summaryrefslogtreecommitdiffstats
path: root/src/network/networkd-setlink.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/network/networkd-setlink.c1299
1 files changed, 1299 insertions, 0 deletions
diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c
new file mode 100644
index 0000000..0886ee9
--- /dev/null
+++ b/src/network/networkd-setlink.c
@@ -0,0 +1,1299 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <netinet/in.h>
+#include <linux/if.h>
+#include <linux/if_arp.h>
+#include <linux/if_bridge.h>
+
+#include "missing_network.h"
+#include "netif-util.h"
+#include "netlink-util.h"
+#include "networkd-address.h"
+#include "networkd-can.h"
+#include "networkd-link.h"
+#include "networkd-manager.h"
+#include "networkd-queue.h"
+#include "networkd-setlink.h"
+#include "networkd-sriov.h"
+#include "networkd-wiphy.h"
+
+static int get_link_default_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
+ return link_getlink_handler_internal(rtnl, m, link, "Failed to sync link information");
+}
+
+static int get_link_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
+ if (get_link_default_handler(rtnl, m, link) > 0)
+ link->master_set = true;
+ return 0;
+}
+
+static int get_link_update_flag_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
+ assert(link);
+ assert(link->set_flags_messages > 0);
+
+ link->set_flags_messages--;
+
+ return get_link_default_handler(rtnl, m, link);
+}
+
+static int set_link_handler_internal(
+ sd_netlink *rtnl,
+ sd_netlink_message *m,
+ Request *req,
+ Link *link,
+ bool ignore,
+ link_netlink_message_handler_t get_link_handler) {
+
+ int r;
+
+ assert(m);
+ assert(req);
+ assert(link);
+
+ r = sd_netlink_message_get_errno(m);
+ if (r < 0) {
+ const char *error_msg;
+
+ error_msg = strjoina("Failed to set ", request_type_to_string(req->type), ignore ? ", ignoring" : "");
+ log_link_message_warning_errno(link, m, r, error_msg);
+
+ if (!ignore)
+ link_enter_failed(link);
+ return 0;
+ }
+
+ log_link_debug(link, "%s set.", request_type_to_string(req->type));
+
+ if (get_link_handler) {
+ r = link_call_getlink(link, get_link_handler);
+ if (r < 0) {
+ link_enter_failed(link);
+ return 0;
+ }
+ }
+
+ if (link->set_link_messages == 0)
+ link_check_ready(link);
+
+ return 1;
+}
+
+static int link_set_addrgen_mode_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ int r;
+
+ r = set_link_handler_internal(rtnl, m, req, link, /* ignore = */ true, NULL);
+ if (r <= 0)
+ return r;
+
+ r = link_drop_ipv6ll_addresses(link);
+ if (r < 0) {
+ log_link_warning_errno(link, r, "Failed to drop IPv6LL addresses: %m");
+ link_enter_failed(link);
+ }
+
+ return 0;
+}
+
+static int link_set_bond_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ return set_link_handler_internal(rtnl, m, req, link, /* ignore = */ false, NULL);
+}
+
+static int link_set_bridge_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ return set_link_handler_internal(rtnl, m, req, link, /* ignore = */ true, NULL);
+}
+
+static int link_set_bridge_vlan_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ return set_link_handler_internal(rtnl, m, req, link, /* ignore = */ false, NULL);
+}
+
+static int link_set_can_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ return set_link_handler_internal(rtnl, m, req, link, /* ignore = */ false, NULL);
+}
+
+static int link_set_flags_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ return set_link_handler_internal(rtnl, m, req, link, /* ignore = */ false, get_link_default_handler);
+}
+
+static int link_set_group_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ return set_link_handler_internal(rtnl, m, req, link, /* ignore = */ false, NULL);
+}
+
+static int link_set_ipoib_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ return set_link_handler_internal(rtnl, m, req, link, /* ignore = */ true, NULL);
+}
+
+static int link_set_mac_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ return set_link_handler_internal(rtnl, m, req, link, /* ignore = */ true, get_link_default_handler);
+}
+
+static int link_set_mac_allow_retry_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ int r;
+
+ assert(m);
+ assert(link);
+
+ r = sd_netlink_message_get_errno(m);
+ if (r == -EBUSY) {
+ /* Most real network devices refuse to set its hardware address with -EBUSY when its
+ * operstate is not down. See, eth_prepare_mac_addr_change() in net/ethernet/eth.c
+ * of kernel. */
+
+ log_link_message_debug_errno(link, m, r, "Failed to set MAC address, retrying again: %m");
+
+ r = link_request_to_set_mac(link, /* allow_retry = */ false);
+ if (r < 0)
+ link_enter_failed(link);
+
+ return 0;
+ }
+
+ return link_set_mac_handler(rtnl, m, req, link, userdata);
+}
+
