREACH(address, link->addresses, i) {
174 if (address->family != AF_INET6)
175 continue;
176 if (in_addr_equal(AF_INET6, &gateway, &address->in_addr)) {
177 _cleanup_free_ char *buffer = NULL;
178
179 (void) in_addr_to_string(AF_INET6, &address->in_addr, &buffer);
180 log_link_debug(link, "No NDisc route added, gateway %s matches local address",
181 strnull(buffer));
182 return 0;
183 }
184 }
185
186 SET_FOREACH(address, link->addresses_foreign, i) {
187 if (address->family != AF_INET6)
188 continue;
189 if (in_addr_equal(AF_INET6, &gateway, &address->in_addr)) {
190 _cleanup_free_ char *buffer = NULL;
191
192 (void) in_addr_to_string(AF_INET6, &address->in_addr, &buffer);
193 log_link_debug(link, "No NDisc route added, gateway %s matches local address",
194 strnull(buffer));
195 return 0;
196 }
197 }
198
199 r = sd_ndisc_router_get_preference(rt, &preference);
200 if (r < 0)
201 return log_link_warning_errno(link, r, "Failed to get default router preference from RA: %m");
202
203 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
204 if (r < 0)
205 return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
206
207 r = sd_ndisc_router_get_mtu(rt, &mtu);
208 if (r == -ENODATA)
209 mtu = 0;
210 else if (r < 0)
211 return log_link_warning_errno(link, r, "Failed to get default router MTU from RA: %m");
212
213 r = route_new(&route);
214 if (r < 0)
215 return log_link_error_errno(link, r, "Could not allocate route: %m");
216
217 route->family = AF_INET6;
218 route->table = link_get_ipv6_accept_ra_route_table(link);
219 route->priority = link->network->dhcp6_route_metric;
220 route->protocol = RTPROT_RA;
221 route->pref = preference;
222 route->gw = gateway;
223 route->lifetime = time_now + lifetime * USEC_PER_SEC;
224 route->mtu = mtu;
225
226 r = route_configure(route, link, ndisc_netlink_route_message_handler);
227 if (r < 0) {
228 log_link_warning_errno(link, r, "Could not set default route: %m");
229 link_enter_failed(link);
230 return r;
231 }
232 if (r > 0)
233 link->ndisc_messages++;
234
235 Route *route_gw;
236 LIST_FOREACH(routes, route_gw, link->network->static_routes) {
237 if (!route_gw->gateway_from_dhcp)
238 continue;
239
240 if (route_gw->family != AF_INET6)
241 continue;
242
243 route_gw->gw = gateway;
244
245 r = route_configure(route_gw, link, ndisc_netlink_route_message_handler);
246 if (r < 0) {
247 log_link_error_errno(link, r, "Could not set gateway: %m");
248 link_enter_failed(link);
249 return r;
250 }
251 if (r > 0)
252 link->ndisc_messages++;
253 }
254
255 return 0;
256 }
257
258 static int ndisc_router_generate_addresses(Link *link, unsigned prefixlen, uint32_t lifetime_preferred, Address *address, Set **ret) {
259 _cleanup_set_free_free_ Set *addresses = NULL;
260 struct in6_addr addr;
261 IPv6Token *j;
262 Iterator i;
263 int r;
264
265 assert(link);
266 assert(address);
267 assert(ret);
268
269 addresses = set_new(&address_hash_ops);
270 if (!addresses)
271 return log_oom();
272
273 addr = address->in_addr.in6;
274 ORDERED_HASHMAP_FOREACH(j, link->network->ipv6_tokens, i) {
275 bool have_address = false;
276 _cleanup_(address_freep) Address *new_address = NULL;
277
278 r = address_new(&new_address);
279 if (r < 0)
280 return log_oom();
281
282 *new_address = *address;
283
284 if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE
285 && memcmp(&j->prefix, &addr, FAMILY_ADDRESS_SIZE(address->family)) == 0) {
286 /* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop
287 does not actually attempt Duplicate Address Detection; the counter will be incremented
288 only when the address generation algorithm produces an invalid address, and the loop
289 may exit with an address which ends up being unusable due to duplication on the link.
