/src/systemd/src/network/networkd-address.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
2 | | |
3 | | #include <net/if.h> |
4 | | #include <stdio.h> |
5 | | |
6 | | #include "sd-event.h" |
7 | | #include "sd-netlink.h" |
8 | | |
9 | | #include "af-list.h" |
10 | | #include "alloc-util.h" |
11 | | #include "bitfield.h" |
12 | | #include "conf-parser.h" |
13 | | #include "errno-util.h" |
14 | | #include "firewall-util.h" |
15 | | #include "in-addr-prefix-util.h" |
16 | | #include "logarithm.h" |
17 | | #include "netlink-util.h" |
18 | | #include "networkd-address-generation.h" |
19 | | #include "networkd-address.h" |
20 | | #include "networkd-address-pool.h" |
21 | | #include "networkd-dhcp-prefix-delegation.h" |
22 | | #include "networkd-dhcp-server.h" |
23 | | #include "networkd-ipv4acd.h" |
24 | | #include "networkd-link.h" |
25 | | #include "networkd-manager.h" |
26 | | #include "networkd-ndisc.h" |
27 | | #include "networkd-netlabel.h" |
28 | | #include "networkd-network.h" |
29 | | #include "networkd-queue.h" |
30 | | #include "networkd-route.h" |
31 | | #include "networkd-route-util.h" |
32 | | #include "ordered-set.h" |
33 | | #include "parse-util.h" |
34 | | #include "set.h" |
35 | | #include "siphash24.h" |
36 | | #include "socket-util.h" |
37 | | #include "string-util.h" |
38 | | #include "strv.h" |
39 | | |
40 | 0 | #define ADDRESSES_PER_LINK_MAX 16384U |
41 | 0 | #define STATIC_ADDRESSES_PER_NETWORK_MAX 8192U |
42 | | |
43 | | #define KNOWN_FLAGS \ |
44 | 0 | (IFA_F_SECONDARY | \ |
45 | 0 | IFA_F_NODAD | \ |
46 | 0 | IFA_F_OPTIMISTIC | \ |
47 | 0 | IFA_F_DADFAILED | \ |
48 | 0 | IFA_F_HOMEADDRESS | \ |
49 | 0 | IFA_F_DEPRECATED | \ |
50 | 0 | IFA_F_TENTATIVE | \ |
51 | 0 | IFA_F_PERMANENT | \ |
52 | 0 | IFA_F_MANAGETEMPADDR | \ |
53 | 0 | IFA_F_NOPREFIXROUTE | \ |
54 | 0 | IFA_F_MCAUTOJOIN | \ |
55 | 0 | IFA_F_STABLE_PRIVACY) |
56 | | |
57 | | /* From net/ipv4/devinet.c */ |
58 | | #define IPV6ONLY_FLAGS \ |
59 | 0 | (IFA_F_NODAD | \ |
60 | 0 | IFA_F_OPTIMISTIC | \ |
61 | 0 | IFA_F_DADFAILED | \ |
62 | 0 | IFA_F_HOMEADDRESS | \ |
63 | 0 | IFA_F_TENTATIVE | \ |
64 | 0 | IFA_F_MANAGETEMPADDR | \ |
65 | 0 | IFA_F_STABLE_PRIVACY) |
66 | | |
67 | | /* We do not control the following flags. */ |
68 | | #define UNMANAGED_FLAGS \ |
69 | 0 | (IFA_F_SECONDARY | \ |
70 | 0 | IFA_F_DADFAILED | \ |
71 | 0 | IFA_F_DEPRECATED | \ |
72 | 0 | IFA_F_TENTATIVE | \ |
73 | 0 | IFA_F_PERMANENT | \ |
74 | 0 | IFA_F_STABLE_PRIVACY) |
75 | | |
76 | 0 | int address_flags_to_string_alloc(uint32_t flags, int family, char **ret) { |
77 | 0 | _cleanup_free_ char *str = NULL; |
78 | 0 | static const char* map[] = { |
79 | 0 | [LOG2U(IFA_F_SECONDARY)] = "secondary", /* This is also called "temporary" for ipv6. */ |
80 | 0 | [LOG2U(IFA_F_NODAD)] = "nodad", |
81 | 0 | [LOG2U(IFA_F_OPTIMISTIC)] = "optimistic", |
82 | 0 | [LOG2U(IFA_F_DADFAILED)] = "dadfailed", |
83 | 0 | [LOG2U(IFA_F_HOMEADDRESS)] = "home-address", |
84 | 0 | [LOG2U(IFA_F_DEPRECATED)] = "deprecated", |
85 | 0 | [LOG2U(IFA_F_TENTATIVE)] = "tentative", |
86 | 0 | [LOG2U(IFA_F_PERMANENT)] = "permanent", |
87 | 0 | [LOG2U(IFA_F_MANAGETEMPADDR)] = "manage-temporary-address", |
88 | 0 | [LOG2U(IFA_F_NOPREFIXROUTE)] = "no-prefixroute", |
89 | 0 | [LOG2U(IFA_F_MCAUTOJOIN)] = "auto-join", |
90 | 0 | [LOG2U(IFA_F_STABLE_PRIVACY)] = "stable-privacy", |
91 | 0 | }; |
92 | |
|
93 | 0 | assert(IN_SET(family, AF_INET, AF_INET6)); |
94 | 0 | assert(ret); |
95 | |
|
96 | 0 | for (size_t i = 0; i < ELEMENTSOF(map); i++) |
97 | 0 | if (BIT_SET(flags, i) && map[i]) |
98 | 0 | if (!strextend_with_separator( |
99 | 0 | &str, ",", |
100 | 0 | family == AF_INET6 && (1 << i) == IFA_F_SECONDARY ? "temporary" : map[i])) |
101 | 0 | return -ENOMEM; |
102 | | |
103 | 0 | *ret = TAKE_PTR(str); |
104 | 0 | return 0; |
105 | 0 | } |
106 | | |
107 | 0 | static LinkAddressState address_state_from_scope(uint8_t scope) { |
108 | 0 | if (scope < RT_SCOPE_SITE) |
109 | | /* universally accessible addresses found */ |
110 | 0 | return LINK_ADDRESS_STATE_ROUTABLE; |
111 | | |
112 | 0 | if (scope < RT_SCOPE_HOST) |
113 | | /* only link or site local addresses found */ |
114 | 0 | return LINK_ADDRESS_STATE_DEGRADED; |
115 | | |
116 | | /* no useful addresses found */ |
117 | 0 | return LINK_ADDRESS_STATE_OFF; |
118 | 0 | } |
119 | | |
120 | | void link_get_address_states( |
121 | | Link *link, |
122 | | LinkAddressState *ret_ipv4, |
123 | | LinkAddressState *ret_ipv6, |
124 | 0 | LinkAddressState *ret_all) { |
125 | |
|
126 | 0 | uint8_t ipv4_scope = RT_SCOPE_NOWHERE, ipv6_scope = RT_SCOPE_NOWHERE; |
127 | 0 | Address *address; |
128 | |
|
129 | 0 | assert(link); |
130 | |
|
131 | 0 | SET_FOREACH(address, link->addresses) { |
132 | 0 | if (!address_is_ready(address)) |
133 | 0 | continue; |
134 | | |
135 | 0 | if (address->family == AF_INET) |
136 | 0 | ipv4_scope = MIN(ipv4_scope, address->scope); |
137 | |
|
138 | 0 | if (address->family == AF_INET6) |
139 | 0 | ipv6_scope = MIN(ipv6_scope, address->scope); |
140 | 0 | } |
141 | |
|
142 | 0 | if (ret_ipv4) |
143 | 0 | *ret_ipv4 = address_state_from_scope(ipv4_scope); |
144 | 0 | if (ret_ipv6) |
145 | 0 | *ret_ipv6 = address_state_from_scope(ipv6_scope); |
146 | 0 | if (ret_all) |
147 | 0 | *ret_all = address_state_from_scope(MIN(ipv4_scope, ipv6_scope)); |
148 | 0 | } |
149 | | |
150 | | static void address_detach(Address *address); |
151 | | |
152 | | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( |
153 | | address_hash_ops_detach, |
154 | | Address, |
155 | | address_hash_func, |
156 | | address_compare_func, |
157 | | address_detach); |
158 | | |
159 | | DEFINE_HASH_OPS( |
160 | | address_hash_ops, |
161 | | Address, |
162 | | address_hash_func, |
163 | | address_compare_func); |
164 | | |
165 | | DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR( |
166 | | address_section_hash_ops, |
167 | | ConfigSection, |
168 | | config_section_hash_func, |
169 | | config_section_compare_func, |
170 | | Address, |
171 | | address_detach); |
172 | | |
173 | 0 | int address_new(Address **ret) { |
174 | 0 | _cleanup_(address_unrefp) Address *address = NULL; |
175 | |
|
176 | 0 | address = new(Address, 1); |
177 | 0 | if (!address) |
178 | 0 | return -ENOMEM; |
179 | | |
180 | 0 | *address = (Address) { |
181 | 0 | .n_ref = 1, |
182 | 0 | .family = AF_UNSPEC, |
183 | 0 | .scope = RT_SCOPE_UNIVERSE, |
184 | 0 | .lifetime_valid_usec = USEC_INFINITY, |
185 | 0 | .lifetime_preferred_usec = USEC_INFINITY, |
186 | 0 | .set_broadcast = -1, |
187 | 0 | }; |
188 | |
|
189 | 0 | *ret = TAKE_PTR(address); |
190 | |
|
191 | 0 | return 0; |
192 | 0 | } |
193 | | |
194 | 0 | int address_new_static(Network *network, const char *filename, unsigned section_line, Address **ret) { |
195 | 0 | _cleanup_(config_section_freep) ConfigSection *n = NULL; |
196 | 0 | _cleanup_(address_unrefp) Address *address = NULL; |
197 | 0 | int r; |
198 | |
|
199 | 0 | assert(network); |
200 | 0 | assert(ret); |
201 | 0 | assert(filename); |
202 | 0 | assert(section_line > 0); |
203 | |
|
204 | 0 | r = config_section_new(filename, section_line, &n); |
205 | 0 | if (r < 0) |
206 | 0 | return r; |
207 | | |
208 | 0 | address = ordered_hashmap_get(network->addresses_by_section, n); |
209 | 0 | if (address) { |
210 | 0 | *ret = TAKE_PTR(address); |
211 | 0 | return 0; |
212 | 0 | } |
213 | | |
214 | 0 | if (ordered_hashmap_size(network->addresses_by_section) >= STATIC_ADDRESSES_PER_NETWORK_MAX) |
215 | 0 | return -E2BIG; |
216 | | |
217 | 0 | r = address_new(&address); |
218 | 0 | if (r < 0) |
219 | 0 | return r; |
220 | | |
221 | 0 | address->network = network; |
222 | 0 | address->section = TAKE_PTR(n); |
223 | 0 | address->source = NETWORK_CONFIG_SOURCE_STATIC; |
224 | | /* This will be adjusted in address_section_verify(). */ |
225 | 0 | address->duplicate_address_detection = _ADDRESS_FAMILY_INVALID; |
226 | |
|
227 | 0 | r = ordered_hashmap_ensure_put(&network->addresses_by_section, &address_section_hash_ops, address->section, address); |
228 | 0 | if (r < 0) |
229 | 0 | return r; |
230 | | |
231 | 0 | *ret = TAKE_PTR(address); |
232 | 0 | return 0; |
233 | 0 | } |
234 | | |
235 | 0 | static Address* address_detach_impl(Address *address) { |
236 | 0 | assert(address); |
237 | 0 | assert(!address->link || !address->network); |
238 | |
|
239 | 0 | if (address->network) { |
240 | 0 | assert(address->section); |
241 | 0 | ordered_hashmap_remove(address->network->addresses_by_section, address->section); |
242 | |
|
243 | 0 | if (address->network->dhcp_server_address == address) |
244 | 0 | address->network->dhcp_server_address = NULL; |
245 | |
|
246 | 0 | address->network = NULL; |
247 | 0 | return address; |
248 | 0 | } |
249 | | |
250 | 0 | if (address->link) { |
251 | 0 | set_remove(address->link->addresses, address); |
252 | |
|
253 | 0 | address->link = NULL; |
254 | 0 | return address; |
255 | 0 | } |
256 | | |
257 | 0 | return NULL; |
258 | 0 | } |
259 | | |
260 | 0 | static void address_detach(Address *address) { |
261 | 0 | assert(address); |
262 | |
|
263 | 0 | address_unref(address_detach_impl(address)); |
264 | 0 | } |
265 | | |
266 | 0 | static Address* address_free(Address *address) { |
267 | 0 | if (!address) |
268 | 0 | return NULL; |
269 | | |
270 | 0 | address_detach_impl(address); |
271 | |
|
272 | 0 | config_section_free(address->section); |
273 | 0 | free(address->label); |
274 | 0 | free(address->netlabel); |
275 | 0 | ipv6_token_unref(address->token); |
276 | 0 | nft_set_context_clear(&address->nft_set_context); |
277 | 0 | return mfree(address); |
278 | 0 | } |
279 | | |
280 | | DEFINE_TRIVIAL_REF_UNREF_FUNC(Address, address, address_free); |
281 | | |
282 | 0 | static bool address_lifetime_is_valid(const Address *a) { |
283 | 0 | assert(a); |
284 | |
|
285 | 0 | return |
286 | 0 | a->lifetime_valid_usec == USEC_INFINITY || |
287 | 0 | a->lifetime_valid_usec > now(CLOCK_BOOTTIME); |
288 | 0 | } |
289 | | |
290 | 0 | bool address_is_ready(const Address *a) { |
291 | 0 | assert(a); |
292 | 0 | assert(a->link); |
293 | |
|
294 | 0 | if (!ipv4acd_bound(a->link, a)) |
295 | 0 | return false; |
296 | | |
297 | 0 | if (FLAGS_SET(a->flags, IFA_F_TENTATIVE)) |
298 | 0 | return false; |
299 | | |
300 | 0 | if (FLAGS_SET(a->state, NETWORK_CONFIG_STATE_REMOVING)) |
301 | 0 | return false; |
302 | | |
303 | 0 | if (!FLAGS_SET(a->state, NETWORK_CONFIG_STATE_CONFIGURED)) |
304 | 0 | return false; |
305 | | |
306 | 0 | return address_lifetime_is_valid(a); |
307 | 0 | } |
308 | | |
309 | 0 | bool link_check_addresses_ready(Link *link, NetworkConfigSource source) { |
310 | 0 | Address *a; |
311 | 0 | bool has = false; |
312 | |
|
313 | 0 | assert(link); |
314 | | |
315 | | /* Check if all addresses on the interface are ready. If there is no address, this will return false. */ |
316 | |
|
317 | 0 | SET_FOREACH(a, link->addresses) { |
318 | 0 | if (source >= 0 && a->source != source) |
319 | 0 | continue; |
320 | 0 | if (address_is_marked(a)) |
321 | 0 | continue; |
322 | 0 | if (!address_exists(a)) |
323 | 0 | continue; |
324 | 0 | if (!address_is_ready(a)) |
325 | 0 | return false; |
326 | 0 | has = true; |
327 | 0 | } |
328 | | |
329 | 0 | return has; |
330 | 0 | } |
331 | | |
332 | 0 | void link_mark_addresses(Link *link, NetworkConfigSource source) { |
333 | 0 | Address *a; |
334 | |
|
335 | 0 | assert(link); |
336 | |
|
337 | 0 | SET_FOREACH(a, link->addresses) { |
338 | 0 | if (a->source != source) |
339 | 0 | continue; |
340 | | |
341 | 0 | address_mark(a); |
342 | 0 | } |
343 | 0 | } |
344 | | |
