diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 52043789ed9..77ed77918cf 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -488,53 +488,6 @@ Gateway=0.0.0.0 Table=1234 - - IPv6Token= - - Specifies an optional address generation mode for the Stateless Address - Autoconfiguration (SLAAC). Supported modes are prefixstable and - static. - - When the mode is set to static, an IPv6 address must be - specified after a colon (:), and the lower bits of the supplied - address are combined with the upper bits of a prefix received in a Router Advertisement - (RA) message to form a complete address. Note that if multiple prefixes are received in an - RA message, or in multiple RA messages, addresses will be formed from each of them using - the supplied address. This mode implements SLAAC but uses a static interface identifier - instead of an identifier generated by using the EUI-64 algorithm. Because the interface - identifier is static, if Duplicate Address Detection detects that the computed address is a - duplicate (in use by another node on the link), then this mode will fail to provide an - address for that prefix. If an IPv6 address without mode is specified, then - static mode is assumed. - - When the mode is set to prefixstable the - RFC 7217 algorithm for generating - interface identifiers will be used. This mode can optionally take an IPv6 address separated - with a colon (:). If an IPv6 address is specified, then an interface - identifier is generated only when a prefix received in an RA message matches the supplied - address. - - If no address generation mode is specified (which is the default), or a received - prefix does not match any of the addresses provided in prefixstable - mode, then the EUI-64 algorithm will be used to form an interface identifier for that - prefix. This mode is also SLAAC, but with a potentially stable interface identifier which - does not directly map to the interface's hardware address. - - Note that the prefixstable algorithm uses both the interface - name and MAC address as input to the hash to compute the interface identifier, so if either - of those are changed the resulting interface identifier (and address) will change, even if - the prefix received in the RA message has not changed. - - This setting can be specified multiple times. If an empty string is assigned, then - the all previous assignments are cleared. - - Examples: - IPv6Token=::1a:2b:3c:4d -IPv6Token=static:::1a:2b:3c:4d -IPv6Token=prefixstable -IPv6Token=prefixstable:2002:da8:1:: - - LLMNR= @@ -2205,11 +2158,9 @@ IPv6Token=prefixstable:2002:da8:1:: Token= Specifies an optional address generation mode for assigning an address in each - delegated prefix. Takes an IPv6 address. When set, the lower bits of the supplied address is - combined with the upper bits of each delegatad prefix received from the WAN interface by the - DHCPv6 Prefix Delegation to form a complete address. When Assign= is - disabled, this setting is ignored. When unset, the EUI-64 algorithm will be used to form - addresses. Defaults to unset. + delegated prefix. This accepts the same syntax as Token= in the + [IPv6AcceptRA] section. If Assign= is set to false, then this setting will + be ignored. Defaults to unset, which means the EUI-64 algorithm will be used. @@ -2236,6 +2187,57 @@ IPv6Token=prefixstable:2002:da8:1:: with the IPv6AcceptRA= setting described above: + + Token= + + Specifies an optional address generation mode for the Stateless Address + Autoconfiguration (SLAAC). Supported modes are eui64, + static, and prefixstable. + + When the mode is set to eui64, then the EUI-64 algorithm will be + used to generate an address for that prefix. + + When the mode is set to static, an IPv6 address must be + specified after a colon (:), and the lower bits of the supplied + address are combined with the upper bits of a prefix received in a Router Advertisement + (RA) message to form a complete address. Note that if multiple prefixes are received in an + RA message, or in multiple RA messages, addresses will be formed from each of them using + the supplied address. This mode implements SLAAC but uses a static interface identifier + instead of an identifier generated by using the EUI-64 algorithm. Because the interface + identifier is static, if Duplicate Address Detection detects that the computed address is a + duplicate (in use by another node on the link), then this mode will fail to provide an + address for that prefix. If an IPv6 address without mode is specified, then + static mode is assumed. + + When the mode is set to prefixstable the + RFC 7217 algorithm for generating + interface identifiers will be used. This mode can optionally take an IPv6 address separated + with a colon (:). If an IPv6 address is specified, then an interface + identifier is generated only when a prefix received in an RA message matches the supplied + address. + + If no address generation mode is specified (which is the default), or a received + prefix does not match any of the addresses provided in prefixstable + mode, then the EUI-64 algorithm will be used to form an interface identifier for that + prefix. + + Note that the prefixstable algorithm uses both the interface + name and MAC address as input to the hash to compute the interface identifier, so if either + of those are changed the resulting interface identifier (and address) will be changed, even + if the prefix received in the RA message has not been changed. + + This setting can be specified multiple times. If an empty string is assigned, then + the all previous assignments are cleared. + + Examples: + Token=eui64 +Token=::1a:2b:3c:4d +Token=static:::1a:2b:3c:4d +Token=prefixstable +Token=prefixstable:2002:da8:1:: + + + UseDNS= @@ -2727,6 +2729,16 @@ IPv6Token=prefixstable:2002:da8:1:: + + Token= + + Specifies an optional address generation mode for assigning an address in each + prefix. This accepts the same syntax as Token= in the [IPv6AcceptRA] + section. If Assign= is set to false, then this setting will be ignored. + Defaults to unset, which means the EUI-64 algorithm will be used. + + + RouteMetric= diff --git a/src/basic/in-addr-util.c b/src/basic/in-addr-util.c index 3d392afc082..a43a8319912 100644 --- a/src/basic/in-addr-util.c +++ b/src/basic/in-addr-util.c @@ -621,64 +621,119 @@ int in4_addr_default_subnet_mask(const struct in_addr *addr, struct in_addr *mas return 0; } +int in4_addr_mask(struct in_addr *addr, unsigned char prefixlen) { + struct in_addr mask; + + assert(addr); + + if (!in4_addr_prefixlen_to_netmask(&mask, prefixlen)) + return -EINVAL; + + addr->s_addr &= mask.s_addr; + return 0; +} + +int in6_addr_mask(struct in6_addr *addr, unsigned char prefixlen) { + unsigned i; + + for (i = 0; i < 16; i++) { + uint8_t mask; + + if (prefixlen >= 8) { + mask = 0xFF; + prefixlen -= 8; + } else if (prefixlen > 0) { + mask = 0xFF << (8 - prefixlen); + prefixlen = 0; + } else { + assert(prefixlen == 0); + mask = 0; + } + + addr->s6_addr[i] &= mask; + } + + return 0; +} + int in_addr_mask(int family, union in_addr_union *addr, unsigned char prefixlen) { assert(addr); - if (family == AF_INET) { - struct in_addr mask; - - if (!in4_addr_prefixlen_to_netmask(&mask, prefixlen)) - return -EINVAL; - - addr->in.s_addr &= mask.s_addr; - return 0; + switch (family) { + case AF_INET: + return in4_addr_mask(&addr->in, prefixlen); + case AF_INET6: + return in6_addr_mask(&addr->in6, prefixlen); + default: + return -EAFNOSUPPORT; } - - if (family == AF_INET6) { - unsigned i; - - for (i = 0; i < 16; i++) { - uint8_t mask; - - if (prefixlen >= 8) { - mask = 0xFF; - prefixlen -= 8; - } else { - mask = 0xFF << (8 - prefixlen); - prefixlen = 0; - } - - addr->in6.s6_addr[i] &= mask; - } - - return 0; - } - - return -EAFNOSUPPORT; } -int in_addr_prefix_covers(int family, - const union in_addr_union *prefix, - unsigned char prefixlen, - const union in_addr_union *address) { +int in4_addr_prefix_covers( + const struct in_addr *prefix, + unsigned char prefixlen, + const struct in_addr *address) { - union in_addr_union masked_prefix, masked_address; + struct in_addr masked_prefix, masked_address; int r; assert(prefix); assert(address); masked_prefix = *prefix; - r = in_addr_mask(family, &masked_prefix, prefixlen); + r = in4_addr_mask(&masked_prefix, prefixlen); if (r < 0) return r; masked_address = *address; - r = in_addr_mask(family, &masked_address, prefixlen); + r = in4_addr_mask(&masked_address, prefixlen); if (r < 0) return r; - return in_addr_equal(family, &masked_prefix, &masked_address); + return in4_addr_equal(&masked_prefix, &masked_address); +} + +int in6_addr_prefix_covers( + const struct in6_addr *prefix, + unsigned char prefixlen, + const struct in6_addr *address) { + + struct in6_addr masked_prefix, masked_address; + int r; + + assert(prefix); + assert(address); + + masked_prefix = *prefix; + r = in6_addr_mask(&masked_prefix, prefixlen); + if (r < 0) + return r; + + masked_address = *address; + r = in6_addr_mask(&masked_address, prefixlen); + if (r < 0) + return r; + + return in6_addr_equal(&masked_prefix, &masked_address); +} + +int in_addr_prefix_covers( + int family, + const union in_addr_union *prefix, + unsigned char prefixlen, + const union in_addr_union *address) { + + assert(prefix); + assert(address); + + switch (family) { + case AF_INET: + return in4_addr_prefix_covers(&prefix->in, prefixlen, &address->in); + case AF_INET6: + return in6_addr_prefix_covers(&prefix->in6, prefixlen, &address->in6); + default: + return -EAFNOSUPPORT; + } } int in_addr_parse_prefixlen(int family, const char *p, unsigned char *ret) { @@ -846,3 +901,9 @@ int in6_addr_compare_func(const struct in6_addr *a, const struct in6_addr *b) { } DEFINE_HASH_OPS(in6_addr_hash_ops, struct in6_addr, in6_addr_hash_func, in6_addr_compare_func); +DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR( + in6_addr_hash_ops_free, + struct in6_addr, + in6_addr_hash_func, + in6_addr_compare_func, + free); diff --git a/src/basic/in-addr-util.h b/src/basic/in-addr-util.h index c74b0d512b4..97715a230cd 100644 --- a/src/basic/in-addr-util.h +++ b/src/basic/in-addr-util.h @@ -89,7 +89,11 @@ unsigned char in4_addr_netmask_to_prefixlen(const struct in_addr *addr); struct in_addr* in4_addr_prefixlen_to_netmask(struct in_addr *addr, unsigned char prefixlen); int in4_addr_default_prefixlen(const struct in_addr *addr, unsigned char *prefixlen); int in4_addr_default_subnet_mask(const struct in_addr *addr, struct in_addr *mask); +int in4_addr_mask(struct in_addr *addr, unsigned char prefixlen); +int in6_addr_mask(struct in6_addr *addr, unsigned char prefixlen); int in_addr_mask(int family, union in_addr_union *addr, unsigned char prefixlen); +int in4_addr_prefix_covers(const struct in_addr *prefix, unsigned char prefixlen, const struct in_addr *address); +int in6_addr_prefix_covers(const struct in6_addr *prefix, unsigned char prefixlen, const struct in6_addr *address); int in_addr_prefix_covers(int family, const union in_addr_union *prefix, unsigned char prefixlen, const union in_addr_union *address); int in_addr_parse_prefixlen(int family, const char *p, unsigned char *ret); int in_addr_prefix_from_string(const char *p, int family, union in_addr_union *ret_prefix, unsigned char *ret_prefixlen); @@ -119,6 +123,7 @@ int in6_addr_compare_func(const struct in6_addr *a, const struct in6_addr *b); extern const struct hash_ops in_addr_data_hash_ops; extern const struct hash_ops in6_addr_hash_ops; +extern const struct hash_ops in6_addr_hash_ops_free; #define IPV4_ADDRESS_FMT_STR "%u.%u.%u.%u" #define IPV4_ADDRESS_FMT_VAL(address) \ diff --git a/src/network/meson.build b/src/network/meson.build index 2ea12c8d030..dedfc90f4df 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -51,6 +51,8 @@ sources = files(''' netdev/macsec.h netdev/xfrm.c netdev/xfrm.h + networkd-address-generation.c + networkd-address-generation.h networkd-address-label.c networkd-address-label.h networkd-address-pool.c diff --git a/src/network/networkd-address-generation.c b/src/network/networkd-address-generation.c new file mode 100644 index 00000000000..2d574ee78bc --- /dev/null +++ b/src/network/networkd-address-generation.c @@ -0,0 +1,379 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include + +#include "sd-id128.h" + +#include "memory-util.h" +#include "networkd-address-generation.h" +#include "networkd-link.h" +#include "networkd-network.h" +#include "string-util.h" + +#define DAD_CONFLICTS_IDGEN_RETRIES_RFC7217 3 + +/* https://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xml */ +#define SUBNET_ROUTER_ANYCAST_ADDRESS ((const struct in6_addr) { .s6_addr = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }) +#define SUBNET_ROUTER_ANYCAST_PREFIXLEN 64 +#define RESERVED_INTERFACE_IDENTIFIERS_ADDRESS ((const struct in6_addr) { .s6_addr = { 0x02, 0x00, 0x5E, 0xFF, 0xFE } }) +#define RESERVED_INTERFACE_IDENTIFIERS_PREFIXLEN 40 +#define RESERVED_SUBNET_ANYCAST_ADDRESSES ((const struct in6_addr) { .s6_addr = { 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80 } }) +#define RESERVED_SUBNET_ANYCAST_PREFIXLEN 57 + +#define DHCP6PD_APP_ID SD_ID128_MAKE(fb,b9,37,ca,4a,ed,4a,4d,b0,70,7f,aa,71,c0,c9,85) +#define NDISC_APP_ID SD_ID128_MAKE(13,ac,81,a7,d5,3f,49,78,92,79,5d,0c,29,3a,bc,7e) +#define RADV_APP_ID SD_ID128_MAKE(1f,1e,90,c8,5c,78,4f,dc,8e,61,2d,59,0d,53,c1,25) + +typedef enum AddressGenerationType { + ADDRESS_GENERATION_EUI64, + ADDRESS_GENERATION_STATIC, + ADDRESS_GENERATION_PREFIXSTABLE, + _ADDRESS_GENERATION_TYPE_MAX, + _ADDRESS_GENERATION_TYPE_INVALID = -EINVAL, +} AddressGenerationType; + +typedef struct IPv6Token { + AddressGenerationType type; + struct in6_addr address; +} IPv6Token; + +static void generate_eui64_address(const Link *link, const struct in6_addr *prefix, struct in6_addr *ret) { + assert(link); + assert(prefix); + assert(ret); + + memcpy(ret->s6_addr, prefix, 8); + + if (link->iftype == ARPHRD_INFINIBAND) + /* Use last 8 byte. See RFC4391 section 8 */ + memcpy(&ret->s6_addr[8], &link->hw_addr.infiniband[INFINIBAND_ALEN - 8], 8); + else { + /* see RFC4291 section 2.5.1 */ + ret->s6_addr[8] = link->hw_addr.ether.ether_addr_octet[0]; + ret->s6_addr[9] = link->hw_addr.ether.ether_addr_octet[1]; + ret->s6_addr[10] = link->hw_addr.ether.ether_addr_octet[2]; + ret->s6_addr[11] = 0xff; + ret->s6_addr[12] = 0xfe; + ret->s6_addr[13] = link->hw_addr.ether.ether_addr_octet[3]; + ret->s6_addr[14] = link->hw_addr.ether.ether_addr_octet[4]; + ret->s6_addr[15] = link->hw_addr.ether.ether_addr_octet[5]; + } + + ret->s6_addr[8] ^= 1 << 1; +} + +static bool stable_private_address_is_valid(const struct in6_addr *addr) { + assert(addr); + + /* According to rfc4291, generated address should not be in the following ranges. */ + + if (in6_addr_prefix_covers(&SUBNET_ROUTER_ANYCAST_ADDRESS, SUBNET_ROUTER_ANYCAST_PREFIXLEN, addr)) + return false; + + if (in6_addr_prefix_covers(&RESERVED_INTERFACE_IDENTIFIERS_ADDRESS, RESERVED_INTERFACE_IDENTIFIERS_PREFIXLEN, addr)) + return false; + + if (in6_addr_prefix_covers(&RESERVED_SUBNET_ANYCAST_ADDRESSES, RESERVED_SUBNET_ANYCAST_PREFIXLEN, addr)) + return false; + + return true; +} + +static void generate_stable_private_address_one( + Link *link, + const sd_id128_t *secret_key, + const struct in6_addr *prefix, + uint8_t dad_counter, + struct in6_addr *ret) { + + struct siphash state; + uint64_t rid; + + assert(link); + assert(secret_key); + assert(prefix); + assert(ret); + + /* According to RFC7217 section 5.1 + * RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) */ + + siphash24_init(&state, secret_key->bytes); + + siphash24_compress(prefix, 8, &state); + siphash24_compress_string(link->ifname, &state); + if (link->iftype == ARPHRD_INFINIBAND) + /* Only last 8 bytes of IB MAC are stable */ + siphash24_compress(&link->hw_addr.infiniband[INFINIBAND_ALEN - 8], 8, &state); + else + siphash24_compress(link->hw_addr.bytes, link->hw_addr.length, &state); + siphash24_compress(&dad_counter, sizeof(uint8_t), &state); + + rid = htole64(siphash24_finalize(&state)); + + memcpy(ret->s6_addr, prefix->s6_addr, 8); + memcpy(ret->s6_addr + 8, &rid, 8); +} + +static int generate_stable_private_address( + Link *link, + const sd_id128_t *app_id, + const struct in6_addr *prefix, + struct in6_addr *ret) { + + struct in6_addr addr; + sd_id128_t secret_key; + uint8_t i; + int r; + + assert(link); + assert(app_id); + assert(prefix); + assert(ret); + + r = sd_id128_get_machine_app_specific(*app_id, &secret_key); + if (r < 0) + return log_link_debug_errno(link, r, "Failed to generate secret key for IPv6 stable private address: %m"); + + /* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop does + * not actually attempt Duplicate Address Detection; the counter will be incremented only when + * the address generation algorithm produces an invalid address, and the loop may exit with an + * address