290 */
291 for (; j->dad_counter < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; j->dad_counter++) {
292 r = make_stableprivate_address(link, &j->prefix, prefixlen, j->dad_counter, &new_address->in_addr.in6);
293 if (r < 0)
294 break;
295
296 if (stableprivate_address_is_valid(&new_address->in_addr.in6)) {
297 have_address = true;
298 break;
299 }
300 }
301 } else if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC) {
302 memcpy(new_address->in_addr.in6.s6_addr + 8, j->prefix.s6_addr + 8, 8);
303 have_address = true;
304 }
305
306 if (have_address) {
307 new_address->prefixlen = prefixlen;
308 new_address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
309 new_address->cinfo.ifa_prefered = lifetime_preferred;
310
311 r = set_put(addresses, new_address);
312 if (r < 0)
313 return log_link_warning_errno(link, r, "Failed to store address: %m");
314 TAKE_PTR(new_address);
315 }
316 }
317
318 /* fall back to EUI-64 if no tokens provided addresses */
319 if (set_isempty(addresses)) {
320 _cleanup_(address_freep) Address *new_address = NULL;
321
322 r = address_new(&new_address);
323 if (r < 0)
324 return log_oom();
325
326 *new_address = *address;
327
328 r = generate_ipv6_eui_64_address(link, &new_address->in_addr.in6);
329 if (r < 0)
330 return log_link_error_errno(link, r, "Failed to generate EUI64 address: %m");
331
332 new_address->prefixlen = prefixlen;
333 new_address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
334 new_address->cinfo.ifa_prefered = lifetime_preferred;
335
336 r = set_put(addresses, new_address);
337 if (r < 0)
338 return log_link_warning_errno(link, r, "Failed to store address: %m");
339 TAKE_PTR(new_address);
340 }
341
342 *ret = TAKE_PTR(addresses);
343
344 return 0;
345 }
346
347 static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) {
348 uint32_t lifetime_valid, lifetime_preferred, lifetime_remaining;
349 _cleanup_set_free_free_ Set *addresses = NULL;
350 _cleanup_(address_freep) Address *address = NULL;
351 unsigned prefixlen;
352 usec_t time_now;
353 Address *existing_address, *a;
354 Iterator i;
355 int r;
356
357 assert(link);
358 assert(rt);
359
360 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
361 if (r < 0)
362 return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
363
364 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
365 if (r < 0)
366 return log_link_error_errno(link, r, "Failed to get prefix length: %m");
367
368 r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid);
369 if (r < 0)
370 return log_link_error_errno(link, r, "Failed to get prefix valid lifetime: %m");
371
372 r = sd_ndisc_router_prefix_get_preferred_lifetime(rt, &lifetime_preferred);
373 if (r < 0)
374 return log_link_error_errno(link, r, "Failed to get prefix preferred lifetime: %m");
375
376 /* The preferred lifetime is never greater than the valid lifetime */
377 if (lifetime_preferred > lifetime_valid)
378 return 0;
379
380 r = address_new(&address);
381 if (r < 0)
382 return log_link_error_errno(link, r, "Could not allocate address: %m");
383
384 address->family = AF_INET6;
385 r = sd_ndisc_router_prefix_get_address(rt, &address->in_addr.in6);
386 if (r < 0)
387 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
388
389 r = ndisc_router_generate_addresses(link, prefixlen, lifetime_preferred, address, &addresses);
390 if (r < 0)
391 return log_link_error_errno(link, r, "Failed to generate SLAAC addresses: %m");
392
393 SET_FOREACH(a, addresses, i) {
394 /* see RFC4862 section 5.5.3.e */
395 r = address_get(link, a->family, &a->in_addr, a->prefixlen, &existing_address);
396 if (r > 0) {
397 lifetime_remaining = existing_address->cinfo.tstamp / 100 + existing_address->cinfo.ifa_valid - time_now / USEC_PER_SEC;
