From 49092e22c2893118304bac1b3b706cd88f90590d Mon Sep 17 00:00:00 2001
From: Susant Sahani <susant@redhat.com>
Date: Sun, 5 Jul 2015 11:24:31 +0530
Subject: networkd: Add support for ipv6 privacy extension

This patch add support for ipv6 privacy extensions.

The variable  /proc/sys/net/ipv6/conf/<if>/use_tempaddr

can be changed via the boolean

IPv6PrivacyExtensions=[yes/no/prefer-temporary]

When true enables privacy extensions, but prefer public addresses over
temporary addresses.
prefer-temporary  prefers temporary adresses over public addresses.
Defaults to false.

[Match]
Name=enp0s25

[Network]
IPv6PrivacyExtensions=prefer-temporary
---
 src/network/networkd-network.c | 53 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

(limited to 'src/network/networkd-network.c')

diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index ec95c8661e..ddf03e67f9 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -111,6 +111,8 @@ static int network_load_one(Manager *manager, const char *filename) {
 
         network->link_local = ADDRESS_FAMILY_IPV6;
 
+        network->ipv6_privacy_extensions = _IPV6_PRIVACY_EXTENSIONS_INVALID;
+
         r = config_parse(NULL, filename, file,
                          "Match\0"
                          "Link\0"
@@ -751,3 +753,54 @@ int config_parse_address_family_boolean_with_kernel(
 
         return 0;
 }
+
+static const char* const ipv6_privacy_extensions_table[_IPV6_PRIVACY_EXTENSIONS_MAX] = {
+        [IPV6_PRIVACY_EXTENSIONS_DISABLE] = "no",
+        [IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC] = "yes",
+        [IPV6_PRIVACY_EXTENSIONS_PREFER_TEMPORARY] = "prefer-temporary",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(ipv6_privacy_extensions, IPv6PrivacyExtensions);
+
+int config_parse_ipv6_privacy_extensions(
+                const char* unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        IPv6PrivacyExtensions *ipv6_privacy_extensions = data;
+        int k;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(ipv6_privacy_extensions);
+
+        /* Our enum shall be a superset of booleans, hence first try
+         * to parse as boolean, and then as enum */
+
+        k = parse_boolean(rvalue);
+        if (k > 0)
+                *ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC;
+        else if (k == 0)
+                *ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_DISABLE;
+        else {
+               IPv6PrivacyExtensions s;
+
+                s = ipv6_privacy_extensions_from_string(rvalue);
+                if (s < 0){
+                        log_syntax(unit, LOG_ERR, filename, line, -s, "Failed to parse IPv6 privacy extensions option, ignoring: %s", rvalue);
+                        return 0;
+                }
+
+                *ipv6_privacy_extensions = s;
+        }
+
+        return 0;
+}
-- 
cgit v1.2.3-54-g00ecf