/src/systemd/src/network/networkd-address.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
2 | | |
3 | | #include <net/if.h> |
4 | | #include <stdio.h> |
5 | | |
6 | | #include "sd-event.h" |
7 | | #include "sd-netlink.h" |
8 | | |
9 | | #include "af-list.h" |
10 | | #include "alloc-util.h" |
11 | | #include "bitfield.h" |
12 | | #include "conf-parser.h" |
13 | | #include "errno-util.h" |
14 | | #include "firewall-util.h" |
15 | | #include "in-addr-prefix-util.h" |
16 | | #include "logarithm.h" |
17 | | #include "netlink-util.h" |
18 | | #include "networkd-address-generation.h" |
19 | | #include "networkd-address.h" |
20 | | #include "networkd-address-pool.h" |
21 | | #include "networkd-dhcp-prefix-delegation.h" |
22 | | #include "networkd-dhcp-server.h" |
23 | | #include "networkd-ipv4acd.h" |
24 | | #include "networkd-link.h" |
25 | | #include "networkd-manager.h" |
26 | | #include "networkd-ndisc.h" |
27 | | #include "networkd-netlabel.h" |
28 | | #include "networkd-network.h" |
29 | | #include "networkd-queue.h" |
30 | | #include "networkd-route.h" |
31 | | #include "networkd-route-util.h" |
32 | | #include "ordered-set.h" |
33 | | #include "parse-util.h" |
34 | | #include "set.h" |
35 | | #include "siphash24.h" |
36 | | #include "socket-util.h" |
37 | | #include "string-util.h" |
38 | | #include "strv.h" |
39 | | |
40 | 0 | #define ADDRESSES_PER_LINK_MAX 16384U |
41 | 76.9k | #define STATIC_ADDRESSES_PER_NETWORK_MAX 8192U |
42 | | |
43 | | #define KNOWN_FLAGS \ |
44 | 9.81k | (IFA_F_SECONDARY | \ |
45 | 9.81k | IFA_F_NODAD | \ |
46 | 9.81k | IFA_F_OPTIMISTIC | \ |
47 | 9.81k | IFA_F_DADFAILED | \ |
48 | 9.81k | IFA_F_HOMEADDRESS | \ |
49 | 9.81k | IFA_F_DEPRECATED | \ |
50 | 9.81k | IFA_F_TENTATIVE | \ |
51 | 9.81k | IFA_F_PERMANENT | \ |
52 | 9.81k | IFA_F_MANAGETEMPADDR | \ |
53 | 9.81k | IFA_F_NOPREFIXROUTE | \ |
54 | 9.81k | IFA_F_MCAUTOJOIN | \ |
55 | 9.81k | IFA_F_STABLE_PRIVACY) |
56 | | |
57 | | /* From net/ipv4/devinet.c */ |
58 | | #define IPV6ONLY_FLAGS \ |
59 | 4.64k | (IFA_F_NODAD | \ |
60 | 4.64k | IFA_F_OPTIMISTIC | \ |
61 | 4.64k | IFA_F_DADFAILED | \ |
62 | 4.64k | IFA_F_HOMEADDRESS | \ |
63 | 4.64k | IFA_F_TENTATIVE | \ |
64 | 4.64k | IFA_F_MANAGETEMPADDR | \ |
65 | 4.64k | IFA_F_STABLE_PRIVACY) |
66 | | |
67 | | /* We do not control the following flags. */ |
68 | | #define UNMANAGED_FLAGS \ |
69 | 9.81k | (IFA_F_SECONDARY | \ |
70 | 9.81k | IFA_F_DADFAILED | \ |
71 | 9.81k | IFA_F_DEPRECATED | \ |
72 | 9.81k | IFA_F_TENTATIVE | \ |
73 | 9.81k | IFA_F_PERMANENT | \ |
74 | 9.81k | IFA_F_STABLE_PRIVACY) |
75 | | |
76 | 727 | int address_flags_to_string_alloc(uint32_t flags, int family, char **ret) { |
77 | 727 | _cleanup_free_ char *str = NULL; |
78 | 727 | static const char* map[] = { |
79 | 727 | [LOG2U(IFA_F_SECONDARY)] = "secondary", /* This is also called "temporary" for ipv6. */ |
80 | 727 | [LOG2U(IFA_F_NODAD)] = "nodad", |
81 | 727 | [LOG2U(IFA_F_OPTIMISTIC)] = "optimistic", |
82 | 727 | [LOG2U(IFA_F_DADFAILED)] = "dadfailed", |
83 | 727 | [LOG2U(IFA_F_HOMEADDRESS)] = "home-address", |
84 | 727 | [LOG2U(IFA_F_DEPRECATED)] = "deprecated", |
85 | 727 | [LOG2U(IFA_F_TENTATIVE)] = "tentative", |
86 | 727 | [LOG2U(IFA_F_PERMANENT)] = "permanent", |
87 | 727 | [LOG2U(IFA_F_MANAGETEMPADDR)] = "manage-temporary-address", |
88 | 727 | [LOG2U(IFA_F_NOPREFIXROUTE)] = "no-prefixroute", |
89 | 727 | [LOG2U(IFA_F_MCAUTOJOIN)] = "auto-join", |
90 | 727 | [LOG2U(IFA_F_STABLE_PRIVACY)] = "stable-privacy", |
91 | 727 | }; |
92 | | |
93 | 727 | assert(IN_SET(family, AF_INET, AF_INET6)); |
94 | 727 | assert(ret); |
95 | | |
96 | 9.45k | for (size_t i = 0; i < ELEMENTSOF(map); i++) |
97 | 8.72k | if (BIT_SET(flags, i) && map[i]) |
98 | 727 | if (!strextend_with_separator( |
99 | 727 | &str, ",", |
100 | 727 | family == AF_INET6 && (1 << i) == IFA_F_SECONDARY ? "temporary" : map[i])) |
101 | 0 | return -ENOMEM; |
102 | | |
103 | 727 | *ret = TAKE_PTR(str); |
104 | 727 | return 0; |
105 | 727 | } |
106 | | |
107 | 0 | static LinkAddressState address_state_from_scope(uint8_t scope) { |
108 | 0 | if (scope < RT_SCOPE_SITE) |
109 | | /* universally accessible addresses found */ |
110 | 0 | return LINK_ADDRESS_STATE_ROUTABLE; |
111 | | |
112 | 0 | if (scope < RT_SCOPE_HOST) |
113 | | /* only link or site local addresses found */ |
114 | 0 | return LINK_ADDRESS_STATE_DEGRADED; |
115 | | |
116 | | /* no useful addresses found */ |
117 | 0 | return LINK_ADDRESS_STATE_OFF; |
118 | 0 | } |
119 | | |
120 | | void link_get_address_states( |
121 | | Link *link, |
122 | | LinkAddressState *ret_ipv4, |
123 | | LinkAddressState *ret_ipv6, |
124 | 0 | LinkAddressState *ret_all) { |
125 | |
|
126 | 0 | uint8_t ipv4_scope = RT_SCOPE_NOWHERE, ipv6_scope = RT_SCOPE_NOWHERE; |
127 | 0 | Address *address; |
128 | |
|
129 | 0 | assert(link); |
130 | |
|
131 | 0 | SET_FOREACH(address, link->addresses) { |
132 | 0 | if (!address_is_ready(address)) |
133 | 0 | continue; |
134 | | |
135 | 0 | if (address->family == AF_INET) |
136 | 0 | ipv4_scope = MIN(ipv4_scope, address->scope); |
137 | |
|
138 | 0 | if (address->family == AF_INET6) |
139 | 0 | ipv6_scope = MIN(ipv6_scope, address->scope); |
140 | 0 | } |
141 | |
|
142 | 0 | if (ret_ipv4) |
143 | 0 | *ret_ipv4 = address_state_from_scope(ipv4_scope); |
144 | 0 | if (ret_ipv6) |
145 | 0 | *ret_ipv6 = address_state_from_scope(ipv6_scope); |
146 | 0 | if (ret_all) |
147 | 0 | *ret_all = address_state_from_scope(MIN(ipv4_scope, ipv6_scope)); |
148 | 0 | } |
149 | | |
150 | | static void address_detach(Address *address); |
151 | | |
152 | | DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( |
153 | | address_hash_ops_detach, |
154 | | Address, |
155 | | address_hash_func, |
156 | | address_compare_func, |
157 | | address_detach); |
158 | | |
159 | | DEFINE_HASH_OPS( |
160 | | address_hash_ops, |
161 | | Address, |
162 | | address_hash_func, |
163 | | address_compare_func); |
164 | | |
165 | | DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR( |
166 | | address_section_hash_ops, |
167 | | ConfigSection, |
168 | | config_section_hash_func, |
169 | | config_section_compare_func, |
170 | | Address, |
171 | | address_detach); |
172 | | |
173 | 76.9k | int address_new(Address **ret) { |
174 | 76.9k | _cleanup_(address_unrefp) Address *address = NULL; |
175 | | |
176 | 76.9k | address = new(Address, 1); |
177 | 76.9k | if (!address) |
178 | 0 | return -ENOMEM; |
179 | | |
180 | 76.9k | *address = (Address) { |
181 | 76.9k | .n_ref = 1, |
182 | 76.9k | .family = AF_UNSPEC, |
183 | 76.9k | .scope = RT_SCOPE_UNIVERSE, |
184 | 76.9k | .lifetime_valid_usec = USEC_INFINITY, |
185 | 76.9k | .lifetime_preferred_usec = USEC_INFINITY, |
186 | 76.9k | .set_broadcast = -1, |
187 | 76.9k | }; |
188 | | |
189 | 76.9k | *ret = TAKE_PTR(address); |
190 | | |
191 | 76.9k | return 0; |
192 | 76.9k | } |
193 | | |
194 | 92.1k | int address_new_static(Network *network, const char *filename, unsigned section_line, Address **ret) { |
195 | 92.1k | _cleanup_(config_section_freep) ConfigSection *n = NULL; |
196 | 92.1k | _cleanup_(address_unrefp) Address *address = NULL; |
197 | 92.1k | int r; |
198 | | |
199 | 92.1k | assert(network); |
200 | 92.1k | assert(ret); |
201 | 92.1k | assert(filename); |
202 | 92.1k | assert(section_line > 0); |
203 | | |
204 | 92.1k | r = config_section_new(filename, section_line, &n); |
205 | 92.1k | if (r < 0) |
206 | 0 | return r; |
207 | | |
208 | 92.1k | address = ordered_hashmap_get(network->addresses_by_section, n); |
209 | 92.1k | if (address) { |
210 | 15.1k | *ret = TAKE_PTR(address); |
211 | 15.1k | return 0; |
212 | 15.1k | } |
213 | | |
214 | 76.9k | if (ordered_hashmap_size(network->addresses_by_section) >= STATIC_ADDRESSES_PER_NETWORK_MAX) |
215 | 0 | return -E2BIG; |
216 | | |
217 | 76.9k | r = address_new(&address); |
218 | 76.9k | if (r < 0) |
219 | 0 | return r; |
220 | | |
221 | 76.9k | address->network = network; |
222 | 76.9k | address->section = TAKE_PTR(n); |
223 | 76.9k | address->source = NETWORK_CONFIG_SOURCE_STATIC; |
224 | | /* This will be adjusted in address_section_verify(). */ |
225 | 76.9k | address->duplicate_address_detection = _ADDRESS_FAMILY_INVALID; |
226 | | |
227 | 76.9k | r = ordered_hashmap_ensure_put(&network->addresses_by_section, &address_section_hash_ops, address->section, address); |
228 | 76.9k | if (r < 0) |
229 | 0 | return r; |
230 | | |
231 | 76.9k | *ret = TAKE_PTR(address); |
232 | 76.9k | return 0; |
233 | 76.9k | } |
234 | | |
235 | 153k | static Address* address_detach_impl(Address *address) { |
236 | 153k | assert(address); |
237 | 153k | assert(!address->link || !address->network); |
238 | | |
239 | 153k | if (address->network) { |
240 | 76.9k | assert(address->section); |
241 | 76.9k | ordered_hashmap_remove(address->network->addresses_by_section, address->section); |
242 | | |
243 | 76.9k | if (address->network->dhcp_server_address == address) |
244 | 18 | address->network->dhcp_server_address = NULL; |
245 | | |
246 | 76.9k | address->network = NULL; |
247 | 76.9k | return address; |
248 | 76.9k | } |
249 | | |
250 | 76.9k | if (address->link) { |
251 | 0 | set_remove(address->link->addresses, address); |
252 | |
|
253 | 0 | address->link = NULL; |
254 | 0 | return address; |
255 | 0 | } |
256 | | |
257 | 76.9k | return NULL; |
258 | 76.9k | } |
259 | | |
260 | 76.9k | static void address_detach(Address *address) { |
261 | 76.9k | assert(address); |
262 | | |
263 | 76.9k | address_unref(address_detach_impl(address)); |
264 | 76.9k | } |
265 | | |
266 | 76.9k | static Address* address_free(Address *address) { |
267 | 76.9k | if (!address) |
268 | 0 | return NULL; |
269 | | |
270 | 76.9k | address_detach_impl(address); |
271 | | |
272 | 76.9k | config_section_free(address->section); |
273 | 76.9k | free(address->label); |
274 | 76.9k | free(address->netlabel); |
275 | 76.9k | ipv6_token_unref(address->token); |
276 | 76.9k | nft_set_context_clear(&address->nft_set_context); |
277 | 76.9k | return mfree(address); |
278 | 76.9k | } |
279 | | |
280 | | DEFINE_TRIVIAL_REF_UNREF_FUNC(Address, address, address_free); |
281 | | |
282 | 0 | static bool address_lifetime_is_valid(const Address *a) { |
283 | 0 | assert(a); |
284 | |
|
285 | 0 | return |
286 | 0 | a->lifetime_valid_usec == USEC_INFINITY || |
287 | 0 | a->lifetime_valid_usec > now(CLOCK_BOOTTIME); |
288 | 0 | } |
289 | | |
290 | 0 | bool address_is_ready(const Address *a) { |
291 | 0 | assert(a); |
292 | 0 | assert(a->link); |
293 | |
|
294 | 0 | if (!ipv4acd_bound(a->link, a)) |
295 | 0 | return false; |
296 | | |
297 | 0 | if (FLAGS_SET(a->flags, IFA_F_TENTATIVE)) |
298 | 0 | return false; |
299 | | |
300 | 0 | if (FLAGS_SET(a->state, NETWORK_CONFIG_STATE_REMOVING)) |
301 | 0 | return false; |
302 | | |
303 | 0 | if (!FLAGS_SET(a->state, NETWORK_CONFIG_STATE_CONFIGURED)) |
304 | 0 | return false; |
305 | | |
306 | 0 | return address_lifetime_is_valid(a); |
307 | 0 | } |
308 | | |
309 | 0 | bool link_check_addresses_ready(Link *link, NetworkConfigSource source) { |
310 | 0 | Address *a; |
311 | 0 | bool has = false; |
312 | |
|
313 | 0 | assert(link); |
314 | | |
315 | | /* Check if all addresses on the interface are ready. If there is no address, this will return false. */ |
316 | |
|
317 | 0 | SET_FOREACH(a, link->addresses) { |
318 | 0 | if (source >= 0 && a->source != source) |
319 | 0 | continue; |
320 | 0 | if (address_is_marked(a)) |
321 | 0 | continue; |
322 | 0 | if (!address_exists(a)) |
323 | 0 | continue; |
324 | 0 | if (!address_is_ready(a)) |
325 | 0 | return false; |
326 | 0 | has = true; |
327 | 0 | } |
328 | | |
329 | 0 | if (has || source != NETWORK_CONFIG_SOURCE_DHCP6) |
330 | 0 | return has; |
331 | | |
332 | | /* If there is no DHCPv6 addresses, but all conflicting addresses are successfully configured, then |
333 | | * let's handle the DHCPv6 client successfully configured addresses. Otherwise, if the conflicted |