345 | 0 | static int address_get_broadcast(const Address *a, Link *link, struct in_addr *ret) { |
346 | 0 | struct in_addr b_addr = {}; |
347 | |
|
348 | 0 | assert(a); |
349 | 0 | assert(link); |
350 | | |
351 | | /* Returns 0 when broadcast address is null, 1 when non-null broadcast address, -EAGAIN when the main |
352 | | * address is null. */ |
353 | | |
354 | | /* broadcast is only for IPv4. */ |
355 | 0 | if (a->family != AF_INET) |
356 | 0 | goto finalize; |
357 | | |
358 | | /* broadcast address cannot be used when peer address is specified. */ |
359 | 0 | if (in4_addr_is_set(&a->in_addr_peer.in)) |
360 | 0 | goto finalize; |
361 | | |
362 | | /* A /31 or /32 IPv4 address does not have a broadcast address. |
363 | | * See https://tools.ietf.org/html/rfc3021 */ |
364 | 0 | if (a->prefixlen > 30) |
365 | 0 | goto finalize; |
366 | | |
367 | | /* If explicitly configured, use the address as is. */ |
368 | 0 | if (in4_addr_is_set(&a->broadcast)) { |
369 | 0 | b_addr = a->broadcast; |
370 | 0 | goto finalize; |
371 | 0 | } |
372 | | |
373 | | /* If explicitly disabled, then return null address. */ |
374 | 0 | if (a->set_broadcast == 0) |
375 | 0 | goto finalize; |
376 | | |
377 | | /* For wireguard interfaces, broadcast is disabled by default. */ |
378 | 0 | if (a->set_broadcast < 0 && streq_ptr(link->kind, "wireguard")) |
379 | 0 | goto finalize; |
380 | | |
381 | | /* If the main address is null, e.g. Address=0.0.0.0/24, the broadcast address will be automatically |
382 | | * determined after an address is acquired. */ |
383 | 0 | if (!in4_addr_is_set(&a->in_addr.in)) |
384 | 0 | return -EAGAIN; |
385 | | |
386 | | /* Otherwise, generate a broadcast address from the main address and prefix length. */ |
387 | 0 | b_addr.s_addr = a->in_addr.in.s_addr | htobe32(UINT32_C(0xffffffff) >> a->prefixlen); |
388 | |
|
389 | 0 | finalize: |
390 | 0 | if (ret) |
391 | 0 | *ret = b_addr; |
392 | |
|
393 | 0 | return in4_addr_is_set(&b_addr); |
394 | 0 | } |
395 | | |
396 | 0 | static void address_set_broadcast(Address *a, Link *link) { |
397 | 0 | assert(a); |
398 | 0 | assert_se(address_get_broadcast(a, link, &a->broadcast) >= 0); |
399 | 0 | } |
400 | | |
401 | 0 | static void address_set_cinfo(Manager *m, const Address *a, struct ifa_cacheinfo *cinfo) { |
402 | 0 | usec_t now_usec; |
403 | |
|
404 | 0 | assert(m); |
405 | 0 | assert(a); |
406 | 0 | assert(cinfo); |
407 | |
|
408 | 0 | assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0); |
409 | |
|
410 | 0 | *cinfo = (struct ifa_cacheinfo) { |
411 | 0 | .ifa_valid = usec_to_sec(a->lifetime_valid_usec, now_usec), |
412 | 0 | .ifa_prefered = usec_to_sec(a->lifetime_preferred_usec, now_usec), |
413 | 0 | }; |
414 | 0 | } |
415 | | |
416 | 0 | static void address_set_lifetime(Manager *m, Address *a, const struct ifa_cacheinfo *cinfo) { |
417 | 0 | usec_t now_usec; |
418 | |
|
419 | 0 | assert(m); |
420 | 0 | assert(a); |
421 | 0 | assert(cinfo); |
422 | |
|
423 | 0 | assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0); |
424 | |
|
425 | 0 | a->lifetime_valid_usec = sec_to_usec(cinfo->ifa_valid, now_usec); |
426 | 0 | a->lifetime_preferred_usec = sec_to_usec(cinfo->ifa_prefered, now_usec); |
427 | 0 | } |
428 | | |
429 | 0 | static bool address_is_static_null(const Address *address) { |
430 | 0 | assert(address); |
431 | |
|
432 | 0 | if (!address->network) |
433 | 0 | return false; |
434 | | |
435 | 0 | if (!address->requested_as_null) |
436 | 0 | return false; |
437 | | |
438 | 0 | assert(!in_addr_is_set(address->family, &address->in_addr)); |
439 | 0 | return true; |
440 | 0 | } |
441 | | |
442 | 0 | static int address_ipv4_prefix(const Address *a, struct in_addr *ret) { |
443 | 0 | struct in_addr p; |
444 | 0 | int r; |
445 | |
|
446 | 0 | assert(a); |
447 | 0 | assert(a->family == AF_INET); |
448 | 0 | assert(ret); |
449 | |
|
450 | 0 | p = in4_addr_is_set(&a->in_addr_peer.in) ? a->in_addr_peer.in : a->in_addr.in; |
451 | 0 | r = in4_addr_mask(&p, a->prefixlen); |
452 | 0 | if (r < 0) |
453 | 0 | return r; |
454 | | |
455 | 0 | *ret = p; |
456 | 0 | return 0; |
457 | 0 | } |
458 | | |
459 | 0 | void address_hash_func(const Address *a, struct siphash *state) { |
460 | 0 | assert(a); |
461 | |
|
462 | 0 | siphash24_compress_typesafe(a->family, state); |
463 | |
|
464 | 0 | switch (a->family) { |
465 | 0 | case AF_INET: { |
466 | 0 | struct in_addr prefix; |
467 | |
|
468 | 0 | siphash24_compress_typesafe(a->prefixlen, state); |
469 | |
|
470 | 0 | assert_se(address_ipv4_prefix(a, &prefix) >= 0); |
471 | 0 | siphash24_compress_typesafe(prefix, state); |
472 | |
|
473 | 0 | siphash24_compress_typesafe(a->in_addr.in, state); |
474 | 0 | break; |
475 | 0 | } |
476 | 0 | case AF_INET6: |
477 | 0 | siphash24_compress_typesafe(a->in_addr.in6, state); |
478 | |
|
479 | 0 | if (in6_addr_is_null(&a->in_addr.in6)) |
480 | 0 | siphash24_compress_typesafe(a->prefixlen, state); |
481 | 0 | break; |
482 | | |
483 | 0 | default: |
484 | 0 | assert_not_reached(); |
485 | 0 | } |
486 | 0 | } |
487 | | |
488 | 0 | int address_compare_func(const Address *a1, const Address *a2) { |
489 | 0 | int r; |
490 | |
|
491 | 0 | r = CMP(a1->family, a2->family); |
492 | 0 | if (r != 0) |
493 | 0 | return r; |
494 | | |
495 | 0 | switch (a1->family) { |
496 | 0 | case AF_INET: { |
497 | 0 | struct in_addr p1, p2; |
498 | | |
499 | | /* See kernel's find_matching_ifa() in net/ipv4/devinet.c */ |
500 | 0 | r = CMP(a1->prefixlen, a2->prefixlen); |
501 | 0 | if (r != 0) |
502 | 0 | return r; |
503 | | |
504 | 0 | assert_se(address_ipv4_prefix(a1, &p1) >= 0); |
505 | 0 | assert_se(address_ipv4_prefix(a2, &p2) >= 0); |
506 | 0 | r = memcmp(&p1, &p2, sizeof(p1)); |
507 | 0 | if (r != 0) |
508 | 0 | return r; |
509 | | |
510 | 0 | return memcmp(&a1->in_addr.in, &a2->in_addr.in, sizeof(a1->in_addr.in)); |
511 | 0 | } |
512 | 0 | case AF_INET6: |
513 | | /* See kernel's ipv6_get_ifaddr() in net/ipv6/addrconf.c */ |
514 | 0 | r = memcmp(&a1->in_addr.in6, &a2->in_addr.in6, sizeof(a1->in_addr.in6)); |
515 | 0 | if (r != 0) |
516 | 0 | return r; |
517 | | |
518 | | /* To distinguish IPv6 null addresses with different prefixlen, e.g. ::48 vs ::64, let's |
519 | | * compare the prefix length. */ |
520 | 0 | if (in6_addr_is_null(&a1->in_addr.in6)) |
521 | 0 | r = CMP(a1->prefixlen, a2->prefixlen); |
522 | |
|
523 | 0 | return r; |
524 | | |
525 | 0 | default: |
526 | 0 | assert_not_reached(); |
527 | 0 | } |
528 | 0 | } |
529 | | |
530 | 0 | bool address_can_update(const Address *existing, const Address *requesting) { |
531 | 0 | assert(existing); |
532 | 0 | assert(requesting); |
533 | | |
534 | | /* |
535 | | * property | IPv4 | IPv6 |
536 | | * ----------------------------------------- |
537 | | * family | ✗ | ✗ |
538 | | * prefixlen | ✗ | ✗ |
539 | | * address | ✗ | ✗ |
540 | | * scope | ✗ | - |
541 | | * label | ✗ | - |
542 | | * broadcast | ✗ | - |
543 | | * peer | ✗ | ✓ |
544 | | * flags | ✗ | ✓ |
545 | | * lifetime | ✓ | ✓ |
546 | | * route metric | ✓ | ✓ |
547 | | * protocol | ✓ | ✓ |
548 | | * |
549 | | * ✗ : cannot be changed |
550 | | * ✓ : can be changed |
551 | | * - : unused |
552 | | * |
553 | | * IPv4 : See inet_rtm_newaddr() in net/ipv4/devinet.c. |
554 | | * IPv6 : See inet6_addr_modify() in net/ipv6/addrconf.c. |
555 | | */ |
556 | |
|
557 | 0 | if (existing->family != requesting->family) |
558 | 0 | return false; |
559 | | |
560 | 0 | if (existing->prefixlen != requesting->prefixlen) |
561 | 0 | return false; |
562 | | |
563 | | /* When a null address is requested, the address to be assigned/updated will be determined later. */ |
564 | 0 | if (!address_is_static_null(requesting) && |
565 | 0 | in_addr_equal(existing->family, &existing->in_addr, &requesting->in_addr) <= 0) |
566 | 0 | return false; |
567 | | |
568 | 0 | switch (existing->family) { |
569 | 0 | case AF_INET: { |
570 | 0 | struct in_addr bcast; |
571 | |
|
572 | 0 | if (existing->scope != requesting->scope) |
573 | 0 | return false; |
574 | 0 | if (((existing->flags ^ requesting->flags) & KNOWN_FLAGS & ~IPV6ONLY_FLAGS & ~UNMANAGED_FLAGS) != 0) |
575 | 0 | return false; |
576 | 0 | if (!streq_ptr(existing->label, requesting->label)) |
577 | 0 | return false; |
578 | 0 | if (!in4_addr_equal(&existing->in_addr_peer.in, &requesting->in_addr_peer.in)) |
579 | 0 | return false; |
580 | 0 | if (existing->link && address_get_broadcast(requesting, existing->link, &bcast) >= 0) { |
581 | | /* If the broadcast address can be determined now, check if they match. */ |
582 | 0 | if (!in4_addr_equal(&existing->broadcast, &bcast)) |
583 | 0 | return false; |
584 | 0 | } else { |
585 | | /* When a null address is requested, then the broadcast address will be |
586 | | * automatically calculated from the acquired address, e.g. |
587 | | * 192.168.0.10/24 -> 192.168.0.255 |
588 | | * So, here let's only check if the broadcast is the last address in the range, e.g. |
589 | | * 0.0.0.0/24 -> 0.0.0.255 */ |
590 | 0 | if (!FLAGS_SET(existing->broadcast.s_addr, htobe32(UINT32_C(0xffffffff) >> existing->prefixlen))) |
591 | 0 | return false; |
592 | 0 | } |
593 | 0 | break; |
594 | 0 | } |
595 | 0 | case AF_INET6: |
596 | 0 | break; |
597 | | |
598 | 0 | default: |
599 | 0 | assert_not_reached(); |
600 | 0 | } |
601 | | |
602 | 0 | return true; |
603 | 0 | } |
604 | | |
605 | 0 | int address_dup(const Address *src, Address **ret) { |
606 | 0 | _cleanup_(address_unrefp) Address *dest = NULL; |
607 | 0 | int r; |
608 | |
|
609 | 0 | assert(src); |
610 | 0 | assert(ret); |
611 | |
|
612 | 0 | dest = newdup(Address, src, 1); |
613 | 0 | if (!dest) |
614 | 0 | return -ENOMEM; |
615 | | |
616 | | /* clear the reference counter and all pointers */ |
617 | 0 | dest->n_ref = 1; |
618 | 0 | dest->network = NULL; |
619 | 0 | dest->section = NULL; |
620 | 0 | dest->link = NULL; |
621 | 0 | dest->label = NULL; |
622 | 0 | dest->token = ipv6_token_ref(src->token); |
623 | 0 | dest->netlabel = NULL; |
624 | 0 | dest->nft_set_context.sets = NULL; |
625 | 0 | dest->nft_set_context.n_sets = 0; |
626 | |
|
627 | 0 | if (src->family == AF_INET) { |
628 | 0 | r = strdup_to(&dest->label, src->label); |
629 | 0 | if (r < 0) |
630 | 0 | return r; |
631 | 0 | } |
632 | | |
633 | 0 | r = strdup_to(&dest->netlabel, src->netlabel); |
634 | 0 | if (r < 0) |
635 | 0 | return r; |
636 | | |
637 | 0 | r = nft_set_context_dup(&src->nft_set_context, &dest->nft_set_context); |
638 | 0 | if (r < 0) |
639 | 0 | return r; |
640 | | |
641 | 0 | *ret = TAKE_PTR(dest); |
642 | 0 | return 0; |
643 | 0 | } |
644 | | |
645 | 0 | static int address_set_masquerade(Address *address, bool add) { |
646 | 0 | union in_addr_union masked; |
647 | 0 | int r; |
648 | |
|
649 | 0 | assert(address); |
650 | 0 | assert(address->link); |
651 | |
|
652 | 0 | if (!address->link->network) |
653 | 0 | return 0; |
654 | | |
655 | 0 | if (!FLAGS_SET(address->link->network->ip_masquerade, AF_TO_ADDRESS_FAMILY(address->family))) |
656 | 0 | return 0; |
657 | | |
658 | 0 | if (address->scope >= RT_SCOPE_LINK) |
659 | 0 | return 0; |
660 | | |
661 | 0 | if (address->ip_masquerade_done == add) |
662 | 0 | return 0; |
663 | | |
664 | 0 | masked = address->in_addr; |
665 | 0 | r = in_addr_mask(address->family, &masked, address->prefixlen); |
666 | 0 | if (r < 0) |
667 | 0 | return r; |
668 | | |
669 | 0 | r = fw_add_masquerade(&address->link->manager->fw_ctx, add, address->family, &masked, address->prefixlen); |
670 | 0 | if (r < 0) |
671 | 0 | return r; |
672 | | |
673 | 0 | address->ip_masquerade_done = add; |
674 | |
|
675 | 0 | return 0; |
676 | 0 | } |