+static int link_set_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ return set_link_handler_internal(rtnl, m, req, link, /* ignore = */ false, get_link_master_handler);
+}
+
+static int link_unset_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ /* Some devices do not support setting master ifindex. Let's ignore error on unsetting master ifindex. */
+ return set_link_handler_internal(rtnl, m, req, link, /* ignore = */ true, get_link_master_handler);
+}
+
+static int link_set_mtu_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ int r;
+
+ r = set_link_handler_internal(rtnl, m, req, link, /* ignore = */ true, get_link_default_handler);
+ if (r <= 0)
+ return r;
+
+ /* The kernel resets ipv6 mtu after changing device mtu;
+ * we must set this here, after we've set device mtu */
+ r = link_set_ipv6_mtu(link);
+ if (r < 0)
+ log_link_warning_errno(link, r, "Failed to set IPv6 MTU, ignoring: %m");
+
+ return 0;
+}
+
+static int link_configure_fill_message(
+ Link *link,
+ sd_netlink_message *req,
+ RequestType type,
+ void *userdata) {
+ int r;
+
+ switch (type) {
+ case REQUEST_TYPE_SET_LINK_ADDRESS_GENERATION_MODE:
+ r = ipv6ll_addrgen_mode_fill_message(req, PTR_TO_UINT8(userdata));
+ if (r < 0)
+ return r;
+ break;
+ case REQUEST_TYPE_SET_LINK_BOND:
+ r = sd_netlink_message_set_flags(req, NLM_F_REQUEST | NLM_F_ACK);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_open_container(req, IFLA_LINKINFO);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_open_container_union(req, IFLA_INFO_DATA, "bond");
+ if (r < 0)
+ return r;
+
+ if (link->network->active_slave) {
+ r = sd_netlink_message_append_u32(req, IFLA_BOND_ACTIVE_SLAVE, link->ifindex);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->primary_slave) {
+ r = sd_netlink_message_append_u32(req, IFLA_BOND_PRIMARY, link->ifindex);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_netlink_message_close_container(req);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_close_container(req);
+ if (r < 0)
+ return r;
+
+ break;
+ case REQUEST_TYPE_SET_LINK_BRIDGE:
+ r = sd_rtnl_message_link_set_family(req, AF_BRIDGE);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_open_container(req, IFLA_PROTINFO);
+ if (r < 0)
+ return r;
+
+ if (link->network->use_bpdu >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_GUARD, !link->network->use_bpdu);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->hairpin >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_MODE, link->network->hairpin);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->isolated >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_ISOLATED, link->network->isolated);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->fast_leave >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_FAST_LEAVE, link->network->fast_leave);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->allow_port_to_be_root >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_PROTECT, !link->network->allow_port_to_be_root);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->unicast_flood >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_UNICAST_FLOOD, link->network->unicast_flood);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->multicast_flood >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_MCAST_FLOOD, link->network->multicast_flood);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->multicast_to_unicast >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_MCAST_TO_UCAST, link->network->multicast_to_unicast);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->neighbor_suppression >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_NEIGH_SUPPRESS, link->network->neighbor_suppression);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->learning >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_LEARNING, link->network->learning);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->bridge_proxy_arp >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_PROXYARP, link->network->bridge_proxy_arp);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->bridge_proxy_arp_wifi >= 0) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_PROXYARP_WIFI, link->network->bridge_proxy_arp_wifi);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->cost != 0) {
+ r = sd_netlink_message_append_u32(req, IFLA_BRPORT_COST, link->network->cost);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->priority != LINK_BRIDGE_PORT_PRIORITY_INVALID) {
+ r = sd_netlink_message_append_u16(req, IFLA_BRPORT_PRIORITY, link->network->priority);
+ if (r < 0)
+ return r;
+ }
+
+ if (link->network->multicast_router != _MULTICAST_ROUTER_INVALID) {
+ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_MULTICAST_ROUTER, link->network->multicast_router);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_netlink_message_close_container(req);
+ if (r < 0)
+ return r;
+ break;
+ case REQUEST_TYPE_SET_LINK_BRIDGE_VLAN:
+ r = sd_rtnl_message_link_set_family(req, AF_BRIDGE);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_open_container(req, IFLA_AF_SPEC);
+ if (r < 0)
+ return r;
+
+ if (link->master_ifindex <= 0) {
+ /* master needs BRIDGE_FLAGS_SELF flag */
+ r = sd_netlink_message_append_u16(req, IFLA_BRIDGE_FLAGS, BRIDGE_FLAGS_SELF);
+ if (r < 0)
+ return r;
+ }
+
+ r = bridge_vlan_append_info(link, req, link->network->pvid, link->network->br_vid_bitmap, link->network->br_untagged_bitmap);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_close_container(req);
+ if (r < 0)
+ return r;
+
+ break;
+ case REQUEST_TYPE_SET_LINK_CAN:
+ r = can_set_netlink_message(link, req);
+ if (r < 0)
+ return r;
+ break;
+ case REQUEST_TYPE_SET_LINK_FLAGS: {
+ unsigned ifi_change = 0, ifi_flags = 0;
+
+ if (link->network->arp >= 0) {
+ ifi_change |= IFF_NOARP;
+ SET_FLAG(ifi_flags, IFF_NOARP, link->network->arp == 0);
+ }
+
+ if (link->network->multicast >= 0) {
+ ifi_change |= IFF_MULTICAST;
+ SET_FLAG(ifi_flags, IFF_MULTICAST, link->network->multicast);
+ }
+
+ if (link->network->allmulticast >= 0) {
+ ifi_change |= IFF_ALLMULTI;
+ SET_FLAG(ifi_flags, IFF_ALLMULTI, link->network->allmulticast);
+ }
+
+ if (link->network->promiscuous >= 0) {
+ ifi_change |= IFF_PROMISC;
+ SET_FLAG(ifi_flags, IFF_PROMISC, link->network->promiscuous);
+ }
+
+ r = sd_rtnl_message_link_set_flags(req, ifi_flags, ifi_change);
+ if (r < 0)
+ return r;
+
+ break;
+ }
+ case REQUEST_TYPE_SET_LINK_GROUP:
+ r = sd_netlink_message_append_u32(req, IFLA_GROUP, (uint32_t) link->network->group);
+ if (r < 0)
+ return r;
+ break;
+ case REQUEST_TYPE_SET_LINK_MAC:
+ r = netlink_message_append_hw_addr(req, IFLA_ADDRESS, &link->requested_hw_addr);
+ if (r < 0)
+ return r;
+ break;
+ case REQUEST_TYPE_SET_LINK_IPOIB:
+ r = ipoib_set_netlink_message(link, req);
+ if (r < 0)
+ return r;
+ break;
+ case REQUEST_TYPE_SET_LINK_MASTER:
+ r = sd_netlink_message_append_u32(req, IFLA_MASTER, PTR_TO_UINT32(userdata));
+ if (r < 0)
+ return r;
+ break;
+ case REQUEST_TYPE_SET_LINK_MTU:
+ r = sd_netlink_message_append_u32(req, IFLA_MTU, PTR_TO_UINT32(userdata));
+ if (r < 0)
+ return r;
+ break;
+ default:
+ assert_not_reached();
+ }
+
+ return 0;
+}
+
+static int link_configure(Link *link, Request *req) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+ int r;
+
+ assert(link);
+ assert(link->manager);
+ assert(req);
+
+ log_link_debug(link, "Setting %s", request_type_to_string(req->type));
+
+ if (req->type == REQUEST_TYPE_SET_LINK_BOND)
+ r = sd_rtnl_message_new_link(link->manager->rtnl, &m, RTM_NEWLINK, link->master_ifindex);
+ else if (IN_SET(req->type, REQUEST_TYPE_SET_LINK_CAN, REQUEST_TYPE_SET_LINK_IPOIB))
+ r = sd_rtnl_message_new_link(link->manager->rtnl, &m, RTM_NEWLINK, link->ifindex);
+ else
+ r = sd_rtnl_message_new_link(link->manager->rtnl, &m, RTM_SETLINK, link->ifindex);
+ if (r < 0)
+ return r;
+
+ r = link_configure_fill_message(link, m, req->type, req->userdata);
+ if (r < 0)
+ return r;
+
+ return request_call_netlink_async(link->manager->rtnl, m, req);
+}
+
+static bool netdev_is_ready(NetDev *netdev) {
+ assert(netdev);
+
+ if (netdev->state != NETDEV_STATE_READY)
+ return false;
+ if (netdev->ifindex == 0)
+ return false;
+
+ return true;
+}
+
+static int link_is_ready_to_set_link(Link *link, Request *req) {
+ int r;
+
+ assert(link);
+ assert(link->manager);
+ assert(link->network);
+ assert(req);
+
+ if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED))
+ return false;
+
+ switch (req->type) {
+ case REQUEST_TYPE_SET_LINK_BOND:
+ case REQUEST_TYPE_SET_LINK_BRIDGE:
+ if (!link->master_set)
+ return false;
+
+ if (link->network->keep_master && link->master_ifindex <= 0)
+ return false;
+ break;
+
+ case REQUEST_TYPE_SET_LINK_BRIDGE_VLAN:
+ if (!link->master_set)
+ return false;
+
+ if (link->network->keep_master && link->master_ifindex <= 0 && !streq_ptr(link->kind, "bridge"))
+ return false;
+
+ break;
+
+ case REQUEST_TYPE_SET_LINK_CAN:
+ /* Do not check link->set_flgas_messages here, as it is ok even if link->flags
+ * is outdated, and checking the counter causes a deadlock. */
+ if (FLAGS_SET(link->flags, IFF_UP)) {
+ /* The CAN interface must be down to configure bitrate, etc... */
+ r = link_down_now(link);
+ if (r < 0)
+ return r;
+ }
+ break;
+
+ case REQUEST_TYPE_SET_LINK_MAC:
+ if (req->netlink_handler == link_set_mac_handler) {
+ /* This is the second attempt to set hardware address. On the first attempt
+ * req->netlink_handler points to link_set_mac_allow_retry_handler().