334 | | * addresses are static or foreign, and there is no other dynamic addressing protocol enabled, then |
335 | | * the link will never enter the configured state. See also link_check_ready(). */ |
336 | 0 | SET_FOREACH(a, link->addresses) { |
337 | 0 | if (source >= 0 && a->source == NETWORK_CONFIG_SOURCE_DHCP6) |
338 | 0 | continue; |
339 | 0 | if (!a->also_requested_by_dhcp6) |
340 | 0 | continue; |
341 | 0 | if (address_is_marked(a)) |
342 | 0 | continue; |
343 | 0 | if (!address_exists(a)) |
344 | 0 | continue; |
345 | 0 | if (!address_is_ready(a)) |
346 | 0 | return false; |
347 | 0 | has = true; |
348 | 0 | } |
349 | | |
350 | 0 | return has; |
351 | 0 | } |
352 | | |
353 | 0 | void link_mark_addresses(Link *link, NetworkConfigSource source) { |
354 | 0 | Address *a; |
355 | |
|
356 | 0 | assert(link); |
357 | |
|
358 | 0 | SET_FOREACH(a, link->addresses) { |
359 | 0 | if (a->source != source) |
360 | 0 | continue; |
361 | | |
362 | 0 | address_mark(a); |
363 | 0 | } |
364 | 0 | } |
365 | | |
366 | 0 | static int address_get_broadcast(const Address *a, Link *link, struct in_addr *ret) { |
367 | 0 | struct in_addr b_addr = {}; |
368 | |
|
369 | 0 | assert(a); |
370 | 0 | assert(link); |
371 | | |
372 | | /* Returns 0 when broadcast address is null, 1 when non-null broadcast address, -EAGAIN when the main |
373 | | * address is null. */ |
374 | | |
375 | | /* broadcast is only for IPv4. */ |
376 | 0 | if (a->family != AF_INET) |
377 | 0 | goto finalize; |
378 | | |
379 | | /* broadcast address cannot be used when peer address is specified. */ |
380 | 0 | if (in4_addr_is_set(&a->in_addr_peer.in)) |
381 | 0 | goto finalize; |
382 | | |
383 | | /* A /31 or /32 IPv4 address does not have a broadcast address. |
384 | | * See https://tools.ietf.org/html/rfc3021 */ |
385 | 0 | if (a->prefixlen > 30) |
386 | 0 | goto finalize; |
387 | | |
388 | | /* If explicitly configured, use the address as is. */ |
389 | 0 | if (in4_addr_is_set(&a->broadcast)) { |
390 | 0 | b_addr = a->broadcast; |
391 | 0 | goto finalize; |
392 | 0 | } |
393 | | |
394 | | /* If explicitly disabled, then return null address. */ |
395 | 0 | if (a->set_broadcast == 0) |
396 | 0 | goto finalize; |
397 | | |
398 | | /* For wireguard interfaces, broadcast is disabled by default. */ |
399 | 0 | if (a->set_broadcast < 0 && streq_ptr(link->kind, "wireguard")) |
400 | 0 | goto finalize; |
401 | | |
402 | | /* If the main address is null, e.g. Address=0.0.0.0/24, the broadcast address will be automatically |
403 | | * determined after an address is acquired. */ |
404 | 0 | if (!in4_addr_is_set(&a->in_addr.in)) |
405 | 0 | return -EAGAIN; |
406 | | |
407 | | /* Otherwise, generate a broadcast address from the main address and prefix length. */ |
408 | 0 | b_addr.s_addr = a->in_addr.in.s_addr | htobe32(UINT32_C(0xffffffff) >> a->prefixlen); |
409 | |
|
410 | 0 | finalize: |
411 | 0 | if (ret) |
412 | 0 | *ret = b_addr; |
413 | |
|
414 | 0 | return in4_addr_is_set(&b_addr); |
415 | 0 | } |
416 | | |
417 | 0 | static void address_set_broadcast(Address *a, Link *link) { |
418 | 0 | assert(a); |
419 | 0 | assert_se(address_get_broadcast(a, link, &a->broadcast) >= 0); |
420 | 0 | } |
421 | | |
422 | 0 | static void address_set_cinfo(Manager *m, const Address *a, struct ifa_cacheinfo *cinfo) { |
423 | 0 | usec_t now_usec; |
424 | |
|
425 | 0 | assert(m); |
426 | 0 | assert(a); |
427 | 0 | assert(cinfo); |
428 | |
|
429 | 0 | assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0); |
430 | |
|
431 | 0 | *cinfo = (struct ifa_cacheinfo) { |
432 | 0 | .ifa_valid = usec_to_sec(a->lifetime_valid_usec, now_usec), |
433 | 0 | .ifa_prefered = usec_to_sec(a->lifetime_preferred_usec, now_usec), |
434 | 0 | }; |
435 | 0 | } |
436 | | |
437 | 0 | static void address_set_lifetime(Manager *m, Address *a, const struct ifa_cacheinfo *cinfo) { |
438 | 0 | usec_t now_usec; |
439 | |
|
440 | 0 | assert(m); |
441 | 0 | assert(a); |
442 | 0 | assert(cinfo); |
443 | |
|
444 | 0 | assert_se(sd_event_now(m->event, CLOCK_BOOTTIME, &now_usec) >= 0); |
445 | |
|
446 | 0 | a->lifetime_valid_usec = sec_to_usec(cinfo->ifa_valid, now_usec); |
447 | 0 | a->lifetime_preferred_usec = sec_to_usec(cinfo->ifa_prefered, now_usec); |
448 | 0 | } |
449 | | |
450 | 0 | static bool address_is_static_null(const Address *address) { |
451 | 0 | assert(address); |
452 | |
|
453 | 0 | if (!address->network) |
454 | 0 | return false; |
455 | | |
456 | 0 | if (!address->requested_as_null) |
457 | 0 | return false; |
458 | | |
459 | 0 | assert(!in_addr_is_set(address->family, &address->in_addr)); |
460 | 0 | return true; |
461 | 0 | } |
462 | | |
463 | 17.4k | static int address_ipv4_prefix(const Address *a, struct in_addr *ret) { |
464 | 17.4k | struct in_addr p; |
465 | 17.4k | int r; |
466 | | |
467 | 17.4k | assert(a); |
468 | 17.4k | assert(a->family == AF_INET); |
469 | 17.4k | assert(ret); |
470 | | |
471 | 17.4k | p = in4_addr_is_set(&a->in_addr_peer.in) ? a->in_addr_peer.in : a->in_addr.in; |
472 | 17.4k | r = in4_addr_mask(&p, a->prefixlen); |
473 | 17.4k | if (r < 0) |
474 | 0 | return r; |
475 | | |
476 | 17.4k | *ret = p; |
477 | 17.4k | return 0; |
478 | 17.4k | } |
479 | | |
480 | 18.2k | void address_hash_func(const Address *a, struct siphash *state) { |
481 | 18.2k | assert(a); |
482 | | |
483 | 18.2k | siphash24_compress_typesafe(a->family, state); |
484 | | |
485 | 18.2k | switch (a->family) { |
486 | 7.85k | case AF_INET: { |
487 | 7.85k | struct in_addr prefix; |
488 | | |
489 | 7.85k | siphash24_compress_typesafe(a->prefixlen, state); |
490 | | |
491 | 7.85k | assert_se(address_ipv4_prefix(a, &prefix) >= 0); |
492 | 7.85k | siphash24_compress_typesafe(prefix, state); |
493 | | |
494 | 7.85k | siphash24_compress_typesafe(a->in_addr.in, state); |
495 | 7.85k | break; |
496 | 0 | } |
497 | 10.3k | case AF_INET6: |
498 | 10.3k | siphash24_compress_typesafe(a->in_addr.in6, state); |
499 | | |
500 | 10.3k | if (in6_addr_is_null(&a->in_addr.in6)) |
501 | 5.77k | siphash24_compress_typesafe(a->prefixlen, state); |
502 | 10.3k | break; |
503 | | |
504 | 0 | default: |
505 | 0 | assert_not_reached(); |
506 | 18.2k | } |
507 | 18.2k | } |
508 | | |
509 | 13.2k | int address_compare_func(const Address *a1, const Address *a2) { |
510 | 13.2k | int r; |
511 | | |
512 | 13.2k | r = CMP(a1->family, a2->family); |
513 | 13.2k | if (r != 0) |
514 | 296 | return r; |
515 | | |
516 | 12.9k | switch (a1->family) { |
517 | 5.81k | case AF_INET: { |
518 | 5.81k | struct in_addr p1, p2; |
519 | | |
520 | | /* See kernel's find_matching_ifa() in net/ipv4/devinet.c */ |
521 | 5.81k | r = CMP(a1->prefixlen, a2->prefixlen); |
522 | 5.81k | if (r != 0) |
523 | 989 | return r; |
524 | | |
525 | 4.82k | assert_se(address_ipv4_prefix(a1, &p1) >= 0); |
526 | 4.82k | assert_se(address_ipv4_prefix(a2, &p2) >= 0); |
527 | 4.82k | r = memcmp(&p1, &p2, sizeof(p1)); |
528 | 4.82k | if (r != 0) |
529 | 1.21k | return r; |
530 | | |
531 | 3.61k | return memcmp(&a1->in_addr.in, &a2->in_addr.in, sizeof(a1->in_addr.in)); |
532 | 4.82k | } |
533 | 7.14k | case AF_INET6: |
534 | | /* See kernel's ipv6_get_ifaddr() in net/ipv6/addrconf.c */ |
535 | 7.14k | r = memcmp(&a1->in_addr.in6, &a2->in_addr.in6, sizeof(a1->in_addr.in6)); |
536 | 7.14k | if (r != 0) |
537 | 2.19k | return r; |
538 | | |
539 | | /* To distinguish IPv6 null addresses with different prefixlen, e.g. ::48 vs ::64, let's |
540 | | * compare the prefix length. */ |
541 | 4.94k | if (in6_addr_is_null(&a1->in_addr.in6)) |
542 | 3.07k | r = CMP(a1->prefixlen, a2->prefixlen); |
543 | | |
544 | 4.94k | return r; |
545 | | |
546 | 0 | default: |
547 | 0 | assert_not_reached(); |
548 | 12.9k | } |
549 | 12.9k | } |
550 | | |
551 | 0 | bool address_can_update(const Address *existing, const Address *requesting) { |
552 | 0 | assert(existing); |
553 | 0 | assert(requesting); |
554 | | |
555 | | /* |
556 | | * property | IPv4 | IPv6 |
557 | | * ----------------------------------------- |
558 | | * family | ✗ | ✗ |
559 | | * prefixlen | ✗ | ✗ |
560 | | * address | ✗ | ✗ |
561 | | * scope | ✗ | - |
562 | | * label | ✗ | - |
563 | | * broadcast | ✗ | - |
564 | | * peer | ✗ | ✓ |
565 | | * flags | ✗ | ✓ |
566 | | * lifetime | ✓ | ✓ |
567 | | * route metric | ✓ | ✓ |
568 | | * protocol | ✓ | ✓ |
569 | | * |
570 | | * ✗ : cannot be changed |
571 | | * ✓ : can be changed |
572 | | * - : unused |
573 | | * |
574 | | * IPv4 : See inet_rtm_newaddr() in net/ipv4/devinet.c. |
575 | | * IPv6 : See inet6_addr_modify() in net/ipv6/addrconf.c. |
576 | | */ |
577 | |
|
578 | 0 | if (existing->family != requesting->family) |
579 | 0 | return false; |
580 | | |
581 | 0 | if (existing->prefixlen != requesting->prefixlen) |
582 | 0 | return false; |
583 | | |
584 | | /* When a null address is requested, the address to be assigned/updated will be determined later. */ |
585 | 0 | if (!address_is_static_null(requesting) && |
586 | 0 | in_addr_equal(existing->family, &existing->in_addr, &requesting->in_addr) <= 0) |
587 | 0 | return false; |
588 | | |
589 | 0 | switch (existing->family) { |
590 | 0 | case AF_INET: { |
591 | 0 | struct in_addr bcast; |
592 | |
|
593 | 0 | if (existing->scope != requesting->scope) |
594 | 0 | return false; |
595 | 0 | if (((existing->flags ^ requesting->flags) & KNOWN_FLAGS & ~IPV6ONLY_FLAGS & ~UNMANAGED_FLAGS) != 0) |
596 | 0 | return false; |
597 | 0 | if (!streq_ptr(existing->label, requesting->label)) |
598 | 0 | return false; |
599 | 0 | if (!in4_addr_equal(&existing->in_addr_peer.in, &requesting->in_addr_peer.in)) |
600 | 0 | return false; |
601 | 0 | if (existing->link && address_get_broadcast(requesting, existing->link, &bcast) >= 0) { |
602 | | /* If the broadcast address can be determined now, check if they match. */ |
603 | 0 | if (!in4_addr_equal(&existing->broadcast, &bcast)) |
604 | 0 | return false; |
605 | 0 | } else { |
606 | | /* When a null address is requested, then the broadcast address will be |
607 | | * automatically calculated from the acquired address, e.g. |
608 | | * 192.168.0.10/24 -> 192.168.0.255 |
609 | | * So, here let's only check if the broadcast is the last address in the range, e.g. |
610 | | * 0.0.0.0/24 -> 0.0.0.255 */ |
611 | 0 | if (!FLAGS_SET(existing->broadcast.s_addr, htobe32(UINT32_C(0xffffffff) >> existing->prefixlen))) |
612 | 0 | return false; |
613 | 0 | } |
614 | 0 | break; |
615 | 0 | } |
616 | 0 | case AF_INET6: |
617 | 0 | break; |
618 | | |
619 | 0 | default: |
620 | 0 | assert_not_reached(); |
621 | 0 | } |
622 | | |
623 | 0 | return true; |
624 | 0 | } |
625 | | |
626 | 0 | int address_dup(const Address *src, Address **ret) { |
627 | 0 | _cleanup_(address_unrefp) Address *dest = NULL; |
628 | 0 | int r; |
629 | |
|
630 | 0 | assert(src); |
631 | 0 | assert(ret); |
632 | |
|
633 | 0 | dest = newdup(Address, src, 1); |
634 | 0 | if (!dest) |
635 | 0 | return -ENOMEM; |
636 | | |
637 | | /* clear the reference counter and all pointers */ |
638 | 0 | dest->n_ref = 1; |
639 | 0 | dest->network = NULL; |
640 | 0 | dest->section = NULL; |
641 | 0 | dest->link = NULL; |
642 | 0 | dest->label = NULL; |
643 | 0 | dest->token = ipv6_token_ref(src->token); |
644 | 0 | dest->netlabel = NULL; |
645 | 0 | dest->nft_set_context.sets = NULL; |
646 | 0 | dest->nft_set_context.n_sets = 0; |
647 | |
|
648 | 0 | if (src->family == AF_INET) { |
649 | 0 | r = strdup_to(&dest->label, src->label); |
650 | 0 | if (r < 0) |
651 | 0 | return r; |
652 | 0 | } |
653 | | |
654 | 0 | r = strdup_to(&dest->netlabel, src->netlabel); |
655 | 0 | if (r < 0) |
656 | 0 | return r; |
657 | | |
658 | 0 | r = nft_set_context_dup(&src->nft_set_context, &dest->nft_set_context); |
659 | 0 | if (r < 0) |
660 | 0 | return r; |
661 | | |
662 | 0 | *ret = TAKE_PTR(dest); |
663 | 0 | return 0; |
664 | 0 | } |
665 | | |
666 | 0 | static int address_set_masquerade(Address *address, bool add) { |
667 | 0 | union in_addr_union masked; |
