1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00

Merge pull request #22574 from yuwata/network-dhcp-pd-fixes

network: dhcp-pd: fix two issues
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2022-02-22 17:53:00 +01:00 committed by GitHub
commit 09d0758b22
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 73 additions and 115 deletions

View File

@ -252,8 +252,8 @@ static int generate_addresses(
return 0;
}
int dhcp_pd_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret) {
return generate_addresses(link, link->network->dhcp_pd_tokens, &DHCP_PD_APP_ID, prefix, prefixlen, ret);
int dhcp_pd_generate_addresses(Link *link, const struct in6_addr *prefix, Set **ret) {
return generate_addresses(link, link->network->dhcp_pd_tokens, &DHCP_PD_APP_ID, prefix, 64, ret);
}
int ndisc_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret) {

View File

@ -7,7 +7,7 @@
typedef struct Link Link;
int dhcp_pd_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret);
int dhcp_pd_generate_addresses(Link *link, const struct in6_addr *prefix, Set **ret);
int ndisc_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret);
int radv_generate_addresses(Link *link, Set *tokens, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret);

View File

@ -307,7 +307,7 @@ static int dhcp_pd_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *
return 1;
}
static int dhcp_pd_request_route(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, usec_t lifetime_usec) {
static int dhcp_pd_request_route(Link *link, const struct in6_addr *prefix, usec_t lifetime_usec) {
_cleanup_(route_freep) Route *route = NULL;
Route *existing;
int r;
@ -326,7 +326,7 @@ static int dhcp_pd_request_route(Link *link, const struct in6_addr *prefix, uint
route->source = NETWORK_CONFIG_SOURCE_DHCP_PD;
route->family = AF_INET6;
route->dst.in6 = *prefix;
route->dst_prefixlen = prefixlen;
route->dst_prefixlen = 64;
route->protocol = RTPROT_DHCP;
route->priority = link->network->dhcp_pd_route_metric;
route->lifetime_usec = lifetime_usec;
@ -386,7 +386,6 @@ static void log_dhcp_pd_address(Link *link, const Address *address) {
static int dhcp_pd_request_address(
Link *link,
const struct in6_addr *prefix,
uint8_t prefixlen,
usec_t lifetime_preferred_usec,
usec_t lifetime_valid_usec) {
@ -401,7 +400,7 @@ static int dhcp_pd_request_address(
if (!link->network->dhcp_pd_assign)
return 0;
r = dhcp_pd_generate_addresses(link, prefix, prefixlen, &addresses);
r = dhcp_pd_generate_addresses(link, prefix, &addresses);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to generate addresses for acquired DHCP delegated prefix: %m");
@ -416,11 +415,10 @@ static int dhcp_pd_request_address(
address->source = NETWORK_CONFIG_SOURCE_DHCP_PD;
address->family = AF_INET6;
address->in_addr.in6 = *a;
address->prefixlen = prefixlen;
address->prefixlen = 64;
address->lifetime_preferred_usec = lifetime_preferred_usec;
address->lifetime_valid_usec = lifetime_valid_usec;
if (prefixlen == 64)