which ends up being unusable due to duplication on the link. */ + for (i = 0; i < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; i++) { + generate_stable_private_address_one(link, &secret_key, prefix, i, &addr); + + if (stable_private_address_is_valid(&addr)) + break; + } + if (i >= DAD_CONFLICTS_IDGEN_RETRIES_RFC7217) + /* propagate recognizable errors. */ + return log_link_debug_errno(link, SYNTHETIC_ERRNO(ENOANO), + "Failed to generate stable private address."); + + *ret = addr; + return 0; +} + +static int generate_addresses( + Link *link, + Set *tokens, + const sd_id128_t *app_id, + const struct in6_addr *prefix, + uint8_t prefixlen, + Set **ret) { + + _cleanup_set_free_ Set *addresses = NULL; + struct in6_addr masked; + IPv6Token *j; + int r; + + assert(link); + assert(app_id); + assert(prefix); + assert(prefixlen > 0 && prefixlen <= 64); + assert(ret); + + masked = *prefix; + in6_addr_mask(&masked, prefixlen); + + SET_FOREACH(j, tokens) { + struct in6_addr addr, *copy; + + switch (j->type) { + case ADDRESS_GENERATION_EUI64: + generate_eui64_address(link, &masked, &addr); + break; + + case ADDRESS_GENERATION_STATIC: + memcpy(addr.s6_addr, masked.s6_addr, 8); + memcpy(addr.s6_addr + 8, j->address.s6_addr + 8, 8); + break; + + case ADDRESS_GENERATION_PREFIXSTABLE: + if (in6_addr_is_set(&j->address) && !in6_addr_equal(&j->address, &masked)) + continue; + + if (generate_stable_private_address(link, app_id, &masked, &addr) < 0) + continue; + + break; + + default: + assert_not_reached(); + } + + copy = newdup(struct in6_addr, &addr, 1); + if (!copy) + return -ENOMEM; + + r = set_ensure_consume(&addresses, &in6_addr_hash_ops_free, copy); + if (r < 0) + return r; + } + + /* fall back to EUI-64 if no token is provided */ + if (set_isempty(addresses)) { + struct in6_addr *addr; + + addr = new(struct in6_addr, 1); + if (!addr) + return -ENOMEM; + + generate_eui64_address(link, &masked, addr); + + r = set_ensure_consume(&addresses, &in6_addr_hash_ops_free, addr); + if (r < 0) + return r; + } + + *ret = TAKE_PTR(addresses); + return 0; +} + +int dhcp6_pd_generate_addresses(Link *link, const struct in6_addr *prefix, Set **ret) { + return generate_addresses(link, link->network->dhcp6_pd_tokens, &DHCP6PD_APP_ID, prefix, 64, ret); +} + +int ndisc_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret) { + return generate_addresses(link, link->network->ndisc_tokens, &NDISC_APP_ID, prefix, prefixlen, ret); +} + +int radv_generate_addresses(Link *link, Set *tokens, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret) { + return generate_addresses(link, tokens, &RADV_APP_ID, prefix, prefixlen, ret); +} + +static void ipv6_token_hash_func(const IPv6Token *p, struct siphash *state) { + siphash24_compress(&p->type, sizeof(p->type), state); + siphash24_compress(&p->address, sizeof(p->address), state); +} + +static int ipv6_token_compare_func(const IPv6Token *a, const IPv6Token *b) { + int r; + + r = CMP(a->type, b->type); + if (r != 0) + return r; + + return memcmp(&a->address, &b->address, sizeof(struct in6_addr)); +} + +DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( + ipv6_token_hash_ops, + IPv6Token, + ipv6_token_hash_func, + ipv6_token_compare_func, + free); + +static int ipv6_token_add(Set **tokens, AddressGenerationType type, const struct in6_addr *addr) { + IPv6Token *p; + + assert(tokens); + assert(type >= 0 && type < _ADDRESS_GENERATION_TYPE_MAX); + assert(addr); + + p = new(IPv6Token, 1); + if (!p) + return -ENOMEM; + + *p = (IPv6Token) { + .type = type, + .address = *addr, + }; + + return set_ensure_consume(tokens, &ipv6_token_hash_ops, p); +} + +int config_parse_address_generation_type( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + union in_addr_union buffer = {}; + AddressGenerationType type; + Set **tokens = data; + const char *p; + int r; + + assert(filename); + assert(lvalue); + assert(rvalue); + assert(data); + + if (isempty(rvalue)) { + *tokens = set_free(*tokens); + return 0; + } + + if ((p = startswith(rvalue, "prefixstable"))) { + type = ADDRESS_GENERATION_PREFIXSTABLE; + + if (*p == ':') + p++; + else if (*p == '\0') + p = NULL; + else { + log_syntax(unit, LOG_WARNING, filename, line, 0, + "Invalid IPv6 token mode in %s=, ignoring assignment: %s", + lvalue, rvalue); + return 0; + } + + } else if (streq(rvalue, "eui64")) { + type = ADDRESS_GENERATION_EUI64; + p = NULL; + } else { + type = ADDRESS_GENERATION_STATIC; + + p = startswith(rvalue, "static:"); + if (!p) + p = rvalue; + } + + if (p) { + r = in_addr_from_string(AF_INET6, p, &buffer); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, + "Failed to parse IP address in %s=, ignoring assignment: %s", + lvalue, rvalue); + return 0; + } + } + + switch (type) { + case ADDRESS_GENERATION_EUI64: + assert(in6_addr_is_null(&buffer.in6)); + break; + + case ADDRESS_GENERATION_STATIC: + /* Only last 64 bits are used. */ + memzero(buffer.in6.s6_addr, 8); + + if (in6_addr_is_null(&buffer.in6)) { + log_syntax(unit, LOG_WARNING, filename, line, 0, + "IPv6 address in %s= cannot be the ANY address, ignoring assignment: %s", + lvalue, rvalue); + return 0; + } + break; + + case ADDRESS_GENERATION_PREFIXSTABLE: + /* At most, the initial 64 bits are used. */ + (void) in6_addr_mask(&buffer.in6, 64); + break; + + default: + assert_not_reached(); + } + + r = ipv6_token_add(tokens, type, &buffer.in6); + if (r < 0) + return log_oom(); + + return 0; +} diff --git a/src/network/networkd-address-generation.h b/src/network/networkd-address-generation.h new file mode 100644 index 00000000000..391a6ccc970 --- /dev/null +++ b/src/network/networkd-address-generation.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +#include "conf-parser.h" +#include "in-addr-util.h" +#include "set.h" + +typedef struct Link Link; + +int dhcp6_pd_generate_addresses(Link *link, const struct in6_addr *prefix, Set **ret); +int ndisc_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret); +int radv_generate_addresses(Link *link, Set *tokens, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret); + +CONFIG_PARSER_PROTOTYPE(config_parse_address_generation_type); diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c index 002827eb784..33afdb0335d 100644 --- a/src/network/networkd-address.c +++ b/src/network/networkd-address.c @@ -57,32 +57,6 @@ static int address_flags_to_string_alloc(uint32_t flags, int family, char **ret) return 0; } -int generate_ipv6_eui_64_address(const Link *link, struct in6_addr *ret) { - assert(link); - assert(ret); - - if (link->iftype == ARPHRD_INFINIBAND) { - /* see RFC4391 section 8 */ - memcpy(&ret->s6_addr[8], &link->hw_addr.infiniband[12], 8); - ret->s6_addr[8] ^= 1 << 1; - - return 0; - } - - /* see RFC4291 section 2.5.1 */ - ret->s6_addr[8] = link->hw_addr.ether.ether_addr_octet[0]; - ret->s6_addr[8] ^= 1 << 1; - ret->s6_addr[9] = link->hw_addr.ether.ether_addr_octet[1]; - ret->s6_addr[10] = link->hw_addr.ether.ether_addr_octet[2]; - ret->s6_addr[11] = 0xff; - ret->s6_addr[12] = 0xfe; - ret->s6_addr[13] = link->hw_addr.ether.ether_addr_octet[3]; - ret->s6_addr[14] = link->hw_addr.ether.ether_addr_octet[4]; - ret->s6_addr[15] = link->hw_addr.ether.ether_addr_octet[5]; - - return 0; -} - int address_new(Address **ret) { _cleanup_(address_freep) Address *address = NULL; diff --git a/src/network/networkd-address.h b/src/network/networkd-address.h index 0fd3163fc4e..20e957ccafb 100644 --- a/src/network/networkd-address.h +++ b/src/network/networkd-address.h @@ -67,8 +67,6 @@ int address_dup(const Address *src, Address **ret); bool address_is_ready(const Address *a); void address_set_broadcast(Address *a); -int generate_ipv6_eui_64_address(const Link *link, struct in6_addr *ret); - DEFINE_NETWORK_SECTION_FUNCTIONS(Address, address_free); int link_drop_addresses(Link *link); diff --git a/src/network/networkd-dhcp6.c b/src/network/networkd-dhcp6.c index 23a0f5fb53d..8827d33c2a6 100644 --- a/src/network/networkd-dhcp6.c +++ b/src/network/networkd-dhcp6.c @@ -14,6 +14,7 @@ #include "hostname-util.h" #include "in-addr-prefix-util.h" #include "missing_network.h" +#include "networkd-address-generation.h" #include "networkd-address.h" #include "networkd-dhcp6.h" #include "networkd-link.h" @@ -361,8 +362,8 @@ static int dhcp6_pd_request_address( uint32_t lifetime_preferred, uint32_t lifetime_valid) { - _cleanup_(address_freep) Address *address = NULL; - Address *existing; + _cleanup_set_free_ Set *addresses = NULL; + struct in6_addr *a; int r; assert(link); @@ -372,40 +373,40 @@ static int dhcp6_pd_request_address( if (!link->network->dhcp6_pd_assign) return 0; - r = address_new(&address); + r = dhcp6_pd_generate_addresses(link, prefix, &addresses); if (r < 0) - return log_link_error_errno(link, r, "Failed to allocate address for DHCPv6 delegated prefix: %m"); + return log_link_warning_errno(link, r, "Failed to generate addresses for acquired DHCPv6 delegated prefix: %m"); - address->in_addr.in6 = *prefix; + SET_FOREACH(a, addresses) { + _cleanup_(address_freep) Address *address = NULL; + Address *existing; - if (in6_addr_is_set(&link->network->dhcp6_pd_token)) - memcpy(address->in_addr.in6.s6_addr + 8, link->network->dhcp6_pd_token.s6_addr + 8, 8); - else { - r = generate_ipv6_eui_64_address(link, &address->in_addr.in6); + r = address_new(&address); if (r < 0) - return log_link_warning_errno(link, r, "Failed to generate EUI64 address for acquired DHCPv6 delegated prefix: %m"); + return log_link_error_errno(link, r, "Failed to allocate address for DHCPv6 delegated prefix: %m"); + + address->source = NETWORK_CONFIG_SOURCE_DHCP6PD; + address->family = AF_INET6; + address->in_addr.in6 = *a; + address->prefixlen = 64; + address->cinfo.ifa_prefered = lifetime_preferred; + address->cinfo.ifa_valid = lifetime_valid; + SET_FLAG(address->flags, IFA_F_MANAGETEMPADDR, link->network->dhcp6_pd_manage_temporary_address); + address->route_metric = link->network->dhcp6_pd_route_metric; + + log_dhcp6_pd_address(link, address); + + if (address_get(link, address, &existing) < 0) + link->dhcp6_pd_configured = false; + else + address_unmark(existing); + + r = link_request_address(link, TAKE_PTR(address), true, &link->dhcp6_pd_messages, + dhcp6_pd_address_handler, NULL); + if (r < 0) + return log_link_error_errno(link, r, "Failed to request DHCPv6 delegated prefix address: %m"); } - address->source = NETWORK_CONFIG_SOURCE_DHCP6PD; - address->prefixlen = 64; - address->family = AF_INET6; - address->cinfo.ifa_prefered = lifetime_preferred; - address->cinfo.ifa_valid = lifetime_valid; - SET_FLAG(address->flags, IFA_F_MANAGETEMPADDR, link->network->dhcp6_pd_manage_temporary_address); - address->route_metric = link->network->dhcp6_pd_route_metric; - - log_dhcp6_pd_address(link, address); - - if (address_get(link, address, &existing) < 0) - link->dhcp6_pd_configured = false; - else - address_unmark(existing); - - r = link_request_address(link, TAKE_PTR(address), true, &link->dhcp6_pd_messages, - dhcp6_pd_address_handler, NULL); - if (r < 0) - return log_link_error_errno(link, r, "Failed to request DHCPv6 delegated prefix address: %m"); - return 0; } diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c index 6e6d6560339..956cc273801 100644 --- a/src/network/networkd-ndisc.c +++ b/src/network/networkd-ndisc.c @@ -5,12 +5,12 @@ #include #include -#include #include #include "sd-ndisc.h" #include "missing_network.h" +#include "networkd-address-generation.h" #include "networkd-address.h" #include "networkd-dhcp6.h" #include "networkd-manager.h" @@ -25,35 +25,6 @@ #define NDISC_DNSSL_MAX 64U #define NDISC_RDNSS_MAX 64U -#define DAD_CONFLICTS_IDGEN_RETRIES_RFC7217 3 - -/* https://tools.ietf.org/html/rfc5453 */ -/* https://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xml */ - -#define SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }) -#define SUBNET_ROUTER_ANYCAST_PREFIXLEN 8 -#define RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291 ((struct in6_addr) { .s6_addr = { 0x02, 0x00, 0x5E, 0xFF, 0xFE } }) -#define RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN 5 -#define RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291 ((struct in6_addr) { .s6_addr = { 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } }) -#define RESERVED_SUBNET_ANYCAST_PREFIXLEN 7 - -#define NDISC_APP_ID SD_ID128_MAKE(13,ac,81,a7,d5,3f,49,78,92,79,5d,0c,29,3a,bc,7e) - -typedef enum IPv6TokenAddressGeneration { - IPV6_TOKEN_ADDRESS_GENERATION_NONE, - IPV6_TOKEN_ADDRESS_GENERATION_STATIC, - IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE, - _IPV6_TOKEN_ADDRESS_GENERATION_MAX, - _IPV6_TOKEN_ADDRESS_GENERATION_INVALID = -EINVAL, -} IPv6TokenAddressGeneration; - -typedef struct IPv6Token { - IPv6TokenAddressGeneration address_generation_type; - - uint8_t dad_counter; - struct in6_addr prefix; -} IPv6Token; - bool link_ipv6_accept_ra_enabled(Link *link) { assert(link); @@ -408,145 +379,10 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { return 0; } -static bool stable_private_address_is_valid(const struct in6_addr *addr) { - assert(addr); - - /* According to rfc4291, generated address should not be in the following ranges. */ - - if (memcmp(addr, &SUBNET_ROUTER_ANYCAST_ADDRESS_RFC4291, SUBNET_ROUTER_ANYCAST_PREFIXLEN) == 0) - return false; - - if (memcmp(addr, &RESERVED_IPV6_INTERFACE_IDENTIFIERS_ADDRESS_RFC4291, RESERVED_IPV6_INTERFACE_IDENTIFIERS_PREFIXLEN) == 0) - return false; - - if (memcmp(addr, &RESERVED_SUBNET_ANYCAST_ADDRESSES_RFC4291, RESERVED_SUBNET_ANYCAST_PREFIXLEN) == 0) - return false; - - return true; -} - -static int make_stable_private_address(Link *link, const struct in6_addr *prefix, uint8_t prefix_len, uint8_t dad_counter, struct in6_addr **ret) { - _cleanup_free_ struct in6_addr *addr = NULL; - sd_id128_t secret_key; - struct siphash state; - uint64_t rid; - size_t l; - int r; - - /* According to rfc7217 section 5.1 - * RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) */ - - r = sd_id128_get_machine_app_specific(NDISC_APP_ID, &secret_key); - if (r < 0) - return log_link_warning_errno(link, r, "Failed to generate key for IPv6 stable private address: %m"); - - siphash24_init(&state, secret_key.bytes); - - l = MAX(DIV_ROUND_UP(prefix_len, 8), 8); - siphash24_compress(prefix, l, &state); - siphash24_compress_string(link->ifname, &state); - /* Only last 8 bytes of IB MAC are stable */ - if (link->iftype == ARPHRD_INFINIBAND) - siphash24_compress(&link->hw_addr.infiniband[12], 8, &state); - else - siphash24_compress(link->hw_addr.bytes, link->hw_addr.length, &state); - siphash24_compress(&dad_counter, sizeof(uint8_t), &state); - - rid = htole64(siphash24_finalize(&state)); - - addr = new(struct in6_addr, 1); - if (!addr) - return log_oom(); - - memcpy(addr->s6_addr, prefix->s6_addr, l); - memcpy(addr->s6_addr + l, &rid, 16 - l); - - if (!stable_private_address_is_valid(addr)) { - *ret = NULL; - return 0; - } - - *ret = TAKE_PTR(addr); - return 1; -} - -static int ndisc_router_generate_addresses(Link *link, struct in6_addr *address, uint8_t prefixlen, Set **ret) { - _cleanup_set_free_free_ Set *addresses = NULL; - IPv6Token *j; - int r; - - assert(link); - assert(address); - assert(ret); - - addresses = set_new(&in6_addr_hash_ops); - if (!addresses) - return log_oom(); - - ORDERED_SET_FOREACH(j, link->network->ipv6_tokens) { - _cleanup_free_ struct in6_addr *new_address = NULL; - - if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE - && (in6_addr_is_null(&j->prefix) || in6_addr_equal(&j->prefix, address))) { - /* While this loop uses dad_counter and a retry limit as specified in RFC 7217, the loop - * does not actually attempt Duplicate Address Detection; the counter will be incremented - * only when the address generation algorithm produces an invalid address, and the loop - * may exit with an address which ends up being unusable due to duplication on the link. */ - for (; j->dad_counter < DAD_CONFLICTS_IDGEN_RETRIES_RFC7217; j->dad_counter++) { - r = make_stable_private_address(link, address, prefixlen, j->dad_counter, &new_address); - if (r < 0) - return r; - if (r > 0) - break; - } - } else if (j->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC) { - new_address = new(struct in6_addr, 1); - if (!new_address) - return log_oom(); - - memcpy(new_address->s6_addr, address->s6_addr, 8); - memcpy(new_address->s6_addr + 8, j->prefix.s6_addr + 8, 8); - } - - if (new_address) { - r = set_put(addresses, new_address); - if (r < 0) - return log_link_error_errno(link, r, "Failed to store SLAAC address: %m"); - else if (r == 0) - log_link_debug_errno(link, r, "Generated SLAAC address is duplicated, ignoring."); - else - TAKE_PTR(new_address); - } - } - - /* fall back to EUI-64 if no tokens provided addresses */ - if (set_isempty(addresses)) { - _cleanup_free_ struct in6_addr *new_address = NULL; - - new_address = newdup(struct in6_addr, address, 1); - if (!new_address) - return