2 * netifd - network interface daemon
3 * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
4 * Copyright (C) 2012 Steven Barth <steven@midlink.org>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2
8 * as published by the Free Software Foundation
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
20 #include <arpa/inet.h>
21 #include <netinet/in.h>
25 #include "interface.h"
26 #include "interface-ip.h"
46 static const struct blobmsg_policy route_attr[__ROUTE_MAX] = {
47 [ROUTE_INTERFACE] = { .name = "interface", .type = BLOBMSG_TYPE_STRING },
48 [ROUTE_TARGET] = { .name = "target", .type = BLOBMSG_TYPE_STRING },
49 [ROUTE_MASK] = { .name = "netmask", .type = BLOBMSG_TYPE_STRING },
50 [ROUTE_GATEWAY] = { .name = "gateway", .type = BLOBMSG_TYPE_STRING },
51 [ROUTE_METRIC] = { .name = "metric", .type = BLOBMSG_TYPE_INT32 },
52 [ROUTE_MTU] = { .name = "mtu", .type = BLOBMSG_TYPE_INT32 },
53 [ROUTE_TABLE] = { .name = "table", .type = BLOBMSG_TYPE_STRING },
54 [ROUTE_VALID] = { .name = "valid", .type = BLOBMSG_TYPE_INT32 },
55 [ROUTE_SOURCE] = { .name = "source", .type = BLOBMSG_TYPE_STRING },
56 [ROUTE_ONLINK] = { .name = "onlink", .type = BLOBMSG_TYPE_BOOL },
57 [ROUTE_TYPE] = { .name = "type", .type = BLOBMSG_TYPE_STRING }
60 const struct uci_blob_param_list route_attr_list = {
61 .n_params = __ROUTE_MAX,
66 struct list_head prefixes = LIST_HEAD_INIT(prefixes);
67 static struct device_prefix *ula_prefix = NULL;
68 static struct uloop_timeout valid_until_timeout;
72 clear_if_addr(union if_addr *a, int mask)
74 int m_bytes = (mask + 7) / 8;
75 uint8_t m_clear = (1 << (m_bytes * 8 - mask)) - 1;
76 uint8_t *p = (uint8_t *) a;
78 if (m_bytes < sizeof(*a))
79 memset(p + m_bytes, 0, sizeof(*a) - m_bytes);
81 p[m_bytes - 1] &= ~m_clear;
85 match_if_addr(union if_addr *a1, union if_addr *a2, int mask)
87 union if_addr *p1, *p2;
89 p1 = alloca(sizeof(*a1));
90 p2 = alloca(sizeof(*a2));
92 memcpy(p1, a1, sizeof(*a1));
93 clear_if_addr(p1, mask);
94 memcpy(p2, a2, sizeof(*a2));
95 clear_if_addr(p2, mask);
97 return !memcmp(p1, p2, sizeof(*p1));
100 static int set_ip_source_policy(bool add, bool v6, unsigned int priority,
101 const union if_addr *addr, uint8_t mask, unsigned int table,
102 struct interface *in_iface, const char *action, bool src)
104 struct iprule rule = {
105 .flags = IPRULE_PRIORITY,
111 rule.flags |= IPRULE_SRC;
112 rule.src_addr = *addr;
113 rule.src_mask = mask;
115 rule.flags |= IPRULE_DEST;
116 rule.dest_addr = *addr;
117 rule.dest_mask = mask;
122 rule.flags |= IPRULE_LOOKUP;
128 rule.flags |= IPRULE_ACTION;
129 system_resolve_iprule_action(action, &rule.action);
132 if (in_iface && in_iface->l3_dev.dev) {
133 rule.flags |= IPRULE_IN;
134 strcpy(rule.in_dev, in_iface->l3_dev.dev->ifname);
137 rule.flags |= (v6) ? IPRULE_INET6 : IPRULE_INET4;
139 return (add) ? system_add_iprule(&rule) : system_del_iprule(&rule);
142 static int set_ip_lo_policy(bool add, bool v6, struct interface *iface)
144 struct iprule rule = {
145 .flags = IPRULE_IN | IPRULE_LOOKUP | IPRULE_PRIORITY,
146 .priority = IPRULE_PRIORITY_NW + iface->l3_dev.dev->ifindex,
147 .lookup = (v6) ? iface->ip6table : iface->ip4table,
154 rule.flags |= (v6) ? IPRULE_INET6 : IPRULE_INET4;
156 return (add) ? system_add_iprule(&rule) : system_del_iprule(&rule);
160 __find_ip_addr_target(struct interface_ip_settings *ip, union if_addr *a, bool v6)
162 struct device_addr *addr;
164 vlist_for_each_element(&ip->addr, addr, node) {
168 if (v6 != ((addr->flags & DEVADDR_FAMILY) == DEVADDR_INET6))
171 // Handle offlink addresses correctly
172 unsigned int mask = addr->mask;
173 if ((addr->flags & DEVADDR_FAMILY) == DEVADDR_INET6 &&
174 (addr->flags & DEVADDR_OFFLINK))
177 if (!match_if_addr(&addr->addr, a, mask))
187 __find_ip_route_target(struct interface_ip_settings *ip, union if_addr *a,
188 bool v6, struct device_route **res)
190 struct device_route *route;
192 vlist_for_each_element(&ip->route, route, node) {
196 if (v6 != ((route->flags & DEVADDR_FAMILY) == DEVADDR_INET6))
199 if (!match_if_addr(&route->addr, a, route->mask))
202 if (route->flags & DEVROUTE_TABLE)
205 if (!*res || route->mask < (*res)->mask)
211 interface_ip_find_addr_target(struct interface *iface, union if_addr *a, bool v6)