+ * The first attempt failed as the interface was up. */
+ r = link_down_now(link);
+ if (r < 0)
+ return r;
+
+ /* If the kind of the link is "bond", we need
+ * set the slave link down as well. */
+ if (streq_ptr(link->kind, "bond")) {
+ r = link_down_slave_links(link);
+ if (r < 0)
+ return r;
+ }
+ }
+ break;
+
+ case REQUEST_TYPE_SET_LINK_MASTER: {
+ uint32_t m = 0;
+ Request req_mac = {
+ .link = link,
+ .type = REQUEST_TYPE_SET_LINK_MAC,
+ };
+
+ if (link->network->batadv) {
+ if (!netdev_is_ready(link->network->batadv))
+ return false;
+ m = link->network->batadv->ifindex;
+ } else if (link->network->bond) {
+ if (ordered_set_contains(link->manager->request_queue, &req_mac))
+ return false;
+ if (!netdev_is_ready(link->network->bond))
+ return false;
+ m = link->network->bond->ifindex;
+
+ /* Do not check link->set_flgas_messages here, as it is ok even if link->flags
+ * is outdated, and checking the counter causes a deadlock. */
+ if (FLAGS_SET(link->flags, IFF_UP)) {
+ /* link must be down when joining to bond master. */
+ r = link_down_now(link);
+ if (r < 0)
+ return r;
+ }
+ } else if (link->network->bridge) {
+ if (ordered_set_contains(link->manager->request_queue, &req_mac))
+ return false;
+ if (!netdev_is_ready(link->network->bridge))
+ return false;
+ m = link->network->bridge->ifindex;
+ } else if (link->network->vrf) {
+ if (!netdev_is_ready(link->network->vrf))
+ return false;
+ m = link->network->vrf->ifindex;
+ }
+
+ req->userdata = UINT32_TO_PTR(m);
+ break;
+ }
+ case REQUEST_TYPE_SET_LINK_MTU: {
+ if (ordered_set_contains(link->manager->request_queue,
+ &(const Request) {
+ .link = link,
+ .type = REQUEST_TYPE_SET_LINK_IPOIB,
+ }))
+ return false;
+
+ /* Changing FD mode may affect MTU. */
+ if (ordered_set_contains(link->manager->request_queue,
+ &(const Request) {
+ .link = link,
+ .type = REQUEST_TYPE_SET_LINK_CAN,
+ }))
+ return false;
+ }
+ default:
+ break;
+ }
+
+ return true;
+}
+
+static int link_process_set_link(Request *req, Link *link, void *userdata) {
+ int r;
+
+ assert(req);
+ assert(link);
+
+ r = link_is_ready_to_set_link(link, req);
+ if (r <= 0)
+ return r;
+
+ r = link_configure(link, req);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Failed to set %s", request_type_to_string(req->type));
+
+ return 1;
+}
+
+static int link_request_set_link(
+ Link *link,
+ RequestType type,
+ request_netlink_handler_t netlink_handler,
+ Request **ret) {
+
+ Request *req;
+ int r;
+
+ assert(link);
+
+ r = link_queue_request_full(link, type, NULL, NULL, NULL, NULL,
+ link_process_set_link,
+ &link->set_link_messages,
+ netlink_handler,
+ &req);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Failed to request to set %s: %m",
+ request_type_to_string(type));
+
+ log_link_debug(link, "Requested to set %s", request_type_to_string(type));
+
+ if (ret)
+ *ret = req;
+ return 0;
+}
+
+int link_request_to_set_addrgen_mode(Link *link) {
+ IPv6LinkLocalAddressGenMode mode;
+ Request *req;
+ int r;
+
+ assert(link);
+ assert(link->network);
+
+ if (!socket_ipv6_is_supported())
+ return 0;
+
+ mode = link_get_ipv6ll_addrgen_mode(link);
+
+ if (mode == link->ipv6ll_address_gen_mode)
+ return 0;
+
+ /* If the link is already up, then changing the mode by netlink does not take effect until the
+ * link goes down. Hence, we need to reset the interface. However, setting the mode by sysctl
+ * does not need that. Let's use the sysctl interface when the link is already up.