677 | | |
678 | 0 | static void address_modify_nft_set_context(Address *address, bool add, NFTSetContext *nft_set_context) { |
679 | 0 | int r; |
680 | |
|
681 | 0 | assert(address); |
682 | 0 | assert(address->link); |
683 | 0 | assert(address->link->manager); |
684 | 0 | assert(nft_set_context); |
685 | |
|
686 | 0 | if (!address->link->manager->fw_ctx) { |
687 | 0 | r = fw_ctx_new_full(&address->link->manager->fw_ctx, /* init_tables= */ false); |
688 | 0 | if (r < 0) |
689 | 0 | return; |
690 | 0 | } |
691 | | |
692 | 0 | FOREACH_ARRAY(nft_set, nft_set_context->sets, nft_set_context->n_sets) { |
693 | 0 | uint32_t ifindex; |
694 | |
|
695 | 0 | assert(nft_set); |
696 | |
|
697 | 0 | switch (nft_set->source) { |
698 | 0 | case NFT_SET_SOURCE_ADDRESS: |
699 | 0 | r = nft_set_element_modify_ip(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set, |
700 | 0 | &address->in_addr); |
701 | 0 | break; |
702 | 0 | case NFT_SET_SOURCE_PREFIX: |
703 | 0 | r = nft_set_element_modify_iprange(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set, |
704 | 0 | &address->in_addr, address->prefixlen); |
705 | 0 | break; |
706 | 0 | case NFT_SET_SOURCE_IFINDEX: |
707 | 0 | ifindex = address->link->ifindex; |
708 | 0 | r = nft_set_element_modify_any(address->link->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, |
709 | 0 | &ifindex, sizeof(ifindex)); |
710 | 0 | break; |
711 | 0 | default: |
712 | 0 | assert_not_reached(); |
713 | 0 | } |
714 | | |
715 | 0 | if (r < 0) |
716 | 0 | log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m", |
717 | 0 | add ? "add" : "delete", |
718 | 0 | nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, |
719 | 0 | IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); |
720 | 0 | else |
721 | 0 | log_debug("%s NFT set: family %s, table %s, set %s, IP address %s", |
722 | 0 | add ? "Added" : "Deleted", |
723 | 0 | nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, |
724 | 0 | IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); |
725 | 0 | } |
726 | 0 | } |
727 | | |
728 | 0 | static void address_modify_nft_set(Address *address, bool add) { |
729 | 0 | assert(address); |
730 | 0 | assert(address->link); |
731 | |
|
732 | 0 | if (!IN_SET(address->family, AF_INET, AF_INET6)) |
733 | 0 | return; |
734 | | |
735 | 0 | if (!address->link->network) |
736 | 0 | return; |
737 | | |
738 | 0 | switch (address->source) { |
739 | 0 | case NETWORK_CONFIG_SOURCE_DHCP4: |
740 | 0 | return address_modify_nft_set_context(address, add, &address->link->network->dhcp_nft_set_context); |
741 | 0 | case NETWORK_CONFIG_SOURCE_DHCP6: |
742 | 0 | return address_modify_nft_set_context(address, add, &address->link->network->dhcp6_nft_set_context); |
743 | 0 | case NETWORK_CONFIG_SOURCE_DHCP_PD: |
744 | 0 | return address_modify_nft_set_context(address, add, &address->link->network->dhcp_pd_nft_set_context); |
745 | 0 | case NETWORK_CONFIG_SOURCE_NDISC: |
746 | 0 | return address_modify_nft_set_context(address, add, &address->link->network->ndisc_nft_set_context); |
747 | 0 | case NETWORK_CONFIG_SOURCE_STATIC: |
748 | 0 | return address_modify_nft_set_context(address, add, &address->nft_set_context); |
749 | 0 | default: |
750 | 0 | return; |
751 | 0 | } |
752 | 0 | } |
753 | | |
754 | 0 | static int address_attach(Link *link, Address *address) { |
755 | 0 | int r; |
756 | |
|
757 | 0 | assert(link); |
758 | 0 | assert(address); |
759 | 0 | assert(!address->link); |
760 | |
|
761 | 0 | r = set_ensure_put(&link->addresses, &address_hash_ops_detach, address); |
762 | 0 | if (r < 0) |
763 | 0 | return r; |
764 | 0 | if (r == 0) |
765 | 0 | return -EEXIST; |
766 | | |
767 | 0 | address->link = link; |
768 | 0 | address_ref(address); |
769 | 0 | return 0; |
770 | 0 | } |
771 | | |
772 | 0 | static int address_update(Address *address) { |
773 | 0 | Link *link = ASSERT_PTR(ASSERT_PTR(address)->link); |
774 | 0 | int r; |
775 | |
|
776 | 0 | if (address_is_ready(address) && |
777 | 0 | address->family == AF_INET6 && |
778 | 0 | in6_addr_is_link_local(&address->in_addr.in6) && |
779 | 0 | in6_addr_is_null(&link->ipv6ll_address)) { |
780 | |
|
781 | 0 | link->ipv6ll_address = address->in_addr.in6; |
782 | |
|
783 | 0 | r = link_ipv6ll_gained(link); |
784 | 0 | if (r < 0) |
785 | 0 | return r; |
786 | 0 | } |
787 | | |
788 | 0 | if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) |
789 | 0 | return 0; |
790 | | |
791 | 0 | r = address_set_masquerade(address, /* add = */ true); |
792 | 0 | if (r < 0) |
793 | 0 | return log_link_warning_errno(link, r, "Could not enable IP masquerading: %m"); |
794 | | |
795 | 0 | address_add_netlabel(address); |
796 | |
|
797 | 0 | address_modify_nft_set(address, /* add = */ true); |
798 | |
|
799 | 0 | if (address_is_ready(address) && address->callback) { |
800 | 0 | r = address->callback(address); |
801 | 0 | if (r < 0) |
802 | 0 | return r; |
803 | 0 | } |
804 | | |
805 | 0 | link_update_operstate(link, /* also_update_bond_master = */ true); |
806 | 0 | link_check_ready(link); |
807 | 0 | return 0; |
808 | 0 | } |
809 | | |
810 | 0 | static int address_removed_maybe_kernel_dad(Link *link, Address *address) { |
811 | 0 | int r; |
812 | |
|
813 | 0 | assert(link); |
814 | 0 | assert(address); |
815 | |
|
816 | 0 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) |
817 | 0 | return 0; |
818 | | |
819 | 0 | if (address->family != AF_INET6) |
820 | 0 | return 0; |
821 | | |
822 | 0 | if (!FLAGS_SET(address->flags, IFA_F_TENTATIVE)) |
823 | 0 | return 0; |
824 | | |
825 | 0 | log_link_info(link, "Address %s with tentative flag is removed, maybe a duplicated address is assigned on another node or link?", |
826 | 0 | IN6_ADDR_TO_STRING(&address->in_addr.in6)); |
827 | | |
828 | | /* Reset the address state, as the object may be reused in the below. */ |
829 | 0 | address->state = 0; |
830 | |
|
831 | 0 | switch (address->source) { |
832 | 0 | case NETWORK_CONFIG_SOURCE_STATIC: |
833 | 0 | r = link_reconfigure_radv_address(address, link); |
834 | 0 | break; |
835 | 0 | case NETWORK_CONFIG_SOURCE_DHCP_PD: |
836 | 0 | r = dhcp_pd_reconfigure_address(address, link); |
837 | 0 | break; |
838 | 0 | case NETWORK_CONFIG_SOURCE_NDISC: |
839 | 0 | r = ndisc_reconfigure_address(address, link); |
840 | 0 | break; |
841 | 0 | default: |
842 | 0 | r = 0; |
843 | 0 | } |
844 | 0 | if (r < 0) |
845 | 0 | return log_link_warning_errno(link, r, "Failed to configure an alternative address: %m"); |
846 | | |
847 | 0 | return 0; |
848 | 0 | } |
849 | | |
850 | 0 | static int address_drop(Address *in, bool removed_by_us) { |
851 | 0 | _cleanup_(address_unrefp) Address *address = address_ref(ASSERT_PTR(in)); |
852 | 0 | Link *link = ASSERT_PTR(address->link); |
853 | 0 | int r; |
854 | |
|
855 | 0 | r = address_set_masquerade(address, /* add = */ false); |
856 | 0 | if (r < 0) |
857 | 0 | log_link_warning_errno(link, r, "Failed to disable IP masquerading, ignoring: %m"); |
858 | |
|
859 | 0 | address_modify_nft_set(address, /* add = */ false); |
860 | |
|
861 | 0 | address_del_netlabel(address); |
862 | | |
863 | | /* FIXME: if the IPv6LL address is dropped, stop DHCPv6, NDISC, RADV. */ |
864 | 0 | if (address->family == AF_INET6 && |
865 | 0 | in6_addr_equal(&address->in_addr.in6, &link->ipv6ll_address)) |
866 | 0 | link->ipv6ll_address = (const struct in6_addr) {}; |
867 | |
|
868 | 0 | ipv4acd_detach(link, address); |
869 | |
|
870 | 0 | address_detach(address); |
871 | |
|
872 | 0 | if (!removed_by_us) { |
873 | 0 | r = address_removed_maybe_kernel_dad(link, address); |
874 | 0 | if (r < 0) { |
875 | 0 | link_enter_failed(link); |
876 | 0 | return r; |
877 | 0 | } |
878 | 0 | } |
879 | | |
880 | 0 | link_update_operstate(link, /* also_update_bond_master = */ true); |
881 | 0 | link_check_ready(link); |
882 | 0 | return 0; |
883 | 0 | } |
884 | | |
885 | 0 | static bool address_match_null(const Address *a, const Address *null_address) { |
886 | 0 | assert(a); |
887 | 0 | assert(null_address); |
888 | |
|
889 | 0 | if (!a->requested_as_null) |
890 | 0 | return false; |
891 | | |
892 | | /* Currently, null address is supported only by static addresses. Note that static |
893 | | * address may be set as foreign during reconfiguring the interface. */ |
894 | 0 | if (!IN_SET(a->source, NETWORK_CONFIG_SOURCE_FOREIGN, NETWORK_CONFIG_SOURCE_STATIC)) |
895 | 0 | return false; |
896 | | |
897 | 0 | if (a->family != null_address->family) |
898 | 0 | return false; |
899 | | |
900 | 0 | if (a->prefixlen != null_address->prefixlen) |
901 | 0 | return false; |
902 | | |
903 | 0 | return true; |
904 | 0 | } |
905 | | |
906 | 0 | static int address_get_request(Link *link, const Address *address, Request **ret) { |
907 | 0 | Request *req; |
908 | |
|
909 | 0 | assert(link); |
910 | 0 | assert(link->manager); |
911 | 0 | assert(address); |
912 | |
|
913 | 0 | req = ordered_set_get( |
914 | 0 | link->manager->request_queue, |
915 | 0 | &(Request) { |
916 | 0 | .link = link, |
917 | 0 | .type = REQUEST_TYPE_ADDRESS, |
918 | 0 | .userdata = (void*) address, |
919 | 0 | .hash_func = (hash_func_t) address_hash_func, |
920 | 0 | .compare_func = (compare_func_t) address_compare_func, |
921 | 0 | }); |
922 | 0 | if (req) { |
923 | 0 | if (ret) |
924 | 0 | *ret = req; |
925 | 0 | return 0; |
926 | 0 | } |
927 | | |
928 | 0 | if (address_is_static_null(address)) |
929 | 0 | ORDERED_SET_FOREACH(req, link->manager->request_queue) { |
930 | 0 | if (req->link != link) |
931 | 0 | continue; |
932 | 0 | if (req->type != REQUEST_TYPE_ADDRESS) |
933 | 0 | continue; |
934 | | |
935 | 0 | if (!address_match_null(req->userdata, address)) |
936 | 0 | continue; |
937 | | |
938 | 0 | if (ret) |
939 | 0 | *ret = req; |
940 | |
|
941 | 0 | return 0; |
942 | 0 | } |
943 | | |
944 | 0 | return -ENOENT; |
945 | 0 | } |
946 | | |
947 | 0 | int address_get(Link *link, const Address *in, Address **ret) { |
948 | 0 | Address *a; |
949 | |
|
950 | 0 | assert(link); |
951 | 0 | assert(in); |
952 | |
|
953 | 0 | a = set_get(link->addresses, in); |
954 | 0 | if (a) { |
955 | 0 | if (ret) |
956 | 0 | *ret = a; |
957 | 0 | return 0; |
958 | 0 | } |
959 | | |
960 | | /* Find matching address that originally requested as null address. */ |
961 | 0 | if (address_is_static_null(in)) |
962 | 0 | SET_FOREACH(a, link->addresses) { |
963 | 0 | if (!address_match_null(a, in)) |
964 | 0 | continue; |
965 | | |
966 | 0 | if (ret) |
967 | 0 | *ret = a; |
968 | 0 | return 0; |
969 | 0 | } |
970 | | |
971 | 0 | return -ENOENT; |
972 | 0 | } |
973 | | |
974 | 0 | int address_get_harder(Link *link, const Address *in, Address **ret) { |
975 | 0 | Request *req; |
976 | 0 | int r; |
977 | |
|
978 | 0 | assert(link); |
979 | 0 | assert(in); |
980 | |
|
981 | 0 | if (address_get(link, in, ret) >= 0) |
982 | 0 | return 0; |
983 | | |
984 | 0 | r = address_get_request(link, in, &req); |
985 | 0 | if (r < 0) |
986 | 0 | return r; |
987 | | |
988 | 0 | if (ret) |
989 | 0 | *ret = ASSERT_PTR(req->userdata); |
990 | |
|
991 | 0 | return 0; |
992 | 0 | } |
993 | | |
994 | | int link_get_address_full( |
995 | | Link *link, |
996 | | int family, |
997 | | const union in_addr_union *address, |
998 | | const union in_addr_union *peer, /* optional, can be NULL */ |
999 | | unsigned char prefixlen, /* optional, can be 0 */ |
1000 | 0 | Address **ret) { |
1001 | |
|
1002 | 0 | Address *a; |
1003 | 0 | int r; |
1004 | |
|
1005 | 0 | assert(link); |
1006 | 0 | assert(IN_SET(family, AF_INET, AF_INET6)); |
1007 | 0 | assert(address); |
1008 | | |
1009 | | /* This finds an Address object on the link which matches the given address, peer, and prefix length. |
