1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00

Merge pull request #20778 from yuwata/network-ipv6-token

network: rework IPv6 address generation mode
This commit is contained in:
Yu Watanabe 2021-10-07 23:24:00 +09:00 committed by GitHub
commit 6830c3a553
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 1081 additions and 840 deletions

View File

@ -488,53 +488,6 @@ Gateway=0.0.0.0
Table=1234</programlisting></para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>IPv6Token=</varname></term>
<listitem>
<para>Specifies an optional address generation mode for the Stateless Address
Autoconfiguration (SLAAC). Supported modes are <literal>prefixstable</literal> and
<literal>static</literal>.</para>
<para>When the mode is set to <literal>static</literal>, an IPv6 address must be
specified after a colon (<literal>:</literal>), and the lower bits of the supplied
address are combined with the upper bits of a prefix received in a Router Advertisement
(RA) message to form a complete address. Note that if multiple prefixes are received in an
RA message, or in multiple RA messages, addresses will be formed from each of them using
the supplied address. This mode implements SLAAC but uses a static interface identifier
instead of an identifier generated by using the EUI-64 algorithm. Because the interface
identifier is static, if Duplicate Address Detection detects that the computed address is a
duplicate (in use by another node on the link), then this mode will fail to provide an
address for that prefix. If an IPv6 address without mode is specified, then
<literal>static</literal> mode is assumed.</para>
<para>When the mode is set to <literal>prefixstable</literal> the
<ulink url="https://tools.ietf.org/html/rfc7217">RFC 7217</ulink> algorithm for generating
interface identifiers will be used. This mode can optionally take an IPv6 address separated
with a colon (<literal>:</literal>). If an IPv6 address is specified, then an interface
identifier is generated only when a prefix received in an RA message matches the supplied
address.</para>
<para>If no address generation mode is specified (which is the default), or a received
prefix does not match any of the addresses provided in <literal>prefixstable</literal>
mode, then the EUI-64 algorithm will be used to form an interface identifier for that
prefix. This mode is also SLAAC, but with a potentially stable interface identifier which
does not directly map to the interface's hardware address.</para>
<para>Note that the <literal>prefixstable</literal> algorithm uses both the interface
name and MAC address as input to the hash to compute the interface identifier, so if either
of those are changed the resulting interface identifier (and address) will change, even if
the prefix received in the RA message has not changed.</para>
<para>This setting can be specified multiple times. If an empty string is assigned, then
the all previous assignments are cleared.</para>
<para>Examples:
<programlisting>IPv6Token=::1a:2b:3c:4d
IPv6Token=static:::1a:2b:3c:4d
IPv6Token=prefixstable
IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>LLMNR=</varname></term>
<listitem>
@ -2205,11 +2158,9 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
<term><varname>Token=</varname></term>
<listitem>
<para>Specifies an optional address generation mode for assigning an address in each
delegated prefix. Takes an IPv6 address. When set, the lower bits of the supplied address is
combined with the upper bits of each delegatad prefix received from the WAN interface by the
DHCPv6 Prefix Delegation to form a complete address. When <varname>Assign=</varname> is
disabled, this setting is ignored. When unset, the EUI-64 algorithm will be used to form
addresses. Defaults to unset.</para>
delegated prefix. This accepts the same syntax as <varname>Token=</varname> in the
[IPv6AcceptRA] section. If <varname>Assign=</varname> is set to false, then this setting will
be ignored. Defaults to unset, which means the EUI-64 algorithm will be used.</para>
</listitem>
</varlistentry>
@ -2236,6 +2187,57 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
with the <varname>IPv6AcceptRA=</varname> setting described above:</para>
<variablelist class='network-directives'>
<varlistentry>
<term><varname>Token=</varname></term>
<listitem>
<para>Specifies an optional address generation mode for the Stateless Address
Autoconfiguration (SLAAC). Supported modes are <literal>eui64</literal>,
<literal>static</literal>, and <literal>prefixstable</literal>.</para>
<para>When the mode is set to <literal>eui64</literal>, then the EUI-64 algorithm will be
used to generate an address for that prefix.</para>
<para>When the mode is set to <literal>static</literal>, an IPv6 address must be
specified after a colon (<literal>:</literal>), and the lower bits of the supplied
address are combined with the upper bits of a prefix received in a Router Advertisement
(RA) message to form a complete address. Note that if multiple prefixes are received in an
RA message, or in multiple RA messages, addresses will be formed from each of them using
the supplied address. This mode implements SLAAC but uses a static interface identifier
instead of an identifier generated by using the EUI-64 algorithm. Because the interface
identifier is static, if Duplicate Address Detection detects that the computed address is a
duplicate (in use by another node on the link), then this mode will fail to provide an
address for that prefix. If an IPv6 address without mode is specified, then
<literal>static</literal> mode is assumed.</para>
<para>When the mode is set to <literal>prefixstable</literal> the
<ulink url="https://tools.ietf.org/html/rfc7217">RFC 7217</ulink> algorithm for generating
interface identifiers will be used. This mode can optionally take an IPv6 address separated
with a colon (<literal>:</literal>). If an IPv6 address is specified, then an interface
identifier is generated only when a prefix received in an RA message matches the supplied
address.</para>
<para>If no address generation mode is specified (which is the default), or a received
prefix does not match any of the addresses provided in <literal>prefixstable</literal>
mode, then the EUI-64 algorithm will be used to form an interface identifier for that
prefix.</para>
<para>Note that the <literal>prefixstable</literal> algorithm uses both the interface
name and MAC address as input to the hash to compute the interface identifier, so if either
of those are changed the resulting interface identifier (and address) will be changed, even
if the prefix received in the RA message has not been changed.</para>
<para>This setting can be specified multiple times. If an empty string is assigned, then
the all previous assignments are cleared.</para>
<para>Examples:
<programlisting>Token=eui64
Token=::1a:2b:3c:4d
Token=static:::1a:2b:3c:4d
Token=prefixstable
Token=prefixstable:2002:da8:1::</programlisting></para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>UseDNS=</varname></term>
<listitem>
@ -2727,6 +2729,16 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>Token=</varname></term>
<listitem>
<para>Specifies an optional address generation mode for assigning an address in each
prefix. This accepts the same syntax as <varname>Token=</varname> in the [IPv6AcceptRA]
section. If <varname>Assign=</varname> is set to false, then this setting will be ignored.
Defaults to unset, which means the EUI-64 algorithm will be used.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>RouteMetric=</varname></term>
<listitem>

