blob: c45fec5430508bd550e184281c84998648ea67c2 [file] [log] [blame] [raw]
/* SPDX-License-Identifier: LGPL-2.1+ */
/***
Copyright © 2014 Intel Corporation. All rights reserved.
***/
#include <netinet/icmp6.h>
#include <arpa/inet.h>
#include "sd-ndisc.h"
#include "missing_network.h"
#include "networkd-dhcp6.h"
#include "networkd-manager.h"
#include "networkd-ndisc.h"
#include "networkd-route.h"
#include "string-util.h"
#include "strv.h"
#define NDISC_DNSSL_MAX 64U
#define NDISC_RDNSS_MAX 64U
#define NDISC_PREFIX_LFT_MIN 7200U
#define DAD_CONFLICTS_IDGEN_RETRIES_RFC7217 3
/* https://tools.ietf.org/html/rfc5453 */
/* https://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xml */
#define SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } })
#define SUBNET_ROUTER_ANYCAST_PREFIXLEN 8
#define RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x02, 0x00, 0x5E, 0xFF, 0xFE } })
#define RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN 5
#define RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291 ((struct in6_addr) { .s6_addr = { 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } })
#define RESERVED_SUBNET_ANYCAST_PREFIXLEN 7
#define NDISC_APP_ID SD_ID128_MAKE(13,ac,81,a7,d5,3f,49,78,92,79,5d,0c,29,3a,bc,7e)
static bool stableprivate_address_is_valid(const struct in6_addr *addr) {
assert(addr);
/* According to rfc4291, generated address should not be in the following ranges. */
if (memcmp(addr, &SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291, SUBNET_ROUTER_ANYCAST_PREFIXLEN) == 0)
return false;
if (memcmp(addr, &RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291, RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN) == 0)
return false;
if (memcmp(addr, &RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291, RESERVED_SUBNET_ANYCAST_PREFIXLEN) == 0)
return false;
return true;
}
static int make_stableprivate_address(Link *link, const struct in6_addr *prefix, uint8_t prefix_len, uint8_t dad_counter, struct in6_addr *addr) {
sd_id128_t secret_key;
struct siphash state;
uint64_t rid;
size_t l;
int r;
/* According to rfc7217 section 5.1
* RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) */
r = sd_id128_get_machine_app_specific(NDISC_APP_ID, &secret_key);
if (r < 0)
return log_error_errno(r, "Failed to generate key: %m");
siphash24_init(&state, secret_key.bytes);
l = MAX(DIV_ROUND_UP(prefix_len, 8), 8);
siphash24_compress(prefix, l, &state);
siphash24_compress(link->ifname, strlen(link->ifname), &state);
siphash24_compress(&link->mac, sizeof(struct ether_addr), &state);
siphash24_compress(&dad_counter, sizeof(uint8_t), &state);
rid = htole64(siphash24_finalize(&state));
memcpy(addr->s6_addr, prefix->s6_addr, l);
memcpy((uint8_t *) &addr->s6_addr + l, &rid, 16 - l);
return 0;
}
static int ndisc_netlink_route_message_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
int r;
assert(link);
assert(link->ndisc_messages > 0);
link->ndisc_messages--;
if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
return 1;
r = sd_netlink_message_get_errno(m);
if (r < 0 && r != -EEXIST) {
log_link_message_error_errno(link, m, r, "Could not set NDisc route or address");
link_enter_failed(link);
return 1;
}
if (link->ndisc_messages == 0) {
link->ndisc_configured = true;
r = link_request_set_routes(link);
if (r < 0) {
link_enter_failed(link);
return 1;
}
link_check_ready(link);
}
return 1;
}
static int ndisc_netlink_address_message_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
int r;
assert(link);
assert(link->ndisc_messages > 0);
link->ndisc_messages--;
if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
return 1;
r = sd_netlink_message_get_errno(m);
if (r < 0 && r != -EEXIST) {
log_link_message_error_errno(link, m, r, "Could not set NDisc route or address");
link_enter_failed(link);
return 1;
} else if (r >= 0)
(void) manager_rtnl_process_address(rtnl, m, link->manager);
