]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
a0e5c15d FK |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2017 Florian Klink <flokli@flokli.de> | |
6 | ||
7 | systemd is free software; you can redistribute it and/or modify it | |
8 | under the terms of the GNU Lesser General Public License as published by | |
9 | the Free Software Foundation; either version 2.1 of the License, or | |
10 | (at your option) any later version. | |
11 | ||
12 | systemd is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | Lesser General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU Lesser General Public License | |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
19 | ***/ | |
20 | ||
21 | #include <netinet/ether.h> | |
22 | #include <linux/if.h> | |
23 | #include <unistd.h> | |
24 | ||
25 | #include "fileio.h" | |
26 | #include "netlink-util.h" | |
27 | #include "networkd-ipv6-proxy-ndp.h" | |
28 | #include "networkd-link.h" | |
29 | #include "networkd-manager.h" | |
30 | #include "networkd-network.h" | |
31 | #include "string-util.h" | |
32 | ||
33 | static bool ipv6_proxy_ndp_is_needed(Link *link) { | |
34 | assert(link); | |
35 | ||
36 | if (link->flags & IFF_LOOPBACK) | |
37 | return false; | |
38 | ||
39 | if (!link->network) | |
40 | return false; | |
41 | ||
465dfe59 HV |
42 | if (link->network->ipv6_proxy_ndp != -1) |
43 | return link->network->ipv6_proxy_ndp; | |
44 | ||
a0e5c15d FK |
45 | if (link->network->n_ipv6_proxy_ndp_addresses == 0) |
46 | return false; | |
47 | ||
48 | return true; | |
49 | } | |
50 | ||
51 | static int ipv6_proxy_ndp_set(Link *link) { | |
52 | const char *p = NULL; | |
53 | int r, v; | |
54 | ||
55 | assert(link); | |
56 | ||
57 | v = ipv6_proxy_ndp_is_needed(link); | |
58 | p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/proxy_ndp"); | |
59 | ||
60 | r = write_string_file(p, one_zero(v), WRITE_STRING_FILE_VERIFY_ON_FAILURE); | |
61 | if (r < 0) | |
62 | log_link_warning_errno(link, r, "Cannot configure proxy NDP for interface: %m"); | |
63 | ||
64 | return 0; | |
65 | } | |
66 | ||
67 | int ipv6_proxy_ndp_address_new_static(Network *network, IPv6ProxyNDPAddress **ret) { | |
68 | _cleanup_(ipv6_proxy_ndp_address_freep) IPv6ProxyNDPAddress *ipv6_proxy_ndp_address = NULL; | |
69 | ||
70 | assert(network); | |
71 | assert(ret); | |
72 | ||
73 | /* allocate space for IPv6ProxyNDPAddress entry */ | |
74 | ipv6_proxy_ndp_address = new0(IPv6ProxyNDPAddress, 1); | |
75 | if (!ipv6_proxy_ndp_address) | |
76 | return -ENOMEM; | |
77 | ||
78 | ipv6_proxy_ndp_address->network = network; | |
79 | ||
80 | LIST_PREPEND(ipv6_proxy_ndp_addresses, network->ipv6_proxy_ndp_addresses, ipv6_proxy_ndp_address); | |
81 | network->n_ipv6_proxy_ndp_addresses++; | |
82 | ||
83 | *ret = ipv6_proxy_ndp_address; | |
84 | ipv6_proxy_ndp_address = NULL; | |
85 | ||
86 | return 0; | |
87 | } | |
88 | ||
89 | void ipv6_proxy_ndp_address_free(IPv6ProxyNDPAddress *ipv6_proxy_ndp_address) { | |
90 | if (!ipv6_proxy_ndp_address) | |
91 | return; | |
92 | ||
93 | if (ipv6_proxy_ndp_address->network) { | |
94 | LIST_REMOVE(ipv6_proxy_ndp_addresses, ipv6_proxy_ndp_address->network->ipv6_proxy_ndp_addresses, | |
95 | ipv6_proxy_ndp_address); | |
96 | ||
97 | assert(ipv6_proxy_ndp_address->network->n_ipv6_proxy_ndp_addresses > 0); | |
98 | ipv6_proxy_ndp_address->network->n_ipv6_proxy_ndp_addresses--; | |
99 | } | |
100 | ||
101 | free(ipv6_proxy_ndp_address); | |
102 | } | |
103 | ||
104 | int config_parse_ipv6_proxy_ndp_address( | |
105 | const char *unit, | |
106 | const char *filename, | |
107 | unsigned line, | |
108 | const char *section, | |
109 | unsigned section_line, | |