+ * See also issue #22424. */
+ if (mode != IPV6_LINK_LOCAL_ADDRESSS_GEN_MODE_NONE &&
+ FLAGS_SET(link->flags, IFF_UP)) {
+ r = link_set_ipv6ll_addrgen_mode(link, mode);
+ if (r < 0)
+ log_link_warning_errno(link, r, "Cannot set IPv6 address generation mode, ignoring: %m");
+
+ return 0;
+ }
+
+ r = link_request_set_link(link, REQUEST_TYPE_SET_LINK_ADDRESS_GENERATION_MODE,
+ link_set_addrgen_mode_handler,
+ &req);
+ if (r < 0)
+ return r;
+
+ req->userdata = UINT8_TO_PTR(mode);
+ return 0;
+}
+
+int link_request_to_set_bond(Link *link) {
+ assert(link);
+ assert(link->network);
+
+ if (!link->network->bond) {
+ Link *master;
+
+ if (!link->network->keep_master)
+ return 0;
+
+ if (link_get_master(link, &master) < 0)
+ return 0;
+
+ if (!streq_ptr(master->kind, "bond"))
+ return 0;
+ }
+
+ return link_request_set_link(link, REQUEST_TYPE_SET_LINK_BOND,
+ link_set_bond_handler, NULL);
+}
+
+int link_request_to_set_bridge(Link *link) {
+ assert(link);
+ assert(link->network);
+
+ if (!link->network->bridge) {
+ Link *master;
+
+ if (!link->network->keep_master)
+ return 0;
+
+ if (link_get_master(link, &master) < 0)
+ return 0;
+
+ if (!streq_ptr(master->kind, "bridge"))
+ return 0;
+ }
+
+ return link_request_set_link(link, REQUEST_TYPE_SET_LINK_BRIDGE,
+ link_set_bridge_handler,
+ NULL);
+}
+
+int link_request_to_set_bridge_vlan(Link *link) {
+ assert(link);
+ assert(link->network);
+
+ if (!link->network->use_br_vlan)
+ return 0;
+
+ if (!link->network->bridge && !streq_ptr(link->kind, "bridge")) {
+ Link *master;
+
+ if (!link->network->keep_master)
+ return 0;
+
+ if (link_get_master(link, &master) < 0)
+ return 0;
+
+ if (!streq_ptr(master->kind, "bridge"))
+ return 0;
+ }
+
+ return link_request_set_link(link, REQUEST_TYPE_SET_LINK_BRIDGE_VLAN,
+ link_set_bridge_vlan_handler,
+ NULL);
+}
+
+int link_request_to_set_can(Link *link) {
+ assert(link);
+ assert(link->network);
+
+ if (link->iftype != ARPHRD_CAN)
+ return 0;
+
+ if (!streq_ptr(link->kind, "can"))
+ return 0;
+
+ return link_request_set_link(link, REQUEST_TYPE_SET_LINK_CAN,
+ link_set_can_handler,
+ NULL);
+}
+
+int link_request_to_set_flags(Link *link) {
+ assert(link);
+ assert(link->network);
+
+ if (link->network->arp < 0 &&
+ link->network->multicast < 0 &&
+ link->network->allmulticast < 0 &&
+ link->network->promiscuous < 0)
+ return 0;
+
+ return link_request_set_link(link, REQUEST_TYPE_SET_LINK_FLAGS,
+ link_set_flags_handler,
+ NULL);
+}
+
+int link_request_to_set_group(Link *link) {
+ assert(link);
+ assert(link->network);
+
+ if (link->network->group < 0)
+ return 0;
+
+ return link_request_set_link(link, REQUEST_TYPE_SET_LINK_GROUP,
+ link_set_group_handler,
+ NULL);
+}
+
+int link_request_to_set_mac(Link *link, bool allow_retry) {
+ int r;
+
+ assert(link);
+ assert(link->network);
+
+ if (link->network->hw_addr.length == 0)
+ return 0;
+
+ link->requested_hw_addr = link->network->hw_addr;
+ r = net_verify_hardware_address(link->ifname, /* is_static = */ true,
+ link->iftype, &link->hw_addr, &link->requested_hw_addr);
+ if (r < 0)
+ return r;
+
+ if (hw_addr_equal(&link->hw_addr, &link->requested_hw_addr))
+ return 0;
+
+ return link_request_set_link(link, REQUEST_TYPE_SET_LINK_MAC,
+ allow_retry ? link_set_mac_allow_retry_handler : link_set_mac_handler,
+ NULL);
+}
+
+int link_request_to_set_ipoib(Link *link) {
+ assert(link);
+ assert(link->network);
+
+ if (link->iftype != ARPHRD_INFINIBAND)
+ return 0;
+
+ if (link->network->ipoib_mode < 0 &&
+ link->network->ipoib_umcast < 0)
+ return 0;
+
+ return link_request_set_link(link, REQUEST_TYPE_SET_LINK_IPOIB,
+ link_set_ipoib_handler,
+ NULL);
+}
+
+int link_request_to_set_master(Link *link) {
+ assert(link);
+ assert(link->network);
+
+ if (link->network->keep_master) {
+ /* When KeepMaster=yes, BatmanAdvanced=, Bond=, Bridge=, and VRF= are ignored. */
+ link->master_set = true;
+ return 0;
+
+ } else if (link->network->batadv || link->network->bond || link->network->bridge || link->network->vrf) {
