]> git.ipfire.org Git - thirdparty/systemd.git/blobdiff - src/network/networkd-link.c
projects / thirdparty / systemd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #13439 from yuwata/core-support-systemctl-clean-more
[thirdparty/systemd.git] / src / network / networkd-link.c
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 46830290c6391debdfb44f3dd004fac51bb3635f..f5bb78890a0c51ba0448ffb52dc66032471949fa 100644 (file)
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -2,6 +2,7 @@
 
 #include <netinet/in.h>
 #include <linux/if.h>
+#include <linux/if_arp.h>
 #include <unistd.h>
 
 #include "alloc-util.h"
@@ -68,27 +69,6 @@ DUID* link_get_duid(Link *link) {
                 return &link->manager->duid;
 }
 
-int link_sysctl_ipv6_enabled(Link *link) {
-        _cleanup_free_ char *value = NULL;
-        int r;
-
-        assert(link);
-        assert(link->ifname);
-
-        if (link->sysctl_ipv6_enabled >= 0)
-                return link->sysctl_ipv6_enabled;
-
-        const char *ifname = link->ifname; /* work around bogus gcc warning */
-        r = sysctl_read_ip_property(AF_INET6, ifname, "disable_ipv6", &value);
-        if (r < 0)
-                return log_link_warning_errno(link, r,
-                                              "Failed to read net.ipv6.conf.%s.disable_ipv6 sysctl property: %m",
-                                              ifname);
-
-        link->sysctl_ipv6_enabled = value[0] == '0';
-        return link->sysctl_ipv6_enabled;
-}
-
 static bool link_dhcp6_enabled(Link *link) {
         assert(link);
 
@@ -104,10 +84,7 @@ static bool link_dhcp6_enabled(Link *link) {
         if (link->network->bond)
                 return false;
 
-        if (STRPTR_IN_SET(link->kind, "can", "vcan", "vxcan"))
-                return false;
-
-        if (link_sysctl_ipv6_enabled(link) == 0)
+        if (link->iftype == ARPHRD_CAN)
                 return false;
 
         return link->network->dhcp & ADDRESS_FAMILY_IPV6;
@@ -125,7 +102,7 @@ static bool link_dhcp4_enabled(Link *link) {
         if (link->network->bond)
                 return false;
 
-        if (STRPTR_IN_SET(link->kind, "can", "vcan", "vxcan"))
+        if (link->iftype == ARPHRD_CAN)
                 return false;
 
         return link->network->dhcp & ADDRESS_FAMILY_IPV4;
@@ -143,13 +120,13 @@ static bool link_dhcp4_server_enabled(Link *link) {
         if (link->network->bond)
                 return false;
 
-        if (STRPTR_IN_SET(link->kind, "can", "vcan", "vxcan"))
+        if (link->iftype == ARPHRD_CAN)
                 return false;
 
         return link->network->dhcp_server;
 }
 
-bool link_ipv4ll_enabled(Link *link, AddressFamilyBoolean mask) {
+bool link_ipv4ll_enabled(Link *link, AddressFamily mask) {
         assert(link);
         assert((mask & ~(ADDRESS_FAMILY_IPV4 | ADDRESS_FAMILY_FALLBACK_IPV4)) == 0);
 
@@ -159,9 +136,12 @@ bool link_ipv4ll_enabled(Link *link, AddressFamilyBoolean mask) {
         if (!link->network)
                 return false;
 
+        if (link->iftype == ARPHRD_CAN)
+                return false;
+
         if (STRPTR_IN_SET(link->kind,
                           "vrf", "wireguard", "ipip", "gre", "ip6gre","ip6tnl", "sit", "vti",
-                          "vti6", "can", "vcan", "vxcan", "nlmon", "xfrm"))
+                          "vti6", "nlmon", "xfrm"))
                 return false;
 
         /* L3 or L3S mode do not support ARP. */
@@ -186,13 +166,13 @@ static bool link_ipv6ll_enabled(Link *link) {
         if (!link->network)
                 return false;
 
-        if (STRPTR_IN_SET(link->kind, "vrf", "wireguard", "ipip", "gre", "sit", "vti", "can", "vcan", "vxcan", "nlmon"))
+        if (link->iftype == ARPHRD_CAN)
                 return false;
 
-        if (link->network->bond)
+        if (STRPTR_IN_SET(link->kind, "vrf", "wireguard", "ipip", "gre", "sit", "vti", "nlmon"))
                 return false;
 