View File

@ -621,64 +621,119 @@ int in4_addr_default_subnet_mask(const struct in_addr *addr, struct in_addr *mas
return 0;
}
int in4_addr_mask(struct in_addr *addr, unsigned char prefixlen) {
struct in_addr mask;
assert(addr);
if (!in4_addr_prefixlen_to_netmask(&mask, prefixlen))
return -EINVAL;
addr->s_addr &= mask.s_addr;
return 0;
}
int in6_addr_mask(struct in6_addr *addr, unsigned char prefixlen) {
unsigned i;
for (i = 0; i < 16; i++) {
uint8_t mask;
if (prefixlen >= 8) {
mask = 0xFF;
prefixlen -= 8;
} else if (prefixlen > 0) {
mask = 0xFF << (8 - prefixlen);
prefixlen = 0;
} else {
assert(prefixlen == 0);
mask = 0;
}
addr->s6_addr[i] &= mask;
}
return 0;
}
int in_addr_mask(int family, union in_addr_union *addr, unsigned char prefixlen) {
assert(addr);
if (family == AF_INET) {
struct in_addr mask;
if (!in4_addr_prefixlen_to_netmask(&mask, prefixlen))
return -EINVAL;
addr->in.s_addr &= mask.s_addr;
return 0;
switch (family) {
case AF_INET:
return in4_addr_mask(&addr->in, prefixlen);
case AF_INET6:
return in6_addr_mask(&addr->in6, prefixlen);
default:
return -EAFNOSUPPORT;
}
if (family == AF_INET6) {
unsigned i;
for (i = 0; i < 16; i++) {
uint8_t mask;
if (prefixlen >= 8) {
mask = 0xFF;
prefixlen -= 8;
} else {
mask = 0xFF << (8 - prefixlen);
prefixlen = 0;
}
addr->in6.s6_addr[i] &= mask;
}
return 0;
}
return -EAFNOSUPPORT;
}
int in_addr_prefix_covers(int family,
const union in_addr_union *prefix,
unsigned char prefixlen,
const union in_addr_union *address) {
int in4_addr_prefix_covers(
const struct in_addr *prefix,
unsigned char prefixlen,
const struct in_addr *address) {
union in_addr_union masked_prefix, masked_address;
struct in_addr masked_prefix, masked_address;
int r;
assert(prefix);
assert(address);
masked_prefix = *prefix;
r = in_addr_mask(family, &masked_prefix, prefixlen);
r = in4_addr_mask(&masked_prefix, prefixlen);
if (r < 0)
return r;
masked_address = *address;
r = in_addr_mask(family, &masked_address, prefixlen);
r = in4_addr_mask(&masked_address, prefixlen);
if (r < 0)
return r;
return in_addr_equal(family, &masked_prefix, &masked_address);
return in4_addr_equal(&masked_prefix, &masked_address);
}
int in6_addr_prefix_covers(
const struct in6_addr *prefix,
unsigned char prefixlen,
const struct in6_addr *address) {
struct in6_addr masked_prefix, masked_address;
int r;
assert(prefix);
assert(address);
masked_prefix = *prefix;
r = in6_addr_mask(&masked_prefix, prefixlen);
if (r < 0)
return r;
masked_address = *address;
r = in6_addr_mask(&masked_address, prefixlen);
if (r < 0)
return r;
return in6_addr_equal(&masked_prefix, &masked_address);
}
int in_addr_prefix_covers(
int family,
const union in_addr_union *prefix,
unsigned char prefixlen,
const union in_addr_union *address) {
assert(prefix);
assert(address);
switch (family) {
case AF_INET:
return in4_addr_prefix_covers(&prefix->in, prefixlen, &address->in);
case AF_INET6:
return in6_addr_prefix_covers(&prefix->in6, prefixlen, &address->in6);
default:
return -EAFNOSUPPORT;
}
}
int in_addr_parse_prefixlen(int family, const char *p, unsigned char *ret) {
@ -846,3 +901,9 @@ int in6_addr_compare_func(const struct in6_addr *a, const struct in6_addr *b) {
}
DEFINE_HASH_OPS(in6_addr_hash_ops, struct in6_addr, in6_addr_hash_func, in6_addr_compare_func);
DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(
in6_addr_hash_ops_free,
struct in6_addr,
in6_addr_hash_func,
in6_addr_compare_func,
free);

View File

@ -89,7 +89,11 @@ unsigned char in4_addr_netmask_to_prefixlen(const struct in_addr *addr);
struct in_addr* in4_addr_prefixlen_to_netmask(struct in_addr *addr, unsigned char prefixlen);
int in4_addr_default_prefixlen(const struct in_addr *addr, unsigned char *prefixlen);
int in4_addr_default_subnet_mask(const struct in_addr *addr, struct in_addr *mask);
int in4_addr_mask(struct in_addr *addr, unsigned char prefixlen);
int in6_addr_mask(struct in6_addr *addr, unsigned char prefixlen);
int in_addr_mask(int family, union in_addr_union *addr, unsigned char prefixlen);
int in4_addr_prefix_covers(const struct in_addr *prefix, unsigned char prefixlen, const struct in_addr *address);
int in6_addr_prefix_covers(const struct in6_addr *prefix, unsigned char prefixlen, const struct in6_addr *address);
int in_addr_prefix_covers(int family, const union in_addr_union *prefix, unsigned char prefixlen, const union in_addr_union *address);
int in_addr_parse_prefixlen(int family, const char *p, unsigned char *ret);
int in_addr_prefix_from_string(const char *p, int family, union in_addr_union *ret_prefix, unsigned char *ret_prefixlen);
@ -119,6 +123,7 @@ int in6_addr_compare_func(const struct in6_addr *a, const struct in6_addr *b);
extern const struct hash_ops in_addr_data_hash_ops;
extern const struct hash_ops in6_addr_hash_ops;
extern const struct hash_ops in6_addr_hash_ops_free;
#define IPV4_ADDRESS_FMT_STR "%u.%u.%u.%u"
#define IPV4_ADDRESS_FMT_VAL(address) \

View File

@ -51,6 +51,8 @@ sources = files('''
netdev/macsec.h
netdev/xfrm.c
netdev/xfrm.h
networkd-address-generation.c
networkd-address-generation.h
networkd-address-label.c
networkd-address-label.h
networkd-address-pool.c