213 return __find_ip_addr_target(&iface->proto_ip, a, v6) ||
214 __find_ip_addr_target(&iface->config_ip, a, v6);
218 interface_ip_find_route_target(struct interface *iface, union if_addr *a,
219 bool v6, struct device_route **route)
221 __find_ip_route_target(&iface->proto_ip, a, v6, route);
222 __find_ip_route_target(&iface->config_ip, a, v6, route);
226 interface_ip_add_target_route(union if_addr *addr, bool v6, struct interface *iface)
228 struct device_route *route, *r_next = NULL;
229 bool defaultroute_target = false;
230 int addrsize = v6 ? sizeof(addr->in6) : sizeof(addr->in);
232 route = calloc(1, sizeof(*route));
236 route->flags = v6 ? DEVADDR_INET6 : DEVADDR_INET4;
237 route->mask = v6 ? 128 : 32;
238 if (memcmp(&route->addr, addr, addrsize) == 0)
239 defaultroute_target = true;
241 memcpy(&route->addr, addr, addrsize);
244 /* look for locally addressable target first */
245 if (interface_ip_find_addr_target(iface, addr, v6))
248 /* do not stop at the first route, let the lookup compare
249 * masks to find the best match */
250 interface_ip_find_route_target(iface, addr, v6, &r_next);
252 vlist_for_each_element(&interfaces, iface, node) {
253 /* look for locally addressable target first */
254 if (interface_ip_find_addr_target(iface, addr, v6))
257 /* do not stop at the first route, let the lookup compare
258 * masks to find the best match */
259 interface_ip_find_route_target(iface, addr, v6, &r_next);
268 iface = r_next->iface;
269 memcpy(&route->nexthop, &r_next->nexthop, sizeof(route->nexthop));
270 route->mtu = r_next->mtu;
271 route->metric = r_next->metric;
272 route->table = r_next->table;
275 route->iface = iface;
276 if (defaultroute_target)
279 vlist_add(&iface->host_routes, &route->node, route);
284 interface_set_route_info(struct interface *iface, struct device_route *route)
286 bool v6 = ((route->flags & DEVADDR_FAMILY) == DEVADDR_INET6);
291 if (!(route->flags & DEVROUTE_METRIC))
292 route->metric = iface->metric;
294 if (!(route->flags & DEVROUTE_TABLE)) {
295 route->table = (v6) ? iface->ip6table : iface->ip4table;
297 route->flags |= DEVROUTE_SRCTABLE;
302 interface_ip_add_route(struct interface *iface, struct blob_attr *attr, bool v6)
304 struct interface_ip_settings *ip;
305 struct blob_attr *tb[__ROUTE_MAX], *cur;
306 struct device_route *route;
307 int af = v6 ? AF_INET6 : AF_INET;
309 blobmsg_parse(route_attr, __ROUTE_MAX, tb, blobmsg_data(attr), blobmsg_data_len(attr));
312 if ((cur = tb[ROUTE_INTERFACE]) == NULL)
315 iface = vlist_find(&interfaces, blobmsg_data(cur), iface, node);
319 ip = &iface->config_ip;
321 ip = &iface->proto_ip;
324 route = calloc(1, sizeof(*route));
328 route->flags = v6 ? DEVADDR_INET6 : DEVADDR_INET4;
329 route->mask = v6 ? 128 : 32;
330 if ((cur = tb[ROUTE_MASK]) != NULL) {
331 route->mask = parse_netmask_string(blobmsg_data(cur), v6);
332 if (route->mask > (v6 ? 128 : 32))
336 if ((cur = tb[ROUTE_TARGET]) != NULL) {
337 if (!parse_ip_and_netmask(af, blobmsg_data(cur), &route->addr, &route->mask)) {
338 DPRINTF("Failed to parse route target: %s\n", (char *) blobmsg_data(cur));
343 if ((cur = tb[ROUTE_GATEWAY]) != NULL) {
344 if (!inet_pton(af, blobmsg_data(cur), &route->nexthop)) {
345 DPRINTF("Failed to parse route gateway: %s\n", (char *) blobmsg_data(cur));
350 if ((cur = tb[ROUTE_METRIC]) != NULL) {
351 route->metric = blobmsg_get_u32(cur);
352 route->flags |= DEVROUTE_METRIC;
355 if ((cur = tb[ROUTE_MTU]) != NULL) {
356 route->mtu = blobmsg_get_u32(cur);
357 route->flags |= DEVROUTE_MTU;
360 // Use source-based routing
361 if ((cur = tb[ROUTE_SOURCE]) != NULL) {
362 char *saveptr, *source = alloca(blobmsg_data_len(cur));
363 memcpy(source, blobmsg_data(cur), blobmsg_data_len(cur));
365 const char *addr = strtok_r(source, "/", &saveptr);
366 const char *mask = strtok_r(NULL, "/", &saveptr);
368 if (!addr || inet_pton(af, addr, &route->source) < 1) {
369 DPRINTF("Failed to parse route source: %s\n", addr ? addr : "NULL");
373 route->sourcemask = (mask) ? atoi(mask) : ((af == AF_INET6) ? 128 : 32);
376 if ((cur = tb[ROUTE_ONLINK]) != NULL && blobmsg_get_bool(cur))
377 route->flags |= DEVROUTE_ONLINK;
379 if ((cur = tb[ROUTE_TABLE]) != NULL) {
380 if (!system_resolve_rt_table(blobmsg_data(cur), &route->table)) {