if (link->ndisc_messages == 0) {
link->ndisc_configured = true;
r = link_request_set_routes(link);
if (r < 0) {
link_enter_failed(link);
return 1;
}
link_check_ready(link);
}
return 1;
}
static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) {
_cleanup_(route_freep) Route *route = NULL;
union in_addr_union gateway;
uint16_t lifetime;
unsigned preference;
uint32_t mtu;
usec_t time_now;
int r;
Address *address;
Iterator i;
assert(link);
assert(rt);
r = sd_ndisc_router_get_lifetime(rt, &lifetime);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
if (lifetime == 0) /* not a default router */
return 0;
r = sd_ndisc_router_get_address(rt, &gateway.in6);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
SET_FOREACH(address, link->addresses, i) {
if (address->family != AF_INET6)
continue;
if (in_addr_equal(AF_INET6, &gateway, &address->in_addr)) {
_cleanup_free_ char *buffer = NULL;
(void) in_addr_to_string(AF_INET6, &address->in_addr, &buffer);
log_link_debug(link, "No NDisc route added, gateway %s matches local address",
strnull(buffer));
return 0;
}
}
SET_FOREACH(address, link->addresses_foreign, i) {
if (address->family != AF_INET6)
continue;
if (in_addr_equal(AF_INET6, &gateway, &address->in_addr)) {
_cleanup_free_ char *buffer = NULL;
(void) in_addr_to_string(AF_INET6, &address->in_addr, &buffer);
log_link_debug(link, "No NDisc route added, gateway %s matches local address",
strnull(buffer));
return 0;
}
}
r = sd_ndisc_router_get_preference(rt, &preference);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get default router preference from RA: %m");
r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
r = sd_ndisc_router_get_mtu(rt, &mtu);
if (r == -ENODATA)
mtu = 0;
else if (r < 0)
return log_link_warning_errno(link, r, "Failed to get default router MTU from RA: %m");
r = route_new(&route);
if (r < 0)
return log_link_error_errno(link, r, "Could not allocate route: %m");
route->family = AF_INET6;
route->table = link_get_ipv6_accept_ra_route_table(link);
route->priority = link->network->dhcp_route_metric;
route->protocol = RTPROT_RA;
route->pref = preference;
route->gw = gateway;
route->lifetime = time_now + lifetime * USEC_PER_SEC;
route->mtu = mtu;
r = route_configure(route, link, ndisc_netlink_route_message_handler);
if (r < 0) {
log_link_warning_errno(link, r, "Could not set default route: %m");
link_enter_failed(link);
return r;
}
if (r > 0)
link->ndisc_messages++;
Route *route_gw;
LIST_FOREACH(routes, route_gw, link->network->static_routes) {
if (!route_gw->gateway_from_dhcp)
continue;
if (route_gw->family != AF_INET6)
continue;
route_gw->gw = gateway;
r = route_configure(route_gw, link, ndisc_netlink_route_message_handler);
if (r < 0) {
log_link_error_errno(link, r, "Could not set gateway: %m");
link_enter_failed(link);
return r;
}
if (r > 0)
link->ndisc_messages++;
}
return 0;
}
static int ndisc_router_generate_addresses(Link *link, unsigned prefixlen, uint32_t lifetime_preferred, Address *address, Set **ret) {
_cleanup_set_free_free_ Set *addresses = NULL;
struct in6_addr addr;
IPv6Token *j;
Iterator i;
int r;
assert(link);
assert(address);
assert(ret);
addresses = set_new(&address_hash_ops);
if (!addresses)
return log_oom();
addr = address->in_addr.in6;
ORDERED_HASHMAP_FOREACH(j, link->network->ipv6_tokens, i) {
bool have_address = false;
_cleanup_(address_freep) Address *new_address = NULL;
r = address_new(&new_address);
if (r < 0)
return log_oom();
*new_address = *address;
if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE
&& memcmp(&j->prefix, &addr, FAMILY_ADDRESS_SIZE(address->family)) == 0) {
/* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop
does not actually attempt Duplicate Address Detection; the counter will be incremented
only when the address generation algorithm produces an invalid address, and the loop
may exit with an address which ends up being unusable due to duplication on the link.