View File

@ -0,0 +1,379 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <net/if_arp.h>
#include "sd-id128.h"
#include "memory-util.h"
#include "networkd-address-generation.h"
#include "networkd-link.h"
#include "networkd-network.h"
#include "string-util.h"
#define DAD_CONFLICTS_IDGEN_RETRIES_RFC7217 3
/* https://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xml */
#define SUBNET_ROUTER_ANYCAST_ADDRESS ((const struct in6_addr) { .s6_addr = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } })
#define SUBNET_ROUTER_ANYCAST_PREFIXLEN 64
#define RESERVED_INTERFACE_IDENTIFIERS_ADDRESS ((const struct in6_addr) { .s6_addr = { 0x02, 0x00, 0x5E, 0xFF, 0xFE } })
#define RESERVED_INTERFACE_IDENTIFIERS_PREFIXLEN 40
#define RESERVED_SUBNET_ANYCAST_ADDRESSES ((const struct in6_addr) { .s6_addr = { 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80 } })
#define RESERVED_SUBNET_ANYCAST_PREFIXLEN 57
#define DHCP6PD_APP_ID SD_ID128_MAKE(fb,b9,37,ca,4a,ed,4a,4d,b0,70,7f,aa,71,c0,c9,85)
#define NDISC_APP_ID SD_ID128_MAKE(13,ac,81,a7,d5,3f,49,78,92,79,5d,0c,29,3a,bc,7e)
#define RADV_APP_ID SD_ID128_MAKE(1f,1e,90,c8,5c,78,4f,dc,8e,61,2d,59,0d,53,c1,25)
typedef enum AddressGenerationType {
ADDRESS_GENERATION_EUI64,
ADDRESS_GENERATION_STATIC,
ADDRESS_GENERATION_PREFIXSTABLE,
_ADDRESS_GENERATION_TYPE_MAX,
_ADDRESS_GENERATION_TYPE_INVALID = -EINVAL,
} AddressGenerationType;
typedef struct IPv6Token {
AddressGenerationType type;
struct in6_addr address;
} IPv6Token;
static void generate_eui64_address(const Link *link, const struct in6_addr *prefix, struct in6_addr *ret) {
assert(link);
assert(prefix);
assert(ret);
memcpy(ret->s6_addr, prefix, 8);
if (link->iftype == ARPHRD_INFINIBAND)
/* Use last 8 byte. See RFC4391 section 8 */
memcpy(&ret->s6_addr[8], &link->hw_addr.infiniband[INFINIBAND_ALEN - 8], 8);
else {
/* see RFC4291 section 2.5.1 */
ret->s6_addr[8] = link->hw_addr.ether.ether_addr_octet[0];
ret->s6_addr[9] = link->hw_addr.ether.ether_addr_octet[1];
ret->s6_addr[10] = link->hw_addr.ether.ether_addr_octet[2];
ret->s6_addr[11] = 0xff;
ret->s6_addr[12] = 0xfe;
ret->s6_addr[13] = link->hw_addr.ether.ether_addr_octet[3];
ret->s6_addr[14] = link->hw_addr.ether.ether_addr_octet[4];
ret->s6_addr[15] = link->hw_addr.ether.ether_addr_octet[5];
}
ret->s6_addr[8] ^= 1 << 1;
}
static bool stable_private_address_is_valid(const struct in6_addr *addr) {
assert(addr);
/* According to rfc4291, generated address should not be in the following ranges. */
if (in6_addr_prefix_covers(&SUBNET_ROUTER_ANYCAST_ADDRESS, SUBNET_ROUTER_ANYCAST_PREFIXLEN, addr))
return false;
if (in6_addr_prefix_covers(&RESERVED_INTERFACE_IDENTIFIERS_ADDRESS, RESERVED_INTERFACE_IDENTIFIERS_PREFIXLEN, addr))
return false;
if (in6_addr_prefix_covers(&RESERVED_SUBNET_ANYCAST_ADDRESSES, RESERVED_SUBNET_ANYCAST_PREFIXLEN, addr))
return false;
return true;
}
static void generate_stable_private_address_one(
Link *link,
const sd_id128_t *secret_key,
const struct in6_addr *prefix,
uint8_t dad_counter,
struct in6_addr *ret) {
struct siphash state;
uint64_t rid;
assert(link);
assert(secret_key);
assert(prefix);
assert(ret);
/* According to RFC7217 section 5.1
* RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) */
siphash24_init(&state, secret_key->bytes);
siphash24_compress(prefix, 8, &state);
siphash24_compress_string(link->ifname, &state);
if (link->iftype == ARPHRD_INFINIBAND)
/* Only last 8 bytes of IB MAC are stable */
siphash24_compress(&link->hw_addr.infiniband[INFINIBAND_ALEN - 8], 8, &state);
else
siphash24_compress(link->hw_addr.bytes, link->hw_addr.length, &state);
siphash24_compress(&dad_counter, sizeof(uint8_t), &state);
rid = htole64(siphash24_finalize(&state));
memcpy(ret->s6_addr, prefix->s6_addr, 8);
memcpy(ret->s6_addr + 8, &rid, 8);
}
static int generate_stable_private_address(
Link *link,
const sd_id128_t *app_id,
const struct in6_addr *prefix,
struct in6_addr *ret) {
struct in6_addr addr;
sd_id128_t secret_key;
uint8_t i;
int r;
assert(link);
assert(app_id);
assert(prefix);
assert(ret);
r = sd_id128_get_machine_app_specific(*app_id, &secret_key);
if (r < 0)
return log_link_debug_errno(link, r, "Failed to generate secret key for IPv6 stable private address: %m");
/* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop does
* not actually attempt Duplicate Address Detection; the counter will be incremented only when
* the address generation algorithm produces an invalid address, and the loop may exit with an
* address which ends up being unusable due to duplication on the link. */
for (i = 0; i < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; i++) {
generate_stable_private_address_one(link, &secret_key, prefix, i, &addr);
if (stable_private_address_is_valid(&addr))
break;
}
if (i >= DAD_CONFLICTS_IDGEN_RETRIES_RFC7217)
/* propagate recognizable errors. */
return log_link_debug_errno(link, SYNTHETIC_ERRNO(ENOANO),
"Failed to generate stable private address.");
*ret = addr;
return 0;
}
static int generate_addresses(
Link *link,
Set *tokens,
const sd_id128_t *app_id,
const struct in6_addr *prefix,
uint8_t prefixlen,
Set **ret) {
_cleanup_set_free_ Set *addresses = NULL;
struct in6_addr masked;
IPv6Token *j;
int r;
assert(link);
assert(app_id);
assert(prefix);
assert(prefixlen > 0 && prefixlen <= 64);
assert(ret);
masked = *prefix;
in6_addr_mask(&masked, prefixlen);
SET_FOREACH(j, tokens) {
struct in6_addr addr, *copy;
switch (j->type) {
case ADDRESS_GENERATION_EUI64:
generate_eui64_address(link, &masked, &addr);
break;
case ADDRESS_GENERATION_STATIC:
memcpy(addr.s6_addr, masked.s6_addr, 8);
memcpy(addr.s6_addr + 8, j->address.s6_addr + 8, 8);
break;
case ADDRESS_GENERATION_PREFIXSTABLE:
if (in6_addr_is_set(&j->address) && !in6_addr_equal(&j->address, &masked))
continue;
if (generate_stable_private_address(link, app_id, &masked, &addr) < 0)
continue;
break;
default:
assert_not_reached();
}
copy = newdup(struct in6_addr, &addr, 1);
if (!copy)
return -ENOMEM;
r = set_ensure_consume(&addresses, &in6_addr_hash_ops_free, copy);
if (r < 0)
return r;
}
/* fall back to EUI-64 if no token is provided */
if (set_isempty(addresses)) {
struct in6_addr *addr;
addr = new(struct in6_addr, 1);
if (!addr)
return -ENOMEM;
generate_eui64_address(link, &masked, addr);
r = set_ensure_consume(&addresses, &in6_addr_hash_ops_free, addr);
if (r < 0)
return r;
}
*ret = TAKE_PTR(addresses);
return 0;
}
int dhcp6_pd_generate_addresses(Link *link, const struct in6_addr *prefix, Set **ret) {
return generate_addresses(link, link->network->dhcp6_pd_tokens, &DHCP6PD_APP_ID, prefix, 64, ret);
}
int ndisc_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret) {
return generate_addresses(link, link->network->ndisc_tokens, &NDISC_APP_ID, prefix, prefixlen, ret);
}
int radv_generate_addresses(Link *link, Set *tokens, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret) {
return generate_addresses(link, tokens, &RADV_APP_ID, prefix, prefixlen, ret);
}
static void ipv6_token_hash_func(const IPv6Token *p, struct siphash *state) {
siphash24_compress(&p->type, sizeof(p->type), state);
siphash24_compress(&p->address, sizeof(p->address), state);
}
static int ipv6_token_compare_func(const IPv6Token *a, const IPv6Token *b) {
int r;
r = CMP(a->type, b->type);
if (r != 0)
return r;
return memcmp(&a->address, &b->address, sizeof(struct in6_addr));
}
DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
ipv6_token_hash_ops,
IPv6Token,
ipv6_token_hash_func,
ipv6_token_compare_func,
free);
static int ipv6_token_add(Set **tokens, AddressGenerationType type, const struct in6_addr *addr) {
IPv6Token *p;
assert(tokens);
assert(type >= 0 && type < _ADDRESS_GENERATION_TYPE_MAX);
assert(addr);
p = new(IPv6Token, 1);
if (!p)
return -ENOMEM;
*p = (IPv6Token) {
.type = type,
.address = *addr,
};
return set_ensure_consume(tokens, &ipv6_token_hash_ops, p);
}
int config_parse_address_generation_type(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
union in_addr_union buffer = {};
AddressGenerationType type;
Set **tokens = data;
const char *p;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
*tokens = set_free(*tokens);
return 0;
}
if ((p = startswith(rvalue, "prefixstable"))) {
type = ADDRESS_GENERATION_PREFIXSTABLE;
if (*p == ':')
p++;
else if (*p == '\0')
p = NULL;
else {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Invalid IPv6 token mode in %s=, ignoring assignment: %s",
lvalue, rvalue);
return 0;
}
} else if (streq(rvalue, "eui64")) {
type = ADDRESS_GENERATION_EUI64;
p = NULL;
} else {
type = ADDRESS_GENERATION_STATIC;
p = startswith(rvalue, "static:");
if (!p)
p = rvalue;
}
if (p) {
r = in_addr_from_string(AF_INET6, p, &buffer);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to parse IP address in %s=, ignoring assignment: %s",
lvalue, rvalue);
return 0;
}
}
switch (type) {
case ADDRESS_GENERATION_EUI64:
assert(in6_addr_is_null(&buffer.in6));
break;
case ADDRESS_GENERATION_STATIC:
/* Only last 64 bits are used. */
memzero(buffer.in6.s6_addr, 8);
if (in6_addr_is_null(&buffer.in6)) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"IPv6 address in %s= cannot be the ANY address, ignoring assignment: %s",
lvalue, rvalue);
return 0;
}
break;
case ADDRESS_GENERATION_PREFIXSTABLE:
/* At most, the initial 64 bits are used. */
(void) in6_addr_mask(&buffer.in6, 64);
break;
default:
assert_not_reached();
}
r = ipv6_token_add(tokens, type, &buffer.in6);
if (r < 0)
return log_oom();
return 0;
}