381 DPRINTF("Failed to resolve routing table: %s\n", (char *) blobmsg_data(cur));
385 /* only set the table flag if not using the main (default) table */
386 if (system_is_default_rt_table(route->table))
390 route->flags |= DEVROUTE_TABLE;
393 if ((cur = tb[ROUTE_VALID]) != NULL) {
394 int64_t valid = blobmsg_get_u32(cur);
395 int64_t valid_until = valid + (int64_t)system_get_rtime();
396 if (valid_until <= LONG_MAX && valid != 0xffffffffLL) // Catch overflow
397 route->valid_until = valid_until;
400 if ((cur = tb[ROUTE_TYPE]) != NULL) {
401 if (!system_resolve_rt_type(blobmsg_data(cur), &route->type)) {
402 DPRINTF("Failed to resolve routing type: %s\n", (char *) blobmsg_data(cur));
405 route->flags |= DEVROUTE_TYPE;
408 interface_set_route_info(iface, route);
409 vlist_add(&ip->route, &route->node, route);
417 addr_cmp(const void *k1, const void *k2, void *ptr)
419 return memcmp(k1, k2, sizeof(struct device_addr) -
420 offsetof(struct device_addr, flags));
424 route_cmp(const void *k1, const void *k2, void *ptr)
426 const struct device_route *r1 = k1, *r2 = k2;
428 if (r1->mask != r2->mask)
429 return r2->mask - r1->mask;
431 if (r1->metric != r2->metric)
432 return r1->metric - r2->metric;
434 if (r1->flags != r2->flags)
435 return r2->flags - r1->flags;
437 if (r1->sourcemask != r2->sourcemask)
438 return r1->sourcemask - r2->sourcemask;
440 if (r1->table != r2->table)
441 return r1->table - r2->table;
443 int maskcmp = memcmp(&r1->source, &r2->source, sizeof(r1->source));
447 return memcmp(&r1->addr, &r2->addr, sizeof(r1->addr));
451 prefix_cmp(const void *k1, const void *k2, void *ptr)
453 return memcmp(k1, k2, offsetof(struct device_prefix, pclass) -
454 offsetof(struct device_prefix, addr));
458 interface_handle_subnet_route(struct interface *iface, struct device_addr *addr, bool add)
460 struct device *dev = iface->l3_dev.dev;
461 struct device_route *r = &addr->subnet;
463 if (addr->flags & DEVADDR_OFFLINK)
467 if (!addr->subnet.iface)
470 system_del_route(dev, r);
471 memset(r, 0, sizeof(*r));
476 r->flags = addr->flags;
477 r->mask = addr->mask;
478 memcpy(&r->addr, &addr->addr, sizeof(r->addr));
479 clear_if_addr(&r->addr, r->mask);
481 r->flags |= DEVADDR_KERNEL;
482 system_del_route(dev, r);
484 r->flags &= ~DEVADDR_KERNEL;
485 interface_set_route_info(iface, r);
487 system_add_route(dev, r);
491 interface_add_addr_rules(struct device_addr *addr, bool enabled)
493 bool v6 = (addr->flags & DEVADDR_FAMILY) == DEVADDR_INET6;
495 set_ip_source_policy(enabled, v6, IPRULE_PRIORITY_ADDR, &addr->addr,
496 (v6) ? 128 : 32, addr->policy_table, NULL, NULL,
498 set_ip_source_policy(enabled, v6, IPRULE_PRIORITY_ADDR_MASK,
499 &addr->addr, addr->mask, addr->policy_table, NULL,
504 interface_update_proto_addr(struct vlist_tree *tree,
505 struct vlist_node *node_new,
506 struct vlist_node *node_old)
508 struct interface_ip_settings *ip;
509 struct interface *iface;
511 struct device_addr *a_new = NULL, *a_old = NULL;
512 bool replace = false;
516 ip = container_of(tree, struct interface_ip_settings, addr);
518 dev = iface->l3_dev.dev;
520 if (!node_new || !node_old)
521 iface->updated |= IUF_ADDRESS;
524 a_new = container_of(node_new, struct device_addr, node);
526 if ((a_new->flags & DEVADDR_FAMILY) == DEVADDR_INET4 &&
529 /* /31 and /32 addressing need 255.255.255.255
530 * as broadcast address. */
531 if (a_new->mask >= 31) {
532 a_new->broadcast = (uint32_t) ~0;
535 uint32_t *a = (uint32_t *) &a_new->addr;
537 mask >>= a_new->mask;
538 a_new->broadcast = *a | htonl(mask);
544 a_old = container_of(node_old, struct device_addr, node);
546 if (a_new && a_old) {
549 if (a_old->flags != a_new->flags || a_old->failed)
552 if (a_old->valid_until != a_new->valid_until ||
553 a_old->preferred_until != a_new->preferred_until)
556 if ((a_new->flags & DEVADDR_FAMILY) == DEVADDR_INET4 &&
557 a_new->broadcast != a_old->broadcast)
562 if (a_old->enabled && !keep) {
563 //This is needed for source routing to work correctly. If a device
564 //has two connections to a network using the same subnet, adding
565 //only the network-rule will cause packets to be routed through the
566 //first matching network (source IP matches both masks).
