int config_parse_tunnel_address(const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Tunnel *t = userdata;
union in_addr_union *addr = data, buffer;
int r, f;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
/* This is used to parse addresses on both local and remote ends of the tunnel.
* Address families must match.
*
* "any" is a special value which means that the address is unspecified.
*/
if (streq(rvalue, "any")) {
*addr = IN_ADDR_NULL;
/* As a special case, if both the local and remote addresses are
* unspecified, also clear the address family.
*/
if (t->family != AF_UNSPEC &&
in_addr_is_null(t->family, &t->local) &&
in_addr_is_null(t->family, &t->remote))
t->family = AF_UNSPEC;
return 0;
}
r = in_addr_from_string_auto(rvalue, &f, &buffer);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
"Tunnel address \"%s\" invalid, ignoring assignment: %m", rvalue);
return 0;
}
if (t->family != AF_UNSPEC && t->family != f) {
log_syntax(unit, LOG_ERR, filename, line, 0,
"Tunnel addresses incompatible, ignoring assignment: %s", rvalue);
return 0;
}
t->family = f;
*addr = buffer;
return 0;
}
static void test_in_addr_is_null(void) {
union in_addr_union i = {};
assert_se(in_addr_is_null(AF_INET, &i) == true);
assert_se(in_addr_is_null(AF_INET6, &i) == true);
i.in.s_addr = 0x1000000;
assert_se(in_addr_is_null(AF_INET, &i) == false);
assert_se(in_addr_is_null(AF_INET6, &i) == false);
assert_se(in_addr_is_null(-1, &i) == -EAFNOSUPPORT);
}
int routing_policy_rule_remove(RoutingPolicyRule *routing_policy_rule, Link *link, sd_netlink_message_handler_t callback) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
assert(routing_policy_rule);
assert(link);
assert(link->manager);
assert(link->manager->rtnl);
assert(link->ifindex > 0);
assert(IN_SET(routing_policy_rule->family, AF_INET, AF_INET6));
r = sd_rtnl_message_new_routing_policy_rule(link->manager->rtnl, &m, RTM_DELRULE, routing_policy_rule->family);
if (r < 0)
return log_error_errno(r, "Could not allocate RTM_DELRULE message: %m");
if (!in_addr_is_null(routing_policy_rule->family, &routing_policy_rule->from)) {
if (routing_policy_rule->family == AF_INET)
r = sd_netlink_message_append_in_addr(m, FRA_SRC, &routing_policy_rule->from.in);
else
r = sd_netlink_message_append_in6_addr(m, FRA_SRC, &routing_policy_rule->from.in6);
if (r < 0)
return log_error_errno(r, "Could not append FRA_SRC attribute: %m");
r = sd_rtnl_message_routing_policy_rule_set_rtm_src_prefixlen(m, routing_policy_rule->from_prefixlen);
if (r < 0)
return log_error_errno(r, "Could not set source prefix length: %m");
}
if (!in_addr_is_null(routing_policy_rule->family, &routing_policy_rule->to)) {
if (routing_policy_rule->family == AF_INET)
r = sd_netlink_message_append_in_addr(m, FRA_DST, &routing_policy_rule->to.in);
else
r = sd_netlink_message_append_in6_addr(m, FRA_DST, &routing_policy_rule->to.in6);
if (r < 0)
return log_error_errno(r, "Could not append FRA_DST attribute: %m");
r = sd_rtnl_message_routing_policy_rule_set_rtm_dst_prefixlen(m, routing_policy_rule->to_prefixlen);
if (r < 0)
return log_error_errno(r, "Could not set destination prefix length: %m");
}
r = sd_netlink_call_async(link->manager->rtnl, m, callback, link, 0, NULL);
if (r < 0)
return log_error_errno(r, "Could not send rtnetlink message: %m");
link_ref(link);
return 0;
}
static int address_acquire(Link *link, Address *original, Address **ret) {
union in_addr_union in_addr = {};
struct in_addr broadcast = {};
_cleanup_address_free_ Address *na = NULL;
int r;
assert(link);
assert(original);
assert(ret);
/* Something useful was configured? just use it */
if (in_addr_is_null(original->family, &original->in_addr) <= 0)
return 0;
/* The address is configured to be 0.0.0.0 or [::] by the user?
