1 /* SPDX-License-Identifier: LGPL-2.1+ */
5 #include "alloc-util.h"
6 #include "conf-parser.h"
7 #include "firewall-util.h"
8 #include "missing_network.h"
9 #include "netlink-util.h"
10 #include "networkd-address.h"
11 #include "networkd-manager.h"
12 #include "parse-util.h"
14 #include "socket-util.h"
15 #include "string-util.h"
20 #define ADDRESSES_PER_LINK_MAX 2048U
21 #define STATIC_ADDRESSES_PER_NETWORK_MAX 1024U
23 int address_new(Address
**ret
) {
24 _cleanup_(address_freep
) Address
*address
= NULL
;
26 address
= new(Address
, 1);
30 *address
= (Address
) {
32 .scope
= RT_SCOPE_UNIVERSE
,
33 .cinfo
.ifa_prefered
= CACHE_INFO_INFINITY_LIFE_TIME
,
34 .cinfo
.ifa_valid
= CACHE_INFO_INFINITY_LIFE_TIME
,
37 *ret
= TAKE_PTR(address
);
42 int address_new_static(Network
*network
, const char *filename
, unsigned section_line
, Address
**ret
) {
43 _cleanup_(network_config_section_freep
) NetworkConfigSection
*n
= NULL
;
44 _cleanup_(address_freep
) Address
*address
= NULL
;
49 assert(!!filename
== (section_line
> 0));
52 r
= network_config_section_new(filename
, section_line
, &n
);
56 address
= hashmap_get(network
->addresses_by_section
, n
);
58 *ret
= TAKE_PTR(address
);
64 if (network
->n_static_addresses
>= STATIC_ADDRESSES_PER_NETWORK_MAX
)
67 r
= address_new(&address
);
71 address
->network
= network
;
72 LIST_APPEND(addresses
, network
->static_addresses
, address
);
73 network
->n_static_addresses
++;
76 address
->section
= TAKE_PTR(n
);
78 r
= hashmap_ensure_allocated(&network
->addresses_by_section
, &network_config_hash_ops
);
82 r
= hashmap_put(network
->addresses_by_section
, address
->section
, address
);
87 *ret
= TAKE_PTR(address
);
92 void address_free(Address
*address
) {
96 if (address
->network
) {
97 LIST_REMOVE(addresses
, address
->network
->static_addresses
, address
);
98 assert(address
->network
->n_static_addresses
> 0);
99 address
->network
->n_static_addresses
--;
101 if (address
->section
)
102 hashmap_remove(address
->network
->addresses_by_section
, address
->section
);
106 set_remove(address
->link
->addresses
, address
);
107 set_remove(address
->link
->addresses_foreign
, address
);
109 if (in_addr_equal(AF_INET6
, &address
->in_addr
, (const union in_addr_union
*) &address
->link
->ipv6ll_address
))
110 memzero(&address
->link
->ipv6ll_address
, sizeof(struct in6_addr
));
113 network_config_section_free(address
->section
);
114 free(address
->label
);
118 static void address_hash_func(const Address
*a
, struct siphash
*state
) {
121 siphash24_compress(&a
->family
, sizeof(a
->family
), state
);
125 siphash24_compress(&a
->prefixlen
, sizeof(a
->prefixlen
), state
);
128 if (a
->prefixlen
!= 0) {
131 if (a
->in_addr_peer
.in
.s_addr
!= 0)
132 prefix
= be32toh(a
->in_addr_peer
.in
.s_addr
) >> (32 - a
->prefixlen
);
134 prefix
= be32toh(a
->in_addr
.in
.s_addr
) >> (32 - a
->prefixlen
);
136 siphash24_compress(&prefix
, sizeof(prefix
), state
);
142 siphash24_compress(&a
->in_addr
, FAMILY_ADDRESS_SIZE(a
->family
), state
);
146 /* treat any other address family as AF_UNSPEC */
151 static int address_compare_func(const Address
*a1
, const Address
*a2
) {
154 r
= CMP(a1
->family
, a2
->family
);
158 switch (a1
->family
) {
159 /* use the same notion of equality as the kernel does */
161 r
= CMP(a1
->prefixlen
, a2
->prefixlen
);
165 /* compare the peer prefixes */
166 if (a1
->prefixlen
!= 0) {
167 /* make sure we don't try to shift by 32.