567 if (a_old->policy_table)
568 interface_add_addr_rules(a_old, false);
570 if (!(a_old->flags & DEVADDR_EXTERNAL)) {
571 interface_handle_subnet_route(iface, a_old, false);
572 system_del_address(dev, a_old);
580 a_new->enabled = true;
582 if ((a_new->flags & DEVADDR_FAMILY) == DEVADDR_INET6)
585 a_new->policy_table = (v6) ? iface->ip6table : iface->ip4table;
587 if (!keep || replace) {
588 if (!(a_new->flags & DEVADDR_EXTERNAL)) {
589 if (system_add_address(dev, a_new))
590 a_new->failed = true;
592 if (iface->metric || a_new->policy_table)
593 interface_handle_subnet_route(iface, a_new, true);
597 if (a_new->policy_table)
598 interface_add_addr_rules(a_new, true);
605 enable_route(struct interface_ip_settings *ip, struct device_route *route)
607 if (ip->no_defaultroute && !route->mask)
614 interface_update_proto_route(struct vlist_tree *tree,
615 struct vlist_node *node_new,
616 struct vlist_node *node_old)
618 struct interface_ip_settings *ip;
619 struct interface *iface;
621 struct device_route *route_old, *route_new;
624 ip = container_of(tree, struct interface_ip_settings, route);
626 dev = iface->l3_dev.dev;
628 if (!node_new || !node_old)
629 iface->updated |= IUF_ROUTE;
631 route_old = container_of(node_old, struct device_route, node);
632 route_new = container_of(node_new, struct device_route, node);
634 if (node_old && node_new)
635 keep = !memcmp(&route_old->nexthop, &route_new->nexthop, sizeof(route_old->nexthop)) &&
636 (route_old->mtu == route_new->mtu) && (route_old->type == route_new->type) &&
640 if (!(route_old->flags & DEVADDR_EXTERNAL) && route_old->enabled && !keep)
641 system_del_route(dev, route_old);
647 bool _enabled = enable_route(ip, route_new);
649 if (!(route_new->flags & DEVADDR_EXTERNAL) && !keep && _enabled)
650 if (system_add_route(dev, route_new))
651 route_new->failed = true;
653 route_new->iface = iface;
654 route_new->enabled = _enabled;
659 interface_update_host_route(struct vlist_tree *tree,
660 struct vlist_node *node_new,
661 struct vlist_node *node_old)
663 struct interface *iface;
665 struct device_route *route_old, *route_new;
667 iface = container_of(tree, struct interface, host_routes);
668 dev = iface->l3_dev.dev;
670 route_old = container_of(node_old, struct device_route, node);
671 route_new = container_of(node_new, struct device_route, node);
674 system_del_route(dev, route_old);
679 if (system_add_route(dev, route_new))
680 route_new->failed = true;
685 random_ifaceid(struct in6_addr *addr)
687 static bool initialized = false;
692 gettimeofday(&t, NULL);
693 seed = t.tv_sec ^ t.tv_usec ^ getpid();
697 addr->s6_addr32[2] = (uint32_t)mrand48();
698 addr->s6_addr32[3] = (uint32_t)mrand48();
702 eui64_ifaceid(struct interface *iface, struct in6_addr *addr)
704 /* get mac address */
705 uint8_t *macaddr = iface->l3_dev.dev->settings.macaddr;
706 uint8_t *ifaceid = addr->s6_addr + 8;
707 memcpy(ifaceid,macaddr,3);
708 memcpy(ifaceid + 5,macaddr + 3, 3);
715 generate_ifaceid(struct interface *iface, struct in6_addr *addr)
717 /* generate new iface id */
718 switch (iface->assignment_iface_id_selection) {
721 /* copy host part from assignment_fixed_iface_id */
722 memcpy(addr->s6_addr + 8, iface->assignment_fixed_iface_id.s6_addr + 8, 8);
725 /* randomize last 64 bits */
726 random_ifaceid(addr);
730 eui64_ifaceid(iface, addr);
736 interface_set_prefix_address(struct device_prefix_assignment *assignment,
737 const struct device_prefix *prefix, struct interface *iface, bool add)
739 const struct interface *uplink = prefix->iface;
740 if (!iface->l3_dev.dev)
743 struct device *l3_downlink = iface->l3_dev.dev;
745 struct device_addr addr;
746 struct device_route route;
747 memset(&addr, 0, sizeof(addr));
748 memset(&route, 0, sizeof(route));
750 if (IN6_IS_ADDR_UNSPECIFIED(&assignment->addr)) {
751 addr.addr.in6 = prefix->addr;
752 addr.addr.in6.s6_addr32[1] |= htonl(assignment->assigned);
753 generate_ifaceid(iface, &addr.addr.in6);
754 assignment->addr = addr.addr.in6;
757 addr.addr.in6 = assignment->addr;
759 addr.mask = assignment->length;
760 addr.flags = DEVADDR_INET6 | DEVADDR_OFFLINK;
761 addr.preferred_until = prefix->preferred_until;
762 addr.valid_until = prefix->valid_until;
764 route.flags = DEVADDR_INET6;
765 route.mask = addr.mask < 64 ? 64 : addr.mask;
766 route.addr = addr.addr;
767 clear_if_addr(&route.addr, route.mask);
768 interface_set_route_info(iface, &route);