-        if (link_sysctl_ipv6_enabled(link) == 0)
+        if (link->network->bond)
                 return false;
 
         return link->network->link_local & ADDRESS_FAMILY_IPV6;
@@ -207,14 +187,17 @@ static bool link_ipv6_enabled(Link *link) {
         if (link->network->bond)
                 return false;
 
-        if (link_sysctl_ipv6_enabled(link) == 0)
-                return false;
-
-        if (STRPTR_IN_SET(link->kind, "can", "vcan", "vxcan"))
+        if (link->iftype == ARPHRD_CAN)
                 return false;
 
         /* DHCPv6 client will not be started if no IPv6 link-local address is configured. */
-        return link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
+        if (link_ipv6ll_enabled(link))
+                return true;
+
+        if (network_has_static_ipv6_configurations(link->network))
+                return true;
+
+        return false;
 }
 
 static bool link_radv_enabled(Link *link) {
@@ -235,7 +218,7 @@ static bool link_ipv4_forward_enabled(Link *link) {
         if (!link->network)
                 return false;
 
-        if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID)
+        if (link->network->ip_forward == _ADDRESS_FAMILY_INVALID)
                 return false;
 
         return link->network->ip_forward & ADDRESS_FAMILY_IPV4;
@@ -253,10 +236,7 @@ static bool link_ipv6_forward_enabled(Link *link) {
         if (!link->network)
                 return false;
 
-        if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID)
-                return false;
-
-        if (link_sysctl_ipv6_enabled(link) == 0)
+        if (link->network->ip_forward == _ADDRESS_FAMILY_INVALID)
                 return false;
 
         return link->network->ip_forward & ADDRESS_FAMILY_IPV6;
@@ -322,20 +302,21 @@ static IPv6PrivacyExtensions link_ipv6_privacy_extensions(Link *link) {
         return link->network->ipv6_privacy_extensions;
 }
 
-static int link_enable_ipv6(Link *link) {
-        bool disabled;
+static int link_update_ipv6_sysctl(Link *link) {
+        bool enabled;
         int r;
 
         if (link->flags & IFF_LOOPBACK)
                 return 0;
 
-        disabled = !link_ipv6_enabled(link);
+        enabled = link_ipv6_enabled(link);
+        if (enabled) {
+                r = sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", false);
+                if (r < 0)
+                        return log_link_warning_errno(link, r, "Cannot enable IPv6: %m");
 
-        r = sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", disabled);
-        if (r < 0)
-                log_link_warning_errno(link, r, "Cannot %s IPv6: %m", enable_disable(!disabled));
-        else
-                log_link_info(link, "IPv6 successfully %sd", enable_disable(!disabled));
+                log_link_info(link, "IPv6 successfully enabled");
+        }
 
         return 0;
 }
@@ -605,10 +586,15 @@ static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) {
                 .n_ref = 1,
                 .manager = manager,
                 .state = LINK_STATE_PENDING,
-                .rtnl_extended_attrs = true,
                 .ifindex = ifindex,
                 .iftype = iftype,
-                .sysctl_ipv6_enabled = -1,
+
+                .n_dns = (unsigned) -1,
+                .dns_default_route = -1,
+                .llmnr = _RESOLVE_SUPPORT_INVALID,
+                .mdns = _RESOLVE_SUPPORT_INVALID,
+                .dnssec_mode = _DNSSEC_MODE_INVALID,
+                .dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID,
         };
 
         link->ifname = strdup(ifname);
@@ -655,14 +641,40 @@ static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) {
         return 0;
 }
 
+void link_ntp_settings_clear(Link *link) {
+        link->ntp = strv_free(link->ntp);
+}
+
+void link_dns_settings_clear(Link *link) {
+        link->dns = mfree(link->dns);
+        link->n_dns = (unsigned) -1;
+
+        link->search_domains = ordered_set_free_free(link->search_domains);
+        link->route_domains = ordered_set_free_free(link->route_domains);
+
+        link->dns_default_route = -1;
+        link->llmnr = _RESOLVE_SUPPORT_INVALID;
+        link->mdns = _RESOLVE_SUPPORT_INVALID;
+        link->dnssec_mode = _DNSSEC_MODE_INVALID;
+        link->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
+
+        link->dnssec_negative_trust_anchors = set_free_free(link->dnssec_negative_trust_anchors);
+}
+
 static Link *link_free(Link *link) {
         Address *address;
 
         assert(link);
 