+ link->master_set = false;
+ return link_request_set_link(link, REQUEST_TYPE_SET_LINK_MASTER,
+ link_set_master_handler,
+ NULL);
+
+ } else if (link->master_ifindex != 0) {
+ /* Unset master only when it is set. */
+ link->master_set = false;
+ return link_request_set_link(link, REQUEST_TYPE_SET_LINK_MASTER,
+ link_unset_master_handler,
+ NULL);
+
+ } else {
+ /* Nothing we need to do. */
+ link->master_set = true;
+ return 0;
+ }
+}
+
+int link_request_to_set_mtu(Link *link, uint32_t mtu) {
+ const char *origin;
+ uint32_t min_mtu, max_mtu;
+ Request *req;
+ int r;
+
+ assert(link);
+ assert(link->network);
+
+ min_mtu = link->min_mtu;
+ origin = "the minimum MTU of the interface";
+ if (link_ipv6_enabled(link)) {
+ /* IPv6 protocol requires a minimum MTU of IPV6_MTU_MIN(1280) bytes on the interface. Bump up
+ * MTU bytes to IPV6_MTU_MIN. */
+ if (min_mtu < IPV6_MIN_MTU) {
+ min_mtu = IPV6_MIN_MTU;
+ origin = "the minimum IPv6 MTU";
+ }
+ if (min_mtu < link->network->ipv6_mtu) {
+ min_mtu = link->network->ipv6_mtu;
+ origin = "the requested IPv6 MTU in IPv6MTUBytes=";
+ }
+ }
+
+ if (mtu < min_mtu) {
+ log_link_warning(link, "Bumping the requested MTU %"PRIu32" to %s (%"PRIu32")",
+ mtu, origin, min_mtu);
+ mtu = min_mtu;
+ }
+
+ max_mtu = link->max_mtu;
+ if (link->iftype == ARPHRD_CAN)
+ /* The maximum MTU may be changed when FD mode is changed.
+ * See https://docs.kernel.org/networking/can.html#can-fd-flexible-data-rate-driver-support
+ * MTU = 16 (CAN_MTU) => Classical CAN device
+ * MTU = 72 (CANFD_MTU) => CAN FD capable device
+ * So, even if the current maximum is 16, we should not reduce the requested value now. */
+ max_mtu = MAX(max_mtu, 72u);
+
+ if (mtu > max_mtu) {
+ log_link_warning(link, "Reducing the requested MTU %"PRIu32" to the interface's maximum MTU %"PRIu32".",
+ mtu, max_mtu);
+ mtu = max_mtu;
+ }
+
+ if (link->mtu == mtu)
+ return 0;
+
+ r = link_request_set_link(link, REQUEST_TYPE_SET_LINK_MTU,
+ link_set_mtu_handler,
+ &req);
+ if (r < 0)
+ return r;
+
+ req->userdata = UINT32_TO_PTR(mtu);
+ return 0;
+}
+
+static bool link_reduces_vlan_mtu(Link *link) {
+ /* See netif_reduces_vlan_mtu() in kernel. */
+ return streq_ptr(link->kind, "macsec");
+}
+
+static uint32_t link_get_requested_mtu_by_stacked_netdevs(Link *link) {
+ uint32_t mtu = 0;
+ NetDev *dev;
+
+ HASHMAP_FOREACH(dev, link->network->stacked_netdevs)
+ if (dev->kind == NETDEV_KIND_VLAN && dev->mtu > 0)
+ /* See vlan_dev_change_mtu() in kernel. */
+ mtu = MAX(mtu, link_reduces_vlan_mtu(link) ? dev->mtu + 4 : dev->mtu);
+
+ else if (dev->kind == NETDEV_KIND_MACVLAN && dev->mtu > mtu)
+ /* See macvlan_change_mtu() in kernel. */
+ mtu = dev->mtu;
+
+ return mtu;
+}
+
+int link_configure_mtu(Link *link) {
+ uint32_t mtu;
+
+ assert(link);
+ assert(link->network);
+
+ if (link->network->mtu > 0)
+ return link_request_to_set_mtu(link, link->network->mtu);
+
+ mtu = link_get_requested_mtu_by_stacked_netdevs(link);
+ if (link->mtu >= mtu)
+ return 0;
+
+ log_link_notice(link, "Bumping MTU bytes from %"PRIu32" to %"PRIu32" because of stacked device. "
+ "If it is not desired, then please explicitly specify MTUBytes= setting.",
+ link->mtu, mtu);
+
+ return link_request_to_set_mtu(link, mtu);
+}
+
+static int link_up_dsa_slave(Link *link) {
+ Link *master;
+ int r;
+
+ assert(link);
+
+ /* For older kernels (specifically, older than 9d5ef190e5615a7b63af89f88c4106a5bc127974, kernel-5.12),
+ * it is necessary to bring up a DSA slave that its master interface is already up. And bringing up
+ * the slave fails with -ENETDOWN. So, let's bring up the master even if it is not managed by us,
+ * and try to bring up the slave after the master becomes up. */
+
+ if (link->dsa_master_ifindex <= 0)
+ return 0;
+
+ if (!streq_ptr(link->driver, "dsa"))
+ return 0;
+
+ if (link_get_by_index(link->manager, link->dsa_master_ifindex, &master) < 0)
+ return 0;
+
+ if (master->state == LINK_STATE_UNMANAGED) {
+ /* If the DSA master interface is unmanaged, then it will never become up.