398 if (lifetime_valid > NDISC_PREFIX_LFT_MIN || lifetime_valid > lifetime_remaining)
399 a->cinfo.ifa_valid = lifetime_valid;
400 else if (lifetime_remaining <= NDISC_PREFIX_LFT_MIN)
401 a->cinfo.ifa_valid = lifetime_remaining;
402 else
403 a->cinfo.ifa_valid = NDISC_PREFIX_LFT_MIN;
404 } else if (lifetime_valid > 0)
405 a->cinfo.ifa_valid = lifetime_valid;
406 else
407 return 0; /* see RFC4862 section 5.5.3.d */
408
409 if (a->cinfo.ifa_valid == 0)
410 continue;
411
412 r = address_configure(a, link, ndisc_netlink_address_message_handler, true);
413 if (r < 0) {
414 log_link_warning_errno(link, r, "Could not set SLAAC address: %m");
415 link_enter_failed(link);
416 return r;
417 }
418
419 if (r > 0)
420 link->ndisc_messages++;
421 }
422
423 return 0;
424 }
425
426 static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
427 _cleanup_(route_freep) Route *route = NULL;
428 usec_t time_now;
429 uint32_t lifetime;
430 unsigned prefixlen;
431 int r;
432
433 assert(link);
434 assert(rt);
435
436 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
437 if (r < 0)
438 return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
439
440 r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
441 if (r < 0)
442 return log_link_error_errno(link, r, "Failed to get prefix length: %m");
443
444 r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime);
445 if (r < 0)
446 return log_link_error_errno(link, r, "Failed to get prefix lifetime: %m");
447
448 r = route_new(&route);
449 if (r < 0)
450 return log_link_error_errno(link, r, "Could not allocate route: %m");
451
452 route->family = AF_INET6;
453 route->table = link_get_ipv6_accept_ra_route_table(link);
454 route->priority = link->network->dhcp6_route_metric;
455 route->protocol = RTPROT_RA;
456 route->flags = RTM_F_PREFIX;
457 route->dst_prefixlen = prefixlen;
458 route->lifetime = time_now + lifetime * USEC_PER_SEC;
459
460 r = sd_ndisc_router_prefix_get_address(rt, &route->dst.in6);
461 if (r < 0)
462 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
463
464 r = route_configure(route, link, ndisc_netlink_route_message_handler);
465 if (r < 0) {
466 log_link_warning_errno(link, r, "Could not set prefix route: %m");
467 link_enter_failed(link);
468 return r;
469 }
470 if (r > 0)
471 link->ndisc_messages++;
472
473 return 0;
474 }
475
476 static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
477 _cleanup_(route_freep) Route *route = NULL;
478 struct in6_addr gateway;
479 uint32_t lifetime;
480 unsigned preference, prefixlen;
481 usec_t time_now;
482 int r;
483
484 assert(link);
485
486 r = sd_ndisc_router_route_get_lifetime(rt, &lifetime);
487 if (r < 0)
488 return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
489
490 if (lifetime == 0)
491 return 0;
492
493 r = sd_ndisc_router_get_address(rt, &gateway);
494 if (r < 0)
495 return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
496
497 r = sd_ndisc_router_route_get_prefixlen(rt, &prefixlen);
498 if (r < 0)
499 return log_link_warning_errno(link, r, "Failed to get route prefix length: %m");
500
501 r = sd_ndisc_router_route_get_preference(rt, &preference);
502 if (r < 0)
503 return log_link_warning_errno(link, r, "Failed to get default router preference from RA: %m");
504
505 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
506 if (r < 0)
507 return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
508
509 r = route_new(&route);
510 if (r < 0)
511 return log_link_error_errno(link, r, "Could not allocate route: %m");
512
513 route->family = AF_INET6;
514 route->table = link_get_ipv6_accept_ra_route_table(link);
515 route->priority = link->network->dhcp6_route_metric;
516 route->protocol = RTPROT_RA;
517 route->pref = preference;