1010 | | * If the prefixlen is zero, then an Address object with an arbitrary prefixlen will be returned. |
1011 | | * If the peer is NULL, then an Address object with an arbitrary peer will be returned. */ |
1012 | |
|
1013 | 0 | if (family == AF_INET6 || (prefixlen != 0 && peer)) { |
1014 | 0 | _cleanup_(address_unrefp) Address *tmp = NULL; |
1015 | | |
1016 | | /* In this case, we can use address_get(). */ |
1017 | |
|
1018 | 0 | r = address_new(&tmp); |
1019 | 0 | if (r < 0) |
1020 | 0 | return r; |
1021 | | |
1022 | 0 | tmp->family = family; |
1023 | 0 | tmp->in_addr = *address; |
1024 | 0 | if (peer) |
1025 | 0 | tmp->in_addr_peer = *peer; |
1026 | 0 | tmp->prefixlen = prefixlen; |
1027 | |
|
1028 | 0 | r = address_get(link, tmp, &a); |
1029 | 0 | if (r < 0) |
1030 | 0 | return r; |
1031 | | |
1032 | 0 | if (family == AF_INET6) { |
1033 | | /* IPv6 addresses are managed without peer address and prefix length. Hence, we need |
1034 | | * to check them explicitly. */ |
1035 | 0 | if (peer && !in_addr_equal(family, &a->in_addr_peer, peer)) |
1036 | 0 | return -ENOENT; |
1037 | 0 | if (prefixlen != 0 && a->prefixlen != prefixlen) |
1038 | 0 | return -ENOENT; |
1039 | 0 | } |
1040 | | |
1041 | 0 | if (ret) |
1042 | 0 | *ret = a; |
1043 | |
|
1044 | 0 | return 0; |
1045 | 0 | } |
1046 | | |
1047 | 0 | SET_FOREACH(a, link->addresses) { |
1048 | 0 | if (a->family != family) |
1049 | 0 | continue; |
1050 | | |
1051 | 0 | if (!in_addr_equal(family, &a->in_addr, address)) |
1052 | 0 | continue; |
1053 | | |
1054 | 0 | if (peer && !in_addr_equal(family, &a->in_addr_peer, peer)) |
1055 | 0 | continue; |
1056 | | |
1057 | 0 | if (prefixlen != 0 && a->prefixlen != prefixlen) |
1058 | 0 | continue; |
1059 | | |
1060 | 0 | if (ret) |
1061 | 0 | *ret = a; |
1062 | |
|
1063 | 0 | return 0; |
1064 | 0 | } |
1065 | | |
1066 | 0 | return -ENOENT; |
1067 | 0 | } |
1068 | | |
1069 | | int manager_get_address_full( |
1070 | | Manager *manager, |
1071 | | int family, |
1072 | | const union in_addr_union *address, |
1073 | | const union in_addr_union *peer, |
1074 | | unsigned char prefixlen, |
1075 | 0 | Address **ret) { |
1076 | |
|
1077 | 0 | Link *link; |
1078 | |
|
1079 | 0 | assert(manager); |
1080 | 0 | assert(IN_SET(family, AF_INET, AF_INET6)); |
1081 | 0 | assert(address); |
1082 | |
|
1083 | 0 | HASHMAP_FOREACH(link, manager->links_by_index) { |
1084 | 0 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) |
1085 | 0 | continue; |
1086 | | |
1087 | 0 | if (link_get_address_full(link, family, address, peer, prefixlen, ret) >= 0) |
1088 | 0 | return 0; |
1089 | 0 | } |
1090 | | |
1091 | 0 | return -ENOENT; |
1092 | 0 | } |
1093 | | |
1094 | 0 | const char* format_lifetime(char *buf, size_t l, usec_t lifetime_usec) { |
1095 | 0 | assert(buf); |
1096 | 0 | assert(l > 4); |
1097 | |
|
1098 | 0 | if (lifetime_usec == USEC_INFINITY) |
1099 | 0 | return "forever"; |
1100 | | |
1101 | 0 | sprintf(buf, "for "); |
1102 | | /* format_timespan() never fails */ |
1103 | 0 | assert_se(format_timespan(buf + 4, l - 4, usec_sub_unsigned(lifetime_usec, now(CLOCK_BOOTTIME)), USEC_PER_SEC)); |
1104 | 0 | return buf; |
1105 | 0 | } |
1106 | | |
1107 | 0 | void log_address_debug(const Address *address, const char *str, const Link *link) { |
1108 | 0 | _cleanup_free_ char *state = NULL, *flags_str = NULL, *scope_str = NULL; |
1109 | |
|
1110 | 0 | assert(address); |
1111 | 0 | assert(str); |
1112 | 0 | assert(link); |
1113 | |
|
1114 | 0 | if (!DEBUG_LOGGING) |
1115 | 0 | return; |
1116 | | |
1117 | 0 | (void) network_config_state_to_string_alloc(address->state, &state); |
1118 | |
|
1119 | 0 | const char *peer = in_addr_is_set(address->family, &address->in_addr_peer) ? |
1120 | 0 | IN_ADDR_TO_STRING(address->family, &address->in_addr_peer) : NULL; |
1121 | |
|
1122 | 0 | const char *broadcast = (address->family == AF_INET && in4_addr_is_set(&address->broadcast)) ? |
1123 | 0 | IN4_ADDR_TO_STRING(&address->broadcast) : NULL; |
1124 | |
|
1125 | 0 | (void) address_flags_to_string_alloc(address->flags, address->family, &flags_str); |
1126 | 0 | (void) route_scope_to_string_alloc(address->scope, &scope_str); |
1127 | |
|
1128 | 0 | log_link_debug(link, "%s %s address (%s): %s%s%s/%u%s%s (valid %s, preferred %s), flags: %s, scope: %s%s%s", |
1129 | 0 | str, strna(network_config_source_to_string(address->source)), strna(state), |
1130 | 0 | IN_ADDR_TO_STRING(address->family, &address->in_addr), |
1131 | 0 | peer ? " peer " : "", strempty(peer), address->prefixlen, |
1132 | 0 | broadcast ? " broadcast " : "", strempty(broadcast), |
1133 | 0 | FORMAT_LIFETIME(address->lifetime_valid_usec), |
1134 | 0 | FORMAT_LIFETIME(address->lifetime_preferred_usec), |
1135 | 0 | strna(flags_str), strna(scope_str), |
1136 | 0 | address->family == AF_INET ? ", label: " : "", |
1137 | 0 | address->family == AF_INET ? strna(address->label) : ""); |
1138 | 0 | } |
1139 | | |
1140 | 0 | static void address_forget(Link *link, Address *address, bool removed_by_us, const char *msg) { |
1141 | 0 | assert(link); |
1142 | 0 | assert(address); |
1143 | 0 | assert(msg); |
1144 | |
|
1145 | 0 | Request *req; |
1146 | 0 | if (address_get_request(link, address, &req) >= 0) |
1147 | 0 | address_enter_removed(req->userdata); |
1148 | |
|
1149 | 0 | if (!address->link && address_get(link, address, &address) < 0) |
1150 | 0 | return; |
1151 | | |
1152 | 0 | address_enter_removed(address); |
1153 | 0 | log_address_debug(address, msg, link); |
1154 | 0 | (void) address_drop(address, removed_by_us); |
1155 | 0 | } |
1156 | | |
1157 | 0 | static int address_set_netlink_message(const Address *address, sd_netlink_message *m, Link *link) { |
1158 | 0 | int r; |
1159 | |
|
1160 | 0 | assert(address); |
1161 | 0 | assert(m); |
1162 | 0 | assert(link); |
1163 | |
|
1164 | 0 | r = sd_rtnl_message_addr_set_prefixlen(m, address->prefixlen); |
1165 | 0 | if (r < 0) |
1166 | 0 | return r; |
1167 | | |
1168 | | /* On remove, only IFA_F_MANAGETEMPADDR flag for IPv6 addresses are used. But anyway, set all |
1169 | | * flags except tentative flag here unconditionally. Without setting the flag, the template |
1170 | | * addresses generated by kernel will not be removed automatically when the main address is |
1171 | | * removed. */ |
1172 | 0 | uint32_t flags = address->flags & ~IFA_F_TENTATIVE; |
1173 | 0 | if (flags != 0) { |
1174 | 0 | r = sd_netlink_message_append_u32(m, IFA_FLAGS, flags); |
1175 | 0 | if (r < 0) |
1176 | 0 | return r; |
1177 | 0 | } |
1178 | | |
1179 | 0 | r = netlink_message_append_in_addr_union(m, IFA_LOCAL, address->family, &address->in_addr); |
1180 | 0 | if (r < 0) |
1181 | 0 | return r; |
1182 | | |
1183 | 0 | return 0; |
1184 | 0 | } |
1185 | | |
1186 | 0 | static int address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, RemoveRequest *rreq) { |
1187 | 0 | int r; |
1188 | |
|
1189 | 0 | assert(m); |
1190 | 0 | assert(rreq); |
1191 | |
|
1192 | 0 | Link *link = ASSERT_PTR(rreq->link); |
1193 | 0 | Address *address = ASSERT_PTR(rreq->userdata); |
1194 | |
|
1195 | 0 | if (link->state == LINK_STATE_LINGER) |
1196 | 0 | return 0; |
1197 | | |
1198 | 0 | r = sd_netlink_message_get_errno(m); |
1199 | 0 | if (r < 0) { |
1200 | 0 | log_link_message_full_errno(link, m, |
1201 | 0 | (r == -EADDRNOTAVAIL || !address->link) ? LOG_DEBUG : LOG_WARNING, |
1202 | 0 | r, "Could not drop address"); |
1203 | | |
1204 | | /* If the address cannot be removed, then assume the address is already removed. */ |
1205 | 0 | address_forget(link, address, /* removed_by_us = */ true, "Forgetting"); |
1206 | 0 | } |
1207 | |
|
1208 | 0 | return 1; |
1209 | 0 | } |
1210 | | |
1211 | 0 | int address_remove(Address *address, Link *link) { |
1212 | 0 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; |
1213 | 0 | int r; |
1214 | |
|
1215 | 0 | assert(address); |
1216 | 0 | assert(IN_SET(address->family, AF_INET, AF_INET6)); |
1217 | 0 | assert(link); |
1218 | 0 | assert(link->ifindex > 0); |
1219 | 0 | assert(link->manager); |
1220 | 0 | assert(link->manager->rtnl); |
1221 | | |
1222 | | /* If the address is remembered, use the remembered object. */ |
1223 | 0 | (void) address_get(link, address, &address); |
1224 | |
|
1225 | 0 | log_address_debug(address, "Removing", link); |
1226 | |
|
1227 | 0 | r = sd_rtnl_message_new_addr(link->manager->rtnl, &m, RTM_DELADDR, |
1228 | 0 | link->ifindex, address->family); |
1229 | 0 | if (r < 0) |
1230 | 0 | return log_link_warning_errno(link, r, "Could not allocate RTM_DELADDR message: %m"); |
1231 | | |
1232 | 0 | r = address_set_netlink_message(address, m, link); |
1233 | 0 | if (r < 0) |
1234 | 0 | return log_link_warning_errno(link, r, "Could not set netlink attributes: %m"); |
1235 | | |
1236 | 0 | r = link_remove_request_add(link, address, address, link->manager->rtnl, m, address_remove_handler); |
1237 | 0 | if (r < 0) |
1238 | 0 | return log_link_warning_errno(link, r, "Could not queue rtnetlink message: %m"); |
1239 | | |
1240 | 0 | address_enter_removing(address); |
1241 | | |
1242 | | /* The operational state is determined by address state and carrier state. Hence, if we remove |
1243 | | * an address, the operational state may be changed. */ |
1244 | 0 | link_update_operstate(link, true); |
1245 | 0 | return 0; |
1246 | 0 | } |
1247 | | |
1248 | 0 | int address_remove_and_cancel(Address *address, Link *link) { |
1249 | 0 | _cleanup_(request_unrefp) Request *req = NULL; |
1250 | 0 | bool waiting = false; |
1251 | |
|
1252 | 0 | assert(address); |
1253 | 0 | assert(link); |
1254 | 0 | assert(link->manager); |
1255 | | |
1256 | | /* If the address is remembered by the link, then use the remembered object. */ |
1257 | 0 | (void) address_get(link, address, &address); |
1258 | | |
1259 | | /* Cancel the request for the address. If the request is already called but we have not received the |
1260 | | * notification about the request, then explicitly remove the address. */ |
1261 | 0 | if (address_get_request(link, address, &req) >= 0) { |
1262 | 0 | request_ref(req); /* avoid the request freed by request_detach() */ |
1263 | 0 | waiting = req->waiting_reply; |
1264 | 0 | request_detach(req); |
1265 | 0 | address_cancel_requesting(address); |
1266 | 0 | } |
1267 | | |
1268 | | /* If we know the address will come or already exists, remove it. */ |
1269 | 0 | if (waiting || (address->link && address_exists(address))) |
1270 | 0 | return address_remove(address, link); |
1271 | | |
1272 | 0 | return 0; |
1273 | 0 | } |
1274 | | |
1275 | 0 | bool link_address_is_dynamic(const Link *link, const Address *address) { |
1276 | 0 | Route *route; |
1277 | |
|
1278 | 0 | assert(link); |
1279 | 0 | assert(link->manager); |
1280 | 0 | assert(address); |
1281 | |
|
1282 | 0 | if (address->lifetime_preferred_usec != USEC_INFINITY) |
1283 | 0 | return true; |
1284 | | |
1285 | | /* There is no way to drtermine if the IPv6 address is dynamic when the lifetime is infinity. */ |
1286 | 0 | if (address->family != AF_INET) |
1287 | 0 | return false; |
1288 | | |
1289 | | /* Even if an IPv4 address is leased from a DHCP server with a finite lifetime, networkd assign the |
1290 | | * address without lifetime when KeepConfiguration=dynamic. So, let's check that we have |
1291 | | * corresponding routes with RTPROT_DHCP. */ |
1292 | 0 | SET_FOREACH(route, link->manager->routes) { |
1293 | 0 | if (route->source != NETWORK_CONFIG_SOURCE_FOREIGN) |
1294 | 0 | continue; |
1295 | | |
1296 | | /* The route is not assigned yet, or already being removed. Ignoring. */ |