+ * Let's request to bring up the master. */
+ r = link_request_to_bring_up_or_down(master, /* up = */ true);
+ if (r < 0)
+ return r;
+ }
+
+ r = link_request_to_bring_up_or_down(link, /* up = */ true);
+ if (r < 0)
+ return r;
+
+ return 1;
+}
+
+static int link_up_or_down_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
+ bool on_activate, up;
+ int r;
+
+ assert(m);
+ assert(req);
+ assert(link);
+
+ on_activate = req->type == REQUEST_TYPE_ACTIVATE_LINK;
+ up = PTR_TO_INT(req->userdata);
+
+ r = sd_netlink_message_get_errno(m);
+ if (r == -ENETDOWN && up && link_up_dsa_slave(link) > 0)
+ log_link_message_debug_errno(link, m, r, "Could not bring up dsa slave, retrying again after dsa master becomes up");
+ else if (r < 0)
+ log_link_message_warning_errno(link, m, r, up ?
+ "Could not bring up interface, ignoring" :
+ "Could not bring down interface, ignoring");
+
+ r = link_call_getlink(link, get_link_update_flag_handler);
+ if (r < 0) {
+ link_enter_failed(link);
+ return 0;
+ }
+
+ link->set_flags_messages++;
+
+ if (on_activate) {
+ link->activated = true;
+ link_check_ready(link);
+ }
+
+ return 0;
+}
+
+static const char *up_or_down(bool up) {
+ return up ? "up" : "down";
+}
+
+static int link_up_or_down(Link *link, bool up, Request *req) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+ int r;
+
+ assert(link);
+ assert(link->manager);
+ assert(link->manager->rtnl);
+ assert(req);
+
+ log_link_debug(link, "Bringing link %s", up_or_down(up));
+
+ r = sd_rtnl_message_new_link(link->manager->rtnl, &m, RTM_SETLINK, link->ifindex);
+ if (r < 0)
+ return r;
+
+ r = sd_rtnl_message_link_set_flags(m, up ? IFF_UP : 0, IFF_UP);
+ if (r < 0)
+ return r;
+
+ return request_call_netlink_async(link->manager->rtnl, m, req);
+}
+
+static bool link_is_ready_to_activate_one(Link *link, bool allow_unmanaged) {
+ assert(link);
+
+ if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED, LINK_STATE_UNMANAGED))
+ return false;
+
+ if (!link->network)
+ return allow_unmanaged;
+
+ if (link->set_link_messages > 0)
+ return false;
+
+ return true;
+}
+
+ static bool link_is_ready_to_activate(Link *link, bool up) {
+ assert(link);
+
+ if (!check_ready_for_all_sr_iov_ports(link, /* allow_unmanaged = */ false,
+ link_is_ready_to_activate_one))
+ return false;
+
+ if (up && link_rfkilled(link) > 0)
+ return false;
+
+ return true;
+}
+
+static int link_process_activation(Request *req, Link *link, void *userdata) {
+ bool up = PTR_TO_INT(userdata);
+ int r;
+
+ assert(req);
+ assert(link);
+
+ if (!link_is_ready_to_activate(link, up))
+ return 0;
+
+ r = link_up_or_down(link, up, req);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Failed to activate link: %m");
+
+ return 1;
+}
+
+int link_request_to_activate(Link *link) {
+ bool up;
+ int r;
+
+ assert(link);
+ assert(link->network);
+
+ switch (link->network->activation_policy) {
+ case ACTIVATION_POLICY_BOUND:
+ r = link_handle_bound_to_list(link);
+ if (r < 0)
+ return r;
+ _fallthrough_;
+ case ACTIVATION_POLICY_MANUAL:
+ link->activated = true;
+ link_check_ready(link);
+ return 0;
+ case ACTIVATION_POLICY_UP:
+ case ACTIVATION_POLICY_ALWAYS_UP:
+ up = true;
+ break;
+ case ACTIVATION_POLICY_DOWN:
+ case ACTIVATION_POLICY_ALWAYS_DOWN:
+ up = false;
+ break;
+ default:
+ assert_not_reached();
+ }
+
+ link->activated = false;
+
+ r = link_queue_request_full(link, REQUEST_TYPE_ACTIVATE_LINK,
+ INT_TO_PTR(up), NULL, NULL, NULL,
+ link_process_activation,
+ &link->set_flags_messages,
+ link_up_or_down_handler, NULL);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Failed to request to activate link: %m");
+
+ log_link_debug(link, "Requested to activate link");
+ return 0;
+}
+
+static bool link_is_ready_to_bring_up_or_down(Link *link, bool up) {
+ assert(link);
+
+ if (up && link->dsa_master_ifindex > 0) {
+ Link *master;
+
