From c24c83dc67a63c88b0a537f4fa7f605b1fcbac39 Mon Sep 17 00:00:00 2001 From: "Kevin P. Fleming" Date: Sun, 9 Feb 2020 07:25:59 -0500 Subject: [PATCH] network: Allow multiple IPv6Token 'static' items to generate addresses This patch allows multiple addresses using 'static' IPv6Tokens to be generated for a single network interface. --- man/systemd.network.xml | 3 - src/network/networkd-ndisc.c | 143 ++++++++++++------ ...-prefix-veth-token-static-multiple.network | 7 + test/test-network/systemd-networkd-tests.py | 11 ++ 4 files changed, 112 insertions(+), 52 deletions(-) create mode 100644 test/test-network/conf/ipv6-prefix-veth-token-static-multiple.network diff --git a/man/systemd.network.xml b/man/systemd.network.xml index a88b6a447d3..3f4c18f9cd9 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -322,9 +322,6 @@ using the EUI-64 algorithm. Because the interface identifier is static, if Duplicate Address Detection detects that the computed address is a duplicate (in use by another node on the link), then this mode will fail to provide an address for that prefix. - - Note that if multiple static IPv6Token variables are supplied, only the first - one will be used to generate addresses. When the mode is set to prefixstable the RFC 7217 algorithm for generating interface identifiers will be used, but only when a prefix received in an RA message matches the supplied address. diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c index f97cd1c771b..c45fec54305 100644 --- a/src/network/networkd-ndisc.c +++ b/src/network/networkd-ndisc.c @@ -254,18 +254,32 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { return 0; } -static int ndisc_router_generate_address(Link *link, unsigned prefixlen, uint32_t lifetime_preferred, Address *address) { - bool have_address = false; +static int ndisc_router_generate_addresses(Link *link, unsigned prefixlen, uint32_t lifetime_preferred, Address *address, Set **ret) { + _cleanup_set_free_free_ Set *addresses = NULL; struct in6_addr addr; IPv6Token *j; Iterator i; int r; - assert(address); assert(link); + assert(address); + assert(ret); + + addresses = set_new(&address_hash_ops); + if (!addresses) + return log_oom(); addr = address->in_addr.in6; - ORDERED_HASHMAP_FOREACH(j, link->network->ipv6_tokens, i) + ORDERED_HASHMAP_FOREACH(j, link->network->ipv6_tokens, i) { + bool have_address = false; + _cleanup_(address_freep) Address *new_address = NULL; + + r = address_new(&new_address); + if (r < 0) + return log_oom(); + + *new_address = *address; + if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE && memcmp(&j->prefix, &addr, FAMILY_ADDRESS_SIZE(address->family)) == 0) { /* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop @@ -274,47 +288,75 @@ static int ndisc_router_generate_address(Link *link, unsigned prefixlen, uint32_ may exit with an address which ends up being unusable due to duplication on the link. */ for (; j->dad_counter < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; j->dad_counter++) { - r = make_stableprivate_address(link, &j->prefix, prefixlen, j->dad_counter, &address->in_addr.in6); + r = make_stableprivate_address(link, &j->prefix, prefixlen, j->dad_counter, &new_address->in_addr.in6); if (r < 0) - return r; + break; - if (stableprivate_address_is_valid(&address->in_addr.in6)) { + if (stableprivate_address_is_valid(&new_address->in_addr.in6)) { have_address = true; break; } } } else if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC) { - memcpy(((uint8_t *)&address->in_addr.in6) + 