518 route->gw.in6 = gateway;
519 route->dst_prefixlen = prefixlen;
520 route->lifetime = time_now + lifetime * USEC_PER_SEC;
521
522 r = sd_ndisc_router_route_get_address(rt, &route->dst.in6);
523 if (r < 0)
524 return log_link_error_errno(link, r, "Failed to get route address: %m");
525
526 r = route_configure(route, link, ndisc_netlink_route_message_handler);
527 if (r < 0) {
528 log_link_warning_errno(link, r, "Could not set additional route: %m");
529 link_enter_failed(link);
530 return r;
531 }
532 if (r > 0)
533 link->ndisc_messages++;
534
535 return 0;
536 }
537
538 static void ndisc_rdnss_hash_func(const NDiscRDNSS *x, struct siphash *state) {
539 siphash24_compress(&x->address, sizeof(x->address), state);
540 }
541
542 static int ndisc_rdnss_compare_func(const NDiscRDNSS *a, const NDiscRDNSS *b) {
543 return memcmp(&a->address, &b->address, sizeof(a->address));
544 }
545
546 DEFINE_PRIVATE_HASH_OPS(ndisc_rdnss_hash_ops, NDiscRDNSS, ndisc_rdnss_hash_func, ndisc_rdnss_compare_func);
547
548 static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) {
549 uint32_t lifetime;
550 const struct in6_addr *a;
551 usec_t time_now;
552 int i, n, r;
553
554 assert(link);
555 assert(rt);
556
557 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
558 if (r < 0)
559 return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
560
561 r = sd_ndisc_router_rdnss_get_lifetime(rt, &lifetime);
562 if (r < 0)
563 return log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m");
564
565 n = sd_ndisc_router_rdnss_get_addresses(rt, &a);
566 if (n < 0)
567 return log_link_warning_errno(link, n, "Failed to get RDNSS addresses: %m");
568
569 for (i = 0; i < n; i++) {
570 _cleanup_free_ NDiscRDNSS *x = NULL;
571 NDiscRDNSS d = {
572 .address = a[i],
573 }, *y;
574
575 if (lifetime == 0) {
576 (void) set_remove(link->ndisc_rdnss, &d);
577 link_dirty(link);
578 continue;
579 }
580
581 y = set_get(link->ndisc_rdnss, &d);
582 if (y) {
583 y->valid_until = time_now + lifetime * USEC_PER_SEC;
584 continue;
585 }
586
587 ndisc_vacuum(link);
588
589 if (set_size(link->ndisc_rdnss) >= NDISC_RDNSS_MAX) {
590 log_link_warning(link, "Too many RDNSS records per link, ignoring.");
591 continue;
592 }
593
594 r = set_ensure_allocated(&link->ndisc_rdnss, &ndisc_rdnss_hash_ops);
595 if (r < 0)
596 return log_oom();
597
598 x = new(NDiscRDNSS, 1);
599 if (!x)
600 return log_oom();
601
602 *x = (NDiscRDNSS) {
603 .address = a[i],
604 .valid_until = time_now + lifetime * USEC_PER_SEC,
605 };
606
607 r = set_put(link->ndisc_rdnss, x);
608 if (r < 0)
609 return log_oom();
610
611 TAKE_PTR(x);
612
613 assert(r > 0);
614 link_dirty(link);
615 }
616
617 return 0;
618 }
619
620 static void ndisc_dnssl_hash_func(const NDiscDNSSL *x, struct siphash *state) {
621 siphash24_compress(NDISC_DNSSL_DOMAIN(x), strlen(NDISC_DNSSL_DOMAIN(x)), state);
622 }
623
624 static int ndisc_dnssl_compare_func(const NDiscDNSSL *a, const NDiscDNSSL *b) {
625 return strcmp(NDISC_DNSSL_DOMAIN(a), NDISC_DNSSL_DOMAIN(b));
626 }
627
628 DEFINE_PRIVATE_HASH_OPS(ndisc_dnssl_hash_ops, NDiscDNSSL, ndisc_dnssl_hash_func, ndisc_dnssl_compare_func);
629
630 static void ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) {
631 _cleanup_strv_free_ char **l = NULL;
632 uint32_t lifetime;
633 usec_t time_now;
634 char **i;
635 int r;
636
637 assert(link);
638 assert(rt);
639
640 r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
641 if (r < 0) {
642 log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
643 return;
644 }
645
646 r = sd_ndisc_router_dnssl_get_lifetime(rt, &lifetime);
647 if (r < 0) {
648 log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m");
649 return;
650 }
651
652 r = sd_ndisc_router_dnssl_get_domains(rt, &l);
