https-github-com-bit
diff --git a/‎man/systemd.network.xml‎
Lines changed: 64 additions & 52 deletions b/‎man/systemd.network.xml‎
Lines changed: 64 additions & 52 deletions
diff --git a/‎src/basic/in-addr-util.c‎
Lines changed: 92 additions & 31 deletions b/‎src/basic/in-addr-util.c‎
Lines changed: 92 additions & 31 deletions
diff --git a/‎src/basic/in-addr-util.h‎
Lines changed: 5 additions & 0 deletions b/‎src/basic/in-addr-util.h‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/network/meson.build‎
Lines changed: 2 additions & 0 deletions b/‎src/network/meson.build‎
Lines changed: 2 additions & 0 deletions
@@ -488,53 +488,6 @@ Gateway=0.0.0.0
 Table=1234</programlisting></para>
           </listitem>
         </varlistentry>
-        <varlistentry>
-          <term><varname>IPv6Token=</varname></term>
-          <listitem>
-            <para>Specifies an optional address generation mode for the Stateless Address
-            Autoconfiguration (SLAAC). Supported modes are <literal>prefixstable</literal> and
-            <literal>static</literal>.</para>
-
-            <para>When the mode is set to <literal>static</literal>, an IPv6 address must be
-            specified after a colon (<literal>:</literal>), and the lower bits of the supplied
-            address are combined with the upper bits of a prefix received in a Router Advertisement
-            (RA) message to form a complete address. Note that if multiple prefixes are received in an
-            RA message, or in multiple RA messages, addresses will be formed from each of them using
-            the supplied address. This mode implements SLAAC but uses a static interface identifier
-            instead of an identifier generated by using the EUI-64 algorithm. Because the interface
-            identifier is static, if Duplicate Address Detection detects that the computed address is a
-            duplicate (in use by another node on the link), then this mode will fail to provide an
-            address for that prefix. If an IPv6 address without mode is specified, then
-            <literal>static</literal> mode is assumed.</para>
-
-            <para>When the mode is set to <literal>prefixstable</literal> the
-            <ulink url="https://tools.ietf.org/html/rfc7217">RFC 7217</ulink> algorithm for generating
-            interface identifiers will be used. This mode can optionally take an IPv6 address separated
-            with a colon (<literal>:</literal>). If an IPv6 address is specified, then an interface
-            identifier is generated only when a prefix received in an RA message matches the supplied
-            address.</para>
-
-            <para>If no address generation mode is specified (which is the default), or a received
-            prefix does not match any of the addresses provided in <literal>prefixstable</literal>
-            mode, then the EUI-64 algorithm will be used to form an interface identifier for that
-            prefix. This mode is also SLAAC, but with a potentially stable interface identifier which
-            does not directly map to the interface's hardware address.</para>
-
-            <para>Note that the <literal>prefixstable</literal> algorithm uses both the interface
-            name and MAC address as input to the hash to compute the interface identifier, so if either
-            of those are changed the resulting interface identifier (and address) will change, even if
-            the prefix received in the RA message has not changed.</para>
-
-            <para>This setting can be specified multiple times. If an empty string is assigned, then
-            the all previous assignments are cleared.</para>
-
-            <para>Examples:
-            <programlisting>IPv6Token=::1a:2b:3c:4d
-IPv6Token=static:::1a:2b:3c:4d
-IPv6Token=prefixstable
-IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
-          </listitem>
-        </varlistentry>
         <varlistentry>
           <term><varname>LLMNR=</varname></term>
           <listitem>
@@ -2205,11 +2158,9 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
         <term><varname>Token=</varname></term>
         <listitem>
           <para>Specifies an optional address generation mode for assigning an address in each
-          delegated prefix. Takes an IPv6 address. When set, the lower bits of the supplied address is
-          combined with the upper bits of each delegatad prefix received from the WAN interface by the
-          DHCPv6 Prefix Delegation to form a complete address. When <varname>Assign=</varname> is
-          disabled, this setting is ignored. When unset, the EUI-64 algorithm will be used to form
-          addresses. Defaults to unset.</para>
+          delegated prefix. This accepts the same syntax as <varname>Token=</varname> in the
+          [IPv6AcceptRA] section. If <varname>Assign=</varname> is set to false, then this setting will
+          be ignored. Defaults to unset, which means the EUI-64 algorithm will be used.</para>
         </listitem>
       </varlistentry>
 
@@ -2236,6 +2187,57 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
       with the <varname>IPv6AcceptRA=</varname> setting described above:</para>
 