* Then let's acquire something more useful from the pool. */
r = manager_address_pool_acquire(link->manager, original->family, original->prefixlen, &in_addr);
if (r < 0) {
log_link_error(link, "Failed to acquire address from pool: %s", strerror(-r));
return r;
}
if (r == 0) {
log_link_error(link, "Couldn't find free address for interface, all taken.");
return -EBUSY;
}
if (original->family == AF_INET) {
/* Pick first address in range for ourselves ... */
in_addr.in.s_addr = in_addr.in.s_addr | htobe32(1);
/* .. and use last as broadcast address */
broadcast.s_addr = in_addr.in.s_addr | htobe32(0xFFFFFFFFUL >> original->prefixlen);
} else if (original->family == AF_INET6)
static int radv_get_ip6dns(Network *network, struct in6_addr **dns,
size_t *n_dns) {
_cleanup_free_ struct in6_addr *addresses = NULL;
size_t i, n_addresses = 0, n_allocated = 0;
assert(network);
assert(dns);
assert(n_dns);
for (i = 0; i < network->n_dns; i++) {
union in_addr_union *addr;
if (network->dns[i].family != AF_INET6)
continue;
addr = &network->dns[i].address;
if (in_addr_is_null(AF_INET6, addr) ||
in_addr_is_link_local(AF_INET6, addr) ||
in_addr_is_localhost(AF_INET6, addr))
continue;
if (!GREEDY_REALLOC(addresses, n_allocated, n_addresses + 1))
return -ENOMEM;
addresses[n_addresses++] = addr->in6;
}
if (addresses) {
*dns = addresses;
addresses = NULL;
*n_dns = n_addresses;
}
return n_addresses;
}
int route_drop(Route *route, Link *link,
sd_netlink_message_handler_t callback) {
_cleanup_netlink_message_unref_ sd_netlink_message *req = NULL;
int r;
assert(link);
assert(link->manager);
assert(link->manager->rtnl);
assert(link->ifindex > 0);
assert(route->family == AF_INET || route->family == AF_INET6);
r = sd_rtnl_message_new_route(link->manager->rtnl, &req,
RTM_DELROUTE, route->family,
route->protocol);
if (r < 0)
return log_error_errno(r, "Could not create RTM_DELROUTE message: %m");
if (!in_addr_is_null(route->family, &route->in_addr)) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_GATEWAY, &route->in_addr.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_GATEWAY, &route->in_addr.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_GATEWAY attribute: %m");
}
if (route->dst_prefixlen) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_DST, &route->dst_addr.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_DST, &route->dst_addr.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_DST attribute: %m");
r = sd_rtnl_message_route_set_dst_prefixlen(req, route->dst_prefixlen);
if (r < 0)
return log_error_errno(r, "Could not set destination prefix length: %m");
}
if (route->src_prefixlen) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_SRC, &route->src_addr.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_SRC, &route->src_addr.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_DST attribute: %m");
r = sd_rtnl_message_route_set_src_prefixlen(req, route->src_prefixlen);
if (r < 0)
return log_error_errno(r, "Could not set source prefix length: %m");
}
if (!in_addr_is_null(route->family, &route->prefsrc_addr)) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_PREFSRC, &route->prefsrc_addr.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_PREFSRC, &route->prefsrc_addr.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_PREFSRC attribute: %m");
}
r = sd_rtnl_message_route_set_scope(req, route->scope);
if (r < 0)
return log_error_errno(r, "Could not set scope: %m");
r = sd_netlink_message_append_u32(req, RTA_PRIORITY, route->metrics);
if (r < 0)
return log_error_errno(r, "Could not append RTA_PRIORITY attribute: %m");
r = sd_netlink_message_append_u32(req, RTA_OIF, link->ifindex);