8, ((uint8_t *) &j->prefix) + 8, 8); + memcpy(((uint8_t *)&new_address->in_addr.in6) + 8, ((uint8_t *) &j->prefix) + 8, 8); have_address = true; - break; } - /* fall back to EUI-64 if neither prefixstable nor static provide an address */ - if (!have_address) { + if (have_address) { + new_address->prefixlen = prefixlen; + new_address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR; + new_address->cinfo.ifa_prefered = lifetime_preferred; + + r = set_put(addresses, new_address); + if (r < 0) + return log_link_warning_errno(link, r, "Failed to store address: %m"); + TAKE_PTR(new_address); + } + } + + /* fall back to EUI-64 if no tokens provided addresses */ + if (set_isempty(addresses)) { + _cleanup_(address_freep) Address *new_address = NULL; + + r = address_new(&new_address); + if (r < 0) + return log_oom(); + + *new_address = *address; + /* see RFC4291 section 2.5.1 */ - address->in_addr.in6.s6_addr[8] = link->mac.ether_addr_octet[0]; - address->in_addr.in6.s6_addr[8] ^= 1 << 1; - address->in_addr.in6.s6_addr[9] = link->mac.ether_addr_octet[1]; - address->in_addr.in6.s6_addr[10] = link->mac.ether_addr_octet[2]; - address->in_addr.in6.s6_addr[11] = 0xff; - address->in_addr.in6.s6_addr[12] = 0xfe; - address->in_addr.in6.s6_addr[13] = link->mac.ether_addr_octet[3]; - address->in_addr.in6.s6_addr[14] = link->mac.ether_addr_octet[4]; - address->in_addr.in6.s6_addr[15] = link->mac.ether_addr_octet[5]; + new_address->in_addr.in6.s6_addr[8] = link->mac.ether_addr_octet[0]; + new_address->in_addr.in6.s6_addr[8] ^= 1 << 1; + new_address->in_addr.in6.s6_addr[9] = link->mac.ether_addr_octet[1]; + new_address->in_addr.in6.s6_addr[10] = link->mac.ether_addr_octet[2]; + new_address->in_addr.in6.s6_addr[11] = 0xff; + new_address->in_addr.in6.s6_addr[12] = 0xfe; + new_address->in_addr.in6.s6_addr[13] = link->mac.ether_addr_octet[3]; + new_address->in_addr.in6.s6_addr[14] = link->mac.ether_addr_octet[4]; + new_address->in_addr.in6.s6_addr[15] = link->mac.ether_addr_octet[5]; + new_address->prefixlen = prefixlen; + new_address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR; + new_address->cinfo.ifa_prefered = lifetime_preferred; + + r = set_put(addresses, new_address); + if (r < 0) + return log_link_warning_errno(link, r, "Failed to store address: %m"); + TAKE_PTR(new_address); } - address->prefixlen = prefixlen; - address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR; - address->cinfo.ifa_prefered = lifetime_preferred; + *ret = TAKE_PTR(addresses); return 0; } + static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) { uint32_t lifetime_valid, lifetime_preferred, lifetime_remaining; + _cleanup_set_free_free_ Set *addresses = NULL; _cleanup_(address_freep) Address *address = NULL; - Address *existing_address; unsigned prefixlen; usec_t time_now; + Address *existing_address, *a; + Iterator i; int r; assert(link); @@ -349,36 +391,39 @@ static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *r if (r < 0) return log_link_error_errno(link, r, "Failed to get prefix address: %m"); - r = ndisc_router_generate_address(link, prefixlen, lifetime_preferred, address); + r = ndisc_router_generate_addresses(link, prefixlen, lifetime_preferred, address, &addresses); if (r < 0) - return log_link_error_errno(link, r, "Failed to generate SLAAC address: %m"); - - /* see RFC4862 section 5.5.3.e */ - r = address_get(link, address->family, &address->in_addr, address->prefixlen, &existing_address); - if (r > 0) { - lifetime_remaining = existing_address->cinfo.tstamp / 100 + existing_address->cinfo.ifa_valid - time_now / USEC_PER_SEC; - if (lifetime_valid > NDISC_PREFIX_LFT_MIN || lifetime_valid > lifetime_remaining) - address->cinfo.ifa_valid = lifetime_valid; - else if (lifetime_remaining <= NDISC_PREFIX_LFT_MIN) - address->cinfo.ifa_valid = lifetime_remaining; + return log_link_error_errno(link, r, "Failed to generate SLAAC addresses: %m"); + + SET_FOREACH(a, addresses, i) { + /* see RFC4862 section 5.5.3.e */ + r = address_get(link, a->family, &a->in_addr, a->prefixlen, &existing_address); + if (r > 0) { + lifetime_remaining = existing_address->cinfo.tstamp / 100 + existing_address->cinfo.ifa_valid - time_now / USEC_PER_SEC; + if (lifetime_valid > NDISC_PREFIX_LFT_MIN || lifetime_valid > lifetime_remaining) + a->cinfo.ifa_valid = lifetime_valid; + else if (lifetime_remaining <= NDISC_PREFIX_LFT_MIN) + a->cinfo.ifa_valid = lifetime_remaining; + else + a->cinfo.ifa_valid = NDISC_PREFIX_LFT_MIN; + } else if (lifetime_valid > 0) + a->cinfo.ifa_valid = lifetime_valid; else - address->cinfo.ifa_valid = NDISC_PREFIX_LFT_MIN; - } else if (lifetime_valid > 0) - address->cinfo.ifa_valid = lifetime_valid; - else - return 0; /* see RFC4862 section 5.5.3.d */ + return 0; /* see RFC4862 section 5.5.3.d */ - if (address->cinfo.ifa_valid == 0) - return 0; + if (a->cinfo.ifa_valid == 0) + continue; - r = address_configure(address, link, ndisc_netlink_address_message_handler, true); - if (r < 0) { - log_link_warning_errno(link, r, "Could not set SLAAC address: %m"); - link_enter_failed(link); - return r; + r = address_configure(a, link, ndisc_netlink_address_message_handler, true); + if (r < 0) { + log_link_warning_errno(link, r, "Could not set SLAAC address: %m"); + link_enter_failed(link); + return r; + } + + if (r > 0) + link->ndisc_messages++; } - if (r > 0) - link->ndisc_messages++; return 0; } diff --git a/test/test-network/conf/ipv6-prefix-veth-token-static-multiple.network b/test/test-network/conf/ipv6-prefix-veth-token-static-multiple.network new file mode 100644 index 00000000000..49c6f31e77e --- /dev/null +++ b/test/test-network/conf/ipv6-prefix-veth-token-static-multiple.network @@ -0,0 +1,7 @@ +[Match] +Name=veth99 + +[Network] +IPv6AcceptRA=true +IPv6Token=::1a:2b:3c:4d +IPv6Token=::fa:de:ca:fe diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index c1a84ca9ec0..88f9b6b8278 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -2685,6 +2685,7 @@ class NetworkdRATests(unittest.TestCase, Utilities): 'ipv6-prefix-veth.network', 'ipv6-prefix-veth-token-static.network', 'ipv6-prefix-veth-token-static-explicit.network', + 'ipv6-prefix-veth-token-static-multiple.network', 'ipv6-prefix-veth-token-prefixstable.network'] def setUp(self): @@ -2728,6 +2729,16 @@ class NetworkdRATests(unittest.TestCase, Utilities): print(output) self.assertRegex(output, '2002:da8:1:0:1a:2b:3c:4d') + def test_ipv6_token_static_multiple(self): + copy_unit_to_networkd_unit_path('25-veth.netdev', 'ipv6-prefix.network', 'ipv6-prefix-veth-token-static-multiple.network') + start_networkd() + self.wait_online(['veth99:routable', 'veth-peer:degraded']) + + output = check_output(*networkctl_cmd, '-n', '0', 'status', 'veth99', env=env) + print(output) + self.assertRegex(output, '2002:da8:1:0:1a:2b:3c:4d') + self.assertRegex(output, '2002:da8:1:0:fa:de:ca:fe') + def test_ipv6_token_prefixstable(self): copy_unit_to_networkd_unit_path('25-veth.netdev', 'ipv6-prefix.network', 'ipv6-prefix-veth-token-prefixstable.network') start_networkd() -- 2.47.3