View File

@ -0,0 +1,14 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include "conf-parser.h"
#include "in-addr-util.h"
#include "set.h"
typedef struct Link Link;
int dhcp6_pd_generate_addresses(Link *link, const struct in6_addr *prefix, Set **ret);
int ndisc_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret);
int radv_generate_addresses(Link *link, Set *tokens, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret);
CONFIG_PARSER_PROTOTYPE(config_parse_address_generation_type);

View File

@ -57,32 +57,6 @@ static int address_flags_to_string_alloc(uint32_t flags, int family, char **ret)
return 0;
}
int generate_ipv6_eui_64_address(const Link *link, struct in6_addr *ret) {
assert(link);
assert(ret);
if (link->iftype == ARPHRD_INFINIBAND) {
/* see RFC4391 section 8 */
memcpy(&ret->s6_addr[8], &link->hw_addr.infiniband[12], 8);
ret->s6_addr[8] ^= 1 << 1;
return 0;
}
/* see RFC4291 section 2.5.1 */
ret->s6_addr[8] = link->hw_addr.ether.ether_addr_octet[0];
ret->s6_addr[8] ^= 1 << 1;
ret->s6_addr[9] = link->hw_addr.ether.ether_addr_octet[1];
ret->s6_addr[10] = link->hw_addr.ether.ether_addr_octet[2];
ret->s6_addr[11] = 0xff;
ret->s6_addr[12] = 0xfe;
ret->s6_addr[13] = link->hw_addr.ether.ether_addr_octet[3];
ret->s6_addr[14] = link->hw_addr.ether.ether_addr_octet[4];
ret->s6_addr[15] = link->hw_addr.ether.ether_addr_octet[5];
return 0;
}
int address_new(Address **ret) {
_cleanup_(address_freep) Address *address = NULL;

View File

@ -67,8 +67,6 @@ int address_dup(const Address *src, Address **ret);
bool address_is_ready(const Address *a);
void address_set_broadcast(Address *a);
int generate_ipv6_eui_64_address(const Link *link, struct in6_addr *ret);
DEFINE_NETWORK_SECTION_FUNCTIONS(Address, address_free);
int link_drop_addresses(Link *link);

View File

@ -14,6 +14,7 @@
#include "hostname-util.h"
#include "in-addr-prefix-util.h"
#include "missing_network.h"
#include "networkd-address-generation.h"
#include "networkd-address.h"
#include "networkd-dhcp6.h"
#include "networkd-link.h"
@ -361,8 +362,8 @@ static int dhcp6_pd_request_address(
uint32_t lifetime_preferred,
uint32_t lifetime_valid) {
_cleanup_(address_freep) Address *address = NULL;
Address *existing;
_cleanup_set_free_ Set *addresses = NULL;
struct in6_addr *a;
int r;
assert(link);
@ -372,40 +373,40 @@ static int dhcp6_pd_request_address(
if (!link->network->dhcp6_pd_assign)
return 0;
r = address_new(&address);
r = dhcp6_pd_generate_addresses(link, prefix, &addresses);
if (r < 0)
return log_link_error_errno(link, r, "Failed to allocate address for DHCPv6 delegated prefix: %m");
return log_link_warning_errno(link, r, "Failed to generate addresses for acquired DHCPv6 delegated prefix: %m");
address->in_addr.in6 = *prefix;
SET_FOREACH(a, addresses) {
_cleanup_(address_freep) Address *address = NULL;
Address *existing;
if (in6_addr_is_set(&link->network->dhcp6_pd_token))
memcpy(address->in_addr.in6.s6_addr + 8, link->network->dhcp6_pd_token.s6_addr + 8, 8);
else {
r = generate_ipv6_eui_64_address(link, &address->in_addr.in6);
r = address_new(&address);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to generate EUI64 address for acquired DHCPv6 delegated prefix: %m");
return log_link_error_errno(link, r, "Failed to allocate address for DHCPv6 delegated prefix: %m");
address->source = NETWORK_CONFIG_SOURCE_DHCP6PD;
address->family = AF_INET6;
address->in_addr.in6 = *a;
address->prefixlen = 64;
address->cinfo.ifa_prefered = lifetime_preferred;
address->cinfo.ifa_valid = lifetime_valid;
SET_FLAG(address->flags, IFA_F_MANAGETEMPADDR, link->network->dhcp6_pd_manage_temporary_address);
address->route_metric = link->network->dhcp6_pd_route_metric;
log_dhcp6_pd_address(link, address);
if (address_get(link, address, &existing) < 0)
link->dhcp6_pd_configured = false;
else
address_unmark(existing);
r = link_request_address(link, TAKE_PTR(address), true, &link->dhcp6_pd_messages,
dhcp6_pd_address_handler, NULL);
if (r < 0)
return log_link_error_errno(link, r, "Failed to request DHCPv6 delegated prefix address: %m");
}
address->source = NETWORK_CONFIG_SOURCE_DHCP6PD;
address->prefixlen = 64;
address->family = AF_INET6;
address->cinfo.ifa_prefered = lifetime_preferred;
address->cinfo.ifa_valid = lifetime_valid;
SET_FLAG(address->flags, IFA_F_MANAGETEMPADDR, link->network->dhcp6_pd_manage_temporary_address);
address->route_metric = link->network->dhcp6_pd_route_metric;
log_dhcp6_pd_address(link, address);
if (address_get(link, address, &existing) < 0)
link->dhcp6_pd_configured = false;
else
address_unmark(existing);
r = link_request_address(link, TAKE_PTR(address), true, &link->dhcp6_pd_messages,
dhcp6_pd_address_handler, NULL);
if (r < 0)
return log_link_error_errno(link, r, "Failed to request DHCPv6 delegated prefix address: %m");
return 0;
}