log_oom(); - - r = generate_ipv6_eui_64_address(link, new_address); - if (r < 0) - return log_link_error_errno(link, r, "Failed to generate EUI64 address: %m"); - - r = set_put(addresses, new_address); - if (r < 0) - return log_link_error_errno(link, r, "Failed to store SLAAC address: %m"); - - TAKE_PTR(new_address); - } - - *ret = TAKE_PTR(addresses); - - return 0; -} - static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) { uint32_t lifetime_valid, lifetime_preferred; - _cleanup_set_free_free_ Set *addresses = NULL; - struct in6_addr addr, *a; + _cleanup_set_free_ Set *addresses = NULL; + struct in6_addr prefix, *a; unsigned prefixlen; usec_t time_now; int r; @@ -560,10 +396,23 @@ static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *r if (r < 0) return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); + r = sd_ndisc_router_prefix_get_address(rt, &prefix); + if (r < 0) + return log_link_error_errno(link, r, "Failed to get prefix address: %m"); + r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen); if (r < 0) return log_link_error_errno(link, r, "Failed to get prefix length: %m"); + /* ndisc_generate_addresses() below requires the prefix length <= 64. */ + if (prefixlen > 64) { + _cleanup_free_ char *buf = NULL; + + (void) in6_addr_prefix_to_string(&prefix, prefixlen, &buf); + log_link_debug(link, "Prefix is longer than 64, ignoring autonomous prefix %s.", strna(buf)); + return 0; + } + r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid); if (r < 0) return log_link_error_errno(link, r, "Failed to get prefix valid lifetime: %m"); @@ -581,13 +430,9 @@ static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *r if (lifetime_preferred > lifetime_valid) return 0; - r = sd_ndisc_router_prefix_get_address(rt, &addr); + r = ndisc_generate_addresses(link, &prefix, prefixlen, &addresses); if (r < 0) - return log_link_error_errno(link, r, "Failed to get prefix address: %m"); - - r = ndisc_router_generate_addresses(link, &addr, prefixlen, &addresses); - if (r < 0) - return r; + return log_link_error_errno(link, r, "Failed to generate SLAAC addresses: %m"); SET_FOREACH(a, addresses) { _cleanup_(address_freep) Address *address = NULL; @@ -1214,128 +1059,6 @@ void ndisc_flush(Link *link) { link->ndisc_dnssl = set_free(link->ndisc_dnssl); } -static int ipv6token_new(IPv6Token **ret) { - IPv6Token *p; - - p = new(IPv6Token, 1); - if (!p) - return -ENOMEM; - - *p = (IPv6Token) { - .address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_NONE, - }; - - *ret = TAKE_PTR(p); - - return 0; -} - -static void ipv6_token_hash_func(const IPv6Token *p, struct siphash *state) { - siphash24_compress(&p->address_generation_type, sizeof(p->address_generation_type), state); - siphash24_compress(&p->prefix, sizeof(p->prefix), state); -} - -static int ipv6_token_compare_func(const IPv6Token *a, const IPv6Token *b) { - int r; - - r = CMP(a->address_generation_type, b->address_generation_type); - if (r != 0) - return r; - - return memcmp(&a->prefix, &b->prefix, sizeof(struct in6_addr)); -} - -DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( - ipv6_token_hash_ops, - IPv6Token, - ipv6_token_hash_func, - ipv6_token_compare_func, - free); - -int config_parse_address_generation_type( - const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - _cleanup_free_ IPv6Token *token = NULL; - union in_addr_union buffer; - Network *network = data; - const char *p; - int r; - - assert(filename); - assert(lvalue); - assert(rvalue); - assert(data); - - if (isempty(rvalue)) { - network->ipv6_tokens = ordered_set_free(network->ipv6_tokens); - return 0; - } - - r = ipv6token_new(&token); - if (r < 0) - return log_oom(); - - if ((p = startswith(rvalue, "prefixstable"))) { - token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_PREFIXSTABLE; - if (*p == ':') - p++; - else if (*p == '\0') - p = NULL; - else { - log_syntax(unit, LOG_WARNING, filename, line, 0, - "Invalid IPv6 token mode in %s=, ignoring assignment: %s", - lvalue, rvalue); - return 0; - } - } else { - token->address_generation_type = IPV6_TOKEN_ADDRESS_GENERATION_STATIC; - p = startswith(rvalue, "static:"); - if (!p) - p = rvalue; - } - - if (p) { - r = in_addr_from_string(AF_INET6, p, &buffer); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, - "Failed to parse IP address in %s=, ignoring assignment: %s", - lvalue, rvalue); - return 0; - } - if (token->address_generation_type == IPV6_TOKEN_ADDRESS_GENERATION_STATIC && - in_addr_is_null(AF_INET6, &buffer)) { - log_syntax(unit, LOG_WARNING, filename, line, 0, - "IPv6 address in %s= cannot be the ANY address, ignoring assignment: %s", - lvalue, rvalue); - return 0; - } - token->prefix = buffer.in6; - } - - r = ordered_set_ensure_put(&network->ipv6_tokens, &ipv6_token_hash_ops, token); - if (r == -ENOMEM) - return log_oom(); - if (r == -EEXIST) - log_syntax(unit, LOG_DEBUG, filename, line, r, - "IPv6 token '%s' is duplicated, ignoring: %m", rvalue); - else if (r < 0) - log_syntax(unit, LOG_WARNING, filename, line, r, - "Failed to store IPv6 token '%s', ignoring: %m", rvalue); - else - TAKE_PTR(token); - - return 0; -} - static const char* const ipv6_accept_ra_start_dhcp6_client_table[_IPV6_ACCEPT_RA_START_DHCP6_CLIENT_MAX] = { [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_NO] = "no", [IPV6_ACCEPT_RA_START_DHCP6_CLIENT_ALWAYS] = "always", diff --git a/src/network/networkd-ndisc.h b/src/network/networkd-ndisc.h index 514089c2259..ed50ebbf9a7 100644 --- a/src/network/networkd-ndisc.h +++ b/src/network/networkd-ndisc.h @@ -44,6 +44,5 @@ int ndisc_start(Link *link); void ndisc_vacuum(Link *link); void ndisc_flush(Link *link); -CONFIG_PARSER_PROTOTYPE(config_parse_address_generation_type); CONFIG_PARSER_PROTOTYPE(config_parse_ipv6_accept_ra_start_dhcp6_client); CONFIG_PARSER_PROTOTYPE(config_parse_ipv6_accept_ra_use_domains); diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf index 29bb5b3b739..b670038d2ae 100644 --- a/src/network/networkd-network-gperf.gperf +++ b/src/network/networkd-network-gperf.gperf @@ -8,6 +8,7 @@ _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"") #include "in-addr-prefix-util.h" #include "netem.h" #include "net-condition.h" +#include "networkd-address-generation.h" #include "networkd-address-label.h" #include "networkd-address.h" #include "networkd-bridge-fdb.h" @@ -103,7 +104,6 @@ Network.IPv6LinkLocalAddressGenerationMode, config_parse_ipv6_link_local_addres Network.IPv6StableSecretAddress, config_parse_in_addr_non_null, AF_INET6, offsetof(Network, ipv6ll_stable_secret) Network.IPv4LLRoute, config_parse_bool, 0, offsetof(Network, ipv4ll_route) Network.DefaultRouteOnDevice, config_parse_bool, 0, offsetof(Network, default_route_on_device) -Network.IPv6Token, config_parse_address_generation_type, 0, 0 Network.LLDP, config_parse_lldp_mode, 0, offsetof(Network, lldp_mode) Network.EmitLLDP, config_parse_lldp_multicast_mode, 0, offsetof(Network, lldp_multicast_mode) Network.Address, config_parse_address, 0, 0 @@ -270,6 +270,7 @@ IPv6AcceptRA.PrefixAllowList, config_parse_in_addr_prefixes, IPv6AcceptRA.PrefixDenyList, config_parse_in_addr_prefixes, AF_INET6, offsetof(Network, ndisc_deny_listed_prefix) IPv6AcceptRA.RouteAllowList, config_parse_in_addr_prefixes, AF_INET6, offsetof(Network, ndisc_allow_listed_route_prefix) IPv6AcceptRA.RouteDenyList, config_parse_in_addr_prefixes, AF_INET6, offsetof(Network, ndisc_deny_listed_route_prefix) +IPv6AcceptRA.Token, config_parse_address_generation_type, 0, offsetof(Network, ndisc_tokens) DHCPServer.ServerAddress, config_parse_dhcp_server_address, 0, 0 DHCPServer.UplinkInterface, config_parse_uplink, 0, 0 DHCPServer.RelayTarget, config_parse_in_addr_non_null, AF_INET, offsetof(Network, dhcp_server_relay_target) @@ -328,7 +329,7 @@ DHCPv6PrefixDelegation.SubnetId, config_parse_dhcp6_pd_subnet_id, DHCPv6PrefixDelegation.Announce, config_parse_bool, 0, offsetof(Network, dhcp6_pd_announce) DHCPv6PrefixDelegation.Assign, config_parse_bool, 0, offsetof(Network, dhcp6_pd_assign) DHCPv6PrefixDelegation.ManageTemporaryAddress, config_parse_bool, 0, offsetof(Network, dhcp6_pd_manage_temporary_address) -DHCPv6PrefixDelegation.Token, config_parse_in_addr_non_null, AF_INET6, offsetof(Network, dhcp6_pd_token) +DHCPv6PrefixDelegation.Token, config_parse_address_generation_type, 0, offsetof(Network, dhcp6_pd_tokens) DHCPv6PrefixDelegation.RouteMetric, config_parse_uint32, 0, offsetof(Network, dhcp6_pd_route_metric) IPv6SendRA.RouterLifetimeSec, config_parse_sec, 