770 if (!add && assignment->enabled) {
771 time_t now = system_get_rtime();
772 addr.preferred_until = now;
773 if (!addr.valid_until || addr.valid_until - now > 7200)
774 addr.valid_until = now + 7200;
777 if (prefix->iface->ip6table)
778 set_ip_source_policy(false, true, IPRULE_PRIORITY_NW, &addr.addr,
779 addr.mask, prefix->iface->ip6table, iface, NULL, true);
781 set_ip_source_policy(false, true, IPRULE_PRIORITY_REJECT, &addr.addr,
782 addr.mask, 0, iface, "unreachable", true);
785 system_del_route(l3_downlink, &route);
786 system_add_address(l3_downlink, &addr);
788 assignment->enabled = false;
789 } else if (add && (iface->state == IFS_UP || iface->state == IFS_SETUP) &&
790 !system_add_address(l3_downlink, &addr)) {
792 if (prefix->iface && !assignment->enabled) {
793 set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
794 addr.mask, 0, iface, "unreachable", true);
796 if (prefix->iface->ip6table)
797 set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
798 addr.mask, prefix->iface->ip6table, iface, NULL, true);
801 route.metric = iface->metric;
802 system_add_route(l3_downlink, &route);
804 if (uplink && uplink->l3_dev.dev && !(l3_downlink->settings.flags & DEV_OPT_MTU6)) {
805 int mtu = system_update_ipv6_mtu(uplink->l3_dev.dev, 0);
806 int mtu_old = system_update_ipv6_mtu(l3_downlink, 0);
808 if (mtu > 0 && mtu_old > mtu)
809 system_update_ipv6_mtu(l3_downlink, mtu);
812 assignment->enabled = true;
816 static bool interface_prefix_assign(struct list_head *list,
817 struct device_prefix_assignment *assign)
819 int32_t current = 0, asize = (1 << (64 - assign->length)) - 1;
820 struct device_prefix_assignment *c;
821 list_for_each_entry(c, list, head) {
822 if (assign->assigned != -1) {
823 if (assign->assigned >= current && assign->assigned + asize < c->assigned) {
824 list_add_tail(&assign->head, &c->head);
827 } else if (assign->assigned == -1) {
828 current = (current + asize) & (~asize);
829 if (current + asize < c->assigned) {
830 assign->assigned = current;
831 list_add_tail(&assign->head, &c->head);
835 current = (c->assigned + (1 << (64 - c->length)));
840 static void interface_update_prefix_assignments(struct device_prefix *prefix, bool setup)
842 struct device_prefix_assignment *c;
843 struct interface *iface;
845 // Delete all assignments
846 while (!list_empty(&prefix->assignments)) {
847 c = list_first_entry(&prefix->assignments,
848 struct device_prefix_assignment, head);
849 if ((iface = vlist_find(&interfaces, c->name, iface, node)))
850 interface_set_prefix_address(c, prefix, iface, false);
858 // End-of-assignment sentinel
859 c = malloc(sizeof(*c) + 1);
863 c->assigned = 1 << (64 - prefix->length);
866 c->addr = in6addr_any;
867 list_add(&c->head, &prefix->assignments);
870 if (prefix->excl_length > 0) {
871 const char name[] = "!excluded";
872 c = malloc(sizeof(*c) + sizeof(name));
874 c->assigned = ntohl(prefix->excl_addr.s6_addr32[1]) &
875 ((1 << (64 - prefix->length)) - 1);
876 c->length = prefix->excl_length;
877 c->addr = in6addr_any;
878 memcpy(c->name, name, sizeof(name));
879 list_add(&c->head, &prefix->assignments);
883 bool assigned_any = false;
884 struct list_head assign_later = LIST_HEAD_INIT(assign_later);
885 vlist_for_each_element(&interfaces, iface, node) {
886 if (iface->assignment_length < 48 ||
887 iface->assignment_length > 64)
890 // Test whether there is a matching class
891 if (!list_empty(&iface->assignment_classes)) {
894 struct interface_assignment_class *c;
895 list_for_each_entry(c, &iface->assignment_classes, head) {
896 if (!strcmp(c->name, prefix->pclass)) {
906 size_t namelen = strlen(iface->name) + 1;
907 c = malloc(sizeof(*c) + namelen);
911 c->length = iface->assignment_length;
912 c->assigned = iface->assignment_hint;
913 c->addr = in6addr_any;
915 memcpy(c->name, iface->name, namelen);
917 // First process all custom assignments, put all others in later-list
918 if (c->assigned == -1 || !interface_prefix_assign(&prefix->assignments, c)) {
919 if (c->assigned != -1) {
921 netifd_log_message(L_WARNING, "Failed to assign requested subprefix "
922 "of size %hhu for %s, trying other\n", c->length, c->name);
925 struct list_head *next = &assign_later;
926 struct device_prefix_assignment *n;
927 list_for_each_entry(n, &assign_later, head) {
928 if (n->length < c->length) {
933 list_add_tail(&c->head, next);
936 if (c->assigned != -1)
