X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fnetwork%2Fnetworkd-address.c;h=85acc499459c7410e42720cd5814e5dfad32c826;hp=9a7106e8344b151a0b0c035d81d84dbf2f31723b;hb=851c9f82736c89d423b244a292e153ec7124d309;hpb=f579559b3a14c1f1ef96c372e7626c4733e6ef7d diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c index 9a7106e83..85acc4994 100644 --- a/src/network/networkd-address.c +++ b/src/network/networkd-address.c @@ -21,23 +21,65 @@ #include -#include "networkd.h" - #include "utf8.h" #include "util.h" #include "conf-parser.h" -#include "net-util.h" +#include "fw-util.h" +#include "networkd.h" +#include "networkd-link.h" + +static void address_init(Address *address) { + assert(address); -int address_new(Network *network, Address **ret) { + address->family = AF_UNSPEC; + address->scope = RT_SCOPE_UNIVERSE; + address->cinfo.ifa_prefered = CACHE_INFO_INFINITY_LIFE_TIME; + address->cinfo.ifa_valid = CACHE_INFO_INFINITY_LIFE_TIME; +} + +int address_new_static(Network *network, unsigned section, Address **ret) { _cleanup_address_free_ Address *address = NULL; + if (section) { + address = hashmap_get(network->addresses_by_section, UINT_TO_PTR(section)); + if (address) { + *ret = address; + address = NULL; + + return 0; + } + } + address = new0(Address, 1); if (!address) return -ENOMEM; + address_init(address); + address->network = network; - LIST_PREPEND(addresses, network->addresses, address); + LIST_APPEND(addresses, network->static_addresses, address); + + if (section) { + address->section = section; + hashmap_put(network->addresses_by_section, + UINT_TO_PTR(address->section), address); + } + + *ret = address; + address = NULL; + + return 0; +} + +int address_new_dynamic(Address **ret) { + _cleanup_address_free_ Address *address = NULL; + + address = new0(Address, 1); + if (!address) + return -ENOMEM; + + address_init(address); *ret = address; address = NULL; @@ -49,62 +91,359 @@ void address_free(Address *address) { if (!address) return; - LIST_REMOVE(addresses, address->network->addresses, address); + if (address->network) { + LIST_REMOVE(addresses, address->network->static_addresses, address); + + if (address->section) + hashmap_remove(address->network->addresses_by_section, + UINT_TO_PTR(address->section)); + } - free(address->label); free(address); } -int address_configure(Manager *manager, Address *address, Link *link) { - _cleanup_sd_rtnl_message_unref_ sd_rtnl_message *req = NULL; +int address_establish(Address *address, Link *link) { + bool masq; int r; - r = sd_rtnl_message_addr_new(RTM_NEWADDR, link->ifindex, - address->family, address->prefixlen, - IFA_F_PERMANENT, RT_SCOPE_UNIVERSE, &req); + assert(address); + assert(link); + + masq = link->network && + link->network->ip_masquerade && + address->family == AF_INET && + address->scope < RT_SCOPE_LINK; + + /* Add firewall entry if this is requested */ + if (address->ip_masquerade_done != masq) { + union in_addr_union masked = address->in_addr; + in_addr_mask(address->family, &masked, address->prefixlen); + + r = fw_add_masquerade(masq, AF_INET, 0, &masked, address->prefixlen, NULL, NULL, 0); + if (r < 0) + log_link_warning_errno(link, r, "Could not enable IP masquerading: %m"); + + address->ip_masquerade_done = masq; + } + + return 0; +} + +int address_release(Address *address, Link *link) { + int r; + + assert(address); + assert(link); + + /* Remove masquerading firewall entry if it was added */ + if (address->ip_masquerade_done) { + union in_addr_union masked = address->in_addr; + in_addr_mask(address->family, &masked, address->prefixlen); + + r = fw_add_masquerade(false, AF_INET, 0, &masked, address->prefixlen, NULL, NULL, 0); + if (r < 0) + log_link_warning_errno(link, r, "Failed to disable IP masquerading: %m"); + + address->ip_masquerade_done = false; + } + + return 0; +} + +int address_drop(Address *address, Link *link, + sd_rtnl_message_handler_t callback) { + _cleanup_rtnl_message_unref_ sd_rtnl_message *req = NULL; + int r; + + assert(address); + assert(address->family == AF_INET || address->family == AF_INET6); + assert(link); + assert(link->ifindex > 0); + assert(link->manager); + assert(link->manager->rtnl); + + address_release(address, link); + + r = sd_rtnl_message_new_addr(link->manager->rtnl, &req, RTM_DELADDR, + link->ifindex, address->family); + if (r < 0) + return log_error_errno(r, "Could not allocate RTM_DELADDR message: %m"); + + r = sd_rtnl_message_addr_set_prefixlen(req, address->prefixlen); + if (r < 0) + return log_error_errno(r, "Could not set prefixlen: %m"); + + if (address->family == AF_INET) + r = sd_rtnl_message_append_in_addr(req, IFA_LOCAL, &address->in_addr.in); + else if (address->family == AF_INET6) + r = sd_rtnl_message_append_in6_addr(req, IFA_LOCAL, &address->in_addr.in6); + if (r < 0) + return log_error_errno(r, "Could not append IFA_LOCAL attribute: %m"); + + r = sd_rtnl_call_async(link->manager->rtnl, req, callback, link, 0, NULL); + if (r < 0) + return log_error_errno(r, "Could not send rtnetlink message: %m"); + + link_ref(link); + + return 0; +} + +int address_update(Address *address, Link *link, + sd_rtnl_message_handler_t callback) { + _cleanup_rtnl_message_unref_ sd_rtnl_message *req = NULL; + int r; + + assert(address); + assert(address->family == AF_INET || address->family == AF_INET6); + assert(link->ifindex > 0); + assert(link->manager); + assert(link->manager->rtnl); + + r = sd_rtnl_message_new_addr_update(link->manager->rtnl, &req, + link->ifindex, address->family); + if (r < 0) + return log_error_errno(r, "Could not allocate RTM_NEWADDR message: %m"); + + r = sd_rtnl_message_addr_set_prefixlen(req, address->prefixlen); + if (r < 0) + return log_error_errno(r, "Could not set prefixlen: %m"); + + address->flags |= IFA_F_PERMANENT; + + r = sd_rtnl_message_addr_set_flags(req, address->flags & 0xff); + if (r < 0) + return log_error_errno(r, "Could not set flags: %m"); + + if (address->flags & ~0xff) { + r = sd_rtnl_message_append_u32(req, IFA_FLAGS, address->flags); + if (r < 0) + return log_error_errno(r, "Could not set extended flags: %m"); + } + + r = sd_rtnl_message_addr_set_scope(req, address->scope); + if (r < 0) + return log_error_errno(r, "Could not set scope: %m"); + + if (address->family == AF_INET) + r = sd_rtnl_message_append_in_addr(req, IFA_LOCAL, &address->in_addr.in); + else if (address->family == AF_INET6) + r = sd_rtnl_message_append_in6_addr(req, IFA_LOCAL, &address->in_addr.in6); + if (r < 0) + return log_error_errno(r, "Could not append IFA_LOCAL attribute: %m"); + + if (address->family == AF_INET) { + r = sd_rtnl_message_append_in_addr(req, IFA_BROADCAST, &address->broadcast); + if (r < 0) + return log_error_errno(r, "Could not append IFA_BROADCAST attribute: %m"); + } + + if (address->label) { + r = sd_rtnl_message_append_string(req, IFA_LABEL, address->label); + if (r < 0) + return log_error_errno(r, "Could not append IFA_LABEL attribute: %m"); + } + + r = sd_rtnl_message_append_cache_info(req, IFA_CACHEINFO, &address->cinfo); + if (r < 0) + return log_error_errno(r, "Could not append IFA_CACHEINFO attribute: %m"); + + r = sd_rtnl_call_async(link->manager->rtnl, req, callback, link, 0, NULL); + if (r < 0) + return log_error_errno(r, "Could not send rtnetlink message: %m"); + + link_ref(link); + + return 0; +} + +static int address_acquire(Link *link, Address *original, Address **ret) { + union in_addr_union in_addr = {}; + struct in_addr broadcast = {}; + _cleanup_address_free_ Address *na = NULL; + int r; + + assert(link); + assert(original); + assert(ret); + + /* Something useful was configured? just use it */ + if (in_addr_is_null(original->family, &original->in_addr) <= 0) + return 0; + + /* The address is configured to be 0.0.0.0 or [::] by the user? + * Then let's acquire something more useful from the pool. */ + r = manager_address_pool_acquire(link->manager, original->family, original->prefixlen, &in_addr); if (r < 0) { - log_error("Could not allocate RTM_NEWADDR message: %s", - strerror(-r)); + log_link_error(link, "Failed to acquire address from pool: %s", strerror(-r)); return r; } + if (r == 0) { + log_link_error(link, "Couldn't find free address for interface, all taken."); + return -EBUSY; + } - r = sd_rtnl_message_append(req, IFA_LOCAL, &address->in_addr); - if (r < 0) { - log_error("Could not append IFA_LOCAL attribute: %s", - strerror(-r)); + if (original->family == AF_INET) { + /* Pick first address in range for ourselves ... */ + in_addr.in.s_addr = in_addr.in.s_addr | htobe32(1); + + /* .. and use last as broadcast address */ + broadcast.s_addr = in_addr.in.s_addr | htobe32(0xFFFFFFFFUL >> original->prefixlen); + } else if (original->family == AF_INET6) + in_addr.in6.s6_addr[15] |= 1; + + r = address_new_dynamic(&na); + if (r < 0) return r; + + na->family = original->family; + na->prefixlen = original->prefixlen; + na->scope = original->scope; + na->cinfo = original->cinfo; + + if (original->label) { + na->label = strdup(original->label); + if (!na->label) + return -ENOMEM; } - if (address->family == AF_INET) { - struct in_addr broadcast; + na->broadcast = broadcast; + na->in_addr = in_addr; - broadcast.s_addr = address->in_addr.in.s_addr | - htonl(0xfffffffflu >> address->prefixlen); + LIST_PREPEND(addresses, link->pool_addresses, na); - r = sd_rtnl_message_append(req, IFA_BROADCAST, &broadcast); - if (r < 0) { - log_error("Could not append IFA_BROADCAST attribute: %s", - strerror(-r)); - return r; + *ret = na; + na = NULL; + + return 0; +} + +int address_configure(Address *address, Link *link, + sd_rtnl_message_handler_t callback) { + _cleanup_rtnl_message_unref_ sd_rtnl_message *req = NULL; + int r; + + assert(address); + assert(address->family == AF_INET || address->family == AF_INET6); + assert(link); + assert(link->ifindex > 0); + assert(link->manager); + assert(link->manager->rtnl); + + r = address_acquire(link, address, &address); + if (r < 0) + return r; + + r = sd_rtnl_message_new_addr(link->manager->rtnl, &req, RTM_NEWADDR, + link->ifindex, address->family); + if (r < 0) + return log_error_errno(r, "Could not allocate RTM_NEWADDR message: %m"); + + r = sd_rtnl_message_addr_set_prefixlen(req, address->prefixlen); + if (r < 0) + return log_error_errno(r, "Could not set prefixlen: %m"); + + address->flags |= IFA_F_PERMANENT; + + r = sd_rtnl_message_addr_set_flags(req, (address->flags & 0xff)); + if (r < 0) + return log_error_errno(r, "Could not set flags: %m"); + + if (address->flags & ~0xff) { + r = sd_rtnl_message_append_u32(req, IFA_FLAGS, address->flags); + if (r < 0) + return log_error_errno(r, "Could not set extended flags: %m"); + } + + r = sd_rtnl_message_addr_set_scope(req, address->scope); + if (r < 0) + return log_error_errno(r, "Could not set scope: %m"); + + if (address->family == AF_INET) + r = sd_rtnl_message_append_in_addr(req, IFA_LOCAL, &address->in_addr.in); + else if (address->family == AF_INET6) + r = sd_rtnl_message_append_in6_addr(req, IFA_LOCAL, &address->in_addr.in6); + if (r < 0) + return log_error_errno(r, "Could not append IFA_LOCAL attribute: %m"); + + if (!in_addr_is_null(address->family, &address->in_addr_peer)) { + if (address->family == AF_INET) + r = sd_rtnl_message_append_in_addr(req, IFA_ADDRESS, &address->in_addr_peer.in); + else if (address->family == AF_INET6) + r = sd_rtnl_message_append_in6_addr(req, IFA_ADDRESS, &address->in_addr_peer.in6); + if (r < 0) + return log_error_errno(r, "Could not append IFA_ADDRESS attribute: %m"); + } else { + if (address->family == AF_INET) { + r = sd_rtnl_message_append_in_addr(req, IFA_BROADCAST, &address->broadcast); + if (r < 0) + return log_error_errno(r, "Could not append IFA_BROADCAST attribute: %m"); } } if (address->label) { - r = sd_rtnl_message_append(req, IFA_LABEL, address->label); - if (r < 0) { - log_error("Could not append IFA_LABEL attribute: %s", - strerror(-r)); - return r; - } + r = sd_rtnl_message_append_string(req, IFA_LABEL, address->label); + if (r < 0) + return log_error_errno(r, "Could not append IFA_LABEL attribute: %m"); } - r = sd_rtnl_send_with_reply_and_block(manager->rtnl, req, 0, NULL); + r = sd_rtnl_message_append_cache_info(req, IFA_CACHEINFO, + &address->cinfo); + if (r < 0) + return log_error_errno(r, "Could not append IFA_CACHEINFO attribute: %m"); + + r = sd_rtnl_call_async(link->manager->rtnl, req, callback, link, 0, NULL); + if (r < 0) + return log_error_errno(r, "Could not send rtnetlink message: %m"); + + link_ref(link); + + address_establish(address, link); + + return 0; +} + +int config_parse_broadcast( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + Network *network = userdata; + _cleanup_address_free_ Address *n = NULL; + int r; + + assert(filename); + assert(section); + assert(lvalue); + assert(rvalue); + assert(data); + + r = address_new_static(network, section_line, &n); + if (r < 0) + return r; + + if (n->family == AF_INET6) { + log_syntax(unit, LOG_ERR, filename, line, EINVAL, + "Broadcast is not valid for IPv6 addresses, ignoring assignment: %s", rvalue); + return 0; + } + + r = in_addr_from_string(AF_INET, rvalue, (union in_addr_union*) &n->broadcast); if (r < 0) { - log_error("Could not configure address: %s", strerror(-r)); - return r != -EEXIST ? r : 0; + log_syntax(unit, LOG_ERR, filename, line, EINVAL, + "Broadcast is invalid, ignoring assignment: %s", rvalue); + return 0; } - log_info("Configured interface address"); + n->family = AF_INET; + n = NULL; return 0; } @@ -113,22 +452,32 @@ int config_parse_address(const char *unit, const char *filename, unsigned line, const char *section, + unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata) { + + Network *network = userdata; _cleanup_address_free_ Address *n = NULL; - _cleanup_free_ char *address = NULL; - const char *e; - int r; + const char *address, *e; + union in_addr_union buffer; + int r, f; assert(filename); + assert(section); assert(lvalue); assert(rvalue); assert(data); - r = address_new(userdata, &n); + if (streq(section, "Network")) { + /* we are