1297 | 0 | if (!route_exists(route)) |
1298 | 0 | continue; |
1299 | | |
1300 | 0 | if (route->protocol != RTPROT_DHCP) |
1301 | 0 | continue; |
1302 | | |
1303 | 0 | if (route->nexthop.ifindex != link->ifindex) |
1304 | 0 | continue; |
1305 | | |
1306 | 0 | if (address->family != route->family) |
1307 | 0 | continue; |
1308 | | |
1309 | 0 | if (in_addr_equal(address->family, &address->in_addr, &route->prefsrc)) |
1310 | 0 | return true; |
1311 | 0 | } |
1312 | | |
1313 | 0 | return false; |
1314 | 0 | } |
1315 | | |
1316 | 0 | int link_drop_ipv6ll_addresses(Link *link) { |
1317 | 0 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL; |
1318 | 0 | int r; |
1319 | |
|
1320 | 0 | assert(link); |
1321 | 0 | assert(link->manager); |
1322 | 0 | assert(link->manager->rtnl); |
1323 | | |
1324 | | /* IPv6LL address may be in the tentative state, and in that case networkd has not received it. |
1325 | | * So, we need to dump all IPv6 addresses. */ |
1326 | |
|
1327 | 0 | if (link_may_have_ipv6ll(link, /* check_multicast = */ false)) |
1328 | 0 | return 0; |
1329 | | |
1330 | 0 | r = sd_rtnl_message_new_addr(link->manager->rtnl, &req, RTM_GETADDR, link->ifindex, AF_INET6); |
1331 | 0 | if (r < 0) |
1332 | 0 | return r; |
1333 | | |
1334 | 0 | r = sd_netlink_message_set_request_dump(req, true); |
1335 | 0 | if (r < 0) |
1336 | 0 | return r; |
1337 | | |
1338 | 0 | r = sd_netlink_call(link->manager->rtnl, req, 0, &reply); |
1339 | 0 | if (r < 0) |
1340 | 0 | return r; |
1341 | | |
1342 | 0 | for (sd_netlink_message *addr = reply; addr; addr = sd_netlink_message_next(addr)) { |
1343 | 0 | _cleanup_(address_unrefp) Address *a = NULL; |
1344 | 0 | unsigned char prefixlen; |
1345 | 0 | struct in6_addr address; |
1346 | 0 | int ifindex; |
1347 | | |
1348 | | /* We set ifindex in the request, and NETLINK_GET_STRICT_CHK socket option is set. Hence the |
1349 | | * check below is redundant, but let's do that for safety. */ |
1350 | 0 | r = sd_rtnl_message_addr_get_ifindex(addr, &ifindex); |
1351 | 0 | if (r < 0) { |
1352 | 0 | log_link_debug_errno(link, r, "rtnl: received address message without valid ifindex, ignoring: %m"); |
1353 | 0 | continue; |
1354 | 0 | } else if (link->ifindex != ifindex) |
1355 | 0 | continue; |
1356 | | |
1357 | 0 | uint32_t flags; |
1358 | 0 | r = sd_netlink_message_read_u32(addr, IFA_FLAGS, &flags); |
1359 | 0 | if (r < 0) { |
1360 | 0 | log_link_debug_errno(link, r, "rtnl: Failed to read IFA_FLAGS attribute, ignoring: %m"); |
1361 | 0 | continue; |
1362 | 0 | } |
1363 | | |
1364 | 0 | r = sd_rtnl_message_addr_get_prefixlen(addr, &prefixlen); |
1365 | 0 | if (r < 0) { |
1366 | 0 | log_link_debug_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m"); |
1367 | 0 | continue; |
1368 | 0 | } |
1369 | | |
1370 | 0 | if (sd_netlink_message_read_in6_addr(addr, IFA_LOCAL, NULL) >= 0) |
1371 | | /* address with peer, ignoring. */ |
1372 | 0 | continue; |
1373 | | |
1374 | 0 | r = sd_netlink_message_read_in6_addr(addr, IFA_ADDRESS, &address); |
1375 | 0 | if (r < 0) { |
1376 | 0 | log_link_debug_errno(link, r, "rtnl: received address message without valid address, ignoring: %m"); |
1377 | 0 | continue; |
1378 | 0 | } |
1379 | | |
1380 | 0 | if (!in6_addr_is_link_local(&address)) |
1381 | 0 | continue; |
1382 | | |
1383 | 0 | r = address_new(&a); |
1384 | 0 | if (r < 0) |
1385 | 0 | return -ENOMEM; |
1386 | | |
1387 | 0 | a->family = AF_INET6; |
1388 | 0 | a->in_addr.in6 = address; |
1389 | 0 | a->prefixlen = prefixlen; |
1390 | 0 | a->flags = flags; |
1391 | |
|
1392 | 0 | r = address_remove(a, link); |
1393 | 0 | if (r < 0) |
1394 | 0 | return r; |
1395 | 0 | } |
1396 | | |
1397 | 0 | return 0; |
1398 | 0 | } |
1399 | | |
1400 | 0 | int link_drop_unmanaged_addresses(Link *link) { |
1401 | 0 | Address *address; |
1402 | 0 | int r = 0; |
1403 | |
|
1404 | 0 | assert(link); |
1405 | 0 | assert(link->network); |
1406 | | |
1407 | | /* First, mark all addresses. */ |
1408 | 0 | SET_FOREACH(address, link->addresses) { |
1409 | | /* We consider IPv6LL addresses to be managed by the kernel, or dropped in link_drop_ipv6ll_addresses() */ |
1410 | 0 | if (address->family == AF_INET6 && in6_addr_is_link_local(&address->in_addr.in6)) |
1411 | 0 | continue; |
1412 | | |
1413 | | /* Do not remove localhost address (127.0.0.1 and ::1) */ |
1414 | 0 | if (link->flags & IFF_LOOPBACK && in_addr_is_localhost_one(address->family, &address->in_addr) > 0) |
1415 | 0 | continue; |
1416 | | |
1417 | | /* Ignore addresses not assigned yet or already removing. */ |
1418 | 0 | if (!address_exists(address)) |
1419 | 0 | continue; |
1420 | | |
1421 | 0 | if (address->source == NETWORK_CONFIG_SOURCE_FOREIGN) { |
1422 | 0 | if (link->network->keep_configuration == KEEP_CONFIGURATION_YES) |
1423 | 0 | continue; |
1424 | | |
1425 | | /* link_address_is_dynamic() is slightly heavy. Let's call the function only when |
1426 | | * KeepConfiguration=dynamic or static. */ |
1427 | 0 | if (IN_SET(link->network->keep_configuration, KEEP_CONFIGURATION_DYNAMIC, KEEP_CONFIGURATION_STATIC) && |
1428 | 0 | link_address_is_dynamic(link, address) == (link->network->keep_configuration == KEEP_CONFIGURATION_DYNAMIC)) |
1429 | 0 | continue; |
1430 | |
|
1431 | 0 | } else if (address->source != NETWORK_CONFIG_SOURCE_STATIC) |
1432 | 0 | continue; /* Ignore dynamically configurad addresses. */ |
1433 | | |
1434 | 0 | address_mark(address); |
1435 | 0 | } |
1436 | | |
1437 | | /* Then, unmark requested addresses. */ |
1438 | 0 | ORDERED_HASHMAP_FOREACH(address, link->network->addresses_by_section) { |
1439 | 0 | Address *existing; |
1440 | |
|
1441 | 0 | if (address_get(link, address, &existing) < 0) |
1442 | 0 | continue; |
1443 | | |
1444 | 0 | if (!address_can_update(existing, address)) |
1445 | 0 | continue; |
1446 | | |
1447 | | /* Found matching static configuration. Keep the existing address. */ |
1448 | 0 | address_unmark(existing); |
1449 | 0 | } |
1450 | | |
1451 | | /* Finally, remove all marked addresses. */ |
1452 | 0 | SET_FOREACH(address, link->addresses) { |
1453 | 0 | if (!address_is_marked(address)) |
1454 | 0 | continue; |
1455 | | |
1456 | 0 | RET_GATHER(r, address_remove(address, link)); |
1457 | 0 | } |
1458 | |
|
1459 | 0 | return r; |
1460 | 0 | } |
1461 | | |
1462 | 0 | int link_drop_static_addresses(Link *link) { |
1463 | 0 | Address *address; |
1464 | 0 | int r = 0; |
1465 | |
|
1466 | 0 | assert(link); |
1467 | |
|
1468 | 0 | SET_FOREACH(address, link->addresses) { |
1469 | | /* Remove only static addresses here. Dynamic addresses will be removed e.g. on lease |
1470 | | * expiration or stopping the DHCP client. */ |
1471 | 0 | if (address->source != NETWORK_CONFIG_SOURCE_STATIC) |
1472 | 0 | continue; |
1473 | | |
1474 | | /* Ignore addresses not assigned yet or already removing. */ |
1475 | 0 | if (!address_exists(address)) |
1476 | 0 | continue; |
1477 | | |
1478 | 0 | RET_GATHER(r, address_remove(address, link)); |
1479 | 0 | } |
1480 | |
|
1481 | 0 | return r; |
1482 | 0 | } |
1483 | | |
1484 | 0 | int address_configure_handler_internal(sd_netlink_message *m, Link *link, Address *address) { |
1485 | 0 | int r; |
1486 | |
|
1487 | 0 | assert(m); |
1488 | 0 | assert(link); |
1489 | 0 | assert(address); |
1490 | |
|
1491 | 0 | r = sd_netlink_message_get_errno(m); |
1492 | 0 | if (r < 0 && r != -EEXIST) { |
1493 | 0 | log_link_message_warning_errno(link, m, r, "Failed to set %s address %s", |
1494 | 0 | network_config_source_to_string(address->source), |
1495 | 0 | IN_ADDR_TO_STRING(address->family, &address->in_addr)); |
1496 | 0 | link_enter_failed(link); |
1497 | 0 | return 0; |
1498 | 0 | } |
1499 | | |
1500 | 0 | return 1; |
1501 | 0 | } |
1502 | | |
1503 | 0 | static int address_configure(const Address *address, const struct ifa_cacheinfo *c, Link *link, Request *req) { |
1504 | 0 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; |
1505 | 0 | int r; |
1506 | |
|
1507 | 0 | assert(address); |
1508 | 0 | assert(IN_SET(address->family, AF_INET, AF_INET6)); |
1509 | 0 | assert(c); |
1510 | 0 | assert(link); |
1511 | 0 | assert(link->ifindex > 0); |
1512 | 0 | assert(link->manager); |
1513 | 0 | assert(link->manager->rtnl); |
1514 | 0 | assert(req); |
1515 | |
|
1516 | 0 | log_address_debug(address, "Configuring", link); |
1517 | |
|
1518 | 0 | r = sd_rtnl_message_new_addr_update(link->manager->rtnl, &m, link->ifindex, address->family); |
1519 | 0 | if (r < 0) |
1520 | 0 | return r; |
1521 | | |
1522 | 0 | r = address_set_netlink_message(address, m, link); |
1523 | 0 | if (r < 0) |
1524 | 0 | return r; |
1525 | | |
1526 | 0 | r = sd_rtnl_message_addr_set_scope(m, address->scope); |
1527 | 0 | if (r < 0) |
1528 | 0 | return r; |
1529 | | |
1530 | 0 | if (address->family == AF_INET6 || in_addr_is_set(address->family, &address->in_addr_peer)) { |
1531 | 0 | r = netlink_message_append_in_addr_union(m, IFA_ADDRESS, address->family, &address->in_addr_peer); |
1532 | 0 | if (r < 0) |
1533 | 0 | return r; |
1534 | 0 | } else if (in4_addr_is_set(&address->broadcast)) { |
1535 | 0 | r = sd_netlink_message_append_in_addr(m, IFA_BROADCAST, &address->broadcast); |
1536 | 0 | if (r < 0) |
1537 | 0 | return r; |
1538 | 0 | } |
1539 | | |
1540 | 0 | if (address->family == AF_INET && address->label) { |
1541 | 0 | r = sd_netlink_message_append_string(m, IFA_LABEL, address->label); |
1542 | 0 | if (r < 0) |
1543 | 0 | return r; |
1544 | 0 | } |
1545 | | |
1546 | 0 | r = sd_netlink_message_append_cache_info(m, IFA_CACHEINFO, c); |
1547 | 0 | if (r < 0) |
1548 | 0 | return r; |
1549 | | |
1550 | 0 | r = sd_netlink_message_append_u32(m, IFA_RT_PRIORITY, address->route_metric); |
1551 | 0 | if (r < 0) |
1552 | 0 | return r; |
1553 | | |
1554 | 0 | return request_call_netlink_async(link->manager->rtnl, m, req); |
1555 | 0 | } |
1556 | | |
1557 | 0 | static int address_acquire(Link *link, const Address *address, union in_addr_union *ret) { |
1558 | 0 | union in_addr_union a; |
1559 | 0 | int r; |
1560 | |
|
1561 | 0 | assert(link); |
1562 | 0 | assert(address); |
1563 | 0 | assert(ret); |
1564 | |
|
1565 | 0 | r = address_acquire_from_dhcp_server_leases_file(link, address, ret); |
1566 | 0 | if (!IN_SET(r, -ENOENT, -ENXIO, -EINVAL)) |
1567 | 0 | return r; |
1568 | | |
1569 | 0 | r = address_pool_acquire(link->manager, address->family, address->prefixlen, &a); |
1570 | 0 | if (r < 0) |
1571 | 0 | return r; |
1572 | 0 | if (r == 0) |
1573 | 0 | return -EBUSY; |
1574 | | |
1575 | | /* Pick first address in range for ourselves. */ |
1576 | 0 | if (address->family == AF_INET) |
1577 | 0 | a.in.s_addr |= htobe32(1); |
1578 | 0 | else if (address->family == AF_INET6) |
1579 | 0 | a.in6.s6_addr[15] |= 1; |
1580 | 0 | else |
1581 | 0 | assert_not_reached(); |
1582 | |
|
1583 | 0 | *ret = a; |
1584 | 0 | return 0; |
1585 | 0 | } |
1586 | | |
1587 | 0 | static int address_requeue_request(Request *req, Link *link, const Address *address) { |
1588 | 0 | int r; |
1589 | |
|
1590 | 0 | assert(req); |
1591 | 0 | assert(link); |
1592 | 0 | assert(link->manager); |
1593 | 0 | assert(link->network); |
1594 | 0 | assert(address); |
1595 | | |
1596 | | /* Something useful was configured? just use it */ |
1597 | 0 | if (in_addr_is_set(address->family, &address->in_addr)) |
1598 | 0 | return 0; |
1599 | | |
1600 | | /* The address is configured to be 0.0.0.0 or [::] by the user? |
1601 | | * Then let's acquire something more useful. */ |
1602 | 0 | union in_addr_union a; |
1603 | 0 | r = address_acquire(link, address, &a); |
1604 | 0 | if (r < 0) |
1605 | 0 | return r; |
1606 | | |