View File

@ -5,12 +5,12 @@
#include <arpa/inet.h>
#include <netinet/icmp6.h>
#include <net/if_arp.h>
#include <linux/if.h>
#include "sd-ndisc.h"
#include "missing_network.h"
#include "networkd-address-generation.h"
#include "networkd-address.h"
#include "networkd-dhcp6.h"
#include "networkd-manager.h"
@ -25,35 +25,6 @@
#define NDISC_DNSSL_MAX 64U
#define NDISC_RDNSS_MAX 64U
#define DAD_CONFLICTS_IDGEN_RETRIES_RFC7217 3
/* https://tools.ietf.org/html/rfc5453 */
/* https://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xml */
#define SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } })
#define SUBNET_ROUTER_ANYCAST_PREFIXLEN 8
#define RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x02, 0x00, 0x5E, 0xFF, 0xFE } })
#define RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN 5
#define RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291 ((struct in6_addr) { .s6_addr = { 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } })
#define RESERVED_SUBNET_ANYCAST_PREFIXLEN 7
#define NDISC_APP_ID SD_ID128_MAKE(13,ac,81,a7,d5,3f,49,78,92,79,5d,0c,29,3a,bc,7e)
typedef enum IPv6TokenAddressGeneration {
IPV6_TOKEN_ADDRESS_GENERATION_NONE,
IPV6_TOKEN_ADDRESS_GENERATION_STATIC,
IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE,
_IPV6_TOKEN_ADDRESS_GENERATION_MAX,
_IPV6_TOKEN_ADDRESS_GENERATION_INVALID = -EINVAL,
} IPv6TokenAddressGeneration;
typedef struct IPv6Token {
IPv6TokenAddressGeneration address_generation_type;
uint8_t dad_counter;
struct in6_addr prefix;
} IPv6Token;
bool link_ipv6_accept_ra_enabled(Link *link) {
assert(link);
@ -408,145 +379,10 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) {
return 0;
}
static bool stable_private_address_is_valid(const struct in6_addr *addr) {
assert(addr);
/* According to rfc4291, generated address should not be in the following ranges. */
if (memcmp(addr, &SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291, SUBNET_ROUTER_ANYCAST_PREFIXLEN) == 0)
return false;
if (memcmp(addr, &RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291, RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN) == 0)
return false;
if (memcmp(addr, &RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291, RESERVED_SUBNET_ANYCAST_PREFIXLEN) == 0)
return false;
return true;
}
static int make_stable_private_address(Link *link, const struct in6_addr *prefix, uint8_t prefix_len, uint8_t dad_counter, struct in6_addr **ret) {
_cleanup_free_ struct in6_addr *addr = NULL;
sd_id128_t secret_key;
struct siphash state;
uint64_t rid;
size_t l;
int r;
/* According to rfc7217 section 5.1
* RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) */
r = sd_id128_get_machine_app_specific(NDISC_APP_ID, &secret_key);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to generate key for IPv6 stable private address: %m");
siphash24_init(&state, secret_key.bytes);
l = MAX(DIV_ROUND_UP(prefix_len, 8), 8);
siphash24_compress(prefix, l, &state);
siphash24_compress_string(link->ifname, &state);
/* Only last 8 bytes of IB MAC are stable */
if (link->iftype == ARPHRD_INFINIBAND)
siphash24_compress(&link->hw_addr.infiniband[12], 8, &state);
else
siphash24_compress(link->hw_addr.bytes, link->hw_addr.length, &state);
siphash24_compress(&dad_counter, sizeof(uint8_t), &state);
rid = htole64(siphash24_finalize(&state));
addr = new(struct in6_addr, 1);
if (!addr)
return log_oom();
memcpy(addr->s6_addr, prefix->s6_addr, l);
memcpy(addr->s6_addr + l, &rid, 16 - l);
if (!stable_private_address_is_valid(addr)) {
*ret = NULL;
return 0;
}
*ret = TAKE_PTR(addr);
return 1;
}
static int ndisc_router_generate_addresses(Link *link, struct in6_addr *address, uint8_t prefixlen, Set **ret) {
_cleanup_set_free_free_ Set *addresses = NULL;
IPv6Token *j;
int r;
assert(link);
assert(address);
assert(ret);
addresses = set_new(&in6_addr_hash_ops);
if (!addresses)
return log_oom();
ORDERED_SET_FOREACH(j, link->network->ipv6_tokens) {
_cleanup_free_ struct in6_addr *new_address = NULL;
if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE
&& (in6_addr_is_null(&j->prefix) || in6_addr_equal(&j->prefix, address))) {
/* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop
* does not actually attempt Duplicate Address Detection; the counter will be incremented
* only when the address generation algorithm produces an invalid address, and the loop
* may exit with an address which ends up being unusable due to duplication on the link. */
for (; j->dad_counter < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; j->dad_counter++) {
r = make_stable_private_address(link, address, prefixlen, j->dad_counter, &new_address);
if (r < 0)
return r;
if (r > 0)
break;
}
} else if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC) {
new_address = new(struct in6_addr, 1);
if (!new_address)
return log_oom();
memcpy(new_address->s6_addr, address->s6_addr, 8);
memcpy(new_address->s6_addr + 8, j->prefix.s6_addr + 8, 8);
}
if (new_address) {
r = set_put(addresses, new_address);
if (r < 0)
return log_link_error_errno(link, r, "Failed to store SLAAC address: %m");
else if (r == 0)
log_link_debug_errno(link, r, "Generated SLAAC address is duplicated, ignoring.");
else
TAKE_PTR(new_address);
}
}
/* fall back to EUI-64 if no tokens provided addresses */
if (set_isempty(addresses)) {
_cleanup_free_ struct in6_addr *new_address = NULL;
new_address = newdup(struct in6_addr, address, 1);
if (!new_address)
return log_oom();
r = generate_ipv6_eui_64_address(link, new_address);
if (r < 0)
return log_link_error_errno(link, r, "Failed to generate EUI64 address: %m");
r = set_put(addresses, new_address);
if (r < 0)
return log_link_error_errno(link, r, "Failed to store SLAAC address: %m");
TAKE_PTR(new_address);
}
*ret = TAKE_PTR(addresses);
return 0;
}
static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) {
uint32_t lifetime_valid, lifetime_preferred;
_cleanup_set_free_free_ Set *addresses = NULL;
struct in6_addr addr, *a;
_cleanup_set_free_ Set *addresses = NULL;
struct in6_addr prefix, *a;
unsigned prefixlen;
usec_t time_now;
int r;
@ -560,10 +396,23 @@ static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *r
if (r < 0)
return log_link_error_errno(link, r, "Failed to get RA timestamp: %m");
r = sd_ndisc_router_prefix_get_address(rt, &prefix);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix address: %m");
r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix length: %m");
/* ndisc_generate_addresses() below requires the prefix length <= 64. */
if (prefixlen > 64) {
_cleanup_free_ char *buf = NULL;
(void) in6_addr_prefix_to_string(&prefix, prefixlen, &buf);
log_link_debug(link, "Prefix is longer than 64, ignoring autonomous prefix %s.", strna(buf));
return 0;
}
r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix valid lifetime: %m");
@ -581,13 +430,9 @@ static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *r
if (lifetime_preferred > lifetime_valid)
return 0;
r = sd_ndisc_router_prefix_get_address(rt, &addr);
r = ndisc_generate_addresses(link, &prefix, prefixlen, &addresses);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix address: %m");
r = ndisc_router_generate_addresses(link, &addr, prefixlen, &addresses);
if (r < 0)
return r;
return log_link_error_errno(link, r, "Failed to generate SLAAC addresses: %m");
SET_FOREACH(a, addresses) {
_cleanup_(address_freep) Address *address = NULL;
@ -1214,128 +1059,6 @@ void ndisc_flush(Link *link) {
link->ndisc_dnssl = set_free(link->ndisc_dnssl);
}
static int ipv6token_new(IPv6Token **ret) {
IPv6Token *p;
p = new(IPv6Token, 1);
if (!p)
return -ENOMEM;
*p = (IPv6Token) {
.address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_NONE,
};
*ret = TAKE_PTR(p);
return 0;
}
static void ipv6_token_hash_func(const IPv6Token *p, struct siphash *state) {
siphash24_compress(&p->address_generation_type, sizeof(p->address_generation_type), state);
siphash24_compress(&p->prefix, sizeof(p->prefix), state);
}
static int ipv6_token_compare_func(const IPv6Token *a, const IPv6Token *b) {
int r;
r = CMP(a->address_generation_type, b->address_generation_type);
if (r != 0)
return r;
return memcmp(&a->prefix, &b->prefix, sizeof(struct in6_addr));
}
DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
ipv6_token_hash_ops,
IPv6Token,
ipv6_token_hash_func,
ipv6_token_compare_func,
free);
int config_parse_address_generation_type(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
_cleanup_free_ IPv6Token *token = NULL;
union in_addr_union buffer;
Network *network = data;
const char *p;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
network->ipv6_tokens = ordered_set_free(network->ipv6_tokens);
return 0;
}
r = ipv6token_new(&token);
if (r < 0)
return log_oom();
if ((p = startswith(rvalue, "prefixstable"))) {
token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE;
if (*p == ':')
p++;
else if (*p == '\0')
p = NULL;
else {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Invalid IPv6 token mode in %s=, ignoring assignment: %s",
lvalue, rvalue);
return 0;
}
} else {
token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_STATIC;
p = startswith(rvalue, "static:");
if (!p)
p = rvalue;
}
if (p) {
r = in_addr_from_string(AF_INET6, p, &buffer);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to parse IP address in %s=, ignoring assignment: %s",
lvalue, rvalue);
return 0;
}
if (token->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC &&
in_addr_is_null(AF_INET6, &buffer)) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"IPv6 address in %s= cannot be the ANY address, ignoring assignment: %s",
lvalue, rvalue);
return 0;
}
token->prefix = buffer.in6;
}
r = ordered_set_ensure_put(&network->ipv6_tokens, &ipv6_token_hash_ops, token);
if (r == -ENOMEM)
return log_oom();
if (r == -EEXIST)
log_syntax(unit, LOG_DEBUG, filename, line, r,
"IPv6 token '%s' is duplicated, ignoring: %m", rvalue);
else if (r < 0)
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to store IPv6 token '%s', ignoring: %m", rvalue);
else
TAKE_PTR(token);
return 0;
}
static const char* const ipv6_accept_ra_start_dhcp6_client_table[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX] = {
[IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO] = "no",
[IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS] = "always",