653 if (r < 0) {
654 log_link_warning_errno(link, r, "Failed to get RDNSS addresses: %m");
655 return;
656 }
657
658 STRV_FOREACH(i, l) {
659 _cleanup_free_ NDiscDNSSL *s;
660 NDiscDNSSL *x;
661
662 s = malloc0(ALIGN(sizeof(NDiscDNSSL)) + strlen(*i) + 1);
663 if (!s) {
664 log_oom();
665 return;
666 }
667
668 strcpy(NDISC_DNSSL_DOMAIN(s), *i);
669
670 if (lifetime == 0) {
671 (void) set_remove(link->ndisc_dnssl, s);
672 link_dirty(link);
673 continue;
674 }
675
676 x = set_get(link->ndisc_dnssl, s);
677 if (x) {
678 x->valid_until = time_now + lifetime * USEC_PER_SEC;
679 continue;
680 }
681
682 ndisc_vacuum(link);
683
684 if (set_size(link->ndisc_dnssl) >= NDISC_DNSSL_MAX) {
685 log_link_warning(link, "Too many DNSSL records per link, ignoring.");
686 continue;
687 }
688
689 r = set_ensure_allocated(&link->ndisc_dnssl, &ndisc_dnssl_hash_ops);
690 if (r < 0) {
691 log_oom();
692 return;
693 }
694
695 s->valid_until = time_now + lifetime * USEC_PER_SEC;
696
697 r = set_put(link->ndisc_dnssl, s);
698 if (r < 0) {
699 log_oom();
700 return;
701 }
702
703 s = NULL;
704 assert(r > 0);
705 link_dirty(link);
706 }
707 }
708
709 static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
710 int r;
711
712 assert(link);
713 assert(link->network);
714 assert(rt);
715
716 r = sd_ndisc_router_option_rewind(rt);
717 for (;;) {
718 uint8_t type;
719
720 if (r < 0)
721 return log_link_warning_errno(link, r, "Failed to iterate through options: %m");
722 if (r == 0) /* EOF */
723 break;
724
725 r = sd_ndisc_router_option_get_type(rt, &type);
726 if (r < 0)
727 return log_link_warning_errno(link, r, "Failed to get RA option type: %m");
728
729 switch (type) {
730
731 case SD_NDISC_OPTION_PREFIX_INFORMATION: {
732 union in_addr_union a;
733 uint8_t flags;
734
735 r = sd_ndisc_router_prefix_get_address(rt, &a.in6);
736 if (r < 0)
737 return log_link_error_errno(link, r, "Failed to get prefix address: %m");
738
739 if (set_contains(link->network->ndisc_black_listed_prefix, &a.in6)) {
740 if (DEBUG_LOGGING) {
741 _cleanup_free_ char *b = NULL;
742
743 (void) in_addr_to_string(AF_INET6, &a, &b);
744 log_link_debug(link, "Prefix '%s' is black listed, ignoring", strna(b));
745 }
746
747 break;
748 }
749
750 r = sd_ndisc_router_prefix_get_flags(rt, &flags);
751 if (r < 0)
752 return log_link_warning_errno(link, r, "Failed to get RA prefix flags: %m");
753
754 if (link->network->ipv6_accept_ra_use_onlink_prefix &&
755 FLAGS_SET(flags, ND_OPT_PI_FLAG_ONLINK))
756 (void) ndisc_router_process_onlink_prefix(link, rt);
757
758 if (link->network->ipv6_accept_ra_use_autonomous_prefix &&
759 FLAGS_SET(flags, ND_OPT_PI_FLAG_AUTO))
760 (void) ndisc_router_process_autonomous_prefix(link, rt);
761
762 break;
763 }
764
765 case SD_NDISC_OPTION_ROUTE_INFORMATION:
766 (void) ndisc_router_process_route(link, rt);
767 break;
768
769 case SD_NDISC_OPTION_RDNSS:
770 if (link->network->ipv6_accept_ra_use_dns)
771 (void) ndisc_router_process_rdnss(link, rt);
772 break;
773
774 case SD_NDISC_OPTION_DNSSL:
775 if (link->network->ipv6_accept_ra_use_dns)
776 (void) ndisc_router_process_dnssl(link, rt);
777 break;
778 }
779
780 r = sd_ndisc_router_option_next(rt);
781 }
782
783 return 0;
784 }
785
786 static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
787 uint64_t flags;
788 int r;
789
790 assert(link);
791 assert(link->network);
792 assert(link->manager);
793 assert(rt);
794
795 r = sd_ndisc_router_get_flags(rt, &flags);
796 if (r < 0)
797 return log_link_warning_errno(link, r, "Failed to get RA flags: %m");
798
799 if ((flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER) && link->network->ipv6_accept_ra_start_dhcp6_client)) {
800
801 if (link->network->ipv6_accept_ra_start_dhcp6_client == IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS)