1607 | 0 | _cleanup_(address_unrefp) Address *tmp = NULL; |
1608 | 0 | r = address_dup(address, &tmp); |
1609 | 0 | if (r < 0) |
1610 | 0 | return r; |
1611 | | |
1612 | 0 | tmp->in_addr = a; |
1613 | |
|
1614 | 0 | r = link_requeue_request(link, req, tmp, NULL); |
1615 | 0 | if (r < 0) |
1616 | 0 | return r; |
1617 | 0 | if (r == 0) |
1618 | 0 | return -EEXIST; /* Already queued?? Strange... */ |
1619 | | |
1620 | 0 | TAKE_PTR(tmp); |
1621 | 0 | return 1; /* A new request is queued. it is not necessary to process this request anymore. */ |
1622 | 0 | } |
1623 | | |
1624 | 0 | static int address_process_request(Request *req, Link *link, Address *address) { |
1625 | 0 | Address *existing; |
1626 | 0 | struct ifa_cacheinfo c; |
1627 | 0 | int r; |
1628 | |
|
1629 | 0 | assert(req); |
1630 | 0 | assert(link); |
1631 | 0 | assert(address); |
1632 | |
|
1633 | 0 | if (!link_is_ready_to_configure(link, false)) |
1634 | 0 | return 0; |
1635 | | |
1636 | | /* Refuse adding more than the limit */ |
1637 | 0 | if (set_size(link->addresses) >= ADDRESSES_PER_LINK_MAX) |
1638 | 0 | return 0; |
1639 | | |
1640 | 0 | r = address_requeue_request(req, link, address); |
1641 | 0 | if (r == -EBUSY) |
1642 | 0 | return 0; |
1643 | 0 | if (r != 0) |
1644 | 0 | return r; |
1645 | | |
1646 | 0 | address_set_broadcast(address, link); |
1647 | |
|
1648 | 0 | r = ipv4acd_configure(link, address); |
1649 | 0 | if (r < 0) |
1650 | 0 | return r; |
1651 | | |
1652 | 0 | if (!ipv4acd_bound(link, address)) |
1653 | 0 | return 0; |
1654 | | |
1655 | 0 | address_set_cinfo(link->manager, address, &c); |
1656 | 0 | if (c.ifa_valid == 0) { |
1657 | 0 | log_link_debug(link, "Refuse to configure %s address %s, as its valid lifetime is zero.", |
1658 | 0 | network_config_source_to_string(address->source), |
1659 | 0 | IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); |
1660 | |
|
1661 | 0 | address_cancel_requesting(address); |
1662 | 0 | if (address_get(link, address, &existing) >= 0) |
1663 | 0 | address_cancel_requesting(existing); |
1664 | 0 | return 1; |
1665 | 0 | } |
1666 | | |
1667 | 0 | r = address_configure(address, &c, link, req); |
1668 | 0 | if (r < 0) |
1669 | 0 | return log_link_warning_errno(link, r, "Failed to configure address: %m"); |
1670 | | |
1671 | 0 | address_enter_configuring(address); |
1672 | 0 | if (address_get(link, address, &existing) >= 0) |
1673 | 0 | address_enter_configuring(existing); |
1674 | |
|
1675 | 0 | return 1; |
1676 | 0 | } |
1677 | | |
1678 | | int link_request_address( |
1679 | | Link *link, |
1680 | | const Address *address, |
1681 | | unsigned *message_counter, |
1682 | | address_netlink_handler_t netlink_handler, |
1683 | 0 | Request **ret) { |
1684 | |
|
1685 | 0 | _cleanup_(address_unrefp) Address *tmp = NULL; |
1686 | 0 | Address *existing = NULL; |
1687 | 0 | int r; |
1688 | |
|
1689 | 0 | assert(link); |
1690 | 0 | assert(address); |
1691 | 0 | assert(address->source != NETWORK_CONFIG_SOURCE_FOREIGN); |
1692 | |
|
1693 | 0 | if (address->lifetime_valid_usec == 0) |
1694 | | /* The requested address is outdated. Let's ignore the request. */ |
1695 | 0 | return 0; |
1696 | | |
1697 | 0 | if (address_get_request(link, address, NULL) >= 0) |
1698 | 0 | return 0; /* already requested, skipping. */ |
1699 | | |
1700 | 0 | r = address_dup(address, &tmp); |
1701 | 0 | if (r < 0) |
1702 | 0 | return log_oom(); |
1703 | | |
1704 | 0 | if (address_get(link, address, &existing) >= 0) { |
1705 | | /* Copy already assigned address when it is requested as a null address. */ |
1706 | 0 | if (address_is_static_null(address)) |
1707 | 0 | tmp->in_addr = existing->in_addr; |
1708 | | |
1709 | | /* Copy state for logging below. */ |
1710 | 0 | tmp->state = existing->state; |
1711 | 0 | } |
1712 | |
|
1713 | 0 | log_address_debug(tmp, "Requesting", link); |
1714 | 0 | r = link_queue_request_safe(link, REQUEST_TYPE_ADDRESS, |
1715 | 0 | tmp, |
1716 | 0 | address_unref, |
1717 | 0 | address_hash_func, |
1718 | 0 | address_compare_func, |
1719 | 0 | address_process_request, |
1720 | 0 | message_counter, netlink_handler, ret); |
1721 | 0 | if (r < 0) |
1722 | 0 | return log_link_warning_errno(link, r, "Failed to request address: %m"); |
1723 | 0 | if (r == 0) |
1724 | 0 | return 0; |
1725 | | |
1726 | 0 | address_enter_requesting(tmp); |
1727 | 0 | if (existing) |
1728 | 0 | address_enter_requesting(existing); |
1729 | |
|
1730 | 0 | TAKE_PTR(tmp); |
1731 | 0 | return 1; |
1732 | 0 | } |
1733 | | |
1734 | 0 | static int static_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Address *address) { |
1735 | 0 | int r; |
1736 | |
|
1737 | 0 | assert(link); |
1738 | 0 | assert(address); |
1739 | |
|
1740 | 0 | r = address_configure_handler_internal(m, link, address); |
1741 | 0 | if (r <= 0) |
1742 | 0 | return r; |
1743 | | |
1744 | 0 | if (link->static_address_messages == 0) { |
1745 | 0 | log_link_debug(link, "Addresses set"); |
1746 | 0 | link->static_addresses_configured = true; |
1747 | 0 | link_check_ready(link); |
1748 | 0 | } |
1749 | |
|
1750 | 0 | return 1; |
1751 | 0 | } |
1752 | | |
1753 | 0 | int link_request_static_address(Link *link, const Address *address) { |
1754 | 0 | assert(link); |
1755 | 0 | assert(address); |
1756 | 0 | assert(address->source == NETWORK_CONFIG_SOURCE_STATIC); |
1757 | |
|
1758 | 0 | return link_request_address(link, address, &link->static_address_messages, |
1759 | 0 | static_address_handler, NULL); |
1760 | 0 | } |
1761 | | |
1762 | 0 | int link_request_static_addresses(Link *link) { |
1763 | 0 | Address *a; |
1764 | 0 | int r; |
1765 | |
|
1766 | 0 | assert(link); |
1767 | 0 | assert(link->network); |
1768 | |
|
1769 | 0 | link->static_addresses_configured = false; |
1770 | |
|
1771 | 0 | ORDERED_HASHMAP_FOREACH(a, link->network->addresses_by_section) { |
1772 | 0 | r = link_request_static_address(link, a); |
1773 | 0 | if (r < 0) |
1774 | 0 | return r; |
1775 | 0 | } |
1776 | | |
1777 | 0 | r = link_request_radv_addresses(link); |
1778 | 0 | if (r < 0) |
1779 | 0 | return r; |
1780 | | |
1781 | 0 | if (link->static_address_messages == 0) { |
1782 | 0 | link->static_addresses_configured = true; |
1783 | 0 | link_check_ready(link); |
1784 | 0 | } else { |
1785 | 0 | log_link_debug(link, "Setting addresses"); |
1786 | 0 | link_set_state(link, LINK_STATE_CONFIGURING); |
1787 | 0 | } |
1788 | |
|
1789 | 0 | return 0; |
1790 | 0 | } |
1791 | | |
1792 | 0 | int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) { |
1793 | 0 | int r; |
1794 | |
|
1795 | 0 | assert(rtnl); |
1796 | 0 | assert(message); |
1797 | 0 | assert(m); |
1798 | |
|
1799 | 0 | if (sd_netlink_message_is_error(message)) { |
1800 | 0 | r = sd_netlink_message_get_errno(message); |
1801 | 0 | if (r < 0) |
1802 | 0 | log_message_warning_errno(message, r, "rtnl: failed to receive address message, ignoring"); |
1803 | |
|
1804 | 0 | return 0; |
1805 | 0 | } |
1806 | | |
1807 | 0 | uint16_t type; |
1808 | 0 | r = sd_netlink_message_get_type(message, &type); |
1809 | 0 | if (r < 0) { |
1810 | 0 | log_warning_errno(r, "rtnl: could not get message type, ignoring: %m"); |
1811 | 0 | return 0; |
1812 | 0 | } else if (!IN_SET(type, RTM_NEWADDR, RTM_DELADDR)) { |
1813 | 0 | log_warning("rtnl: received unexpected message type %u when processing address, ignoring.", type); |
1814 | 0 | return 0; |
1815 | 0 | } |
1816 | | |
1817 | 0 | int ifindex; |
1818 | 0 | r = sd_rtnl_message_addr_get_ifindex(message, &ifindex); |
1819 | 0 | if (r < 0) { |
1820 | 0 | log_warning_errno(r, "rtnl: could not get ifindex from message, ignoring: %m"); |
1821 | 0 | return 0; |
1822 | 0 | } else if (ifindex <= 0) { |
1823 | 0 | log_warning("rtnl: received address message with invalid ifindex %d, ignoring.", ifindex); |
1824 | 0 | return 0; |
1825 | 0 | } |
1826 | | |
1827 | 0 | Link *link; |
1828 | 0 | r = link_get_by_index(m, ifindex, &link); |
1829 | 0 | if (r < 0) { |
1830 | | /* when enumerating we might be out of sync, but we will get the address again, so just |
1831 | | * ignore it */ |
1832 | 0 | if (!m->enumerating) |
1833 | 0 | log_warning("rtnl: received address for link '%d' we don't know about, ignoring.", ifindex); |
1834 | 0 | return 0; |
1835 | 0 | } |
1836 | | |
1837 | 0 | _cleanup_(address_unrefp) Address *tmp = NULL; |
1838 | 0 | r = address_new(&tmp); |
1839 | 0 | if (r < 0) |
1840 | 0 | return log_oom(); |
1841 | | |
1842 | | /* First, read minimal information to make address_get() work below. */ |
1843 | | |
1844 | 0 | r = sd_rtnl_message_addr_get_family(message, &tmp->family); |
1845 | 0 | if (r < 0) { |
1846 | 0 | log_link_warning(link, "rtnl: received address message without family, ignoring."); |
1847 | 0 | return 0; |
1848 | 0 | } else if (!IN_SET(tmp->family, AF_INET, AF_INET6)) { |
1849 | 0 | log_link_debug(link, "rtnl: received address message with invalid family '%i', ignoring.", tmp->family); |
1850 | 0 | return 0; |
1851 | 0 | } |
1852 | | |
1853 | 0 | r = sd_rtnl_message_addr_get_prefixlen(message, &tmp->prefixlen); |
1854 | 0 | if (r < 0) { |
1855 | 0 | log_link_warning_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m"); |
1856 | 0 | return 0; |
1857 | 0 | } |
1858 | | |
1859 | 0 | switch (tmp->family) { |
1860 | 0 | case AF_INET: |
1861 | 0 | r = sd_netlink_message_read_in_addr(message, IFA_LOCAL, &tmp->in_addr.in); |
1862 | 0 | if (r < 0) { |
1863 | 0 | log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m"); |
1864 | 0 | return 0; |
1865 | 0 | } |
1866 | | |
1867 | 0 | r = sd_netlink_message_read_in_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in); |
1868 | 0 | if (r < 0 && r != -ENODATA) { |
1869 | 0 | log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m"); |
1870 | 0 | return 0; |
1871 | 0 | } else if (r >= 0) { |
1872 | 0 | if (in4_addr_equal(&tmp->in_addr.in, &tmp->in_addr_peer.in)) |
1873 | 0 | tmp->in_addr_peer = IN_ADDR_NULL; |
1874 | 0 | } |
1875 | | |
1876 | 0 | break; |
1877 | | |
1878 | 0 | case AF_INET6: |
1879 | 0 | r = sd_netlink_message_read_in6_addr(message, IFA_LOCAL, &tmp->in_addr.in6); |
1880 | 0 | if (r >= 0) { |
1881 | | /* Have peer address. */ |
1882 | 0 | r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in6); |
1883 | 0 | if (r < 0) { |
1884 | 0 | log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m"); |
1885 | 0 | return 0; |
1886 | 0 | } |
1887 | 0 | } else if (r == -ENODATA) { |
1888 | | /* Does not have peer address. */ |
1889 | 0 | r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr.in6); |
1890 | 0 | if (r < 0) { |
1891 | 0 | log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m"); |
1892 | 0 | return 0; |
1893 | 0 | } |
1894 | 0 | } else { |
1895 | 0 | log_link_warning_errno(link, r, "rtnl: could not get local address from address message, ignoring: %m"); |
1896 | 0 | return 0; |
1897 | 0 | } |
1898 | | |
1899 | 0 | break; |
1900 | | |
1901 | 0 | default: |
1902 | 0 | assert_not_reached(); |
1903 | 0 | } |
1904 | | |
1905 | | /* Then, find the managed Address object corresponding to the received address. */ |
1906 | 0 | Address *address = NULL; |
1907 | 0 | (void) address_get(link, tmp, &address); |
1908 | |
|
1909 | 0 | if (type == RTM_DELADDR) { |
1910 | 0 | if (address) |
1911 | 0 | address_forget(link, address, |
1912 | 0 | /* removed_by_us = */ FLAGS_SET(address->state, NETWORK_CONFIG_STATE_REMOVING), |
1913 | 0 | "Forgetting removed"); |
1914 | 0 | else |
1915 | 0 | log_address_debug(tmp, "Kernel removed unknown", link); |
1916 | |
|
1917 | 0 | goto finalize; |
1918 | 0 | } |
1919 | | |
1920 | 0 | bool is_new = false; |
1921 | 0 | if (!address) { |
1922 | | /* If we did not know the address, then save it. */ |