if (r < 0)
return log_error_errno(r, "Could not append RTA_OIF attribute: %m");
r = sd_netlink_call_async(link->manager->rtnl, req, callback, link, 0, NULL);
if (r < 0)
return log_error_errno(r, "Could not send rtnetlink message: %m");
link_ref(link);
return 0;
}
static int netdev_tunnel_verify(NetDev *netdev, const char *filename) {
Tunnel *t = NULL;
assert(netdev);
assert(filename);
switch (netdev->kind) {
case NETDEV_KIND_IPIP:
t = IPIP(netdev);
break;
case NETDEV_KIND_SIT:
t = SIT(netdev);
break;
case NETDEV_KIND_GRE:
t = GRE(netdev);
break;
case NETDEV_KIND_GRETAP:
t = GRETAP(netdev);
break;
case NETDEV_KIND_IP6GRE:
t = IP6GRE(netdev);
break;
case NETDEV_KIND_IP6GRETAP:
t = IP6GRETAP(netdev);
break;
case NETDEV_KIND_VTI:
t = VTI(netdev);
break;
case NETDEV_KIND_VTI6:
t = VTI6(netdev);
break;
case NETDEV_KIND_IP6TNL:
t = IP6TNL(netdev);
break;
default:
assert_not_reached("Invalid tunnel kind");
}
assert(t);
if (!IN_SET(t->family, AF_INET, AF_INET6, AF_UNSPEC)) {
log_netdev_error(netdev,
"Tunnel with invalid address family configured in %s. Ignoring", filename);
return -EINVAL;
}
if (netdev->kind == NETDEV_KIND_VTI &&
(t->family != AF_INET || in_addr_is_null(t->family, &t->local))) {
log_netdev_error(netdev,
"vti tunnel without a local IPv4 address configured in %s. Ignoring", filename);
return -EINVAL;
}
if (IN_SET(netdev->kind, NETDEV_KIND_VTI6, NETDEV_KIND_IP6TNL, NETDEV_KIND_IP6GRE) &&
(t->family != AF_INET6 || in_addr_is_null(t->family, &t->local))) {
log_netdev_error(netdev,
"vti6/ip6tnl/ip6gre tunnel without a local IPv6 address configured in %s. Ignoring", filename);
return -EINVAL;
}
if (netdev->kind == NETDEV_KIND_IP6TNL &&
t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID) {
log_netdev_error(netdev,
"ip6tnl without mode configured in %s. Ignoring", filename);
return -EINVAL;
}
return 0;
}
int routing_policy_serialize_rules(Set *rules, FILE *f) {
RoutingPolicyRule *rule = NULL;
Iterator i;
int r;
assert(f);
SET_FOREACH(rule, rules, i) {
_cleanup_free_ char *from_str = NULL, *to_str = NULL;
bool space = false;
fputs("RULE=", f);
if (!in_addr_is_null(rule->family, &rule->from)) {
r = in_addr_to_string(rule->family, &rule->from, &from_str);
if (r < 0)
return r;
fprintf(f, "from=%s/%hhu",
from_str, rule->from_prefixlen);
space = true;
}
if (!in_addr_is_null(rule->family, &rule->to)) {
r = in_addr_to_string(rule->family, &rule->to, &to_str);
if (r < 0)
return r;
fprintf(f, "%sto=%s/%hhu",
space ? " " : "",
to_str, rule->to_prefixlen);
space = true;
}
if (rule->tos != 0) {
fprintf(f, "%stos=%hhu",
space ? " " : "",
rule->tos);
space = true;
}
if (rule->fwmark != 0) {
fprintf(f, "%sfwmark=%"PRIu32"/%"PRIu32,
space ? " " : "",
rule->fwmark, rule->fwmask);
space = true;
}
if (rule->iif) {
fprintf(f, "%siif=%s",
space ? " " : "",
rule->iif);
space = true;
}
if (rule->oif) {
fprintf(f, "%soif=%s",
space ? " " : "",
rule->oif);
space = true;
}
fprintf(f, "%stable=%"PRIu32 "\n",
space ? " " : "",
rule->table);
}
int routing_policy_rule_configure(RoutingPolicyRule *rule, Link *link, sd_netlink_message_handler_t callback, bool update) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
assert(rule);
assert(link);
assert(link->ifindex > 0);
assert(link->manager);
assert(link->manager->rtnl);
r = sd_rtnl_message_new_routing_policy_rule(link->manager->rtnl, &m, RTM_NEWRULE, rule->family);
if (r < 0)
return log_error_errno(r, "Could not allocate RTM_NEWRULE message: %m");
if (!in_addr_is_null(rule->family, &rule->from)) {
if (rule->family == AF_INET)
r = sd_netlink_message_append_in_addr(m, FRA_SRC, &rule->from.in);
else
r = sd_netlink_message_append_in6_addr(m, FRA_SRC, &rule->from.in6);