168 * See ISO/IEC 9899:TC3 ยง 6.5.7.3. */
171 if (a1
->in_addr_peer
.in
.s_addr
!= 0)
172 b1
= be32toh(a1
->in_addr_peer
.in
.s_addr
) >> (32 - a1
->prefixlen
);
174 b1
= be32toh(a1
->in_addr
.in
.s_addr
) >> (32 - a1
->prefixlen
);
176 if (a2
->in_addr_peer
.in
.s_addr
!= 0)
177 b2
= be32toh(a2
->in_addr_peer
.in
.s_addr
) >> (32 - a1
->prefixlen
);
179 b2
= be32toh(a2
->in_addr
.in
.s_addr
) >> (32 - a1
->prefixlen
);
188 return memcmp(&a1
->in_addr
, &a2
->in_addr
, FAMILY_ADDRESS_SIZE(a1
->family
));
190 /* treat any other address family as AF_UNSPEC */
195 DEFINE_PRIVATE_HASH_OPS(address_hash_ops
, Address
, address_hash_func
, address_compare_func
);
197 bool address_equal(Address
*a1
, Address
*a2
) {
204 return address_compare_func(a1
, a2
) == 0;
207 static int address_establish(Address
*address
, Link
*link
) {
214 masq
= link
->network
&&
215 link
->network
->ip_masquerade
&&
216 address
->family
== AF_INET
&&
217 address
->scope
< RT_SCOPE_LINK
;
219 /* Add firewall entry if this is requested */
220 if (address
->ip_masquerade_done
!= masq
) {
221 union in_addr_union masked
= address
->in_addr
;
222 in_addr_mask(address
->family
, &masked
, address
->prefixlen
);
224 r
= fw_add_masquerade(masq
, AF_INET
, 0, &masked
, address
->prefixlen
, NULL
, NULL
, 0);
226 log_link_warning_errno(link
, r
, "Could not enable IP masquerading: %m");
228 address
->ip_masquerade_done
= masq
;
234 static int address_add_internal(Link
*link
, Set
**addresses
,
236 const union in_addr_union
*in_addr
,
237 unsigned char prefixlen
,
239 _cleanup_(address_freep
) Address
*address
= NULL
;
246 r
= address_new(&address
);
250 address
->family
= family
;
251 address
->in_addr
= *in_addr
;
252 address
->prefixlen
= prefixlen
;
253 /* Consider address tentative until we get the real flags from the kernel */
254 address
->flags
= IFA_F_TENTATIVE
;
256 r
= set_ensure_allocated(addresses
, &address_hash_ops
);
260 r
= set_put(*addresses
, address
);
264 address
->link
= link
;
274 int address_add_foreign(Link
*link
, int family
, const union in_addr_union
*in_addr
, unsigned char prefixlen
, Address
**ret
) {
275 return address_add_internal(link
, &link
->addresses_foreign
, family
, in_addr
, prefixlen
, ret
);
278 int address_add(Link
*link
, int family
, const union in_addr_union
*in_addr
, unsigned char prefixlen
, Address
**ret
) {
282 r
= address_get(link
, family
, in_addr
, prefixlen
, &address
);
284 /* Address does not exist, create a new one */
285 r
= address_add_internal(link
, &link
->addresses
, family
, in_addr
, prefixlen
, &address
);
289 /* Take over a foreign address */
290 r
= set_ensure_allocated(&link
->addresses
, &address_hash_ops
);
294 r
= set_put(link
->addresses
, address
);
298 set_remove(link
->addresses_foreign
, address
);
300 /* Already exists, do nothing */
311 static int address_release(Address
*address
) {
315 assert(address
->link
);
317 /* Remove masquerading firewall entry if it was added */
318 if (address
->ip_masquerade_done
) {
319 union in_addr_union masked
= address
->in_addr
;
320 in_addr_mask(address
->family
, &masked
, address
->prefixlen
);
322 r
= fw_add_masquerade(false, AF_INET
, 0, &masked
, address
->prefixlen
, NULL
, NULL
, 0);
324 log_link_warning_errno(address
->link
, r
, "Failed to disable IP masquerading: %m");
326 address
