networkd: Add support for ipv6 privacy extension

This patch add support for ipv6 privacy extensions. The variable /proc/sys/net/ipv6/conf/<if>/use_tempaddr can be changed via the boolean IPv6PrivacyExtensions=[yes/no/prefer-temporary] When true enables privacy extensions, but prefer public addresses over temporary addresses. prefer-temporary prefers temporary adresses over public addresses. Defaults to false. [Match] Name=enp0s25 [Network] IPv6PrivacyExtensions=prefer-temporary
author: Susant Sahani <susant@redhat.com> 2015-07-05 11:24:31 +0530
committer: Susant Sahani <susant@redhat.com> 2015-07-05 11:24:31 +0530
commit: 49092e22c2893118304bac1b3b706cd88f90590d (patch)
tree: c623efdb72fa1bcd1867a24ecf39a02a255bda70 /src/network/networkd-link.c
parent: 138879ccad87148cc5d805471183789a6ad688c6 (diff)
1 files changed, 39 insertions, 0 deletions
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index dff81a5cf0..f67a19e50b 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -116,6 +116,19 @@ static bool link_ipv6_forward_enabled(Link *link) {
         return link->network->ip_forward & ADDRESS_FAMILY_IPV6;
 }
 
+static bool link_ipv6_privacy_extensions_enabled(Link *link) {
+        if (link->flags & IFF_LOOPBACK)
+                return false;
+
+        if (!link->network)
+                return false;
+
+        if (link->network->ipv6_privacy_extensions == _IPV6_PRIVACY_EXTENSIONS_INVALID)
+                return false;
+
+        return link->network->ipv6_privacy_extensions;
+}
+
 #define FLAG_STRING(string, flag, old, new) \
         (((old ^ new) & flag) \
                 ? ((old & flag) ? (" -" string) : (" +" string)) \
@@ -1506,6 +1519,28 @@ static int link_set_ipv6_forward(Link *link) {
         return 0;
 }
 
+static int link_set_ipv6_privacy_extensions(Link *link) {
+        char buf[2 * DECIMAL_STR_MAX(unsigned) + 1];
+        const char *p = NULL;
+        int r;
+
+        /* Make this a NOP if IPv6 is not available */
+        if (!socket_ipv6_is_supported())
+                return 0;
+
+        if (!link_ipv6_privacy_extensions_enabled(link))
+                return 0;
+
+        p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/use_tempaddr");
+        xsprintf(buf, "%u", link->network->ipv6_privacy_extensions);
+
+        r = write_string_file_no_create(p, buf);
+        if (r < 0)
+                log_link_warning_errno(link, r, "Cannot configure IPv6 privacy extension for interface: %m");
+
+        return 0;
+}
+
 static int link_configure(Link *link) {
         int r;
 
@@ -1525,6 +1560,10 @@ static int link_configure(Link *link) {
         if (r < 0)
                 return r;
 
+        r = link_set_ipv6_privacy_extensions(link);
+        if (r < 0)
+                return r;
+
         if (link_ipv4ll_enabled(link)) {
                 r = ipv4ll_configure(link);
                 if (r < 0)
author	Susant Sahani <susant@redhat.com>	2015-07-05 11:24:31 +0530
committer	Susant Sahani <susant@redhat.com>	2015-07-05 11:24:31 +0530
commit	49092e22c2893118304bac1b3b706cd88f90590d (patch)
tree	c623efdb72fa1bcd1867a24ecf39a02a255bda70 /src/network/networkd-link.c
parent	138879ccad87148cc5d805471183789a6ad688c6 (diff)