1923 | 0 | r = address_attach(link, tmp); |
1924 | 0 | if (r < 0) { |
1925 | 0 | log_link_warning_errno(link, r, "Failed to save received address %s, ignoring: %m", |
1926 | 0 | IN_ADDR_PREFIX_TO_STRING(tmp->family, &tmp->in_addr, tmp->prefixlen)); |
1927 | 0 | return 0; |
1928 | 0 | } |
1929 | 0 | address = tmp; |
1930 | |
|
1931 | 0 | is_new = true; |
1932 | |
|
1933 | 0 | } else { |
1934 | | /* Otherwise, update the managed Address object with the netlink notification. */ |
1935 | 0 | address->prefixlen = tmp->prefixlen; |
1936 | 0 | address->in_addr_peer = tmp->in_addr_peer; |
1937 | 0 | } |
1938 | | |
1939 | | /* Also update information that cannot be obtained through netlink notification. */ |
1940 | 0 | Request *req = NULL; |
1941 | 0 | (void) address_get_request(link, tmp, &req); |
1942 | 0 | if (req && req->waiting_reply) { |
1943 | 0 | Address *a = ASSERT_PTR(req->userdata); |
1944 | |
|
1945 | 0 | address->source = a->source; |
1946 | 0 | address->provider = a->provider; |
1947 | 0 | (void) free_and_strdup_warn(&address->netlabel, a->netlabel); |
1948 | 0 | nft_set_context_clear(&address->nft_set_context); |
1949 | 0 | (void) nft_set_context_dup(&a->nft_set_context, &address->nft_set_context); |
1950 | 0 | address->requested_as_null = a->requested_as_null; |
1951 | 0 | address->callback = a->callback; |
1952 | |
|
1953 | 0 | ipv6_token_ref(a->token); |
1954 | 0 | ipv6_token_unref(address->token); |
1955 | 0 | address->token = a->token; |
1956 | 0 | } |
1957 | | |
1958 | | /* Then, update miscellaneous info. */ |
1959 | 0 | r = sd_rtnl_message_addr_get_scope(message, &address->scope); |
1960 | 0 | if (r < 0) |
1961 | 0 | log_link_debug_errno(link, r, "rtnl: received address message without scope, ignoring: %m"); |
1962 | |
|
1963 | 0 | if (address->family == AF_INET) { |
1964 | 0 | _cleanup_free_ char *label = NULL; |
1965 | |
|
1966 | 0 | r = sd_netlink_message_read_string_strdup(message, IFA_LABEL, &label); |
1967 | 0 | if (r >= 0) { |
1968 | 0 | if (!streq_ptr(label, link->ifname)) |
1969 | 0 | free_and_replace(address->label, label); |
1970 | 0 | } else if (r != -ENODATA) |
1971 | 0 | log_link_debug_errno(link, r, "rtnl: could not get label from address message, ignoring: %m"); |
1972 | |
|
1973 | 0 | r = sd_netlink_message_read_in_addr(message, IFA_BROADCAST, &address->broadcast); |
1974 | 0 | if (r < 0 && r != -ENODATA) |
1975 | 0 | log_link_debug_errno(link, r, "rtnl: could not get broadcast from address message, ignoring: %m"); |
1976 | 0 | } |
1977 | |
|
1978 | 0 | r = sd_netlink_message_read_u32(message, IFA_FLAGS, &address->flags); |
1979 | 0 | if (r < 0) |
1980 | 0 | log_link_debug_errno(link, r, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m"); |
1981 | |
|
1982 | 0 | struct ifa_cacheinfo cinfo; |
1983 | 0 | r = sd_netlink_message_read_cache_info(message, IFA_CACHEINFO, &cinfo); |
1984 | 0 | if (r >= 0) |
1985 | 0 | address_set_lifetime(m, address, &cinfo); |
1986 | 0 | else if (r != -ENODATA) |
1987 | 0 | log_link_debug_errno(link, r, "rtnl: failed to read IFA_CACHEINFO attribute, ignoring: %m"); |
1988 | |
|
1989 | 0 | r = sd_netlink_message_read_u32(message, IFA_RT_PRIORITY, &address->route_metric); |
1990 | 0 | if (r < 0 && r != -ENODATA) |
1991 | 0 | log_link_debug_errno(link, r, "rtnl: failed to read IFA_RT_PRIORITY attribute, ignoring: %m"); |
1992 | |
|
1993 | 0 | address_enter_configured(address); |
1994 | 0 | if (req) |
1995 | 0 | address_enter_configured(req->userdata); |
1996 | |
|
1997 | 0 | log_address_debug(address, is_new ? "Received new": "Received updated", link); |
1998 | | |
1999 | | /* address_update() logs internally, so we don't need to here. */ |
2000 | 0 | r = address_update(address); |
2001 | 0 | if (r < 0) |
2002 | 0 | link_enter_failed(link); |
2003 | |
|
2004 | 0 | finalize: |
2005 | 0 | if (tmp->family == AF_INET6) { |
2006 | 0 | r = dhcp4_update_ipv6_connectivity(link); |
2007 | 0 | if (r < 0) { |
2008 | 0 | log_link_warning_errno(link, r, "Failed to notify IPv6 connectivity to DHCPv4 client: %m"); |
2009 | 0 | link_enter_failed(link); |
2010 | 0 | } |
2011 | 0 | } |
2012 | |
|
2013 | 0 | return 1; |
2014 | 0 | } |
2015 | | |
2016 | | static int config_parse_broadcast( |
2017 | | const char *unit, |
2018 | | const char *filename, |
2019 | | unsigned line, |
2020 | | const char *section, |
2021 | | unsigned section_line, |
2022 | | const char *lvalue, |
2023 | | int ltype, |
2024 | | const char *rvalue, |
2025 | | void *data, |
2026 | 0 | void *userdata) { |
2027 | |
|
2028 | 0 | Address *address = ASSERT_PTR(userdata); |
2029 | 0 | int r; |
2030 | | |
2031 | | /* Do not check or set address->family here. It will be checked later in |
2032 | | * address_section_verify() -> address_section_adjust_broadcast() . */ |
2033 | |
|
2034 | 0 | if (isempty(rvalue)) { |
2035 | | /* The broadcast address will be calculated based on Address=, and set if the link is |
2036 | | * not a wireguard interface. */ |
2037 | 0 | address->broadcast = (struct in_addr) {}; |
2038 | 0 | address->set_broadcast = -1; |
2039 | 0 | return 1; |
2040 | 0 | } |
2041 | | |
2042 | 0 | r = parse_boolean(rvalue); |
2043 | 0 | if (r >= 0) { |
2044 | | /* The broadcast address will be calculated based on Address=. */ |
2045 | 0 | address->broadcast = (struct in_addr) {}; |
2046 | 0 | address->set_broadcast = r; |
2047 | 0 | return 1; |
2048 | 0 | } |
2049 | | |
2050 | 0 | r = config_parse_in_addr_non_null( |
2051 | 0 | unit, filename, line, section, section_line, |
2052 | 0 | lvalue, /* ltype = */ AF_INET, rvalue, |
2053 | 0 | &address->broadcast, /* userdata = */ NULL); |
2054 | 0 | if (r <= 0) |
2055 | 0 | return r; |
2056 | | |
2057 | 0 | address->set_broadcast = true; |
2058 | 0 | return 1; |
2059 | 0 | } |
2060 | | |
2061 | | static int config_parse_address( |
2062 | | const char *unit, |
2063 | | const char *filename, |
2064 | | unsigned line, |
2065 | | const char *section, |
2066 | | unsigned section_line, |
2067 | | const char *lvalue, |
2068 | | int ltype, |
2069 | | const char *rvalue, |
2070 | | void *data, |
2071 | 0 | void *userdata) { |
2072 | |
|
2073 | 0 | Address *address = ASSERT_PTR(userdata); |
2074 | 0 | union in_addr_union *a = ASSERT_PTR(data); |
2075 | 0 | struct in_addr_prefix prefix; |
2076 | 0 | int r; |
2077 | |
|
2078 | 0 | assert(rvalue); |
2079 | |
|
2080 | 0 | if (isempty(rvalue)) { |
2081 | | /* When an empty string is assigned, clear both Address= and Peer=. */ |
2082 | 0 | address->family = AF_UNSPEC; |
2083 | 0 | address->prefixlen = 0; |
2084 | 0 | address->in_addr = IN_ADDR_NULL; |
2085 | 0 | address->in_addr_peer = IN_ADDR_NULL; |
2086 | 0 | return 1; |
2087 | 0 | } |
2088 | | |
2089 | 0 | r = config_parse_in_addr_prefix(unit, filename, line, section, section_line, lvalue, /* ltype = */ true, rvalue, &prefix, /* userdata = */ NULL); |
2090 | 0 | if (r <= 0) |
2091 | 0 | return r; |
2092 | | |
2093 | 0 | if (address->family != AF_UNSPEC && prefix.family != address->family) { |
2094 | 0 | log_syntax(unit, LOG_WARNING, filename, line, 0, "Address is incompatible, ignoring assignment: %s", rvalue); |
2095 | 0 | return 0; |
2096 | 0 | } |
2097 | | |
2098 | 0 | address->family = prefix.family; |
2099 | 0 | address->prefixlen = prefix.prefixlen; |
2100 | 0 | *a = prefix.address; |
2101 | 0 | return 1; |
2102 | 0 | } |
2103 | | |
2104 | | static int config_parse_address_label( |
2105 | | const char *unit, |
2106 | | const char *filename, |
2107 | | unsigned line, |
2108 | | const char *section, |
2109 | | unsigned section_line, |
2110 | | const char *lvalue, |
2111 | | int ltype, |
2112 | | const char *rvalue, |
2113 | | void *data, |
2114 | 0 | void *userdata) { |
2115 | |
|
2116 | 0 | char **label = ASSERT_PTR(data); |
2117 | 0 | int r; |
2118 | |
|
2119 | 0 | if (!isempty(rvalue) && !address_label_valid(rvalue)) { |
2120 | 0 | log_syntax(unit, LOG_WARNING, filename, line, 0, |
2121 | 0 | "Interface label is too long or invalid, ignoring assignment: %s", rvalue); |
2122 | 0 | return 0; |
2123 | 0 | } |
2124 | | |
2125 | 0 | r = free_and_strdup_warn(label, empty_to_null(rvalue)); |
2126 | 0 | if (r < 0) |
2127 | 0 | return r; |
2128 | | |
2129 | 0 | return 1; |
2130 | 0 | } |
2131 | | |
2132 | | static int config_parse_address_lifetime( |
2133 | | const char *unit, |
2134 | | const char *filename, |
2135 | | unsigned line, |
2136 | | const char *section, |
2137 | | unsigned section_line, |
2138 | | const char *lvalue, |
2139 | | int ltype, |
2140 | | const char *rvalue, |
2141 | | void *data, |
2142 | 0 | void *userdata) { |
2143 | |
|
2144 | 0 | usec_t *usec = ASSERT_PTR(data); |
2145 | | |
2146 | | /* We accept only "forever", "infinity", empty, or "0". */ |
2147 | 0 | if (isempty(rvalue) || STR_IN_SET(rvalue, "forever", "infinity")) |
2148 | 0 | *usec = USEC_INFINITY; |
2149 | 0 | else if (streq(rvalue, "0")) |
2150 | 0 | *usec = 0; |
2151 | 0 | else { |
2152 | 0 | log_syntax(unit, LOG_WARNING, filename, line, 0, |
2153 | 0 | "Invalid PreferredLifetime= value, ignoring: %s", rvalue); |
2154 | 0 | return 0; |
2155 | 0 | } |
2156 | | |
2157 | 0 | return 1; |
2158 | 0 | } |
2159 | | |
2160 | | static int config_parse_address_scope( |
2161 | | const char *unit, |
2162 | | const char *filename, |
2163 | | unsigned line, |
2164 | | const char *section, |
2165 | | unsigned section_line, |
2166 | | const char *lvalue, |
2167 | | int ltype, |
2168 | | const char *rvalue, |
2169 | | void *data, |
2170 | 0 | void *userdata) { |
2171 | |
|
2172 | 0 | Address *address = ASSERT_PTR(userdata); |
2173 | 0 | int r; |
2174 | |
|
2175 | 0 | if (isempty(rvalue)) { |
2176 | 0 | address->scope = RT_SCOPE_UNIVERSE; |
2177 | 0 | address->scope_set = false; |
2178 | 0 | return 1; |
2179 | 0 | } |
2180 | | |
2181 | 0 | r = route_scope_from_string(rvalue); |
2182 | 0 | if (r < 0) |
2183 | 0 | return log_syntax_parse_error(unit, filename, line, r, lvalue, rvalue); |
2184 | | |
2185 | 0 | address->scope = r; |
2186 | 0 | address->scope_set = true; |
2187 | 0 | return 1; |
2188 | 0 | } |
2189 | | |
2190 | | static int config_parse_address_dad( |
2191 | | const char *unit, |
2192 | | const char *filename, |
2193 | | unsigned line, |
2194 | | const char *section, |
2195 | | unsigned section_line, |
2196 | | const char *lvalue, |
2197 | | int ltype, |
2198 | | const char *rvalue, |
2199 | | void *data, |
2200 | 0 | void *userdata) { |
2201 | |
|
2202 | 0 | AddressFamily *p = ASSERT_PTR(data); |
2203 | 0 | int r; |
2204 | |
|
2205 | 0 | if (isempty(rvalue)) { |
2206 | 0 | *p = _ADDRESS_FAMILY_INVALID; |
2207 | 0 | return 1; |
2208 | 0 | } |
2209 | | |
2210 | 0 | r = parse_boolean(rvalue); |
2211 | 0 | if (r >= 0) { |
2212 | 0 | log_syntax(unit, LOG_WARNING, filename, line, 0, |
2213 | 0 | "For historical reasons, %s=%s means %s=%s. " |
2214 | 0 | "Please use 'both', 'ipv4', 'ipv6' or 'none' instead.", |
2215 | 0 | lvalue, rvalue, lvalue, r ? "none" : "both"); |
2216 | 0 | *p = r ? ADDRESS_FAMILY_NO : ADDRESS_FAMILY_YES; |
2217 | 0 | return 1; |
2218 | 0 | } |
2219 | | |
2220 | 0 | AddressFamily a = duplicate_address_detection_address_family_from_string(rvalue); |
2221 | 0 | if (a < 0) |
2222 | 0 | return log_syntax_parse_error(unit, filename, line, a, lvalue, rvalue); |
2223 | | |
2224 | 0 | *p = a; |
2225 | 0 | return 1; |
2226 | 0 | } |
2227 | | |
2228 | | int config_parse_address_section( |
2229 | | const char *unit, |
2230 | | const char *filename, |
2231 | | unsigned line, |
2232 | | const char *section, |
2233 | | unsigned section_line, |
2234 | | const char *lvalue, |
2235 | | int ltype, |