if (r < 0)
return log_error_errno(r, "Could not append FRA_SRC attribute: %m");
r = sd_rtnl_message_routing_policy_rule_set_rtm_src_prefixlen(m, rule->from_prefixlen);
if (r < 0)
return log_error_errno(r, "Could not set source prefix length: %m");
}
if (!in_addr_is_null(rule->family, &rule->to)) {
if (rule->family == AF_INET)
r = sd_netlink_message_append_in_addr(m, FRA_DST, &rule->to.in);
else
r = sd_netlink_message_append_in6_addr(m, FRA_DST, &rule->to.in6);
if (r < 0)
return log_error_errno(r, "Could not append FRA_DST attribute: %m");
r = sd_rtnl_message_routing_policy_rule_set_rtm_dst_prefixlen(m, rule->to_prefixlen);
if (r < 0)
return log_error_errno(r, "Could not set destination prefix length: %m");
}
r = sd_netlink_message_append_u32(m, FRA_PRIORITY, rule->priority);
if (r < 0)
return log_error_errno(r, "Could not append FRA_PRIORITY attribute: %m");
if (rule->tos > 0) {
r = sd_rtnl_message_routing_policy_rule_set_tos(m, rule->tos);
if (r < 0)
return log_error_errno(r, "Could not set ip rule tos: %m");
}
if (rule->table < 256) {
r = sd_rtnl_message_routing_policy_rule_set_table(m, rule->table);
if (r < 0)
return log_error_errno(r, "Could not set ip rule table: %m");
} else {
r = sd_rtnl_message_routing_policy_rule_set_table(m, RT_TABLE_UNSPEC);
if (r < 0)
return log_error_errno(r, "Could not set ip rule table: %m");
r = sd_netlink_message_append_u32(m, FRA_TABLE, rule->table);
if (r < 0)
return log_error_errno(r, "Could not append FRA_TABLE attribute: %m");
}
if (rule->fwmark > 0) {
r = sd_netlink_message_append_u32(m, FRA_FWMARK, rule->fwmark);
if (r < 0)
return log_error_errno(r, "Could not append FRA_FWMARK attribute: %m");
}
if (rule->fwmask > 0) {
r = sd_netlink_message_append_u32(m, FRA_FWMASK, rule->fwmask);
if (r < 0)
return log_error_errno(r, "Could not append FRA_FWMASK attribute: %m");
}
if (rule->iif) {
r = sd_netlink_message_append_string(m, FRA_IFNAME, rule->iif);
if (r < 0)
return log_error_errno(r, "Could not append FRA_IFNAME attribute: %m");
}
if (rule->oif) {
r = sd_netlink_message_append_string(m, FRA_OIFNAME, rule->oif);
if (r < 0)
return log_error_errno(r, "Could not append FRA_OIFNAME attribute: %m");
}
rule->link = link;
r = sd_netlink_call_async(link->manager->rtnl, m, callback, link, 0, NULL);
if (r < 0)
return log_error_errno(r, "Could not send rtnetlink message: %m");
link_ref(link);
r = routing_policy_rule_add(link->manager, rule->family, &rule->from, rule->from_prefixlen, &rule->to,
rule->to_prefixlen, rule->tos, rule->fwmark, rule->table, rule->iif, rule->oif, NULL);
if (r < 0)
return log_error_errno(r, "Could not add rule : %m");
return 0;
}
};
static int add_item(Manager *m, int family, const union in_addr_union *address, char **names) {
EtcHostsItem key = {
.family = family,
.address = *address,
};
EtcHostsItem *item;
char **n;
int r;
assert(m);
assert(address);
r = in_addr_is_null(family, address);
if (r < 0)
return r;
if (r > 0)
/* This is an 0.0.0.0 or :: item, which we assume means that we shall map the specified hostname to
* nothing. */
item = NULL;
else {
/* If this is a normal address, then, simply add entry mapping it to the specified names */
item = set_get(m->etc_hosts_by_address, &key);
if (item) {
r = strv_extend_strv(&item->names, names, true);
if (r < 0)
return log_oom();
} else {
static int netdev_geneve_create(NetDev *netdev) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
Geneve *v;
int r;
assert(netdev);
v = GENEVE(netdev);
r = sd_rtnl_message_new_link(netdev->manager->rtnl, &m, RTM_NEWLINK, 0);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not allocate RTM_NEWLINK message: %m");