+        link_ntp_settings_clear(link);
+        link_dns_settings_clear(link);
+
         link->routes = set_free_with_destructor(link->routes, route_free);
         link->routes_foreign = set_free_with_destructor(link->routes_foreign, route_free);
 
+        link->neighbors = set_free_with_destructor(link->neighbors, neighbor_free);
+        link->neighbors_foreign = set_free_with_destructor(link->neighbors_foreign, neighbor_free);
+
         link->addresses = set_free_with_destructor(link->addresses, address_free);
         link->addresses_foreign = set_free_with_destructor(link->addresses_foreign, address_free);
 
@@ -674,6 +686,7 @@ static Link *link_free(Link *link) {
         sd_dhcp_server_unref(link->dhcp_server);
         sd_dhcp_client_unref(link->dhcp_client);
         sd_dhcp_lease_unref(link->dhcp_lease);
+        set_free(link->dhcp_routes);
 
         link_lldp_emit_stop(link);
 
@@ -1241,10 +1254,6 @@ int link_set_mtu(Link *link, uint32_t mtu) {
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not allocate RTM_SETLINK message: %m");
 
-        /* If IPv6 not configured (no static IPv6 address and IPv6LL autoconfiguration is disabled)
-         * for this interface, then disable IPv6 else enable it. */
-        (void) link_enable_ipv6(link);
-
         /* IPv6 protocol requires a minimum MTU of IPV6_MTU_MIN(1280) bytes
          * on the interface. Bump up MTU bytes to IPV6_MTU_MIN. */
         if (link_ipv6_enabled(link) && mtu < IPV6_MIN_MTU) {
@@ -1908,6 +1917,8 @@ static int link_append_to_master(Link *link, NetDev *netdev) {
         r = set_put(master->slaves, link);
         if (r < 0)
                 return r;
+        if (r == 0)
+                return 0;
 
         link_ref(link);
         return 0;
@@ -2310,6 +2321,22 @@ static bool link_is_static_address_configured(Link *link, Address *address) {
         return false;
 }
 
+static bool link_is_neighbor_configured(Link *link, Neighbor *neighbor) {
+        Neighbor *net_neighbor;
+
+        assert(link);
+        assert(neighbor);
+
+        if (!link->network)
+                return false;
+
+        LIST_FOREACH(neighbors, net_neighbor, link->network->neighbors)
+                if (neighbor_equal(net_neighbor, neighbor))
+                        return true;
+
+        return false;
+}
+
 static bool link_is_static_route_configured(Link *link, Route *route) {
         Route *net_route;
 
@@ -2355,6 +2382,7 @@ static bool link_address_is_dynamic(Link *link, Address *address) {
 
 static int link_drop_foreign_config(Link *link) {
         Address *address;
+        Neighbor *neighbor;
         Route *route;
         Iterator i;
         int r;
@@ -2381,11 +2409,32 @@ static int link_drop_foreign_config(Link *link) {
                 }
         }
 
+        SET_FOREACH(neighbor, link->neighbors_foreign, i) {
+                if (link_is_neighbor_configured(link, neighbor)) {
+                        r = neighbor_add(link, neighbor->family, &neighbor->in_addr, &neighbor->lladdr, neighbor->lladdr_size, NULL);
+                        if (r < 0)
+                                return r;
+                } else {
+                        r = neighbor_remove(neighbor, link, NULL);
+                        if (r < 0)
+                                return r;
+                }
+        }
+
         SET_FOREACH(route, link->routes_foreign, i) {
                 /* do not touch routes managed by the kernel */
                 if (route->protocol == RTPROT_KERNEL)
                         continue;
 
+                /* do not touch multicast route added by kernel */
+                /* FIXME: Why the kernel adds this route with protocol RTPROT_BOOT??? We need to investigate that.
+                 * https://tools.ietf.org/html/rfc4862#section-5.4 may explain why. */
+                if (route->protocol == RTPROT_BOOT &&
+                    route->family == AF_INET6 &&
+                    route->dst_prefixlen == 8 &&
+                    in_addr_equal(AF_INET6, &route->dst, &(union in_addr_union) { .in6 = {{{ 0xff,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 }}} }))
+                        continue;
+
                 if (route->protocol == RTPROT_STATIC &&
                     FLAGS_SET(link->network->keep_configuration, KEEP_CONFIGURATION_STATIC))
                         continue;
@@ -2395,7 +2444,7 @@ static int link_drop_foreign_config(Link *link) {
                         continue;
 
