diff options
author | Daniel Mack <github@zonque.org> | 2015-07-06 14:44:33 -0400 |
---|---|---|
committer | Daniel Mack <github@zonque.org> | 2015-07-06 14:44:33 -0400 |
commit | 6cefbec8670bd07167d2608f5598afc78f1303a9 (patch) | |
tree | 4139a1be4c0b6c4612db785225f52640026e427c /src | |
parent | f767522a65a03b164f30d6b9f089000ce5bcb730 (diff) | |
parent | 1f0d9695125bf8e66d0e53e37d454755a84899bb (diff) |
Merge pull request #496 from poettering/ipv6-privacy
networkd: various fixes for the IPv6 privacy extensions support
Diffstat (limited to 'src')
-rw-r--r-- | src/network/networkd-link.c | 22 | ||||
-rw-r--r-- | src/network/networkd-network.c | 25 | ||||
-rw-r--r-- | src/network/networkd.h | 5 |
3 files changed, 31 insertions, 21 deletions
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index eb07e12773..5607cf470e 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -116,15 +116,12 @@ static bool link_ipv6_forward_enabled(Link *link) { return link->network->ip_forward & ADDRESS_FAMILY_IPV6; } -static bool link_ipv6_privacy_extensions_enabled(Link *link) { +static IPv6PrivacyExtensions link_ipv6_privacy_extensions(Link *link) { if (link->flags & IFF_LOOPBACK) - return false; + return _IPV6_PRIVACY_EXTENSIONS_INVALID; if (!link->network) - return false; - - if (link->network->ipv6_privacy_extensions == _IPV6_PRIVACY_EXTENSIONS_INVALID) - return false; + return _IPV6_PRIVACY_EXTENSIONS_INVALID; return link->network->ipv6_privacy_extensions; } @@ -1540,7 +1537,8 @@ static int link_set_ipv6_forward(Link *link) { } static int link_set_ipv6_privacy_extensions(Link *link) { - char buf[2 * DECIMAL_STR_MAX(unsigned) + 1]; + char buf[DECIMAL_STR_MAX(unsigned) + 1]; + IPv6PrivacyExtensions s; const char *p = NULL; int r; @@ -1548,15 +1546,21 @@ static int link_set_ipv6_privacy_extensions(Link *link) { if (!socket_ipv6_is_supported()) return 0; - if (!link_ipv6_privacy_extensions_enabled(link)) + s = link_ipv6_privacy_extensions(link); + if (s == _IPV6_PRIVACY_EXTENSIONS_INVALID) return 0; p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/use_tempaddr"); xsprintf(buf, "%u", link->network->ipv6_privacy_extensions); r = write_string_file_no_create(p, buf); - if (r < 0) + if (r < 0) { + /* If the right value is set anyway, don't complain */ + if (verify_one_line_file(p, buf) > 0) + return 0; + log_link_warning_errno(link, r, "Cannot configure IPv6 privacy extension for interface: %m"); + } return 0; } diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index ddf03e67f9..a8e9ef909c 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -111,7 +111,7 @@ static int network_load_one(Manager *manager, const char *filename) { network->link_local = ADDRESS_FAMILY_IPV6; - network->ipv6_privacy_extensions = _IPV6_PRIVACY_EXTENSIONS_INVALID; + network->ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO; r = config_parse(NULL, filename, file, "Match\0" @@ -755,9 +755,9 @@ int config_parse_address_family_boolean_with_kernel( } static const char* const ipv6_privacy_extensions_table[_IPV6_PRIVACY_EXTENSIONS_MAX] = { - [IPV6_PRIVACY_EXTENSIONS_DISABLE] = "no", - [IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC] = "yes", - [IPV6_PRIVACY_EXTENSIONS_PREFER_TEMPORARY] = "prefer-temporary", + [IPV6_PRIVACY_EXTENSIONS_NO] = "no", + [IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC] = "prefer-public", + [IPV6_PRIVACY_EXTENSIONS_YES] = "yes", }; DEFINE_STRING_TABLE_LOOKUP(ipv6_privacy_extensions, IPv6PrivacyExtensions); @@ -787,16 +787,21 @@ int config_parse_ipv6_privacy_extensions( k = parse_boolean(rvalue); if (k > 0) - *ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC; + *ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_YES; else if (k == 0) - *ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_DISABLE; + *ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO; else { - IPv6PrivacyExtensions s; + IPv6PrivacyExtensions s; s = ipv6_privacy_extensions_from_string(rvalue); - if (s < 0){ - log_syntax(unit, LOG_ERR, filename, line, -s, "Failed to parse IPv6 privacy extensions option, ignoring: %s", rvalue); - return 0; + if (s < 0) { + + if (streq(rvalue, "kernel")) + s = _IPV6_PRIVACY_EXTENSIONS_INVALID; + else { + log_syntax(unit, LOG_ERR, filename, line, s, "Failed to parse IPv6 privacy extensions option, ignoring: %s", rvalue); + return 0; + } } *ipv6_privacy_extensions = s; diff --git a/src/network/networkd.h b/src/network/networkd.h index cd5c020533..f98c640822 100644 --- a/src/network/networkd.h +++ b/src/network/networkd.h @@ -91,9 +91,10 @@ typedef enum DCHPClientIdentifier { } DCHPClientIdentifier; typedef enum IPv6PrivacyExtensions { - IPV6_PRIVACY_EXTENSIONS_DISABLE, + /* The values map to the kernel's /proc/sys/net/ipv6/conf/xxx/use_tempaddr values */ + IPV6_PRIVACY_EXTENSIONS_NO, IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC, - IPV6_PRIVACY_EXTENSIONS_PREFER_TEMPORARY, + IPV6_PRIVACY_EXTENSIONS_YES, /* aka prefer-temporary */ _IPV6_PRIVACY_EXTENSIONS_MAX, _IPV6_PRIVACY_EXTENSIONS_INVALID = -1, } IPv6PrivacyExtensions; |