r = sd_netlink_message_append_string(m, IFLA_IFNAME, netdev->ifname);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_IFNAME, attribute: %m");
if (netdev->mac) {
r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, netdev->mac);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_ADDRESS attribute: %m");
}
if (netdev->mtu != 0) {
r = sd_netlink_message_append_u32(m, IFLA_MTU, netdev->mtu);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_MTU attribute: %m");
}
r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_LINKINFO attribute: %m");
r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, netdev_kind_to_string(netdev->kind));
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_INFO_DATA attribute: %m");
if (v->id <= GENEVE_VID_MAX) {
r = sd_netlink_message_append_u32(m, IFLA_GENEVE_ID, v->id);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GENEVE_ID attribute: %m");
}
if (in_addr_is_null(v->remote_family, &v->remote) == 0) {
if (v->remote_family == AF_INET)
r = sd_netlink_message_append_in_addr(m, IFLA_GENEVE_REMOTE, &v->remote.in);
else
r = sd_netlink_message_append_in6_addr(m, IFLA_GENEVE_REMOTE6, &v->remote.in6);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GENEVE_REMOTE/IFLA_GENEVE_REMOTE6 attribute: %m");
}
if (v->ttl > 0) {
r = sd_netlink_message_append_u8(m, IFLA_GENEVE_TTL, v->ttl);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GENEVE_TTL attribute: %m");
}
r = sd_netlink_message_append_u8(m, IFLA_GENEVE_TOS, v->tos);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GENEVE_TOS attribute: %m");
r = sd_netlink_message_append_u8(m, IFLA_GENEVE_UDP_CSUM, v->udpcsum);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GENEVE_UDP_CSUM attribute: %m");
r = sd_netlink_message_append_u8(m, IFLA_GENEVE_UDP_ZERO_CSUM6_TX, v->udp6zerocsumtx);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GENEVE_UDP_ZERO_CSUM6_TX attribute: %m");
r = sd_netlink_message_append_u8(m, IFLA_GENEVE_UDP_ZERO_CSUM6_RX, v->udp6zerocsumrx);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GENEVE_UDP_ZERO_CSUM6_RX attribute: %m");
if (v->dest_port != DEFAULT_GENEVE_DESTINATION_PORT) {
r = sd_netlink_message_append_u16(m, IFLA_GENEVE_PORT, htobe16(v->dest_port));
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GENEVE_PORT attribute: %m");
}
if (v->flow_label > 0) {
r = sd_netlink_message_append_u32(m, IFLA_GENEVE_LABEL, htobe32(v->flow_label));
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GENEVE_LABEL attribute: %m");
}
r = sd_netlink_message_close_container(m);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_INFO_DATA attribute: %m");
r = sd_netlink_message_close_container(m);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_LINKINFO attribute: %m");
r = netlink_call_async(netdev->manager->rtnl, NULL, m, geneve_netdev_create_handler,
netdev_destroy_callback, netdev);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not send rtnetlink message: %m");
netdev_ref(netdev);
netdev->state = NETDEV_STATE_CREATING;
log_netdev_debug(netdev, "Creating");
return r;
}
int route_configure(
Route *route,
Link *link,
sd_netlink_message_handler_t callback) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
_cleanup_(sd_event_source_unrefp) sd_event_source *expire = NULL;
usec_t lifetime;
int r;
assert(link);
assert(link->manager);
assert(link->manager->rtnl);
assert(link->ifindex > 0);
assert(route->family == AF_INET || route->family == AF_INET6);
if (route_get(link, route->family, &route->dst, route->dst_prefixlen, route->tos, route->priority, route->table, NULL) <= 0 &&
set_size(link->routes) >= ROUTES_PER_LINK_MAX)
return -E2BIG;