668 | 0 | int r; |
669 | |
|
670 | 0 | assert(address); |
671 | 0 | assert(address->link); |
672 | |
|
673 | 0 | if (!address->link->network) |
674 | 0 | return 0; |
675 | | |
676 | 0 | if (!FLAGS_SET(address->link->network->ip_masquerade, AF_TO_ADDRESS_FAMILY(address->family))) |
677 | 0 | return 0; |
678 | | |
679 | 0 | if (address->scope >= RT_SCOPE_LINK) |
680 | 0 | return 0; |
681 | | |
682 | 0 | if (address->ip_masquerade_done == add) |
683 | 0 | return 0; |
684 | | |
685 | 0 | masked = address->in_addr; |
686 | 0 | r = in_addr_mask(address->family, &masked, address->prefixlen); |
687 | 0 | if (r < 0) |
688 | 0 | return r; |
689 | | |
690 | 0 | r = fw_add_masquerade(&address->link->manager->fw_ctx, add, address->family, &masked, address->prefixlen); |
691 | 0 | if (r < 0) |
692 | 0 | return r; |
693 | | |
694 | 0 | address->ip_masquerade_done = add; |
695 | |
|
696 | 0 | return 0; |
697 | 0 | } |
698 | | |
699 | 0 | static void address_modify_nft_set_context(Address *address, bool add, NFTSetContext *nft_set_context) { |
700 | 0 | int r; |
701 | |
|
702 | 0 | assert(address); |
703 | 0 | assert(address->link); |
704 | 0 | assert(address->link->manager); |
705 | 0 | assert(nft_set_context); |
706 | |
|
707 | 0 | if (!address->link->manager->fw_ctx) { |
708 | 0 | r = fw_ctx_new_full(&address->link->manager->fw_ctx, /* init_tables= */ false); |
709 | 0 | if (r < 0) |
710 | 0 | return; |
711 | 0 | } |
712 | | |
713 | 0 | FOREACH_ARRAY(nft_set, nft_set_context->sets, nft_set_context->n_sets) { |
714 | 0 | uint32_t ifindex; |
715 | |
|
716 | 0 | assert(nft_set); |
717 | |
|
718 | 0 | switch (nft_set->source) { |
719 | 0 | case NFT_SET_SOURCE_ADDRESS: |
720 | 0 | r = nft_set_element_modify_ip(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set, |
721 | 0 | &address->in_addr); |
722 | 0 | break; |
723 | 0 | case NFT_SET_SOURCE_PREFIX: |
724 | 0 | r = nft_set_element_modify_iprange(address->link->manager->fw_ctx, add, nft_set->nfproto, address->family, nft_set->table, nft_set->set, |
725 | 0 | &address->in_addr, address->prefixlen); |
726 | 0 | break; |
727 | 0 | case NFT_SET_SOURCE_IFINDEX: |
728 | 0 | ifindex = address->link->ifindex; |
729 | 0 | r = nft_set_element_modify_any(address->link->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, |
730 | 0 | &ifindex, sizeof(ifindex)); |
731 | 0 | break; |
732 | 0 | default: |
733 | 0 | assert_not_reached(); |
734 | 0 | } |
735 | | |
736 | 0 | if (r < 0) |
737 | 0 | log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, IP address %s, ignoring: %m", |
738 | 0 | add ? "add" : "delete", |
739 | 0 | nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, |
740 | 0 | IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); |
741 | 0 | else |
742 | 0 | log_debug("%s NFT set entry: family %s, table %s, set %s, IP address %s", |
743 | 0 | add ? "Added" : "Deleted", |
744 | 0 | nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, |
745 | 0 | IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); |
746 | 0 | } |
747 | 0 | } |
748 | | |
749 | 0 | static void address_modify_nft_set(Address *address, bool add) { |
750 | 0 | assert(address); |
751 | 0 | assert(address->link); |
752 | |
|
753 | 0 | if (!IN_SET(address->family, AF_INET, AF_INET6)) |
754 | 0 | return; |
755 | | |
756 | 0 | if (!address->link->network) |
757 | 0 | return; |
758 | | |
759 | 0 | switch (address->source) { |
760 | 0 | case NETWORK_CONFIG_SOURCE_DHCP4: |
761 | 0 | return address_modify_nft_set_context(address, add, &address->link->network->dhcp_nft_set_context); |
762 | 0 | case NETWORK_CONFIG_SOURCE_DHCP6: |
763 | 0 | return address_modify_nft_set_context(address, add, &address->link->network->dhcp6_nft_set_context); |
764 | 0 | case NETWORK_CONFIG_SOURCE_DHCP_PD: |
765 | 0 | return address_modify_nft_set_context(address, add, &address->link->network->dhcp_pd_nft_set_context); |
766 | 0 | case NETWORK_CONFIG_SOURCE_NDISC: |
767 | 0 | return address_modify_nft_set_context(address, add, &address->link->network->ndisc_nft_set_context); |
768 | 0 | case NETWORK_CONFIG_SOURCE_STATIC: |
769 | 0 | return address_modify_nft_set_context(address, add, &address->nft_set_context); |
770 | 0 | default: |
771 | 0 | return; |
772 | 0 | } |
773 | 0 | } |
774 | | |
775 | 0 | static int address_attach(Link *link, Address *address) { |
776 | 0 | int r; |
777 | |
|
778 | 0 | assert(link); |
779 | 0 | assert(address); |
780 | 0 | assert(!address->link); |
781 | |
|
782 | 0 | r = set_ensure_put(&link->addresses, &address_hash_ops_detach, address); |
783 | 0 | if (r < 0) |
784 | 0 | return r; |
785 | 0 | if (r == 0) |
786 | 0 | return -EEXIST; |
787 | | |
788 | 0 | address->link = link; |
789 | 0 | address_ref(address); |
790 | 0 | return 0; |
791 | 0 | } |
792 | | |
793 | 0 | static int address_update(Address *address) { |
794 | 0 | Link *link = ASSERT_PTR(ASSERT_PTR(address)->link); |
795 | 0 | int r; |
796 | |
|
797 | 0 | if (address_is_ready(address) && |
798 | 0 | address->family == AF_INET6 && |
799 | 0 | in6_addr_is_link_local(&address->in_addr.in6) && |
800 | 0 | in6_addr_is_null(&link->ipv6ll_address)) { |
801 | |
|
802 | 0 | link->ipv6ll_address = address->in_addr.in6; |
803 | |
|
804 | 0 | r = link_ipv6ll_gained(link); |
805 | 0 | if (r < 0) |
806 | 0 | return r; |
807 | 0 | } |
808 | | |
809 | 0 | if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) |
810 | 0 | return 0; |
811 | | |
812 | 0 | r = address_set_masquerade(address, /* add = */ true); |
813 | 0 | if (r < 0) |
814 | 0 | return log_link_warning_errno(link, r, "Could not enable IP masquerading: %m"); |
815 | | |
816 | 0 | address_add_netlabel(address); |
817 | |
|
818 | 0 | address_modify_nft_set(address, /* add = */ true); |
819 | |
|
820 | 0 | if (address_is_ready(address) && address->callback) { |
821 | 0 | r = address->callback(address); |
822 | 0 | if (r < 0) |
823 | 0 | return r; |
824 | 0 | } |
825 | | |
826 | 0 | link_update_operstate(link, /* also_update_bond_master = */ true); |
827 | 0 | link_check_ready(link); |
828 | 0 | return 0; |
829 | 0 | } |
830 | | |
831 | 0 | static int address_removed_maybe_kernel_dad(Link *link, Address *address) { |
832 | 0 | int r; |
833 | |
|
834 | 0 | assert(link); |
835 | 0 | assert(address); |
836 | |
|
837 | 0 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) |
838 | 0 | return 0; |
839 | | |
840 | 0 | if (address->family != AF_INET6) |
841 | 0 | return 0; |
842 | | |
843 | 0 | if (!FLAGS_SET(address->flags, IFA_F_TENTATIVE)) |
844 | 0 | return 0; |
845 | | |
846 | 0 | log_link_info(link, "Address %s with tentative flag is removed, maybe a duplicated address is assigned on another node or link?", |
847 | 0 | IN6_ADDR_TO_STRING(&address->in_addr.in6)); |
848 | | |
849 | | /* Reset the address state, as the object may be reused in the below. */ |
850 | 0 | address->state = 0; |
851 | |
|
852 | 0 | switch (address->source) { |
853 | 0 | case NETWORK_CONFIG_SOURCE_STATIC: |
854 | 0 | r = link_reconfigure_radv_address(address, link); |
855 | 0 | break; |
856 | 0 | case NETWORK_CONFIG_SOURCE_DHCP_PD: |
857 | 0 | r = dhcp_pd_reconfigure_address(address, link); |
858 | 0 | break; |
859 | 0 | case NETWORK_CONFIG_SOURCE_NDISC: |
860 | 0 | r = ndisc_reconfigure_address(address, link); |
861 | 0 | break; |
862 | 0 | default: |
863 | 0 | r = 0; |
864 | 0 | } |
865 | 0 | if (r < 0) |
866 | 0 | return log_link_warning_errno(link, r, "Failed to configure an alternative address: %m"); |
867 | | |
868 | 0 | return 0; |
869 | 0 | } |
870 | | |
871 | 0 | static int address_drop(Address *in, bool removed_by_us) { |
872 | 0 | _cleanup_(address_unrefp) Address *address = address_ref(ASSERT_PTR(in)); |
873 | 0 | Link *link = ASSERT_PTR(address->link); |
874 | 0 | int r; |
875 | |
|
876 | 0 | r = address_set_masquerade(address, /* add = */ false); |
877 | 0 | if (r < 0) |
878 | 0 | log_link_warning_errno(link, r, "Failed to disable IP masquerading, ignoring: %m"); |
879 | |
|
880 | 0 | address_modify_nft_set(address, /* add = */ false); |
881 | |
|
882 | 0 | address_del_netlabel(address); |
883 | | |
884 | | /* FIXME: if the IPv6LL address is dropped, stop DHCPv6, NDISC, RADV. */ |
885 | 0 | if (address->family == AF_INET6 && |
886 | 0 | in6_addr_equal(&address->in_addr.in6, &link->ipv6ll_address)) |
887 | 0 | link->ipv6ll_address = (const struct in6_addr) {}; |
888 | |
|
889 | 0 | ipv4acd_detach(link, address); |
890 | |
|
891 | 0 | address_detach(address); |
892 | |
|
893 | 0 | if (!removed_by_us) { |
894 | 0 | r = address_removed_maybe_kernel_dad(link, address); |
895 | 0 | if (r < 0) { |
896 | 0 | link_enter_failed(link); |
897 | 0 | return r; |
898 | 0 | } |
899 | 0 | } |
900 | | |
901 | 0 | link_update_operstate(link, /* also_update_bond_master = */ true); |
902 | 0 | link_check_ready(link); |
903 | 0 | return 0; |
904 | 0 | } |
905 | | |
906 | 0 | static bool address_match_null(const Address *a, const Address *null_address) { |
907 | 0 | assert(a); |
908 | 0 | assert(null_address); |
909 | |
|
910 | 0 | if (!a->requested_as_null) |
911 | 0 | return false; |
912 | | |
913 | | /* Currently, null address is supported only by static addresses. Note that static |
914 | | * address may be set as foreign during reconfiguring the interface. */ |
915 | 0 | if (!IN_SET(a->source, NETWORK_CONFIG_SOURCE_FOREIGN, NETWORK_CONFIG_SOURCE_STATIC)) |
916 | 0 | return false; |
917 | | |
918 | 0 | if (a->family != null_address->family) |
919 | 0 | return false; |
920 | | |
921 | 0 | if (a->prefixlen != null_address->prefixlen) |
922 | 0 | return false; |
923 | | |
924 | 0 | return true; |
925 | 0 | } |
926 | | |
927 | 0 | static int address_get_request(Link *link, const Address *address, Request **ret) { |
928 | 0 | Request *req; |
929 | |
|
930 | 0 | assert(link); |
931 | 0 | assert(link->manager); |
932 | 0 | assert(address); |
933 | |
|
934 | 0 | req = ordered_set_get( |
935 | 0 | link->manager->request_queue, |
936 | 0 | &(Request) { |
937 | 0 | .link = link, |
938 | 0 | .type = REQUEST_TYPE_ADDRESS, |
939 | 0 | .userdata = (void*) address, |
940 | 0 | .hash_func = (hash_func_t) address_hash_func, |
941 | 0 | .compare_func = (compare_func_t) address_compare_func, |
942 | 0 | }); |
943 | 0 | if (req) { |
944 | 0 | if (ret) |
945 | 0 | *ret = req; |
946 | 0 | return 0; |
947 | 0 | } |
948 | | |
949 | 0 | if (address_is_static_null(address)) |
950 | 0 | ORDERED_SET_FOREACH(req, link->manager->request_queue) { |
951 | 0 | if (req->link != link) |
952 | 0 | continue; |
953 | 0 | if (req->type != REQUEST_TYPE_ADDRESS) |
954 | 0 | continue; |
955 | | |
956 | 0 | if (!address_match_null(req->userdata, address)) |
957 | 0 | continue; |
958 | | |
959 | 0 | if (ret) |
960 | 0 | *ret = req; |
961 | |
|
962 | 0 | return 0; |
963 | 0 | } |
964 | | |
965 | 0 | return -ENOENT; |
966 | 0 | } |
967 | | |
968 | 0 | int address_get(Link *link, const Address *in, Address **ret) { |
969 | 0 | Address *a; |
970 | |
|
971 | 0 | assert(link); |
972 | 0 | assert(in); |
973 | |
|
974 | 0 | a = set_get(link->addresses, in); |
975 | 0 | if (a) { |
976 | 0 | if (ret) |
977 | 0 | *ret = a; |
978 | 0 | return 0; |
979 | 0 | } |
980 | | |
981 | | /* Find matching address that originally requested as null address. */ |
982 | 0 | if (address_is_static_null(in)) |
983 | 0 | SET_FOREACH(a, link->addresses) { |
984 | 0 | if (!address_match_null(a, in)) |
985 | 0 | continue; |
986 | | |
987 | 0 | if (ret) |
988 | 0 | *ret = a; |
989 | 0 | return 0; |
990 | 0 | } |
991 | | |
992 | 0 | return -ENOENT; |
993 | 0 | } |
994 | | |
995 | 0 | int address_get_harder(Link *link, const Address *in, Address **ret) { |
996 | 0 | Request *req; |
997 | 0 | int r; |
998 | |
|
999 | 0 | assert(link); |
1000 | 0 | assert(in); |
1001 | |
|
1002 | 0 | if (address_get(link, in, ret) >= 0) |
1003 | 0 | return 0; |
1004 | | |
1005 | 0 | r = address_get_request(link, in, &req); |
1006 | 0 | if (r < 0) |
1007 | 0 | return r; |
1008 | | |