SET_FLAG(address->flags, IFA_F_MANAGETEMPADDR, link->network->dhcp_pd_manage_temporary_address);
SET_FLAG(address->flags, IFA_F_MANAGETEMPADDR, link->network->dhcp_pd_manage_temporary_address);
address->route_metric = link->network->dhcp_pd_route_metric;
log_dhcp_pd_address(link, address);
@ -489,20 +487,13 @@ static int dhcp_pd_get_preferred_subnet_prefix(
"subnet id %" PRIu64 " is out of range. Only have %" PRIu64 " subnets.",
link->network->dhcp_pd_subnet_id, UINT64_C(1) << (64 - pd_prefix_len));
if (link_get_by_dhcp_pd_subnet_prefix(link->manager, &prefix, &assigned_link) >= 0 &&
assigned_link != link) {
_cleanup_free_ char *assigned_buf = NULL;
(void) in6_addr_to_string(&prefix, &assigned_buf);
return log_link_warning_errno(link, SYNTHETIC_ERRNO(EAGAIN),
"The requested prefix %s is already assigned to another link.",
strna(assigned_buf));
}
*ret = prefix;
return 0;
}
if (dhcp_pd_get_assigned_subnet_prefix(link, pd_prefix, pd_prefix_len, ret) >= 0)
return 0;
for (uint64_t n = 0; ; n++) {
/* If we do not have an allocation preference just iterate
* through the address space and return the first free prefix. */
@ -519,11 +510,16 @@ static int dhcp_pd_get_preferred_subnet_prefix(
/* Check that the prefix is not assigned to another link. */
if (link_get_by_dhcp_pd_subnet_prefix(link->manager, &prefix, &assigned_link) < 0 ||
assigned_link == link) {
*ret = prefix;
return 0;
}
assigned_link == link)
break;
}
r = link_add_dhcp_pd_subnet_prefix(link, &prefix);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to save acquired free subnet prefix: %m");
*ret = prefix;
return 0;
}
static int dhcp_pd_assign_subnet_prefix(
@ -531,7 +527,8 @@ static int dhcp_pd_assign_subnet_prefix(
const struct in6_addr *pd_prefix,
uint8_t pd_prefix_len,
usec_t lifetime_preferred_usec,
usec_t lifetime_valid_usec) {
usec_t lifetime_valid_usec,
bool is_uplink) {
_cleanup_free_ char *buf = NULL;
struct in6_addr prefix;
@ -541,68 +538,31 @@ static int dhcp_pd_assign_subnet_prefix(
assert(link->network);
assert(pd_prefix);
if (dhcp_pd_get_assigned_subnet_prefix(link, pd_prefix, pd_prefix_len, &prefix) < 0 &&
dhcp_pd_get_preferred_subnet_prefix(link, pd_prefix, pd_prefix_len, &prefix) < 0)
return 0;
r = dhcp_pd_get_preferred_subnet_prefix(link, pd_prefix, pd_prefix_len, &prefix);
if (r < 0)
return r == -ERANGE ? 0 : r;
(void) in6_addr_prefix_to_string(&prefix, 64, &buf);
if (link_radv_enabled(link) && link->network->dhcp_pd_announce) {
r = radv_add_prefix(link, &prefix, 64, lifetime_preferred_usec, lifetime_valid_usec);
if (r < 0)
return log_link_warning_errno(link, r,
"Failed to assign/update prefix %s to IPv6 Router Advertisement: %m",
strna(buf));
if (is_uplink)
log_link_debug(link, "Ignoring Announce= setting on upstream interface.");
else {
r = radv_add_prefix(link, &prefix, 64, lifetime_preferred_usec, lifetime_valid_usec);
if (r < 0)
return log_link_warning_errno(link, r,
"Failed to assign/update prefix %s to IPv6 Router Advertisement: %m",
strna(buf));
}
}