r = sd_rtnl_message_new_route(link->manager->rtnl, &req,
RTM_NEWROUTE, route->family,
route->protocol);
if (r < 0)
return log_error_errno(r, "Could not create RTM_NEWROUTE message: %m");
if (!in_addr_is_null(route->family, &route->gw)) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_GATEWAY, &route->gw.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_GATEWAY, &route->gw.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_GATEWAY attribute: %m");
r = sd_rtnl_message_route_set_family(req, route->family);
if (r < 0)
return log_error_errno(r, "Could not set route family: %m");
}
if (route->dst_prefixlen) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_DST, &route->dst.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_DST, &route->dst.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_DST attribute: %m");
r = sd_rtnl_message_route_set_dst_prefixlen(req, route->dst_prefixlen);
if (r < 0)
return log_error_errno(r, "Could not set destination prefix length: %m");
}
if (route->src_prefixlen) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_SRC, &route->src.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_SRC, &route->src.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_SRC attribute: %m");
r = sd_rtnl_message_route_set_src_prefixlen(req, route->src_prefixlen);
if (r < 0)
return log_error_errno(r, "Could not set source prefix length: %m");
}
if (!in_addr_is_null(route->family, &route->prefsrc)) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_PREFSRC, &route->prefsrc.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_PREFSRC, &route->prefsrc.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_PREFSRC attribute: %m");
}
r = sd_rtnl_message_route_set_scope(req, route->scope);
if (r < 0)
return log_error_errno(r, "Could not set scope: %m");
r = sd_rtnl_message_route_set_flags(req, route->flags);
if (r < 0)
return log_error_errno(r, "Could not set flags: %m");
if (route->table != RT_TABLE_DEFAULT) {
if (route->table < 256) {
r = sd_rtnl_message_route_set_table(req, route->table);
if (r < 0)
return log_error_errno(r, "Could not set route table: %m");
} else {
r = sd_rtnl_message_route_set_table(req, RT_TABLE_UNSPEC);
if (r < 0)
return log_error_errno(r, "Could not set route table: %m");
/* Table attribute to allow more than 256. */
r = sd_netlink_message_append_data(req, RTA_TABLE, &route->table, sizeof(route->table));
if (r < 0)
return log_error_errno(r, "Could not append RTA_TABLE attribute: %m");
}
}
r = sd_netlink_message_append_u32(req, RTA_PRIORITY, route->priority);
if (r < 0)
return log_error_errno(r, "Could not append RTA_PRIORITY attribute: %m");
r = sd_netlink_message_append_u8(req, RTA_PREF, route->pref);
if (r < 0)
return log_error_errno(r, "Could not append RTA_PREF attribute: %m");
r = sd_netlink_message_append_u32(req, RTA_OIF, link->ifindex);
if (r < 0)
return log_error_errno(r, "Could not append RTA_OIF attribute: %m");
r = sd_netlink_call_async(link->manager->rtnl, req, callback, link, 0, NULL);
if (r < 0)
return log_error_errno(r, "Could not send rtnetlink message: %m");
link_ref(link);
lifetime = route->lifetime;
r = route_add(link, route->family, &route->dst, route->dst_prefixlen, route->tos, route->priority, route->table, &route);
if (r < 0)
return log_error_errno(r, "Could not add route: %m");
/* TODO: drop expiration handling once it can be pushed into the kernel */
route->lifetime = lifetime;
if (route->lifetime != USEC_INFINITY) {
r = sd_event_add_time(link->manager->event, &expire, clock_boottime_or_monotonic(),
route->lifetime, 0, route_expire_handler, route);
if (r < 0)
return log_error_errno(r, "Could not arm expiration timer: %m");