*/
for (; j->dad_counter < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; j->dad_counter++) {
r = make_stableprivate_address(link, &j->prefix, prefixlen, j->dad_counter, &new_address->in_addr.in6);
if (r < 0)
break;
if (stableprivate_address_is_valid(&new_address->in_addr.in6)) {
have_address = true;
break;
}
}
} else if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC) {
memcpy(((uint8_t *)&new_address->in_addr.in6) + 8, ((uint8_t *) &j->prefix) + 8, 8);
have_address = true;
}
if (have_address) {
new_address->prefixlen = prefixlen;
new_address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
new_address->cinfo.ifa_prefered = lifetime_preferred;
r = set_put(addresses, new_address);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to store address: %m");
TAKE_PTR(new_address);
}
}
/* fall back to EUI-64 if no tokens provided addresses */
if (set_isempty(addresses)) {
_cleanup_(address_freep) Address *new_address = NULL;
r = address_new(&new_address);
if (r < 0)
return log_oom();
*new_address = *address;
/* see RFC4291 section 2.5.1 */
new_address->in_addr.in6.s6_addr[8] = link->mac.ether_addr_octet[0];
new_address->in_addr.in6.s6_addr[8] ^= 1 << 1;
new_address->in_addr.in6.s6_addr[9] = link->mac.ether_addr_octet[1];
new_address->in_addr.in6.s6_addr[10] = link->mac.ether_addr_octet[2];
new_address->in_addr.in6.s6_addr[11] = 0xff;
new_address->in_addr.in6.s6_addr[12] = 0xfe;
new_address->in_addr.in6.s6_addr[13] = link->mac.ether_addr_octet[3];
new_address->in_addr.in6.s6_addr[14] = link->mac.ether_addr_octet[4];
new_address->in_addr.in6.s6_addr[15] = link->mac.ether_addr_octet[5];
new_address->prefixlen = prefixlen;
new_address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
new_address->cinfo.ifa_prefered = lifetime_preferred;
r = set_put(addresses, new_address);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to store address: %m");
TAKE_PTR(new_address);
}
*ret = TAKE_PTR(addresses);
return 0;
}
static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) {
uint32_t lifetime_valid, lifetime_preferred, lifetime_remaining;
_cleanup_set_free_free_ Set *addresses = NULL;
_cleanup_(address_freep) Address *address = NULL;
unsigned prefixlen;
usec_t time_now;
Address *existing_address, *a;
Iterator i;
int r;
assert(link);
assert(rt);
r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix length: %m");
r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix valid lifetime: %m");
r = sd_ndisc_router_prefix_get_preferred_lifetime(rt, &lifetime_preferred);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix preferred lifetime: %m");
/* The preferred lifetime is never greater than the valid lifetime */
if (lifetime_preferred > lifetime_valid)
return 0;
r = address_new(&address);
if (r < 0)
return log_link_error_errno(link, r, "Could not allocate address: %m");
address->family = AF_INET6;
r = sd_ndisc_router_prefix_get_address(rt, &address->in_addr.in6);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix address: %m");
r = ndisc_router_generate_addresses(link, prefixlen, lifetime_preferred, address, &addresses);
if (r < 0)
return log_link_error_errno(link, r, "Failed to generate SLAAC addresses: %m");
SET_FOREACH(a, addresses, i) {
/* see RFC4862 section 5.5.3.e */
r = address_get(link, a->family, &a->in_addr, a->prefixlen, &existing_address);
if (r > 0) {
lifetime_remaining = existing_address->cinfo.tstamp / 100 + existing_address->cinfo.ifa_valid - time_now / USEC_PER_SEC;