->ip_masquerade_done
= false;
336 const struct ifa_cacheinfo
*cinfo
) {
343 assert_return(address
->link
, 1);
345 if (IN_SET(address
->link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
348 ready
= address_is_ready(address
);
350 address
->flags
= flags
;
351 address
->scope
= scope
;
352 address
->cinfo
= *cinfo
;
354 link_update_operstate(address
->link
);
355 link_check_ready(address
->link
);
358 address_is_ready(address
) &&
359 address
->family
== AF_INET6
&&
360 in_addr_is_link_local(AF_INET6
, &address
->in_addr
) > 0 &&
361 in_addr_is_null(AF_INET6
, (const union in_addr_union
*) &address
->link
->ipv6ll_address
) > 0) {
363 r
= link_ipv6ll_gained(address
->link
, &address
->in_addr
.in6
);
371 int address_drop(Address
*address
) {
377 ready
= address_is_ready(address
);
378 link
= address
->link
;
380 address_release(address
);
381 address_free(address
);
383 link_update_operstate(link
);
386 link_check_ready(link
);
391 int address_get(Link
*link
,
393 const union in_addr_union
*in_addr
,
394 unsigned char prefixlen
,
397 Address address
, *existing
;
402 address
= (Address
) {
405 .prefixlen
= prefixlen
,
408 existing
= set_get(link
->addresses
, &address
);
415 existing
= set_get(link
->addresses_foreign
, &address
);
425 static int address_remove_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
) {
430 assert(link
->ifname
);
432 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
435 r
= sd_netlink_message_get_errno(m
);
436 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
437 log_link_warning_errno(link
, r
, "Could not drop address: %m");
445 link_netlink_message_handler_t callback
) {
447 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*req
= NULL
;
448 _cleanup_free_
char *b
= NULL
;
452 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
454 assert(link
->ifindex
> 0);
455 assert(link
->manager
);
456 assert(link
->manager
->rtnl
);
459 if (in_addr_to_string(address
->family
, &address
->in_addr
, &b
) >= 0)
460 log_link_debug(link
, "Removing address %s", b
);
463 r
= sd_rtnl_message_new_addr(link
->manager
->rtnl
, &req
, RTM_DELADDR
,
464 link
->ifindex
, address
->family
);
466 return log_error_errno(r
, "Could not allocate RTM_DELADDR message: %m");
468 r
= sd_rtnl_message_addr_set_prefixlen(req
, address
->prefixlen
);
470 return log_error_errno(r
, "Could not set prefixlen: %m");
472 if (address
->family
== AF_INET
)
473 r
= sd_netlink_message_append_in_addr(req
, IFA_LOCAL
, &address
->in_addr
.in
);
474 else if (address
->family
== AF_INET6
)
475 r
= sd_netlink_message_append_in6_addr(req
, IFA_LOCAL
, &address
->in_addr
.in6
);
477 return log_error_errno(r
, "Could not append IFA_LOCAL attribute: %m");
479 r
= netlink_call_async(link
->manager
->rtnl
, NULL
, req
,
480 callback
?: address_remove_handler
,
481 link_netlink_destroy_callback
, link
);
483 return log_error_errno(r
, "Could not send rtnetlink message: %m");
490 static int address_acquire(Link
*link
, Address
*original
, Address
**ret
) {
491 union in_addr_union in_addr
= {};
492 struct in_addr broadcast
= {};
493 _cleanup_(address_freep
) Address
*na
= NULL
;
500 /* Something useful was configured? just use it */
501 if (in_addr_is_null(original
->family
, &original
->in_addr
) <= 0)
504 /* The address is configured to be 0.0.0.0 or [::] by the user?
