Merge pull request #31177 from yuwata/network-ndisc-on-link-zero

network/ndisc: drop onlink prefix route when on-link flag is zero
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2024-02-09 06:03:32 +0100
committer: GitHub <noreply@github.com> 2024-02-09 06:03:32 +0100
commit: bbcd088031ba3e6836c5a8324559e8337bacce16 (patch)
tree: 04bff1bae891299075a5b673e827c0edac3ddc0f /src
parent: detect-virt: fix Google Compute Engine support (diff)
parent: network/ndisc: drop onlink prefix route when on-link flag is zero (diff)
download: systemd-bbcd088031ba3e6836c5a8324559e8337bacce16.tar.xz
systemd-bbcd088031ba3e6836c5a8324559e8337bacce16.zip
1 files changed, 69 insertions, 5 deletions
diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
index 50ee376223..f5621e219b 100644
--- a/src/network/networkd-ndisc.c
+++ b/src/network/networkd-ndisc.c
@@ -522,7 +522,7 @@ static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
         /* Prefix Information option does not have preference, hence we use the 'main' preference here */
         r = sd_ndisc_router_get_preference(rt, &preference);
         if (r < 0)
-                log_link_warning_errno(link, r, "Failed to get default router preference from RA: %m");
+                return log_link_warning_errno(link, r, "Failed to get router preference from RA: %m");
 
         r = route_new(&route);
         if (r < 0)
@@ -541,6 +541,69 @@ static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
         return 0;
 }
 
+static int ndisc_router_drop_onlink_prefix(Link *link, sd_ndisc_router *rt) {
+        _cleanup_(route_unrefp) Route *route = NULL;
+        unsigned prefixlen, preference;
+        struct in6_addr prefix;
+        usec_t lifetime_usec;
+        int r;
+
+        assert(link);
+        assert(link->network);
+        assert(rt);
+
+        /* RFC 4861 section 6.3.4.
+         * Note, however, that a Prefix Information option with the on-link flag set to zero conveys no
+         * information concerning on-link determination and MUST NOT be interpreted to mean that addresses
+         * covered by the prefix are off-link. The only way to cancel a previous on-link indication is to
+         * advertise that prefix with the L-bit set and the Lifetime set to zero. */
+
+        if (!link->network->ipv6_accept_ra_use_onlink_prefix)
+                return 0;
+
+        r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_usec);
+        if (r < 0)
+                return log_link_warning_errno(link, r, "Failed to get prefix lifetime: %m");
+
+        if (lifetime_usec != 0)
+                return 0;
+
+        r = sd_ndisc_router_prefix_get_address(rt, &prefix);
+        if (r < 0)
+                return log_link_warning_errno(link, r, "Failed to get prefix address: %m");
+
+        r = sd_ndisc_router_prefix_get_prefixlen(rt, &prefixlen);
+        if (r < 0)
+                return log_link_warning_errno(link, r, "Failed to get prefix length: %m");
+
+        /* Prefix Information option does not have preference, hence we use the 'main' preference here */
+        r = sd_ndisc_router_get_preference(rt, &preference);
+        if (r < 0)
+                return log_link_warning_errno(link, r, "Failed to get router preference from RA: %m");
+
+        r = route_new(&route);
+        if (r < 0)
+                return log_oom();
+
+        route->family = AF_INET6;
+        route->dst.in6 = prefix;
+        route->dst_prefixlen = prefixlen;
+        route->table = link_get_ipv6_accept_ra_route_table(link);
+        route->pref = preference;
+        ndisc_set_route_priority(link, route);
+        route->protocol = RTPROT_RA;
+
+        r = route_adjust_nexthops(route, link);
+        if (r < 0)
+                return r;
+
+        r = route_remove_and_cancel(route, link->manager);
+        if (r < 0)
+                return log_link_warning_errno(link, r, "Could not remove prefix route: %m");
+
+        return 0;
+}
+
 static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt) {
         unsigned prefixlen;
         struct in6_addr a;
@@ -580,11 +643,12 @@ static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt) {
         if (r < 0)
                 return log_link_warning_errno(link, r, "Failed to get RA prefix flags: %m");
 
-        if (FLAGS_SET(flags, ND_OPT_PI_FLAG_ONLINK)) {
+        if (FLAGS_SET(flags, ND_OPT_PI_FLAG_ONLINK))
                 r = ndisc_router_process_onlink_prefix(link, rt);
-                if (r < 0)
-                        return r;
-        }
+        else
+                r = ndisc_router_drop_onlink_prefix(link, rt);
+        if (r < 0)
+                return r;
 
         if (FLAGS_SET(flags, ND_OPT_PI_FLAG_AUTO)) {
                 r = ndisc_router_process_autonomous_prefix(link, rt);
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2024-02-09 06:03:32 +0100
committer	GitHub <noreply@github.com>	2024-02-09 06:03:32 +0100
commit	bbcd088031ba3e6836c5a8324559e8337bacce16 (patch)
tree	04bff1bae891299075a5b673e827c0edac3ddc0f /src
parent	detect-virt: fix Google Compute Engine support (diff)
parent	network/ndisc: drop onlink prefix route when on-link flag is zero (diff)
download	systemd-bbcd088031ba3e6836c5a8324559e8337bacce16.tar.xz systemd-bbcd088031ba3e6836c5a8324559e8337bacce16.zip