if (lifetime_valid > NDISC_PREFIX_LFT_MIN || lifetime_valid > lifetime_remaining)
a->cinfo.ifa_valid = lifetime_valid;
else if (lifetime_remaining <= NDISC_PREFIX_LFT_MIN)
a->cinfo.ifa_valid = lifetime_remaining;
else
a->cinfo.ifa_valid = NDISC_PREFIX_LFT_MIN;
} else if (lifetime_valid > 0)
a->cinfo.ifa_valid = lifetime_valid;
else
return 0; /* see RFC4862 section 5.5.3.d */
if (a->cinfo.ifa_valid == 0)
continue;
r = address_configure(a, link, ndisc_netlink_address_message_handler, true);
if (r < 0) {
log_link_warning_errno(link, r, "Could not set SLAAC address: %m");
link_enter_failed(link);
return r;
}
if (r > 0)
link->ndisc_messages++;
}
return 0;
}
static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
_cleanup_(route_freep) Route *route = NULL;
usec_t time_now;
uint32_t lifetime;
unsigned prefixlen;
int r;
assert(link);
assert(rt);
r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix length: %m");
r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix lifetime: %m");
r = route_new(&route);
if (r < 0)
return log_link_error_errno(link, r, "Could not allocate route: %m");
route->family = AF_INET6;
route->table = link_get_ipv6_accept_ra_route_table(link);
route->priority = link->network->dhcp_route_metric;
route->protocol = RTPROT_RA;
route->flags = RTM_F_PREFIX;
route->dst_prefixlen = prefixlen;
route->lifetime = time_now + lifetime * USEC_PER_SEC;
r = sd_ndisc_router_prefix_get_address(rt, &route->dst.in6);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix address: %m");
r = route_configure(route, link, ndisc_netlink_route_message_handler);
if (r < 0) {
log_link_warning_errno(link, r, "Could not set prefix route: %m");
link_enter_failed(link);
return r;
}
if (r > 0)
link->ndisc_messages++;
return 0;
}
static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
_cleanup_(route_freep) Route *route = NULL;
struct in6_addr gateway;
uint32_t lifetime;
unsigned preference, prefixlen;
usec_t time_now;
int r;
assert(link);
r = sd_ndisc_router_route_get_lifetime(rt, &lifetime);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
if (lifetime == 0)
return 0;
r = sd_ndisc_router_get_address(rt, &gateway);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m");
r = sd_ndisc_router_route_get_prefixlen(rt, &prefixlen);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get route prefix length: %m");
r = sd_ndisc_router_route_get_preference(rt, &preference);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get default router preference from RA: %m");
r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
r = route_new(&route);
if (r < 0)
return log_link_error_errno(link, r, "Could not allocate route: %m");
route->family = AF_INET6;
route->table = link_get_ipv6_accept_ra_route_table(link);
route->protocol = RTPROT_RA;
route->pref = preference;
route->gw.in6 = gateway;
route->dst_prefixlen = prefixlen;
route->lifetime = time_now + lifetime * USEC_PER_SEC;
r = sd_ndisc_router_route_get_address(rt, &route->dst.in6);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get route address: %m");
r = route_configure(route, link, ndisc_netlink_route_message_handler);
if (r < 0) {
log_link_warning_errno(link, r, "Could not set additional route: %m");
link_enter_failed(link);
return r;
}
if (r > 0)
link->ndisc_messages++;
return 0;
}
static void ndisc_rdnss_hash_func(const NDiscRDNSS *x, struct siphash *state) {
siphash24_compress(&x->address, sizeof(x->address), state);
}