505 * Then let's acquire something more useful from the pool. */
506 r
= manager_address_pool_acquire(link
->manager
, original
->family
, original
->prefixlen
, &in_addr
);
508 return log_link_error_errno(link
, r
, "Failed to acquire address from pool: %m");
510 log_link_error(link
, "Couldn't find free address for interface, all taken.");
514 if (original
->family
== AF_INET
) {
515 /* Pick first address in range for ourselves ... */
516 in_addr
.in
.s_addr
= in_addr
.in
.s_addr
| htobe32(1);
518 /* .. and use last as broadcast address */
519 if (original
->prefixlen
> 30)
520 broadcast
.s_addr
= 0;
522 broadcast
.s_addr
= in_addr
.in
.s_addr
| htobe32(0xFFFFFFFFUL
>> original
->prefixlen
);
523 } else if (original
->family
== AF_INET6
)
524 in_addr
.in6
.s6_addr
[15] |= 1;
526 r
= address_new(&na
);
530 na
->family
= original
->family
;
531 na
->prefixlen
= original
->prefixlen
;
532 na
->scope
= original
->scope
;
533 na
->cinfo
= original
->cinfo
;
535 if (original
->label
) {
536 na
->label
= strdup(original
->label
);
541 na
->broadcast
= broadcast
;
542 na
->in_addr
= in_addr
;
544 LIST_PREPEND(addresses
, link
->pool_addresses
, na
);
551 int address_configure(
554 link_netlink_message_handler_t callback
,
557 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*req
= NULL
;
561 assert(IN_SET(address
->family
, AF_INET
, AF_INET6
));
563 assert(link
->ifindex
> 0);
564 assert(link
->manager
);
565 assert(link
->manager
->rtnl
);
568 /* If this is a new address, then refuse adding more than the limit */
569 if (address_get(link
, address
->family
, &address
->in_addr
, address
->prefixlen
, NULL
) <= 0 &&
570 set_size(link
->addresses
) >= ADDRESSES_PER_LINK_MAX
)
573 r
= address_acquire(link
, address
, &address
);
578 r
= sd_rtnl_message_new_addr_update(link
->manager
->rtnl
, &req
,
579 link
->ifindex
, address
->family
);
581 r
= sd_rtnl_message_new_addr(link
->manager
->rtnl
, &req
, RTM_NEWADDR
,
582 link
->ifindex
, address
->family
);
584 return log_error_errno(r
, "Could not allocate RTM_NEWADDR message: %m");
586 r
= sd_rtnl_message_addr_set_prefixlen(req
, address
->prefixlen
);
588 return log_error_errno(r
, "Could not set prefixlen: %m");
590 address
->flags
|= IFA_F_PERMANENT
;
592 if (address
->home_address
)
593 address
->flags
|= IFA_F_HOMEADDRESS
;
595 if (address
->duplicate_address_detection
)
596 address
->flags
|= IFA_F_NODAD
;
598 if (address
->manage_temporary_address
)
599 address
->flags
|= IFA_F_MANAGETEMPADDR
;
601 if (address
->prefix_route
)
602 address
->flags
|= IFA_F_NOPREFIXROUTE
;
604 if (address
->autojoin
)
605 address
->flags
|= IFA_F_MCAUTOJOIN
;
607 r
= sd_rtnl_message_addr_set_flags(req
, (address
->flags
& 0xff));
609 return log_error_errno(r
, "Could not set flags: %m");
611 if (address
->flags
& ~0xff) {
612 r
= sd_netlink_message_append_u32(req
, IFA_FLAGS
, address
->flags
);
614 return log_error_errno(r
, "Could not set extended flags: %m");
617 r
= sd_rtnl_message_addr_set_scope(req
, address
->scope
);
619 return log_error_errno(r
, "Could not set scope: %m");
621 if (address
->family
== AF_INET
)
622 r
= sd_netlink_message_append_in_addr(req
, IFA_LOCAL
, &address
->in_addr
.in
);
623 else if (address
->family
== AF_INET6
)
624 r
= sd_netlink_message_append_in6_addr(req
, IFA_LOCAL