1009 | 0 | if (ret) |
1010 | 0 | *ret = ASSERT_PTR(req->userdata); |
1011 | |
|
1012 | 0 | return 0; |
1013 | 0 | } |
1014 | | |
1015 | | int link_get_address_full( |
1016 | | Link *link, |
1017 | | int family, |
1018 | | const union in_addr_union *address, |
1019 | | const union in_addr_union *peer, /* optional, can be NULL */ |
1020 | | unsigned char prefixlen, /* optional, can be 0 */ |
1021 | 0 | Address **ret) { |
1022 | |
|
1023 | 0 | Address *a; |
1024 | 0 | int r; |
1025 | |
|
1026 | 0 | assert(link); |
1027 | 0 | assert(IN_SET(family, AF_INET, AF_INET6)); |
1028 | 0 | assert(address); |
1029 | | |
1030 | | /* This finds an Address object on the link which matches the given address, peer, and prefix length. |
1031 | | * If the prefixlen is zero, then an Address object with an arbitrary prefixlen will be returned. |
1032 | | * If the peer is NULL, then an Address object with an arbitrary peer will be returned. */ |
1033 | |
|
1034 | 0 | if (family == AF_INET6 || (prefixlen != 0 && peer)) { |
1035 | 0 | _cleanup_(address_unrefp) Address *tmp = NULL; |
1036 | | |
1037 | | /* In this case, we can use address_get(). */ |
1038 | |
|
1039 | 0 | r = address_new(&tmp); |
1040 | 0 | if (r < 0) |
1041 | 0 | return r; |
1042 | | |
1043 | 0 | tmp->family = family; |
1044 | 0 | tmp->in_addr = *address; |
1045 | 0 | if (peer) |
1046 | 0 | tmp->in_addr_peer = *peer; |
1047 | 0 | tmp->prefixlen = prefixlen; |
1048 | |
|
1049 | 0 | r = address_get(link, tmp, &a); |
1050 | 0 | if (r < 0) |
1051 | 0 | return r; |
1052 | | |
1053 | 0 | if (family == AF_INET6) { |
1054 | | /* IPv6 addresses are managed without peer address and prefix length. Hence, we need |
1055 | | * to check them explicitly. */ |
1056 | 0 | if (peer && !in_addr_equal(family, &a->in_addr_peer, peer)) |
1057 | 0 | return -ENOENT; |
1058 | 0 | if (prefixlen != 0 && a->prefixlen != prefixlen) |
1059 | 0 | return -ENOENT; |
1060 | 0 | } |
1061 | | |
1062 | 0 | if (ret) |
1063 | 0 | *ret = a; |
1064 | |
|
1065 | 0 | return 0; |
1066 | 0 | } |
1067 | | |
1068 | 0 | SET_FOREACH(a, link->addresses) { |
1069 | 0 | if (a->family != family) |
1070 | 0 | continue; |
1071 | | |
1072 | 0 | if (!in_addr_equal(family, &a->in_addr, address)) |
1073 | 0 | continue; |
1074 | | |
1075 | 0 | if (peer && !in_addr_equal(family, &a->in_addr_peer, peer)) |
1076 | 0 | continue; |
1077 | | |
1078 | 0 | if (prefixlen != 0 && a->prefixlen != prefixlen) |
1079 | 0 | continue; |
1080 | | |
1081 | 0 | if (ret) |
1082 | 0 | *ret = a; |
1083 | |
|
1084 | 0 | return 0; |
1085 | 0 | } |
1086 | | |
1087 | 0 | return -ENOENT; |
1088 | 0 | } |
1089 | | |
1090 | | int manager_get_address_full( |
1091 | | Manager *manager, |
1092 | | int family, |
1093 | | const union in_addr_union *address, |
1094 | | const union in_addr_union *peer, |
1095 | | unsigned char prefixlen, |
1096 | 0 | Address **ret) { |
1097 | |
|
1098 | 0 | Link *link; |
1099 | |
|
1100 | 0 | assert(manager); |
1101 | 0 | assert(IN_SET(family, AF_INET, AF_INET6)); |
1102 | 0 | assert(address); |
1103 | |
|
1104 | 0 | HASHMAP_FOREACH(link, manager->links_by_index) { |
1105 | 0 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) |
1106 | 0 | continue; |
1107 | | |
1108 | 0 | if (link_get_address_full(link, family, address, peer, prefixlen, ret) >= 0) |
1109 | 0 | return 0; |
1110 | 0 | } |
1111 | | |
1112 | 0 | return -ENOENT; |
1113 | 0 | } |
1114 | | |
1115 | 0 | const char* format_lifetime(char *buf, size_t l, usec_t lifetime_usec) { |
1116 | 0 | assert(buf); |
1117 | 0 | assert(l > 4); |
1118 | |
|
1119 | 0 | if (lifetime_usec == USEC_INFINITY) |
1120 | 0 | return "forever"; |
1121 | | |
1122 | 0 | sprintf(buf, "for "); |
1123 | | /* format_timespan() never fails */ |
1124 | 0 | assert_se(format_timespan(buf + 4, l - 4, usec_sub_unsigned(lifetime_usec, now(CLOCK_BOOTTIME)), USEC_PER_SEC)); |
1125 | 0 | return buf; |
1126 | 0 | } |
1127 | | |
1128 | 0 | void log_address_debug(const Address *address, const char *str, const Link *link) { |
1129 | 0 | _cleanup_free_ char *state = NULL, *flags_str = NULL, *scope_str = NULL; |
1130 | |
|
1131 | 0 | assert(address); |
1132 | 0 | assert(str); |
1133 | 0 | assert(link); |
1134 | |
|
1135 | 0 | if (!DEBUG_LOGGING) |
1136 | 0 | return; |
1137 | | |
1138 | 0 | (void) network_config_state_to_string_alloc(address->state, &state); |
1139 | |
|
1140 | 0 | const char *peer = in_addr_is_set(address->family, &address->in_addr_peer) ? |
1141 | 0 | IN_ADDR_TO_STRING(address->family, &address->in_addr_peer) : NULL; |
1142 | |
|
1143 | 0 | const char *broadcast = (address->family == AF_INET && in4_addr_is_set(&address->broadcast)) ? |
1144 | 0 | IN4_ADDR_TO_STRING(&address->broadcast) : NULL; |
1145 | |
|
1146 | 0 | (void) address_flags_to_string_alloc(address->flags, address->family, &flags_str); |
1147 | 0 | (void) route_scope_to_string_alloc(address->scope, &scope_str); |
1148 | |
|
1149 | 0 | log_link_debug(link, "%s %s address (%s): %s%s%s/%u%s%s (valid %s, preferred %s), flags: %s, scope: %s%s%s", |
1150 | 0 | str, strna(network_config_source_to_string(address->source)), strna(state), |
1151 | 0 | IN_ADDR_TO_STRING(address->family, &address->in_addr), |
1152 | 0 | peer ? " peer " : "", strempty(peer), address->prefixlen, |
1153 | 0 | broadcast ? " broadcast " : "", strempty(broadcast), |
1154 | 0 | FORMAT_LIFETIME(address->lifetime_valid_usec), |
1155 | 0 | FORMAT_LIFETIME(address->lifetime_preferred_usec), |
1156 | 0 | strna(flags_str), strna(scope_str), |
1157 | 0 | address->family == AF_INET ? ", label: " : "", |
1158 | 0 | address->family == AF_INET ? strna(address->label) : ""); |
1159 | 0 | } |
1160 | | |
1161 | 0 | static void address_forget(Link *link, Address *address, bool removed_by_us, const char *msg) { |
1162 | 0 | assert(link); |
1163 | 0 | assert(address); |
1164 | 0 | assert(msg); |
1165 | |
|
1166 | 0 | Request *req; |
1167 | 0 | if (address_get_request(link, address, &req) >= 0) |
1168 | 0 | address_enter_removed(req->userdata); |
1169 | |
|
1170 | 0 | if (!address->link && address_get(link, address, &address) < 0) |
1171 | 0 | return; |
1172 | | |
1173 | 0 | address_enter_removed(address); |
1174 | 0 | log_address_debug(address, msg, link); |
1175 | 0 | (void) address_drop(address, removed_by_us); |
1176 | 0 | } |
1177 | | |
1178 | 0 | static int address_set_netlink_message(const Address *address, sd_netlink_message *m, Link *link) { |
1179 | 0 | int r; |
1180 | |
|
1181 | 0 | assert(address); |
1182 | 0 | assert(m); |
1183 | 0 | assert(link); |
1184 | |
|
1185 | 0 | r = sd_rtnl_message_addr_set_prefixlen(m, address->prefixlen); |
1186 | 0 | if (r < 0) |
1187 | 0 | return r; |
1188 | | |
1189 | | /* On remove, only IFA_F_MANAGETEMPADDR flag for IPv6 addresses are used. But anyway, set all |
1190 | | * flags except tentative flag here unconditionally. Without setting the flag, the template |
1191 | | * addresses generated by kernel will not be removed automatically when the main address is |
1192 | | * removed. */ |
1193 | 0 | uint32_t flags = address->flags & ~IFA_F_TENTATIVE; |
1194 | 0 | if (flags != 0) { |
1195 | 0 | r = sd_netlink_message_append_u32(m, IFA_FLAGS, flags); |
1196 | 0 | if (r < 0) |
1197 | 0 | return r; |
1198 | 0 | } |
1199 | | |
1200 | 0 | r = netlink_message_append_in_addr_union(m, IFA_LOCAL, address->family, &address->in_addr); |
1201 | 0 | if (r < 0) |
1202 | 0 | return r; |
1203 | | |
1204 | 0 | return 0; |
1205 | 0 | } |
1206 | | |
1207 | 0 | static int address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, RemoveRequest *rreq) { |
1208 | 0 | int r; |
1209 | |
|
1210 | 0 | assert(m); |
1211 | 0 | assert(rreq); |
1212 | |
|
1213 | 0 | Link *link = ASSERT_PTR(rreq->link); |
1214 | 0 | Address *address = ASSERT_PTR(rreq->userdata); |
1215 | |
|
1216 | 0 | if (link->state == LINK_STATE_LINGER) |
1217 | 0 | return 0; |
1218 | | |
1219 | 0 | r = sd_netlink_message_get_errno(m); |
1220 | 0 | if (r < 0) { |
1221 | 0 | log_link_message_full_errno(link, m, |
1222 | 0 | (r == -EADDRNOTAVAIL || !address->link) ? LOG_DEBUG : LOG_WARNING, |
1223 | 0 | r, "Could not drop address"); |
1224 | | |
1225 | | /* If the address cannot be removed, then assume the address is already removed. */ |
1226 | 0 | address_forget(link, address, /* removed_by_us = */ true, "Forgetting"); |
1227 | 0 | } |
1228 | |
|
1229 | 0 | return 1; |
1230 | 0 | } |
1231 | | |
1232 | 0 | int address_remove(Address *address, Link *link) { |
1233 | 0 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; |
1234 | 0 | int r; |
1235 | |
|
1236 | 0 | assert(address); |
1237 | 0 | assert(IN_SET(address->family, AF_INET, AF_INET6)); |
1238 | 0 | assert(link); |
1239 | 0 | assert(link->ifindex > 0); |
1240 | 0 | assert(link->manager); |
1241 | 0 | assert(link->manager->rtnl); |
1242 | | |
1243 | | /* If the address is remembered, use the remembered object. */ |
1244 | 0 | (void) address_get(link, address, &address); |
1245 | |
|
1246 | 0 | log_address_debug(address, "Removing", link); |
1247 | |
|
1248 | 0 | r = sd_rtnl_message_new_addr(link->manager->rtnl, &m, RTM_DELADDR, |
1249 | 0 | link->ifindex, address->family); |
1250 | 0 | if (r < 0) |
1251 | 0 | return log_link_warning_errno(link, r, "Could not allocate RTM_DELADDR message: %m"); |
1252 | | |
1253 | 0 | r = address_set_netlink_message(address, m, link); |
1254 | 0 | if (r < 0) |
1255 | 0 | return log_link_warning_errno(link, r, "Could not set netlink attributes: %m"); |
1256 | | |
1257 | 0 | r = link_remove_request_add(link, address, address, link->manager->rtnl, m, address_remove_handler); |
1258 | 0 | if (r < 0) |
1259 | 0 | return log_link_warning_errno(link, r, "Could not queue rtnetlink message: %m"); |
1260 | | |
1261 | 0 | address_enter_removing(address); |
1262 | | |
1263 | | /* The operational state is determined by address state and carrier state. Hence, if we remove |
1264 | | * an address, the operational state may be changed. */ |
1265 | 0 | link_update_operstate(link, true); |
1266 | 0 | return 0; |
1267 | 0 | } |
1268 | | |
1269 | 0 | int address_remove_and_cancel(Address *address, Link *link) { |
1270 | 0 | _cleanup_(request_unrefp) Request *req = NULL; |
1271 | 0 | bool waiting = false; |
1272 | |
|
1273 | 0 | assert(address); |
1274 | 0 | assert(link); |
1275 | 0 | assert(link->manager); |
1276 | | |
1277 | | /* If the address is remembered by the link, then use the remembered object. */ |
1278 | 0 | (void) address_get(link, address, &address); |
1279 | | |
1280 | | /* Cancel the request for the address. If the request is already called but we have not received the |
1281 | | * notification about the request, then explicitly remove the address. */ |
1282 | 0 | if (address_get_request(link, address, &req) >= 0) { |
1283 | 0 | request_ref(req); /* avoid the request freed by request_detach() */ |
1284 | 0 | waiting = req->waiting_reply; |
1285 | 0 | request_detach(req); |
1286 | 0 | address_cancel_requesting(address); |
1287 | 0 | } |
1288 | | |
1289 | | /* If we know the address will come or already exists, remove it. */ |
1290 | 0 | if (waiting || (address->link && address_exists(address))) |
1291 | 0 | return address_remove(address, link); |
1292 | | |
1293 | 0 | return 0; |
1294 | 0 | } |
1295 | | |
1296 | 0 | bool link_address_is_dynamic(const Link *link, const Address *address) { |
1297 | 0 | Route *route; |
1298 | |
|
1299 | 0 | assert(link); |
1300 | 0 | assert(link->manager); |
1301 | 0 | assert(address); |
1302 | |
|
1303 | 0 | if (address->lifetime_preferred_usec != USEC_INFINITY) |
1304 | 0 | return true; |
1305 | | |
1306 | | /* There is no way to drtermine if the IPv6 address is dynamic when the lifetime is infinity. */ |
1307 | 0 | if (address->family != AF_INET) |
1308 | 0 | return false; |
1309 | | |
1310 | | /* Even if an IPv4 address is leased from a DHCP server with a finite lifetime, networkd assign the |
1311 | | * address without lifetime when KeepConfiguration=dynamic. So, let's check that we have |