View File

@ -44,6 +44,5 @@ int ndisc_start(Link *link);
void ndisc_vacuum(Link *link);
void ndisc_flush(Link *link);
CONFIG_PARSER_PROTOTYPE(config_parse_address_generation_type);
CONFIG_PARSER_PROTOTYPE(config_parse_ipv6_accept_ra_start_dhcp6_client);
CONFIG_PARSER_PROTOTYPE(config_parse_ipv6_accept_ra_use_domains);

View File

@ -8,6 +8,7 @@ _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"")
#include "in-addr-prefix-util.h"
#include "netem.h"
#include "net-condition.h"
#include "networkd-address-generation.h"
#include "networkd-address-label.h"
#include "networkd-address.h"
#include "networkd-bridge-fdb.h"
@ -103,7 +104,6 @@ Network.IPv6LinkLocalAddressGenerationMode, config_parse_ipv6_link_local_addres
Network.IPv6StableSecretAddress, config_parse_in_addr_non_null, AF_INET6, offsetof(Network, ipv6ll_stable_secret)
Network.IPv4LLRoute, config_parse_bool, 0, offsetof(Network, ipv4ll_route)
Network.DefaultRouteOnDevice, config_parse_bool, 0, offsetof(Network, default_route_on_device)
Network.IPv6Token, config_parse_address_generation_type, 0, 0
Network.LLDP, config_parse_lldp_mode, 0, offsetof(Network, lldp_mode)
Network.EmitLLDP, config_parse_lldp_multicast_mode, 0, offsetof(Network, lldp_multicast_mode)
Network.Address, config_parse_address, 0, 0
@ -270,6 +270,7 @@ IPv6AcceptRA.PrefixAllowList, config_parse_in_addr_prefixes,
IPv6AcceptRA.PrefixDenyList, config_parse_in_addr_prefixes, AF_INET6, offsetof(Network, ndisc_deny_listed_prefix)
IPv6AcceptRA.RouteAllowList, config_parse_in_addr_prefixes, AF_INET6, offsetof(Network, ndisc_allow_listed_route_prefix)
IPv6AcceptRA.RouteDenyList, config_parse_in_addr_prefixes, AF_INET6, offsetof(Network, ndisc_deny_listed_route_prefix)
IPv6AcceptRA.Token, config_parse_address_generation_type, 0, offsetof(Network, ndisc_tokens)
DHCPServer.ServerAddress, config_parse_dhcp_server_address, 0, 0
DHCPServer.UplinkInterface, config_parse_uplink, 0, 0
DHCPServer.RelayTarget, config_parse_in_addr_non_null, AF_INET, offsetof(Network, dhcp_server_relay_target)
@ -328,7 +329,7 @@ DHCPv6PrefixDelegation.SubnetId, config_parse_dhcp6_pd_subnet_id,
DHCPv6PrefixDelegation.Announce, config_parse_bool, 0, offsetof(Network, dhcp6_pd_announce)
DHCPv6PrefixDelegation.Assign, config_parse_bool, 0, offsetof(Network, dhcp6_pd_assign)
DHCPv6PrefixDelegation.ManageTemporaryAddress, config_parse_bool, 0, offsetof(Network, dhcp6_pd_manage_temporary_address)
DHCPv6PrefixDelegation.Token, config_parse_in_addr_non_null, AF_INET6, offsetof(Network, dhcp6_pd_token)
DHCPv6PrefixDelegation.Token, config_parse_address_generation_type, 0, offsetof(Network, dhcp6_pd_tokens)
DHCPv6PrefixDelegation.RouteMetric, config_parse_uint32, 0, offsetof(Network, dhcp6_pd_route_metric)
IPv6SendRA.RouterLifetimeSec, config_parse_sec, 0, offsetof(Network, router_lifetime_usec)
IPv6SendRA.Managed, config_parse_bool, 0, offsetof(Network, router_managed)
@ -347,6 +348,7 @@ IPv6Prefix.ValidLifetimeSec, config_parse_prefix_lifetime,
IPv6Prefix.PreferredLifetimeSec, config_parse_prefix_lifetime, 0, 0
IPv6Prefix.Assign, config_parse_prefix_assign, 0, 0
IPv6Prefix.RouteMetric, config_parse_prefix_metric, 0, 0
IPv6Prefix.Token, config_parse_prefix_token, 0, 0
IPv6RoutePrefix.Route, config_parse_route_prefix, 0, 0
IPv6RoutePrefix.LifetimeSec, config_parse_route_prefix_lifetime, 0, 0
LLDP.MUDURL, config_parse_mud_url, 0, offsetof(Network, lldp_mudurl)
@ -492,6 +494,7 @@ TrivialLinkEqualizer.Handle, config_parse_qdisc_handle,
TrivialLinkEqualizer.Id, config_parse_trivial_link_equalizer_id, QDISC_KIND_TEQL, 0
/* backwards compatibility: do not add new entries to this section */
Network.IPv4LL, config_parse_ipv4ll, 0, offsetof(Network, link_local)
Network.IPv6Token, config_parse_address_generation_type, 0, offsetof(Network, ndisc_tokens)
Network.IPv6PrefixDelegation, config_parse_router_prefix_delegation, 0, offsetof(Network, router_prefix_delegation)
IPv6PrefixDelegation.RouterLifetimeSec, config_parse_sec, 0, offsetof(Network, router_lifetime_usec)
IPv6PrefixDelegation.Managed, config_parse_bool, 0, offsetof(Network, router_managed)

View File

@ -706,9 +706,10 @@ static Network *network_free(Network *network) {
ordered_hashmap_free(network->dhcp_client_send_vendor_options);
ordered_hashmap_free(network->dhcp_server_send_options);
ordered_hashmap_free(network->dhcp_server_send_vendor_options);
ordered_set_free(network->ipv6_tokens);
ordered_hashmap_free(network->dhcp6_client_send_options);
ordered_hashmap_free(network->dhcp6_client_send_vendor_options);
set_free(network->dhcp6_pd_tokens);
set_free(network->ndisc_tokens);
return mfree(network);
}

View File

@ -244,7 +244,7 @@ struct Network {
bool dhcp6_pd_manage_temporary_address;
int64_t dhcp6_pd_subnet_id;
uint32_t dhcp6_pd_route_metric;
struct in6_addr dhcp6_pd_token;
Set *dhcp6_pd_tokens;
/* Bridge Support */
int use_bpdu;
@ -321,7 +321,7 @@ struct Network {
Set *ndisc_allow_listed_prefix;
Set *ndisc_deny_listed_route_prefix;
Set *ndisc_allow_listed_route_prefix;
OrderedSet *ipv6_tokens;
Set *ndisc_tokens;
/* LLDP support */
LLDPMode lldp_mode; /* LLDP reception */