802 r = dhcp6_request_address(link, false);
803 else
804 /* (re)start DHCPv6 client in stateful or stateless mode according to RA flags */
805 r = dhcp6_request_address(link, !(flags & ND_RA_FLAG_MANAGED));
806
807 if (r < 0 && r != -EBUSY)
808 log_link_warning_errno(link, r, "Could not acquire DHCPv6 lease on NDisc request: %m");
809 else {
810 log_link_debug(link, "Acquiring DHCPv6 lease on NDisc request");
811 r = 0;
812 }
813 }
814
815 (void) ndisc_router_process_default(link, rt);
816 (void) ndisc_router_process_options(link, rt);
817
818 return r;
819 }
820
821 static void ndisc_handler(sd_ndisc *nd, sd_ndisc_event event, sd_ndisc_router *rt, void *userdata) {
822 Link *link = userdata;
823
824 assert(link);
825
826 if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
827 return;
828
829 switch (event) {
830
831 case SD_NDISC_EVENT_ROUTER:
832 (void) ndisc_router_handler(link, rt);
833 break;
834
835 case SD_NDISC_EVENT_TIMEOUT:
836 link->ndisc_configured = true;
837 link_check_ready(link);
838
839 break;
840 default:
841 log_link_warning(link, "IPv6 Neighbor Discovery unknown event: %d", event);
842 }
843 }
844
845 int ndisc_configure(Link *link) {
846 int r;
847
848 assert(link);
849
850 r = sd_ndisc_new(&link->ndisc);
851 if (r < 0)
852 return r;
853
854 r = sd_ndisc_attach_event(link->ndisc, NULL, 0);
855 if (r < 0)
856 return r;
857
858 r = sd_ndisc_set_mac(link->ndisc, &link->mac);
859 if (r < 0)
860 return r;
861
862 r = sd_ndisc_set_ifindex(link->ndisc, link->ifindex);
863 if (r < 0)
864 return r;
865
866 r = sd_ndisc_set_callback(link->ndisc, ndisc_handler, link);
867 if (r < 0)
868 return r;
869
870 return 0;
871 }
872
873 void ndisc_vacuum(Link *link) {
874 NDiscRDNSS *r;
875 NDiscDNSSL *d;
876 Iterator i;
877 usec_t time_now;
878
879 assert(link);
880
881 /* Removes all RDNSS and DNSSL entries whose validity time has passed */
882
883 time_now = now(clock_boottime_or_monotonic());
884
885 SET_FOREACH(r, link->ndisc_rdnss, i)
886 if (r->valid_until < time_now) {
887 free(set_remove(link->ndisc_rdnss, r));
888 link_dirty(link);
889 }
890
891 SET_FOREACH(d, link->ndisc_dnssl, i)
892 if (d->valid_until < time_now) {
893 free(set_remove(link->ndisc_dnssl, d));
894 link_dirty(link);
895 }
896 }
897
898 void ndisc_flush(Link *link) {
899 assert(link);
900
901 /* Removes all RDNSS and DNSSL entries, without exception */
902
903 link->ndisc_rdnss = set_free_free(link->ndisc_rdnss);
904 link->ndisc_dnssl = set_free_free(link->ndisc_dnssl);
905 }
906
907 int ipv6token_new(IPv6Token **ret) {
908 IPv6Token *p;
909
910 p = new(IPv6Token, 1);
911 if (!p)
912 return -ENOMEM;
913
914 *p = (IPv6Token) {
915 .address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_NONE,
916 };
917
918 *ret = TAKE_PTR(p);
919
920 return 0;
921 }
922
923 DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
924 ipv6_token_hash_ops,
925 void,
926 trivial_hash_func,
927 trivial_compare_func,
928 IPv6Token,
929 free);
930
931 int config_parse_ndisc_black_listed_prefix(
932 const char *unit,
933 const char *filename,
934 unsigned line,
935 const char *section,
936 unsigned section_line,
937 const char *lvalue,
938 int ltype,
939 const char *rvalue,
940 void *data,
941 void *userdata) {
942
943 Network *network = data;
944 const char *p;
945 int r;
946
947 assert(filename);
948 assert(lvalue);
949 assert(rvalue);
950 assert(data);
951
952 if (isempty(rvalue)) {
953 network->ndisc_black_listed_prefix = set_free_free(network->ndisc_black_listed_prefix);
954 return 0;
955 }
956
957 for (p = rvalue;;) {
958 _cleanup_free_ char *n = NULL;
959 _cleanup_free_ struct in6_addr *a = NULL;
960 union in_addr_union ip;
961