r = dhcp_pd_request_route(link, &prefix, 64, lifetime_valid_usec);
r = dhcp_pd_request_route(link, &prefix, lifetime_valid_usec);
if (r < 0)
return log_link_warning_errno(link, r,
"Failed to assign/update route for prefix %s: %m",
strna(buf));
r = dhcp_pd_request_address(link, &prefix, 64, lifetime_preferred_usec, lifetime_valid_usec);
if (r < 0)
return log_link_warning_errno(link, r,
"Failed to assign/update address for prefix %s: %m",
strna(buf));
r = link_add_dhcp_pd_subnet_prefix(link, &prefix);
if (r < 0)
return log_link_warning_errno(link, r,
"Failed to save assigned prefix %s: %m",
strna(buf));
log_link_debug(link, "Assigned prefix %s", strna(buf));
return 1;
}
static int dhcp_pd_assign_prefix_on_uplink(
Link *link,
const struct in6_addr *pd_prefix,
uint8_t pd_prefix_len,
usec_t lifetime_preferred_usec,
usec_t lifetime_valid_usec) {
_cleanup_free_ char *buf = NULL;
int r;
assert(link);
assert(link->network);
assert(pd_prefix);
(void) in6_addr_prefix_to_string(pd_prefix, pd_prefix_len, &buf);
if (link->network->dhcp_pd_announce)
log_link_debug(link, "Ignoring Announce= setting on upstream interface.");
r = dhcp_pd_request_route(link, pd_prefix, pd_prefix_len, lifetime_valid_usec);
if (r < 0)
return log_link_warning_errno(link, r,
"Failed to assign/update route for prefix %s: %m",
strna(buf));
r = dhcp_pd_request_address(link, pd_prefix, pd_prefix_len, lifetime_preferred_usec, lifetime_valid_usec);
r = dhcp_pd_request_address(link, &prefix, lifetime_preferred_usec, lifetime_valid_usec);
if (r < 0)
return log_link_warning_errno(link, r,
"Failed to assign/update address for prefix %s: %m",
@ -954,19 +914,15 @@ static int dhcp4_pd_assign_subnet_prefix(Link *link, Link *uplink) {
return r;
if (streq_ptr(uplink->dhcp4_6rd_tunnel_name, link->ifname)) {
r = dhcp_pd_assign_prefix_on_uplink(link, &pd_prefix, pd_prefixlen, lifetime_usec, lifetime_usec);
if (r < 0)
return r;
r = dhcp4_pd_request_default_gateway_on_6rd_tunnel(link, &br_addresses[0], lifetime_usec);
if (r < 0)
return r;
} else {
r = dhcp_pd_assign_subnet_prefix(link, &pd_prefix, pd_prefixlen, lifetime_usec, lifetime_usec);
if (r < 0)
return r;
}
r = dhcp_pd_assign_subnet_prefix(link, &pd_prefix, pd_prefixlen, lifetime_usec, lifetime_usec, /* is_uplink = */ false);
if (r < 0)
return r;
return dhcp_pd_finalize(link);
}
@ -1127,10 +1083,9 @@ static int dhcp6_pd_assign_subnet_prefixes(Link *link, Link *uplink) {
lifetime_preferred_usec = usec_add(lifetime_preferred_sec * USEC_PER_SEC, timestamp_usec);
lifetime_valid_usec = usec_add(lifetime_valid_sec * USEC_PER_SEC, timestamp_usec);
if (link == uplink)
r = dhcp_pd_assign_prefix_on_uplink(link, &pd_prefix, pd_prefix_len, lifetime_preferred_usec, lifetime_valid_usec);
else
r = dhcp_pd_assign_subnet_prefix(link, &pd_prefix, pd_prefix_len, lifetime_preferred_usec, lifetime_valid_usec);
r = dhcp_pd_assign_subnet_prefix(link, &pd_prefix, pd_prefix_len,
lifetime_preferred_usec, lifetime_valid_usec,
/* is_uplink = */ link == uplink);
if (r < 0)
return r;
}