940 // Then try to assign all other + failed custom assignments
941 while (!list_empty(&assign_later)) {
942 c = list_first_entry(&assign_later, struct device_prefix_assignment, head);
945 bool assigned = false;
947 assigned = interface_prefix_assign(&prefix->assignments, c);
948 } while (!assigned && ++c->length <= 64);
951 netifd_log_message(L_WARNING, "Failed to assign subprefix "
952 "of size %hhu for %s\n", c->length, c->name);
959 list_for_each_entry(c, &prefix->assignments, head)
960 if ((iface = vlist_find(&interfaces, c->name, iface, node)))
961 interface_set_prefix_address(c, prefix, iface, true);
964 netifd_log_message(L_WARNING, "You have delegated IPv6-prefixes but haven't assigned them "
965 "to any interface. Did you forget to set option ip6assign on your lan-interfaces?");
969 void interface_refresh_assignments(bool hint)
971 static bool refresh = false;
972 if (!hint && refresh) {
973 struct device_prefix *p;
974 list_for_each_entry(p, &prefixes, head)
975 interface_update_prefix_assignments(p, true);
982 interface_update_prefix(struct vlist_tree *tree,
983 struct vlist_node *node_new,
984 struct vlist_node *node_old)
986 struct device_prefix *prefix_old, *prefix_new;
987 prefix_old = container_of(node_old, struct device_prefix, node);
988 prefix_new = container_of(node_new, struct device_prefix, node);
990 struct interface_ip_settings *ip = container_of(tree, struct interface_ip_settings, prefix);
991 if (tree && (!node_new || !node_old))
992 ip->iface->updated |= IUF_PREFIX;
994 struct device_route route;
995 memset(&route, 0, sizeof(route));
996 route.flags = DEVADDR_INET6;
997 route.metric = INT32_MAX;
998 route.mask = (node_new) ? prefix_new->length : prefix_old->length;
999 route.addr.in6 = (node_new) ? prefix_new->addr : prefix_old->addr;
1002 struct device_prefix_assignment *c;
1003 struct interface *iface;
1005 if (node_old && node_new) {
1006 // Move assignments and refresh addresses to update valid times
1007 list_splice(&prefix_old->assignments, &prefix_new->assignments);
1009 list_for_each_entry(c, &prefix_new->assignments, head)
1010 if ((iface = vlist_find(&interfaces, c->name, iface, node)))
1011 interface_set_prefix_address(c, prefix_new, iface, true);
1012 } else if (node_new) {
1013 // Set null-route to avoid routing loops
1014 system_add_route(NULL, &route);
1016 if (!prefix_new->iface || !prefix_new->iface->proto_ip.no_delegation)
1017 interface_update_prefix_assignments(prefix_new, true);
1018 } else if (node_old) {
1019 // Remove null-route
1020 interface_update_prefix_assignments(prefix_old, false);
1021 system_del_route(NULL, &route);
1025 if (prefix_old->head.next)
1026 list_del(&prefix_old->head);
1030 if (node_new && (!prefix_new->iface || !prefix_new->iface->proto_ip.no_delegation))
1031 list_add(&prefix_new->head, &prefixes);
1035 struct device_prefix*
1036 interface_ip_add_device_prefix(struct interface *iface, struct in6_addr *addr,
1037 uint8_t length, time_t valid_until, time_t preferred_until,
1038 struct in6_addr *excl_addr, uint8_t excl_length, const char *pclass)
1041 pclass = (iface) ? iface->name : "local";
1043 struct device_prefix *prefix = calloc(1, sizeof(*prefix) + strlen(pclass) + 1);
1047 prefix->length = length;
1048 prefix->addr = *addr;
1049 prefix->preferred_until = preferred_until;
1050 prefix->valid_until = valid_until;
1051 prefix->iface = iface;
1052 INIT_LIST_HEAD(&prefix->assignments);
1055 prefix->excl_addr = *excl_addr;
1056 prefix->excl_length = excl_length;
1059 strcpy(prefix->pclass, pclass);
1062 vlist_add(&iface->proto_ip.prefix, &prefix->node, &prefix->addr);
1064 interface_update_prefix(NULL, &prefix->node, NULL);
1070 interface_ip_set_ula_prefix(const char *prefix)
1072 char buf[INET6_ADDRSTRLEN + 4] = {0}, *saveptr;
1074 strncpy(buf, prefix, sizeof(buf) - 1);
1075 char *prefixaddr = strtok_r(buf, "/", &saveptr);
1077 struct in6_addr addr;
1078 if (!prefixaddr || inet_pton(AF_INET6, prefixaddr, &addr) < 1) {
1080 interface_update_prefix(NULL, NULL, &ula_prefix->node);
1087 char *prefixlen = strtok_r(NULL, ",", &saveptr);
1088 if (!prefixlen || (length = atoi(prefixlen)) < 1 || length > 64)
1091 if (!ula_prefix || !IN6_ARE_ADDR_EQUAL(&addr, &ula_prefix->addr) ||
1092 ula_prefix->length != length) {
1094 interface_update_prefix(NULL, NULL, &ula_prefix->node);
1096 ula_prefix = interface_ip_add_device_prefix(NULL, &addr, length,
1097 0, 0, NULL, 0, NULL);