1312 | | * corresponding routes with RTPROT_DHCP. */ |
1313 | 0 | SET_FOREACH(route, link->manager->routes) { |
1314 | 0 | if (route->source != NETWORK_CONFIG_SOURCE_FOREIGN) |
1315 | 0 | continue; |
1316 | | |
1317 | | /* The route is not assigned yet, or already being removed. Ignoring. */ |
1318 | 0 | if (!route_exists(route)) |
1319 | 0 | continue; |
1320 | | |
1321 | 0 | if (route->protocol != RTPROT_DHCP) |
1322 | 0 | continue; |
1323 | | |
1324 | 0 | if (route->nexthop.ifindex != link->ifindex) |
1325 | 0 | continue; |
1326 | | |
1327 | 0 | if (address->family != route->family) |
1328 | 0 | continue; |
1329 | | |
1330 | 0 | if (in_addr_equal(address->family, &address->in_addr, &route->prefsrc)) |
1331 | 0 | return true; |
1332 | 0 | } |
1333 | | |
1334 | 0 | return false; |
1335 | 0 | } |
1336 | | |
1337 | 0 | int link_drop_ipv6ll_addresses(Link *link) { |
1338 | 0 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL; |
1339 | 0 | int r; |
1340 | |
|
1341 | 0 | assert(link); |
1342 | 0 | assert(link->manager); |
1343 | 0 | assert(link->manager->rtnl); |
1344 | | |
1345 | | /* IPv6LL address may be in the tentative state, and in that case networkd has not received it. |
1346 | | * So, we need to dump all IPv6 addresses. */ |
1347 | |
|
1348 | 0 | if (link_ipv6ll_enabled_harder(link)) |
1349 | 0 | return 0; |
1350 | | |
1351 | 0 | r = sd_rtnl_message_new_addr(link->manager->rtnl, &req, RTM_GETADDR, link->ifindex, AF_INET6); |
1352 | 0 | if (r < 0) |
1353 | 0 | return r; |
1354 | | |
1355 | 0 | r = sd_netlink_message_set_request_dump(req, true); |
1356 | 0 | if (r < 0) |
1357 | 0 | return r; |
1358 | | |
1359 | 0 | r = sd_netlink_call(link->manager->rtnl, req, 0, &reply); |
1360 | 0 | if (r < 0) |
1361 | 0 | return r; |
1362 | | |
1363 | 0 | for (sd_netlink_message *addr = reply; addr; addr = sd_netlink_message_next(addr)) { |
1364 | 0 | _cleanup_(address_unrefp) Address *a = NULL; |
1365 | 0 | unsigned char prefixlen; |
1366 | 0 | struct in6_addr address; |
1367 | 0 | int ifindex; |
1368 | | |
1369 | | /* We set ifindex in the request, and NETLINK_GET_STRICT_CHK socket option is set. Hence the |
1370 | | * check below is redundant, but let's do that for safety. */ |
1371 | 0 | r = sd_rtnl_message_addr_get_ifindex(addr, &ifindex); |
1372 | 0 | if (r < 0) { |
1373 | 0 | log_link_debug_errno(link, r, "rtnl: received address message without valid ifindex, ignoring: %m"); |
1374 | 0 | continue; |
1375 | 0 | } else if (link->ifindex != ifindex) |
1376 | 0 | continue; |
1377 | | |
1378 | 0 | uint32_t flags; |
1379 | 0 | r = sd_netlink_message_read_u32(addr, IFA_FLAGS, &flags); |
1380 | 0 | if (r < 0) { |
1381 | 0 | log_link_debug_errno(link, r, "rtnl: Failed to read IFA_FLAGS attribute, ignoring: %m"); |
1382 | 0 | continue; |
1383 | 0 | } |
1384 | | |
1385 | 0 | r = sd_rtnl_message_addr_get_prefixlen(addr, &prefixlen); |
1386 | 0 | if (r < 0) { |
1387 | 0 | log_link_debug_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m"); |
1388 | 0 | continue; |
1389 | 0 | } |
1390 | | |
1391 | 0 | if (sd_netlink_message_read_in6_addr(addr, IFA_LOCAL, NULL) >= 0) |
1392 | | /* address with peer, ignoring. */ |
1393 | 0 | continue; |
1394 | | |
1395 | 0 | r = sd_netlink_message_read_in6_addr(addr, IFA_ADDRESS, &address); |
1396 | 0 | if (r < 0) { |
1397 | 0 | log_link_debug_errno(link, r, "rtnl: received address message without valid address, ignoring: %m"); |
1398 | 0 | continue; |
1399 | 0 | } |
1400 | | |
1401 | 0 | if (!in6_addr_is_link_local(&address)) |
1402 | 0 | continue; |
1403 | | |
1404 | 0 | r = address_new(&a); |
1405 | 0 | if (r < 0) |
1406 | 0 | return -ENOMEM; |
1407 | | |
1408 | 0 | a->family = AF_INET6; |
1409 | 0 | a->in_addr.in6 = address; |
1410 | 0 | a->prefixlen = prefixlen; |
1411 | 0 | a->flags = flags; |
1412 | |
|
1413 | 0 | r = address_remove(a, link); |
1414 | 0 | if (r < 0) |
1415 | 0 | return r; |
1416 | 0 | } |
1417 | | |
1418 | 0 | return 0; |
1419 | 0 | } |
1420 | | |
1421 | 0 | int link_drop_unmanaged_addresses(Link *link) { |
1422 | 0 | Address *address; |
1423 | 0 | int r = 0; |
1424 | |
|
1425 | 0 | assert(link); |
1426 | 0 | assert(link->network); |
1427 | | |
1428 | | /* First, mark all addresses. */ |
1429 | 0 | SET_FOREACH(address, link->addresses) { |
1430 | | /* We consider IPv6LL addresses to be managed by the kernel, or dropped in link_drop_ipv6ll_addresses() */ |
1431 | 0 | if (address->family == AF_INET6 && in6_addr_is_link_local(&address->in_addr.in6)) |
1432 | 0 | continue; |
1433 | | |
1434 | | /* Do not remove localhost address (127.0.0.1 and ::1) */ |
1435 | 0 | if (link->flags & IFF_LOOPBACK && in_addr_is_localhost_one(address->family, &address->in_addr) > 0) |
1436 | 0 | continue; |
1437 | | |
1438 | | /* Ignore addresses not assigned yet or already removing. */ |
1439 | 0 | if (!address_exists(address)) |
1440 | 0 | continue; |
1441 | | |
1442 | 0 | if (address->source == NETWORK_CONFIG_SOURCE_FOREIGN) { |
1443 | 0 | if (link->network->keep_configuration == KEEP_CONFIGURATION_YES) |
1444 | 0 | continue; |
1445 | | |
1446 | | /* link_address_is_dynamic() is slightly heavy. Let's call the function only when |
1447 | | * KeepConfiguration=dynamic or static. */ |
1448 | 0 | if (IN_SET(link->network->keep_configuration, KEEP_CONFIGURATION_DYNAMIC, KEEP_CONFIGURATION_STATIC) && |
1449 | 0 | link_address_is_dynamic(link, address) == (link->network->keep_configuration == KEEP_CONFIGURATION_DYNAMIC)) |
1450 | 0 | continue; |
1451 | |
|
1452 | 0 | } else if (address->source != NETWORK_CONFIG_SOURCE_STATIC) |
1453 | 0 | continue; /* Ignore dynamically configurad addresses. */ |
1454 | | |
1455 | 0 | address_mark(address); |
1456 | 0 | } |
1457 | | |
1458 | | /* Then, unmark requested addresses. */ |
1459 | 0 | ORDERED_HASHMAP_FOREACH(address, link->network->addresses_by_section) { |
1460 | 0 | Address *existing; |
1461 | |
|
1462 | 0 | if (address_get(link, address, &existing) < 0) |
1463 | 0 | continue; |
1464 | | |
1465 | 0 | if (!address_can_update(existing, address)) |
1466 | 0 | continue; |
1467 | | |
1468 | | /* Found matching static configuration. Keep the existing address. */ |
1469 | 0 | address_unmark(existing); |
1470 | 0 | } |
1471 | | |
1472 | | /* Finally, remove all marked addresses. */ |
1473 | 0 | SET_FOREACH(address, link->addresses) { |
1474 | 0 | if (!address_is_marked(address)) |
1475 | 0 | continue; |
1476 | | |
1477 | 0 | RET_GATHER(r, address_remove(address, link)); |
1478 | 0 | } |
1479 | |
|
1480 | 0 | return r; |
1481 | 0 | } |
1482 | | |
1483 | 0 | int link_drop_static_addresses(Link *link) { |
1484 | 0 | Address *address; |
1485 | 0 | int r = 0; |
1486 | |
|
1487 | 0 | assert(link); |
1488 | |
|
1489 | 0 | SET_FOREACH(address, link->addresses) { |
1490 | | /* Remove only static addresses here. Dynamic addresses will be removed e.g. on lease |
1491 | | * expiration or stopping the DHCP client. */ |
1492 | 0 | if (address->source != NETWORK_CONFIG_SOURCE_STATIC) |
1493 | 0 | continue; |
1494 | | |
1495 | | /* Ignore addresses not assigned yet or already removing. */ |
1496 | 0 | if (!address_exists(address)) |
1497 | 0 | continue; |
1498 | | |
1499 | 0 | RET_GATHER(r, address_remove(address, link)); |
1500 | 0 | } |
1501 | |
|
1502 | 0 | return r; |
1503 | 0 | } |
1504 | | |
1505 | 0 | int address_configure_handler_internal(sd_netlink_message *m, Link *link, Address *address) { |
1506 | 0 | int r; |
1507 | |
|
1508 | 0 | assert(m); |
1509 | 0 | assert(link); |
1510 | 0 | assert(address); |
1511 | |
|
1512 | 0 | r = sd_netlink_message_get_errno(m); |
1513 | 0 | if (r < 0 && r != -EEXIST) { |
1514 | 0 | log_link_message_warning_errno(link, m, r, "Failed to set %s address %s", |
1515 | 0 | network_config_source_to_string(address->source), |
1516 | 0 | IN_ADDR_TO_STRING(address->family, &address->in_addr)); |
1517 | 0 | link_enter_failed(link); |
1518 | 0 | return 0; |
1519 | 0 | } |
1520 | | |
1521 | 0 | return 1; |
1522 | 0 | } |
1523 | | |
1524 | 0 | static int address_configure(const Address *address, const struct ifa_cacheinfo *c, Link *link, Request *req) { |
1525 | 0 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; |
1526 | 0 | int r; |
1527 | |
|
1528 | 0 | assert(address); |
1529 | 0 | assert(IN_SET(address->family, AF_INET, AF_INET6)); |
1530 | 0 | assert(c); |
1531 | 0 | assert(link); |
1532 | 0 | assert(link->ifindex > 0); |
1533 | 0 | assert(link->manager); |
1534 | 0 | assert(link->manager->rtnl); |
1535 | 0 | assert(req); |
1536 | |
|
1537 | 0 | log_address_debug(address, "Configuring", link); |
1538 | |
|
1539 | 0 | r = sd_rtnl_message_new_addr_update(link->manager->rtnl, &m, link->ifindex, address->family); |
1540 | 0 | if (r < 0) |
1541 | 0 | return r; |
1542 | | |
1543 | 0 | r = address_set_netlink_message(address, m, link); |
1544 | 0 | if (r < 0) |
1545 | 0 | return r; |
1546 | | |
1547 | 0 | r = sd_rtnl_message_addr_set_scope(m, address->scope); |
1548 | 0 | if (r < 0) |
1549 | 0 | return r; |
1550 | | |
1551 | 0 | if (address->family == AF_INET6 || in_addr_is_set(address->family, &address->in_addr_peer)) { |
1552 | 0 | r = netlink_message_append_in_addr_union(m, IFA_ADDRESS, address->family, &address->in_addr_peer); |
1553 | 0 | if (r < 0) |
1554 | 0 | return r; |
1555 | 0 | } else if (in4_addr_is_set(&address->broadcast)) { |
1556 | 0 | r = sd_netlink_message_append_in_addr(m, IFA_BROADCAST, &address->broadcast); |
1557 | 0 | if (r < 0) |
1558 | 0 | return r; |
1559 | 0 | } |
1560 | | |
1561 | 0 | if (address->family == AF_INET && address->label) { |
1562 | 0 | r = sd_netlink_message_append_string(m, IFA_LABEL, address->label); |
1563 | 0 | if (r < 0) |
1564 | 0 | return r; |
1565 | 0 | } |
1566 | | |
1567 | 0 | r = sd_netlink_message_append_cache_info(m, IFA_CACHEINFO, c); |
1568 | 0 | if (r < 0) |
1569 | 0 | return r; |
1570 | | |
1571 | 0 | r = sd_netlink_message_append_u32(m, IFA_RT_PRIORITY, address->route_metric); |
1572 | 0 | if (r < 0) |
1573 | 0 | return r; |
1574 | | |
1575 | 0 | return request_call_netlink_async(link->manager->rtnl, m, req); |
1576 | 0 | } |
1577 | | |
1578 | 0 | static int address_acquire(Link *link, const Address *address, union in_addr_union *ret) { |
1579 | 0 | union in_addr_union a; |
1580 | 0 | int r; |
1581 | |
|
1582 | 0 | assert(link); |
1583 | 0 | assert(address); |
1584 | 0 | assert(ret); |
1585 | |
|
1586 | 0 | r = address_acquire_from_dhcp_server_leases_file(link, address, ret); |
1587 | 0 | if (!IN_SET(r, -ENOENT, -ENXIO, -EINVAL)) |
1588 | 0 | return r; |
1589 | | |
1590 | 0 | r = address_pool_acquire(link->manager, address->family, address->prefixlen, &a); |
1591 | 0 | if (r < 0) |
1592 | 0 | return r; |
1593 | 0 | if (r == 0) |
1594 | 0 | return -EBUSY; |
1595 | | |
1596 | | /* Pick first address in range for ourselves. */ |
1597 | 0 | if (address->family == AF_INET) |
1598 | 0 | a.in.s_addr |= htobe32(1); |
1599 | 0 | else if (address->family == AF_INET6) |
1600 | 0 | a.in6.s6_addr[15] |= 1; |
1601 | 0 | else |
1602 | 0 | assert_not_reached(); |
1603 | |
|
1604 | 0 | *ret = a; |
1605 | 0 | return 0; |
1606 | 0 | } |
1607 | | |
1608 | 0 | static int address_requeue_request(Request *req, Link *link, const Address *address) { |
1609 | 0 | int r; |
1610 | |
|
1611 | 0 | assert(req); |
1612 | 0 | assert(link); |
1613 | 0 | assert(link->manager); |
1614 | 0 | assert(link->network); |
1615 | 0 | assert(address); |
1616 | | |
1617 | | /* Something useful was configured? just use it */ |
1618 | 0 | if (in_addr_is_set(address->family, &address->in_addr)) |
1619 | 0 | return 0; |
1620 | | |
1621 | | /* The address is configured to be 0.0.0.0 or [::] by the user? |
1622 | | * Then let's acquire something more useful. */ |
1623 | 0 | union in_addr_union a; |
1624 | 0 | r = address_acquire(link, address, &a); |
1625 | 0 | if (r < 0) |
1626 | 0 | return r; |
1627 | | |
1628 | 0 | _cleanup_(address_unrefp) Address *tmp = NULL; |