110 | const char *lvalue, | |
111 | int ltype, | |
112 | const char *rvalue, | |
113 | void *data, | |
114 | void *userdata) { | |
115 | ||
116 | Network *network = userdata; | |
117 | _cleanup_(ipv6_proxy_ndp_address_freep) IPv6ProxyNDPAddress *ipv6_proxy_ndp_address = NULL; | |
118 | int r; | |
119 | union in_addr_union buffer; | |
120 | ||
121 | assert(filename); | |
122 | assert(section); | |
123 | assert(lvalue); | |
124 | assert(rvalue); | |
125 | assert(data); | |
126 | ||
127 | r = ipv6_proxy_ndp_address_new_static(network, &ipv6_proxy_ndp_address); | |
128 | if (r < 0) | |
129 | return r; | |
130 | ||
131 | r = in_addr_from_string(AF_INET6, rvalue, &buffer); | |
132 | if (r < 0) { | |
133 | log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse IPv6 proxy NDP address, ignoring: %s", | |
134 | rvalue); | |
135 | return 0; | |
136 | } | |
137 | ||
138 | r = in_addr_is_null(AF_INET6, &buffer); | |
139 | if (r != 0) { | |
140 | log_syntax(unit, LOG_ERR, filename, line, r, | |
141 | "IPv6 proxy NDP address can not be the ANY address, ignoring: %s", rvalue); | |
142 | return 0; | |
143 | } | |
144 | ||
145 | ipv6_proxy_ndp_address->in_addr = buffer.in6; | |
146 | ipv6_proxy_ndp_address = NULL; | |
147 | ||
148 | return 0; | |
149 | } | |
150 | ||
151 | static int set_ipv6_proxy_ndp_address_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) { | |
152 | Link *link = userdata; | |
153 | int r; | |
154 | ||
155 | assert(link); | |
156 | ||
157 | r = sd_netlink_message_get_errno(m); | |
158 | if (r < 0 && r != -EEXIST) | |
159 | log_link_error_errno(link, r, "Could not add IPv6 proxy ndp address entry: %m"); | |
160 | ||
161 | return 1; | |
162 | } | |
163 | ||
164 | /* send a request to the kernel to add a IPv6 Proxy entry to the neighbour table */ | |
165 | int ipv6_proxy_ndp_address_configure(Link *link, IPv6ProxyNDPAddress *ipv6_proxy_ndp_address) { | |
166 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL; | |
167 | sd_netlink *rtnl; | |
168 | int r; | |
169 | ||
170 | assert(link); | |
171 | assert(link->network); | |
172 | assert(link->manager); | |
173 | assert(ipv6_proxy_ndp_address); | |
174 | ||
175 | rtnl = link->manager->rtnl; | |
176 | ||
177 | /* create new netlink message */ | |
178 | r = sd_rtnl_message_new_neigh(rtnl, &req, RTM_NEWNEIGH, link->ifindex, AF_INET6); | |
179 | if (r < 0) | |
180 | return rtnl_log_create_error(r); | |
181 | ||
182 | r = sd_rtnl_message_neigh_set_flags(req, NLM_F_REQUEST | NTF_PROXY); | |
183 | if (r < 0) | |
184 | return rtnl_log_create_error(r); | |
185 | ||
186 | r = sd_netlink_message_append_in6_addr(req, NDA_DST, &ipv6_proxy_ndp_address->in_addr); | |
187 | if (r < 0) | |
188 | return rtnl_log_create_error(r); | |
189 | ||
190 | r = sd_netlink_call_async(rtnl, req, set_ipv6_proxy_ndp_address_handler, link, 0, NULL); | |
191 | if (r < 0) | |
192 | return log_link_error_errno(link, r, "Could not send rtnetlink message: %m"); | |
193 | ||
194 | return 0; | |
195 | } | |
196 | ||
197 | /* configure all ipv6 proxy ndp addresses */ | |
198 | int ipv6_proxy_ndp_addresses_configure(Link *link) { | |
199 | IPv6ProxyNDPAddress *ipv6_proxy_ndp_address; | |
200 | int r; | |
201 | ||
202 | /* enable or disable proxy_ndp itself depending on whether ipv6_proxy_ndp_addresses are set or not */ | |
203 | r = ipv6_proxy_ndp_set(link); | |
204 | if (r != 0) | |
205 | return r; | |
206 | ||
207 | LIST_FOREACH(ipv6_proxy_ndp_addresses, ipv6_proxy_ndp_address, link->network->ipv6_proxy_ndp_addresses) { | |
208 | r = ipv6_proxy_ndp_address_configure(link, ipv6_proxy_ndp_address); | |
209 | if (r != 0) | |
210 | return r; | |
211 | } | |
212 | return 0; | |
213 | } |