static int ndisc_rdnss_compare_func(const NDiscRDNSS *a, const NDiscRDNSS *b) {
return memcmp(&a->address, &b->address, sizeof(a->address));
}
DEFINE_PRIVATE_HASH_OPS(ndisc_rdnss_hash_ops, NDiscRDNSS, ndisc_rdnss_hash_func, ndisc_rdnss_compare_func);
static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) {
uint32_t lifetime;
const struct in6_addr *a;
usec_t time_now;
int i, n, r;
assert(link);
assert(rt);
r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
r = sd_ndisc_router_rdnss_get_lifetime(rt, &lifetime);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m");
n = sd_ndisc_router_rdnss_get_addresses(rt, &a);
if (n < 0)
return log_link_warning_errno(link, n, "Failed to get RDNSS addresses: %m");
for (i = 0; i < n; i++) {
_cleanup_free_ NDiscRDNSS *x = NULL;
NDiscRDNSS d = {
.address = a[i],
}, *y;
if (lifetime == 0) {
(void) set_remove(link->ndisc_rdnss, &d);
link_dirty(link);
continue;
}
y = set_get(link->ndisc_rdnss, &d);
if (y) {
y->valid_until = time_now + lifetime * USEC_PER_SEC;
continue;
}
ndisc_vacuum(link);
if (set_size(link->ndisc_rdnss) >= NDISC_RDNSS_MAX) {
log_link_warning(link, "Too many RDNSS records per link, ignoring.");
continue;
}
r = set_ensure_allocated(&link->ndisc_rdnss, &ndisc_rdnss_hash_ops);
if (r < 0)
return log_oom();
x = new(NDiscRDNSS, 1);
if (!x)
return log_oom();
*x = (NDiscRDNSS) {
.address = a[i],
.valid_until = time_now + lifetime * USEC_PER_SEC,
};
r = set_put(link->ndisc_rdnss, x);
if (r < 0)
return log_oom();
TAKE_PTR(x);
assert(r > 0);
link_dirty(link);
}
return 0;
}
static void ndisc_dnssl_hash_func(const NDiscDNSSL *x, struct siphash *state) {
siphash24_compress(NDISC_DNSSL_DOMAIN(x), strlen(NDISC_DNSSL_DOMAIN(x)), state);
}
static int ndisc_dnssl_compare_func(const NDiscDNSSL *a, const NDiscDNSSL *b) {
return strcmp(NDISC_DNSSL_DOMAIN(a), NDISC_DNSSL_DOMAIN(b));
}
DEFINE_PRIVATE_HASH_OPS(ndisc_dnssl_hash_ops, NDiscDNSSL, ndisc_dnssl_hash_func, ndisc_dnssl_compare_func);
static void ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) {
_cleanup_strv_free_ char **l = NULL;
uint32_t lifetime;
usec_t time_now;
char **i;
int r;
assert(link);
assert(rt);
r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now);
if (r < 0) {
log_link_warning_errno(link, r, "Failed to get RA timestamp: %m");
return;
}
r = sd_ndisc_router_dnssl_get_lifetime(rt, &lifetime);
if (r < 0) {
log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m");
return;
}
r = sd_ndisc_router_dnssl_get_domains(rt, &l);
if (r < 0) {
log_link_warning_errno(link, r, "Failed to get RDNSS addresses: %m");
return;
}
STRV_FOREACH(i, l) {
_cleanup_free_ NDiscDNSSL *s;
NDiscDNSSL *x;
s = malloc0(ALIGN(sizeof(NDiscDNSSL)) + strlen(*i) + 1);
if (!s) {
log_oom();
return;
}
strcpy(NDISC_DNSSL_DOMAIN(s), *i);
if (lifetime == 0) {
(void) set_remove(link->ndisc_dnssl, s);
link_dirty(link);
continue;
}
x = set_get(link->ndisc_dnssl, s);
if (x) {
x->valid_until = time_now + lifetime * USEC_PER_SEC;
continue;
}
ndisc_vacuum(link);
if (set_size(link->ndisc_dnssl) >= NDISC_DNSSL_MAX) {
log_link_warning(link, "Too many DNSSL records per link, ignoring.");
continue;
}
r = set_ensure_allocated(&link->ndisc_dnssl, &ndisc_dnssl_hash_ops);
if (r < 0) {
log_oom();
return;
}
s->valid_until = time_now + lifetime * USEC_PER_SEC;
r = set_put(link->ndisc_dnssl, s);
if (r < 0) {
log_oom();
return;
}
s = NULL;
assert(r > 0);
link_dirty(link);
}
}
static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
int r;
assert(link);
assert(link->network);