1629 | 0 | r = address_dup(address, &tmp); |
1630 | 0 | if (r < 0) |
1631 | 0 | return r; |
1632 | | |
1633 | 0 | tmp->in_addr = a; |
1634 | |
|
1635 | 0 | r = link_requeue_request(link, req, tmp, NULL); |
1636 | 0 | if (r < 0) |
1637 | 0 | return r; |
1638 | 0 | if (r == 0) |
1639 | 0 | return -EEXIST; /* Already queued?? Strange... */ |
1640 | | |
1641 | 0 | TAKE_PTR(tmp); |
1642 | 0 | return 1; /* A new request is queued. it is not necessary to process this request anymore. */ |
1643 | 0 | } |
1644 | | |
1645 | 0 | static int address_process_request(Request *req, Link *link, Address *address) { |
1646 | 0 | Address *existing; |
1647 | 0 | struct ifa_cacheinfo c; |
1648 | 0 | int r; |
1649 | |
|
1650 | 0 | assert(req); |
1651 | 0 | assert(link); |
1652 | 0 | assert(address); |
1653 | |
|
1654 | 0 | if (!link_is_ready_to_configure(link, false)) |
1655 | 0 | return 0; |
1656 | | |
1657 | | /* Refuse adding more than the limit */ |
1658 | 0 | if (set_size(link->addresses) >= ADDRESSES_PER_LINK_MAX) |
1659 | 0 | return 0; |
1660 | | |
1661 | 0 | r = address_requeue_request(req, link, address); |
1662 | 0 | if (r == -EBUSY) |
1663 | 0 | return 0; |
1664 | 0 | if (r != 0) |
1665 | 0 | return r; |
1666 | | |
1667 | 0 | address_set_broadcast(address, link); |
1668 | |
|
1669 | 0 | r = ipv4acd_configure(link, address); |
1670 | 0 | if (r < 0) |
1671 | 0 | return r; |
1672 | | |
1673 | 0 | if (!ipv4acd_bound(link, address)) |
1674 | 0 | return 0; |
1675 | | |
1676 | 0 | address_set_cinfo(link->manager, address, &c); |
1677 | 0 | if (c.ifa_valid == 0) { |
1678 | 0 | log_link_debug(link, "Refuse to configure %s address %s, as its valid lifetime is zero.", |
1679 | 0 | network_config_source_to_string(address->source), |
1680 | 0 | IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); |
1681 | |
|
1682 | 0 | address_cancel_requesting(address); |
1683 | 0 | if (address_get(link, address, &existing) >= 0) |
1684 | 0 | address_cancel_requesting(existing); |
1685 | 0 | return 1; |
1686 | 0 | } |
1687 | | |
1688 | 0 | r = address_configure(address, &c, link, req); |
1689 | 0 | if (r < 0) |
1690 | 0 | return log_link_warning_errno(link, r, "Failed to configure address: %m"); |
1691 | | |
1692 | 0 | address_enter_configuring(address); |
1693 | 0 | if (address_get(link, address, &existing) >= 0) |
1694 | 0 | address_enter_configuring(existing); |
1695 | |
|
1696 | 0 | return 1; |
1697 | 0 | } |
1698 | | |
1699 | | int link_request_address( |
1700 | | Link *link, |
1701 | | const Address *address, |
1702 | | unsigned *message_counter, |
1703 | | address_netlink_handler_t netlink_handler, |
1704 | 0 | Request **ret) { |
1705 | |
|
1706 | 0 | _cleanup_(address_unrefp) Address *tmp = NULL; |
1707 | 0 | Address *existing = NULL; |
1708 | 0 | int r; |
1709 | |
|
1710 | 0 | assert(link); |
1711 | 0 | assert(address); |
1712 | 0 | assert(address->source != NETWORK_CONFIG_SOURCE_FOREIGN); |
1713 | |
|
1714 | 0 | if (address->lifetime_valid_usec == 0) |
1715 | | /* The requested address is outdated. Let's ignore the request. */ |
1716 | 0 | return 0; |
1717 | | |
1718 | 0 | if (address_get_request(link, address, NULL) >= 0) |
1719 | 0 | return 0; /* already requested, skipping. */ |
1720 | | |
1721 | 0 | r = address_dup(address, &tmp); |
1722 | 0 | if (r < 0) |
1723 | 0 | return log_oom(); |
1724 | | |
1725 | 0 | if (address_get(link, address, &existing) >= 0) { |
1726 | | /* Copy already assigned address when it is requested as a null address. */ |
1727 | 0 | if (address_is_static_null(address)) |
1728 | 0 | tmp->in_addr = existing->in_addr; |
1729 | | |
1730 | | /* Copy state for logging below. */ |
1731 | 0 | tmp->state = existing->state; |
1732 | 0 | } |
1733 | |
|
1734 | 0 | log_address_debug(tmp, "Requesting", link); |
1735 | 0 | r = link_queue_request_safe(link, REQUEST_TYPE_ADDRESS, |
1736 | 0 | tmp, |
1737 | 0 | address_unref, |
1738 | 0 | address_hash_func, |
1739 | 0 | address_compare_func, |
1740 | 0 | address_process_request, |
1741 | 0 | message_counter, netlink_handler, ret); |
1742 | 0 | if (r < 0) |
1743 | 0 | return log_link_warning_errno(link, r, "Failed to request address: %m"); |
1744 | 0 | if (r == 0) |
1745 | 0 | return 0; |
1746 | | |
1747 | 0 | address_enter_requesting(tmp); |
1748 | 0 | if (existing) |
1749 | 0 | address_enter_requesting(existing); |
1750 | |
|
1751 | 0 | TAKE_PTR(tmp); |
1752 | 0 | return 1; |
1753 | 0 | } |
1754 | | |
1755 | 0 | static int static_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, Address *address) { |
1756 | 0 | int r; |
1757 | |
|
1758 | 0 | assert(link); |
1759 | 0 | assert(address); |
1760 | |
|
1761 | 0 | r = address_configure_handler_internal(m, link, address); |
1762 | 0 | if (r <= 0) |
1763 | 0 | return r; |
1764 | | |
1765 | 0 | if (link->static_address_messages == 0) { |
1766 | 0 | log_link_debug(link, "Addresses set"); |
1767 | 0 | link->static_addresses_configured = true; |
1768 | 0 | link_check_ready(link); |
1769 | 0 | } |
1770 | |
|
1771 | 0 | return 1; |
1772 | 0 | } |
1773 | | |
1774 | 0 | int link_request_static_address(Link *link, const Address *address) { |
1775 | 0 | assert(link); |
1776 | 0 | assert(address); |
1777 | 0 | assert(address->source == NETWORK_CONFIG_SOURCE_STATIC); |
1778 | |
|
1779 | 0 | return link_request_address(link, address, &link->static_address_messages, |
1780 | 0 | static_address_handler, NULL); |
1781 | 0 | } |
1782 | | |
1783 | 0 | int link_request_static_addresses(Link *link) { |
1784 | 0 | Address *a; |
1785 | 0 | int r; |
1786 | |
|
1787 | 0 | assert(link); |
1788 | 0 | assert(link->network); |
1789 | |
|
1790 | 0 | link->static_addresses_configured = false; |
1791 | |
|
1792 | 0 | ORDERED_HASHMAP_FOREACH(a, link->network->addresses_by_section) { |
1793 | 0 | r = link_request_static_address(link, a); |
1794 | 0 | if (r < 0) |
1795 | 0 | return r; |
1796 | 0 | } |
1797 | | |
1798 | 0 | r = link_request_radv_addresses(link); |
1799 | 0 | if (r < 0) |
1800 | 0 | return r; |
1801 | | |
1802 | 0 | if (link->static_address_messages == 0) { |
1803 | 0 | link->static_addresses_configured = true; |
1804 | 0 | link_check_ready(link); |
1805 | 0 | } else { |
1806 | 0 | log_link_debug(link, "Setting addresses"); |
1807 | 0 | link_set_state(link, LINK_STATE_CONFIGURING); |
1808 | 0 | } |
1809 | |
|
1810 | 0 | return 0; |
1811 | 0 | } |
1812 | | |
1813 | 0 | int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) { |
1814 | 0 | int r; |
1815 | |
|
1816 | 0 | assert(rtnl); |
1817 | 0 | assert(message); |
1818 | 0 | assert(m); |
1819 | |
|
1820 | 0 | if (sd_netlink_message_is_error(message)) { |
1821 | 0 | r = sd_netlink_message_get_errno(message); |
1822 | 0 | if (r < 0) |
1823 | 0 | log_message_warning_errno(message, r, "rtnl: failed to receive address message, ignoring"); |
1824 | |
|
1825 | 0 | return 0; |
1826 | 0 | } |
1827 | | |
1828 | 0 | uint16_t type; |
1829 | 0 | r = sd_netlink_message_get_type(message, &type); |
1830 | 0 | if (r < 0) { |
1831 | 0 | log_warning_errno(r, "rtnl: could not get message type, ignoring: %m"); |
1832 | 0 | return 0; |
1833 | 0 | } else if (!IN_SET(type, RTM_NEWADDR, RTM_DELADDR)) { |
1834 | 0 | log_warning("rtnl: received unexpected message type %u when processing address, ignoring.", type); |
1835 | 0 | return 0; |
1836 | 0 | } |
1837 | | |
1838 | 0 | int ifindex; |
1839 | 0 | r = sd_rtnl_message_addr_get_ifindex(message, &ifindex); |
1840 | 0 | if (r < 0) { |
1841 | 0 | log_warning_errno(r, "rtnl: could not get ifindex from message, ignoring: %m"); |
1842 | 0 | return 0; |
1843 | 0 | } else if (ifindex <= 0) { |
1844 | 0 | log_warning("rtnl: received address message with invalid ifindex %d, ignoring.", ifindex); |
1845 | 0 | return 0; |
1846 | 0 | } |
1847 | | |
1848 | 0 | Link *link; |
1849 | 0 | r = link_get_by_index(m, ifindex, &link); |
1850 | 0 | if (r < 0) { |
1851 | | /* when enumerating we might be out of sync, but we will get the address again, so just |
1852 | | * ignore it */ |
1853 | 0 | if (!m->enumerating) |
1854 | 0 | log_warning("rtnl: received address for link '%d' we don't know about, ignoring.", ifindex); |
1855 | 0 | return 0; |
1856 | 0 | } |
1857 | | |
1858 | 0 | _cleanup_(address_unrefp) Address *tmp = NULL; |
1859 | 0 | r = address_new(&tmp); |
1860 | 0 | if (r < 0) |
1861 | 0 | return log_oom(); |
1862 | | |
1863 | | /* First, read minimal information to make address_get() work below. */ |
1864 | | |
1865 | 0 | r = sd_rtnl_message_addr_get_family(message, &tmp->family); |
1866 | 0 | if (r < 0) { |
1867 | 0 | log_link_warning(link, "rtnl: received address message without family, ignoring."); |
1868 | 0 | return 0; |
1869 | 0 | } else if (!IN_SET(tmp->family, AF_INET, AF_INET6)) { |
1870 | 0 | log_link_debug(link, "rtnl: received address message with invalid family '%i', ignoring.", tmp->family); |
1871 | 0 | return 0; |
1872 | 0 | } |
1873 | | |
1874 | 0 | r = sd_rtnl_message_addr_get_prefixlen(message, &tmp->prefixlen); |
1875 | 0 | if (r < 0) { |
1876 | 0 | log_link_warning_errno(link, r, "rtnl: received address message without prefixlen, ignoring: %m"); |
1877 | 0 | return 0; |
1878 | 0 | } |
1879 | | |
1880 | 0 | switch (tmp->family) { |
1881 | 0 | case AF_INET: |
1882 | 0 | r = sd_netlink_message_read_in_addr(message, IFA_LOCAL, &tmp->in_addr.in); |
1883 | 0 | if (r < 0) { |
1884 | 0 | log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m"); |
1885 | 0 | return 0; |
1886 | 0 | } |
1887 | | |
1888 | 0 | r = sd_netlink_message_read_in_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in); |
1889 | 0 | if (r < 0 && r != -ENODATA) { |
1890 | 0 | log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m"); |
1891 | 0 | return 0; |
1892 | 0 | } else if (r >= 0) { |
1893 | 0 | if (in4_addr_equal(&tmp->in_addr.in, &tmp->in_addr_peer.in)) |
1894 | 0 | tmp->in_addr_peer = IN_ADDR_NULL; |
1895 | 0 | } |
1896 | | |
1897 | 0 | break; |
1898 | | |
1899 | 0 | case AF_INET6: |
1900 | 0 | r = sd_netlink_message_read_in6_addr(message, IFA_LOCAL, &tmp->in_addr.in6); |
1901 | 0 | if (r >= 0) { |
1902 | | /* Have peer address. */ |
1903 | 0 | r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr_peer.in6); |
1904 | 0 | if (r < 0) { |
1905 | 0 | log_link_warning_errno(link, r, "rtnl: could not get peer address from address message, ignoring: %m"); |
1906 | 0 | return 0; |
1907 | 0 | } |
1908 | 0 | } else if (r == -ENODATA) { |
1909 | | /* Does not have peer address. */ |
1910 | 0 | r = sd_netlink_message_read_in6_addr(message, IFA_ADDRESS, &tmp->in_addr.in6); |
1911 | 0 | if (r < 0) { |
1912 | 0 | log_link_warning_errno(link, r, "rtnl: received address message without valid address, ignoring: %m"); |
1913 | 0 | return 0; |
1914 | 0 | } |
1915 | 0 | } else { |
1916 | 0 | log_link_warning_errno(link, r, "rtnl: could not get local address from address message, ignoring: %m"); |
1917 | 0 | return 0; |
1918 | 0 | } |
1919 | | |
1920 | 0 | break; |
1921 | | |
1922 | 0 | default: |
1923 | 0 | assert_not_reached(); |
1924 | 0 | } |
1925 | | |
1926 | | /* Then, find the managed Address object corresponding to the received address. */ |
1927 | 0 | Address *address = NULL; |
1928 | 0 | (void) address_get(link, tmp, &address); |
1929 | |
|
1930 | 0 | if (type == RTM_DELADDR) { |
1931 | 0 | if (address) |
1932 | 0 | address_forget(link, address, |
1933 | 0 | /* removed_by_us = */ FLAGS_SET(address->state, NETWORK_CONFIG_STATE_REMOVING), |
1934 | 0 | "Forgetting removed"); |
1935 | 0 | else |
1936 | 0 | log_address_debug(tmp, "Kernel removed unknown", link); |
1937 | |
|
1938 | 0 | goto finalize; |
1939 | 0 | } |
1940 | | |
1941 | 0 | bool is_new = false; |
1942 | 0 | if (!address) { |
1943 | | /* If we did not know the address, then save it. */ |
1944 | 0 | r = address_attach(link, tmp); |
1945 | 0 | if (r < 0) { |
1946 | 0 | log_link_warning_errno(link, r, "Failed to save received address %s, ignoring: %m", |
1947 | 0 | IN_ADDR_PREFIX_TO_STRING(tmp->family, &tmp->in_addr, tmp->prefixlen)); |