962 r = extract_first_word(&p, &n, NULL, 0);
963 if (r < 0) {
964 log_syntax(unit, LOG_ERR, filename, line, r,
965 "Failed to parse NDISC black listed prefix, ignoring assignment: %s",
966 rvalue);
967 return 0;
968 }
969 if (r == 0)
970 return 0;
971
972 r = in_addr_from_string(AF_INET6, n, &ip);
973 if (r < 0) {
974 log_syntax(unit, LOG_ERR, filename, line, r,
975 "NDISC black listed prefix is invalid, ignoring assignment: %s", n);
976 continue;
977 }
978
979 if (set_contains(network->ndisc_black_listed_prefix, &ip.in6))
980 continue;
981
982 r = set_ensure_allocated(&network->ndisc_black_listed_prefix, &in6_addr_hash_ops);
983 if (r < 0)
984 return log_oom();
985
986 a = newdup(struct in6_addr, &ip.in6, 1);
987 if (!a)
988 return log_oom();
989
990 r = set_put(network->ndisc_black_listed_prefix, a);
991 if (r < 0) {
992 log_syntax(unit, LOG_ERR, filename, line, r,
993 "Failed to store NDISC black listed prefix '%s', ignoring assignment: %m", n);
994 continue;
995 }
996
997 TAKE_PTR(a);
998 }
999
1000 return 0;
1001 }
1002
1003 int config_parse_address_generation_type(
1004 const char *unit,
1005 const char *filename,
1006 unsigned line,
1007 const char *section,
1008 unsigned section_line,
1009 const char *lvalue,
1010 int ltype,
1011 const char *rvalue,
1012 void *data,
1013 void *userdata) {
1014
1015 _cleanup_free_ IPv6Token *token = NULL;
1016 union in_addr_union buffer;
1017 Network *network = data;
1018 const char *p;
1019 int r;
1020
1021 assert(filename);
1022 assert(lvalue);
1023 assert(rvalue);
1024 assert(data);
1025
1026 if (isempty(rvalue)) {
1027 network->ipv6_tokens = ordered_hashmap_free(network->ipv6_tokens);
1028 return 0;
1029 }
1030
1031 r = ipv6token_new(&token);
1032 if (r < 0)
1033 return log_oom();
1034
1035 if ((p = startswith(rvalue, "static:")))
1036 token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_STATIC;
1037 else if ((p = startswith(rvalue, "prefixstable:")))
1038 token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE;
1039 else {
1040 token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_STATIC;
1041 p = rvalue;
1042 }
1043
1044 r = in_addr_from_string(AF_INET6, p, &buffer);
1045 if (r < 0) {
1046 log_syntax(unit, LOG_ERR, filename, line, r,
1047 "Failed to parse IPv6 %s, ignoring: %s", lvalue, rvalue);
1048 return 0;
1049 }
1050
1051 if (in_addr_is_null(AF_INET6, &buffer)) {
1052 log_syntax(unit, LOG_ERR, filename, line, 0,
1053 "IPv6 %s cannot be the ANY address, ignoring: %s", lvalue, rvalue);
1054 return 0;
1055 }
1056
1057 token->prefix = buffer.in6;
1058
1059 r = ordered_hashmap_ensure_allocated(&network->ipv6_tokens, &ipv6_token_hash_ops);
1060 if (r < 0)
1061 return log_oom();
1062
1063 r = ordered_hashmap_put(network->ipv6_tokens, &token->prefix, token);
1064 if (r < 0) {
1065 log_syntax(unit, LOG_ERR, filename, line, r,
1066 "Failed to store IPv6 token '%s'", rvalue);
1067 return 0;
1068 }
1069
1070 TAKE_PTR(token);
1071
1072 return 0;
1073 }
1074
1075 DEFINE_CONFIG_PARSE_ENUM(config_parse_ipv6_accept_ra_start_dhcp6_client, ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client,
1076 "Failed to parse DHCPv6Client= setting")
1077 static const char* const ipv6_accept_ra_start_dhcp6_client_table[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX] = {
1078 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO] = "no",
1079 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS] = "always",
1080 [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES] = "yes",
1081 };
1082
1083 DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(ipv6_accept_ra_start_dhcp6_client, IPv6AcceptRAStartDHCP6Client, IPV6_ACCEPT_RA_START_DHCP6_CLIENT_YES);
Unnamed repository; edit this file 'description' to name the repository.