assert(rt);
r = sd_ndisc_router_option_rewind(rt);
for (;;) {
uint8_t type;
if (r < 0)
return log_link_warning_errno(link, r, "Failed to iterate through options: %m");
if (r == 0) /* EOF */
break;
r = sd_ndisc_router_option_get_type(rt, &type);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RA option type: %m");
switch (type) {
case SD_NDISC_OPTION_PREFIX_INFORMATION: {
union in_addr_union a;
uint8_t flags;
r = sd_ndisc_router_prefix_get_address(rt, &a.in6);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix address: %m");
if (set_contains(link->network->ndisc_black_listed_prefix, &a.in6)) {
if (DEBUG_LOGGING) {
_cleanup_free_ char *b = NULL;
(void) in_addr_to_string(AF_INET6, &a, &b);
log_link_debug(link, "Prefix '%s' is black listed, ignoring", strna(b));
}
break;
}
r = sd_ndisc_router_prefix_get_flags(rt, &flags);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RA prefix flags: %m");
if (link->network->ipv6_accept_ra_use_onlink_prefix &&
FLAGS_SET(flags, ND_OPT_PI_FLAG_ONLINK))
(void) ndisc_router_process_onlink_prefix(link, rt);
if (link->network->ipv6_accept_ra_use_autonomous_prefix &&
FLAGS_SET(flags, ND_OPT_PI_FLAG_AUTO))
(void) ndisc_router_process_autonomous_prefix(link, rt);
break;
}
case SD_NDISC_OPTION_ROUTE_INFORMATION:
(void) ndisc_router_process_route(link, rt);
break;
case SD_NDISC_OPTION_RDNSS:
if (link->network->ipv6_accept_ra_use_dns)
(void) ndisc_router_process_rdnss(link, rt);
break;
case SD_NDISC_OPTION_DNSSL:
if (link->network->ipv6_accept_ra_use_dns)
(void) ndisc_router_process_dnssl(link, rt);
break;
}
r = sd_ndisc_router_option_next(rt);
}
return 0;
}
static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
uint64_t flags;
int r;
assert(link);
assert(link->network);
assert(link->manager);
assert(rt);
r = sd_ndisc_router_get_flags(rt, &flags);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RA flags: %m");
if (flags & (ND_RA_FLAG_MANAGED | ND_RA_FLAG_OTHER)) {
/* (re)start DHCPv6 client in stateful or stateless mode according to RA flags */
r = dhcp6_request_address(link, !(flags & ND_RA_FLAG_MANAGED));
if (r < 0 && r != -EBUSY)
log_link_warning_errno(link, r, "Could not acquire DHCPv6 lease on NDisc request: %m");
else {
log_link_debug(link, "Acquiring DHCPv6 lease on NDisc request");
r = 0;
}
}
(void) ndisc_router_process_default(link, rt);
(void) ndisc_router_process_options(link, rt);
return r;
}
static void ndisc_handler(sd_ndisc *nd, sd_ndisc_event event, sd_ndisc_router *rt, void *userdata) {
Link *link = userdata;
assert(link);
if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
return;
switch (event) {
case SD_NDISC_EVENT_ROUTER:
(void) ndisc_router_handler(link, rt);
break;
case SD_NDISC_EVENT_TIMEOUT:
link->ndisc_configured = true;
link_check_ready(link);
break;
default:
log_link_warning(link, "IPv6 Neighbor Discovery unknown event: %d", event);
}
}
int ndisc_configure(Link *link) {
int r;
assert(link);
r = sd_ndisc_new(&link->ndisc);
if (r < 0)
return r;
r = sd_ndisc_attach_event(link->ndisc, NULL, 0);
if (r < 0)
return r;
r = sd_ndisc_set_mac(link->ndisc, &link->mac);
if (r < 0)
return r;
r = sd_ndisc_set_ifindex(link->ndisc, link->ifindex);
if (r < 0)
return r;
r = sd_ndisc_set_callback(link->ndisc, ndisc_handler, link);
if (r < 0)
return r;
return 0;
}
void ndisc_vacuum(Link *link) {
NDiscRDNSS *r;
NDiscDNSSL *d;
Iterator i;
usec_t time_now;
assert(link);
/* Removes all RDNSS and DNSSL entries whose validity time has passed */