1948 | 0 | return 0; |
1949 | 0 | } |
1950 | 0 | address = tmp; |
1951 | |
|
1952 | 0 | is_new = true; |
1953 | |
|
1954 | 0 | } else { |
1955 | | /* Otherwise, update the managed Address object with the netlink notification. */ |
1956 | 0 | address->prefixlen = tmp->prefixlen; |
1957 | 0 | address->in_addr_peer = tmp->in_addr_peer; |
1958 | 0 | } |
1959 | | |
1960 | | /* Also update information that cannot be obtained through netlink notification. */ |
1961 | 0 | Request *req = NULL; |
1962 | 0 | (void) address_get_request(link, tmp, &req); |
1963 | 0 | if (req && req->waiting_reply) { |
1964 | 0 | Address *a = ASSERT_PTR(req->userdata); |
1965 | |
|
1966 | 0 | address->source = a->source; |
1967 | 0 | address->provider = a->provider; |
1968 | 0 | (void) free_and_strdup_warn(&address->netlabel, a->netlabel); |
1969 | 0 | nft_set_context_clear(&address->nft_set_context); |
1970 | 0 | (void) nft_set_context_dup(&a->nft_set_context, &address->nft_set_context); |
1971 | 0 | address->requested_as_null = a->requested_as_null; |
1972 | 0 | address->also_requested_by_dhcp6 = a->also_requested_by_dhcp6; |
1973 | 0 | address->callback = a->callback; |
1974 | |
|
1975 | 0 | ipv6_token_ref(a->token); |
1976 | 0 | ipv6_token_unref(address->token); |
1977 | 0 | address->token = a->token; |
1978 | 0 | } |
1979 | | |
1980 | | /* Then, update miscellaneous info. */ |
1981 | 0 | r = sd_rtnl_message_addr_get_scope(message, &address->scope); |
1982 | 0 | if (r < 0) |
1983 | 0 | log_link_debug_errno(link, r, "rtnl: received address message without scope, ignoring: %m"); |
1984 | |
|
1985 | 0 | if (address->family == AF_INET) { |
1986 | 0 | _cleanup_free_ char *label = NULL; |
1987 | |
|
1988 | 0 | r = sd_netlink_message_read_string_strdup(message, IFA_LABEL, &label); |
1989 | 0 | if (r >= 0) { |
1990 | 0 | if (!streq_ptr(label, link->ifname)) |
1991 | 0 | free_and_replace(address->label, label); |
1992 | 0 | } else if (r != -ENODATA) |
1993 | 0 | log_link_debug_errno(link, r, "rtnl: could not get label from address message, ignoring: %m"); |
1994 | |
|
1995 | 0 | r = sd_netlink_message_read_in_addr(message, IFA_BROADCAST, &address->broadcast); |
1996 | 0 | if (r < 0 && r != -ENODATA) |
1997 | 0 | log_link_debug_errno(link, r, "rtnl: could not get broadcast from address message, ignoring: %m"); |
1998 | 0 | } |
1999 | |
|
2000 | 0 | r = sd_netlink_message_read_u32(message, IFA_FLAGS, &address->flags); |
2001 | 0 | if (r < 0) |
2002 | 0 | log_link_debug_errno(link, r, "rtnl: failed to read IFA_FLAGS attribute, ignoring: %m"); |
2003 | |
|
2004 | 0 | struct ifa_cacheinfo cinfo; |
2005 | 0 | r = sd_netlink_message_read_cache_info(message, IFA_CACHEINFO, &cinfo); |
2006 | 0 | if (r >= 0) |
2007 | 0 | address_set_lifetime(m, address, &cinfo); |
2008 | 0 | else if (r != -ENODATA) |
2009 | 0 | log_link_debug_errno(link, r, "rtnl: failed to read IFA_CACHEINFO attribute, ignoring: %m"); |
2010 | |
|
2011 | 0 | r = sd_netlink_message_read_u32(message, IFA_RT_PRIORITY, &address->route_metric); |
2012 | 0 | if (r < 0 && r != -ENODATA) |
2013 | 0 | log_link_debug_errno(link, r, "rtnl: failed to read IFA_RT_PRIORITY attribute, ignoring: %m"); |
2014 | |
|
2015 | 0 | address_enter_configured(address); |
2016 | 0 | if (req) |
2017 | 0 | address_enter_configured(req->userdata); |
2018 | |
|
2019 | 0 | log_address_debug(address, is_new ? "Received new": "Received updated", link); |
2020 | | |
2021 | | /* address_update() logs internally, so we don't need to here. */ |
2022 | 0 | r = address_update(address); |
2023 | 0 | if (r < 0) |
2024 | 0 | link_enter_failed(link); |
2025 | |
|
2026 | 0 | finalize: |
2027 | 0 | if (tmp->family == AF_INET6) { |
2028 | 0 | r = dhcp4_update_ipv6_connectivity(link); |
2029 | 0 | if (r < 0) { |
2030 | 0 | log_link_warning_errno(link, r, "Failed to notify IPv6 connectivity to DHCPv4 client: %m"); |
2031 | 0 | link_enter_failed(link); |
2032 | 0 | } |
2033 | 0 | } |
2034 | |
|
2035 | 0 | return 1; |
2036 | 0 | } |
2037 | | |
2038 | | static int config_parse_broadcast( |
2039 | | const char *unit, |
2040 | | const char *filename, |
2041 | | unsigned line, |
2042 | | const char *section, |
2043 | | unsigned section_line, |
2044 | | const char *lvalue, |
2045 | | int ltype, |
2046 | | const char *rvalue, |
2047 | | void *data, |
2048 | 2.42k | void *userdata) { |
2049 | | |
2050 | 2.42k | Address *address = ASSERT_PTR(userdata); |
2051 | 2.42k | int r; |
2052 | | |
2053 | | /* Do not check or set address->family here. It will be checked later in |
2054 | | * address_section_verify() -> address_section_adjust_broadcast() . */ |
2055 | | |
2056 | 2.42k | if (isempty(rvalue)) { |
2057 | | /* The broadcast address will be calculated based on Address=, and set if the link is |
2058 | | * not a wireguard interface. */ |
2059 | 352 | address->broadcast = (struct in_addr) {}; |
2060 | 352 | address->set_broadcast = -1; |
2061 | 352 | return 1; |
2062 | 352 | } |
2063 | | |
2064 | 2.06k | r = parse_boolean(rvalue); |
2065 | 2.06k | if (r >= 0) { |
2066 | | /* The broadcast address will be calculated based on Address=. */ |
2067 | 206 | address->broadcast = (struct in_addr) {}; |
2068 | 206 | address->set_broadcast = r; |
2069 | 206 | return 1; |
2070 | 206 | } |
2071 | | |
2072 | 1.86k | r = config_parse_in_addr_non_null( |
2073 | 1.86k | unit, filename, line, section, section_line, |
2074 | 1.86k | lvalue, /* ltype = */ AF_INET, rvalue, |
2075 | 1.86k | &address->broadcast, /* userdata = */ NULL); |
2076 | 1.86k | if (r <= 0) |
2077 | 377 | return r; |
2078 | | |
2079 | 1.48k | address->set_broadcast = true; |
2080 | 1.48k | return 1; |
2081 | 1.86k | } |
2082 | | |
2083 | | static int config_parse_address( |
2084 | | const char *unit, |
2085 | | const char *filename, |
2086 | | unsigned line, |
2087 | | const char *section, |
2088 | | unsigned section_line, |
2089 | | const char *lvalue, |
2090 | | int ltype, |
2091 | | const char *rvalue, |
2092 | | void *data, |
2093 | 78.3k | void *userdata) { |
2094 | | |
2095 | 78.3k | Address *address = ASSERT_PTR(userdata); |
2096 | 78.3k | union in_addr_union *a = ASSERT_PTR(data); |
2097 | 78.3k | struct in_addr_prefix prefix; |
2098 | 78.3k | int r; |
2099 | | |
2100 | 78.3k | assert(rvalue); |
2101 | | |
2102 | 78.3k | if (isempty(rvalue)) { |
2103 | | /* When an empty string is assigned, clear both Address= and Peer=. */ |
2104 | 228 | address->family = AF_UNSPEC; |
2105 | 228 | address->prefixlen = 0; |
2106 | 228 | address->in_addr = IN_ADDR_NULL; |
2107 | 228 | address->in_addr_peer = IN_ADDR_NULL; |
2108 | 228 | return 1; |
2109 | 228 | } |
2110 | | |
2111 | 78.1k | r = config_parse_in_addr_prefix(unit, filename, line, section, section_line, lvalue, /* ltype = */ true, rvalue, &prefix, /* userdata = */ NULL); |
2112 | 78.1k | if (r <= 0) |
2113 | 65.9k | return r; |
2114 | | |
2115 | 12.1k | if (address->family != AF_UNSPEC && prefix.family != address->family) { |
2116 | 328 | log_syntax(unit, LOG_WARNING, filename, line, 0, "Address is incompatible, ignoring assignment: %s", rvalue); |
2117 | 328 | return 0; |
2118 | 328 | } |
2119 | | |
2120 | 11.8k | address->family = prefix.family; |
2121 | 11.8k | address->prefixlen = prefix.prefixlen; |
2122 | 11.8k | *a = prefix.address; |
2123 | 11.8k | return 1; |
2124 | 12.1k | } |
2125 | | |
2126 | | static int config_parse_address_label( |
2127 | | const char *unit, |
2128 | | const char *filename, |
2129 | | unsigned line, |
2130 | | const char *section, |
2131 | | unsigned section_line, |
2132 | | const char *lvalue, |
2133 | | int ltype, |
2134 | | const char *rvalue, |
2135 | | void *data, |
2136 | 1.46k | void *userdata) { |
2137 | | |
2138 | 1.46k | char **label = ASSERT_PTR(data); |
2139 | 1.46k | int r; |
2140 | | |
2141 | 1.46k | if (!isempty(rvalue) && !address_label_valid(rvalue)) { |
2142 | 202 | log_syntax(unit, LOG_WARNING, filename, line, 0, |
2143 | 202 | "Interface label is too long or invalid, ignoring assignment: %s", rvalue); |
2144 | 202 | return 0; |
2145 | 202 | } |
2146 | | |
2147 | 1.26k | r = free_and_strdup_warn(label, empty_to_null(rvalue)); |
2148 | 1.26k | if (r < 0) |
2149 | 0 | return r; |
2150 | | |
2151 | 1.26k | return 1; |
2152 | 1.26k | } |
2153 | | |
2154 | | static int config_parse_address_lifetime( |
2155 | | const char *unit, |
2156 | | const char *filename, |
2157 | | unsigned line, |
2158 | | const char *section, |
2159 | | unsigned section_line, |
2160 | | const char *lvalue, |
2161 | | int ltype, |
2162 | | const char *rvalue, |
2163 | | void *data, |
2164 | 792 | void *userdata) { |
2165 | | |
2166 | 792 | usec_t *usec = ASSERT_PTR(data); |
2167 | | |
2168 | | /* We accept only "forever", "infinity", empty, or "0". */ |
2169 | 792 | if (isempty(rvalue) || STR_IN_SET(rvalue, "forever", "infinity")) |
2170 | 388 | *usec = USEC_INFINITY; |
2171 | 404 | else if (streq(rvalue, "0")) |
2172 | 195 | *usec = 0; |
2173 | 209 | else { |
2174 | 209 | log_syntax(unit, LOG_WARNING, filename, line, 0, |
2175 | 209 | "Invalid PreferredLifetime= value, ignoring: %s", rvalue); |
2176 | 209 | return 0; |
2177 | 209 | } |
2178 | | |
2179 | 583 | return 1; |
2180 | 792 | } |
2181 | | |
2182 | | static int config_parse_address_scope( |
2183 | | const char *unit, |
2184 | | const char *filename, |
2185 | | unsigned line, |
2186 | | const char *section, |
2187 | | unsigned section_line, |
2188 | | const char *lvalue, |
2189 | | int ltype, |
2190 | | const char *rvalue, |
2191 | | void *data, |
2192 | 1.31k | void *userdata) { |
2193 | | |
2194 | 1.31k | Address *address = ASSERT_PTR(userdata); |
2195 | 1.31k | int r; |
2196 | | |
2197 | 1.31k | if (isempty(rvalue)) { |
2198 | 340 | address->scope = RT_SCOPE_UNIVERSE; |
2199 | 340 | address->scope_set = false; |
2200 | 340 | return 1; |
2201 | 340 | } |
2202 | | |
2203 | 971 | r = route_scope_from_string(rvalue); |
2204 | 971 | if (r < 0) |
2205 | 372 | return log_syntax_parse_error(unit, filename, line, r, lvalue, rvalue); |
2206 | | |
2207 | 599 | address->scope = r; |
2208 | 599 | address->scope_set = true; |
2209 | 599 | return 1; |
2210 | 971 | } |
2211 | | |
2212 | | static int config_parse_address_dad( |
2213 | | const char *unit, |
2214 | | const char *filename, |
2215 | | unsigned line, |
2216 | | const char *section, |
2217 | | unsigned section_line, |
2218 | | const char *lvalue, |
2219 | | int ltype, |
2220 | | const char *rvalue, |
2221 | | void *data, |
2222 | 1.96k | void *userdata) { |
2223 | | |
2224 | 1.96k | AddressFamily *p = ASSERT_PTR(data); |
2225 | 1.96k | int r; |
2226 | | |
2227 | 1.96k | if (isempty(rvalue)) { |
2228 | 199 | *p = _ADDRESS_FAMILY_INVALID; |
2229 | 199 | return 1; |
2230 | 199 | } |
2231 | | |
2232 | 1.76k | r = parse_boolean(rvalue); |
2233 | 1.76k | if (r >= 0) { |
2234 | 195 | log_syntax(unit, LOG_WARNING, filename, line, 0, |
2235 | 195 | "For historical reasons, %s=%s means %s=%s. " |
2236 | 195 | "Please use 'both', 'ipv4', 'ipv6' or 'none' instead.", |
2237 | 195 | lvalue, rvalue, lvalue, r ? "none" : "both"); |
2238 | 195 | *p = r ? ADDRESS_FAMILY_NO : ADDRESS_FAMILY_YES; |
2239 | 195 | return 1; |
2240 | 195 | } |
2241 | | |
2242 | 1.57k | AddressFamily a = duplicate_address_detection_address_family_from_string(rvalue); |
2243 | 1.57k | if (a < 0) |
2244 | 233 | return log_syntax_parse_error(unit, filename, line, a, lvalue, rvalue); |
2245 | | |
2246 | 1.34k | *p = a; |
2247 | 1.34k | return 1; |
2248 | 1.57k | } |
2249 | | |
2250 | | int config_parse_address_section( |
2251 | | const char *unit, |
2252 | | const char *filename, |
2253 | | unsigned line, |
2254 | | const char *section, |
2255 | | unsigned section_line, |
2256 | | const char *lvalue, |
2257 | | int ltype, |
2258 | | const char *rvalue, |
2259 | | void *data, |
2260 | 92.7k | void *userdata) { |
2261 | | |
2262 | 92.7k | static const ConfigSectionParser table[_ADDRESS_CONF_PARSER_MAX] = { |