                 if (link_is_static_route_configured(link, route)) {
-                        r = route_add(link, route->family, &route->dst, route->dst_prefixlen, route->tos, route->priority, route->table, NULL);
+                        r = route_add(link, route->family, &route->dst, route->dst_prefixlen, &route->gw, route->tos, route->priority, route->table, NULL);
                         if (r < 0)
                                 return r;
                 } else {
@@ -2410,6 +2459,7 @@ static int link_drop_foreign_config(Link *link) {
 
 static int link_drop_config(Link *link) {
         Address *address, *pool_address;
+        Neighbor *neighbor;
         Route *route;
         Iterator i;
         int r;
@@ -2433,6 +2483,12 @@ static int link_drop_config(Link *link) {
                 }
         }
 
+        SET_FOREACH(neighbor, link->neighbors, i) {
+                r = neighbor_remove(neighbor, link, NULL);
+                if (r < 0)
+                        return r;
+        }
+
         SET_FOREACH(route, link->routes, i) {
                 /* do not touch routes managed by the kernel */
                 if (route->protocol == RTPROT_KERNEL)
@@ -2455,7 +2511,7 @@ static int link_configure(Link *link) {
         assert(link->network);
         assert(link->state == LINK_STATE_INITIALIZED);
 
-        if (STRPTR_IN_SET(link->kind, "can", "vcan", "vxcan"))
+        if (link->iftype == ARPHRD_CAN)
                 return link_configure_can(link);
 
         /* Drop foreign config, but ignore loopback or critical devices.
@@ -2467,6 +2523,10 @@ static int link_configure(Link *link) {
                         return r;
         }
 
+        /* If IPv6 configured that is static IPv6 address and IPv6LL autoconfiguration is enabled
+         * for this interface, then enable IPv6 */
+        (void) link_update_ipv6_sysctl(link);
+
         r = link_set_proxy_arp(link);
         if (r < 0)
                return r;
@@ -2640,6 +2700,8 @@ int get_product_uuid_handler(sd_bus_message *m, void *userdata, sd_bus_error *re
 
 configure:
         while ((link = set_steal_first(manager->links_requesting_uuid))) {
+                link_unref(link);
+
                 r = link_configure(link);
                 if (r < 0)
                         link_enter_failed(link);
@@ -2712,6 +2774,8 @@ static int link_configure_duid(Link *link) {
                 r = set_put(m->duids_requesting_uuid, duid);
                 if (r < 0)
                         return log_oom();
+
+                link_ref(link);
         }
 
         return 0;
@@ -2968,7 +3032,7 @@ network_file_fail:
                                 continue;
                         }
 
-                        r = route_add(link, family, &route_dst, prefixlen, tos, priority, table, &route);
+                        r = route_add(link, family, &route_dst, prefixlen, NULL, tos, priority, table, &route);
                         if (r < 0)
                                 return log_link_error_errno(link, r, "Failed to add route: %m");
 
@@ -3386,6 +3450,26 @@ static void print_link_hashmap(FILE *f, const char *prefix, Hashmap* h) {
         fputc('\n', f);
 }
 
+static void link_save_dns(FILE *f, struct in_addr_data *dns, unsigned n_dns, bool *space) {
+        unsigned j;
+        int r;
+
+        for (j = 0; j < n_dns; j++) {
+                _cleanup_free_ char *b = NULL;
+
+                r = in_addr_to_string(dns[j].family, &dns[j].address, &b);
+                if (r < 0) {
+                        log_debug_errno(r, "Failed to format address, ignoring: %m");
+                        continue;
+                }
+
+                if (*space)
+                        fputc(' ', f);
+                fputs(b, f);
+                *space = true;
+        }
+}
+
 int link_save(Link *link) {
         _cleanup_free_ char *temp_path = NULL;
         _cleanup_fclose_ FILE *f = NULL;
@@ -3437,7 +3521,6 @@ int link_save(Link *link) {
                 char **dhcp6_domains = NULL, **dhcp_domains = NULL;
                 const char *dhcp_domainname = NULL, *p;
                 sd_dhcp6_lease *dhcp6_lease = NULL;
-                unsigned j;
                 bool space;
 
                 fprintf(f, "REQUIRED_FOR_ONLINE=%s\n",
@@ -3457,21 +3540,10 @@ int link_save(Link *link) {
                 fputs("DNS=", f);
                 space = false;
 