, &address
->in_addr
.in6
);
626 return log_error_errno(r
, "Could not append IFA_LOCAL attribute: %m");
628 if (!in_addr_is_null(address
->family
, &address
->in_addr_peer
)) {
629 if (address
->family
== AF_INET
)
630 r
= sd_netlink_message_append_in_addr(req
, IFA_ADDRESS
, &address
->in_addr_peer
.in
);
631 else if (address
->family
== AF_INET6
)
632 r
= sd_netlink_message_append_in6_addr(req
, IFA_ADDRESS
, &address
->in_addr_peer
.in6
);
634 return log_error_errno(r
, "Could not append IFA_ADDRESS attribute: %m");
635 } else if (address
->family
== AF_INET
&& address
->prefixlen
<= 30) {
636 r
= sd_netlink_message_append_in_addr(req
, IFA_BROADCAST
, &address
->broadcast
);
638 return log_error_errno(r
, "Could not append IFA_BROADCAST attribute: %m");
641 if (address
->label
) {
642 r
= sd_netlink_message_append_string(req
, IFA_LABEL
, address
->label
);
644 return log_error_errno(r
, "Could not append IFA_LABEL attribute: %m");
647 r
= sd_netlink_message_append_cache_info(req
, IFA_CACHEINFO
, &address
->cinfo
);
649 return log_error_errno(r
, "Could not append IFA_CACHEINFO attribute: %m");
651 r
= address_establish(address
, link
);
655 r
= netlink_call_async(link
->manager
->rtnl
, NULL
, req
, callback
, link_netlink_destroy_callback
, link
);
657 address_release(address
);
658 return log_error_errno(r
, "Could not send rtnetlink message: %m");
663 if (address
->family
== AF_INET6
&& !in_addr_is_null(address
->family
, &address
->in_addr_peer
))
664 r
= address_add(link
, address
->family
, &address
->in_addr_peer
, address
->prefixlen
, NULL
);
666 r
= address_add(link
, address
->family
, &address
->in_addr
, address
->prefixlen
, NULL
);
668 address_release(address
);
669 return log_error_errno(r
, "Could not add address: %m");
675 int config_parse_broadcast(
677 const char *filename
,
680 unsigned section_line
,
687 Network
*network
= userdata
;
688 _cleanup_(address_freep
) Address
*n
= NULL
;
697 r
= address_new_static(network
, filename
, section_line
, &n
);
701 if (n
->family
== AF_INET6
) {
702 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Broadcast is not valid for IPv6 addresses, ignoring assignment: %s", rvalue
);
706 r
= in_addr_from_string(AF_INET
, rvalue
, (union in_addr_union
*) &n
->broadcast
);
708 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Broadcast is invalid, ignoring assignment: %s", rvalue
);
718 int config_parse_address(const char *unit
,
719 const char *filename
,
722 unsigned section_line
,
729 Network
*network
= userdata
;
730 _cleanup_(address_freep
) Address
*n
= NULL
;
731 union in_addr_union buffer
;
732 unsigned char prefixlen
;
741 if (streq(section
, "Network")) {
742 /* we are not in an Address section, so treat
743 * this as the special '0' section */
744 r
= address_new_static(network
, NULL
, 0, &n
);
746 r
= address_new_static(network
, filename
, section_line
, &n
);
751 /* Address=address/prefixlen */
752 r
= in_addr_prefix_from_string_auto_internal(rvalue
, PREFIXLEN_REFUSE
, &f
, &buffer
, &prefixlen
);
754 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
755 "An address '%s' is specified without prefix length. "
756 "The behavior of parsing addresses without prefix length will be changed in the future release. "
757 "Please specify prefix length explicitly.", rvalue
