network: add global setting for IPv6PrivacyExtensions=

Closes #28186.

diff --git a/man/networkd.conf.xml b/man/networkd.conf.xml
index 85b21ee7f98174ee918c816db1319b73d680f8cf..abf47d17b61e6a8dbd8bf64604642ba32f30bc74 100644 (file)
--- a/man/networkd.conf.xml
+++ b/man/networkd.conf.xml
@@ -94,6 +94,16 @@
         specified earlier are cleared. Defaults to unset.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>IPv6PrivacyExtensions=</varname></term>
+        <listitem>
+          <para>Specifies the default value for per-network <varname>IPv6PrivacyExtensions=</varname>.
+          Takes a boolean or the special values <literal>prefer-public</literal> and
+          <literal>kernel</literal>. See for details in
+          <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+          Defaults to <literal>no</literal>.</para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 

diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 1b3400005245502602d1ea507166e0492c5d028a..f527f31111d54001f373c3685c9983fbe6bfcc2f 100644 (file)
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -724,8 +724,10 @@ Table=1234</programlisting></para>
           enables the privacy extensions and prefers temporary addresses over public addresses. When
           <literal>prefer-public</literal>, enables the privacy extensions, but prefers public
           addresses over temporary addresses. When false, the privacy extensions remain disabled. When
-          <literal>kernel</literal>, the kernel's default setting will be left in place. Defaults to
-          <literal>no</literal>.</para>
+          <literal>kernel</literal>, the kernel's default setting will be left in place. When unspecified,
+          the value specified in the same setting in
+          <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+          which defaults to <literal>no</literal>, will be used.</para>
         </listitem>
       </varlistentry>
 

diff --git a/src/network/networkd-gperf.gperf b/src/network/networkd-gperf.gperf
index 8ed90f0e4b84a869703acf2e01ed636615b13dc6..8542ffa6b5d1ef00f9376fa828308c73a67a2148 100644 (file)
--- a/src/network/networkd-gperf.gperf
+++ b/src/network/networkd-gperf.gperf
@@ -26,6 +26,7 @@ Network.SpeedMeterIntervalSec,           config_parse_sec,
 Network.ManageForeignRoutingPolicyRules, config_parse_bool,                      0,          offsetof(Manager, manage_foreign_rules)
 Network.ManageForeignRoutes,             config_parse_bool,                      0,          offsetof(Manager, manage_foreign_routes)
 Network.RouteTable,                      config_parse_route_table_names,         0,          0
+Network.IPv6PrivacyExtensions,           config_parse_ipv6_privacy_extensions,   0,          offsetof(Manager, ipv6_privacy_extensions)
 DHCPv4.DUIDType,                         config_parse_duid_type,                 0,          offsetof(Manager, dhcp_duid)
 DHCPv4.DUIDRawData,                      config_parse_duid_rawdata,              0,          offsetof(Manager, dhcp_duid)
 DHCPv6.DUIDType,                         config_parse_duid_type,                 0,          offsetof(Manager, dhcp6_duid)

diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index 303b76c0c69b86b8ad3a7133d915460be3aec350..b6ba216eee8a51d2de2ed1d0960640406bb3962f 100644 (file)
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@@ -589,6 +589,7 @@ int manager_new(Manager **ret, bool test_mode) {
 
         *m = (Manager) {
                 .keep_configuration = _KEEP_CONFIGURATION_INVALID,
+                .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO,
                 .test_mode = test_mode,
                 .speed_meter_interval_usec = SPEED_METER_DEFAULT_TIME_INTERVAL,
                 .online_state = _LINK_ONLINE_STATE_INVALID,

diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h
index c9cbcf928994d5b3090be8aa930f76e1cd1289aa..a27137a8456a29f22b09a0cc3c4c04beeb8aa0a6 100644 (file)
--- a/src/network/networkd-manager.h
+++ b/src/network/networkd-manager.h
@@ -13,6 +13,7 @@
 #include "hashmap.h"
 #include "networkd-link.h"
 #include "networkd-network.h"
+#include "networkd-sysctl.h"
 #include "ordered-set.h"
 #include "set.h"
 #include "time-util.h"
@@ -29,6 +30,7 @@ struct Manager {
         int ethtool_fd;
 
         KeepConfiguration keep_configuration;
+        IPv6PrivacyExtensions ipv6_privacy_extensions;
 
         bool test_mode;
         bool enumerating;

diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 9a0511eeef75fab46629b51aec4adc9667582e79..7eef3d5b52c2c5ab81dcfe2fb58017e97a375569 100644 (file)
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -467,7 +467,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
 
                 .ipv4_accept_local = -1,
                 .ipv4_route_localnet = -1,
-                .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO,
+                .ipv6_privacy_extensions = _IPV6_PRIVACY_EXTENSIONS_INVALID,
                 .ipv6_dad_transmits = -1,
                 .ipv6_hop_limit = -1,
                 .ipv6_proxy_ndp = -1,

diff --git a/src/network/networkd-sysctl.c b/src/network/networkd-sysctl.c
index 729bd68dabbdbfd6a90850e71898811509aef2b6..7c9a83ba5799bf8d50722fd3e971cd88dd78e885 100644 (file)
--- a/src/network/networkd-sysctl.c
+++ b/src/network/networkd-sysctl.c
@@ -5,6 +5,7 @@
 
 #include "missing_network.h"
 #include "networkd-link.h"
+#include "networkd-manager.h"
 #include "networkd-network.h"
 #include "networkd-sysctl.h"
 #include "socket-util.h"
@@ -89,7 +90,10 @@ static int link_set_ipv6_forward(Link *link) {
 }
 
 static int link_set_ipv6_privacy_extensions(Link *link) {
+        IPv6PrivacyExtensions val;
+
         assert(link);
+        assert(link->manager);
 
         if (!socket_ipv6_is_supported())
                 return 0;
@@ -100,11 +104,15 @@ static int link_set_ipv6_privacy_extensions(Link *link) {
         if (!link->network)
                 return 0;
 
+        val = link->network->ipv6_privacy_extensions;
+        if (val < 0) /* If not specified, then use the global setting. */
+                val = link->manager->ipv6_privacy_extensions;
+
         /* When "kernel", do not update the setting. */
-        if (link->network->ipv6_privacy_extensions == IPV6_PRIVACY_EXTENSIONS_KERNEL)
+        if (val == IPV6_PRIVACY_EXTENSIONS_KERNEL)
                 return 0;
 
-        return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) link->network->ipv6_privacy_extensions);
+        return sysctl_write_ip_property_int(AF_INET6, link->ifname, "use_tempaddr", (int) val);
 }
 
 static int link_set_ipv6_accept_ra(Link *link) {

diff --git a/src/network/networkd.conf b/src/network/networkd.conf
index 38dc9f1f79d9396386f9862358ac6c1d51e72ae4..f2c0790d87fb4652f484b49b83e7ceaa29894215 100644 (file)
--- a/src/network/networkd.conf
+++ b/src/network/networkd.conf
@@ -18,6 +18,7 @@
 #ManageForeignRoutingPolicyRules=yes
 #ManageForeignRoutes=yes
 #RouteTable=
+#IPv6PrivacyExtensions=no
 
 [DHCPv4]
 #DUIDType=vendor