2236 | | const char *rvalue, |
2237 | | void *data, |
2238 | 0 | void *userdata) { |
2239 | |
|
2240 | 0 | static const ConfigSectionParser table[_ADDRESS_CONF_PARSER_MAX] = { |
2241 | 0 | [ADDRESS_ADDRESS] = { .parser = config_parse_address, .ltype = 0, .offset = offsetof(Address, in_addr), }, |
2242 | 0 | [ADDRESS_PEER] = { .parser = config_parse_address, .ltype = 0, .offset = offsetof(Address, in_addr_peer), }, |
2243 | 0 | [ADDRESS_BROADCAST] = { .parser = config_parse_broadcast, .ltype = 0, .offset = 0, }, |
2244 | 0 | [ADDRESS_LABEL] = { .parser = config_parse_address_label, .ltype = 0, .offset = offsetof(Address, label), }, |
2245 | 0 | [ADDRESS_PREFERRED_LIFETIME] = { .parser = config_parse_address_lifetime, .ltype = 0, .offset = offsetof(Address, lifetime_preferred_usec), }, |
2246 | 0 | [ADDRESS_HOME_ADDRESS] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_HOMEADDRESS, .offset = offsetof(Address, flags), }, |
2247 | 0 | [ADDRESS_MANAGE_TEMPORARY_ADDRESS] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_MANAGETEMPADDR, .offset = offsetof(Address, flags), }, |
2248 | 0 | [ADDRESS_PREFIX_ROUTE] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_NOPREFIXROUTE, .offset = offsetof(Address, flags), }, |
2249 | 0 | [ADDRESS_ADD_PREFIX_ROUTE] = { .parser = config_parse_uint32_invert_flag, .ltype = IFA_F_NOPREFIXROUTE, .offset = offsetof(Address, flags), }, |
2250 | 0 | [ADDRESS_AUTO_JOIN] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_MCAUTOJOIN, .offset = offsetof(Address, flags), }, |
2251 | 0 | [ADDRESS_DAD] = { .parser = config_parse_address_dad, .ltype = 0, .offset = offsetof(Address, duplicate_address_detection), }, |
2252 | 0 | [ADDRESS_SCOPE] = { .parser = config_parse_address_scope, .ltype = 0, .offset = 0, }, |
2253 | 0 | [ADDRESS_ROUTE_METRIC] = { .parser = config_parse_uint32, .ltype = 0, .offset = offsetof(Address, route_metric), }, |
2254 | 0 | [ADDRESS_NET_LABEL] = { .parser = config_parse_string, .ltype = CONFIG_PARSE_STRING_SAFE, .offset = offsetof(Address, netlabel), }, |
2255 | 0 | [ADDRESS_NFT_SET] = { .parser = config_parse_nft_set, .ltype = NFT_SET_PARSE_NETWORK, .offset = offsetof(Address, nft_set_context), }, |
2256 | 0 | }; |
2257 | |
|
2258 | 0 | _cleanup_(address_unref_or_set_invalidp) Address *address = NULL; |
2259 | 0 | Network *network = ASSERT_PTR(userdata); |
2260 | 0 | int r; |
2261 | |
|
2262 | 0 | assert(filename); |
2263 | 0 | assert(section); |
2264 | |
|
2265 | 0 | if (streq(section, "Network")) { |
2266 | 0 | assert(streq(lvalue, "Address")); |
2267 | |
|
2268 | 0 | if (isempty(rvalue)) { |
2269 | | /* If an empty string specified in [Network] section, clear previously assigned addresses. */ |
2270 | 0 | network->addresses_by_section = ordered_hashmap_free(network->addresses_by_section); |
2271 | 0 | return 0; |
2272 | 0 | } |
2273 | | |
2274 | | /* we are not in an Address section, so use line number instead. */ |
2275 | 0 | r = address_new_static(network, filename, line, &address); |
2276 | 0 | } else |
2277 | 0 | r = address_new_static(network, filename, section_line, &address); |
2278 | 0 | if (r == -ENOMEM) |
2279 | 0 | return log_oom(); |
2280 | 0 | if (r < 0) { |
2281 | 0 | log_syntax(unit, LOG_WARNING, filename, line, r, |
2282 | 0 | "Failed to allocate new address, ignoring assignment: %m"); |
2283 | 0 | return 0; |
2284 | 0 | } |
2285 | | |
2286 | 0 | r = config_section_parse(table, ELEMENTSOF(table), |
2287 | 0 | unit, filename, line, section, section_line, lvalue, ltype, rvalue, address); |
2288 | 0 | if (r <= 0) |
2289 | 0 | return r; |
2290 | | |
2291 | 0 | TAKE_PTR(address); |
2292 | 0 | return 0; |
2293 | 0 | } |
2294 | | |
2295 | | #define log_broadcast(address, fmt, ...) \ |
2296 | 0 | ({ \ |
2297 | 0 | const Address *_address = (address); \ |
2298 | 0 | log_section_warning( \ |
2299 | 0 | _address ? _address->section : NULL, \ |
2300 | 0 | fmt " Ignoring Broadcast= setting in the [Address] section.", \ |
2301 | 0 | ##__VA_ARGS__); \ |
2302 | 0 | }) |
2303 | | |
2304 | 0 | static void address_section_adjust_broadcast(Address *address) { |
2305 | 0 | assert(address); |
2306 | 0 | assert(address->section); |
2307 | |
|
2308 | 0 | if (!in4_addr_is_set(&address->broadcast)) |
2309 | 0 | return; |
2310 | | |
2311 | 0 | if (address->family == AF_INET6) |
2312 | 0 | log_broadcast(address, "Broadcast address is set for an IPv6 address."); |
2313 | 0 | else if (address->prefixlen > 30) |
2314 | 0 | log_broadcast(address, "Broadcast address is set for an IPv4 address with prefix length larger than 30."); |
2315 | 0 | else if (in4_addr_is_set(&address->in_addr_peer.in)) |
2316 | 0 | log_broadcast(address, "Broadcast address is set for an IPv4 address with peer address."); |
2317 | 0 | else if (!in4_addr_is_set(&address->in_addr.in)) |
2318 | 0 | log_broadcast(address, "Broadcast address is set for an IPv4 address with null address."); |
2319 | 0 | else |
2320 | | /* Otherwise, keep the specified broadcast address. */ |
2321 | 0 | return; |
2322 | | |
2323 | 0 | address->broadcast.s_addr = 0; |
2324 | 0 | } |
2325 | | |
2326 | | #define log_address_section(address, fmt, ...) \ |
2327 | 0 | ({ \ |
2328 | 0 | const Address *_address = (address); \ |
2329 | 0 | log_section_warning_errno( \ |
2330 | 0 | _address ? _address->section : NULL, \ |
2331 | 0 | SYNTHETIC_ERRNO(EINVAL), \ |
2332 | 0 | fmt " Ignoring [Address] section.", \ |
2333 | 0 | ##__VA_ARGS__); \ |
2334 | 0 | }) |
2335 | | |
2336 | 0 | int address_section_verify(Address *address) { |
2337 | 0 | assert(address); |
2338 | 0 | assert(address->section); |
2339 | |
|
2340 | 0 | if (section_is_invalid(address->section)) |
2341 | 0 | return -EINVAL; |
2342 | | |
2343 | 0 | if (address->family == AF_UNSPEC) |
2344 | 0 | return log_address_section(address, "Address section without Address= field was configured."); |
2345 | 0 | assert(IN_SET(address->family, AF_INET, AF_INET6)); |
2346 | | |
2347 | 0 | if (address->family == AF_INET6 && !socket_ipv6_is_supported()) |
2348 | 0 | return log_address_section(address, "An IPv6 address was configured, but the kernel does not support IPv6."); |
2349 | | |
2350 | 0 | if (in_addr_is_null(address->family, &address->in_addr)) { |
2351 | | /* Will use address from address pool. Note that for ipv6 case, prefix of the address |
2352 | | * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So, |
2353 | | * let's limit the prefix length to 64 or larger. See RFC4193. */ |
2354 | 0 | unsigned min_prefixlen = address->family == AF_INET ? 8 : 64; |
2355 | 0 | if (address->prefixlen < min_prefixlen) |
2356 | 0 | return log_address_section(address, "Prefix length for %s null address must be equal or larger than %u.", |
2357 | 0 | af_to_ipv4_ipv6(address->family), min_prefixlen); |
2358 | | |
2359 | 0 | address->requested_as_null = !in_addr_is_set(address->family, &address->in_addr); |
2360 | 0 | } |
2361 | | |
2362 | 0 | address_section_adjust_broadcast(address); |
2363 | |
|
2364 | 0 | if (address->family == AF_INET6 && address->label) { |
2365 | 0 | log_section_warning(address->section, "Address label is set for IPv6 address, ignoring Label= setting."); |
2366 | 0 | address->label = mfree(address->label); |
2367 | 0 | } |
2368 | |
|
2369 | 0 | if (!address->scope_set) { |
2370 | 0 | if (in_addr_is_localhost(address->family, &address->in_addr) > 0) |
2371 | 0 | address->scope = RT_SCOPE_HOST; |
2372 | 0 | else if (in_addr_is_link_local(address->family, &address->in_addr) > 0) |
2373 | 0 | address->scope = RT_SCOPE_LINK; |
2374 | 0 | } |
2375 | |
|
2376 | 0 | if (address->duplicate_address_detection < 0) { |
2377 | 0 | if (address->family == AF_INET6) |
2378 | 0 | address->duplicate_address_detection = ADDRESS_FAMILY_IPV6; |
2379 | 0 | else if (in4_addr_is_link_local(&address->in_addr.in)) |
2380 | 0 | address->duplicate_address_detection = ADDRESS_FAMILY_IPV4; |
2381 | 0 | else |
2382 | 0 | address->duplicate_address_detection = ADDRESS_FAMILY_NO; |
2383 | 0 | } else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV6 && address->family == AF_INET) |
2384 | 0 | log_section_warning(address->section, "DuplicateAddressDetection=ipv6 is specified for IPv4 address, ignoring."); |
2385 | 0 | else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV4 && address->family == AF_INET6) |
2386 | 0 | log_section_warning(address->section, "DuplicateAddressDetection=ipv4 is specified for IPv6 address, ignoring."); |
2387 | |
|
2388 | 0 | if (address->family == AF_INET6 && |
2389 | 0 | !FLAGS_SET(address->duplicate_address_detection, ADDRESS_FAMILY_IPV6)) |
2390 | 0 | address->flags |= IFA_F_NODAD; |
2391 | |
|
2392 | 0 | uint32_t filtered_flags = address->family == AF_INET ? |
2393 | 0 | address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS & ~IPV6ONLY_FLAGS : |
2394 | 0 | address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS; |
2395 | 0 | if (address->flags != filtered_flags) { |
2396 | 0 | _cleanup_free_ char *str = NULL; |
2397 | |
|
2398 | 0 | (void) address_flags_to_string_alloc(address->flags ^ filtered_flags, address->family, &str); |
2399 | 0 | return log_address_section(address, "unexpected address flags \"%s\" were configured.", strna(str)); |
2400 | 0 | } |
2401 | | |
2402 | 0 | return 0; |
2403 | 0 | } |
2404 | | |
2405 | | DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR( |
2406 | | trivial_hash_ops_address_detach, |
2407 | | void, |
2408 | | trivial_hash_func, |
2409 | | trivial_compare_func, |
2410 | | Address, |
2411 | | address_detach); |
2412 | | |
2413 | 0 | int network_drop_invalid_addresses(Network *network) { |
2414 | 0 | _cleanup_set_free_ Set *addresses = NULL, *duplicated_addresses = NULL; |
2415 | 0 | Address *address; |
2416 | 0 | int r; |
2417 | |
|
2418 | 0 | assert(network); |
2419 | |
|
2420 | 0 | ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) { |
2421 | 0 | if (address_section_verify(address) < 0) { |
2422 | | /* Drop invalid [Address] sections or Address= settings in [Network]. |
2423 | | * Note that address_detach() will drop the address from addresses_by_section. */ |
2424 | 0 | address_detach(address); |
2425 | 0 | continue; |
2426 | 0 | } |
2427 | | |
2428 | | /* Always use the setting specified later. So, remove the previously assigned setting. */ |
2429 | 0 | Address *dup = set_remove(addresses, address); |
2430 | 0 | if (dup) { |
2431 | 0 | log_warning("%s: Duplicated address %s is specified at line %u and %u, " |
2432 | 0 | "dropping the address setting specified at line %u.", |
2433 | 0 | dup->section->filename, |
2434 | 0 | IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen), |
2435 | 0 | address->section->line, |
2436 | 0 | dup->section->line, dup->section->line); |
2437 | | |
2438 | | /* Do not call address_detach() for 'dup' now, as we can remove only the current |
2439 | | * entry in the loop. We will drop the address from addresses_by_section later. */ |
2440 | 0 | r = set_ensure_put(&duplicated_addresses, &trivial_hash_ops_address_detach, dup); |
2441 | 0 | if (r < 0) |
2442 | 0 | return log_oom(); |
2443 | 0 | assert(r > 0); |
2444 | 0 | } |
2445 | | |
2446 | | /* Use address_hash_ops, instead of address_hash_ops_detach. Otherwise, the Address objects |
2447 | | * will be detached. */ |
2448 | 0 | r = set_ensure_put(&addresses, &address_hash_ops, address); |
2449 | 0 | if (r < 0) |
2450 | 0 | return log_oom(); |
2451 | 0 | assert(r > 0); |
2452 | 0 | } |
2453 | | |
2454 | 0 | r = network_adjust_dhcp_server(network, &addresses); |
2455 | 0 | if (r < 0) |
2456 | 0 | return r; |
2457 | | |
2458 | 0 | return 0; |
2459 | 0 | } |