1102 interface_add_dns_server(struct interface_ip_settings *ip, const char *str)
1104 struct dns_server *s;
1106 s = calloc(1, sizeof(*s));
1111 if (inet_pton(s->af, str, &s->addr.in))
1115 if (inet_pton(s->af, str, &s->addr.in))
1122 D(INTERFACE, "Add IPv%c DNS server: %s\n",
1123 s->af == AF_INET6 ? '6' : '4', str);
1124 vlist_simple_add(&ip->dns_servers, &s->node);
1128 interface_add_dns_server_list(struct interface_ip_settings *ip, struct blob_attr *list)
1130 struct blob_attr *cur;
1133 blobmsg_for_each_attr(cur, list, rem) {
1134 if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
1137 if (!blobmsg_check_attr(cur, NULL))
1140 interface_add_dns_server(ip, blobmsg_data(cur));
1145 interface_add_dns_search_domain(struct interface_ip_settings *ip, const char *str)
1147 struct dns_search_domain *s;
1148 int len = strlen(str);
1150 s = calloc(1, sizeof(*s) + len + 1);
1154 D(INTERFACE, "Add DNS search domain: %s\n", str);
1155 memcpy(s->name, str, len);
1156 vlist_simple_add(&ip->dns_search, &s->node);
1160 interface_add_dns_search_list(struct interface_ip_settings *ip, struct blob_attr *list)
1162 struct blob_attr *cur;
1165 blobmsg_for_each_attr(cur, list, rem) {
1166 if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
1169 if (!blobmsg_check_attr(cur, NULL))
1172 interface_add_dns_search_domain(ip, blobmsg_data(cur));
1177 write_resolv_conf_entries(FILE *f, struct interface_ip_settings *ip, const char *dev)
1179 struct dns_server *s;
1180 struct dns_search_domain *d;
1182 char buf[INET6_ADDRSTRLEN];
1184 vlist_simple_for_each_element(&ip->dns_servers, s, node) {
1185 str = inet_ntop(s->af, &s->addr, buf, sizeof(buf));
1189 if (s->af == AF_INET6 && IN6_IS_ADDR_LINKLOCAL(&s->addr.in6))
1190 fprintf(f, "nameserver %s%%%s\n", str, dev);
1192 fprintf(f, "nameserver %s\n", str);
1195 vlist_simple_for_each_element(&ip->dns_search, d, node) {
1196 fprintf(f, "search %s\n", d->name);
1200 /* Sorting of interface resolver entries : */
1201 /* Primary on interface dns_metric : lowest metric first */
1202 /* Secondary on interface metric : lowest metric first */
1203 /* Finally alphabetical order of interface names */
1204 static int resolv_conf_iface_cmp(const void *k1, const void *k2, void *ptr)
1206 const struct interface *iface1 = k1, *iface2 = k2;
1208 if (iface1->dns_metric != iface2->dns_metric)
1209 return iface1->dns_metric - iface2->dns_metric;
1211 if (iface1->metric != iface2->metric)
1212 return iface1->metric - iface2->metric;
1214 return strcmp(iface1->name, iface2->name);
1218 __interface_write_dns_entries(FILE *f)
1220 struct interface *iface;
1222 struct avl_node node;
1224 struct avl_tree resolv_conf_iface_entries;
1226 avl_init(&resolv_conf_iface_entries, resolv_conf_iface_cmp, false, NULL);
1228 vlist_for_each_element(&interfaces, iface, node) {
1229 if (iface->state != IFS_UP)
1232 if (vlist_simple_empty(&iface->proto_ip.dns_search) &&
1233 vlist_simple_empty(&iface->proto_ip.dns_servers) &&
1234 vlist_simple_empty(&iface->config_ip.dns_search) &&
1235 vlist_simple_empty(&iface->config_ip.dns_servers))
1238 entry = calloc(1, sizeof(*entry));
1242 entry->node.key = iface;
1243 avl_insert(&resolv_conf_iface_entries, &entry->node);
1246 avl_for_each_element(&resolv_conf_iface_entries, entry, node) {
1247 iface = (struct interface *)entry->node.key;
1249 fprintf(f, "# Interface %s\n", iface->name);
1251 write_resolv_conf_entries(f, &iface->config_ip, iface->ifname);
1253 if (!iface->proto_ip.no_dns)
1254 write_resolv_conf_entries(f, &iface->proto_ip, iface->ifname);
1257 avl_remove_all_elements(&resolv_conf_iface_entries, entry, node, n_entry)
1262 interface_write_resolv_conf(void)
1264 char *path = alloca(strlen(resolv_conf) + 5);
1266 uint32_t crcold, crcnew;
1268 sprintf(path, "%s.tmp", resolv_conf);
1270 f = fopen(path, "w+");
1272 D(INTERFACE, "Failed to open %s for writing\n", path);
1276 __interface_write_dns_entries(f);
1280 crcnew = crc32_file(f);
1283 crcold = crcnew + 1;
1284 f = fopen(resolv_conf, "r");
1286 crcold = crc32_file(f);
1290 if (crcold == crcnew) {
1292 } else if (rename(path, resolv_conf) < 0) {
1293 D(INTERFACE, "Failed to replace %s\n", resolv_conf);
1298 void interface_ip_set_enabled(struct interface_ip_settings *ip, bool enabled)
1300 struct device_addr *addr;
1301 struct device_route *route;
1303 struct interface *iface;
1305 ip->enabled = enabled;
1307 dev = iface->l3_dev.dev;