       <variablelist class='network-directives'>
+        <varlistentry>
+          <term><varname>Token=</varname></term>
+          <listitem>
+            <para>Specifies an optional address generation mode for the Stateless Address
+            Autoconfiguration (SLAAC). Supported modes are <literal>eui64</literal>,
+            <literal>static</literal>, and <literal>prefixstable</literal>.</para>
+
+            <para>When the mode is set to <literal>eui64</literal>, then the EUI-64 algorithm will be
+            used to generate an address for that prefix.</para>
+
+            <para>When the mode is set to <literal>static</literal>, an IPv6 address must be
+            specified after a colon (<literal>:</literal>), and the lower bits of the supplied
+            address are combined with the upper bits of a prefix received in a Router Advertisement
+            (RA) message to form a complete address. Note that if multiple prefixes are received in an
+            RA message, or in multiple RA messages, addresses will be formed from each of them using
+            the supplied address. This mode implements SLAAC but uses a static interface identifier
+            instead of an identifier generated by using the EUI-64 algorithm. Because the interface
+            identifier is static, if Duplicate Address Detection detects that the computed address is a
+            duplicate (in use by another node on the link), then this mode will fail to provide an
+            address for that prefix. If an IPv6 address without mode is specified, then
+            <literal>static</literal> mode is assumed.</para>
+
+            <para>When the mode is set to <literal>prefixstable</literal> the
+            <ulink url="https://tools.ietf.org/html/rfc7217">RFC 7217</ulink> algorithm for generating
+            interface identifiers will be used. This mode can optionally take an IPv6 address separated
+            with a colon (<literal>:</literal>). If an IPv6 address is specified, then an interface
+            identifier is generated only when a prefix received in an RA message matches the supplied
+            address.</para>
+
+            <para>If no address generation mode is specified (which is the default), or a received
+            prefix does not match any of the addresses provided in <literal>prefixstable</literal>
+            mode, then the EUI-64 algorithm will be used to form an interface identifier for that
+            prefix.</para>
+
+            <para>Note that the <literal>prefixstable</literal> algorithm uses both the interface
+            name and MAC address as input to the hash to compute the interface identifier, so if either
+            of those are changed the resulting interface identifier (and address) will be changed, even
+            if the prefix received in the RA message has not been changed.</para>
+
+            <para>This setting can be specified multiple times. If an empty string is assigned, then
+            the all previous assignments are cleared.</para>
+
+            <para>Examples:
+            <programlisting>Token=eui64
+Token=::1a:2b:3c:4d
+Token=static:::1a:2b:3c:4d
+Token=prefixstable
+Token=prefixstable:2002:da8:1::</programlisting></para>
+          </listitem>
+        </varlistentry>
+
         <varlistentry>
           <term><varname>UseDNS=</varname></term>
           <listitem>
@@ -2727,6 +2729,16 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
         </para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>Token=</varname></term>
+        <listitem>
+          <para>Specifies an optional address generation mode for assigning an address in each
+          prefix. This accepts the same syntax as <varname>Token=</varname> in the [IPv6AcceptRA]
+          section. If <varname>Assign=</varname> is set to false, then this setting will be ignored.
+          Defaults to unset, which means the EUI-64 algorithm will be used.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><varname>RouteMetric=</varname></term>
         <listitem>
 
@@ -621,64 +621,119 @@ int in4_addr_default_subnet_mask(const struct in_addr *addr, struct in_addr *mas
         return 0;
 }
 
-int in_addr_mask(int family, union in_addr_union *addr, unsigned char prefixlen) {
+int in4_addr_mask(struct in_addr *addr, unsigned char prefixlen) {
+        struct in_addr mask;
+
         assert(addr);
 
-        if (family == AF_INET) {
-                struct in_addr mask;
+        if (!in4_addr_prefixlen_to_netmask(&mask, prefixlen))
+                return -EINVAL;
 
-                if (!in4_addr_prefixlen_to_netmask(&mask, prefixlen))
-                        return -EINVAL;
+        addr->s_addr &= mask.s_addr;
+        return 0;
+}
 
-                addr->in.s_addr &= mask.s_addr;
-                return 0;
-        }
+int in6_addr_mask(struct in6_addr *addr, unsigned char prefixlen) {
+        unsigned i;
 
-        if (family == AF_INET6) {
-                unsigned i;
+        for (i = 0; i < 16; i++) {
+                uint8_t mask;
 
-                for (i = 0; i < 16; i++) {
-                        uint8_t mask;
+                if (prefixlen >= 8) {
+                        mask = 0xFF;
+                        prefixlen -= 8;
+                } else if (prefixlen > 0) {
+                        mask = 0xFF << (8 - prefixlen);
+                        prefixlen = 0;
+                } else {
+                        assert(prefixlen == 0);
+                        mask = 0;
+                }
 
-                        if (prefixlen >= 8) {
-                                mask = 0xFF;
-                                prefixlen -= 8;
-                        } else {
-                                mask = 0xFF << (8 - prefixlen);
-                                prefixlen = 0;
-                        }
+                addr->s6_addr[i] &= mask;
+        }
 
-                        addr->in6.s6_addr[i] &= mask;
-                }
+        return 0;
+}
 
-                return 0;
+int in_addr_mask(int family, union in_addr_union *addr, unsigned char prefixlen) {
+        assert(addr);
+
+        switch (family) {
+        case AF_INET:
+                return in4_addr_mask(&addr->in, prefixlen);
+        case AF_INET6:
+                return in6_addr_mask(&addr->in6, prefixlen);
+        default:
+                return -EAFNOSUPPORT;
         }
+}
 