2263 | 92.7k | [ADDRESS_ADDRESS] = { .parser = config_parse_address, .ltype = 0, .offset = offsetof(Address, in_addr), }, |
2264 | 92.7k | [ADDRESS_PEER] = { .parser = config_parse_address, .ltype = 0, .offset = offsetof(Address, in_addr_peer), }, |
2265 | 92.7k | [ADDRESS_BROADCAST] = { .parser = config_parse_broadcast, .ltype = 0, .offset = 0, }, |
2266 | 92.7k | [ADDRESS_LABEL] = { .parser = config_parse_address_label, .ltype = 0, .offset = offsetof(Address, label), }, |
2267 | 92.7k | [ADDRESS_PREFERRED_LIFETIME] = { .parser = config_parse_address_lifetime, .ltype = 0, .offset = offsetof(Address, lifetime_preferred_usec), }, |
2268 | 92.7k | [ADDRESS_HOME_ADDRESS] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_HOMEADDRESS, .offset = offsetof(Address, flags), }, |
2269 | 92.7k | [ADDRESS_MANAGE_TEMPORARY_ADDRESS] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_MANAGETEMPADDR, .offset = offsetof(Address, flags), }, |
2270 | 92.7k | [ADDRESS_PREFIX_ROUTE] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_NOPREFIXROUTE, .offset = offsetof(Address, flags), }, |
2271 | 92.7k | [ADDRESS_ADD_PREFIX_ROUTE] = { .parser = config_parse_uint32_invert_flag, .ltype = IFA_F_NOPREFIXROUTE, .offset = offsetof(Address, flags), }, |
2272 | 92.7k | [ADDRESS_AUTO_JOIN] = { .parser = config_parse_uint32_flag, .ltype = IFA_F_MCAUTOJOIN, .offset = offsetof(Address, flags), }, |
2273 | 92.7k | [ADDRESS_DAD] = { .parser = config_parse_address_dad, .ltype = 0, .offset = offsetof(Address, duplicate_address_detection), }, |
2274 | 92.7k | [ADDRESS_SCOPE] = { .parser = config_parse_address_scope, .ltype = 0, .offset = 0, }, |
2275 | 92.7k | [ADDRESS_ROUTE_METRIC] = { .parser = config_parse_uint32, .ltype = 0, .offset = offsetof(Address, route_metric), }, |
2276 | 92.7k | [ADDRESS_NET_LABEL] = { .parser = config_parse_string, .ltype = CONFIG_PARSE_STRING_SAFE, .offset = offsetof(Address, netlabel), }, |
2277 | 92.7k | [ADDRESS_NFT_SET] = { .parser = config_parse_nft_set, .ltype = NFT_SET_PARSE_NETWORK, .offset = offsetof(Address, nft_set_context), }, |
2278 | 92.7k | }; |
2279 | | |
2280 | 92.7k | _cleanup_(address_unref_or_set_invalidp) Address *address = NULL; |
2281 | 92.7k | Network *network = ASSERT_PTR(userdata); |
2282 | 92.7k | int r; |
2283 | | |
2284 | 92.7k | assert(filename); |
2285 | 92.7k | assert(section); |
2286 | | |
2287 | 92.7k | if (streq(section, "Network")) { |
2288 | 71.3k | assert(streq(lvalue, "Address")); |
2289 | | |
2290 | 71.3k | if (isempty(rvalue)) { |
2291 | | /* If an empty string specified in [Network] section, clear previously assigned addresses. */ |
2292 | 587 | network->addresses_by_section = ordered_hashmap_free(network->addresses_by_section); |
2293 | 587 | return 0; |
2294 | 587 | } |
2295 | | |
2296 | | /* we are not in an Address section, so use line number instead. */ |
2297 | 70.7k | r = address_new_static(network, filename, line, &address); |
2298 | 70.7k | } else |
2299 | 21.3k | r = address_new_static(network, filename, section_line, &address); |
2300 | 92.1k | if (r == -ENOMEM) |
2301 | 0 | return log_oom(); |
2302 | 92.1k | if (r < 0) { |
2303 | 0 | log_syntax(unit, LOG_WARNING, filename, line, r, |
2304 | 0 | "Failed to allocate new address, ignoring assignment: %m"); |
2305 | 0 | return 0; |
2306 | 0 | } |
2307 | | |
2308 | 92.1k | r = config_section_parse(table, ELEMENTSOF(table), |
2309 | 92.1k | unit, filename, line, section, section_line, lvalue, ltype, rvalue, address); |
2310 | 92.1k | if (r <= 0) |
2311 | 69.7k | return r; |
2312 | | |
2313 | 22.3k | TAKE_PTR(address); |
2314 | 22.3k | return 0; |
2315 | 92.1k | } |
2316 | | |
2317 | | #define log_broadcast(address, fmt, ...) \ |
2318 | 931 | ({ \ |
2319 | 931 | const Address *_address = (address); \ |
2320 | 931 | log_section_warning( \ |
2321 | 931 | _address ? _address->section : NULL, \ |
2322 | 931 | fmt " Ignoring Broadcast= setting in the [Address] section.", \ |
2323 | 931 | ##__VA_ARGS__); \ |
2324 | 931 | }) |
2325 | | |
2326 | 9.81k | static void address_section_adjust_broadcast(Address *address) { |
2327 | 9.81k | assert(address); |
2328 | 9.81k | assert(address->section); |
2329 | | |
2330 | 9.81k | if (!in4_addr_is_set(&address->broadcast)) |
2331 | 8.66k | return; |
2332 | | |
2333 | 1.15k | if (address->family == AF_INET6) |
2334 | 197 | log_broadcast(address, "Broadcast address is set for an IPv6 address."); |
2335 | 954 | else if (address->prefixlen > 30) |
2336 | 240 | log_broadcast(address, "Broadcast address is set for an IPv4 address with prefix length larger than 30."); |
2337 | 714 | else if (in4_addr_is_set(&address->in_addr_peer.in)) |
2338 | 223 | log_broadcast(address, "Broadcast address is set for an IPv4 address with peer address."); |
2339 | 491 | else if (!in4_addr_is_set(&address->in_addr.in)) |
2340 | 271 | log_broadcast(address, "Broadcast address is set for an IPv4 address with null address."); |
2341 | 220 | else |
2342 | | /* Otherwise, keep the specified broadcast address. */ |
2343 | 220 | return; |
2344 | | |
2345 | 931 | address->broadcast.s_addr = 0; |
2346 | 931 | } |
2347 | | |
2348 | | #define log_address_section(address, fmt, ...) \ |
2349 | 1.26k | ({ \ |
2350 | 1.26k | const Address *_address = (address); \ |
2351 | 1.26k | log_section_warning_errno( \ |
2352 | 1.26k | _address ? _address->section : NULL, \ |
2353 | 1.26k | SYNTHETIC_ERRNO(EINVAL), \ |
2354 | 1.26k | fmt " Ignoring [Address] section.", \ |
2355 | 1.26k | ##__VA_ARGS__); \ |
2356 | 1.26k | }) |
2357 | | |
2358 | 41.5k | int address_section_verify(Address *address) { |
2359 | 41.5k | assert(address); |
2360 | 41.5k | assert(address->section); |
2361 | | |
2362 | 41.5k | if (section_is_invalid(address->section)) |
2363 | 31.1k | return -EINVAL; |
2364 | | |
2365 | 10.3k | if (address->family == AF_UNSPEC) |
2366 | 312 | return log_address_section(address, "Address section without Address= field was configured."); |
2367 | 10.0k | assert(IN_SET(address->family, AF_INET, AF_INET6)); |
2368 | | |
2369 | 10.0k | if (address->family == AF_INET6 && !socket_ipv6_is_supported()) |
2370 | 0 | return log_address_section(address, "An IPv6 address was configured, but the kernel does not support IPv6."); |
2371 | | |
2372 | 10.0k | if (in_addr_is_null(address->family, &address->in_addr)) { |
2373 | | /* Will use address from address pool. Note that for ipv6 case, prefix of the address |
2374 | | * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So, |
2375 | | * let's limit the prefix length to 64 or larger. See RFC4193. */ |
2376 | 4.67k | unsigned min_prefixlen = address->family == AF_INET ? 8 : 64; |
2377 | 4.67k | if (address->prefixlen < min_prefixlen) |
2378 | 222 | return log_address_section(address, "Prefix length for %s null address must be equal or larger than %u.", |
2379 | 4.67k | af_to_ipv4_ipv6(address->family), min_prefixlen); |
2380 | | |
2381 | 4.45k | address->requested_as_null = !in_addr_is_set(address->family, &address->in_addr); |
2382 | 4.45k | } |
2383 | | |
2384 | 9.81k | address_section_adjust_broadcast(address); |
2385 | | |
2386 | 9.81k | if (address->family == AF_INET6 && address->label) { |
2387 | 198 | log_section_warning(address->section, "Address label is set for IPv6 address, ignoring Label= setting."); |
2388 | 198 | address->label = mfree(address->label); |
2389 | 198 | } |
2390 | | |
2391 | 9.81k | if (!address->scope_set) { |
2392 | 9.62k | if (in_addr_is_localhost(address->family, &address->in_addr) > 0) |
2393 | 919 | address->scope = RT_SCOPE_HOST; |
2394 | 8.70k | else if (in_addr_is_link_local(address->family, &address->in_addr) > 0) |
2395 | 471 | address->scope = RT_SCOPE_LINK; |
2396 | 9.62k | } |
2397 | | |
2398 | 9.81k | if (address->duplicate_address_detection < 0) { |
2399 | 9.02k | if (address->family == AF_INET6) |
2400 | 4.77k | address->duplicate_address_detection = ADDRESS_FAMILY_IPV6; |
2401 | 4.24k | else if (in4_addr_is_link_local(&address->in_addr.in)) |
2402 | 471 | address->duplicate_address_detection = ADDRESS_FAMILY_IPV4; |
2403 | 3.77k | else |
2404 | 3.77k | address->duplicate_address_detection = ADDRESS_FAMILY_NO; |
2405 | 9.02k | } else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV6 && address->family == AF_INET) |
2406 | 793 | log_section_warning(address->section, "DuplicateAddressDetection=ipv6 is specified for IPv4 address, ignoring."); |
2407 | 593 | else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV4 && address->family == AF_INET6) |
2408 | 196 | log_section_warning(address->section, "DuplicateAddressDetection=ipv4 is specified for IPv6 address, ignoring."); |
2409 | | |
2410 | 9.81k | if (address->family == AF_INET6 && |
2411 | 9.81k | !FLAGS_SET(address->duplicate_address_detection, ADDRESS_FAMILY_IPV6)) |
2412 | 197 | address->flags |= IFA_F_NODAD; |
2413 | | |
2414 | 9.81k | uint32_t filtered_flags = address->family == AF_INET ? |
2415 | 4.64k | address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS & ~IPV6ONLY_FLAGS : |
2416 | 9.81k | address->flags & KNOWN_FLAGS & ~UNMANAGED_FLAGS; |
2417 | 9.81k | if (address->flags != filtered_flags) { |
2418 | 727 | _cleanup_free_ char *str = NULL; |
2419 | | |
2420 | 727 | (void) address_flags_to_string_alloc(address->flags ^ filtered_flags, address->family, &str); |
2421 | 727 | return log_address_section(address, "unexpected address flags \"%s\" were configured.", strna(str)); |
2422 | 727 | } |
2423 | | |
2424 | 9.09k | return 0; |
2425 | 9.81k | } |
2426 | | |
2427 | | DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR( |
2428 | | trivial_hash_ops_address_detach, |
2429 | | void, |
2430 | | trivial_hash_func, |
2431 | | trivial_compare_func, |
2432 | | Address, |
2433 | | address_detach); |
2434 | | |
2435 | 3.49k | int network_drop_invalid_addresses(Network *network) { |
2436 | 3.49k | _cleanup_set_free_ Set *addresses = NULL, *duplicated_addresses = NULL; |
2437 | 3.49k | Address *address; |
2438 | 3.49k | int r; |
2439 | | |
2440 | 3.49k | assert(network); |
2441 | | |
2442 | 41.5k | ORDERED_HASHMAP_FOREACH(address, network->addresses_by_section) { |
2443 | 41.5k | if (address_section_verify(address) < 0) { |
2444 | | /* Drop invalid [Address] sections or Address= settings in [Network]. |
2445 | | * Note that address_detach() will drop the address from addresses_by_section. */ |
2446 | 32.4k | address_detach(address); |
2447 | 32.4k | continue; |
2448 | 32.4k | } |
2449 | | |
2450 | | /* Always use the setting specified later. So, remove the previously assigned setting. */ |
2451 | 9.08k | Address *dup = set_remove(addresses, address); |
2452 | 9.08k | if (dup) { |
2453 | 7.92k | log_warning("%s: Duplicated address %s is specified at line %u and %u, " |
2454 | 7.92k | "dropping the address setting specified at line %u.", |
2455 | 7.92k | dup->section->filename, |
2456 | 7.92k | IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen), |
2457 | 7.92k | address->section->line, |
2458 | 7.92k | dup->section->line, dup->section->line); |
2459 | | |
2460 | | /* Do not call address_detach() for 'dup' now, as we can remove only the current |
2461 | | * entry in the loop. We will drop the address from addresses_by_section later. */ |
2462 | 7.92k | r = set_ensure_put(&duplicated_addresses, &trivial_hash_ops_address_detach, dup); |
2463 | 7.92k | if (r < 0) |
2464 | 0 | return log_oom(); |
2465 | 7.92k | assert(r > 0); |
2466 | 7.92k | } |
2467 | | |
2468 | | /* Use address_hash_ops, instead of address_hash_ops_detach. Otherwise, the Address objects |
2469 | | * will be detached. */ |
2470 | 9.08k | r = set_ensure_put(&addresses, &address_hash_ops, address); |
2471 | 9.08k | if (r < 0) |
2472 | 0 | return log_oom(); |
2473 | 9.08k | assert(r > 0); |
2474 | 9.08k | } |
2475 | | |
2476 | 3.49k | r = network_adjust_dhcp_server(network, &addresses); |
2477 | 3.49k | if (r < 0) |
2478 | 20 | return r; |
2479 | | |
2480 | 3.47k | return 0; |
2481 | 3.49k | } |