[systemd-devel] Getting delegated IPv6 prefix from systemd-networkd

[Topi Miettinen]

On 22.10.2022 15.55, Ian Pilcher wrote:
> On 10/19/22 17:05, Ian Pilcher wrote:
>> I've managed to get systemd-networkd to request and IPv6 prefix from my
>> ISP, and I can see it the journal.  Now I need to programmatically
>> retrieve it, so that my home-grown scripts can set up the various
>> routes, address, firewall rules, etc.
>>
>> (I know that systemd-networkd can allocate subnets from the delegated
>> prefix to local interfaces, but that's not what I need to do in this
>> case.)
>>
>> Is there an API of some sort that my scripts can use?  A file that I can
>> monitor/parse?  A command that I can run?
>>
>> My searches thus far are coming up disturbingly empty ...
>>
> 
> Anyone?
> 

For firewall integration, perhaps PR #24570 (once merged) could be 
useful for you. Then the assigned prefix can be used in NFTables rules 
with NFT sets.

This is better than using networkd-dispatcher or NetworkManager scripts, 
since the sets will be updated immediately by networkd when the 
addresses are available, but of course it can't cover all possible cases 
where scripts could be used.

myif.network:
[DHCPPrefixDelegation]
NFTSet=inet:myfilter:myif_ipv6_address

nftables.conf:
table inet myfilter {
         set myif_ipv6_address {
                 type ipv6_addr
                 flags interval
         }

         chain myservice_input {
                 ip saddr @myif_ipv6_address accept
                 drop
         }
}

-Topi