0, offsetof(Network, router_lifetime_usec) IPv6SendRA.Managed, config_parse_bool, 0, offsetof(Network, router_managed) @@ -347,6 +348,7 @@ IPv6Prefix.ValidLifetimeSec, config_parse_prefix_lifetime, IPv6Prefix.PreferredLifetimeSec, config_parse_prefix_lifetime, 0, 0 IPv6Prefix.Assign, config_parse_prefix_assign, 0, 0 IPv6Prefix.RouteMetric, config_parse_prefix_metric, 0, 0 +IPv6Prefix.Token, config_parse_prefix_token, 0, 0 IPv6RoutePrefix.Route, config_parse_route_prefix, 0, 0 IPv6RoutePrefix.LifetimeSec, config_parse_route_prefix_lifetime, 0, 0 LLDP.MUDURL, config_parse_mud_url, 0, offsetof(Network, lldp_mudurl) @@ -492,6 +494,7 @@ TrivialLinkEqualizer.Handle, config_parse_qdisc_handle, TrivialLinkEqualizer.Id, config_parse_trivial_link_equalizer_id, QDISC_KIND_TEQL, 0 /* backwards compatibility: do not add new entries to this section */ Network.IPv4LL, config_parse_ipv4ll, 0, offsetof(Network, link_local) +Network.IPv6Token, config_parse_address_generation_type, 0, offsetof(Network, ndisc_tokens) Network.IPv6PrefixDelegation, config_parse_router_prefix_delegation, 0, offsetof(Network, router_prefix_delegation) IPv6PrefixDelegation.RouterLifetimeSec, config_parse_sec, 0, offsetof(Network, router_lifetime_usec) IPv6PrefixDelegation.Managed, config_parse_bool, 0, offsetof(Network, router_managed) diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index 7611476ad66..afbb9d61db4 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -706,9 +706,10 @@ static Network *network_free(Network *network) { ordered_hashmap_free(network->dhcp_client_send_vendor_options); ordered_hashmap_free(network->dhcp_server_send_options); ordered_hashmap_free(network->dhcp_server_send_vendor_options); - ordered_set_free(network->ipv6_tokens); ordered_hashmap_free(network->dhcp6_client_send_options); ordered_hashmap_free(network->dhcp6_client_send_vendor_options); + set_free(network->dhcp6_pd_tokens); + set_free(network->ndisc_tokens); return mfree(network); } diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h index fb896598a85..ff9d1338fda 100644 --- a/src/network/networkd-network.h +++ b/src/network/networkd-network.h @@ -244,7 +244,7 @@ struct Network { bool dhcp6_pd_manage_temporary_address; int64_t dhcp6_pd_subnet_id; uint32_t dhcp6_pd_route_metric; - struct in6_addr dhcp6_pd_token; + Set *dhcp6_pd_tokens; /* Bridge Support */ int use_bpdu; @@ -321,7 +321,7 @@ struct Network { Set *ndisc_allow_listed_prefix; Set *ndisc_deny_listed_route_prefix; Set *ndisc_allow_listed_route_prefix; - OrderedSet *ipv6_tokens; + Set *ndisc_tokens; /* LLDP support */ LLDPMode lldp_mode; /* LLDP reception */ diff --git a/src/network/networkd-radv.c b/src/network/networkd-radv.c index c734c4c3b48..34e6a41c34a 100644 --- a/src/network/networkd-radv.c +++ b/src/network/networkd-radv.c @@ -7,6 +7,7 @@ #include #include "dns-domain.h" +#include "networkd-address-generation.h" #include "networkd-address.h" #include "networkd-link.h" #include "networkd-manager.h" @@ -19,6 +20,44 @@ #include "string-table.h" #include "strv.h" +void network_adjust_radv(Network *network) { + assert(network); + + /* After this function is called, network->router_prefix_delegation can be treated as a boolean. */ + + if (network->dhcp6_pd < 0) + /* For backward compatibility. */ + network->dhcp6_pd = FLAGS_SET(network->router_prefix_delegation, RADV_PREFIX_DELEGATION_DHCP6); + + if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) { + if (network->router_prefix_delegation != RADV_PREFIX_DELEGATION_NONE) + log_warning("%s: IPv6PrefixDelegation= is enabled but IPv6 link local addressing is disabled. " + "Disabling IPv6PrefixDelegation=.", network->filename); + + network->router_prefix_delegation = RADV_PREFIX_DELEGATION_NONE; + } + + if (network->router_prefix_delegation == RADV_PREFIX_DELEGATION_NONE) { + network->n_router_dns = 0; + network->router_dns = mfree(network->router_dns); + network->router_search_domains = ordered_set_free(network->router_search_domains); + } + + if (!FLAGS_SET(network->router_prefix_delegation, RADV_PREFIX_DELEGATION_STATIC)) { + network->prefixes_by_section = hashmap_free_with_destructor(network->prefixes_by_section, prefix_free); + network->route_prefixes_by_section = hashmap_free_with_destructor(network->route_prefixes_by_section, route_prefix_free); + } +} + +static bool link_radv_enabled(Link *link) { + assert(link); + + if (!link_ipv6ll_enabled(link)) + return false; + + return link->network->router_prefix_delegation; +} + Prefix *prefix_free(Prefix *prefix) { if (!prefix) return NULL; @@ -30,6 +69,7 @@ Prefix *prefix_free(Prefix *prefix) { network_config_section_free(prefix->section); sd_radv_prefix_unref(prefix->radv_prefix); + set_free(prefix->tokens); return mfree(prefix); } @@ -155,64 +195,6 @@ static int route_prefix_new_static(Network *network, const char *filename, unsig return 0; } -void network_drop_invalid_prefixes(Network *network) { - Prefix *prefix; - - assert(network); - - HASHMAP_FOREACH(prefix, network->prefixes_by_section) - if (section_is_invalid(prefix->section)) - prefix_free(prefix); -} - -void network_drop_invalid_route_prefixes(Network *network) { - RoutePrefix *prefix; - - assert(network); - - HASHMAP_FOREACH(prefix, network->route_prefixes_by_section) - if (section_is_invalid(prefix->section)) - route_prefix_free(prefix); -} - -void network_adjust_radv(Network *network) { - assert(network); - - /* After this function is called, network->router_prefix_delegation can be treated as a boolean. */ - - if (network->dhcp6_pd < 0) - /* For backward compatibility. */ - network->dhcp6_pd = FLAGS_SET(network->router_prefix_delegation, RADV_PREFIX_DELEGATION_DHCP6); - - if (!FLAGS_SET(network->link_local, ADDRESS_FAMILY_IPV6)) { - if (network->router_prefix_delegation != RADV_PREFIX_DELEGATION_NONE) - log_warning("%s: IPv6PrefixDelegation= is enabled but IPv6 link local addressing is disabled. " - "Disabling IPv6PrefixDelegation=.", network->filename); - - network->router_prefix_delegation = RADV_PREFIX_DELEGATION_NONE; - } - - if (network->router_prefix_delegation == RADV_PREFIX_DELEGATION_NONE) { - network->n_router_dns = 0; - network->router_dns = mfree(network->router_dns); - network->router_search_domains = ordered_set_free(network->router_search_domains); - } - - if (!FLAGS_SET(network->router_prefix_delegation, RADV_PREFIX_DELEGATION_STATIC)) { - network->prefixes_by_section = hashmap_free_with_destructor(network->prefixes_by_section, prefix_free); - network->route_prefixes_by_section = hashmap_free_with_destructor(network->route_prefixes_by_section, route_prefix_free); - } -} - -static bool link_radv_enabled(Link *link) { - assert(link); - - if (!link_ipv6ll_enabled(link)) - return false; - - return link->network->router_prefix_delegation; -} - int link_request_radv_addresses(Link *link) { Prefix *p; int r; @@ -223,347 +205,54 @@ int link_request_radv_addresses(Link *link) { return 0; HASHMAP_FOREACH(p, link->network->prefixes_by_section) { - _cleanup_(address_freep) Address *address = NULL; + _cleanup_set_free_ Set *addresses = NULL; + struct in6_addr prefix, *a; + uint8_t prefixlen; if (!p->assign) continue; - r = address_new(&address); - if (r < 0) - return log_oom(); - - r = sd_radv_prefix_get_prefix(p->radv_prefix, &address->in_addr.in6, &address->prefixlen); + r = sd_radv_prefix_get_prefix(p->radv_prefix, &prefix, &prefixlen); if (r < 0) return r; - r = generate_ipv6_eui_64_address(link, &address->in_addr.in6); + /* radv_generate_addresses() below requires the prefix length <= 64. */ + if (prefixlen > 64) { + _cleanup_free_ char *str = NULL; + + (void) in6_addr_prefix_to_string(&prefix, prefixlen, &str); + log_link_debug(link, + "Prefix is longer than 64, refusing to assign an address in %s.", + strna(str)); + continue; + } + + r = radv_generate_addresses(link, p->tokens, &prefix, prefixlen, &addresses); if (r < 0) return r; - address->source = NETWORK_CONFIG_SOURCE_STATIC; - address->family = AF_INET6; - address->route_metric = p->route_metric; + SET_FOREACH(a, addresses) { + _cleanup_(address_freep) Address *address = NULL; - r = link_request_static_address(link, TAKE_PTR(address), true); - if (r < 0) - return r; + r = address_new(&address); + if (r < 0) + return -ENOMEM; + + address->source = NETWORK_CONFIG_SOURCE_STATIC; + address->family = AF_INET6; + address->in_addr.in6 = *a; + address->prefixlen = prefixlen; + address->route_metric = p->route_metric; + + r = link_request_static_address(link, TAKE_PTR(address), true); + if (r < 0) + return r; + } } return 0; } -int config_parse_prefix( - const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - Network *network = userdata; - _cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL; - uint8_t prefixlen = 64; - union in_addr_union in6addr; - int r; - - assert(filename); - assert(section); - assert(lvalue); - assert(rvalue); - assert(data); - - r = prefix_new_static(network, filename, section_line, &p); - if (r < 0) - return log_oom(); - - r = in_addr_prefix_from_string(rvalue, AF_INET6, &in6addr, &prefixlen); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Prefix is invalid, ignoring assignment: %s", rvalue); - return 0; - } - - r = sd_radv_prefix_set_prefix(p->radv_prefix, &in6addr.in6, prefixlen); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set radv prefix, ignoring assignment: %s", rvalue); - return 0; - } - - p = NULL; - - return 0; -} - -int config_parse_prefix_flags( - const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - Network *network = userdata; - _cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL; - int r; - - assert(filename); - assert(section); - assert(lvalue); - assert(rvalue); - assert(data); - - r = prefix_new_static(network, filename, section_line, &p); - if (r < 0) - return log_oom(); - - r = parse_boolean(rvalue); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s=, ignoring assignment: %s", lvalue, rvalue); - return 0; - } - - if (streq(lvalue, "OnLink")) - r = sd_radv_prefix_set_onlink(p->radv_prefix, r); - else if (streq(lvalue, "AddressAutoconfiguration")) - r = sd_radv_prefix_set_address_autoconfiguration(p->radv_prefix, r); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set %s=, ignoring assignment: %m", lvalue); - return 0; - } - - p = NULL; - - return 0; -} - -int config_parse_prefix_lifetime( - const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - Network *network = userdata; - _cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL; - usec_t usec; - int r; - - assert(filename); - assert(section); - assert(lvalue); - assert(rvalue); - assert(data); - - r = prefix_new_static(network, filename, section_line, &p); - if (r < 0) - return log_oom(); - - r = parse_sec(rvalue, &usec); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Lifetime is invalid, ignoring assignment: %s", rvalue); - return 0; - } - - /* a value of 0xffffffff represents infinity */ - if (streq(lvalue, "PreferredLifetimeSec")) - r = sd_radv_prefix_set_preferred_lifetime(p->radv_prefix, - DIV_ROUND_UP(usec, USEC_PER_SEC)); - else if (streq(lvalue, "ValidLifetimeSec")) - r = sd_radv_prefix_set_valid_lifetime(p->radv_prefix, - DIV_ROUND_UP(usec, USEC_PER_SEC)); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set %s=, ignoring assignment: %m", lvalue); - return 0; - } - - p = NULL; - - return 0; -} - -int config_parse_prefix_assign( - const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - Network *network = userdata; - _cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL; - int r; - - assert(filename); - assert(section); - assert(lvalue); - assert(rvalue); - assert(data); - - r = prefix_new_static(network, filename, section_line, &p); - if (r < 0) - return log_oom(); - - r = parse_boolean(rvalue); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, - "Failed to parse %s=, ignoring assignment: %s", - lvalue, rvalue); - return 0; - } - - p->assign = r; - p = NULL; - - return 0; -} - -int config_parse_prefix_metric( - const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - Network *network = userdata; - _cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL; - int r; - - assert(filename); - assert(section); - assert(lvalue); - assert(rvalue); - assert(data); - - r = prefix_new_static(network, filename, section_line, &p); - if (r < 0) - return log_oom(); - - r = safe_atou32(rvalue, &p->route_metric); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, - "Failed to parse %s=, ignoring assignment: %s", - lvalue, rvalue); - return 0; - } - - TAKE_PTR(p); - - return 0; -} - -int config_parse_route_prefix( - const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - Network *network = userdata; - _cleanup_(route_prefix_free_or_set_invalidp) RoutePrefix *p = NULL; - uint8_t prefixlen = 64; - union in_addr_union in6addr; - int r; - - assert(filename); - assert(section); - assert(lvalue); - assert(rvalue); - assert(data); - - r = route_prefix_new_static(network, filename, section_line, &p); - if (r < 0) - return log_oom(); - - r = in_addr_prefix_from_string(rvalue, AF_INET6, &in6addr, &prefixlen); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Route prefix is invalid, ignoring assignment: %s", rvalue); - return 0; - } - - r = sd_radv_prefix_set_route_prefix(p->radv_route_prefix, &in6addr.in6, prefixlen); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set route prefix, ignoring assignment: %m"); - return 0; - } - - p = NULL; - - return 0; -} - -int config_parse_route_prefix_lifetime( - const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - Network *network = userdata; - _cleanup_(route_prefix_free_or_set_invalidp) RoutePrefix *p = NULL; - usec_t usec; - int r; - - assert(filename); - assert(section); - assert(lvalue); - assert(rvalue); - assert(data); - - r = route_prefix_new_static(network, filename, section_line, &p); - if (r < 0) - return log_oom(); - - r = parse_sec(rvalue, &usec); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, - "Route lifetime is invalid, ignoring assignment: %s", rvalue); - return 0; - } - - /* a value of 0xffffffff represents infinity */ - r = sd_radv_route_prefix_set_lifetime(p->radv_route_prefix, DIV_ROUND_UP(usec, USEC_PER_SEC)); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, - "Failed to set route lifetime, ignoring assignment: %m"); - return 0; - } - - p = NULL; - - return 0; -} - static int network_get_ipv6_dns(Network *network, struct in6_addr **ret_addresses, size_t *ret_size) { _cleanup_free_ struct in6_addr *addresses = NULL; size_t n_addresses = 0; @@ -954,6 +643,373 @@ int radv_add_prefix( return 0; } +void network_drop_invalid_prefixes(Network *network) { + Prefix *prefix; + + assert(network); + + HASHMAP_FOREACH(prefix, network->prefixes_by_section) + if (section_is_invalid(prefix->section)) + prefix_free(prefix); +} + +void network_drop_invalid_route_prefixes(Network *network) { + RoutePrefix *prefix; + + assert(network); + + HASHMAP_FOREACH(prefix, network->route_prefixes_by_section) + if (section_is_invalid(prefix->section)) + route_prefix_free(prefix); +} + +int config_parse_prefix( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + Network *network = userdata; + _cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL; + uint8_t prefixlen = 64; + union in_addr_union in6addr; + int r; + + assert(filename); + assert(section); + assert(lvalue); + assert(rvalue); + assert(data); + + r = prefix_new_static(network, filename, section_line, &p); + if (r < 0) + return log_oom(); + + r = in_addr_prefix_from_string(rvalue, AF_INET6, &in6addr, &prefixlen); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Prefix is invalid, ignoring assignment: %s", rvalue); + return 0; + } + + r = sd_radv_prefix_set_prefix(p->radv_prefix, &in6addr.in6, prefixlen); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set radv prefix, ignoring assignment: %s", rvalue); + return 0; + } + + p = NULL; + + return 0; +} + +int config_parse_prefix_flags( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + Network *network = userdata; + _cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL; + int r; + + assert(filename); + assert(section); + assert(lvalue); + assert(rvalue); + assert(data); + + r = prefix_new_static(network, filename, section_line, &p); + if (r < 0) + return log_oom(); + + r = parse_boolean(rvalue); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s=, ignoring assignment: %s", lvalue, rvalue); + return 0; + } + + if (streq(lvalue, "OnLink")) + r = sd_radv_prefix_set_onlink(p->radv_prefix, r); + else if (streq(lvalue, "AddressAutoconfiguration")) + r = sd_radv_prefix_set_address_autoconfiguration(p->radv_prefix, r); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set %s=, ignoring assignment: %m", lvalue); + return 0; + } + + p = NULL; + + return 0; +} + +int config_parse_prefix_lifetime( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + Network *network = userdata; + _cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL; + usec_t usec; + int r; + + assert(filename); + assert(section); + assert(lvalue); + assert(rvalue); + assert(data); + + r = prefix_new_static(network, filename, section_line, &p); + if (r < 0) + return log_oom(); + + r = parse_sec(rvalue, &usec); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Lifetime is invalid, ignoring assignment: %s", rvalue); + return 0; + } + + /* a value of 0xffffffff represents infinity */ + if (streq(lvalue, "PreferredLifetimeSec")) + r = sd_radv_prefix_set_preferred_lifetime(p->radv_prefix, + DIV_ROUND_UP(usec, USEC_PER_SEC)); + else if (streq(lvalue, "ValidLifetimeSec")) + r = sd_radv_prefix_set_valid_lifetime(p->radv_prefix, + DIV_ROUND_UP(usec, USEC_PER_SEC)); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set %s=, ignoring assignment: %m", lvalue); + return 0; + } + + p = NULL; + + return 0; +} + +int config_parse_prefix_assign( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + Network *network = userdata; + _cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL; + int r; + + assert(filename); + assert(section); + assert(lvalue); + assert(rvalue); + assert(data); + + r = prefix_new_static(network, filename, section_line, &p); + if (r < 0) + return log_oom(); + + r = parse_boolean(rvalue); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, + "Failed to parse %s=, ignoring assignment: %s", + lvalue, rvalue); + return 0; + } + + p->assign = r; + p = NULL; + + return 0; +} + +int config_parse_prefix_metric( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + Network *network = userdata; + _cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL; + int r; + + assert(filename); + assert(section); + assert(lvalue); + assert(rvalue); + assert(data); + + r = prefix_new_static(network, filename, section_line, &p); + if (r < 0) + return log_oom(); + + r = safe_atou32(rvalue, &p->route_metric); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, + "Failed to parse %s=, ignoring assignment: %s", + lvalue, rvalue); + return 0; + } + + TAKE_PTR(p); + + return 0; +} + +int config_parse_prefix_token( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + _cleanup_(prefix_free_or_set_invalidp) Prefix *p = NULL; + Network *network = userdata; + int r; + + assert(filename); + assert(section); + assert(lvalue); + assert(rvalue); + assert(userdata); + + r = prefix_new_static(network, filename, section_line, &p); + if (r < 0) + return log_oom(); + + r = config_parse_address_generation_type(unit, filename, line, section, section_line, + lvalue, ltype, rvalue, &p->tokens, userdata); + if (r < 0) + return r; + + TAKE_PTR(p); + return 0; +} + +int config_parse_route_prefix( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + Network *network = userdata; + _cleanup_(route_prefix_free_or_set_invalidp) RoutePrefix *p = NULL; + uint8_t prefixlen = 64; + union in_addr_union in6addr; + int r; + + assert(filename); + assert(section); + assert(lvalue); + assert(rvalue); + assert(data); + + r = route_prefix_new_static(network, filename, section_line, &p); + if (r < 0) + return log_oom(); + + r = in_addr_prefix_from_string(rvalue, AF_INET6, &in6addr, &prefixlen); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Route prefix is invalid, ignoring assignment: %s", rvalue); + return 0; + } + + r = sd_radv_prefix_set_route_prefix(p->radv_route_prefix, &in6addr.in6, prefixlen); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to set route prefix, ignoring assignment: %m"); + return 0; + } + + p = NULL; + + return 0; +} + +int config_parse_route_prefix_lifetime( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + Network *network = userdata; + _cleanup_(route_prefix_free_or_set_invalidp) RoutePrefix *p = NULL; + usec_t usec; + int r; + + assert(filename); + assert(section); + assert(lvalue); + assert(rvalue); + assert(data); + + r = route_prefix_new_static(network, filename, section_line, &p); + if (r < 0) + return log_oom(); + + r = parse_sec(rvalue, &usec); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, + "Route lifetime is invalid, ignoring assignment: %s", rvalue); + return 0; + } + + /* a value of 0xffffffff represents infinity */ + r = sd_radv_route_prefix_set_lifetime(p->radv_route_prefix, DIV_ROUND_UP(usec, USEC_PER_SEC)); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, + "Failed to set route lifetime, ignoring assignment: %m"); + return 0; + } + + p = NULL; + + return 0; +} + int config_parse_radv_dns( const char *unit, const char *filename, diff --git a/src/network/networkd-radv.h b/src/network/networkd-radv.h index aec3d3386fb..5c869d8623e 100644 --- a/src/network/networkd-radv.h +++ b/src/network/networkd-radv.h @@ -35,6 +35,7 @@ typedef struct Prefix { bool assign; uint32_t route_metric; + Set *tokens; } Prefix; typedef struct RoutePrefix { @@ -70,6 +71,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_prefix_flags); CONFIG_PARSER_PROTOTYPE(config_parse_prefix_lifetime); CONFIG_PARSER_PROTOTYPE(config_parse_prefix_assign); CONFIG_PARSER_PROTOTYPE(config_parse_prefix_metric); +CONFIG_PARSER_PROTOTYPE(config_parse_prefix_token); CONFIG_PARSER_PROTOTYPE(config_parse_radv_dns); CONFIG_PARSER_PROTOTYPE(config_parse_radv_search_domains); CONFIG_PARSER_PROTOTYPE(config_parse_route_prefix); diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network index fdd7f73baee..ea02d4c640f 100644 --- a/test/fuzz/fuzz-network-parser/directives.network +++ b/test/fuzz/fuzz-network-parser/directives.network @@ -247,6 +247,7 @@ PreferredLifetimeSec= AddressAutoconfiguration= ValidLifetimeSec= Assign= +Token= RouteMetric= [IPv6RoutePrefix] Route= @@ -359,6 +360,7 @@ RouteAllowList= RouteDenyList= DenyList= BlackList= +Token= [DHCPServer] EmitNTP= PoolSize= diff --git a/test/test-network/conf/ipv6-prefix-veth-token-prefixstable-without-address.network b/test/test-network/conf/ipv6-prefix-veth-token-prefixstable-without-address.network index 5fe68a2810d..cdafe0d91fe 100644 --- a/test/test-network/conf/ipv6-prefix-veth-token-prefixstable-without-address.network +++ b/test/test-network/conf/ipv6-prefix-veth-token-prefixstable-without-address.network @@ -3,4 +3,6 @@ Name=veth99 [Network] IPv6AcceptRA=true -IPv6Token=prefixstable + +[IPv6AcceptRA] +Token=prefixstable diff --git a/test/test-network/conf/ipv6-prefix-veth-token-prefixstable.network b/test/test-network/conf/ipv6-prefix-veth-token-prefixstable.network index 4d80e024f9c..e95e139391f 100644 --- a/test/test-network/conf/ipv6-prefix-veth-token-prefixstable.network +++ b/test/test-network/conf/ipv6-prefix-veth-token-prefixstable.network @@ -3,4 +3,6 @@ Name=veth99 [Network] IPv6AcceptRA=true -IPv6Token=prefixstable:2002:da8:1:: + +[IPv6AcceptRA] +Token=prefixstable:2002:da8:1:: diff --git a/test/test-network/conf/ipv6-prefix-veth-token-static.network b/test/test-network/conf/ipv6-prefix-veth-token-static.network index 5c5fdc9d4e9..a239619ec7b 100644 --- a/test/test-network/conf/ipv6-prefix-veth-token-static.network +++ b/test/test-network/conf/ipv6-prefix-veth-token-static.network @@ -3,8 +3,10 @@ Name=veth99 [Network] IPv6AcceptRA=true -IPv6Token=::1a:2b:3c:4d -IPv6Token=static:::fa:de:ca:fe -IPv6Token=::1a:2b:3c:4d -IPv6Token=static:::1a:2b:3c:4d -IPv6Token=::fa:de:ca:fe + +[IPv6AcceptRA] +Token=::1a:2b:3c:4d +Token=static:::fa:de:ca:fe +Token=::1a:2b:3c:4d +Token=static:::1a:2b:3c:4d +Token=::fa:de:ca:fe diff --git a/test/test-network/conf/ipv6ra-prefix.network b/test/test-network/conf/ipv6ra-prefix.network index ae74c6e2c6f..d91847bde7d 100644 --- a/test/test-network/conf/ipv6ra-prefix.network +++ b/test/test-network/conf/ipv6ra-prefix.network @@ -14,6 +14,8 @@ Prefix=2001:db8:0:1::/64 [IPv6Prefix] Prefix=2001:db8:0:2::/64 Assign=yes +Token=::1a:2b:3c:4d +Token=static:::fa:de:ca:fe [IPv6Prefix] Prefix=2001:db8:0:3::/64 diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index 5de2d3ae032..95d526a7f71 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -4895,7 +4895,8 @@ class NetworkdIPv6PrefixTests(unittest.TestCase, Utilities): output = check_output('ip address show dev veth99') print(output) self.assertNotIn('inet6 2001:db8:0:1:', output) - self.assertIn('inet6 2001:db8:0:2:', output) + self.assertIn('inet6 2001:db8:0:2:1a:2b:3c:4d', output) + self.assertIn('inet6 2001:db8:0:2:fa:de:ca:fe', output) self.assertNotIn('inet6 2001:db8:0:3:', output) output = check_output(*resolvectl_cmd, 'dns', 'veth-peer', env=env)