not in an Address section, so treat + * this as the special '0' section */ + section_line = 0; + } + + r = address_new_static(network, section_line, &n); if (r < 0) return r; @@ -141,29 +490,146 @@ int config_parse_address(const char *unit, r = safe_atou(e + 1, &i); if (r < 0) { log_syntax(unit, LOG_ERR, filename, line, EINVAL, - "Interface prefix length is invalid, " - "ignoring assignment: %s", e + 1); + "Prefix length is invalid, ignoring assignment: %s", e + 1); return 0; } n->prefixlen = (unsigned char) i; - address = strndup(rvalue, e - rvalue); - if (!address) - return log_oom(); - } else { - address = strdup(rvalue); - if (!address) - return log_oom(); - } - r = net_parse_inaddr(address, &n->family, &n->in_addr); + address = strndupa(rvalue, e - rvalue); + } else + address = rvalue; + + r = in_addr_from_string_auto(address, &f, &buffer); if (r < 0) { log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Address is invalid, ignoring assignment: %s", address); return 0; } + if (!e && f == AF_INET) { + r = in_addr_default_prefixlen(&buffer.in, &n->prefixlen); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, EINVAL, + "Prefix length not specified, and a default one can not be deduced for '%s', ignoring assignment", address); + return 0; + } + } + + if (n->family != AF_UNSPEC && f != n->family) { + log_syntax(unit, LOG_ERR, filename, line, EINVAL, + "Address is incompatible, ignoring assignment: %s", address); + return 0; + } + + n->family = f; + + if (streq(lvalue, "Address")) + n->in_addr = buffer; + else + n->in_addr_peer = buffer; + + if (n->family == AF_INET && n->broadcast.s_addr == 0) + n->broadcast.s_addr = n->in_addr.in.s_addr | htonl(0xfffffffflu >> n->prefixlen); + n = NULL; return 0; } + +int config_parse_label(const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + Network *network = userdata; + _cleanup_address_free_ Address *n = NULL; + char *label; + int r; + + assert(filename); + assert(section); + assert(lvalue); + assert(rvalue); + assert(data); + + r = address_new_static(network, section_line, &n); + if (r < 0) + return r; + + label = strdup(rvalue); + if (!label) + return log_oom(); + + if (!ascii_is_valid(label) || strlen(label) >= IFNAMSIZ) { + log_syntax(unit, LOG_ERR, filename, line, EINVAL, + "Interface label is not ASCII clean or is too" + " long, ignoring assignment: %s", rvalue); + free(label); + return 0; + } + + free(n->label); + if (*label) + n->label = label; + else { + free(label); + n->label = NULL; + } + + n = NULL; + + return 0; +} + +bool address_equal(Address *a1, Address *a2) { + /* same object */ + if (a1 == a2) + return true; + + /* one, but not both, is NULL */ + if (!a1 || !a2) + return false; + + if (a1->family != a2->family) + return false; + + switch (a1->family) { + /* use the same notion of equality as the kernel does */ + case AF_UNSPEC: + return true; + + case AF_INET: + if (a1->prefixlen != a2->prefixlen) + return false; + else if (a1->prefixlen == 0) + /* make sure we don't try to shift by 32. + * See ISO/IEC 9899:TC3 § 6.5.7.3. */ + return true; + else { + uint32_t b1, b2; + + b1 = be32toh(a1->in_addr.in.s_addr); + b2 = be32toh(a2->in_addr.in.s_addr); + + return (b1 >> (32 - a1->prefixlen)) == (b2 >> (32 - a1->prefixlen)); + } + + case AF_INET6: { + uint64_t *b1, *b2; + + b1 = (uint64_t*)&a1->in_addr.in6; + b2 = (uint64_t*)&a2->in_addr.in6; + + return (((b1[0] ^ b2[0]) | (b1[1] ^ b2[1])) == 0UL); + } + + default: + assert_not_reached("Invalid address family"); + } +}