}
sd_event_source_unref(route->expire);
route->expire = expire;
expire = NULL;
return 0;
}
int route_remove(Route *route, Link *link,
sd_netlink_message_handler_t callback) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
int r;
assert(link);
assert(link->manager);
assert(link->manager->rtnl);
assert(link->ifindex > 0);
assert(IN_SET(route->family, AF_INET, AF_INET6));
r = sd_rtnl_message_new_route(link->manager->rtnl, &req,
RTM_DELROUTE, route->family,
route->protocol);
if (r < 0)
return log_error_errno(r, "Could not create RTM_DELROUTE message: %m");
if (!in_addr_is_null(route->family, &route->gw)) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_GATEWAY, &route->gw.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_GATEWAY, &route->gw.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_GATEWAY attribute: %m");
}
if (route->dst_prefixlen) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_DST, &route->dst.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_DST, &route->dst.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_DST attribute: %m");
r = sd_rtnl_message_route_set_dst_prefixlen(req, route->dst_prefixlen);
if (r < 0)
return log_error_errno(r, "Could not set destination prefix length: %m");
}
if (route->src_prefixlen) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_SRC, &route->src.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_SRC, &route->src.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_SRC attribute: %m");
r = sd_rtnl_message_route_set_src_prefixlen(req, route->src_prefixlen);
if (r < 0)
return log_error_errno(r, "Could not set source prefix length: %m");
}
if (!in_addr_is_null(route->family, &route->prefsrc)) {
if (route->family == AF_INET)
r = sd_netlink_message_append_in_addr(req, RTA_PREFSRC, &route->prefsrc.in);
else if (route->family == AF_INET6)
r = sd_netlink_message_append_in6_addr(req, RTA_PREFSRC, &route->prefsrc.in6);
if (r < 0)
return log_error_errno(r, "Could not append RTA_PREFSRC attribute: %m");
}
r = sd_rtnl_message_route_set_scope(req, route->scope);
if (r < 0)
return log_error_errno(r, "Could not set scope: %m");
r = sd_netlink_message_append_u32(req, RTA_PRIORITY, route->priority);
if (r < 0)
return log_error_errno(r, "Could not append RTA_PRIORITY attribute: %m");
if (!IN_SET(route->type, RTN_UNREACHABLE, RTN_PROHIBIT, RTN_BLACKHOLE)) {
r = sd_netlink_message_append_u32(req, RTA_OIF, link->ifindex);
if (r < 0)
return log_error_errno(r, "Could not append RTA_OIF attribute: %m");
}
r = sd_netlink_call_async(link->manager->rtnl, req, callback, link, 0, NULL);
if (r < 0)
return log_error_errno(r, "Could not send rtnetlink message: %m");
link_ref(link);
return 0;
}
static void ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *rt) {
_cleanup_address_free_ Address *address = NULL;
uint32_t lifetime_valid, lifetime_preferred;
unsigned prefixlen;
int r;
assert(link);
assert(rt);
r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
if (r < 0) {
log_link_error_errno(link, r, "Failed to get prefix length: %m");
return;
}
r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_valid);
if (r < 0) {
log_link_error_errno(link, r, "Failed to get prefix valid lifetime: %m");
return;
}
r = sd_ndisc_router_prefix_get_preferred_lifetime(rt, &lifetime_preferred);
if (r < 0) {
log_link_error_errno(link, r, "Failed to get prefix preferred lifetime: %m");
return;
}
r = address_new(&address);
if (r < 0) {
log_link_error_errno(link, r, "Could not allocate address: %m");
return;
}
address->family = AF_INET6;
r = sd_ndisc_router_prefix_get_address(rt, &address->in_addr.in6);
if (r < 0) {