-        return -EAFNOSUPPORT;
+int in4_addr_prefix_covers(
+                const struct in_addr *prefix,
+                unsigned char prefixlen,
+                const struct in_addr *address) {
+
+        struct in_addr masked_prefix, masked_address;
+        int r;
+
+        assert(prefix);
+        assert(address);
+
+        masked_prefix = *prefix;
+        r = in4_addr_mask(&masked_prefix, prefixlen);
+        if (r < 0)
+                return r;
+
+        masked_address = *address;
+        r = in4_addr_mask(&masked_address, prefixlen);
+        if (r < 0)
+                return r;
+
+        return in4_addr_equal(&masked_prefix, &masked_address);
 }
 
-int in_addr_prefix_covers(int family,
-                          const union in_addr_union *prefix,
-                          unsigned char prefixlen,
-                          const union in_addr_union *address) {
+int in6_addr_prefix_covers(
+                const struct in6_addr *prefix,
+                unsigned char prefixlen,
+                const struct in6_addr *address) {
 
-        union in_addr_union masked_prefix, masked_address;
+        struct in6_addr masked_prefix, masked_address;
         int r;
 
         assert(prefix);
         assert(address);
 
         masked_prefix = *prefix;
-        r = in_addr_mask(family, &masked_prefix, prefixlen);
+        r = in6_addr_mask(&masked_prefix, prefixlen);
         if (r < 0)
                 return r;
 
         masked_address = *address;
-        r = in_addr_mask(family, &masked_address, prefixlen);
+        r = in6_addr_mask(&masked_address, prefixlen);
         if (r < 0)
                 return r;
 
-        return in_addr_equal(family, &masked_prefix, &masked_address);
+        return in6_addr_equal(&masked_prefix, &masked_address);
+}
+
+int in_addr_prefix_covers(
+                int family,
+                const union in_addr_union *prefix,
+                unsigned char prefixlen,
+                const union in_addr_union *address) {
+
+        assert(prefix);
+        assert(address);
+
+        switch (family) {
+        case AF_INET:
+                return in4_addr_prefix_covers(&prefix->in, prefixlen, &address->in);
+        case AF_INET6:
+                return in6_addr_prefix_covers(&prefix->in6, prefixlen, &address->in6);
+        default:
+                return -EAFNOSUPPORT;
+        }
 }
 
 int in_addr_parse_prefixlen(int family, const char *p, unsigned char *ret) {
@@ -846,3 +901,9 @@ int in6_addr_compare_func(const struct in6_addr *a, const struct in6_addr *b) {
 }
 
 DEFINE_HASH_OPS(in6_addr_hash_ops, struct in6_addr, in6_addr_hash_func, in6_addr_compare_func);
+DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(
+        in6_addr_hash_ops_free,
+        struct in6_addr,
+        in6_addr_hash_func,
+        in6_addr_compare_func,
+        free);
@@ -89,7 +89,11 @@ unsigned char in4_addr_netmask_to_prefixlen(const struct in_addr *addr);
 struct in_addr* in4_addr_prefixlen_to_netmask(struct in_addr *addr, unsigned char prefixlen);
 int in4_addr_default_prefixlen(const struct in_addr *addr, unsigned char *prefixlen);
 int in4_addr_default_subnet_mask(const struct in_addr *addr, struct in_addr *mask);
+int in4_addr_mask(struct in_addr *addr, unsigned char prefixlen);
+int in6_addr_mask(struct in6_addr *addr, unsigned char prefixlen);
 int in_addr_mask(int family, union in_addr_union *addr, unsigned char prefixlen);
+int in4_addr_prefix_covers(const struct in_addr *prefix, unsigned char prefixlen, const struct in_addr *address);
+int in6_addr_prefix_covers(const struct in6_addr *prefix, unsigned char prefixlen, const struct in6_addr *address);
 int in_addr_prefix_covers(int family, const union in_addr_union *prefix, unsigned char prefixlen, const union in_addr_union *address);
 int in_addr_parse_prefixlen(int family, const char *p, unsigned char *ret);
 int in_addr_prefix_from_string(const char *p, int family, union in_addr_union *ret_prefix, unsigned char *ret_prefixlen);
@@ -119,6 +123,7 @@ int in6_addr_compare_func(const struct in6_addr *a, const struct in6_addr *b);
 
 extern const struct hash_ops in_addr_data_hash_ops;
 extern const struct hash_ops in6_addr_hash_ops;
+extern const struct hash_ops in6_addr_hash_ops_free;
 
 #define IPV4_ADDRESS_FMT_STR     "%u.%u.%u.%u"
 #define IPV4_ADDRESS_FMT_VAL(address)              \
 
@@ -51,6 +51,8 @@ sources = files('''
         netdev/macsec.h
         netdev/xfrm.c
         netdev/xfrm.h
+        networkd-address-generation.c
+        networkd-address-generation.h
         networkd-address-label.c
         networkd-address-label.h
         networkd-address-pool.c