);
759 r
= in_addr_prefix_from_string_auto_internal(rvalue
, PREFIXLEN_LEGACY
, &f
, &buffer
, &prefixlen
);
762 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid address '%s', ignoring assignment: %m", rvalue
);
766 if (n
->family
!= AF_UNSPEC
&& f
!= n
->family
) {
767 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Address is incompatible, ignoring assignment: %s", rvalue
);
772 n
->prefixlen
= prefixlen
;
774 if (streq(lvalue
, "Address"))
777 n
->in_addr_peer
= buffer
;
779 if (n
->family
== AF_INET
&& n
->broadcast
.s_addr
== 0)
780 n
->broadcast
.s_addr
= n
->in_addr
.in
.s_addr
| htonl(0xfffffffflu
>> n
->prefixlen
);
787 int config_parse_label(
789 const char *filename
,
792 unsigned section_line
,
799 _cleanup_(address_freep
) Address
*n
= NULL
;
800 Network
*network
= userdata
;
809 r
= address_new_static(network
, filename
, section_line
, &n
);
813 if (!address_label_valid(rvalue
)) {
814 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Interface label is too long or invalid, ignoring assignment: %s", rvalue
);
818 r
= free_and_strdup(&n
->label
, rvalue
);
827 int config_parse_lifetime(const char *unit
,
828 const char *filename
,
831 unsigned section_line
,
837 Network
*network
= userdata
;
838 _cleanup_(address_freep
) Address
*n
= NULL
;
848 r
= address_new_static(network
, filename
, section_line
, &n
);
852 if (STR_IN_SET(rvalue
, "forever", "infinity")) {
853 n
->cinfo
.ifa_prefered
= CACHE_INFO_INFINITY_LIFE_TIME
;
859 r
= safe_atou(rvalue
, &k
);
861 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse PreferredLifetime, ignoring: %s", rvalue
);
866 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid PreferredLifetime value, ignoring: %d", k
);
868 n
->cinfo
.ifa_prefered
= k
;
875 int config_parse_address_flags(const char *unit
,
876 const char *filename
,
879 unsigned section_line
,
885 Network
*network
= userdata
;
886 _cleanup_(address_freep
) Address
*n
= NULL
;
895 r
= address_new_static(network
, filename
, section_line
, &n
);
899 r
= parse_boolean(rvalue
);
901 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse address flag, ignoring: %s", rvalue
);
905 if (streq(lvalue
, "HomeAddress"))
907 else if (streq(lvalue
, "DuplicateAddressDetection"))
908 n
->duplicate_address_detection
= r
;
909 else if (streq(lvalue
, "ManageTemporaryAddress"))
910 n
->manage_temporary_address
= r
;
911 else if (streq(lvalue
, "PrefixRoute"))
913 else if (streq(lvalue
, "AutoJoin"))
919 int config_parse_address_scope(const char *unit
,
920 const char *filename
,
923 unsigned section_line
,
929 Network
*network
= userdata
;
930 _cleanup_(address_freep
) Address
*n
= NULL
;
939 r
= address_new_static(network
, filename
, section_line
, &n
);
943 if (streq(rvalue
, "host"))
944 n
->scope
= RT_SCOPE_HOST
;
945 else if (streq(rvalue
, "link"))
946 n
->scope
= RT_SCOPE_LINK
;
947 else if (streq(rvalue
, "global"))
948 n
->scope
= RT_SCOPE_UNIVERSE
;
950 r
= safe_atou8(rvalue
, &n
->scope
);
952 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Could not parse address scope \"%s\", ignoring assignment: %m", rvalue
);
962 bool address_is_ready(const Address
*a
) {
965 if (a
->family
== AF_INET6
)
966 return !(a
->flags
& IFA_F_TENTATIVE
);
968 return !(a
->flags
& (IFA_F_TENTATIVE
| IFA_F_DEPRECATED
));