time_now = now(clock_boottime_or_monotonic());
SET_FOREACH(r, link->ndisc_rdnss, i)
if (r->valid_until < time_now) {
free(set_remove(link->ndisc_rdnss, r));
link_dirty(link);
}
SET_FOREACH(d, link->ndisc_dnssl, i)
if (d->valid_until < time_now) {
free(set_remove(link->ndisc_dnssl, d));
link_dirty(link);
}
}
void ndisc_flush(Link *link) {
assert(link);
/* Removes all RDNSS and DNSSL entries, without exception */
link->ndisc_rdnss = set_free_free(link->ndisc_rdnss);
link->ndisc_dnssl = set_free_free(link->ndisc_dnssl);
}
int ipv6token_new(IPv6Token **ret) {
IPv6Token *p;
p = new(IPv6Token, 1);
if (!p)
return -ENOMEM;
*p = (IPv6Token) {
.address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_NONE,
};
*ret = TAKE_PTR(p);
return 0;
}
DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
ipv6_token_hash_ops,
void,
trivial_hash_func,
trivial_compare_func,
IPv6Token,
free);
int config_parse_ndisc_black_listed_prefix(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = data;
const char *p;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
network->ndisc_black_listed_prefix = set_free_free(network->ndisc_black_listed_prefix);
return 0;
}
for (p = rvalue;;) {
_cleanup_free_ char *n = NULL;
_cleanup_free_ struct in6_addr *a = NULL;
union in_addr_union ip;
r = extract_first_word(&p, &n, NULL, 0);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to parse NDISC black listed prefix, ignoring assignment: %s",
rvalue);
return 0;
}
if (r == 0)
return 0;
r = in_addr_from_string(AF_INET6, n, &ip);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
"NDISC black listed prefix is invalid, ignoring assignment: %s", n);
continue;
}
if (set_contains(network->ndisc_black_listed_prefix, &ip.in6))
continue;
r = set_ensure_allocated(&network->ndisc_black_listed_prefix, &in6_addr_hash_ops);
if (r < 0)
return log_oom();
a = newdup(struct in6_addr, &ip.in6, 1);
if (!a)
return log_oom();
r = set_put(network->ndisc_black_listed_prefix, a);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to store NDISC black listed prefix '%s', ignoring assignment: %m", n);
continue;
}
TAKE_PTR(a);
}
return 0;
}
int config_parse_address_generation_type(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
_cleanup_free_ IPv6Token *token = NULL;
union in_addr_union buffer;
Network *network = data;
const char *p;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
network->ipv6_tokens = ordered_hashmap_free(network->ipv6_tokens);
return 0;
}
r = ipv6token_new(&token);
if (r < 0)
return log_oom();
if ((p = startswith(rvalue, "static:")))
token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_STATIC;
else if ((p = startswith(rvalue, "prefixstable:")))
token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE;
else {
token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_STATIC;
p = rvalue;
}
r = in_addr_from_string(AF_INET6, p, &buffer);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to parse IPv6 %s, ignoring: %s", lvalue, rvalue);
return 0;
}
if (in_addr_is_null(AF_INET6, &buffer)) {
log_syntax(unit, LOG_ERR, filename, line, 0,
"IPv6 %s cannot be the ANY address, ignoring: %s", lvalue, rvalue);
return 0;
}
token->prefix = buffer.in6;
r = ordered_hashmap_ensure_allocated(&network->ipv6_tokens, &ipv6_token_hash_ops);
if (r < 0)
return log_oom();
r = ordered_hashmap_put(network->ipv6_tokens, &token->prefix, token);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to store IPv6 token '%s'", rvalue);
return 0;
}
TAKE_PTR(token);
return 0;
}