View File

@ -7,6 +7,7 @@
#include <arpa/inet.h>
#include "dns-domain.h"
#include "networkd-address-generation.h"
#include "networkd-address.h"
#include "networkd-link.h"
#include "networkd-manager.h"
@ -19,6 +20,44 @@
#include "string-table.h"
#include "strv.h"
void network_adjust_radv(Network *network) {
assert(network);
/* After this function is called, network->router_prefix_delegation can be treated as a boolean. */
if (network->dhcp6_pd < 0)
/* For backward compatibility. */
network->dhcp6_pd = FLAGS_SET(network->router_prefix_delegation, RADV_PREFIX_DELEGATION_DHCP6);
if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) {
if (network->router_prefix_delegation != RADV_PREFIX_DELEGATION_NONE)
log_warning("%s: IPv6PrefixDelegation= is enabled but IPv6 link local addressing is disabled. "
"Disabling IPv6PrefixDelegation=.", network->filename);
network->router_prefix_delegation = RADV_PREFIX_DELEGATION_NONE;
}
if (network->router_prefix_delegation == RADV_PREFIX_DELEGATION_NONE) {
network->n_router_dns = 0;
network->router_dns = mfree(network->router_dns);
network->router_search_domains = ordered_set_free(network->router_search_domains);
}
if (!FLAGS_SET(network->router_prefix_delegation, RADV_PREFIX_DELEGATION_STATIC)) {
network->prefixes_by_section = hashmap_free_with_destructor(network->prefixes_by_section, prefix_free);
network->route_prefixes_by_section = hashmap_free_with_destructor(network->route_prefixes_by_section, route_prefix_free);
}
}
static bool link_radv_enabled(Link *link) {
assert(link);
if (!link_ipv6ll_enabled(link))
return false;
return link->network->router_prefix_delegation;
}
Prefix *prefix_free(Prefix *prefix) {
if (!prefix)
return NULL;
@ -30,6 +69,7 @@ Prefix *prefix_free(Prefix *prefix) {
network_config_section_free(prefix->section);
sd_radv_prefix_unref(prefix->radv_prefix);
set_free(prefix->tokens);
return mfree(prefix);
}
@ -155,64 +195,6 @@ static int route_prefix_new_static(Network *network, const char *filename, unsig
return 0;
}
void network_drop_invalid_prefixes(Network *network) {
Prefix *prefix;
assert(network);
HASHMAP_FOREACH(prefix, network->prefixes_by_section)
if (section_is_invalid(prefix->section))
prefix_free(prefix);
}
void network_drop_invalid_route_prefixes(Network *network) {
RoutePrefix *prefix;
assert(network);
HASHMAP_FOREACH(prefix, network->route_prefixes_by_section)
if (section_is_invalid(prefix->section))
route_prefix_free(prefix);
}
void network_adjust_radv(Network *network) {
assert(network);
/* After this function is called, network->router_prefix_delegation can be treated as a boolean. */
if (network->dhcp6_pd < 0)
/* For backward compatibility. */
network->dhcp6_pd = FLAGS_SET(network->router_prefix_delegation, RADV_PREFIX_DELEGATION_DHCP6);
if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) {
if (network->router_prefix_delegation != RADV_PREFIX_DELEGATION_NONE)
log_warning("%s: IPv6PrefixDelegation= is enabled but IPv6 link local addressing is disabled. "
"Disabling IPv6PrefixDelegation=.", network->filename);
network->router_prefix_delegation = RADV_PREFIX_DELEGATION_NONE;
}
if (network->router_prefix_delegation == RADV_PREFIX_DELEGATION_NONE) {
network->n_router_dns = 0;
network->router_dns = mfree(network->router_dns);
network->router_search_domains = ordered_set_free(network->router_search_domains);
}
if (!FLAGS_SET(network->router_prefix_delegation, RADV_PREFIX_DELEGATION_STATIC)) {
network->prefixes_by_section = hashmap_free_with_destructor(network->prefixes_by_section, prefix_free);
network->route_prefixes_by_section = hashmap_free_with_destructor(network->route_prefixes_by_section, route_prefix_free);
}
}
static bool link_radv_enabled(Link *link) {
assert(link);
if (!link_ipv6ll_enabled(link))
return false;
return link->network->router_prefix_delegation;
}
int link_request_radv_addresses(Link *link) {
Prefix *p;
int r;
@ -223,347 +205,54 @@ int link_request_radv_addresses(Link *link) {
return 0;
HASHMAP_FOREACH(p, link->network->prefixes_by_section) {
_cleanup_(address_freep) Address *address = NULL;
_cleanup_set_free_ Set *addresses = NULL;
struct in6_addr prefix, *a;
uint8_t prefixlen;
if (!p->assign)
continue;
r = address_new(&address);
if (r < 0)
return log_oom();
r = sd_radv_prefix_get_prefix(p->radv_prefix, &address->in_addr.in6, &address->prefixlen);
r = sd_radv_prefix_get_prefix(p->radv_prefix, &prefix, &prefixlen);
if (r < 0)
return r;
r = generate_ipv6_eui_64_address(link, &address->in_addr.in6);
/* radv_generate_addresses() below requires the prefix length <= 64. */
if (prefixlen > 64) {
_cleanup_free_ char *str = NULL;
(void) in6_addr_prefix_to_string(&prefix, prefixlen, &str);
log_link_debug(link,
"Prefix is longer than 64, refusing to assign an address in %s.",
strna(str));
continue;
}
r = radv_generate_addresses(link, p->tokens, &prefix, prefixlen, &addresses);
if (r < 0)
return r;
address->source = NETWORK_CONFIG_SOURCE_STATIC;
address->family = AF_INET6;
address->route_metric = p->route_metric;
SET_FOREACH(a, addresses) {
_cleanup_(address_freep) Address *address = NULL;
r = link_request_static_address(link, TAKE_PTR(address), true);
if (r < 0)
return r;
r = address_new(&address);
if (r < 0)
return -ENOMEM;
address->source = NETWORK_CONFIG_SOURCE_STATIC;
address->family = AF_INET6;
address->in_addr.in6 = *a;
address->prefixlen = prefixlen;
address->route_metric = p->route_metric;
r = link_request_static_address(link, TAKE_PTR(address), true);
if (r < 0)
return r;
}
}
return 0;
}
int config_parse_prefix(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL;
uint8_t prefixlen = 64;
union in_addr_union in6addr;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = in_addr_prefix_from_string(rvalue, AF_INET6, &in6addr, &prefixlen);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Prefix is invalid, ignoring assignment: %s", rvalue);
return 0;
}
r = sd_radv_prefix_set_prefix(p->radv_prefix, &in6addr.in6, prefixlen);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set radv prefix, ignoring assignment: %s", rvalue);
return 0;
}
p = NULL;
return 0;
}
int config_parse_prefix_flags(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = parse_boolean(rvalue);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s=, ignoring assignment: %s", lvalue, rvalue);
return 0;
}
if (streq(lvalue, "OnLink"))
r = sd_radv_prefix_set_onlink(p->radv_prefix, r);
else if (streq(lvalue, "AddressAutoconfiguration"))
r = sd_radv_prefix_set_address_autoconfiguration(p->radv_prefix, r);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set %s=, ignoring assignment: %m", lvalue);
return 0;
}
p = NULL;
return 0;
}
int config_parse_prefix_lifetime(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL;
usec_t usec;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = parse_sec(rvalue, &usec);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Lifetime is invalid, ignoring assignment: %s", rvalue);
return 0;
}
/* a value of 0xffffffff represents infinity */
if (streq(lvalue, "PreferredLifetimeSec"))
r = sd_radv_prefix_set_preferred_lifetime(p->radv_prefix,
DIV_ROUND_UP(usec, USEC_PER_SEC));
else if (streq(lvalue, "ValidLifetimeSec"))
r = sd_radv_prefix_set_valid_lifetime(p->radv_prefix,
DIV_ROUND_UP(usec, USEC_PER_SEC));
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set %s=, ignoring assignment: %m", lvalue);
return 0;
}
p = NULL;
return 0;
}
int config_parse_prefix_assign(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = parse_boolean(rvalue);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to parse %s=, ignoring assignment: %s",
lvalue, rvalue);
return 0;
}
p->assign = r;
p = NULL;
return 0;
}
int config_parse_prefix_metric(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = safe_atou32(rvalue, &p->route_metric);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to parse %s=, ignoring assignment: %s",
lvalue, rvalue);
return 0;
}
TAKE_PTR(p);
return 0;
}
int config_parse_route_prefix(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(route_prefix_free_or_set_invalidp) RoutePrefix *p = NULL;
uint8_t prefixlen = 64;
union in_addr_union in6addr;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = route_prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = in_addr_prefix_from_string(rvalue, AF_INET6, &in6addr, &prefixlen);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Route prefix is invalid, ignoring assignment: %s", rvalue);
return 0;
}
r = sd_radv_prefix_set_route_prefix(p->radv_route_prefix, &in6addr.in6, prefixlen);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set route prefix, ignoring assignment: %m");
return 0;
}
p = NULL;
return 0;
}
int config_parse_route_prefix_lifetime(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(route_prefix_free_or_set_invalidp) RoutePrefix *p = NULL;
usec_t usec;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = route_prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = parse_sec(rvalue, &usec);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Route lifetime is invalid, ignoring assignment: %s", rvalue);
return 0;
}
/* a value of 0xffffffff represents infinity */
r = sd_radv_route_prefix_set_lifetime(p->radv_route_prefix, DIV_ROUND_UP(usec, USEC_PER_SEC));
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to set route lifetime, ignoring assignment: %m");
return 0;
}
p = NULL;
return 0;
}
static int network_get_ipv6_dns(Network *network, struct in6_addr **ret_addresses, size_t *ret_size) {
_cleanup_free_ struct in6_addr *addresses = NULL;
size_t n_addresses = 0;
@ -954,6 +643,373 @@ int radv_add_prefix(
return 0;
}
void network_drop_invalid_prefixes(Network *network) {
Prefix *prefix;
assert(network);
HASHMAP_FOREACH(prefix, network->prefixes_by_section)
if (section_is_invalid(prefix->section))
prefix_free(prefix);
}
void network_drop_invalid_route_prefixes(Network *network) {
RoutePrefix *prefix;
assert(network);
HASHMAP_FOREACH(prefix, network->route_prefixes_by_section)
if (section_is_invalid(prefix->section))
route_prefix_free(prefix);
}
int config_parse_prefix(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL;
uint8_t prefixlen = 64;
union in_addr_union in6addr;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = in_addr_prefix_from_string(rvalue, AF_INET6, &in6addr, &prefixlen);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Prefix is invalid, ignoring assignment: %s", rvalue);
return 0;
}
r = sd_radv_prefix_set_prefix(p->radv_prefix, &in6addr.in6, prefixlen);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set radv prefix, ignoring assignment: %s", rvalue);
return 0;
}
p = NULL;
return 0;
}
int config_parse_prefix_flags(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = parse_boolean(rvalue);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s=, ignoring assignment: %s", lvalue, rvalue);
return 0;
}
if (streq(lvalue, "OnLink"))
r = sd_radv_prefix_set_onlink(p->radv_prefix, r);
else if (streq(lvalue, "AddressAutoconfiguration"))
r = sd_radv_prefix_set_address_autoconfiguration(p->radv_prefix, r);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set %s=, ignoring assignment: %m", lvalue);
return 0;
}
p = NULL;
return 0;
}
int config_parse_prefix_lifetime(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL;
usec_t usec;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = parse_sec(rvalue, &usec);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Lifetime is invalid, ignoring assignment: %s", rvalue);
return 0;
}
/* a value of 0xffffffff represents infinity */
if (streq(lvalue, "PreferredLifetimeSec"))
r = sd_radv_prefix_set_preferred_lifetime(p->radv_prefix,
DIV_ROUND_UP(usec, USEC_PER_SEC));
else if (streq(lvalue, "ValidLifetimeSec"))
r = sd_radv_prefix_set_valid_lifetime(p->radv_prefix,
DIV_ROUND_UP(usec, USEC_PER_SEC));
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set %s=, ignoring assignment: %m", lvalue);
return 0;
}
p = NULL;
return 0;
}
int config_parse_prefix_assign(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = parse_boolean(rvalue);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to parse %s=, ignoring assignment: %s",
lvalue, rvalue);
return 0;
}
p->assign = r;
p = NULL;
return 0;
}
int config_parse_prefix_metric(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = safe_atou32(rvalue, &p->route_metric);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to parse %s=, ignoring assignment: %s",
lvalue, rvalue);
return 0;
}
TAKE_PTR(p);
return 0;
}
int config_parse_prefix_token(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
_cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL;
Network *network = userdata;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(userdata);
r = prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = config_parse_address_generation_type(unit, filename, line, section, section_line,
lvalue, ltype, rvalue, &p->tokens, userdata);
if (r < 0)
return r;
TAKE_PTR(p);
return 0;
}
int config_parse_route_prefix(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(route_prefix_free_or_set_invalidp) RoutePrefix *p = NULL;
uint8_t prefixlen = 64;
union in_addr_union in6addr;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = route_prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = in_addr_prefix_from_string(rvalue, AF_INET6, &in6addr, &prefixlen);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Route prefix is invalid, ignoring assignment: %s", rvalue);
return 0;
}
r = sd_radv_prefix_set_route_prefix(p->radv_route_prefix, &in6addr.in6, prefixlen);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set route prefix, ignoring assignment: %m");
return 0;
}
p = NULL;
return 0;
}
int config_parse_route_prefix_lifetime(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Network *network = userdata;
_cleanup_(route_prefix_free_or_set_invalidp) RoutePrefix *p = NULL;
usec_t usec;
int r;
assert(filename);
assert(section);
assert(lvalue);
assert(rvalue);
assert(data);
r = route_prefix_new_static(network, filename, section_line, &p);
if (r < 0)
return log_oom();
r = parse_sec(rvalue, &usec);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Route lifetime is invalid, ignoring assignment: %s", rvalue);
return 0;
}
/* a value of 0xffffffff represents infinity */
r = sd_radv_route_prefix_set_lifetime(p->radv_route_prefix, DIV_ROUND_UP(usec, USEC_PER_SEC));
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to set route lifetime, ignoring assignment: %m");
return 0;
}
p = NULL;
return 0;
}
int config_parse_radv_dns(
const char *unit,
const char *filename,