log_link_error_errno(link, r, "Failed to get prefix address: %m");
return;
}
if (in_addr_is_null(AF_INET6, (const union in_addr_union *) &link->network->ipv6_token) == 0)
memcpy(((char *)&address->in_addr.in6) + 8, ((char *)&link->network->ipv6_token) + 8, 8);
else {
/* see RFC4291 section 2.5.1 */
address->in_addr.in6.s6_addr[8] = link->mac.ether_addr_octet[0];
address->in_addr.in6.s6_addr[8] ^= 1 << 1;
address->in_addr.in6.s6_addr[9] = link->mac.ether_addr_octet[1];
address->in_addr.in6.s6_addr[10] = link->mac.ether_addr_octet[2];
address->in_addr.in6.s6_addr[11] = 0xff;
address->in_addr.in6.s6_addr[12] = 0xfe;
address->in_addr.in6.s6_addr[13] = link->mac.ether_addr_octet[3];
address->in_addr.in6.s6_addr[14] = link->mac.ether_addr_octet[4];
address->in_addr.in6.s6_addr[15] = link->mac.ether_addr_octet[5];
}
address->prefixlen = prefixlen;
address->flags = IFA_F_NOPREFIXROUTE|IFA_F_MANAGETEMPADDR;
address->cinfo.ifa_prefered = lifetime_preferred;
address->cinfo.ifa_valid = lifetime_valid;
r = address_configure(address, link, ndisc_netlink_handler, true);
if (r < 0) {
log_link_warning_errno(link, r, "Could not set SLAAC address: %m");
link_enter_failed(link);
return;
}
link->ndisc_messages++;
}
static int netdev_tunnel_verify(NetDev *netdev, const char *filename) {
Tunnel *t = NULL;
assert(netdev);
assert(filename);
switch (netdev->kind) {
case NETDEV_KIND_IPIP:
t = IPIP(netdev);
break;
case NETDEV_KIND_SIT:
t = SIT(netdev);
break;
case NETDEV_KIND_GRE:
t = GRE(netdev);
break;
case NETDEV_KIND_GRETAP:
t = GRETAP(netdev);
break;
case NETDEV_KIND_IP6GRE:
t = IP6GRE(netdev);
break;
case NETDEV_KIND_IP6GRETAP:
t = IP6GRETAP(netdev);
break;
case NETDEV_KIND_VTI:
t = VTI(netdev);
break;
case NETDEV_KIND_VTI6:
t = VTI6(netdev);
break;
case NETDEV_KIND_IP6TNL:
t = IP6TNL(netdev);
break;
case NETDEV_KIND_ERSPAN:
t = ERSPAN(netdev);
break;
default:
assert_not_reached("Invalid tunnel kind");
}
assert(t);
if (IN_SET(netdev->kind, NETDEV_KIND_VTI, NETDEV_KIND_IPIP, NETDEV_KIND_SIT, NETDEV_KIND_GRE, NETDEV_KIND_GRETAP) &&
t->family != AF_INET)
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"vti/ipip/sit/gre tunnel without a local/remote IPv4 address configured in %s. Ignoring", filename);
if (IN_SET(netdev->kind, NETDEV_KIND_GRETAP, NETDEV_KIND_ERSPAN) &&
(t->family != AF_INET || in_addr_is_null(t->family, &t->remote)))
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"gretap/erspan tunnel without a remote IPv4 address configured in %s. Ignoring", filename);
if (IN_SET(netdev->kind, NETDEV_KIND_VTI6, NETDEV_KIND_IP6TNL, NETDEV_KIND_IP6GRE, NETDEV_KIND_IP6GRETAP) &&
t->family != AF_INET6)
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"vti6/ip6tnl/ip6gre tunnel without a local/remote IPv6 address configured in %s. Ignoring", filename);
if (netdev->kind == NETDEV_KIND_IP6GRETAP &&
(t->family != AF_INET6 || in_addr_is_null(t->family, &t->remote)))
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"ip6gretap tunnel without a remote IPv6 address configured in %s. Ignoring", filename);
if (netdev->kind == NETDEV_KIND_IP6TNL &&
t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID)
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"ip6tnl without mode configured in %s. Ignoring", filename);
if (t->fou_tunnel && t->fou_destination_port <= 0)
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"FooOverUDP missing port configured in %s. Ignoring", filename);
if (netdev->kind == NETDEV_KIND_ERSPAN && (t->erspan_index >= (1 << 20) || t->erspan_index == 0))
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL), "Invalid erspan index %d. Ignoring", t->erspan_index);
return 0;
}