View File

@ -10,7 +10,7 @@ DHCPPrefixDelegation=yes
[DHCPPrefixDelegation]
UplinkInterface=veth99
SubnetId=2
SubnetId=0
Announce=no
Token=eui64
Token=::1a:2b:3c:4d

View File

@ -5269,11 +5269,11 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
# Link Subnet IDs
# test1: 0x00
# dummy97: 0x01 (The link will appear later)
# dummy98: 0x02
# dummy99: auto -> 0x03 (No address assignment)
# dummy98: 0x00
# dummy99: auto -> 0x02 (No address assignment)
# veth97: 0x08
# veth98: 0x09
# veth99: 0x10 (ignored, as it is upstream)
# veth99: 0x10
print('### ip -6 address show dev veth99 scope global')
output = check_output('ip -6 address show dev veth99 scope global')
@ -5281,9 +5281,12 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
# IA_NA
self.assertRegex(output, 'inet6 3ffe:501:ffff:100::[0-9]*/128 scope global (dynamic noprefixroute|noprefixroute dynamic)')
# address in IA_PD (Token=static)
self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]00:1a:2b:3c:4d/56 (metric 256 |)scope global dynamic')
self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]10:1a:2b:3c:4d/64 (metric 256 |)scope global dynamic')
# address in IA_PD (Token=eui64)
self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]00:1034:56ff:fe78:9abc/56 (metric 256 |)scope global dynamic')
self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]10:1034:56ff:fe78:9abc/64 (metric 256 |)scope global dynamic')
# address in IA_PD (temporary)
# Note that the temporary addresses may appear after the link enters configured state
self.wait_address('veth99', 'inet6 3ffe:501:ffff:[2-9a-f]10:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global temporary dynamic', ipv='-6')
print('### ip -6 address show dev test1 scope global')
output = check_output('ip -6 address show dev test1 scope global')
@ -5291,22 +5294,21 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
# address in IA_PD (Token=static)
self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]00:1a:2b:3c:4d/64 (metric 256 |)scope global dynamic mngtmpaddr')
# address in IA_PD (temporary)
# Note that the temporary addresses may appear after the link enters configured state
self.wait_address('test1', 'inet6 3ffe:501:ffff:[2-9a-f]00:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global temporary dynamic', ipv='-6')
print('### ip -6 address show dev dummy98 scope global')
output = check_output('ip -6 address show dev dummy98 scope global')
print(output)
# address in IA_PD (Token=static)
self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]02:1a:2b:3c:4d/64 (metric 256 |)scope global dynamic mngtmpaddr')
self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]00:1a:2b:3c:4d/64 (metric 256 |)scope global dynamic mngtmpaddr')
# address in IA_PD (temporary)
self.wait_address('dummy98', 'inet6 3ffe:501:ffff:[2-9a-f]02:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global temporary dynamic', ipv='-6')
self.wait_address('dummy98', 'inet6 3ffe:501:ffff:[2-9a-f]00:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global temporary dynamic', ipv='-6')
print('### ip -6 address show dev dummy99 scope global')
output = check_output('ip -6 address show dev dummy99 scope global')
print(output)
# Assign=no
self.assertNotRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]03')
self.assertNotRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]02')
print('### ip -6 address show dev veth97 scope global')
output = check_output('ip -6 address show dev veth97 scope global')
@ -5356,7 +5358,7 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
print('### ip -6 route show dev veth99')
output = check_output('ip -6 route show dev veth99')
print(output)
self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]00::/56 proto kernel metric [0-9]* expires')
self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]10::/64 proto kernel metric [0-9]* expires')
print('### ip -6 route show dev test1')
output = check_output('ip -6 route show dev test1')
@ -5366,12 +5368,12 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
print('### ip -6 route show dev dummy98')
output = check_output('ip -6 route show dev dummy98')
print(output)
self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]02::/64 proto kernel metric [0-9]* expires')
self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]00::/64 proto kernel metric [0-9]* expires')
print('### ip -6 route show dev dummy99')
output = check_output('ip -6 route show dev dummy99')
print(output)
self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]03::/64 proto dhcp metric [0-9]* expires')
self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]02::/64 proto dhcp metric [0-9]* expires')
print('### ip -6 route show dev veth97')
output = check_output('ip -6 route show dev veth97')
@ -5418,25 +5420,25 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
output = check_output('ip -6 address show dev dummy98 scope global')
print(output)