+ /* The master interface must be up. See comments in link_up_dsa_slave(). */
+
+ if (link_get_by_index(link->manager, link->dsa_master_ifindex, &master) < 0)
+ return false;
+
+ if (!FLAGS_SET(master->flags, IFF_UP))
+ return false;
+ }
+
+ if (link->state == LINK_STATE_UNMANAGED)
+ return true;
+
+ if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED))
+ return false;
+
+ if (link->set_link_messages > 0)
+ return false;
+
+ if (!link->activated)
+ return false;
+
+ if (up && link_rfkilled(link) > 0)
+ return false;
+
+ return true;
+}
+
+static int link_process_up_or_down(Request *req, Link *link, void *userdata) {
+ bool up = PTR_TO_INT(userdata);
+ int r;
+
+ assert(req);
+ assert(link);
+
+ if (!link_is_ready_to_bring_up_or_down(link, up))
+ return 0;
+
+ r = link_up_or_down(link, up, req);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Failed to bring link %s: %m", up_or_down(up));
+
+ return 1;
+}
+
+int link_request_to_bring_up_or_down(Link *link, bool up) {
+ int r;
+
+ assert(link);
+
+ r = link_queue_request_full(link, REQUEST_TYPE_UP_DOWN,
+ INT_TO_PTR(up), NULL, NULL, NULL,
+ link_process_up_or_down,
+ &link->set_flags_messages,
+ link_up_or_down_handler, NULL);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Failed to request to bring link %s: %m",
+ up_or_down(up));
+
+ log_link_debug(link, "Requested to bring link %s", up_or_down(up));
+ return 0;
+}
+
+static int link_down_now_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
+ int r;
+
+ assert(m);
+ assert(link);
+ assert(link->set_flags_messages > 0);
+
+ link->set_flags_messages--;
+
+ if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
+ return 0;
+
+ r = sd_netlink_message_get_errno(m);
+ if (r < 0)
+ log_link_message_warning_errno(link, m, r, "Could not bring down interface, ignoring");
+
+ r = link_call_getlink(link, get_link_update_flag_handler);
+ if (r < 0) {
+ link_enter_failed(link);
+ return 0;
+ }
+
+ link->set_flags_messages++;
+ return 0;
+}
+
+int link_down_now(Link *link) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
+ int r;
+
+ assert(link);
+ assert(link->manager);
+ assert(link->manager->rtnl);
+
+ log_link_debug(link, "Bringing link down");
+
+ r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Could not allocate RTM_SETLINK message: %m");
+
+ r = sd_rtnl_message_link_set_flags(req, 0, IFF_UP);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Could not set link flags: %m");
+
+ r = netlink_call_async(link->manager->rtnl, NULL, req, link_down_now_handler,
+ link_netlink_destroy_callback, link);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Could not send rtnetlink message: %m");
+
+ link->set_flags_messages++;
+ link_ref(link);
+ return 0;
+}
+
+int link_down_slave_links(Link *link) {
+ Link *slave;
+ int r;
+
+ assert(link);
+
+ SET_FOREACH(slave, link->slaves) {
+ r = link_down_now(slave);
+ if (r < 0)
+ return r;
+ }
+
+ return 0;
+}
+
+static int link_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
+ int r;
+
+ assert(m);
+ assert(link);
+
+ if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
+ return 0;
+
+ r = sd_netlink_message_get_errno(m);
+ if (r < 0)
+ log_link_message_warning_errno(link, m, r, "Could not remove interface, ignoring");
+
+ return 0;
+}
+
+int link_remove(Link *link) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
+ int r;
+
+ assert(link);
+ assert(link->manager);
+ assert(link->manager->rtnl);
+
+ log_link_debug(link, "Removing link.");
+
+ r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_DELLINK, link->ifindex);
+ if (r < 0)
+ return log_link_debug_errno(link, r, "Could not allocate RTM_DELLINK message: %m");
+
+ r = netlink_call_async(link->manager->rtnl, NULL, req, link_remove_handler,
+ link_netlink_destroy_callback, link);
+ if (r < 0)
+ return log_link_debug_errno(link, r, "Could not send rtnetlink message: %m");
+
+ link_ref(link);
+
+ return 0;
+}