View File

@ -35,6 +35,7 @@ typedef struct Prefix {
bool assign;
uint32_t route_metric;
Set *tokens;
} Prefix;
typedef struct RoutePrefix {
@ -70,6 +71,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_prefix_flags);
CONFIG_PARSER_PROTOTYPE(config_parse_prefix_lifetime);
CONFIG_PARSER_PROTOTYPE(config_parse_prefix_assign);
CONFIG_PARSER_PROTOTYPE(config_parse_prefix_metric);
CONFIG_PARSER_PROTOTYPE(config_parse_prefix_token);
CONFIG_PARSER_PROTOTYPE(config_parse_radv_dns);
CONFIG_PARSER_PROTOTYPE(config_parse_radv_search_domains);
CONFIG_PARSER_PROTOTYPE(config_parse_route_prefix);

View File

@ -247,6 +247,7 @@ PreferredLifetimeSec=
AddressAutoconfiguration=
ValidLifetimeSec=
Assign=
Token=
RouteMetric=
[IPv6RoutePrefix]
Route=
@ -359,6 +360,7 @@ RouteAllowList=
RouteDenyList=
DenyList=
BlackList=
Token=
[DHCPServer]
EmitNTP=
PoolSize=

View File

@ -3,4 +3,6 @@ Name=veth99
[Network]
IPv6AcceptRA=true
IPv6Token=prefixstable
[IPv6AcceptRA]
Token=prefixstable

View File

@ -3,4 +3,6 @@ Name=veth99
[Network]
IPv6AcceptRA=true
IPv6Token=prefixstable:2002:da8:1::
[IPv6AcceptRA]
Token=prefixstable:2002:da8:1::

View File

@ -3,8 +3,10 @@ Name=veth99
[Network]
IPv6AcceptRA=true
IPv6Token=::1a:2b:3c:4d
IPv6Token=static:::fa:de:ca:fe
IPv6Token=::1a:2b:3c:4d
IPv6Token=static:::1a:2b:3c:4d
IPv6Token=::fa:de:ca:fe
[IPv6AcceptRA]
Token=::1a:2b:3c:4d
Token=static:::fa:de:ca:fe
Token=::1a:2b:3c:4d
Token=static:::1a:2b:3c:4d
Token=::fa:de:ca:fe

View File

@ -14,6 +14,8 @@ Prefix=2001:db8:0:1::/64
[IPv6Prefix]
Prefix=2001:db8:0:2::/64
Assign=yes
Token=::1a:2b:3c:4d
Token=static:::fa:de:ca:fe
[IPv6Prefix]
Prefix=2001:db8:0:3::/64

View File

@ -4895,7 +4895,8 @@ class NetworkdIPv6PrefixTests(unittest.TestCase, Utilities):
output = check_output('ip address show dev veth99')
print(output)
self.assertNotIn('inet6 2001:db8:0:1:', output)
self.assertIn('inet6 2001:db8:0:2:', output)
self.assertIn('inet6 2001:db8:0:2:1a:2b:3c:4d', output)
self.assertIn('inet6 2001:db8:0:2:fa:de:ca:fe', output)
self.assertNotIn('inet6 2001:db8:0:3:', output)
output = check_output(*resolvectl_cmd, 'dns', 'veth-peer', env=env)