# address in IA_PD (Token=static)
self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]02:1a:2b:3c:4d/64 (metric 256 |)scope global dynamic mngtmpaddr')
self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]00:1a:2b:3c:4d/64 (metric 256 |)scope global dynamic mngtmpaddr')
# address in IA_PD (temporary)
self.wait_address('dummy98', 'inet6 3ffe:501:ffff:[2-9a-f]02:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global temporary dynamic', ipv='-6')
self.wait_address('dummy98', 'inet6 3ffe:501:ffff:[2-9a-f]00:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global temporary dynamic', ipv='-6')
print('### ip -6 address show dev dummy99 scope global')
output = check_output('ip -6 address show dev dummy99 scope global')
print(output)
# Assign=no
self.assertNotRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]03')
self.assertNotRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]02')
print('### ip -6 route show dev dummy98')
output = check_output('ip -6 route show dev dummy98')
print(output)
self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]02::/64 proto kernel metric [0-9]* expires')
self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]00::/64 proto kernel metric [0-9]* expires')
print('### ip -6 route show dev dummy99')
output = check_output('ip -6 route show dev dummy99')
print(output)
self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]03::/64 proto dhcp metric [0-9]* expires')
self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]02::/64 proto dhcp metric [0-9]* expires')
def verify_dhcp4_6rd(self, tunnel_name):
print('### ip -4 address show dev veth-peer scope global')
@ -5447,8 +5449,9 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
# Link Subnet IDs
# test1: 0x00
# dummy97: 0x01 (The link will appear later)
# dummy98: 0x02
# dummy99: auto -> 0x03 (No address assignment)
# dummy98: 0x00
# dummy99: auto -> 0x0[23] (No address assignment)
# 6rd-XXX: auto -> 0x0[23]
# veth97: 0x08
# veth98: 0x09
# veth99: 0x10
@ -5481,15 +5484,15 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
output = check_output('ip -6 address show dev dummy98 scope global')
print(output)
# address in IA_PD (Token=static)
self.assertRegex(output, 'inet6 2001:db8:6464:[0-9a-f]+02:1a:2b:3c:4d/64 (metric 256 |)scope global dynamic mngtmpaddr')
self.assertRegex(output, 'inet6 2001:db8:6464:[0-9a-f]+00:1a:2b:3c:4d/64 (metric 256 |)scope global dynamic mngtmpaddr')
# address in IA_PD (temporary)
self.wait_address('dummy98', 'inet6 2001:db8:6464:[0-9a-f]+02:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global temporary dynamic', ipv='-6')
self.wait_address('dummy98', 'inet6 2001:db8:6464:[0-9a-f]+00:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global temporary dynamic', ipv='-6')
print('### ip -6 address show dev dummy99 scope global')
output = check_output('ip -6 address show dev dummy99 scope global')
print(output)
# Assign=no
self.assertNotRegex(output, 'inet6 2001:db8:6464:[0-9a-f]+03')
self.assertNotRegex(output, 'inet6 2001:db8:6464:[0-9a-f]+0[23]')
print('### ip -6 address show dev veth97 scope global')
output = check_output('ip -6 address show dev veth97 scope global')
@ -5549,12 +5552,12 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
print('### ip -6 route show dev dummy98')
output = check_output('ip -6 route show dev dummy98')
print(output)
self.assertRegex(output, '2001:db8:6464:[0-9a-f]+02::/64 proto kernel metric [0-9]* expires')
self.assertRegex(output, '2001:db8:6464:[0-9a-f]+00::/64 proto kernel metric [0-9]* expires')
print('### ip -6 route show dev dummy99')
output = check_output('ip -6 route show dev dummy99')
print(output)
self.assertRegex(output, '2001:db8:6464:[0-9a-f]+03::/64 proto dhcp metric [0-9]* expires')
self.assertRegex(output, '2001:db8:6464:[0-9a-f]+0[23]::/64 proto dhcp metric [0-9]* expires')
print('### ip -6 route show dev veth97')
output = check_output('ip -6 route show dev veth97')
@ -5601,13 +5604,13 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
print('### ip -6 address show dev {}'.format(tunnel_name))
output = check_output('ip -6 address show dev {}'.format(tunnel_name))
print(output)
self.assertRegex(output, 'inet6 2001:db8:6464:[0-9a-f]+00:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/56 (metric 256 |)scope global dynamic')
self.assertRegex(output, 'inet6 2001:db8:6464:[0-9a-f]+0[23]:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global dynamic')
self.assertRegex(output, 'inet6 ::10.100.100.[0-9]+/96 scope global')
print('### ip -6 route show dev {}'.format(tunnel_name))
output = check_output('ip -6 route show dev {}'.format(tunnel_name))
print(output)
self.assertRegex(output, '2001:db8:6464:[0-9a-f]+00::/56 proto kernel metric [0-9]* expires')
self.assertRegex(output, '2001:db8:6464:[0-9a-f]+0[23]::/64 proto kernel metric [0-9]* expires')
self.assertRegex(output, '::/96 proto kernel metric [0-9]*')
print('### ip -6 route show default')