-                for (j = 0; j < link->network->n_dns; j++) {
-                        _cleanup_free_ char *b = NULL;
-
-                        r = in_addr_to_string(link->network->dns[j].family,
-                                              &link->network->dns[j].address,  &b);
-                        if (r < 0) {
-                                log_debug_errno(r, "Failed to format address, ignoring: %m");
-                                continue;
-                        }
-
-                        if (space)
-                                fputc(' ', f);
-                        fputs(b, f);
-                        space = true;
-                }
+                if (link->n_dns != (unsigned) -1)
+                        link_save_dns(f, link->dns, link->n_dns, &space);
+                else
+                        link_save_dns(f, link->network->dns, link->network->n_dns, &space);
 
                 if (link->network->dhcp_use_dns &&
                     link->dhcp_lease) {
@@ -3514,7 +3586,7 @@ int link_save(Link *link) {
 
                 fputs("NTP=", f);
                 space = false;
-                fputstrv(f, link->network->ntp, NULL, &space);
+                fputstrv(f, link->ntp ?: link->network->ntp, NULL, &space);
 
                 if (link->network->dhcp_use_ntp &&
                     link->dhcp_lease) {
@@ -3557,7 +3629,7 @@ int link_save(Link *link) {
 
                 fputs("DOMAINS=", f);
                 space = false;
-                ORDERED_SET_FOREACH(p, link->network->search_domains, i)
+                ORDERED_SET_FOREACH(p, link->search_domains ?: link->network->search_domains, i)
                         fputs_with_space(f, p, NULL, &space);
 
                 if (link->network->dhcp_use_domains == DHCP_USE_DOMAINS_YES) {
@@ -3580,7 +3652,7 @@ int link_save(Link *link) {
 
                 fputs("ROUTE_DOMAINS=", f);
                 space = false;
-                ORDERED_SET_FOREACH(p, link->network->route_domains, i)
+                ORDERED_SET_FOREACH(p, link->route_domains ?: link->network->route_domains, i)
                         fputs_with_space(f, p, NULL, &space);
 
                 if (link->network->dhcp_use_domains == DHCP_USE_DOMAINS_ROUTE) {
@@ -3602,21 +3674,37 @@ int link_save(Link *link) {
                 fputc('\n', f);
 
                 fprintf(f, "LLMNR=%s\n",
-                        resolve_support_to_string(link->network->llmnr));
+                        resolve_support_to_string(link->llmnr >= 0 ? link->llmnr : link->network->llmnr));
                 fprintf(f, "MDNS=%s\n",
-                        resolve_support_to_string(link->network->mdns));
-                if (link->network->dns_default_route >= 0)
+                        resolve_support_to_string(link->mdns >= 0 ? link->mdns : link->network->mdns));
+                if (link->dns_default_route >= 0)
+                        fprintf(f, "DNS_DEFAULT_ROUTE=%s\n", yes_no(link->dns_default_route));
+                else if (link->network->dns_default_route >= 0)
                         fprintf(f, "DNS_DEFAULT_ROUTE=%s\n", yes_no(link->network->dns_default_route));
 
-                if (link->network->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
+                if (link->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
+                        fprintf(f, "DNS_OVER_TLS=%s\n",
+                                dns_over_tls_mode_to_string(link->dns_over_tls_mode));
+                else if (link->network->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
                         fprintf(f, "DNS_OVER_TLS=%s\n",
                                 dns_over_tls_mode_to_string(link->network->dns_over_tls_mode));
 
-                if (link->network->dnssec_mode != _DNSSEC_MODE_INVALID)
+                if (link->dnssec_mode != _DNSSEC_MODE_INVALID)
+                        fprintf(f, "DNSSEC=%s\n",
+                                dnssec_mode_to_string(link->dnssec_mode));
+                else if (link->network->dnssec_mode != _DNSSEC_MODE_INVALID)
                         fprintf(f, "DNSSEC=%s\n",
                                 dnssec_mode_to_string(link->network->dnssec_mode));
 
-                if (!set_isempty(link->network->dnssec_negative_trust_anchors)) {
+                if (!set_isempty(link->dnssec_negative_trust_anchors)) {
+                        const char *n;
+
+                        fputs("DNSSEC_NTA=", f);
+                        space = false;
+                        SET_FOREACH(n, link->dnssec_negative_trust_anchors, i)
+                                fputs_with_space(f, n, NULL, &space);
+                        fputc('\n', f);
+                } else if (!set_isempty(link->network->dnssec_negative_trust_anchors)) {
                         const char *n;
 
                         fputs("DNSSEC_NTA=", f);
Unnamed repository; edit this file 'description' to name the repository.