1311 vlist_for_each_element(&ip->addr, addr, node) {
1312 bool v6 = ((addr->flags & DEVADDR_FAMILY) == DEVADDR_INET6) ? true : false;
1314 if (addr->flags & DEVADDR_EXTERNAL)
1317 if (addr->enabled == enabled)
1321 system_add_address(dev, addr);
1323 addr->policy_table = (v6) ? iface->ip6table : iface->ip4table;
1324 if (iface->metric || addr->policy_table)
1325 interface_handle_subnet_route(iface, addr, true);
1327 if (addr->policy_table)
1328 interface_add_addr_rules(addr, true);
1330 interface_handle_subnet_route(iface, addr, false);
1331 system_del_address(dev, addr);
1333 if (addr->policy_table)
1334 interface_add_addr_rules(addr, false);
1336 addr->enabled = enabled;
1339 vlist_for_each_element(&ip->route, route, node) {
1340 bool _enabled = enabled;
1342 if (route->flags & DEVADDR_EXTERNAL)
1345 if (!enable_route(ip, route))
1348 if (route->enabled == _enabled)
1352 interface_set_route_info(ip->iface, route);
1354 if (system_add_route(dev, route))
1355 route->failed = true;
1357 system_del_route(dev, route);
1358 route->enabled = _enabled;
1361 struct device_prefix *c;
1362 struct device_prefix_assignment *a;
1363 list_for_each_entry(c, &prefixes, head)
1364 list_for_each_entry(a, &c->assignments, head)
1365 if (!strcmp(a->name, ip->iface->name))
1366 interface_set_prefix_address(a, c, ip->iface, enabled);
1368 if (ip->iface && ip->iface->policy_rules_set != enabled &&
1369 ip->iface->l3_dev.dev) {
1370 set_ip_lo_policy(enabled, true, ip->iface);
1371 set_ip_lo_policy(enabled, false, ip->iface);
1373 set_ip_source_policy(enabled, true, IPRULE_PRIORITY_REJECT + ip->iface->l3_dev.dev->ifindex,
1374 NULL, 0, 0, ip->iface, "failed_policy", true);
1375 ip->iface->policy_rules_set = enabled;
1380 interface_ip_update_start(struct interface_ip_settings *ip)
1382 if (ip != &ip->iface->config_ip) {
1383 vlist_simple_update(&ip->dns_servers);
1384 vlist_simple_update(&ip->dns_search);
1386 vlist_update(&ip->route);
1387 vlist_update(&ip->addr);
1388 vlist_update(&ip->prefix);
1392 interface_ip_update_complete(struct interface_ip_settings *ip)
1394 vlist_simple_flush(&ip->dns_servers);
1395 vlist_simple_flush(&ip->dns_search);
1396 vlist_flush(&ip->route);
1397 vlist_flush(&ip->addr);
1398 vlist_flush(&ip->prefix);
1399 interface_write_resolv_conf();
1403 interface_ip_flush(struct interface_ip_settings *ip)
1405 if (ip == &ip->iface->proto_ip)
1406 vlist_flush_all(&ip->iface->host_routes);
1407 vlist_simple_flush_all(&ip->dns_servers);
1408 vlist_simple_flush_all(&ip->dns_search);
1409 vlist_flush_all(&ip->route);
1410 vlist_flush_all(&ip->addr);
1411 vlist_flush_all(&ip->prefix);
1415 __interface_ip_init(struct interface_ip_settings *ip, struct interface *iface)
1419 vlist_simple_init(&ip->dns_search, struct dns_search_domain, node);
1420 vlist_simple_init(&ip->dns_servers, struct dns_server, node);
1421 vlist_init(&ip->route, route_cmp, interface_update_proto_route);
1422 vlist_init(&ip->addr, addr_cmp, interface_update_proto_addr);
1423 vlist_init(&ip->prefix, prefix_cmp, interface_update_prefix);
1427 interface_ip_init(struct interface *iface)
1429 __interface_ip_init(&iface->proto_ip, iface);
1430 __interface_ip_init(&iface->config_ip, iface);
1431 vlist_init(&iface->host_routes, route_cmp, interface_update_host_route);
1435 interface_ip_valid_until_handler(struct uloop_timeout *t)
1437 time_t now = system_get_rtime();
1438 struct interface *iface;
1439 vlist_for_each_element(&interfaces, iface, node) {
1440 if (iface->state != IFS_UP)
1443 struct device_addr *addr, *addrp;
1444 struct device_route *route, *routep;
1445 struct device_prefix *pref, *prefp;
1447 vlist_for_each_element_safe(&iface->proto_ip.addr, addr, node, addrp)
1448 if (addr->valid_until && addr->valid_until < now)
1449 vlist_delete(&iface->proto_ip.addr, &addr->node);
1451 vlist_for_each_element_safe(&iface->proto_ip.route, route, node, routep)
1452 if (route->valid_until && route->valid_until < now)
1453 vlist_delete(&iface->proto_ip.route, &route->node);
1455 vlist_for_each_element_safe(&iface->proto_ip.prefix, pref, node, prefp)
1456 if (pref->valid_until && pref->valid_until < now)
1457 vlist_delete(&iface->proto_ip.prefix, &pref->node);
1461 uloop_timeout_set(t, 1000);
1465 interface_ip_init_worker(void)
1467 valid_until_timeout.cb = interface_ip_valid_until_handler;
1468 uloop_timeout_set(&valid_until_timeout, 1000);
projects / project / netifd.git / blob